Detecting and resolving redundancies in EP3P policies

Current regulatory requirements on data privacy make it increasingly important for enterprises to be able to verify and audit their compliance with their privacy policies. Traditionally, a privacy policy is written in a natural language. Such policies inherit the potential ambiguity, inconsistency and mis-interpretation of natural text. Hence, formal languages are emerging to allow a precise specification of enforceable privacy policies that can be verified. The EP3P language is one such formal language. An EP3P privacy policy of an enterprise consists of many rules. Given the semantics of the language, there may exist some rules in the ruleset which can never be used, these rules are referred to as redundant rules. Redundancies adversely affect privacy policies in several ways. Firstly, redundant rules reduce the efficiency of operations on privacy policies. Secondly, they may misdirect the policy auditor when determining the outcome of a policy. Therefore, in order to address these deficiencies it is important to identify and resolve redundancies. This thesis introduces the concept of minimal privacy policy - a policy that is free of redundancy. The essential component for maintaining the minimality of privacy policies is to determine the effects of the rules on each other. Hence, redundancy detection and resolution frameworks are proposed. Pair-wise redundancy detection is the central concept in these frameworks and it suggests a pair-wise comparison of the rules in order to detect redundancies. In addition, the thesis introduces a policy management tool that assists policy auditors in performing several operations on an EP3P privacy policy while maintaining its minimality. Formal results comparing alternative notions of redundancy, and how this would affect the tool, are also presented.

BP-XACML: An authorisation policy language for business processes

XACML has become the defacto standard for enterprise- wide, policy-based access control. It is a structured, extensible language that can express and enforce complex access control policies. There have been several efforts to extend XACML to support specific authorisation models, such as the OASIS RBAC profile to support Role Based Access Control. A number of proposals for authorisation models that support business processes and workflow systems have also appeared in the literature. However, there is no published work describing an extension to allow XACML to be used as a policy language with these models. This paper analyses the specific requirements of a policy language to express and enforce business process authorisation policies. It then introduces BP-XACML, a new profile that extends the RBAC profile for XACML so it can support business process authorisation policies. In particular, BP-XACML supports the notion of tasks, and constraints at the level of a task instance, which are important requirements in enforcing business process authorisation policies.

Personal health data - Privacy policy harmonization and global enforcement

This workshop is jointly organized by EFMI Working Groups Security, Safety and Ethics and Personal Portable Devices in cooperation with IMIA Working Group "Security in Health Information Systems". In contemporary healthcare and personal health management the collection and use of personal health information takes place in different contexts and jurisdictions. Global use of health data is also expanding. The approach taken by different experts, health service providers, data subjects and secondary users in understanding privacy and the privacy expectations others may have is strongly context dependent. To make eHealth, global healthcare, mHealth and personal health management successful and to enable fair secondary use of personal health data, it is necessary to find a practical and functional balance between privacy expectations of stakeholder groups. The workshop will highlight these privacy concerns by presenting different cases and approaches. Workshop participants will analyse stakeholder privacy expectations that take place in different real-life contexts such as portable health devices and personal health records, and develop a mechanism to balance them in such a way that global protection of health data and its meaningful use is realized simultaneously. Based on the results of the workshop, initial requirements for a global healthcare information certification framework will be developed.

A tool for a formal pattern modeling language

This paper presents a formal but practical approach for defining and using design patterns. Initially we formalize the concepts commonly used in defining design patterns using Object-Z. We also formalize consistency constraints that must be satisfied when a pattern is deployed in a design model. Then we implement the pattern modeling language and its consistency constraints using an existing modeling framework, EMF, and incorporate the implementation as plug-ins to the Eclipse modeling environment. While the language is defined formally in terms of Object-Z definitions, the language is implemented in a practical environment. Using the plug-ins, users can develop precise pattern descriptions without knowing the underlying formalism, and can use the tool to check the validity of the pattern descriptions and pattern usage in design models. In this work, formalism brings precision to the pattern language definition and its implementation brings practicability to our pattern-based modeling approach.

A Provenance-Aware Policy Language (cProvl) and a Data Traceability Model (cProv) for the Cloud

Provenance plays a pivotal in tracing the origin of something and determining how and why something had occurred. With the emergence of the cloud and the benefits it encompasses, there has been a rapid proliferation of services being adopted by commercial and government sectors. However, trust and security concerns for such services are on an unprecedented scale. Currently, these services expose very little internal working to their customers; this can cause accountability and compliance issues especially in the event of a fault or error, customers and providers are left to point finger at each other. Provenance-based traceability provides a mean to address part of this problem by being able to capture and query events occurred in the past to understand how and why it took place. However, due to the complexity of the cloud infrastructure, the current provenance models lack the expressibility required to describe the inner-working of a cloud service. For a complete solution, a provenance-aware policy language is also required for operators and users to define policies for compliance purpose. The current policy standards do not cater for such requirement. To address these issues, in this paper we propose a provenance (traceability) model cProv, and a provenance-aware policy language (cProvl) to capture traceability data, and express policies for validating against the model. For implementation, we have extended the XACML3.0 architecture to support provenance, and provided a translator that converts cProvl policy and request into XACML type.

