A Type System for Expressive Security Policies
A Type System for Expressive Security Policies
Synthesising verified access control systems in XACML
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Reasoning about XACML policies using CSP
Proceedings of the 2005 workshop on Secure web services
SWS '04 Proceedings of the 2004 workshop on Secure web service
Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
A type discipline for authorization policies
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special Issue ESOP'05
Automatically identifying relations in privacy policies
Proceedings of the 27th ACM international conference on Design of communication
Strong and weak policy relations
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Understanding Concurrent Systems
Understanding Concurrent Systems
A formal privacy system and its application to location based services
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
Policy hierarchies for distributed systems management
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
This paper presents a framework for analysis and comparison of privacy policies expressed in P3P (Platform for Privacy Preferences). In contrast to existing approaches to policy analysis, which focus on demonstrations of equality or equivalence of policies, our approach makes it possible to check for refinement between policies. We automatically generate a CSP model from a P3P policy, which represents the policy's intended semantics; using the FDR model checker, we then perform various tests (using process refinement) to determine (a) whether a policy is internally consistent, and (b) whether a given policy refines another by permitting similar data collection, processing and sharing practices. Our approach allows for the detection of subtle differences between practices prescribed by different privacy policies, the comparison of relative levels of privacy offered by different policies, and captures the semantics of policies intended in the original P3P standard. The systematic translation of policies to CSP provides a formal means of reasoning about websites' privacy policies, and therefore the practices of various enterprises with regards to personal data.