Business Process-Based Legitimacy of Data Access Framework for Enterprise Information Systems Protection - Research and Practical Issues of Enterprise Information Systems
Conference Papers Year : 2018

Business Process-Based Legitimacy of Data Access Framework for Enterprise Information Systems Protection

Hind Benfenatki
Frédérique Biennier

Abstract

Nowadays European context is introducing a new directive for data protection, which imposes new constraints to business owners which manipulate personal data. Among imposed constraints, we find that while a disclosure occurs on user’s personal data, the burden of proof is now in the charge of business owners. In this context, data access has to be managed according to what is mentioned in Terms of Service and logged in a way to prove the occurrence of a disclosure or not. This work, part of Personal Information Controller Service project proposes a data-driven privacy control system, based on Collaborative Usage Control (CUCON), allows organizations to manage the access authorizations they provide to stakeholders. The proposed system intervenes in two contexts, which are ad-hoc business processes and while using big data techniques. In fact, new data usage introduces changes in usage-based models since used systems are usually distributed and involving several organizations which can have different definitions for a given role. This framework manages the consistency between already allowed data access rights and potential given rights to a given business stakeholder according to business process’s activity affected to him/her. It also warns when a conflict occurs and when the aggregation of the rights granted to a given stakeholder lead to having rights to a sensitive data.
Fichier principal
Vignette du fichier
472384_1_En_12_Chapter.pdf (646.01 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01878879 , version 1 (21-12-2018)

Licence

Identifiers

Cite

Hind Benfenatki, Frédérique Biennier. Business Process-Based Legitimacy of Data Access Framework for Enterprise Information Systems Protection. 12th International Conference on Research and Practical Issues of Enterprise Information Systems (CONFENIS), Sep 2018, Poznan, Poland. pp.146-160, ⟨10.1007/978-3-319-99040-8_12⟩. ⟨hal-01878879⟩
440 View
189 Download

Altmetric

Share

More