A logic of privacy

Authors:
Steve Barker;Valerio Genovese
Affiliations:
Dept. Computer Science, King's College London;Dept. Computer Science, University of Luxembourg and Dipartimento di Informatica, University of Torino
Venue:
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Year:
2010

Citing 14
Cited 0

Authentication in distributed systems: theory and practice

ACM Transactions on Computer Systems (TOCS)
A calculus for access control in distributed systems

ACM Transactions on Programming Languages and Systems (TOPLAS)
Flexible support for multiple access control policies

ACM Transactions on Database Systems (TODS)
Delegation logic: A logic-based approach to distributed authorization

ACM Transactions on Information and System Security (TISSEC)
Unification in Privacy Policy Evaluation - Translating EPAL into Prolog

POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Purpose based access control of complex data for privacy protection

Proceedings of the tenth ACM symposium on Access control models and technologies
Privacy and Contextual Integrity: Framework and Applications

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A comparison of two privacy policy languages: EPAL and XACML

Proceedings of the 3rd ACM workshop on Secure web services
Privacy-aware role based access control

Proceedings of the 12th ACM symposium on Access control models and technologies
Limiting disclosure in hippocratic databases

VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Status-Based Access Control

ACM Transactions on Information and System Security (TISSEC)
P3P: Making Privacy Policies More Useful

IEEE Security and Privacy
The next 700 access control models or a unifying meta-model?

Proceedings of the 14th ACM symposium on Access control models and technologies
Privacy-Aware Role-Based Access Control

IEEE Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

We consider the problem of developing an abstract meta-model of access control in terms of which policies for protecting a principal's private information may be specified. Our concern is with developing the formal foundations of our conceptual model. For both the specific access control models and privacy policies, which may be defined in terms of the meta-model, we adopt a combining approach: we combine access control concepts to form the meta-model and we use a fibred logic for the formal foundations. Our approach enables data subjects to specify flexibly what access controls they wish to apply on their personal data and it provides a formal foundation for policies that are defined in terms of the meta-model.