IBM Zurich Research Lab © 2004 IBM Corporation PART 5 Enterprise Privacy Policies.

Slides:



Advertisements
Similar presentations
News in XACML 3.0 and application to the cloud Erik Rissanen, Axiomatics
Advertisements

Program Management Portal: Overview for the Client
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Design by Contract. Design by contract is the process of developing software based on the notion of contracts between objects, which are expressed as.
MODULE TWO Ethical and Legal Issues. Objectives: Particpants will: Understand privacy, confidentiality and ethics as they relate to being a volunteer.
Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Chapter 20 Additional Assurance Services: Other Information
Using XACML Policies to Express OAuth Scope Hal Lockhart Oracle June 27, 2013.
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 6 Advanced Data Modeling.
Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais.
McCarthy Tétrault McCarthy Tétrault LLP An Act respecting the protection of personal information in the private sector (Quebec): « Particularities of the.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Computers and Society Carnegie Mellon University Spring 2007 Cranor/Tongia 1 Regulating Online Speech / Privacy.
SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.
Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.
Object-Orientated Design Unit 3: Objects and Classes Jin Sa.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Introduction to SAP R/3.
Lecture Nine Database Planning, Design, and Administration
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.
NCA guide for businesses Selling via a website An overview of the key rules if you sell online to consumers.
July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.
An OWL based schema for personal data protection policies Giles Hogben Joint Research Centre, European Commission.
National Smartcard Project Work Package 8 – Security Issues Report.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
IS 466 ADVANCED TOPICS IN INFORMATION SYSTEMS LECTURER : NOUF ALMUJALLY 3 – 10 – 2011 College Of Computer Science and Information, Information Systems.
VERSION 7 What’s to Come?. Workflow – Lifecycle Definition  Ability to define custom Lifecycles NEW BEING WORKED IN REVIEW WAITING FOR APPROVAL APPROVED.
What is Enterprise Architecture?
Annual Workshop February 5th, A Formal Approach to Analyze Privacy in Electronic Services MSEC Koen Decroix [Koen Decroix – MSEC - KU Leuven]
Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004.
Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.
SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.
HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.
Thoughts on Model Validation for Engineering Design George A. Hazelrigg.
Legal localization of P3P as a requirement for its privacy enhancing effect 1 W3C Workshop on the long term Future of P3P and Enterprise Privacy Languages.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.
© 2002 IBM Corporation IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June © 2003 IBM Corporation Shortcomings.
Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-1 BUSINESS DRIVEN TECHNOLOGY Business Plug-In B2 Ethics.
Assurance service/engagement
Chapter 9 Logical Database Design : Mapping ER Model To Tables.
Health Delivery Services May 29, Eastern Massachusetts Healthcare Initiative Policy Work Group Session 2 May 29, 2009.
PLANNING YOUR APPROACH: THE MANAGEMENT COMPONENT OF CPS.
Ethical Concerns (Informed Consent) By MaryKate O’Connor.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)
Behavioral Framework Background & Terminology. Behavioral Framework: Introduction  Background..  What was the goal..
Copyright (c) 2006 IBM Corporation; made available under the EPL v1.0 Update Policy ~ Where we are in 3.2.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.
Introducing Novell ® Identity Manager 4 Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
Software Project Configuration Management
Microsoft 365 Get help with regulatory compliance
Chapter 20 Additional Assurance Services: Other Information
Database Management System (DBMS)
Chapter 20 Additional Assurance Services: Other Information
CHAPTER 4 PROPOSAL.
CHAPTER 4 PROPOSAL.
EPAL and Management of Privacy Obligations
General Data Protection regulation (GDPR)
On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprises IEEE Policy Workshop 2007 Marco Casassa Mont.
Making Privacy Possible: Research on Organizational Privacy Technology
OU BATTLECARD: Oracle Identity Management Training
Presentation transcript:

IBM Zurich Research Lab © 2004 IBM Corporation PART 5 Enterprise Privacy Policies

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Motivation Your personal data will be handled with care ???

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Consumers are concerned about privacy  $15B in e-commerce lost in 2001(27% of projected revenues for 2001)  50%+ extremely/very concerned about online privacy, 30% somewhat concerned  37% current online consumers would buy more if not worried about privacy  34% internet users who don't buy online would start if privacy concerns addressed  Only 6% think benefits of giving up personal information outweigh privacy concerns Source of survey data: Forrester 10/ and are taking action  78% say have refused to give information to a business because too personal or not really needed (42% in 1990)  80% rate privacy protection of consumer information as important in their selection of companies to patronize  Almost 50% believe they have personally been the victim of a consumer privacy invasion Source of survey data: PCG and Louis Harris poll

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Focus on Enterprise Privacy Technologies Privacy-enhancing Infrastructure Client Organization Privacy-enhancing Infrastructure  Client-side PETs to ƒ minimize data disclosed ƒ filter data received ƒ keep track of data ƒ control multiple identities ƒ...  Infrastructure PETs to ƒ hide relations ƒ unlinkable credentials ƒ Mixes ƒ... What happens to the data once disclosed? How to enable businesses to work with pseudonyms? How to authenticate and authorize, relative to a pseudonym?

