Managing the risk of covert information flows in virtual machine systems
Proceedings of the 12th ACM symposium on Access control models and technologies
| Hi-index | 0.01 |
The security of private information is of paramount importance to the continuing use of the Internet for business dealings, as the risk of fraud or unintentional disclosure of private information could be a serious deterrent to individuals. Privacy policies are being used more and more to promise the security of an individual's private information, but the checking of privacy policies was a daunting task until P3P made it possible to automate such checking.We propose a conceptual method to extend P3P in order to add more flexibility to the decision on whether or not a given item of private information will be supplied to a targetorganisation by using the Chinese Wall security policy. This will enable a user to not only define rules as to which items of private information she would disclose, but also to define what collection of private information any given organisation would be able to build about her.