Skip to main content
SpringerLink
Log in

A Formal Privacy Management Framework

  • Conference paper
Formal Aspects in Security and Trust (FAST 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5491))

Included in the following conference series:

Abstract

Privacy is a complex issue which cannot be handled by exclusively technical means. The work described in this paper results from a multidisciplinary project involving lawyers and computer scientists with the double goal to (1) reconsider the fundamental values motivating privacy protection and (2) study the conditions for a better protection of these values by a combination of legal and technical means. One of these conditions is to provide to the individuals effective ways to convey their consent to the disclosure of their personal data. This paper focuses on the formal framework proposed in the project to deliver this consent through software agents.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (EPAL). Technical Report 3485, IBM (2003)

    Google Scholar 

  2. Backes, M., Durmuth, M., Karjoth, G.: Unification in privacy policy evaluation - translating EPAL into Prolog. In: Fifth IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY 2004) (2004)

    Google Scholar 

  3. Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 162–180. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  4. Bibas, S.A.: A contractual approach to data privacy. Harvard Journal of Law and Public Policy, 17 (1994)

    Google Scholar 

  5. Breaux, T.D., Anton, A.I.: Analysing goal semantics for rights, permissions, and obligations. In: Sixth IEEE Int. Conference on Requirements Engineering (RE 2005) (2005)

    Google Scholar 

  6. Breaux, T.D., Anton, A.I.: Deriving semantics models from privacy principles. In: Sixth IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY 2005) (2005)

    Google Scholar 

  7. Breaux, T.D., Anton, A.I.: Mining rule semantics to understand legislative compliance. In: ACM Workshop on Privacy in the Electronic Society (WPES 2005) (2005)

    Google Scholar 

  8. Brodie, C.A., Karat, C.-M., Karat, J.: An empirical study of natural language parsing of privacy policy rules using the Sparcle policy workbench. In: Symposium On Usable Privacy and Security (SOUPS) (2006)

    Google Scholar 

  9. Cederquist, J.G., Corin, R., Dekker, M., Etalle, S., den Hartog, J.: An audit logic for accountability. In: Sixth IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY 2005) (2005)

    Google Scholar 

  10. Dehiyat, E.: Intelligent agents and intentionality: should we begin to think outside the box? Computer Law and Security Report 22(1), 472–482 (2006)

    Google Scholar 

  11. Etalle, S., Winsborough, W.: A posteriori compliance control. In: ACM Symposium on Access Control Models And Technologies (SACMAT 2007) (2007)

    Google Scholar 

  12. Finocchiaro, G.: Electronic contracts and software agents. Computer Law and Security Report 19(1), 20–24 (2003)

    Article  Google Scholar 

  13. Gunter, C., May, M.J., Stubblebine, S.: A formal privacy system and its application to location based services. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 256–282. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  14. Health Resources and Services Administration. Health Insurance Portability and Accountability Act. Public Law, 104–191 (1996)

    Google Scholar 

  15. Hildebrandt, M.: Profiling: from data to knowledge. DuD: Datenschutz und Datensicherheit 30(9), 548–552 (2006)

    Article  Google Scholar 

  16. Hilty, M., Pretschner, A., Basin, D., Schaefer, C., Walter, T.: A policy language for distributed usage control. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 531–546. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  17. Karat, J., Karat, C.-M., Brodie, C.A., Feng, J.: Privacy in information technology: designing to enable privacy policy management in organizations. Int. Journal on Human-Computer Studies 63 (2005)

    Google Scholar 

  18. Karjoth, G., Schunter, M., Van Herreweghen, E.: Translating privacy practices into privacy promises - How to promise what you can keep. In: Fourth IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY 2003) (2003)

    Google Scholar 

  19. Kerrigan, S., Law, K.H.: Logic-based regulation compliance-assistance. In: ICAIL 2003 (2003)

    Google Scholar 

  20. Langheinrich, M.: A privacy awareness system for ubiquitous computing environments. In: Borriello, G., Holmquist, L.E. (eds.) UbiComp 2002. LNCS, vol. 2498, pp. 237–245. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  21. Langheinrich, M.: Personal privacy in ubiquitous computing. Tools and system support. Dissertation Document ETH 16100 (2005)

    Google Scholar 

  22. Le Métayer, D., Monteleone, S.: Computer assisted consent for personal data processing. In: 3D LSPI Conference on Legal, Security and Privacy Issues in IT (2008)

    Google Scholar 

  23. Li, N., Yu, T., Anton, A.: A semantics-based approach to privacy languages. Technical Report 2003-28, CERIAS (2003)

    Google Scholar 

  24. May, M.J., Gunter, C., Lee, I.: Privacy APIs: Access control techniques to analyze and verify legal privacy policies. In: Computer Security Foundations Workshop (CSFW) (2006)

    Google Scholar 

  25. Park, J., Sandhu, R.: The UC ON ABC usage control model. ACM Transactions on Information and System Security (2004)

    Google Scholar 

  26. Powers, C., Adler, S., Wishart, B.: EPAL translation of the freedom of information and protection of privacy act. Technical Report Version 1.1, Tivoli Software, IBM (2004)

    Google Scholar 

  27. Rouvroy, A.: Privacy, data protection, and the unprecedented challenges of ambient intelligence. Social Science Research Network (2007)

    Google Scholar 

  28. The European Parliament and the Council of the European Union. UE directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities (1995)

    Google Scholar 

  29. Veldhuisen, A., Kohras, M., et al.: Analysis of privacy principles: Making privacy operational. Technical Report Version 2.0, International Security Trust and Privacy Alliance (May 2007)

    Google Scholar 

  30. W3C. Platform for privacy preferences (P3P). W3C recommendation. Technical report, W3C (2002), http://www.w3.org

  31. Warren, S., Brandeis, L.: The right to privacy. Harvard Law Review, 193–220 (1890)

    Google Scholar 

  32. Yu, T., Li, N., Anton, A.I.: A formal semantics for P3P. In: ACM Workshop on Secure Web Services (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Inria Grenoble Rhône-Alpes, 655 venue de l’Europe, Montbonnot, France

    Daniel Le Métayer

Authors
  1. Daniel Le Métayer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università di Pisa, Largo Bruno, Pontecorvo, 3, 56127, Pisa, Italy

    Pierpaolo Degano

  2. The MITRE Corporation, 202 Burlington Rd, MS S128, MA 01730, Bedford, USA

    Joshua Guttman

  3. Istituto di Informatica e Telematica - IIT Consiglio Nazionale delle Ricerche, C.N.R., Pisa Research Area, Via. G. Moruzzi 1, 56125, Pisa, Italy

    Fabio Martinelli

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Le Métayer, D. (2009). A Formal Privacy Management Framework. In: Degano, P., Guttman, J., Martinelli, F. (eds) Formal Aspects in Security and Trust. FAST 2008. Lecture Notes in Computer Science, vol 5491. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01465-9_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01465-9_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01464-2

  • Online ISBN: 978-3-642-01465-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation