Privacy policies and practices: inside the organizational maze
Communications of the ACM
A Privacy Policy Model for Enterprises
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Web Privacy with P3p
A security policy model for clinical information systems
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Privacy Technology Lessons from Healthcare
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Natural-Language Processing Support for Developing Policy-Governed Software Systems
TOOLS '01 Proceedings of the 39th International Conference and Exhibition on Technology of Object-Oriented Languages and Systems (TOOLS39)
Usable security and privacy: a case study of developing privacy management tools
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Privacy in information technology: designing to enable privacy policy management in organizations
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
The talent system: TEXTRACT architecture and data model
SEALTS '03 Proceedings of the HLT-NAACL 2003 workshop on Software engineering and architecture of language technology systems - Volume 8
Evaluating interfaces for privacy policy rule authoring
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A comparison of two privacy policy languages: EPAL and XACML
Proceedings of the 3rd ACM workshop on Secure web services
Tracking website data-collection and privacy practices with the iWatch web crawler
Proceedings of the 3rd symposium on Usable privacy and security
Usability inspection methods after 15 years of research and practice
SIGDOC '07 Proceedings of the 25th annual ACM international conference on Design of communication
Evaluating assistance of natural language policy authoring
Proceedings of the 4th symposium on Usable privacy and security
Proceedings of the 4th symposium on Usable privacy and security
Requirements and compliance in legal systems: a logic approach
RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Real life challenges in access-control management
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A Formal Privacy Management Framework
Formal Aspects in Security and Trust
Security automation considered harmful?
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Security policy refinement using data integration: a position paper
Proceedings of the 2nd ACM workshop on Assurable and usable security configuration
Configuring audience-oriented privacy policies
Proceedings of the 2nd ACM workshop on Assurable and usable security configuration
A transformation approach for security enhanced business processes
SE '08 Proceedings of the IASTED International Conference on Software Engineering
Visual vs. compact: a comparison of privacy policy interfaces
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
CNL4DSA: a controlled natural language for data sharing agreements
Proceedings of the 2010 ACM Symposium on Applied Computing
Usability challenges in security and privacy policy-authoring interfaces
INTERACT'07 Proceedings of the 11th IFIP TC 13 international conference on Human-computer interaction - Volume Part II
Deriving XACML policies from business process models
WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
Governance Requirements Extraction Model for Legal Compliance Validation
RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
A model of triangulating environments for policy authoring
Proceedings of the 15th ACM symposium on Access control models and technologies
Visualization for access control policy analysis results using multi-level grids
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
FAME: a firewall anomaly management environment
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Filter-based access control model: exploring a more usable database management
Proceedings of the 4th Symposium on Computer Human Interaction for the Management of Information Technology
Challenges in access right assignment for secure home networks
HotSec'10 Proceedings of the 5th USENIX conference on Hot topics in security
Oops, I did it again: mitigating repeated access control errors on facebook
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A controlled natural language interface for authoring access control policies
Proceedings of the 2011 ACM Symposium on Applied Computing
Integrating written policies in business rule management systems
RuleML'2011 Proceedings of the 5th international conference on Rule-based reasoning, programming, and applications
A design phase for data sharing agreements
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Automated extraction of security policies from natural-language software documents
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
From regulatory texts to BRMS: how to guide the acquisition of business rules?
RuleML'12 Proceedings of the 6th international conference on Rules on the Web: research and applications
My privacy policy: exploring end-user specification of free-form location access rules
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
International Journal of Information Security and Privacy
Implementing database access control policy from unconstrained natural language text
Proceedings of the 2013 International Conference on Software Engineering
Formalization of natural language regulations through SBVR structured english
RuleML'13 Proceedings of the 7th international conference on Theory, Practice, and Applications of Rules on the Web
Hi-index | 0.00 |
Today organizations do not have good ways of linking their written privacy policies with the implementation of those policies. To assist organizations in addressing this issue, our human-centered research has focused on understanding organizational privacy management needs, and, based on those needs, creating a usable and effective policy workbench called SPARCLE. SPARCLE will enable organizational users to enter policies in natural language, parse the policies to identify policy elements and then generate a machine readable (XML) version of the policy. In the future, SPARCLE will then enable mapping of policies to the organization's configuration and provide audit and compliance tools to ensure that the policy implementation operates as intended. In this paper, we present the strategies employed in the design and implementation of the natural language parsing capabilities that are part of the functional version of the SPARCLE authoring utility. We have created a set of grammars which execute on a shallow parser that are designed to identify the rule elements in privacy policy rules. We present empirical usability evaluation data from target organizational users of the SPARCLE system and highlight the parsing accuracy of the system with the organizations' privacy policies. The successful implementation of the parsing capabilities is an important step towards our goal of providing a usable and effective method for organizations to link the natural language version of privacy policies to their implementation, and subsequent verification through compliance auditing of the enforcement logs.