Abstract
In this paper we survey existing work on automatically processing legal, regulatory and other policy texts for the extraction and representation of privacy knowledge and rules. Our objective is to link and apply some of these techniques to policy enforcement and compliance, to provide a core means of achieving and maintaining customer privacy in an enterprise context, particularly where data is stored and processed in cloud data centres. We sketch our thoughts on how this might be done given the many different, but so far strictly distinct from one another, approaches to natural-language analysis of legal and other prescriptive texts, approaches to knowledge extraction, semantic representation, and automated enforcement of privacy rules.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Moulin, B., Rousseau, D.: Automated Knowledge Acquisition from Regulatory Texts. IEEE Expert 7(5), 27–35 (2002)
Bret Michael, J., Ong, V., Rowe, N.C.: Natural-Language Processing Support for Developing Policy-Governed Software Systems. In: Proceedings of 39th International Conference and Exhibition on Technology of Object-Oriented Languages and Systems (TOOLS 39), pp. 263–274 (2001)
Antón, A.I., Earp, J.B., He, Q., Stufflebeam, W., Bolchini, D., Jensen, C.: Financial Privacy Policies and the Need for Standardization. IEEE Security and Privacy 2(2), 36–45 (2004)
Krasnow Waterman, K.: Pre-processing Legal Text: Policy Parsing and Isomorphic Intermediate Representation. In: Proceedings of PRIVACY 2010 - Intelligent Information Privacy Management AAAI Spring Symposium. Stanford Center for Computers and Law, Palo Alto (2010)
Breaux, T.D., Antón, A.I.: Deriving Semantic Models from Privacy Policies. In: Proceedings of the Sixth International Workshop on Policies for Distributed Systems and Networks, POLICY 2005 (2005)
Kiyavitskaya, N., Zeni, N., Breaux, T.D., Antón, A.I., Cordy, J.R., Mich, L., Mylopoulos, J.: Extracting Rights and Obligations from Regulations: Toward a Tool-Supported Process. In: Proceedings of ASE 2007 (2007)
Breaux, T.D., Vail, M.W., Antón, A.I.: Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations. In: Proceedings of 14th IEEE International Requirements Engineering Conference, RE 2006 (2006)
Breaux, T.D., Antón, A.I.: Analyzing Regulatory Rules for Privacy and Security Requirements. IEEE Transactions on Software Engineering 34(1), 5–20 (2008)
Delannoy, J.F., Feng, C., Matwin, S., Szpakowicz, S.: Knowledge Extraction from Text: Machine Learning for Text-to-rule Translation. In: Brazdil, P.B. (ed.) ECML 1993. LNCS, vol. 667. Springer, Heidelberg (1993)
Delisle, S., Barker, K., Delannoy, J., Matwin, S., Szpakowicz, S.: From Text to Horn Clauses: Combining Linguistic Analysis and Machine Learning. In: Proceedings of Canadian AI Conference, AI/GI/CV 1994 (1994)
Stamey, J.W., Rossi, R.A.: Automatically Identifying Relations in Privacy Policies. In: Proceedings of SIGDOC 2009 (2009)
Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and Contextual Integrity: Framework and Applications. In: Proceedings of IEEE Symposium on Security and Privacy (2006)
May, M.J., Gunter, C.A., Lee, I.: Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies. In: Proceedings of Computer Security Foundations Workshop, CSFW 2006 (2006)
Brodie, C.A., Karat, C., Karat, J.: An Empirical Study of Natural Language Parsing of Privacy Policy Rules Using the SPARCLE Policy Workbench. In: Proceedings of Symposium on Usable Privacy and Security, SOUPS (2006)
Ong, V.L.: An Architecture and Prototype System for Automatically Processing Natural-Language Statements of Policy. Master’s thesis, Naval Postgraduate School, Monterey, California (2001)
Davies, J., Grobelnik, M., Mladenic, D. (eds.): Semantic Knowledge Management. Springer, Heidelberg (2009)
Breuker, J., Casanovas, P., Klein, M.C.A., Francesconi, E. (eds.): Law, Ontologies and the Semantic Web. IOS Press, Amsterdam (2009)
Casanovas, P., Sartor, G., Casellas, N., Rubino, R. (eds.): Computable Models of the Law. Springer, Heidelberg (2008)
Benjamins, V.R., Casanovas, P., Breuker, J., Gangemi, A. (eds.): Law and the Semantic Web. Springer, Heidelberg (2005)
Bourcier, D.: Legal Knowledge and Information Systems. IOS Press, Amsterdam (2003)
Mont, M.C., Pearson, S., Creese, S., Goldsmith, M., Papanikolaou, N.: A Conceptual Model for Privacy Policies with Consent and Revocation Requirements. In: Proceedings of PrimeLife/IFIP Summer School 2010: Privacy and Identity Management for Life. LNCS. Springer, Heidelberg (2010)
Pearson, S., Rao, P., Sander, T., Parry, A., Paull, A., Patruni, S., Dandamudi-Ratnakar, V., Sharma, P.: Scalable, accountable privacy management for large organizations. In: Proceedings of 13th Enterprise Distributed Object Computing Conference Workshop (EDOCW 2009), pp. 168–175 (2009)
SPIN, http://www.spinroot.org
IBM REALM Project, http://www.zurich.ibm.com/security/publications/2006/REALM-atIRIS2006-20060217.pdf
Chen, K., Wang, D.: An aspect-oriented approach to privacy-aware access control. In: Proceedings of the Sixth International Conference on Machine Learning and Cybernetics, Hong Kong, August 19-22 (2007)
Berghe, C.V., Schunter, M.: Privacy Injector - Automated Privacy Enforcement through Aspects. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 99–117. Springer, Heidelberg (2006)
Peleg, M., Beimel, D., Dori, D., Denekamp, Y.: Situation-Based Access Control: privacy management via modeling of patient data access scenarios. Journal of Biomedical Informatics (to appear)
Bussard, L., Becker, M.Y.: Can Access Control be Extended to Deal with Data Handling in Privacy Scenarios?. In: Proceedings of W3C Workshop on Access Control Application Scenarios (2009)
Becker, M.Y., Sewell, P.: Cassandra: Distributed Access Control Policies with Tunable Expressiveness. In: Proceedings of 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), Yorktown Heights, NY, USA, June 7-9, pp. 159–168. IEEE Computer Society, Los Alamitos (2004)
Mowbray, M., Pearson, S., Shen, Y.: Enhancing privacy in cloud computing via policy-based obfuscation. Journal of Supercomputing, doi:10.1007/s11227-010-0425-z
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Papanikolaou, N., Pearson, S., Mont, M.C. (2011). Towards Natural-Language Understanding and Automated Enforcement of Privacy Rules and Regulations in the Cloud: Survey and Bibliography. In: Lee, C., Seigneur, JM., Park, J.J., Wagner, R.R. (eds) Secure and Trust Computing, Data Management, and Applications. STA 2011. Communications in Computer and Information Science, vol 187. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22365-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-22365-5_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22364-8
Online ISBN: 978-3-642-22365-5
eBook Packages: Computer ScienceComputer Science (R0)