An Algebra for Enterprise Privacy Policies Closed Under Composition and Conjunction

  • Dominik Raub
  • Rainer Steinwandt
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3995)


A prerequisite for processing privacy-sensitive data with automatic tools is a fine-grained formalization of privacy policies along with appropriate operators to manipulate such policies. The most promising results for the formalization of privacy policies so far have been achieved with the language EPAL resp. its academic counterpart E-P3P.

As shown at ESORICS 2004, in the existing form E-P3P has fundamental limitations in the expressability of composed policies as desired in projects involving multiple departments or enterprises. We describe a Novel Algebraic Privacy Specification (NAPS) which addresses these problems by offering conjunction, composition and scoping operators, which are defined analogously to those known from E-P3P, but exhibit desirable algebraic properties. Most notably NAPS is, in contrast to E-P3P, closed under all of these operators. Also, we show how existing E-P3P policies fit into the NAPS framework.


Access Control Privacy Policy Default Ruling Company Policy Page Limit 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ashley, P., et al.: E-P3P privacy policies and privacy authorization. In: WPES 2002, pp. 103–109. ACM Press, New York (2002)Google Scholar
  2. 2.
    Backes, M., et al.: Efficient Comparison of Enterprise Priv. Policies. In: SAC 2004, pp. 375–382. ACM Press, New York (2004)Google Scholar
  3. 3.
    Backes, M., et al.: Unification in Priv. Policy Evaluation – Translating EPAL into Prolog. In: POLICY 2004. IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
  4. 4.
    Backes, M., Dürmuth, M., Steinwandt, R.: An Algebra for Composing Enterprise Privacy Policies. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 33–52. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Backes, M., Pfitzmann, B., Schunter, M.: A Toolkit for Managing Enterprise Privacy Policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 162–180. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Bettini, C., et al.: Obligation monitoring in policy management. In: POLICY 2002, pp. 2–12 (2002)Google Scholar
  7. 7.
    Birkhoff, G.: Lattice Theory. Colloquium Publications, vol. 25. AMS, Providence (1973)MATHGoogle Scholar
  8. 8.
    Bonatti, P.A., et al.: A Component-Based Architecture for Secure Data Publication. In: ACSAC 2001, pp. 309–318 (2001)Google Scholar
  9. 9.
    Bonatti, P.A., et al.: A modular approach to composing access control policies. In: CCS 2000, pp. 164–173. ACM Press, New York (2000)Google Scholar
  10. 10.
    Bonatti, P.A., et al.: An algebra for composing access control policies. ACM Trans. on Inf. and Syst. Sec. 5(1), 1–35 (2002)MathSciNetCrossRefGoogle Scholar
  11. 11.
    di Vimercati, S.D.C., Samarati, P.: An authorization model for federated systems. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 99–117. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  12. 12.
    Fu, Z., Wu, S.F., Huang, H., Loh, K., Gong, F., Baldine, I., Xu, C.: IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 39–56. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Gallier, J.H.: Logic for Comp. Science: Found. of Automatic Theorem Proving, Ch. 2.5 and 10, pp. 448–456, 483–488. John Wiley & Sons, Chichester (1986),
  14. 14.
    Gligor, V.D., et al.: On the Formal Definition of Separation-of-Duty Policies and their Composition. In: Proc. 19th IEEE Symp. on Sec. & Priv., pp. 172–183 (1998)Google Scholar
  15. 15.
    Jajodia, S., et al.: Provisional authorization. In: Proc. of the E-commerce Sec. and Priv., pp. 133–159. Kluwer Academic Publishers, Dordrecht (2001)Google Scholar
  16. 16.
    Jajodia, S., et al.: Flexible support for multiple access control policies. ACM Trans. on Database Syst. 26(2), 214–260 (2001)CrossRefMATHGoogle Scholar
  17. 17.
    Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: Privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Łukasiewicz, J.: Philosophische Bemerkungen zu mehrwertigen Systemen des Aussagenkalküls. C. R. Soc. Sc. Varsovie 23, 51–77 (1931)MATHGoogle Scholar
  19. 19.
    Moffett, J.D., Sloman, M.S.: Policy hierarchies for distributed systems management. IEEE JSAC Special Issue on Network Manag. 11(9), 1404–1414 (1993)Google Scholar
  20. 20.
    Raub, D., Steinwandt, R.: An Algebra for Enterprise Privacy Policies Closed Under Composition and Conjunction (full version, 2006),
  21. 21.
    Ribeiro, C.N., et al.: SPL: An access control language for security policies and complex constraints. In: NDSS 2001, pp. 89–107. Internet Soc. (2001),
  22. 22.
    Schmitt, P.H.: Nichtklassische Logiken. Script, Universität Karlsruhe (2004),
  23. 23.
    Simon, R.T., Zurko, M.E.: Separation of Duty in Role-based Environments. In: CSFW 1997, pp. 183–194 (1997)Google Scholar
  24. 24.
    Wijesekera, D., Jajodia, S.: Policy algebras for access control: the propositional case. In: CCS 2001, pp. 38–47. ACM Press, New York (2001)Google Scholar
  25. 25.
    Wijesekera, D., Jajodia, S.: A propositional policy algebra for access control. ACM Trans. on Inf. and Syst. Sec. 6(2), 286–325 (2003)CrossRefGoogle Scholar
  26. 26.
    Semilattice. Wikipedia, the free encyclopedia,
  27. 27.
    eXtensible Access Control Markup Language (XACML). OASIS Committee Specification 1.0 (December 2002),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Dominik Raub
    • 1
  • Rainer Steinwandt
    • 2
  1. 1.Department of Computer ScienceETH ZurichZurichSwitzerland
  2. 2.Department of Mathematical SciencesFlorida Atlantic UniversityBoca RatonUSA

Personalised recommendations