XACML Policy Evaluation With Dynamic Context Handling ( Extended Abstract )

In collaborative service-based health data sharing environments, participating services may host different sets of data about the same individuals, identified by some common properties. Each organization in such environments (e.g., testing labs, research institutes, etc.) manages it’s data access and usage through a specialized Web service end point through which users can submit queries. For instance, the Bio2RDF project incorporates data from several ontologies (e.g., NCBIGene,PharmKGB, DrugBank, CDT, and GeneCDS) using RDF (as a universal healthcare exchange language). Each repository defines an ontology (in OWL format) of all the concepts that can be searched for in a user’s query. OWL defines classes as a generic concept of individuals (e.g., Patient) and data type properties to link individuals of those classes to their data values (e.g., hasDisease). PharmGKB repository, for example, can be identified by the set of data type properties (drug, disease, gene, etc.) defined on the set of classes (Dosage, Drug, DrugGeneAssociations, etc.). To query instances in those repositories, a user submit different queries through SPARQL endpoints dedicated for each service. In each query, he can can ask for different data type properties by which those instances are identified. Several privacy issues may arise in such environments. First, transforming such data sets into semantic data makes data linkage easier and machine processable. Second, dynamic composition of different data items (retrieved through participating Web services) may be misused by adversaries to reveal sensitive information, which was not deemed as such by the data owner at the time of data collection. For instance, a Clinical service may store the data items (Age, Gender,..., patientStatus), a Genomic service may store (Age, Gender, ...,Gene, SNP) ), and a Demographic service may store (Age, Gender, ..., Employer, Address). Atomically, these data items may not reveal personally identifiable information, but linking those items may lead to unintended breach of privacy. Thus, the patient’s consent that is statically defined in a privacy policy may not be enough for data disclosure. These issues call for a privacy management solution that is, dynamic, contextsensitive, and semantic-based. Several researchers have provided enhancements to the performance of XACML PEP, such as efficiency, scalability, and adaptation [1], [2], [3], [4], [5], but few works provided enhancements to the PEP accuracy by enhancing the context handler. This work focus on enhancing the XACML PEP component accuracy by adding dynamic context handling. Few researchers have looked into dynamic policy evaluation as opposed to static policies [6]. Others have proposed context-aware privacy management systems [7], [8], [9], [10]. Our work is different from previous approaches for dynamic privacy management in that it does not dynamically update the original policy definitions, but implicitly incorporate context into rule evaluation. They also regulate rather than prevent the data access.