Enforcing P3P policies using a digital rights management system

The protection of privacy has gained considerable attention recently. In response to this, new privacy protection systems are being introduced. SITDRM is one such system that protects private data through the enforcement of licenses provided by consumers. Prior to supplying data, data owners are expected to construct a detailed license for the potential data users. A license specifies whom, under what conditions, may have what type of access to the protected data. The specification of a license by a data owner binds the enterprise data handling to the consumer’s privacy preferences. However, licenses are very detailed, may reveal the internal structure of the enterprise and need to be kept synchronous with the enterprise privacy policy. To deal with this, we employ the Platform for Privacy Preferences Language (P3P) to communicate enterprise privacy policies to consumers and enable them to easily construct data licenses. A P3P policy is more abstract than a license, allows data owners to specify the purposes for which data are being collected and directly reflects the privacy policy of an enterprise.

Towards defining semantic foundations for purpose-based privacy policies

We define a semantic model for purpose, based on which purpose-based privacy policies can be meaningfully expressed and enforced in a business system. The model is based on the intuition that the purpose of an action is determined by its situation among other inter-related actions. Actions and their relationships can be modeled in the form of an action graph which is based on the business processes in a system. Accordingly, a modal logic and the corresponding model checking algorithm are developed for formal expression of purpose-based policies and verifying whether a particular system complies with them. It is also shown through various examples, how various typical purpose-based policies as well as some new policy types can be expressed and checked using our model.

The AGILE policy expression language for autonomic systems

This paper presents the AGILE policy expression language. The language enables powerful expression of self-managing behaviours and facilitates policy-based autonomic computing in which the policies themselves can be adapted dynamically and automatically. The language is generic so as to be deployable across a wide spectrum of application domains, and is very flexible through the use of simple yet expressive syntax and semantics. The development of AGILE is motivated by the need for adaptive policy mechanisms that are easy to deploy into legacy code and can be used by non autonomics-expert practitioners to embed self-managing behaviours with low cost and risk. A library implementation of the policy language is described. The implementation extends the state of the art in policy-based autonomics through innovations which include support for multiple policy versions of a given policy type, multiple configuration templates, and higher-level ‘meta-policies’ to dynamically select between differently configured business-logic policy instances and templates. Two dissimilar example deployment scenarios are examined.

Tecnologias de informação e comunicação e o cidadão sénior : estudo sobre o impacto em variáveis psicossociais e a conceptualização de serviços com e para o cidadão sénior

