Conformance Verification of Privacy Policies
نویسنده
چکیده
Web applications are both the consumers and providers of information. To increase customer confidence, many websites choose to publish their privacy protection policies. However, policy conformance is often neglected. We propose a logic based framework for formally specifying and reasoning about the implementation of privacy protection by a web application. A first order extension of computational tree logic is used to specify a policy. A verification paradigm, built upon a static control/data flow analysis, is presented to verify if a policy is satisfied.
منابع مشابه
Policy-Based Service Registration and Discovery
The WS-Policy framework has been introduced to allow policy to be expressed and associated with Web Services thereby enabling organizations to manage the quality of their services. How the specified polices are kept consistent with the organization’s regulations, and how to match service and client policies requirements for effective service discovery, are issues yet to be addressed. In this pa...
متن کاملLimiting Data Exposure in Monitoring Multi-domain Policy Conformance
In hybridor multi-cloud systems, security information and event management systems often work with abstract level information provided by the service providers. Privacy and confidentiality requirements discourage sharing of the raw data. With access to only the partial information, detecting anomalies and policy violations becomes much more difficult in those environments. This paper proposes a...
متن کاملPrivacy Challenges in Patient-centric Health Information Systems
Patient Health Record (PHR) systems offer great promise but raise significant philosophical, cultural, legal, and technical challenges. In hopes of furthering debate on key issues, we explain some central questions about the role, purpose, and policies associated with these systems. We also propose a framework for addressing policy questions and candidate technology that we believe may sharpen ...
متن کاملVerifying Protocol Conformance for Logic-Based Communicating Agents
Communication plays a fundamental role in multi-agents systems. One of the main issues in the design of agent interaction protocols is the verification that a given protocol implementation is “conformant” w.r.t. the abstract specification of it. In this work we tackle those aspects of the conformance verification issue, that regard the dependence/independence of conformance from the agent priva...
متن کاملGeneral Methods for Access Control Policy Verification
Access control systems are among the most critical of computer security components. Faulty policies, misconfigurations, or flaws in software implementations can result in serious vulnerabilities. To formally and precisely capture the security properties that access control should adhere to, access control models are usually written, bridging the gap in abstraction between policies and mechanism...
متن کامل