Sciweavers

POPL
2005
ACM

Enterprise privacy promises and enforcement

14 years 11 months ago
Enterprise privacy promises and enforcement
Several formal languages have been proposed to encode privacy policies, ranging from the Platform for Privacy Preferences (P3P), intended for communicating privacy policies to consumers over the web, to the Enterprise Privacy Authorization Language (EPAL), intended to enable policy enforcement within an enterprise. However, current technology does not allow an enterprise to determine whether its detailed, internal enforcement policy meets its published privacy promises. We present a data-centric, unified model for privacy, equipped with a modal logic for reasoning about permission inheritance across data hierarchies. We use this model to critique two privacy preference languages (APPEL and XPref), to justify P3P's policy summarization algorithm, and to connect privacy policy languages, such as P3P, with privacy policy enforcement languages, such as EPAL. Specifically, we characterize when one policy enforces another and provide an algorithm for generating the most specific privac...
Adam Barth, John C. Mitchell
Added 03 Dec 2009
Updated 03 Dec 2009
Type Conference
Year 2005
Where POPL
Authors Adam Barth, John C. Mitchell
Comments (0)