Protecting privacy means to ensure users that access to their personal data complies with their preferences. However, information can be manipulated in order to derive new objects that may disclose part of the original information. Therefore, control of information flow is necessary for guaranteeing privacy protection since users should know and control not only who access their personal data, but also who access information derived from their data. Actually, current approaches for access control do not provide support for managing propagation of information and for representing user preferences.This paper proposes to extend the Flexible Authorization Framework (FAF) in order to automatically verify whether a subject is entitled to process personal data and derive the authorizations associated with the outcome of data processing. In order to control information flow, users may specify the range of authorizations that can be associated with objects derived from their data. The framework guarantees that every "valid" derived object does not disclose more information than users want and preserves the permissions that users want to maintain. To make the discussion more concrete, we illustrate the proposal with a bank case study.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Privacy Act of 1974. 5 USC, Section 552A. Available at http://www.usdoj.gov/foia/privstat.htm "Privacy of Consumer Financial Information; Final Rule." 16 CFR Part 313. Federal Register 65, No. 101.
	2	Nabil R. Adam , John C. Worthmann, Security-control methods for statistical databases: a comparative study, ACM Computing Surveys (CSUR), v.21 n.4, p.515-556, Dec. 1989  [doi>10.1145/76894.76895]
	3	R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Hippocratic Databases. In Proc. of VLDB'02, pages 143--154. Morgan Kaufmann, 2002.
	4	M. Backes, B. Pfitzmann, and M. Schunter. A Toolkit for Managing Enterprise Privacy Policies. In Proc. of ESORICS'03, LNCS 2808, pages 162--180. Springer, 2003.
	5	Cassandra: Distributed Access Control Policies with Tunable Expressiveness, Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'04), p.159, June 07-09, 2004
	6	David L. Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms, Communications of the ACM, v.24 n.2, p.84-90, Feb. 1981  [doi>10.1145/358549.358563]
	7	Stephen Chong , Andrew C. Myers, Security policies for downgrading, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA  [doi>10.1145/1030083.1030110]
	8	L. Cranor, M. Langheinrich, M. Marchiori, and J. Reagle. The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. W3C Recommendation, Apr. 2002.
	9	Nicodemos Damianou , Naranker Dulay , Emil Lupu , Morris Sloman, The Ponder Policy Specification Language, Proceedings of the International Workshop on Policies for Distributed Systems and Networks, p.18-38, January 29-31, 2001
	10	E. Ferrari , P. Samarati , E. Bertino , S. Jajodia, Providing flexibility in information flow control for object oriented systems, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.130, May 04-07, 1997
	11	Eric Freudenthal , Tracy Pesin , Lawrence Port , Edward Keenan , Vijay Karamcheti, dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments, Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02), p.411, July 02-05, 2002
	12	Sushil Jajodia , Pierangela Samarati , Maria Luisa Sapino , V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems (TODS), v.26 n.2, p.214-260, June 2001  [doi>10.1145/383891.383894]
	13	G. Karjoth, M. Schunter, and M. Waidner. Platform for Enterprise Privacy Practices: Privacy-enabled Management of Customer Data. In Proc. of PET'02, LNCS 2482, pages 69--84. Springer, 2002.
	14	N. Leone, G. Pfeifer, W. Faber, T. Eiter, G. Gottlob, S. Perri, and F. Scarcello. The DLV System for Knowledge Representation and Reasoning. TOCL, 2005. To appear.
	15	K. Marriott and P. J. Stuckey. Programming with constraints: an introduction. MIT Press, 1998.
	16	C. D. McCollum, J. R. Messing, and L. Notargiacomo. Beyond the pale of MAC and DAC-defining new forms of access control. In Proc. of Symp. on Sec. and Privacy, pages 190--200. IEEE Press, 1990.
	17	A. Sabelfeld and A. C. Myers. Language-Based Information-Flow Security. IEEE J. on Selected Areas in Comm., 21(1):5--19, 2003.
	18	Pierangela Samarati , Elisa Bertino , Alessandro Ciampichetti , Sushil Jajodia, Information Flow Control in Object-Oriented Systems, IEEE Transactions on Knowledge and Data Engineering, v.9 n.4, p.524-538, July 1997  [doi>10.1109/69.617048 ]
	19	Pierangela Samarati , Sabrina De Capitani di Vimercati, Access Control: Policies, Models, and Mechanisms, Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures, p.137-196, September 01, 2000
	20	Ravi Sandhu , Pierangela Samarati, Authentication, access control, and audit, ACM Computing Surveys (CSUR), v.28 n.1, p.241-243, March 1996  [doi>10.1145/234313.234412]
	21	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845 ]
	22	K. Seamons, M. Winslett, and T. Yu. Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation. In Proc. of NDSS'01, pages 109--125. IEEE Press, 2001.
	23	K. E. Seamons, M. Winslett, T. Yu, L. Yu, and R. Jarvis. Protecting Privacy during On-line Trust Negotiation. In Proc. of PET'02, LNCS 2482, pages 129--143. Springer, 2002.
	24	A. Stoughton. Access flow: A protection model which integrates access control and information flow. In Proc. of Symp. on Sec. and Privacy, pages 9--18. IEEE Press, 1981.
	25	T. Syrjänen. Lparse 1.0: User's Manual. Helsinki University of Technology, 2000.