Skip to main content
SpringerLink
Log in
Book cover

FTRA International Conference on Secure and Trust Computing, Data Management, and Application

STA 2011: Secure and Trust Computing, Data Management, and Applications pp 166–173Cite as

Towards Natural-Language Understanding and Automated Enforcement of Privacy Rules and Regulations in the Cloud: Survey and Bibliography

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 187))

Abstract

In this paper we survey existing work on automatically processing legal, regulatory and other policy texts for the extraction and representation of privacy knowledge and rules. Our objective is to link and apply some of these techniques to policy enforcement and compliance, to provide a core means of achieving and maintaining customer privacy in an enterprise context, particularly where data is stored and processed in cloud data centres. We sketch our thoughts on how this might be done given the many different, but so far strictly distinct from one another, approaches to natural-language analysis of legal and other prescriptive texts, approaches to knowledge extraction, semantic representation, and automated enforcement of privacy rules.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Moulin, B., Rousseau, D.: Automated Knowledge Acquisition from Regulatory Texts. IEEE Expert 7(5), 27–35 (2002)

    Article  Google Scholar 

  2. Bret Michael, J., Ong, V., Rowe, N.C.: Natural-Language Processing Support for Developing Policy-Governed Software Systems. In: Proceedings of 39th International Conference and Exhibition on Technology of Object-Oriented Languages and Systems (TOOLS 39), pp. 263–274 (2001)

    Google Scholar 

  3. Antón, A.I., Earp, J.B., He, Q., Stufflebeam, W., Bolchini, D., Jensen, C.: Financial Privacy Policies and the Need for Standardization. IEEE Security and Privacy 2(2), 36–45 (2004)

    Article  Google Scholar 

  4. Krasnow Waterman, K.: Pre-processing Legal Text: Policy Parsing and Isomorphic Intermediate Representation. In: Proceedings of PRIVACY 2010 - Intelligent Information Privacy Management AAAI Spring Symposium. Stanford Center for Computers and Law, Palo Alto (2010)

    Google Scholar 

  5. Breaux, T.D., Antón, A.I.: Deriving Semantic Models from Privacy Policies. In: Proceedings of the Sixth International Workshop on Policies for Distributed Systems and Networks, POLICY 2005 (2005)

    Google Scholar 

  6. Kiyavitskaya, N., Zeni, N., Breaux, T.D., Antón, A.I., Cordy, J.R., Mich, L., Mylopoulos, J.: Extracting Rights and Obligations from Regulations: Toward a Tool-Supported Process. In: Proceedings of ASE 2007 (2007)

    Google Scholar 

  7. Breaux, T.D., Vail, M.W., Antón, A.I.: Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations. In: Proceedings of 14th IEEE International Requirements Engineering Conference, RE 2006 (2006)

    Google Scholar 

  8. Breaux, T.D., Antón, A.I.: Analyzing Regulatory Rules for Privacy and Security Requirements. IEEE Transactions on Software Engineering 34(1), 5–20 (2008)

    Article  Google Scholar 

  9. Delannoy, J.F., Feng, C., Matwin, S., Szpakowicz, S.: Knowledge Extraction from Text: Machine Learning for Text-to-rule Translation. In: Brazdil, P.B. (ed.) ECML 1993. LNCS, vol. 667. Springer, Heidelberg (1993)

    Google Scholar 

  10. Delisle, S., Barker, K., Delannoy, J., Matwin, S., Szpakowicz, S.: From Text to Horn Clauses: Combining Linguistic Analysis and Machine Learning. In: Proceedings of Canadian AI Conference, AI/GI/CV 1994 (1994)

    Google Scholar 

  11. Stamey, J.W., Rossi, R.A.: Automatically Identifying Relations in Privacy Policies. In: Proceedings of SIGDOC 2009 (2009)

    Google Scholar 

  12. Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and Contextual Integrity: Framework and Applications. In: Proceedings of IEEE Symposium on Security and Privacy (2006)

    Google Scholar 

  13. May, M.J., Gunter, C.A., Lee, I.: Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies. In: Proceedings of Computer Security Foundations Workshop, CSFW 2006 (2006)

    Google Scholar 

  14. Brodie, C.A., Karat, C., Karat, J.: An Empirical Study of Natural Language Parsing of Privacy Policy Rules Using the SPARCLE Policy Workbench. In: Proceedings of Symposium on Usable Privacy and Security, SOUPS (2006)

    Google Scholar 

  15. Ong, V.L.: An Architecture and Prototype System for Automatically Processing Natural-Language Statements of Policy. Master’s thesis, Naval Postgraduate School, Monterey, California (2001)