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Life-Cycle of Personal Data Subject or Guardian or Authority 4. Anonymized use give consent update access withdraw consent 3. Depersonalized use anonymize release 2. Personalized use disclose utilize delete repersonalize depersonalize form = data + rules Law, regulations, privacy agreements, preferences, consent Data Subject notify Rules authorization, obligation request... 1a. Collection 1b. Control Data User

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Motivation  Enterprise privacy policies and their enforcement are a fundamental issue in practice: ► Reflect different legal regulations ► Used to capture promises made to customers ► More restrictive internal practices ► Incorporating customer preferences  Privacy policies may be authored, maintained, and audited in a distributed fashion  Important task is to provide tools for such management of enterprise privacy policies

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Motivation  Policy refinement ► Roughly, one policy refines another if using the first policy automatically also fulfills the second one. ► Refinement as the central notion for many situations in policy management, e.g., checking whether an enterprise policy adheres to legal regulations  Policy composition ► Notion of constructively combining two policies ► Several notions exist for different purposes:  Mandatory sub-policies

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Outline 1.The Platform for Enterprise Privacy Policies (E-P3P) 2.A Toolkit for Managing E-P3P Enterprise Privacy Policies 3.Summary

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation E-P3P/EPAL  Vocabulary defines scope: ► Data, users, and purposes as hierarchies ► Operations, obligations as lists  Rules authorize access: A [user] should be [allowed or denied] the ability to perform [action] on [data] for [purpose] under [condition] yielding an [obligation]. Example: " can be used for the book-of-the-month club if consent has been given and age is more than 13":  default ruling: allow, deny, don’t care

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation EPAL policy - a list of rules, sorted by priority ► Elements of a rule user u 1, u 2, … e.g., “borderless-books” action a 1, a 2, … e.g., “read” for purpose p 1, p 2, … e.g., “book-of-the-month-club” on data d 1, d 2, … e.g., “ ” under condition c 1, c 2, … e.g., “age >= 18“ yielding decision r 1, r 2, … e.g., “allow” and an obligation o 1, o 2, … e.g., “write audit”

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation  Policy maps any well-defined authorization request (user, action, purpose, data, variable assignment) to decision  {allow, deny, don’t care} + obligations  Completion of rule set through inheritance ► allow inherits down along hierarchies, deny inherits up and down  Check rules in given order for applicability ► rule covers request directly / by inheritance ► condition/s are satisfied (More sophisticated issue: Incomplete variable assignments: If a deny-rule could still apply, then we let it apply If an allow-rule may not apply, then we let it not apply )  Decision ► First applicable deny/allow-rule decides + take rule’s obligation/s ► If there is none then take default ruling Semantics of EPAL: Authorization

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Outline 1.The Platform for Enterprise Privacy Policies (E-P3P) 2.A Toolkit for Managing E-P3P Enterprise Privacy Policies 3.Summary

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Summary of Tools in the Toolbox  Policy refinement for comparing policies ► A policy refines another if using the first policy automatically also satisfies the second one. ► Central notion in policy management: compliance with legal regulations  The main tool is policy composition ► Notion of constructively combining two policies ► For different purposes, several notions exist AND, OR, Ordered Composition ► Operators collected in an algebraic structure together with results about the relationship between composition and refinement  Mandatory sub-policies P 1 < P 2 P 1 & P 2 P 1 + P 2  < P 1 P 2 M1D1 P 1  P 2

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Policy Refinement Refinement intuitively means to add details to an existing policy while preserving the original privacy statements: ► Ruling: Whenever the original policy allows (denies) a request, the refined policy also allows (denies) the request. ► Obligation: Fulfillment of the refined obligations implies fulfillment of the original obligations for every request.  (u, a, d, p, ass) (r 1, o 1 )(r 2, o 2 ) P1P1 P2P2 < r 1 refines r 2 and o 1 refines o 2

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Policy Refinement  What does it mean that r 1 refines r 2 (r 1 < r 2 ) ? ► If r 2  {deny, allow} then r 1 = r 2 (weak form also: r 2 = allow and r 1 = deny) ► If r 2 = out-of-scope then r 1 can be arbitrary ► If r 2 = don’t care then r 1  {deny, allow, don’t care}  Meaning of “o 1 refines o 2 ” slightly more complicated  Simply using o 1 => o 2 not suited, e.g., P 1 : o 1 = “delete now”, o = “delete in a day” with o 1 => o P 2 : o = “delete in a day”, o 2 = “delete in a week” with o => o 2 Now “o 1 refines o 2 ” if there exists o  O 1  O 2 such that o 1 => o => o 2 o1o1 o o2o2 P1P1 P2P2

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Algebra for Policy Composition and Refinement  Policy Composition: Notion of constructively combining two policies  Collection of composition operators that are shown to work together in intuitively meaningful ways ► Ordered Composition: Master / Slave composition: ► Logical composition: Build the conjunction or the disjunction of two policies ► Scoping Operation: Restrict a policy to sub-scope  Show suitable relations among these operators, e.g., distributivity, associativity, refinement relations etc.

