Skip to main content
Springer Nature Link
Log in

Language-Based Enforcement of Privacy Policies

  • Conference paper
Privacy Enhancing Technologies (PET 2004)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3424))

Included in the following conference series:

  • 1506 Accesses

Abstract

We develop a language-based approach for modeling and verifying aspects of privacy policies. Our approach relies on information-flow control. Concretely, we use the programming language Jif, an extension of Java with information-flow types. We address basic leaks of private information and also consider other aspects of privacy policies supported by the Platform for Privacy Preferences (P3P) and related systems, namely the notion of purpose and the retention of data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Implementing P3P using database technology. In: Proceedings of the 19th International Conference on Data Engineering, pp. 595–606 (March 2003)

    Google Scholar 

  2. Antón, A.I.: The Privacy Place 2002 privacy values survey (April 2003), http://william.stufflebeam.cc/privacySurvey/results/resultsPage.php

  3. Antón, A.I.: The Privacy Place (2004), http://www.theprivacyplace.org

  4. Antón, A.I., Earp, J.B., Bolchini, D., He, Q., Jensen, C., Stufflebeam, W.: The lack of clarity in financial privacy policies and the need for standardization. Technical Report TR-2003-14, North Carolina State University (2003)

    Google Scholar 

  5. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language (EPAL 1.1) (2003), http://www.zurich.ibm.com/security/enterprise-privacy/epal/Specification/

  6. Ashley, P., Powers, C., Schunter, M.: From privacy promises to privacy management: A new approach for enforcing privacy throughout an enterprise. In: Proceedings of the 2002 Workshop on New Security Paradigms, pp. 43–50 (2002)

    Google Scholar 

  7. Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 162–180. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Bohrer, K., Hada, S., Miller, J., Powers, C., Wu, H.f.: Declarative Privacy Monitoring for Tivoli privacy manager (October 2003), http://alphaworks.ibm.com/tech/dpm

  9. Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading (1982)

    MATH  Google Scholar 

  10. Dreyer, L.C.J., Olivier, M.S.: An information-flow model for privacy (InfoPriv). In: Jajodia, S. (ed.) Database Security XII: Status and Prospects, pp. 77–90. Kluwer, Dordrecht (1999)

    Google Scholar 

  11. He, Q.: Privacy enforcement with an extended role-based access model. Technical Report TR-2003-09, North Carolina State University (February 2003)

    Google Scholar 

  12. He, Q., Antón, A.I.: A framework for modeling privacy requirements in role engineering. In: Proceedings of the 9th International Workshop on Requirements Engineering: Foundations for Software Quality, pp. 137–146. Essener Informatik Beiträge (2003)

    Google Scholar 

  13. Heintze, N., Riecke, J.G.: The SLam calculus: Programming with secrecy and integrity. In: Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of programming languages, pp. 365–377 (1998)

    Google Scholar 

  14. Hill, R.K., Fritz, P.: Reference Monitor for Tivoli privacy manager (July 2003), http://alphaworks.ibm.com/tech/refmon

  15. Lategan, F.A., Olivier, M.S.: Privguard: A model to protect private information based on its usage. South African Computer Journal 29, 58–68 (2002)

    Google Scholar 

  16. Myers, A.C.: JFlow: Practical mostly-static information flow control. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 228–241 (1999)

    Google Scholar 

  17. Myers, A.C.: Mostly-Static Decentralized Information Flow. PhD thesis, Massachussets Institute of Technology (1999)

    Google Scholar 

  18. Myers, A.C., Liskov, B.: Protecting privacy using the Decentralized Label Model. ACM Transactions on Software Engineering and Methodology 9(4), 410–442 (2000)

    Article  Google Scholar 

  19. Palsberg, J., Ørbæk, P.: Trust in the λ-calculus. Journal of Functional Programming 7(6), 557–591 (1997)

    Article  MATH  MathSciNet  Google Scholar 

  20. Pottier, F., Simonet, V.: Information flow inference for ML. ACM Transactions on Programming Languages and Systems 25(1), 117–158 (2003)

    Article  Google Scholar 

  21. Simonet, V.: The Flow Caml System: documentation and user’s manual. Technical Report 0282, Institut National de Recherche en Informatique et en Automatique (INRIA) (July 2003)

    Google Scholar 

  22. Jan, C.A., van der Lubbe: PAW: Privacy in an Ambient World (2004), http://www.cs.kun.nl/paw

  23. World Wide Web Consortium (W3C). The Platform for Privacy Preferences Specification (April 2002), http://www.w3.org/TR/P3P

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of California, Santa Cruz

    Katia Hayati & Martín Abadi

Authors
  1. Katia Hayati
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Martín Abadi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Artificial Intelligence Center, SRI International,  

    David Martin

  2. The Free Haven Project,  

    Andrei Serjantov

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hayati, K., Abadi, M. (2005). Language-Based Enforcement of Privacy Policies. In: Martin, D., Serjantov, A. (eds) Privacy Enhancing Technologies. PET 2004. Lecture Notes in Computer Science, vol 3424. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11423409_19

Download citation

  • DOI: https://doi.org/10.1007/11423409_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-26203-9

  • Online ISBN: 978-3-540-31960-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics