Super-sticky and declassifiable release policies for flexible information dissemination control

Authors:
Sruthi Bandhakavi;Charles C. Zhang;Marianne Winslett
Affiliations:
University of Illinois at Urbana-Champaign, Urbana, IL;University of Illinois at Urbana-Champaign, Urbana, IL;University of Illinois at Urbana-Champaign, Urbana, IL
Venue:
Proceedings of the 5th ACM workshop on Privacy in electronic society
Year:
2006

Citing 10
Cited 4

A decentralized model for information flow control

Proceedings of the sixteenth ACM symposium on Operating systems principles
Exception-based information flow control in object-oriented systems

ACM Transactions on Information and System Security (TISSEC)
JFlow: practical mostly-static information flow control

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services

DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
Dimensions and Principles of Declassification

CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
PeerAccess: a logic for distributed authorization

Proceedings of the 12th ACM conference on Computer and communications security
A formal semantics for P3P

SWS '04 Proceedings of the 2004 workshop on Secure web service
Financial Privacy Policies and the Need for Standardization

IEEE Security and Privacy
Platform for enterprise privacy practices: privacy-enabled management of customer data

PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Enforcing "sticky" security policies throughout a distributed application

Proceedings of the 2008 workshop on Middleware security
Supporting Evidence-Based Compliance Evaluation for Partial Business Process Outsourcing Scenarios

RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Foundations for group-centric secure information sharing models

Proceedings of the 14th ACM symposium on Access control models and technologies
Group-Centric Secure Information-Sharing Models for Isolated Groups

ACM Transactions on Information and System Security (TISSEC)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Over the years, many aspects of the transfer of information from one party to another have commanded the attention of the security and privacy community. Released information can have various levels of sensitivity: facts that are pub-lic, sensitive private information that requires its original owner's permission for its future dissemination, or even in-formation that requires control over the release of the con-clusions reached using that information. Some situations also call for declassification of information, which requires a two-pronged approach: the original owner retains control over the dissemination of sensitive information and sensitive conclusions reached using that information, but when the in-formation is used to reach conclusions that are sufficiently non-sensitive, the original owner's control can be removed for the dissemination of those conclusions. In this paper, we define such a logic to specify information dissemination con-trol policies and reason about release and declassification, and give case studies of the use of our language to control the release of aggregated open source software, multimedia content and medical information.