t towards integrated policy d i t t d p li managem ent
play

T Towards Integrated Policy d I t t d P li Managem ent for - PowerPoint PPT Presentation

Feb 04, 2023 •18 likes •168 views

T Towards Integrated Policy d I t t d P li Managem ent for Privacy Managem ent for Privacy Dr Nick Papanikolaou e-Security Group International Digital Laboratory WMG, University of Warwick , y http: / / go.warwick.ac.uk/ nikos C

  1. T Towards Integrated Policy d I t t d P li Managem ent for Privacy Managem ent for Privacy Dr Nick Papanikolaou e-Security Group International Digital Laboratory WMG, University of Warwick , y http: / / go.warwick.ac.uk/ nikos

  2. C Context t t • Joint work with Marco Casassa Mont & Siani Pearson [ HP Labs] Sadie Creese Siani Pearson [ HP Labs] , Sadie Creese & Michael Goldsmith [ Warwick IDL] • EnCoRe project E C R j t – http: / / www.encore-project.info p p j – “Ensuring Consent and Revocation” – Goal is to manage and enforce users’ Goal is to manage and enforce users privacy (consent and revocation) preferences in enterprise information preferences in enterprise information systems 17 November 2009 W3C Workshop on Access Control Scenarios 2

  3. P i Privacy Policies P li i • Cannot underestimate importance of adequate information handling f d t i f ti h dli practices in enterprises to ensure p p – Continued ability to collect information – Privacy of individuals P i f i di id l • Legal requirements (National EU) • Legal requirements (National, EU), Codes of Practice, Corporate privacy policies i li i 17 November 2009 W3C Workshop on Access Control Scenarios 3

  4. E f Enforcing Privacy Policies i P i P li i • There are many different levels of requirements and no common requirements and no common representation or consistent means of enforcement across an enterprise • Automated enforcement is simple for • Automated enforcement is simple for lowest levels of policy only (e.g. Access control policies) – Automated enforcement of privacy Automated enforcement of privacy policies not very successful (cf. P3P) 17 November 2009 W3C Workshop on Access Control Scenarios 4

  5. P li Policy management levels t l l • In an enterprise, privacy requirements will be typically handled requirements will be typically handled at different levels by different experts – Legal requirements – legal team L l i t l l t – Data access requirements – IT team • Hierarchy of policies (privacy requirements) requirements) • There may be overlaps and conflicts between requirements at different between requirements at different levels 17 November 2009 W3C Workshop on Access Control Scenarios 5

  6. P li Policy management approaches t h • In our view, taking an approach to dealing with privacy requirements d li ith i i t that is too low level (e.g. focusing only on XACML representation of access control i f l restrictions) restrictions) misses important legal aspects and outcomes of risk assessment 17 November 2009 W3C Workshop on Access Control Scenarios 6

  7. P li Policy management approaches t h • Pragmatic approaches – Risk assessment (standard business practice) p ) – Typically results in non-reusable solutions solutions • Technical approaches pp – Focus on designing languages and software tools for policies of a software tools for policies of a particular kind [ only] 17 November 2009 W3C Workshop on Access Control Scenarios 7

  8. P li Policy Levels vs. Approaches L l A h 17 November 2009 W3C Workshop on Access Control Scenarios 8

  9. R Reconciling policy requirements ili li i t • Low-level approaches have the advantage of automation d t f t ti • High-level approaches account for • High level approaches account for overall security concerns, the law, and the business processes in an d h b enterprise enterprise • Can we obtain the benefits of both by building a conceptual model? 17 November 2009 W3C Workshop on Access Control Scenarios 9

  10. C Conceptual Model for Policies t l M d l f P li i High-level policies European Privacy Corporate Policies, Data Protection Act Codes of Practice Directive ... Conceptual Model Templates for different policy requirements Low-level policies Low level policies Implementable XACML code for Machine-checkable P3P and APPEL, ... policies access control (verifiable) 17 November 2009 W3C Workshop on Access Control Scenarios 10

  11. More about conceptual model M b t t l d l • Conceptual model may take different forms forms – Varying levels of formality can be useful – Just identifying typical clause structures of legal texts can provide clarity of legal texts can provide clarity – More formal models can enable automatic checking that checking that • A lower-level policy satisfies the requirements of a higher level one (policy refinement) of a higher-level one (policy refinement) • Policy statements do not conflict with one another another 17 November 2009 W3C Workshop on Access Control Scenarios 11

  12. E Examples l • In the paper we have considered examples of policy statements e.g. l f li t t t for transborder data flow, ... , • Privacy-aware access control e.g. IF (Data Requestor wants to access personal data D for Purpose P) AND (data subject has given consent for this data) ( j g ) THEN Allow Access ELSE Deny Access 17 November 2009 W3C Workshop on Access Control Scenarios 12

