Abstract
A prerequisite for processing privacy-sensitive data with automatic tools is a fine-grained formalization of privacy policies along with appropriate operators to manipulate such policies. The most promising results for the formalization of privacy policies so far have been achieved with the language EPAL resp. its academic counterpart E-P3P.
As shown at ESORICSĀ 2004, in the existing form E-P3P has fundamental limitations in the expressability of composed policies as desired in projects involving multiple departments or enterprises. We describe a Novel Algebraic Privacy Specification (NAPS) which addresses these problems by offering conjunction, composition and scoping operators, which are defined analogously to those known from E-P3P, but exhibit desirable algebraic properties. Most notably NAPS is, in contrast to E-P3P, closed under all of these operators. Also, we show how existing E-P3P policies fit into the NAPS framework.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ashley, P., et al.: E-P3P privacy policies and privacy authorization. In: WPES 2002, pp. 103ā109. ACM Press, New York (2002)
Backes, M., et al.: Efficient Comparison of Enterprise Priv. Policies. In: SAC 2004, pp. 375ā382. ACM Press, New York (2004)
Backes, M., et al.: Unification in Priv. Policy Evaluation ā Translating EPAL into Prolog. In: POLICY 2004. IEEE Computer Society Press, Los Alamitos (2004)
Backes, M., DĆ¼rmuth, M., Steinwandt, R.: An Algebra for Composing Enterprise Privacy Policies. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol.Ā 3193, pp. 33ā52. Springer, Heidelberg (2004)
Backes, M., Pfitzmann, B., Schunter, M.: A Toolkit for Managing Enterprise Privacy Policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol.Ā 2808, pp. 162ā180. Springer, Heidelberg (2003)
Bettini, C., et al.: Obligation monitoring in policy management. In: POLICY 2002, pp. 2ā12 (2002)
Birkhoff, G.: Lattice Theory. Colloquium Publications, vol.Ā 25. AMS, Providence (1973)
Bonatti, P.A., et al.: A Component-Based Architecture for Secure Data Publication. In: ACSAC 2001, pp. 309ā318 (2001)
Bonatti, P.A., et al.: A modular approach to composing access control policies. In: CCS 2000, pp. 164ā173. ACM Press, New York (2000)
Bonatti, P.A., et al.: An algebra for composing access control policies. ACM Trans. on Inf. and Syst. Sec.Ā 5(1), 1ā35 (2002)
di Vimercati, S.D.C., Samarati, P.: An authorization model for federated systems. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol.Ā 1146, pp. 99ā117. Springer, Heidelberg (1996)
Fu, Z., Wu, S.F., Huang, H., Loh, K., Gong, F., Baldine, I., Xu, C.: IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol.Ā 1995, pp. 39ā56. Springer, Heidelberg (2001)
Gallier, J.H.: Logic for Comp. Science: Found. of Automatic Theorem Proving, Ch.Ā 2.5 and 10, pp. 448ā456, 483ā488. John Wiley & Sons, Chichester (1986), http://www.cis.upenn.edu/~jean/gbooks/logic.html
Gligor, V.D., et al.: On the Formal Definition of Separation-of-Duty Policies and their Composition. In: Proc. 19th IEEE Symp. on Sec. & Priv., pp. 172ā183 (1998)
Jajodia, S., et al.: Provisional authorization. In: Proc. of the E-commerce Sec. and Priv., pp. 133ā159. Kluwer Academic Publishers, Dordrecht (2001)
Jajodia, S., et al.: Flexible support for multiple access control policies. ACM Trans. on Database Syst.Ā 26(2), 214ā260 (2001)
Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: Privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol.Ā 2482, pp. 69ā84. Springer, Heidelberg (2003)
Åukasiewicz, J.: Philosophische Bemerkungen zu mehrwertigen Systemen des AussagenkalkĆ¼ls. C. R. Soc. Sc. VarsovieĀ 23, 51ā77 (1931)
Moffett, J.D., Sloman, M.S.: Policy hierarchies for distributed systems management. IEEE JSAC Special Issue on Network Manag.Ā 11(9), 1404ā1414 (1993)
Raub, D., Steinwandt, R.: An Algebra for Enterprise Privacy Policies Closed Under Composition and Conjunction (full version, 2006), http://www.crypto.ethz.ch/~raub/publications.html
Ribeiro, C.N., et al.: SPL: An access control language for security policies and complex constraints. In: NDSS 2001, pp. 89ā107. Internet Soc. (2001), http://www.gsd.inesc-id.pt/~avz/pubs/SPL.pdf
Schmitt, P.H.: Nichtklassische Logiken. Script, UniversitƤt Karlsruhe (2004), http://i12www.ira.uka.de/studium.htm
Simon, R.T., Zurko, M.E.: Separation of Duty in Role-based Environments. In: CSFW 1997, pp. 183ā194 (1997)
Wijesekera, D., Jajodia, S.: Policy algebras for access control: the propositional case. In: CCS 2001, pp. 38ā47. ACM Press, New York (2001)
Wijesekera, D., Jajodia, S.: A propositional policy algebra for access control. ACM Trans. on Inf. and Syst. Sec.Ā 6(2), 286ā325 (2003)
Semilattice. Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Semilattice
eXtensible Access Control Markup Language (XACML). OASIS Committee Specification 1.0 (December 2002), http://www.oasis-open.org/committees/xacml
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Raub, D., Steinwandt, R. (2006). An Algebra for Enterprise Privacy Policies Closed Under Composition and Conjunction. In: MĆ¼ller, G. (eds) Emerging Trends in Information and Communication Security. ETRICS 2006. Lecture Notes in Computer Science, vol 3995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11766155_10
Download citation
DOI: https://doi.org/10.1007/11766155_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34640-1
Online ISBN: 978-3-540-34642-5
eBook Packages: Computer ScienceComputer Science (R0)