A summery of this paper is posted in the blog (under the "Work done" section). but in general i like the idea they proposed of how to solve the problem of privacy, and i believe that the same idea can be used to solve other security requirements such as integrity.
The idea was based on 4 main points: adding the subject, Auxiliary data, work allocation, and data patterns.
but it all comes to what is represented in this diagram:
As it is clear (without going in to details) that every subject has it is own sittings and authorization requirements, so before processing any subject through the workflow, the system will make sure that the privacy requirements are satisfied.
i personally believe that the same idea can be used to satisfy other security requirements such as "integrity"; for example we can add a field in the records to show the owner of the subject, and then another field show last modification, and by whom it was done.
so even if a person is allowed to see the subject information (satisfying privacy requirement) he might not be allowed to modify the information.
this idea will be explored more in the future.
No comments:
Post a Comment