Super-sticky and declassifiable release policies for flexible information dissemination control

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2006, Pages 51-57

  Bandhakavi, Sruthi ^a   Zhang, Charles C ^a   Winslett, Marianne ^a  

^a UNIVERSITY OF ILLINOIS AT URBANA CHAMPAIGN   (United States)

Author keywords

declassification; privacy; release policies; sticky policies

Indexed keywords

DECLASSIFICATION; DISSEMINATION CONTROLS; MULTIMEDIA CONTENTS; OPEN SOURCE SOFTWARE; SECURITY AND PRIVACY; SENSITIVE INFORMATIONS; STICKY POLICIES; TRANSFER OF INFORMATION;

COMPUTER PRIVACY; DATA PRIVACY; INFORMATION USE; SOFTWARE ENGINEERING;

INFORMATION DISSEMINATION;

EID: 78349238034     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1179601.1179609     Document Type: Conference Paper

References (17)

1. A. I. Antón, J. B. Earp, Q. He, W. H. Stufflebeam, D. Bolchini, and C. Jensen. Financial privacy policies and the need for standardization. IEEE Security & Privacy, 2(2):36-45, 2004.
2. P. Ashley, S. Hada, G. Karjoth, and C. P. M. Schunter. Enterprise privacy authorization language. Technical Report RZ 3485 (93951), IBM Tivoli Software, Tivoli, 2003.
3. E. Bertino, S. D. C. di Vimercati, E. Ferrari, and P. Samarati. Exception-based information flow control in object-oriented systems. ACM Trans. Inf. Syst. Secur., 1(1):26-65, 1998.
4. Enterprise Privacy Markup Language. Available from http://www.synomos. com/html/EPML/documents/EPML-1-0-Specification.pdf, February, 2002.
5. eXtensible Access Control Markup Language. Available from http://docs.oasis-open.org/xacml/2.0/access-control-xacml-2.0-core-spec-os.pdf, Feb 2005.
6. eXtensible Rights Markup Language. Available from http://www.xrml.org.
7. th National Computer Security Conference, pages 296-303, 1989.
8. G. Karjoth, M. Schunter, and M. Waidner. Platform for enterprise privacy practices: Privacy-enabled management of customer data. In Privacy Enhancing Technologies, pages 69-84, 2002.
9. M. C. Mont, S. Pearson, and P. Bramhall. Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In DEXA Workshops, pages 377-382, 2003.
10. A. Myers. Jflow: Practical mostly-static information flow control. In ACM Symposium of Principles of Programming Languages(POPL), pages 228-241, 1999.
11. A. Myers and B. Liskov. A decentralized model for information flow control. In ACM Symposium on Operating Systems Principles, pages 129-142, October 1997.
12. Platform for Privacy Preferences. Available from http://www.w3.org/P3P.
13. Privacy Rights Markup Language Specification. Available from http://www.synomos.com/html/EPML/documents/prml-spec.pdf, June 2001.
14. A. Sabelfeld and A. C. Myers. Language-based information-flow security. In IEEE J. Selected Areas in Communications, volume 21(1), pages 5-19, January 2003.
15. A. Sabelfeld and D. Sands. Dimensions and principles of declassification. In CSFW, pages 255-269, 2005.
16. M. Winslett, C. C. Zhang, and P. A. Bonatti. Peeraccess: a logic for distributed authorization. In ACM Conference on Computer and Communications Security, pages 168-179, 2005.
17. T. Yu, N. Li, and A. I. Antón. A formal semantics for p3p. In SWS '04: Proceedings of the 2004 workshop on Secure web service, pages 1-8, New York, NY, USA, 2004. ACM Press.