Browser unable to execute script; please use the site map to navigate the site.

An Information-Flow Model for Privacy (InfoPriv)

Dreyer and Olivier


(Citation)Citation information

L. C. J. Dreyer and M. S. Olivier. “An Information-Flow Model for Privacy (InfoPriv)”. In: Database Security XII: Status and Prospects. Ed. by S. Jajodia. Kluwer, 1999, pp. 77–90


Privacy is concerned with the protection of personal information. Traditional security models (such as the Bell-LaPadula model) assume that users can be trusted and instead concentrate on the processes within the boundaries of the computer system. The InfoPriv model goes further by assuming that users (especially people) are not trustworthy. The information flow between the users should, therefore, be taken into account as well. The basic elements of InfoPriv are entities and the information flow between them. Information flow can either be positive (permitted) or negative (not permitted). It is shown how InfoPriv can be formalised by using graph theory. This formalisation includes the notion of information sanitisers (or trusted entities). InfoPriv is concluded with a discussion of its static and dynamic aspects. A Prolog prototype based on InfoPriv has been implemented and tested successfully on a variety of privacy policies.

(Full text; password required)Full text

A pre- or postprint of the publication is available at
Note that a username and password are required to download the full text. (Why?) Please e-mail me and I will send you a username and password.

(Full text)Full text

A pre- or postprint of the publication is available at

(Authoritative version on publisher's site)Definitive version

The definitive version of the paper is available from the publisher.
DOI: 10.1007/978-0-387-35564-1_5

(BibTeX record)BibTeX reference

author={Lucas C J Dreyer and Martin S Olivier},
title={An Information-Flow Model for Privacy ({I}nfo{P}riv)},
editor={Sushil Jajodia},
booktitle={Database Security XII: Status and Prospects},
year={1999} )