Abstract
We present a declarative language with a formal semantics for specifying both users’ privacy preferences and services’ privacy policies. Expressiveness and applicability are maximized by keeping the vocabulary and semantics of service behaviours abstract. A privacy-compliant data-handling protocol for a network of communicating principals is described.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Antón, A., Earp, J., Bolchini, D., He, Q., Jensen, C., Stufflebeam, W., et al.: The lack of clarity in financial privacy policies and the need for standardization. In: IEEE Symposium on Security & Privacy, pp. 36–45 (2004)
Ardagna, C.A., Cremonini, M., di Vimercati, S.D.C., Samarati, P.: A privacy-aware access control system. Journal of Computer Security 16(4), 369–397 (2008)
Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language (EPAL 1.2). Technical report, IBM (November 2003)
Barth, A., Datta, A., Mitchell, J., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: IEEE Symposium on Security and Privacy (2006)
Barth, A., Mitchell, J.: Enterprise privacy promises and enforcement. In: Proceedings of the 2005 Workshop on Issues in the Theory of Security, pp. 58–66. ACM, New York (2005)
Beatty, P., Reay, I., Dick, S., Miller, J.: P3P adoption on e-Commerce web sites: a survey and analysis. IEEE Internet Computing, 65–71 (2007)
Becker, M.Y.: SecPAL formalisation and extensions. Technical Report MSR-TR-2009-127, Microsoft Research (2009)
Becker, M.Y., Fournet, C., Gordon, A.D.: Design and semantics of a decentralized authorization language. In: IEEE Computer Security Foundations Symposium (2007)
Becker, M.Y., Malkis, A., Bussard, L.: S4P: A Generic Language for Specifying Privacy Preferences and Policies. Technical Report MSR-TR-2010-32, Microsoft Research (2010)
Becker, M.Y., Nanz, S.: The role of abduction in declarative authorization policies. In: Hudak, P., Warren, D.S. (eds.) PADL 2008. LNCS, vol. 4902, pp. 84–99. Springer, Heidelberg (2008)
Bengtson, J., Bhargavan, K., Fournet, C., Gordon, A.D., Maffeis, S.: Refinement types for secure implementations. In: Computer Security Foundations Symposium (2008)
Bettini, C., Jajodia, S., Wang, X., Wijesekera, D.: Obligation monitoring in policy management. In: Policies for Distributed Systems and Networks (2002)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: IEEE Symposium on Security and Privacy, pp. 164–173 (1996)
Casassa Mont, M., Beato, F.: On parametric obligation policies: Enabling privacy-aware information lifecycle management in enterprises. In: IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 51–55 (2007)
Cranor, L., Dobbs, B., Egelman, S., Hogben, G., Humphrey, J., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J., Schunter, M., Stampley, D.A., Wenning, R.: The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. W3C (November 2006)
Cranor, L., Langheinrich, M., Marchiori, M.: A P3P Preference Exchange Language 1.0. W3C (April 2002), http://www.w3.org/TR/P3P-preferences
Dietrich, S.W.: Extension tables: Memo relations in logic programming. In: Furukawa, K., Fujisaki, T., Tanaka, H. (eds.) Logic Programming 1987. LNCS, vol. 315, pp. 264–272. Springer, Heidelberg (1988)
Hochheiser, H.: The platform for privacy preference as a social protocol: An examination within the U.S. policy context. ACM Transactions on Internet Technologys 2(4) (2002)
Irwin, K., Yu, T., Winsborough, W.H.: On the modeling and analysis of obligations. In: Computer and Communications Security (2006)
Itai, A., Makowsky, J.A.: Unification as a complexity measure for logic programming. Journal of Logic Programming 4(2) (1987)
Jensen, C., Potts, C.: Privacy policies as decision-making tools: an evaluation of online privacy notices. In: Human Factors in Computing Systems (2004)
Ni, Q., Bertino, E., Lobo, J.: An obligation model bridging access control policies and privacy policies. In: Access Control Models and Technologies (2008)
OASIS. eXtensible Access Control Markup Language (XACML) Version 2.0 core specification (2005), http://www.oasis-open.org/committees/xacml/
Stufflebeam, W.H., AntĂłn, A.I., He, Q., Jain, N.: Specifying privacy policies with P3P and EPAL: lessons learned. In: Workshop on Privacy in the Electronic Society (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Becker, M.Y., Malkis, A., Bussard, L. (2010). A Practical Generic Privacy Language. In: Jha, S., Mathuria, A. (eds) Information Systems Security. ICISS 2010. Lecture Notes in Computer Science, vol 6503. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17714-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-17714-9_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17713-2
Online ISBN: 978-3-642-17714-9
eBook Packages: Computer ScienceComputer Science (R0)