Sciweavers

CSFW
2006
IEEE

Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies

14 years 5 months ago
Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies
There is a growing interest in establishing rules to regulate the privacy of citizens in the treatment of sensitive personal data such as medical and financial records. Such rules must be respected by software used in these sectors. The regulatory statements are somewhat informal and must be interpreted carefully in the software interface to private data. This paper describes techniques to formalize regulatory privacy rules and how to exploit this formalization to analyze the rules automatically. Our formalism, which we call privacy APIs, is an extension of access control matrix operations to include (1) operations for notification and logging and (2) constructs that ease the mapping between legal and formal language. We validate the expressive power of privacy APIs by encoding the 2000 and 2003 HIPAA consent rules in our system. This formalization is then encoded into Promela and we validate the usefulness of the formalism by using the SPIN model checker to verify properties that d...
Michael J. May, Carl A. Gunter, Insup Lee
Added 10 Jun 2010
Updated 10 Jun 2010
Type Conference
Year 2006
Where CSFW
Authors Michael J. May, Carl A. Gunter, Insup Lee
Comments (0)