Business Process-Based Legitimacy of Data Access Framework for Enterprise Information Systems Protection
Fiche du document
18 septembre 2018
- handle: 10670/1.tgh6nt
- hal: hal-01878879
- doi: 10.1007/978-3-319-99040-8_12
Ce document est lié à :
info:eu-repo/semantics/altIdentifier/doi/10.1007/978-3-319-99040-8_12
http://creativecommons.org/licenses/by/ , info:eu-repo/semantics/OpenAccess
Mots-clés
General Data Protection Regulation Ad-hoc busi-ness process Usage-Based Access Control Legitimacy of data access Big Data analytics Ad-hoc business processSujets proches
TradeCiter ce document
Hind Benfenatki et al., « Business Process-Based Legitimacy of Data Access Framework for Enterprise Information Systems Protection », HAL-SHS : sciences de l'information, de la communication et des bibliothèques, ID : 10.1007/978-3-319-99040-8_12
Métriques
Partage / Export
Résumé
Nowadays European context is introducing a new directive for data protection, which imposes new constraints to business owners which manipulate personal data. Among imposed constraints, we find that while a disclosure occurs on user’s personal data, the burden of proof is now in the charge of business owners. In this context, data access has to be managed according to what is mentioned in Terms of Service and logged in a way to prove the occurrence of a disclosure or not. This work, part of Personal Information Controller Service project proposes a data-driven privacy control system, based on Collaborative Usage Control (CUCON), allows organizations to manage the access authorizations they provide to stakeholders. The proposed system intervenes in two contexts, which are ad-hoc business processes and while using big data techniques. In fact, new data usage introduces changes in usage-based models since used systems are usually distributed and involving several organizations which can have different definitions for a given role. This framework manages the consistency between already allowed data access rights and potential given rights to a given business stakeholder according to business process’s activity affected to him/her. It also warns when a conflict occurs and when the aggregation of the rights granted to a given stakeholder lead to having rights to a sensitive data.