Business Process-Based Legitimacy of Data Access Framework for Enterprise Information Systems Protection

Hind Benfenatki 1 Frédérique Biennier 1
1 SOC - Service Oriented Computing
LIRIS - Laboratoire d'InfoRmatique en Image et Systèmes d'information
Abstract : Nowadays European context is introducing a new directive for data protection, which imposes new constraints to business owners which manipulate personal data. Among imposed constraints, we find that while a disclosure occurs on user’s personal data, the burden of proof is now in the charge of business owners. In this context, data access has to be managed according to what is mentioned in Terms of Service and logged in a way to prove the occurrence of a disclosure or not. This work, part of Personal Information Controller Service project proposes a data-driven privacy control system, based on Collaborative Usage Control (CUCON), allows organizations to manage the access authorizations they provide to stakeholders. The proposed system intervenes in two contexts, which are ad-hoc business processes and while using big data techniques. In fact, new data usage introduces changes in usage-based models since used systems are usually distributed and involving several organizations which can have different definitions for a given role. This framework manages the consistency between already allowed data access rights and potential given rights to a given business stakeholder according to business process’s activity affected to him/her. It also warns when a conflict occurs and when the aggregation of the rights granted to a given stakeholder lead to having rights to a sensitive data.
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-01878879
Contributor : Hind Benfenatki <>
Submitted on : Friday, December 21, 2018 - 2:22:58 PM
Last modification on : Wednesday, April 3, 2019 - 1:11:15 AM
Long-term archiving on : Friday, March 22, 2019 - 5:11:34 PM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2021-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Hind Benfenatki, Frédérique Biennier. Business Process-Based Legitimacy of Data Access Framework for Enterprise Information Systems Protection. 12th International Conference on Research and Practical Issues of Enterprise Information Systems (CONFENIS), Sep 2018, Poznan, Poland. pp.146-160, ⟨10.1007/978-3-319-99040-8_12⟩. ⟨hal-01878879⟩

Share

Metrics

Record views

247