  13. P i Privacy-aware access control t l Database tables w ith PI I data Encoded access-control policy and custom ers consents and custom ers’ consents ( Thi di ( This diagram If role = = “Statistician” & intent = = is courtesy of “Marketing” Marco Casassa uid Nam e Condition Diagnosis Mont, HP Labs) Then 1 Alice Alcoholic Cirrhosis Allow Access (T1.Condition,T1.Diagnosis) T1 & E f & Enforce (Consent) (C ) 2 Rob Drug-addicted HIV Contagious illness 3 Julie Hepatitis Else If role = = “Scientist” & intent = = “Research” Consent Marketing Research Then x 1 T2 Allow Access (T1.Diagnosis) & Enforce (Consent) x x 2 3 Else Deny Access Enforcement: Filter data Privacy Policy SELECT “-”,Condition, Diagnosis Enforcem ent Enforcem ent Access Table T1 bl FROM T1 , T2 (Select ALL from T1) W HERE T1 .uid= T2 .Consent AND T2 .Marketing= “YES” Intent = “Marketing” uid Nam e Condition Diagnosis 1 - Alcoholism Cirrhosis Filtered-out data 2 2 - - - - - - 3 - Contagious Illness Hepatitis 13 1 3 1 7 Novem ber 2 0 0 9 W 3 C W orkshop on Access Control Scenarios 1 3

  14. S Summary of position f iti • Current approaches to policy specification and enforcement are specification and enforcement are either too high-level or too low-level • The EnCoRe project is developing an Th E C R j t i d l i approach that balances risk assessment and high-level requirements with low-level q considerations, esp. what is implementable using current policy implementable using current policy languages and tools 17 November 2009 W3C Workshop on Access Control Scenarios 14

  15. R l t d Related and Future Work d F t W k • We have already considered how privacy policies in P3P may be privacy policies in P3P may be translated to a form suitable for automated verification automated verification – See http: / / go.warwick.ac.uk/ nikos/ publications htt / / i k k/ ik / bli ti • We hope to develop a formal access control model that is designed to express privacy policies at all the p p y p levels that they arise 17 November 2009 W3C Workshop on Access Control Scenarios 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Missing Link? Capital Account Managem ent and African Industrial Policy Daniel Poon,

The Missing Link? Capital Account Managem ent and African Industrial Policy Daniel Poon,

The Missing Link? Capital Account Managem ent and African Industrial Policy Daniel Poon, Researcher, NSI Learning to Compete: Industrial Development and Policy in Africa UNU-WIDER Conference Helsinki, Finland, June 24-25 2013 1

610 views • 24 slides
I SO Managem ent system standards - An overview - I SO Managem ent system s W hat are they? W

I SO Managem ent system standards - An overview - I SO Managem ent system s W hat are they? W

I SO Managem ent system standards - An overview - I SO Managem ent system s W hat are they? W hy use them ? Complying with ISO management standards: increases confidence in business relationships, broadens opportunities

544 views • 33 slides
EU Integrated Maritime Policy and the Netherlands EU presidency program Information for the

EU Integrated Maritime Policy and the Netherlands EU presidency program Information for the

EU Integrated Maritime Policy and the Netherlands EU presidency program Information for the MSEG IMP and IMP attachs 20 Januari 2016 EU Integrated Maritime Policy The EU Integrated Maritime Policy seeks to provide a more coherent

357 views • 9 slides
Bespoke Transparent Perform ing Discreet I nvestm ent Managem ent W ealth and Asset Managem ent

Bespoke Transparent Perform ing Discreet I nvestm ent Managem ent W ealth and Asset Managem ent

Bespoke Transparent Perform ing Discreet I nvestm ent Managem ent W ealth and Asset Managem ent Solutions Av. des Jordils 31, Corseaux Suisse / Tel + 41 76 374 47 74 / www.waamsolutions.com W elcom e to W AAM Solutions SA Wealth and

163 views • 15 slides
Em ergency Managem ent Em ergency Managem ent P LACIN G YOU R B ETS AN D B EATIN G TH E

Em ergency Managem ent Em ergency Managem ent P LACIN G YOU R B ETS AN D B EATIN G TH E

Em ergency Managem ent Em ergency Managem ent P LACIN G YOU R B ETS AN D B EATIN G TH E OD D S Whats the baseline? State statute State statute State grant requirements ~ EMPG Federal regulations ~ ADA Federal regulations

426 views • 13 slides
Integrated Maritime Policy for 2050 An update and preview 2014 2016 (NL Presidency of the

Integrated Maritime Policy for 2050 An update and preview 2014 2016 (NL Presidency of the

