Abstract
Manual compliance audits of information systems tend to be time consuming. This leads to the problem that actual systems are not audited properly and do not comply to data protection laws or cannot be proven to comply. As a result, personal data of the data subject are potentially threatened with loss and misuse. Automatic compliance control is able to reduce the effort of compliance checks. However, current approaches are facing several drawbacks, e.g. the effort of employing cryptographic hardware on every single subsystem. In this paper a system design is presented that is able to circumvent several drawbacks of existing solutions thereby supporting and going beyond existing mechanisms for automated compliance control.
We’re sorry, something doesn't seem to be working properly.
Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.
We’re sorry, something doesn't seem to be working properly.
Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Accorsi, R.: Automated Privacy Audits to Complement the Notion of Control for Identity Management. In: Policies and Research in Identity Management, vol. 261, pp. 39–48. Springer, Boston (2008)
Ashri, R., Payne, T., Marvin, D., Surridge, M., Taylor, S.: To-wards a Semantic Web Security Infrastructure. In: AAAI Spring Symposium on Semantic Web Services. Stanford Univ., Stanford (2004)
Cederquist, J.G., et al.: Audit-based compliance control. International Journal of Information Security 6, 133–151 (2007)
Dijkstra, Edsger, W.: On the role of scientific thought. In: Dijkstra, Edsger, W. (eds.) Selected Writings on Computing: A Personal Perspective, pp. 60–66. Springer, New York (1982)
emSCB Project: Towards Trustworthy Systems with Open Standards and Trusted Computing, http://www.emscb.de (accessed 01.07.2010)
Etalle, S., Winsborough, W.H.: A posteriori compliance control. In: SACMAT 2007: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pp. 11–20. ACM, New York (2007)
Gruschka, N., Herkenhöner, R., Luttenberger, N.: WS-SecurityPolicy Decision and Enforcement for Web Service Firewalls. In: Proceeding IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation, Tübingen, Germany, pp. 19–25 (2006)
Höhn, S., Jürjens, J.: Rubacon: automated support for model-based compliance engineering. In: ICSE 2008: Proceedings of the 30th International Conference on Software Engineering, vol. 878. ACM, New York (2008)
Herkenhoener, R., Jensen, M., Poehls, H., De Meer, H.: Towards Automated Processing of the Right of Access in Inter-Organizational Web Service Compositions. In: Proc. of the IEEE 2010 Int’l Workshop on Web Service and Business Process Security, WSBPS 2010 (2010)
Hevner, A.R., March, S.T., Park, J.: Design Science in Information Systems Research. MIS Quarterly 28(1), 75–105 (2004)
Scott, D., Sharp, R.: Abstracting application-level web security. In: Proceedings of the 11th International Conference on World Wide Web, Honolulu, Hawaii, USA, pp. 396–407 (2002)
Sandhu, R., Samarati, P.: Access control: Principles and practice. IEEE Communications Magazine 32(9), 40–48 (1994)
Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Transactions on Information and System Security 7, 128–174 (2004)
Povey, D.: Optimistic security: a new access control paradigm. In: NSPW 1999: Proceedings of the 1999 Workshop on New Security Paradigms, pp. 40–45. ACM, New York (2000)
Trusted Computing Group: TPM main specification. Main Specification Version 1.2 rev. 85. Trusted Computing Group (2005)
Uszok, A., Bradshaw, J.M., Jeffers, R., Tate, A., Dalton, J.: Applying KAoS Services to Ensure Policy Compliance for Semantic Web Services Workflow Composition and Enactment. In: McIlraith, S.A., Plexousakis, D., van Harmelen, F. (eds.) ISWC 2004. LNCS, vol. 3298, pp. 425–440. Springer, Heidelberg (2004)
Varian, H.R.: Economic Aspects of Personal Privacy. Internet Policy and Economics, Part 4, 101–109 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Haas, S., Herkenhöner, R., Royer, D., Alkassar, A., de Meer, H., Müller, G. (2011). Supporting Semi-automated Compliance Control by a System Design Based on the Concept of Separation of Concerns. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2010. IFIP Advances in Information and Communication Technology, vol 352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20769-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-20769-3_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20768-6
Online ISBN: 978-3-642-20769-3
eBook Packages: Computer ScienceComputer Science (R0)