A logic for reasoning about security
ACM Transactions on Computer Systems (TOCS)
The platform for privacy preferences
Communications of the ACM
Privacy in e-commerce: examining user scenarios and privacy preferences
Proceedings of the 1st ACM conference on Electronic commerce
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
An XPath-based preference language for P3P
WWW '03 Proceedings of the 12th international conference on World Wide Web
A Privacy Policy Model for Enterprises
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Web Privacy with P3p
Automated analysis of P3P-enabled Web sites
ICEC '03 Proceedings of the 5th international conference on Electronic commerce
On permissions, inheritance and role hierarchies
Proceedings of the 10th ACM conference on Computer and communications security
Efficient comparison of enterprise privacy policies
Proceedings of the 2004 ACM symposium on Applied computing
Privacy policies as decision-making tools: an evaluation of online privacy notices
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Conflict and combination in privacy policy languages
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
A comparison of two privacy policy languages: EPAL and XACML
Proceedings of the 3rd ACM workshop on Secure web services
Consistent privacy preferences (CPP): model, semantics, and properties
Proceedings of the 2008 ACM symposium on Applied computing
Towards the development of privacy-aware systems
Information and Software Technology
A Privacy-Protecting Business-Analytics Service for On-Line Transactions
International Journal of Electronic Commerce
Privacy with Web Serivces: Intelligence Gathering and Enforcement
WI-IAT '08 Proceedings of the 2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Volume 03
A Formalization of HIPAA for a Medical Messaging System
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Enforcing P3P policies using a digital rights management system
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Simplified privacy controls for aggregated services: suspend and resume of personal data
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
A practical generic privacy language
ICISS'10 Proceedings of the 6th international conference on Information systems security
Conformance verification of privacy policies
WS-FM'10 Proceedings of the 7th international conference on Web services and formal methods
Towards high performance security policy evaluation
The Journal of Supercomputing
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Hi-index | 0.00 |
Several formal languages have been proposed to encode privacy policies, ranging from the Platform for Privacy Preferences (P3P), intended for communicating privacy policies to consumers over the web, to the Enterprise Privacy Authorization Language (EPAL), intended to enable policy enforcement within an enterprise. However, current technology does not allow an enterprise to determine whether its detailed, internal enforcement policy meets its published privacy promises. We present a data-centric, unified model for privacy, equipped with a modal logic for reasoning about permission inheritance across data hierarchies. We use this model to critique two privacy preference languages (APPEL and XPref), to justify P3P's policy summarization algorithm, and to connect privacy policy languages, such as EPAL. Specifically, we characterize when one policy enforces another and provide an algorithm for generating the most specific privacy promises, at a given level of detail, guaranteed by a more detailed enforcement policy.