Analysis of privacy and security policies

  • Authors:
  • E. Bertino;C. Brodie;S. B. Calo;L. F. Cranor;C. Karat;J. Karat;N. Li;D. Lin;J. Lobo;Q. Ni;P. R. Rao;X. Wang

  • Affiliations:
  • Computer Science Department, Purdue University, West Lafayette, IN;IBM Research Division, Thomas J. Watson Research Center, Hawthorne, NY;IBM Research Division, Thomas J. Watson Research Center, Hawthorne, NY;Carnegie Mellon University, Pittsburgh, PA;IBM Research Division, Thomas J. Watson Research Center, Hawthorne, NY;IBM Research Division, Thomas J. Watson Research Center, Hawthorne, NY;Department of Computer Science, Purdue University, West Lafayette, IN;Missouri University of Science and Technology, Rolla, MO;IBM Research Division, Thomas J. Watson Research Center, Hawthorne, NY;Department of Computer Science, Purdue University, West Lafayette, IN;Department of Computer Science, Purdue University, West Lafayette, IN;IBM Research Division, Thomas J. Watson Research Center, Hawthorne, NY

  • Venue:
  • IBM Journal of Research and Development
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

The distributed nature of the environment in which privacy and security policies operate requires tools that help enforce consistency of policy rules across different domains. Furthermore, because changes to policy rules are required as policies evolve over time, such tools can be used by policy administrators to ensure the consistency of policy changes. In this paper, we describe a number of different policy analysis tools and techniques that we have developed over the years and present them in a unified framework in which both privacy and security policies are discussed. We cover dominance analyses of general policies, conflicts among authorizations and prohibitions, and other analyses of obligations, as well as policy similarity analysis and policy distribution.