Analysis of privacy and security policies

Authors:
E. Bertino;C. Brodie;S. B. Calo;L. F. Cranor;C. Karat;J. Karat;N. Li;D. Lin;J. Lobo;Q. Ni;P. R. Rao;X. Wang
Affiliations:
Computer Science Department, Purdue University, West Lafayette, IN;IBM Research Division, Thomas J. Watson Research Center, Hawthorne, NY;IBM Research Division, Thomas J. Watson Research Center, Hawthorne, NY;Carnegie Mellon University, Pittsburgh, PA;IBM Research Division, Thomas J. Watson Research Center, Hawthorne, NY;IBM Research Division, Thomas J. Watson Research Center, Hawthorne, NY;Department of Computer Science, Purdue University, West Lafayette, IN;Missouri University of Science and Technology, Rolla, MO;IBM Research Division, Thomas J. Watson Research Center, Hawthorne, NY;Department of Computer Science, Purdue University, West Lafayette, IN;Department of Computer Science, Purdue University, West Lafayette, IN;IBM Research Division, Thomas J. Watson Research Center, Hawthorne, NY
Venue:
IBM Journal of Research and Development
Year:
2009

Citing 24
Cited 3

Multi-Terminal Binary Decision Diagrams: An Efficient DataStructure for Matrix Representation

Formal Methods in System Design
Conflict Resolution Using Logic Programming

IEEE Transactions on Knowledge and Data Engineering
Integrating Flexible Support for Security Policies into the Linux Operating System

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Using Event Calculus to Formalise Policy Specification and Analysis

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Verification and change-impact analysis of access-control policies

Proceedings of the 27th international conference on Software engineering
Verifying information flow goals in security-enhanced Linux

Journal of Computer Security - Special issue on WITS'03
Policy Ratification

POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Privacy in information technology: designing to enable privacy policy management in organizations

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Evaluating interfaces for privacy policy rule authoring

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
On the modeling and analysis of obligations

Proceedings of the 13th ACM conference on Computer and communications security
Beyond separation of duty: an algebra for specifying high-level security policies

Proceedings of the 13th ACM conference on Computer and communications security
Analyzing web access control policies

Proceedings of the 16th international conference on World Wide Web
An approach to evaluate policy similarity

Proceedings of the 12th ACM symposium on Access control models and technologies
Efficient policy analysis for administrative role based access control

Proceedings of the 14th ACM conference on Computer and communications security
A formal foundation for XrML

Journal of the ACM (JACM)
Policy decomposition for collaborative access control

Proceedings of the 13th ACM symposium on Access control models and technologies
An obligation model bridging access control policies and privacy policies

Proceedings of the 13th ACM symposium on Access control models and technologies
Usability challenges in security and privacy policy-authoring interfaces

INTERACT'07 Proceedings of the 11th IFIP TC 13 international conference on Human-computer interaction - Volume Part II
Policy framework for security and privacy management

IBM Journal of Research and Development
Specifying and reasoning about dynamic access-control policies

IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Policy-based management of networked computing systems

IEEE Communications Magazine
Conditional privacy-aware role based access control

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Satisfiability and resiliency in workflow systems

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Obligations and their interaction with programs

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

An attribute-based authorization policy framework with dynamic conflict resolution

Proceedings of the 9th Symposium on Identity and Trust on the Internet
Policy framework for security and privacy management

IBM Journal of Research and Development
Negotiating and delegating obligations

Proceedings of the International Conference on Management of Emergent Digital EcoSystems

Quantified Score

Hi-index	0.00

Visualization

Abstract

The distributed nature of the environment in which privacy and security policies operate requires tools that help enforce consistency of policy rules across different domains. Furthermore, because changes to policy rules are required as policies evolve over time, such tools can be used by policy administrators to ensure the consistency of policy changes. In this paper, we describe a number of different policy analysis tools and techniques that we have developed over the years and present them in a unified framework in which both privacy and security policies are discussed. We cover dominance analyses of general policies, conflicts among authorizations and prohibitions, and other analyses of obligations, as well as policy similarity analysis and policy distribution.