Deriving Semantic Models from Privacy Policies

Authors:
Travis D. Breaux;Annie I. Anton
Affiliations:
North Carolina State University;North Carolina State University
Venue:
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Year:
2005

Citing 0
Cited 8

Mining rule semantics to understand legislative compliance

Proceedings of the 2005 ACM workshop on Privacy in the electronic society
PolicyMorph: interactive policy transformations for a logical attribute-based access control framework

Proceedings of the 12th ACM symposium on Access control models and technologies
Semantic parameterization: A process for modeling domain descriptions

ACM Transactions on Software Engineering and Methodology (TOSEM)
A Formal Privacy Management Framework

Formal Aspects in Security and Trust
Enforcing purpose of use via workflows

Proceedings of the 8th ACM workshop on Privacy in the electronic society
Identifying Commitment-Based Software Requirements to Thwart Unfair and Deceptive Practices

RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
Towards defining semantic foundations for purpose-based privacy policies

Proceedings of the first ACM conference on Data and application security and privacy
A framework to support alignment of secure software engineering with legal regulations

Software and Systems Modeling (SoSyM)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Natural language policies describe interactions between and across organizations, third-parties and individuals. However, current policy languages are limited in their ability to collectively describe interactions across these parties. Goals from requirements engineering are useful for distilling natural language policy statements into structured descriptions of these interactions; however, they are limited in that they are not easy to compare with one another despite sharing common semantic features. In this paper, we propose a process called semantic parameterization that in conjunction with goal analysis supports the derivation of semantic models from privacy policy documents. We present example semantic models that enable comparing policy statements and discuss corresponding limitations identified in existing policy languages. The semantic models are described by a context-free grammar (CFG) that has been validated within the context of the most frequently expressed goals in over 100 website privacy policy documents. The CFG is supported by a qualitative and quantitative policy analysis tool.