Tisa: A Language Design and Modular Verification Technique for Temporal Policies in Web Services
ESOP '09 Proceedings of the 18th European Symposium on Programming Languages and Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Fine-Grained Access Control with Object-Sensitive Roles
Genoa Proceedings of the 23rd European Conference on ECOOP 2009 --- Object-Oriented Programming
A Formalization of HIPAA for a Medical Messaging System
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Towards a theory of accountability and audit
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Cue: a framework for generating meaningful feedback in XACML
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Experiences in the logical specification of the HIPAA and GLBA privacy laws
Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
Privacy policies with modal logic: the dynamic turn
DEON'10 Proceedings of the 10th international conference on Deontic logic in computer science
Analysis of the minimal privacy disclosure for web services collaborations with role mechanisms
Expert Systems with Applications: An International Journal
Collaborative Planning with Confidentiality
Journal of Automated Reasoning
Bounded memory Dolev-Yao adversaries in collaborative systems
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Policy auditing over incomplete logs: theory, implementation and applications
Proceedings of the 18th ACM conference on Computer and communications security
Declarative privacy policy: finite models and attribute-based encryption
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
An analytical solution for consent management in patient privacy preservation
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Towards HIPAA-compliant healthcare systems
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Understanding and protecting privacy: formal semantics and principled audit mechanisms
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Privacy by design: a formal framework for the analysis of architectural choices
Proceedings of the third ACM conference on Data and application security and privacy
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
We propose an abstract model of business processes for the purpose of (i) evaluating privacy policy in light of the goals of the process and (ii) developing automated support for privacy policy compliance and audit. In our model, agents that send and receive tagged personal information are assigned organizational roles and responsibilities. We present approaches and algorithms for determining whether a business process design simultaneously achieves privacy and the goals of the organization (utility). The model also allows us to develop a notion of minimal exposure of personal information, for a given process. We investigate the problem of auditing with inexact information and develop methods to identify a set of potentially culpable individuals when privacy is breached. The audit methods draw on traditional causality concepts to reduce the effort needed to search audit logs for irresponsible actions.