    Google Scholar 

  16. Davies, J., Grobelnik, M., Mladenic, D. (eds.): Semantic Knowledge Management. Springer, Heidelberg (2009)

    MATH  Google Scholar 

  17. Breuker, J., Casanovas, P., Klein, M.C.A., Francesconi, E. (eds.): Law, Ontologies and the Semantic Web. IOS Press, Amsterdam (2009)

    Google Scholar 

  18. Casanovas, P., Sartor, G., Casellas, N., Rubino, R. (eds.): Computable Models of the Law. Springer, Heidelberg (2008)

    MATH  Google Scholar 

  19. Benjamins, V.R., Casanovas, P., Breuker, J., Gangemi, A. (eds.): Law and the Semantic Web. Springer, Heidelberg (2005)

    Google Scholar 

  20. Bourcier, D.: Legal Knowledge and Information Systems. IOS Press, Amsterdam (2003)

    Google Scholar 

  21. Mont, M.C., Pearson, S., Creese, S., Goldsmith, M., Papanikolaou, N.: A Conceptual Model for Privacy Policies with Consent and Revocation Requirements. In: Proceedings of PrimeLife/IFIP Summer School 2010: Privacy and Identity Management for Life. LNCS. Springer, Heidelberg (2010)

    Google Scholar 

  22. Pearson, S., Rao, P., Sander, T., Parry, A., Paull, A., Patruni, S., Dandamudi-Ratnakar, V., Sharma, P.: Scalable, accountable privacy management for large organizations. In: Proceedings of 13th Enterprise Distributed Object Computing Conference Workshop (EDOCW 2009), pp. 168–175 (2009)

    Google Scholar 

  23. SPIN, http://www.spinroot.org

  24. IBM REALM Project, http://www.zurich.ibm.com/security/publications/2006/REALM-atIRIS2006-20060217.pdf

  25. Chen, K., Wang, D.: An aspect-oriented approach to privacy-aware access control. In: Proceedings of the Sixth International Conference on Machine Learning and Cybernetics, Hong Kong, August 19-22 (2007)

    Google Scholar 

  26. Berghe, C.V., Schunter, M.: Privacy Injector - Automated Privacy Enforcement through Aspects. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 99–117. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  27. Peleg, M., Beimel, D., Dori, D., Denekamp, Y.: Situation-Based Access Control: privacy management via modeling of patient data access scenarios. Journal of Biomedical Informatics (to appear)

    Google Scholar 

  28. Bussard, L., Becker, M.Y.: Can Access Control be Extended to Deal with Data Handling in Privacy Scenarios?. In: Proceedings of W3C Workshop on Access Control Application Scenarios (2009)

    Google Scholar 

  29. Becker, M.Y., Sewell, P.: Cassandra: Distributed Access Control Policies with Tunable Expressiveness. In: Proceedings of 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), Yorktown Heights, NY, USA, June 7-9, pp. 159–168. IEEE Computer Society, Los Alamitos (2004)

    Google Scholar 

  30. Mowbray, M., Pearson, S., Shen, Y.: Enhancing privacy in cloud computing via policy-based obfuscation. Journal of Supercomputing, doi:10.1007/s11227-010-0425-z

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cloud and Security Lab, Hewlett-Packard Laboratories, USA

    Nick Papanikolaou, Siani Pearson & Marco Casassa Mont

Authors
  1. Nick Papanikolaou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Siani Pearson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marco Casassa Mont
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Engineering, Hanshin University, 815-802 Byukjeok Hanshin A., Youngtong 2-dong, Soowon, Korea

    Changhoon Lee

  2. University of Geneva, CUI, 24 Rue du Général Dufour, Geneva 4, Switzerland

    Jean-Marc Seigneur

  3. Department of Computer Science and Engineering, Seoul National University of Science and Technology, 172 Gongreung 2-dong, Nowon-gu, 139-742, Seoul, Korea

    James J. Park

  4. Institute of FAW, University of Linz, Altenbergerstrasse 69, 4040, Linz, Austria

    Roland R. Wagner

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Papanikolaou, N., Pearson, S., Mont, M.C. (2011). Towards Natural-Language Understanding and Automated Enforcement of Privacy Rules and Regulations in the Cloud: Survey and Bibliography. In: Lee, C., Seigneur, JM., Park, J.J., Wagner, R.R. (eds) Secure and Trust Computing, Data Management, and Applications. STA 2011. Communications in Computer and Information Science, vol 187. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22365-5_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22365-5_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22364-8

  • Online ISBN: 978-3-642-22365-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation