research-article

Privacy promises that can be kept: a policy analysis method with application to the HIPAA privacy rule

Authors:

Omar Chowdhury,

Jeffery von Ronne,

William H. WinsboroughAuthors Info & Claims

SACMAT '13: Proceedings of the 18th ACM symposium on Access control models and technologies

Pages 3 - 14

https://doi.org/10.1145/2462410.2462423

Published: 12 June 2013 Publication History

Abstract

Organizations collect personal information from individuals to carry out their business functions. Federal privacy regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), mandate how this collected information can be shared by the organizations. It is thus incumbent upon the organizations to have means to check compliance with the applicable regulations. Prior work by Barth et. al. introduces two notions of compliance, weak compliance (WC) and strong compliance (SC). WC ensures that present requirements of the policy can be met whereas SC also ensures obligations can be met. An action is compliant with a privacy policy if it is both weakly and strongly compliant. However, their definitions of compliance are restricted to only propositional linear temporal logic (pLTL), which cannot feasibly specify HIPAA. To this end, we present a policy specification language based on a restricted subset of first order temporal logic (FOTL) which can capture the privacy requirements of HIPAA. We then formally specify WC and SC for policies of our form. We prove that checking WC is feasible whereas checking SC is undecidable. We then formally specify the property WC entails SC, denoted by Δ, which requires that each weakly compliant action is also strongly compliant. To check whether an action is compliant with such a policy, it is sufficient to only check whether the action is weakly compliant with that policy. We also prove that when a policy ℘ has the Δ-property, the present requirements of the policy reduce to the safety requirements imposed by ℘. We then develop a sound, semi-automated technique for checking whether practical policies have the Δ-property. We finally use HIPAA as a case study to demonstrate the efficacy of our policy analysis technique.

References

[1]

HIPAA ENCODING. http://galadriel.cs.utsa.edu/~ochowdhu/HIPAA-POLICY/.

[2]

Privacy Promises That Can Be Kept: A Static Policy Analysis Method with Application to the HIPAA Privacy Rules. Technical Report CS-TR-2013-004. UT San Antonio.

[3]

Senate banking committee, Gramm-Leach-Bliley Act, 1999. Public Law 106--102.

[4]

Enterprise privacy authorization language (EPAL) version 1.2, Nov. 2003. http://www.zurich.ibm.com/pri/projects/epal.html.

[5]

M. W. Alford and ηl, editors. Distributed Systems: Methods and Tools for Specification '85, LNCS.

Digital Library

[6]

B. Alpern and F. B. Schneider. Defining liveness. Information Processing Letters, 21(4):181--185, Oct. 1985.

[7]

B. Alpern and F. B. Schneider. Recognizing safety and liveness. Distributed Computing, 2:117--126, 1987.

Digital Library

[8]

R. Alur. Techniques for automatic verification of real-time systems. PhD thesis, Stanford, CA, 1992.

Digital Library

[9]

R. Alur and T. Henzinger. Logics and models of real time: A survey. In Real-Time: Theory in Practice, Lecture Notes in Computer Science. 1992.

Digital Library

[10]

amednews.com. Clinics fined$4.3 million for hipaa violations, 2011. Available attextithttp://www.ama-assn.org/amednews/2011/03/07/bisb0307.htm.

[11]

A. Barth, A. Datta, J. C. Mitchell, and H. Nissenbaum. Privacy and contextual integrity: Framework and applications. IEEE Symposium on Security and Privacy.

Digital Library

[12]

A. Barth, J. Mitchell, A. Datta, and S. Sundaram. Privacy and utility in business processes. In IEEE CSF '07.

Digital Library

[13]

D. Basin, F. Klaedtke, and S. Müller. Monitoring security policies with metric first-order temporal logic. In ACM SACMAT '10.

Digital Library

[14]

D. A. Basin, F. Klaedtke, S. Marinovic, and E. Zalinescu. Monitoring compliance policies over incomplete and disagreeing logs. In RV, 2012.

[15]

T. Breaux and A. Antón. Analyzing regulatory rules for privacy and security requirements. IEEE TSE '08.

Digital Library

[16]

J. R. Büchi. On a decision method in restricted second order arithmetic. In Proceedings of LMPS'60, 1962.

[17]

O. Chowdhury, H. Chen, J. Niu, N. Li, and E. Bertino. On xacml's adequacy to specify and to enforce hipaa. In HealthSec'12.

Digital Library

[18]

O. Chowdhury, M. Pontual, W. H. Winsborough, T. Yu, K. Irwin, and J. Niu. Ensuring Authorization Privileges for Cascading User Obligations. In ACM SACMAT '12.

Digital Library

[19]

D. Damianou, N. Dulay, E. Lupu, and M. Sloman. The Ponder Policy Specification Language. In IEEE POLICY '01.

Digital Library

[20]

F. Dederichs and R. Weber. Safety and liveness from a methodological point of view. Information Processing Letters, 1990.

Digital Library

[21]

H. DeYoung, D. Garg, L. Jia, D. Kaynar, and A. Datta. Experiences in the logical specification of the hipaa and glba privacy laws. In ACM WPES '10.

Digital Library

[22]

N. Dinesh, A. Joshi, I. Lee, and O. Sokolsky. Checking traces for regulatory conformance. In RV '08.

Digital Library

[23]

D. J. Dougherty, K. Fisler, and S. Krishnamurthi. Obligations and their interaction with programs. In Proceedings of ESORICS 2007, pages 375--389.

Digital Library

[24]

E. A. Emerson. Handbook of theoretical computer science. chapter Temporal and modal logic, pages 995--1072. 1990.

Digital Library

[25]

E. A. Emerson and K. S. Namjoshi. Reasoning about rings. In POPL '95, 1995.

Digital Library

[26]

D. F. Ferraiolo, R. S. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM TISSEC '01.

Digital Library

[27]

D. Gabbay. The imperative future. chapter : The declarative past and imperative future, pages 35--67. John Wiley & Sons, Inc., New York, NY, USA, 1996.

Digital Library

[28]

D. Garg, L. Jia, and A. Datta. Policy auditing over incomplete logs: theory, implementation and applications. In ACM CCS '11.

Digital Library

[29]

D. Garg, L. Jia, and A. Datta. A logical method for policy enforcement over evolving audit logs. CoRR, abs/1102.2521, 2011.

[30]

M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in operating systems. CACM '76.

Digital Library

[31]

K. Havelund and G. Roşu. Efficient monitoring of safety properties. Int. J. Softw. Tools Technol. Transf., '04.

Digital Library

[32]

K. Havelund and G. Rosu. Synthesizing monitors for safety properties. In TACAS' 02.

Digital Library

[33]

Health Resources and Services Administration. Health insurance portability and accountability act, 1996. Public Law 104--191.

[34]

I. M. Hodkinson, F. Wolter, and M. Zakharyaschev. Decidable fragment of first-order temporal logics. Ann. Pure Appl. Logic '00.

[35]

G. J. Holzmann. The model checker SPIN. TSE '97.

Digital Library

[36]

K. Irwin, T. Yu, and W. H. Winsborough. On the modeling and analysis of obligations. In Proceedings of the 13th ACM conference on Computer and communications security, pages 134--143, New York, NY, USA, 2006. ACM.

Digital Library

[37]

R. Koymans. Specifying real-time properties with metric temporal logic. Real-Time Syst., 1990.

Digital Library

[38]

K. Krukow, M. Nielsen, and V. Sassone. A logical framework for history-based access control and reputation systems. J. Comput. Secur., 16(1):63--101, 2008.

Digital Library

[39]

O. Kupferman, A. Pnueli, and M. Y. Vardi. Once and for all. J. Comput. Syst. Sci. '12.

Digital Library

[40]

P. E. Lam, J. C. Mitchell, A. Scedrov, S. Sundaram, and F. Wang. Declarative privacy policy: finite models and attribute-based encryption. In ACM IHI '12.

