E-P3P privacy policies and privacy authorization
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
A Privacy Policy Model for Enterprises
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A Component-Based Architecture for Secure Data Publication
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Obligation Monitoring in Policy Management
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Platform for enterprise privacy practices: privacy-enabled management of customer data
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Enterprise privacy promises and enforcement
WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
A comparison of two privacy policy languages: EPAL and XACML
Proceedings of the 3rd ACM workshop on Secure web services
An approach to evaluate policy similarity
Proceedings of the 12th ACM symposium on Access control models and technologies
XACML Policy Integration Algorithms
ACM Transactions on Information and System Security (TISSEC)
Consistent privacy preferences (CPP): model, semantics, and properties
Proceedings of the 2008 ACM symposium on Applied computing
Towards the development of privacy-aware systems
Information and Software Technology
Privacy with Web Serivces: Intelligence Gathering and Enforcement
WI-IAT '08 Proceedings of the 2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Volume 03
Federation proxy for cross domain identity federation
Proceedings of the 5th ACM workshop on Digital identity management
Simplified privacy controls for aggregated services: suspend and resume of personal data
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Rule-based policy representations and reasoning
Semantic techniques for the web
Data protection models for service provisioning in the cloud
Proceedings of the 15th ACM symposium on Access control models and technologies
Strong and weak policy relations
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Privacy-preserving similarity measurement for access control policies
Proceedings of the 6th ACM workshop on Digital identity management
Purpose control: did you process the data for the intended purpose?
SDM'11 Proceedings of the 8th VLDB international conference on Secure data management
An algebra for enterprise privacy policies closed under composition and conjunction
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Declarative privacy policy: finite models and attribute-based encryption
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Security and trust requirements engineering
Foundations of Security Analysis and Design III
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Privacy injector — automated privacy enforcement through aspects
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
| Hi-index | 0.00 |
Enterprise privacy policies often reflect different legal regulations, promises made to customers, as well as more restrictive enterprise-internal practices. The notion of policy refinement is fundamental for privacy policies, as it allows one to check whether a company's policy fulfills regulations or adheres to standards set by customer organizations, to realize the "sticky policy paradigm" that addresses transferring data from one realm to another in a privacy-preserving way, and much more. Although well-established in theory, the problem of how to efficiently check whether one policy refines another has been left open in the privacy policy literature. We present a practical algorithm for this task, concentrating on those aspects that make refinement of privacy policies more difficult than, for example refinement for access control policies, such as a more sophisticated treatment of deny rules and a suitable way for dealing with obligations and conditions on context information.