Detecting and resolving redundancies in EP3P policies


Autoria(s): Salim, Farzad
Data(s)

01/03/2006

Resumo

Current regulatory requirements on data privacy make it increasingly important for enterprises to be able to verify and audit their compliance with their privacy policies. Traditionally, a privacy policy is written in a natural language. Such policies inherit the potential ambiguity, inconsistency and mis-interpretation of natural text. Hence, formal languages are emerging to allow a precise specification of enforceable privacy policies that can be verified. The EP3P language is one such formal language. An EP3P privacy policy of an enterprise consists of many rules. Given the semantics of the language, there may exist some rules in the ruleset which can never be used, these rules are referred to as redundant rules. Redundancies adversely affect privacy policies in several ways. Firstly, redundant rules reduce the efficiency of operations on privacy policies. Secondly, they may misdirect the policy auditor when determining the outcome of a policy. Therefore, in order to address these deficiencies it is important to identify and resolve redundancies. This thesis introduces the concept of minimal privacy policy - a policy that is free of redundancy. The essential component for maintaining the minimality of privacy policies is to determine the effects of the rules on each other. Hence, redundancy detection and resolution frameworks are proposed. Pair-wise redundancy detection is the central concept in these frameworks and it suggests a pair-wise comparison of the rules in order to detect redundancies. In addition, the thesis introduces a policy management tool that assists policy auditors in performing several operations on an EP3P privacy policy while maintaining its minimality. Formal results comparing alternative notions of redundancy, and how this would affect the tool, are also presented.

Formato

application/pdf

Identificador

http://eprints.qut.edu.au/28175/

Publicador

Faculty of Computer Science and Software Engineering, University of Wollongong

Relação

http://eprints.qut.edu.au/28175/1/c28175.pdf

Salim, Farzad (2006) Detecting and resolving redundancies in EP3P policies. Masters by Research thesis, Faculty of Computer Science and Software Engineering, University of Wollongong.

Direitos

Copyright 2006 Farzad Salim. All Rights Reserved

Fonte

Faculty of Science and Technology; Information Security Institute; School of Information Systems

Palavras-Chave #080308 Programming Languages #080303 Computer System Security #Privacy Enhencing Technologies #Formal Privacy Policy Language #Access Control #EPAL, EP3P #Redundancy detection
Tipo

Thesis