The Netherlands Integrated Maritime Policy for 2050 An update and preview 2014 2016 (NL Presidency of the Council) - 2021 - 2050 MSEG IMP - 20 April 2015 Lodewijk Abspoel & Caroline van Heurn Integrated Maritime Policy for The

395 views • 23 slides
Questionnaire on Quality Managem ent for Surface Meteorological Observations in Regional

Questionnaire on Quality Managem ent for Surface Meteorological Observations in Regional

Questionnaire on Quality Managem ent for Surface Meteorological Observations in Regional Association I I ( Asia) RA I I W I GOS Project to Enhance the Availability and Quality of Managem ent Support for NMHSs in Surface, Clim ate and Upper- air

762 views • 53 slides
A P A Program m atic Approach ti A h to Debt Managem ent g Capacity Building in LI Cs

A P A Program m atic Approach ti A h to Debt Managem ent g Capacity Building in LI Cs

A P A Program m atic Approach ti A h to Debt Managem ent g Capacity Building in LI Cs Sudarshan Gooptu Sudarshan Gooptu Sector Manager, Economic Policy and Debt Department (PRMED) The World Bank October 26, 2010. 1 Outline Outline I

423 views • 19 slides
DEVELOPMENT OF AN INTEGRATED ROAD DEVELOPMENT OF AN INTEGRATED ROAD TRANSPORT POLICY IN RUSSIAN

DEVELOPMENT OF AN INTEGRATED ROAD DEVELOPMENT OF AN INTEGRATED ROAD TRANSPORT POLICY IN RUSSIAN

DEVELOPMENT OF AN INTEGRATED ROAD DEVELOPMENT OF AN INTEGRATED ROAD TRANSPORT POLICY IN RUSSIAN TRANSPORT POLICY IN RUSSIAN FEDERATION: : FEDERAL AND LOCAL LEVEL FEDERAL AND LOCAL LEVEL FEDERATION Vadim Donchenko, Yuliy Kunin, Dmitry Kazmin.

476 views • 18 slides
INDICATORS AND INTEGRATED APPROACH IN EU COHESION POLICY *

INDICATORS AND INTEGRATED APPROACH IN EU COHESION POLICY *

CoesioNet Seminar Datar. SciencesPo. CERI Paris, May 30, 2011 INDICATORS AND INTEGRATED APPROACH IN EU COHESION POLICY *

436 views • 12 slides
The BLUE2 project EU integrated policy assessment for the freshwater and marine environment

The BLUE2 project EU integrated policy assessment for the freshwater and marine environment

The BLUE2 project EU integrated policy assessment for the freshwater and marine environment Joint HELCOM - BONUS BALTICAPP workshop on the ecological economic research to support marine policy implementation in the Baltic Sea region

128 views • 10 slides
2nd UNI-SET Energy Clustering Event Towards an integrated EU energy system: Policy Context

2nd UNI-SET Energy Clustering Event Towards an integrated EU energy system: Policy Context

2nd UNI-SET Energy Clustering Event Towards an integrated EU energy system: Policy Context Andreea Strachinescu DG Energy Head of Unit C2 New Energy Technologies, Innovation and Clean Coal Torino, 27 th of September 2016 1 Main Policy

481 views • 31 slides
CULTURAL LANDSCAPES IN NATURA 2000 SITES TOWARDS A NEW POLICY FOR THE INTEGRATED MANAGEMENT

CULTURAL LANDSCAPES IN NATURA 2000 SITES TOWARDS A NEW POLICY FOR THE INTEGRATED MANAGEMENT

CULTURAL LANDSCAPES IN NATURA 2000 SITES TOWARDS A NEW POLICY FOR THE INTEGRATED MANAGEMENT OF CULTURAL AND NATURAL HERITAGE THE ROLE THAT SMALL TOWNS CAN PLAY IN THESE POLICY DEBATES Presentation by The European Council for the

334 views • 20 slides
Managem ent Education: Still Revolutionary? 2008 IBSS Conference Stephen Mangum Interim Dean,

Managem ent Education: Still Revolutionary? 2008 IBSS Conference Stephen Mangum Interim Dean,

Managem ent Education: Still Revolutionary? 2008 IBSS Conference Stephen Mangum Interim Dean, Fisher College of Business The Ohio State University Origins of Managem ent Education First formal program at University of Pennsylvania in 1881

372 views • 10 slides
Integrated Locality Care Teams Improving outcomes for individuals through integrated care

Integrated Locality Care Teams Improving outcomes for individuals through integrated care

Integrated Locality Care Teams Improving outcomes for individuals through integrated care Better Together Strategic Drivers National policy Fit for the Future Programme Quality Innovation Productivity Prevention Local

