Efficient comparison of enterprise privacy policies

Proceedings of the ACM Symposium on Applied Computing

Volumn 1, Issue , 2004, Pages 375-382

  Backes, Michael ^a   Karjoth, Günter ^a   Bagga, Walid ^b   Schunter, Matthias ^a  

^a IBM RESEARCH   (United States)

^b EURECOM   (France)

Author keywords

Algorithm; Policy Comparison; Privacy Policy; Security

Indexed keywords

ALGORITHMS; INFORMATION ANALYSIS; LAWS AND LEGISLATION; PERSONNEL; PUBLIC POLICY; SECURITY OF DATA; SOCIETIES AND INSTITUTIONS; STANDARDS; XML;

ENTERPRISE PRIVACY AUTHORIZATION LANGUAGE (EPAL); POLICY COMPARISON; PRIVACY POLICY; SECURITY;

COMPUTER PRIVACY;

EID: 2442516401     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/967900.967983     Document Type: Conference Paper

References (15)

1. P. Ashley, S. Hada, G. Karjoth, C. Powers, and M. Schunter. Enterprise Privacy Authorization Language (EPAL). Research Report RZ 3485, IBM Research, Mar. 2003.
2. P. Ashley, S. Hada, G. Karjoth, and M. Schunter. E-P3P privacy policies and privacy authorization. In Proc. 1st ACM Workshop on Privacy in the Electronic Society (WPES), pages 103-109, 2002.
3. M. Backes, B. Pfitzmann, and M. Schunter. A toolkit for managing enterprise privacy policies. In European Symposium on Research in Computer Security (ESORICS), Lecture Notes in Computer Science 2808, pages 101-119. Springer, 2003.
4. C. Bettini, S. Jajodia, X. S. Wang, and D. Wijesekerat. Obligation monitoring in policy management. In Proc. 3rd IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), pages 2-12, 2002.
5. P. A. Bonatti, E. Damiani, S. De Capitani di Vimercati, and P. Samarati. A component-based architecture for secure data publication. In Proc. 17th Annual Computer Security Applications Conference, pages 309-318, 2001.
6. A. Cavoukian and T. J. Hamilton. The Privacy Payoff: How successful businesses build customer trust. McGraw-Hill/Ryerson, 2002.
7. N. Damianou, N. Dulay, E. Lupo, and M. Sloman. The Ponder Policy Specification Language. In Policies for Distributed Systems and Networks (Policy 2001), Lecture Notes in Computer Science 1995, pg. 18-39. Springer, 2001.
8. S. Fischer-Hübner. IT-security and privacy: Design and use of privacy-enhancing security mechanisms, Lecture Notes in Computer Science 1958. Springer, 2002.
9. S. Jajodia, M. Kudo, and V. S. Subrahmanian. Provisional authorization. In Proc. E-commerce Security and Privacy, pages 133-159. Kluwer Academic Publishers, 2001.
10. G. Karjoth and M. Schunter. A privacy policy model for enterprises. In Proc. 15th IEEE Computer Security Foundations Workshop (CSFW), pages 271-281, 2002.
11. G. Karjoth, M. Schunter, and M. Waidner. The platform for enterprise privacy practices - privacy-enabled management of customer data. In Proc. Privacy Enhancing Technologies, Lecture Notes in Computer Science 2482, pages 69-84. Springer, 2002.
12. Platform for Privacy Preferences (P3P). W3C Recommendation, Apr. 2002. www.w3.org/TR/2002/REC-P3P-20020416/.
13. C. Ribeiro, A. Zuquete, P. Ferreira, and P. Guedes. SPL: An access control language for security policies with complex constraints. In Proc. Network and Distributed System Security Symposium (NDSS), pages 89-107, 2001.
14. TRUSTe. Privacy Certification. See www.truste.com.
15. eXtensible Access Control Markup Language (XACML). OASIS Committee Specification 1.0, Dec. 2002. www.oasis-open.org/committees/xacml.