Perante uma sociedade em célere envelhecimento demográfico e permanente avanço tecnológico, justifica-se a aposta em estudos que potenciem a ação comunicativa e a diminuição do isolamento social decorrente das perdas biopsicossociais associadas à idade sénior. Esta tese possui quatro objetivos de estudo: i) pretende-se investigar qual é o impacto da utilização das Tecnologias de Informação e Comunicação (TIC) no autoconceito (AC), no ânimo e na qualidade de vida (QV) de um grupo de seniores; ii) perceber se existe e qual a relação entre as variáveis independentes sexo, idade, estado civil, escolaridade, profissão, IPSS, regime de frequência, tempo na IPSS, orientação para frequentar a IPSS, visita de familiares e visita de amigos e as variáveis dependentes AC, ânimo, QV e respetivos fatores e domínios, nos momentos de pré e pós-teste; iii) perceber se a sua participação no processo de conceptualização de um serviço de comunicação assíncrona, email, influencia a sua usabilidade ao nível das componentes eficácia, eficiência e satisfação; iv) e sugerir a componente política da comunidade online sénior em desenvolvimento no âmbito do Projeto SEDUCE. Para o desenvolvimento do estudo estabeleceram-se parcerias com quatro Instituições Particulares de Segurança Social do concelho de Aveiro, integradas no âmbito do projeto SEDUCE. Os instrumentos utilizados para a avaliação do autoconceito, do ânimo e da qualidade de vida foram o Inventário Clínico de Auto-Conceito, a Escala de Ânimo do Centro Geriátrico de Philadelphia e a Escala de Qualidade de Vida da Organização Mundial de Saúde WHOQOL-Bref, respetivamente. No processo de conceptualização do serviço de email e da componente política da comunidade online utilizou-se a observação participativa e o contextual design. O estudo envolveu a participação de 42 seniores distribuídos por duas condições experimentais: 22 seniores do grupo experimental utilizaram as TIC duas vezes por semana (em sessões de 90 minutos cada, num total de 80 sessões) e 19 seniores do grupo de controlo passivo não experimentaram qualquer intervenção. Para a avaliação das variáveis psicossociais realizaram-se dois momentos de avaliação, antes e depois de 11 meses de intervenção, de Agosto de 2011 a Julho de 2012. Ao longo das sessões de envolvimento com as TIC observou-se que os seniores apresentam, continuamente, dificuldades em: manipular o rato e percecionar a sua ação no monitor; fazer a distinção entre teclas (enter, spacebar, delete, caps lock entre outras); em utilizar duplas teclas para colocar pontuação e acentuação; iniciar atividades no Microsoft Office Word; selecionar a informação disponibilizada em motores de pesquisa; perceber quais as zonas clicáveis; falta de confiança em efetivar ações; receio em iniciar nova atividades, pela falta de conhecimento e pelo medo de errar; memorizar endereços de email e passwords; e dar continuidade às tarefas. Na utilização do serviço de email consideram importante receber resposta quando enviam uma mensagem, assim como responder sempre aos remetentes; raramente colocam assunto nas mensagens; e expressam grande satisfação ao receber mensagens de familiares e/ou amigos. O processo de desenvolvimento de serviços com a participação ativa dos seniores revela-se exequível mas é necessário adaptar as práticas: os processos devem ser iterativos; evitar linguagem formal; clarificar o objetivo; deixar os seniores pensar em voz alta; dar-lhes tempo; mantê-los focados e não conduzi-los nas tarefas. Os resultados sugerem que houve aumento significativo do domínio físico da qualidade de vida do grupo experimental. Os participantes que exprimiram maiores níveis de satisfação ao utilizar as TIC apresentam uma perspetiva mais positiva sobre a maturidade psicológica e menos solidão e insatisfação. No grupo experimental e no grupo de controlo passivo verificam-se relações entre as variáveis independentes e as variáveis dependentes, quer no momento de pré-teste como de pós-teste. Conclui-se que a participação dos seniores no processo de conceptualização do serviço de email permitiu fomentar a componente eficácia da usabilidade mas não a satisfação ao utilizar o mesmo. Os resultados sobre a eficiência são inconclusivos. Sobre a componente política os seniores validam a existência de termos de utilização que orientem o comportamento de todos os utilizadores, assim como de uma política de privacidade. A área de registo proposta é adequada ao utilizador sénior.

Creative industries as a globally contestable policy field

The development of the creative industries “proposition” has caused a great deal of controversy. Even as it has been examined and adopted in several, quite diverse, jurisdictions as a policy language seeking to respond to both creative production and consumption in new economic conditions, it is subject to at times withering critique from within academic media, cultural and communication studies. It is held to promote a simplistic narrative of the merging of culture and economics and represents incoherent policy; the data sources are suspect and underdeveloped; there is a utopianization of “creative” labor; and a benign globalist narrative of the adoption of the idea. This article looks at some of these critiques of creative industries idea and argues against them.

Privacy-aware workflow management

Information security policies play an important role in achieving information security. Confidentiality, Integrity, and Availability are classic information security goals attained by enforcing appropriate security policies. Workflow Management Systems (WfMSs) also benefit from inclusion of these policies to maintain the security of business-critical data. However, in typical WfMSs these policies are designed to enforce the organisation’s security requirements but do not consider those of other stakeholders. Privacy is an important security requirement that concerns the subject of data held by an organisation. WfMSs often process sensitive data about individuals and institutions who demand that their data is properly protected, but WfMSs fail to recognise and enforce privacy policies. In this paper, we illustrate existing WfMS privacy weaknesses and introduce WfMS extensions required to enforce data privacy. We have implemented these extensions in the YAWL system and present a case scenario to demonstrate how it can enforce a subject’s privacy policy.

A policy model for access control using building information models

Building information models have created a paradigm shift in how buildings are built and managed by providing a dynamic repository for building data that is useful in many new operational scenarios. This change has also created an opportunity to use building information models as an integral part of security operations and especially as a tool to facilitate fine-grained access control to building spaces in smart buildings and critical infrastructure environments. In this paper, we identify the requirements for a security policy model for such an access control system and discuss why the existing policy models are not suitable for this application. We propose a new policy language extension to XACML, with BIM specific data types and functions based on the IFC specification, which we call BIM-XACML.

Authorisation management in business process environments: An authorisation model and a policy model

This thesis provides two main contributions. The first one is BP-TRBAC, a unified authorisation model that can support legacy systems as well as business process systems. BP-TRBAC supports specific features that are required by business process environments. BP-TRBAC is designed to be used as an independent enterprise-wide authorisation model, rather than having it as part of the workflow system. It is designed to be the main authorisation model for an organisation. The second contribution is BP-XACML, an authorisation policy language that is designed to represent BPM authorisation policies for business processes. The contribution also includes a policy model for BP-XACML. Using BP-TRBAC as an authorisation model together with BP-XACML as an authorisation policy language will allow an organisation to manage and control authorisation requests from workflow systems and other legacy systems.