Enforcement of privacy requirements

Date of this Version


Document Type

Journal Article

Publication Details

Citation only

Krishnan, P., & Vorobyov, K. (2013). Enforcement of privacy requirements. IFIP Advances in Information Technology and Communication Technology, 405, 272-285.

Access the journal

2013 HERDC submission. FoR code: 080309; 080303; 080608

© Copyright, IFIP International Federation for Information Processing, 2013




Enterprises collect and use private information for various purposes. Access control can limit who can obtain such data. However, the purpose of their use is not clear. In this paper we focus on the purpose of data access and demonstrate that dynamic role-based access control (RBAC) mechanism is not sufficient for enforcement of privacy requirements. To achieve this we extend RBAC with monitoring capability and describe a formal approach to determining whether access control policies actually implement privacy requirements based on the behaviour of the system. We demonstrate the advantages of our approach using various examples and describe the prototype implementation of our technique.

This document is currently not available here.



This document has been peer reviewed.