Adam Barth
John C. Mitchell
ABSTRACT
Several formal languages have been proposed to encode privacy policies, ranging from the Platform for Privacy Preferences (P3P), intended for communicating privacy policies to consumers over the web, to the Enterprise Privacy Authorization Language (EPAL), intended to enable policy enforcement within an enterprise. However, current technology does not allow an enterprise to determine whether its detailed, internal enforcement policy meets its published privacy promises. We present a data-centric, unified model for privacy, equipped with a modal logic for reasoning about permission inheritance across data hierarchies. We use this model to critique two privacy preference languages (APPEL and XPref), to justify P3P's policy summarization algorithm, and to connect privacy policy languages, such as EPAL. Specifically, we characterize when one policy enforces another and provide an algorithm for generating the most specific privacy promises, at a given level of detail, guaranteed by a more detailed enforcement policy.
- M. S. Ackerman, L. F. Cranor, and J. Reagle. Privacy in e-commerce: examining user scenarios and privacy preferences. In Proceedings of the 1st ACM Conference on Electronic Commerce, pages 1--8. ACM Press, 1999. Google Scholar
Digital Library
- R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. An XPath-based preference language for P3P. In Proceedings of the Twelfth International Conference on World Wide Web, pages 629--639. ACM Press, 2003. Google ScholarDigital Library
- M. Backes, M. Dürmuth, and R. Steinwandt. An algebra for composing enterprise privacy policies. In European Symposium on Research in Computer Security (ESORICS). Springer Lecture Notes in Computer Science 3193, 2004.Google Scholar
- M. Backes, G. Karjoth, W. Bagga, and M. Schunter. Efficient comparison of enterprise privacy policies. In Proceedings of the 2004 ACM Symposium on Applied Computing, pages 375--382. ACM Press, 2004. Google ScholarDigital Library
- M. Backes, B. Pfitzmann, and M. Schunter. A toolkit for managing enterprise privacy policies. In European Symposium on Research in Computer Security (ESORICS), pages 101--119. Springer Lecture Notes in Computer Science 2808, 2003.Google ScholarCross Ref
- A. Barth, J. C. Mitchell, and J. Rosenstein. Conflict and combination in privacy policy languages. In Proceedings of the 2004 Workshop on Privacy in the Electronic Society. ACM Press, 2004. Google ScholarDigital Library
- M. Bishop. Computer Security: Art and Science. Addison Wesley Professional, 2003.Google Scholar
- S. Byers, L. F. Cranor, and D. Kormann. Automated analysis of P3P-enabled web sites. In Proceedings of the 5th International Conference on Electronic Commerce, pages 326--338. ACM Press, 2003. Google ScholarDigital Library
- B. F. Chellas. Modal Logic: An Introduction. Cambridge University Press, 1980.Google ScholarCross Ref
- J. Clark and S. DeRose. XML path language (XPath), 1999. http://www.w3.org/TR/xpath/.Google Scholar
- J. Crampton. On permissions, inheritance and role hierarchies. In Proceedings of the 10th ACM Conference on Computer and Communication Security, pages 85--92. ACM Press, 2003. Google ScholarDigital Library
- L. F. Cranor. Web Privacy with P3P. O'Reilly and Associates, Inc., 2002. Google ScholarDigital Library
- L. F. Cranor, M. Langheinrich, M. Marchiori, M. Presler-Marshall, and J. Reagle. The platform for privacy preferences 1.0 (P3P1.0) specification, 2002. http://www.w3.org/TR/P3P/.Google Scholar
- J. Glasgow, G. Macewen, and P. Panangaden. A logic for reasoning about security. ACM Trans. Comput. Syst., 10(3):226--264, 1992. Google ScholarDigital Library
- S. Jajodia, P. Samarati, M. L. Sapino, and V. S. Subrahmanian. Flexible support for multiple access control policies. ACM Trans. Database Syst., 26(2):214--260, 2001. Google ScholarDigital Library
- C. Jensen and C. Potts. Privacy policies as decision-making tools: an evaluation of online privacy notices. In Proceedings of the 2004 Conference on Human Factors in Computing Systems, pages 471--478. ACM Press, 2004. Google ScholarDigital Library
- G. Karjoth and M. Schunter. A privacy policy model for enterprises. In 15th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, 2002. Google ScholarDigital Library
- R. Pucella and V. Weissman. Reasoning about dynamic policies. In Foundations of Software Science and Computation Structures (FOSSACS), 2004.Google ScholarCross Ref
- J. Reagle and L. F. Cranor. The platform for privacy preferences. Commun. ACM, 42(2):48--55, 1999. Google ScholarDigital Library
- M. Schunter, P. Ashley, S. Hada, G. Karjoth, C. Powers, and M. Schunter. Enterprise privacy authorization language (EPAL 1.1), 2003. http://www.zurich.ibm.com/security/enterprise-privacy/epal/Specification/.Google Scholar
Index Terms
- Enterprise privacy promises and enforcement
Recommendations
Privacy promises that can be kept: a policy analysis method with application to the HIPAA privacy rule
SACMAT '13: Proceedings of the 18th ACM symposium on Access control models and technologiesOrganizations collect personal information from individuals to carry out their business functions. Federal privacy regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), mandate how this collected information can be shared ...
A comparison of two privacy policy languages: EPAL and XACML
SWS '06: Proceedings of the 3rd ACM workshop on Secure web servicesCurrent regulatory requirements in the U.S. and other countries make it increasingly important for Web Services to be able to enforce and verify their compliance with privacy policies. Structured policy languages can play a major role by supporting ...
Efficient comparison of enterprise privacy policies
SAC '04: Proceedings of the 2004 ACM symposium on Applied computingEnterprise privacy policies often reflect different legal regulations, promises made to customers, as well as more restrictive enterprise-internal practices. The notion of policy refinement is fundamental for privacy policies, as it allows one to check ...
Comments