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Ordered Composition  Master / Slave Composition  Achievable by precedence shift + some tedious details (dealing with out-of-scope errors, default rulings, etc.)  Advantage: Ordered composition always refines Master! P1P1 P2P2 High Precedence P2P2 P1P1  <

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Logical Composition (AND)  AND-Composition: Design a new policy that behaves as the conjunction  P 3 defined semantically as follows from the following equivalence class: If P 1  (r 1,o 1 ) and P 2  (r 2,o 2 ) then P 3  (r 1,o 1 ) AND (r 2,o 2 ) = (r 1 AND r 2, o 1  o 2 )  Very useful in practice (take all applicable legal regulations and combine them into one policy possible with customer preferences, existing sticky policies etc.)  Main Question: Does such a policy P 3 always exist? P1P1 P2P2 P3P3 & No!

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Excurse: Expressiveness of E-P3P  Let P be a policy, q a request, and  an assignment on the variables in P. Then we have 1.eval(P,q,  ) = (+,o)   q* < q: eval(P,q*,  ) = (+,o*) 2.eval(P,q,  ) = (-,o)   q* > q: eval(P,q*,  ) = (-,o*) 3.eval(P,q,  ) = (-,o)  (1 out of the following three cond. holds) 1. q is a leaf. 2.  q* < q: eval(P,q*,  ) = (+,o*) 3.  q* < q: eval(P,q*,  ) = (-,o*) with o = o* 4.eval(P,q,  ) = (don’t care,o)  o = 

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Well-founded E-P3P Policies  AND/OR-Composition not possible for all E-P3P policies!  Main inherent Problem: Rules of parent element might not be related to rules of the children  Possible solution: Consider only those policies in which rules of parent elements are determined by rules of their children  well-founded policies  For well-founded policies, AND/OR – composition is well-defined

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Basic Algebraic Results (well-founded EPAL)  Idempotency: P 1 & P 1  P 1 P 1 + P 1  P 1  Commutativity: P 1 & P 2  P 2 & P 1 P 1 + P 2  P 2 + P 1  Associativity: (P 1 & P 2 ) & P 3  P 1 & (P 2 & P 3 ) (P 1 + P 2 ) + P 3  P 1 + (P 2 + P 3 )  Distributivity: P 1 + (P 2 & P 3 )  (P 1 + P 3 ) & (P 1 + P 3 ) P 1 & (P 2 + P 3 )  (P 1 & P 2 ) + (P 1 & P 3 )  Strong Absorption: P 1 + (P 1 & P 2 ) < P 1 but not P 1 & (P 1 + P 2 ) < P 1 Legend: = Ordered composition ”+” = OR “&” = AND “  ” = equivalence “<“ = refinement  <

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Advanced Algebraic Results (well-founded EPAL)  Multiplicative Refinement (conjunction is stricter than both policies): ► P 1 & P 2 < P 1 ► P 1 & P 2 < P 2  Additive Refinement (each policy is at least as strict as the disjunction): ► P 1 P 1 + P 2 ► P 2 P 1 + P 2  Master / Slave Refinement: ► P 1 P 2 < P 1  Operator Refinement: ► P 1 & P 2 P 1 P 2 P 1 + P 2  <  < Legend: = Ordered composition ”+” = OR “&” = AND “  ” = equivalence “<“ = refinement “<“ = weak refinement  <    <  <  <  < 

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation Outline 1.The Platform for Enterprise Privacy Policies (E-P3P) 2.A Toolkit for Managing E-P3P Enterprise Privacy Policies 3.Summary

IBM Zurich Research Lab A Toolkit for Managing Enterprise Privacy Policies © 2004 IBM Corporation  Toolkit for maintaining, authoring, and auditing enterprise privacy languages  Mainly driven by real-life demands on privacy policies, we have introduced the following: ► The notion of refinement between privacy policies as the central notion of almost any operation on privacy policies ► Different notions of privacy policy composition ► Algebraic structure and results on composition and refinement operators ► Two-layered policies to specifically deal with enterprise internal policy management ► Treatment of incomplete data in privacy policy evaluation ► Explicit representation of conditions languages (context information)  All these cases together allow for capturing a variety of real-life use cases, i.e., safely changing companies promises with respect to customer requirements while abiding by the law Summary

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.