Skip to main content
SpringerLink
Log in

A Practical Generic Privacy Language

  • Conference paper
Information Systems Security (ICISS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6503))

Included in the following conference series:

Abstract

We present a declarative language with a formal semantics for specifying both users’ privacy preferences and services’ privacy policies. Expressiveness and applicability are maximized by keeping the vocabulary and semantics of service behaviours abstract. A privacy-compliant data-handling protocol for a network of communicating principals is described.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Antón, A., Earp, J., Bolchini, D., He, Q., Jensen, C., Stufflebeam, W., et al.: The lack of clarity in financial privacy policies and the need for standardization. In: IEEE Symposium on Security & Privacy, pp. 36–45 (2004)

    Google Scholar 

  2. Ardagna, C.A., Cremonini, M., di Vimercati, S.D.C., Samarati, P.: A privacy-aware access control system. Journal of Computer Security 16(4), 369–397 (2008)

    Article  Google Scholar 

  3. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language (EPAL 1.2). Technical report, IBM (November 2003)

    Google Scholar 

  4. Barth, A., Datta, A., Mitchell, J., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: IEEE Symposium on Security and Privacy (2006)

    Google Scholar 

  5. Barth, A., Mitchell, J.: Enterprise privacy promises and enforcement. In: Proceedings of the 2005 Workshop on Issues in the Theory of Security, pp. 58–66. ACM, New York (2005)

    Google Scholar 

  6. Beatty, P., Reay, I., Dick, S., Miller, J.: P3P adoption on e-Commerce web sites: a survey and analysis. IEEE Internet Computing, 65–71 (2007)

    Google Scholar 

  7. Becker, M.Y.: SecPAL formalisation and extensions. Technical Report MSR-TR-2009-127, Microsoft Research (2009)

    Google Scholar 

  8. Becker, M.Y., Fournet, C., Gordon, A.D.: Design and semantics of a decentralized authorization language. In: IEEE Computer Security Foundations Symposium (2007)

    Google Scholar 

  9. Becker, M.Y., Malkis, A., Bussard, L.: S4P: A Generic Language for Specifying Privacy Preferences and Policies. Technical Report MSR-TR-2010-32, Microsoft Research (2010)

    Google Scholar 

  10. Becker, M.Y., Nanz, S.: The role of abduction in declarative authorization policies. In: Hudak, P., Warren, D.S. (eds.) PADL 2008. LNCS, vol. 4902, pp. 84–99. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  11. Bengtson, J., Bhargavan, K., Fournet, C., Gordon, A.D., Maffeis, S.: Refinement types for secure implementations. In: Computer Security Foundations Symposium (2008)

    Google Scholar 

  12. Bettini, C., Jajodia, S., Wang, X., Wijesekera, D.: Obligation monitoring in policy management. In: Policies for Distributed Systems and Networks (2002)

    Google Scholar 

  13. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: IEEE Symposium on Security and Privacy, pp. 164–173 (1996)

    Google Scholar 

  14. Casassa Mont, M., Beato, F.: On parametric obligation policies: Enabling privacy-aware information lifecycle management in enterprises. In: IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 51–55 (2007)

    Google Scholar 

  15. Cranor, L., Dobbs, B., Egelman, S., Hogben, G., Humphrey, J., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J., Schunter, M., Stampley, D.A., Wenning, R.: The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. W3C (November 2006)

    Google Scholar 

  16. Cranor, L., Langheinrich, M., Marchiori, M.: A P3P Preference Exchange Language 1.0. W3C (April 2002), http://www.w3.org/TR/P3P-preferences

  17. Dietrich, S.W.: Extension tables: Memo relations in logic programming. In: Furukawa, K., Fujisaki, T., Tanaka, H. (eds.) Logic Programming 1987. LNCS, vol. 315, pp. 264–272. Springer, Heidelberg (1988)

    Google Scholar 

  18. Hochheiser, H.: The platform for privacy preference as a social protocol: An examination within the U.S. policy context. ACM Transactions on Internet Technologys 2(4) (2002)

    Google Scholar 

  19. Irwin, K., Yu, T., Winsborough, W.H.: On the modeling and analysis of obligations. In: Computer and Communications Security (2006)

    Google Scholar 

  20. Itai, A., Makowsky, J.A.: Unification as a complexity measure for logic programming. Journal of Logic Programming 4(2) (1987)

    Google Scholar 

  21. Jensen, C., Potts, C.: Privacy policies as decision-making tools: an evaluation of online privacy notices. In: Human Factors in Computing Systems (2004)

    Google Scholar 

  22. Ni, Q., Bertino, E., Lobo, J.: An obligation model bridging access control policies and privacy policies. In: Access Control Models and Technologies (2008)

    Google Scholar 

  23. OASIS. eXtensible Access Control Markup Language (XACML) Version 2.0 core specification (2005), http://www.oasis-open.org/committees/xacml/

  24. Stufflebeam, W.H., AntĂłn, A.I., He, Q., Jain, N.: Specifying privacy policies with P3P and EPAL: lessons learned. In: Workshop on Privacy in the Electronic Society (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft Research, UK

    Moritz Y. Becker

  2. IMDEA Software, Spain

    Alexander Malkis

  3. EMIC, Germany

    Laurent Bussard

Authors
  1. Moritz Y. Becker
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander Malkis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Laurent Bussard
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Sciences Department, University of Wisconsin, 53706, Madison, WI, USA

    Somesh Jha

  2. Dhirubhai Ambani Institute of Information and Communication Technology, Gandhinagar, 382007, Gujarat, India

    Anish Mathuria

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Becker, M.Y., Malkis, A., Bussard, L. (2010). A Practical Generic Privacy Language. In: Jha, S., Mathuria, A. (eds) Information Systems Security. ICISS 2010. Lecture Notes in Computer Science, vol 6503. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17714-9_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17714-9_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17713-2

  • Online ISBN: 978-3-642-17714-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation