ABSTRACT
Enterprise privacy policies often reflect different legal regulations, promises made to customers, as well as more restrictive enterprise-internal practices. The notion of policy refinement is fundamental for privacy policies, as it allows one to check whether a company's policy fulfills regulations or adheres to standards set by customer organizations, to realize the "sticky policy paradigm" that addresses transferring data from one realm to another in a privacy-preserving way, and much more. Although well-established in theory, the problem of how to efficiently check whether one policy refines another has been left open in the privacy policy literature. We present a practical algorithm for this task, concentrating on those aspects that make refinement of privacy policies more difficult than, for example refinement for access control policies, such as a more sophisticated treatment of deny rules and a suitable way for dealing with obligations and conditions on context information.
- P. Ashley, S. Hada, G. Karjoth, C. Powers, and M. Schunter. Enterprise Privacy Authorization Language (EPAL). Research Report RZ 3485, IBM Research, Mar. 2003.]]Google Scholar
- P. Ashley, S. Hada, G. Karjoth, and M. Schunter. E-P3P privacy policies and privacy authorization. In Proc. 1st ACM Workshop on Privacy in the Electronic Society (WPES), pages 103--109, 2002.]] Google ScholarDigital Library
- M. Backes, B. Pfitzmann, and M. Schunter. A toolkit for managing enterprise privacy policies. In European Symposium on Research in Computer Security (ESORICS), Lecture Notes in Computer Science 2808, pages 101--119. Springer, 2003.]]Google Scholar
- C. Bettini, S. Jajodia, X. S. Wang, and D. Wijesekerat. Obligation monitoring in policy management. In Proc. 3rd IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), pages 2--12, 2002.]] Google ScholarDigital Library
- P. A. Bonatti, E. Damiani, S. De Capitani di Vimercati, and P. Samarati. A component-based architecture for secure data publication. In Proc. 17th Annual Computer Security Applications Conference, pages 309--318, 2001.]] Google ScholarDigital Library
- A. Cavoukian and T. J. Hamilton. The Privacy Payoff: How successful businesses build customer trust. McGraw-Hill/Ryerson, 2002.]]Google Scholar
- N. Damianou, N. Dulay, E. Lupo, and M. Sloman. The Ponder Policy Specification Language. In Policies for Distributed Systems and Networks (Policy 2001), Lecture Notes in Computer Science 1995, pg. 18--39. Springer, 2001.]] Google ScholarDigital Library
- S. Fischer-Hübner. IT-security and privacy: Design and use of privacy-enhancing security mechanisms, Lecture Notes in Computer Science 1958. Springer, 2002.]]Google Scholar
- S. Jajodia, M. Kudo, and V. S. Subrahmanian. Provisional authorization. In Proc. E-commerce Security and Privacy, pages 133--159. Kluwer Academic Publishers, 2001.]]Google Scholar
- G. Karjoth and M. Schunter. A privacy policy model for enterprises. In Proc. 15th IEEE Computer Security Foundations Workshop (CSFW), pages 271--281, 2002.]] Google ScholarDigital Library
- G. Karjoth, M. Schunter, and M. Waidner. The platform for enterprise privacy practices -- privacy-enabled management of customer data. In Proc. Privacy Enhancing Technologies, Lecture Notes in Computer Science 2482, pages 69--84. Springer, 2002.]]Google Scholar
- Platform for Privacy Preferences (P3P). W3C Recommendation, Apr. 2002. www.w3.org/TR/2002/REC-P3P-20020416/.]]Google Scholar
- C. Ribeiro, A. Zuquete, P. Ferreira, and P. Guedes. SPL: An access control language for security policies with complex constraints. In Proc. Network and Distributed System Security Symposium (NDSS), pages 89--107, 2001.]]Google Scholar
- TRUSTe. Privacy Certification. See www.truste.com.]]Google Scholar
- eXtensible Access Control Markup Language (XACML). OASIS Committee Specification 1.0, Dec. 2002. www.oasis-open.org/committees/xacml.]]Google Scholar
Index Terms
- Efficient comparison of enterprise privacy policies
Recommendations
A comparison of two privacy policy languages: EPAL and XACML
SWS '06: Proceedings of the 3rd ACM workshop on Secure web servicesCurrent regulatory requirements in the U.S. and other countries make it increasingly important for Web Services to be able to enforce and verify their compliance with privacy policies. Structured policy languages can play a major role by supporting ...
Refinement checking for privacy policies
This paper presents a framework for analysis and comparison of privacy policies expressed in P3P (Platform for Privacy Preferences). In contrast to existing approaches to policy analysis, which focus on demonstrations of equality or equivalence of ...
Enterprise privacy promises and enforcement
WITS '05: Proceedings of the 2005 workshop on Issues in the theory of securitySeveral formal languages have been proposed to encode privacy policies, ranging from the Platform for Privacy Preferences (P3P), intended for communicating privacy policies to consumers over the web, to the Enterprise Privacy Authorization Language (...
Comments