

Declarative privacy policy: finite models and attribute-based encryption

12 years 10 months ago
Declarative privacy policy: finite models and attribute-based encryption
Regulations and policies regarding Electronic Health Information (EHI) are increasingly complex. Federal and State policy makers have called for both education to increase stakeholder understanding of complex policies and improved systems that impose policy restrictions on access and transmission of EHI. Building on prior work formalizing privacy laws as logic programs, we prove that for any privacy policy that conforms to patterns evident in HIPAA, there exists a finite representative hospital database that illustrates how the law applies in all possible hospitals. This representative illustrative example can support new education, new policy development, and new policy debugging tools. Addressing the need for secure transmission of usable EHI, we show how policy formalized as a logic program can also be used to automatically generate a form of access control policy used in Attribute-Based Encryption (ABE). This approach, testable using our representative hospital model, makes it po...
Peifung E. Lam, John C. Mitchell, Andre Scedrov, S
Added 24 Apr 2012
Updated 24 Apr 2012
Type Journal
Year 2012
Where IHI
Authors Peifung E. Lam, John C. Mitchell, Andre Scedrov, Sharada Sundaram, Frank Wang
Comments (0)