110 views • 8 slides
T T R I TT TR RI I T T ra ining fo r T o wnship Re ne wa l Initia tive Day 4: Case

T T R I TT TR RI I T T ra ining fo r T o wnship Re ne wa l Initia tive Day 4: Case

T T R I TT TR RI I T T ra ining fo r T o wnship Re ne wa l Initia tive Day 4: Case Study 1 (Waste Management) Walter Shaidi W aste Managem ent Environm ental Services W aste Managem ent Environm ental Services W aste Managem ent

300 views • 25 slides
Local tableaux for reasoning in distributed description logics a Luciano Serafini 1 and Andrei

Local tableaux for reasoning in distributed description logics a Luciano Serafini 1 and Andrei

DDL reasoning L. Serafini & A. Tamilinr Local tableaux for reasoning in distributed description logics a Luciano Serafini 1 and Andrei Tamilin 2 1 IRST, Trento, Italy 2 University of Trento, Italy DL workshop 2004 a Alex Borgida, and

466 views • 25 slides
presentations some hints some hints How to give good seminar Friedemann Mattern , ETH Zurich

presentations some hints some hints How to give good seminar Friedemann Mattern , ETH Zurich

1 presentations some hints some hints How to give good seminar Friedemann Mattern , ETH Zurich presentations March 2013 Why should we care? Presentation skills are required in professional life Present yourself, your research,

562 views • 31 slides
(Outrageously ) Low-Resource Speech Processing NLP @ Deep Learning Indaba, Kenya, 2019

(Outrageously ) Low-Resource Speech Processing NLP @ Deep Learning Indaba, Kenya, 2019

(Outrageously ) Low-Resource Speech Processing NLP @ Deep Learning Indaba, Kenya, 2019 Herman Kamper E&E Engineering, Stellenbosch University, South Africa http://www.kamperh.com/ (Outrageously ) Low-Resource Speech Processing NLP

818 views • 64 slides
GDC: The GNU D Compiler Iain Bucaw @ibuclaw GHM 2013 Iain Bucaw (@ibuclaw) (slide 1) GHM

GDC: The GNU D Compiler Iain Bucaw @ibuclaw GHM 2013 Iain Bucaw (@ibuclaw) (slide 1) GHM

GDC: The GNU D Compiler Iain Bucaw @ibuclaw GHM 2013 Iain Bucaw (@ibuclaw) (slide 1) GHM 2013 1 / 69 Outline History of Porting D Front End (DFE) 1 GDC Current Status 2 The Anatomy of a GCC Front End 3 GDC Extensions 4 Future

907 views • 69 slides
Financial Liquidity and Savings: Evidence from 401K Loans John Beshears John Beshears David

Financial Liquidity and Savings: Evidence from 401K Loans John Beshears John Beshears David

Financial Liquidity and Savings: Evidence from 401K Loans John Beshears John Beshears David Laibson David Laibson James J. Choi Brigitte Madrian M ti Motivation ti Previously illiquid assets becoming more liquid q Credit cards

813 views • 60 slides
Fall 2016 Enrollment Reports 1. Enrollment History and Projections 2. School Capacities 3.

Fall 2016 Enrollment Reports 1. Enrollment History and Projections 2. School Capacities 3.

Fall 2016 Enrollment Reports 1. Enrollment History and Projections 2. School Capacities 3. Internal Transfers 4. Open Enrollment 5. Open Enrollment Survey Results 6. Next Steps and Strategies 1 Enrollment History & Projections Key

359 views • 15 slides
SeisSol Training 1 Duo Li and Alice Gabriel Sept. 4, 2019 Advanced Workshop on Earthquake Fault

SeisSol Training 1 Duo Li and Alice Gabriel Sept. 4, 2019 Advanced Workshop on Earthquake Fault

SeisSol Training 1 Duo Li and Alice Gabriel Sept. 4, 2019 Advanced Workshop on Earthquake Fault Mechanics: Theory, Simulation and Observations Outline SeisSol Introduction Problem description Parameter setup Results

735 views • 44 slides
A COMMITMENT FOLK THEOREM ADAM TAUMAN KALAI, EHUD KALAI, EHUD LEHRER, AND DOV SAMET Abstract. Real

A COMMITMENT FOLK THEOREM ADAM TAUMAN KALAI, EHUD KALAI, EHUD LEHRER, AND DOV SAMET Abstract. Real

A COMMITMENT FOLK THEOREM ADAM TAUMAN KALAI, EHUD KALAI, EHUD LEHRER, AND DOV SAMET Abstract. Real world players often increase their payos by voluntarily com- mitting to play a xed strategy, prior to the start of a strategic game. In fact,

352 views • 32 slides

More recommend