Language-Based Enforcement of Privacy Policies
نویسندگان
چکیده
We develop a language-based approach for modeling and verifying aspects of privacy policies. Our approach relies on information-flow control. Concretely, we use the programming language Jif, an extension of Java with information-flow types. We address basic leaks of private information and also consider other aspects of privacy policies supported by the Platform for Privacy Preferences (P3P) and related systems, namely the notion of purpose and the retention of data.
منابع مشابه
Automatic policy enforcement on semantic social data
Web-based data collection of non-reactive data is becoming increasingly important for many social science fields. Being able to introduce and automatically enforce policies that regulate the collection and the use of those data is crucial for taking into account the privacy and confidentiality wishes of data providers. Those policies are currently expressed in natural language or in a language ...
متن کاملPrivacy Enforcement with an Extended Role-Based Access Control Model
Privacy enforcement has been one of the most important challenges in IT area. Current privacy practices within companies and organizations, e.g. enabling a P3P compliant policy, incorporating a privacy seal program, etc., cannot truly protect consumer privacy. Privacy protection can only be achieved by enforcing privacy policies within an organization’s online and offline data processing system...
متن کاملAn Algebra for Composing Enterprise Privacy Policies
Enterprise privacy enforcement allows enterprises to internally enforce a privacy policy that the enterprise has decided to comply to. To facilitate the compliance with different privacy policies when several parts of an organization or different enterprises cooperate, it is crucial to have tools at hand that allow for a practical management of varying privacy requirements. We propose an algebr...
متن کاملEnforcement of a P3P Privacy Policy
P3P is a machine readable XML language used by enterprises to express their privacy policy on a web site. The language is well supported with a number of tools now available for creating P3P policies, browsers beginning to support P3P function, and numerous web sites including P3P policy files on them. P3P is useful for declaring privacy promises but there is little experience in enforcing P3P ...
متن کاملOn Using Encryption Techniques to Enhance Sticky Policies Enforcement
How to enforce privacy policies to protect sensitive personal data has become an urgent research topic for security researchers, as very little has been done in this field apart from some ad hoc research efforts. The sticky policy paradigm, proposed by Karjoth, Schunter, and Waidner, provides very useful inspiration on how we can protect sensitive personal data, but the enforcement is very weak...
متن کامل