Automating Privacy Compliance Using Policy Integrated Blockchain

Thumbnail Image

Files

cryptography-03-00007-v2.pdf (5.05 MB)

Links to Files

https://www.mdpi.com/2410-387X/3/1/7

Permanent Link

https://doi.org/10.3390/cryptography3010007
 http://hdl.handle.net/11603/12881

Collections

UMBC Information Systems Department
UMBC Computer Science and Electrical Engineering Department
UMBC Faculty Collection

Author/Creator

Author/Creator ORCID

Date

2019-02-05

Type of Work

journal articles
Text

Department

Program

Citation of Original Publication

Karuna Pande Joshi, Agniva Banerjee, Automating Privacy Compliance Using Policy Integrated Blockchain, Cryptography 2019, 3(1), 7, https://doi.org/10.3390/cryptography3010007

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Attribution 4.0 International (CC BY 4.0)

Subjects

blockchain
big data
semantic web
privacy policy
ontology
knowledge graph
data compliance
UMBC Ebiquity Research Group

Abstract

An essential requirement of any information management system is to protect data and resources against breach or improper modifications, while at the same time ensuring data access to legitimate users. Systems handling personal data are mandated to track its flow to comply with data protection regulations. We have built a novel framework that integrates semantically rich data privacy knowledge graph with Hyperledger Fabric blockchain technology, to develop an automated access-control and audit mechanism that enforces users’ data privacy policies while sharing their data with third parties. Our blockchain based data-sharing solution addresses two of the most critical challenges: transaction verification and permissioned data obfuscation. Our solution ensures accountability for data sharing in the cloud by incorporating a secure and efficient system for End-to-End provenance. In this paper, we describe this framework along with the comprehensive semantically rich knowledge graph that we have developed to capture rules embedded in data privacy policy documents. Our framework can be used by organizations to automate compliance of their Cloud datasets.