Local model checking for infinite state spaces
Selected papers of the Second Workshop on Concurrency and compositionality
Journal of the ACM (JACM)
Temporal verification of reactive systems: safety
Temporal verification of reactive systems: safety
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Web Privacy with P3p
Privacy and Contextual Integrity: Framework and Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Privacy and Utility in Business Processes
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Analyzing Regulatory Rules for Privacy and Security Requirements
IEEE Transactions on Software Engineering
Reasoning about Conditions and Exceptions to Laws in Regulatory Conformance Checking
DEON '08 Proceedings of the 9th international conference on Deontic Logic in Computer Science
A Formalization of HIPAA for a Medical Messaging System
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Monitoring security policies with metric first-order temporal logic
Proceedings of the 15th ACM symposium on Access control models and technologies
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Normative systems represented as hybrid knowledge bases
CLIMA'11 Proceedings of the 12th international conference on Computational logic in multi-agent systems
Managing multi-jurisdictional requirements in the cloud: towards a computational legal landscape
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
Policy auditing over incomplete logs: theory, implementation and applications
Proceedings of the 18th ACM conference on Computer and communications security
Towards an automated assistant for clinical investigations
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Understanding and protecting privacy: formal semantics and principled audit mechanisms
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
A dynamic logic for privacy compliance
Artificial Intelligence and Law - Special issue on Deontic Logic and Normative Systems
On XACML's adequacy to specify and to enforce HIPAA
HealthSec'12 Proceedings of the 3rd USENIX conference on Health Security and Privacy
Leveraging actors for privacy compliance
Proceedings of the 2nd edition on Programming systems, languages and applications based on actors, agents, and decentralized control abstractions
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
Despite the wide array of frameworks proposed for the formal specification and analysis of privacy laws, there has been comparatively little work on expressing large fragments of actual privacy laws in these frameworks. We attempt to bridge this gap by giving complete logical formalizations of the transmission-related portions of the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA). To this end, we develop the PrivacyLFP logic, whose features include support for disclosure purposes, real-time constructs, and self-reference via fixed points. To illustrate these features and demonstrate PrivacyLFP's utility, we present formalizations of a collection of clauses from these laws. Due to their size, our full formalizations of HIPAA and GLBA appear in a companion technical report. We discuss ambiguities in the laws that our formalizations revealed and sketch preliminary ideas for computer-assisted enforcement of such privacy policies.