Enforcement of privacy requirements

Enterprises collect and use private information for various purposes. Access control can limit who can obtain such data, however, the purpose of their use is not clear. In this paper we focus on the purpose of data access and demonstrate that dynamic role-based access control (RBAC) is not sufficient for enforcement of privacy requirements. We extend RBAC with monitoring capability and describe a formal approach to determining whether access control policies actually implement privacy requirements based on the behaviour of the system. We show how access control fails to detect privacy violations and use small examples to demonstrate how our technique is used to solve such issues. We also describe a prototype implementation of our technique and present two case studies that demonstrate the applicability of our approach in practice.