Digital Library

[41]

P. E. Lam, J. C. Mitchell, and S. Sundaram. A Formalization of HIPAA for a Medical Messaging System. In TrustBus '09.

Digital Library

[42]

L. Lamport. Proving the correctness of multiprocess programs. IEEE TSE'77.

Digital Library

[43]

Z. Manna and A. Pnueli. The anchored version of the temporal framework. In REX Workshop '88.

Digital Library

[44]

Z. Manna and A. Pnueli. Temporal verification of reactive systems: safety. Springer-Verlag New York, Inc., New York, NY, USA, 1995.

Digital Library

[45]

M. J. May, C. A. Gunter, and I. Lee. Privacy APIs: Access control techniques to analyze and verify legal privacy policies. In IEEE CSFW '06.

Digital Library

[46]

Q. Ni, A. Trombetta, E. Bertino, and J. Lobo. Privacy -aware role based access control. In ACM SACMAT '07.

Digital Library

[47]

S. Owicki and L. Lamport. Proving liveness properties of concurrent programs. ACM TOPLAS '82.

Digital Library

[48]

A. Pnueli. The temporal logic of programs. In Proceedings of the 18th IEEE Symposium on Foundations of Computer Science, volume 526, pages 46--67, 1977.

Digital Library

[49]

M. Pontual, O. Chowdhury, W. H. Winsborough, T. Yu, and K. Irwin. On the management of user obligations. SACMAT '11, New York, NY, USA. ACM.

Digital Library

[50]

G. Roşu and K. Havelund. Synthesizing dynamic programming algorithms from linear temporal logic formulae. Technical report, 2001.

Digital Library

[51]

Securities and Exchange Commission. Sarbanes-oxley act, 2002. Public Law 107--204.

[52]

A. P. Sistla. Safety, liveness and fairness in temporal logic. Formal Aspects of Computing, 6:495--511, 1994.

[53]

Y.-K. Tsay, M.-H. Tsai, J.-S. Chang, and Y.-W. Chang. Büchi store : An open repository of büchi automata. In TACAS '11.

Digital Library

[54]

M. Weiser. Program slicing. In ICSE '81.

[55]

XACML TC. Oasis extensible access control markup language (xacml).

Cited By

Yang CLi YXu MChen ZLiu YHuang GLiu XSpinellis DGousios GChechik MDi Penta M(2021)TaintStream: fine-grained taint tracking for big data platforms through dynamic code translationProceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3468264.3468532(806-817)Online publication date: 20-Aug-2021
https://dl.acm.org/doi/10.1145/3468264.3468532
Kotal AJoshi APande Joshi K(2021)The Effect of Text Ambiguity on creating Policy Knowledge Graphs2021 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom)10.1109/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00201(1491-1500)Online publication date: Sep-2021
https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00201
Mir D(2021)Designing for the Privacy CommonsGoverning Privacy in Knowledge Commons10.1017/9781108749978.011(245-267)Online publication date: 29-Mar-2021
https://doi.org/10.1017/9781108749978.011
Show More Cited By

Index Terms

Privacy promises that can be kept: a policy analysis method with application to the HIPAA privacy rule

Recommendations

Enterprise privacy promises and enforcement
WITS '05: Proceedings of the 2005 workshop on Issues in the theory of security

Several formal languages have been proposed to encode privacy policies, ranging from the Platform for Privacy Preferences (P3P), intended for communicating privacy policies to consumers over the web, to the Enterprise Privacy Authorization Language (...
A comprehensive privacy-aware authorization framework founded on HIPAA privacy rules
IHI '10: Proceedings of the 1st ACM International Health Informatics Symposium

Health care entities publish privacy polices that are aligned with government regulations such as Health Insurance Portability and Accountability Act (HIPPA) and promise to use and disclose health data according to the stated policies. However actual ...
PoCo: A Language for Specifying Obligation-Based Policy Compositions
ICSCA '20: Proceedings of the 2020 9th International Conference on Software and Computer Applications

Existing security-policy-specification languages allow users to specify obligations, but challenges remain in the composition of complex obligations, including effective approaches for resolving conflicts between policies and obligations and allowing ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '13: Proceedings of the 18th ACM symposium on Access control models and technologies

June 2013

278 pages

ISBN:9781450319508

DOI:10.1145/2462410

General Chair:
Mauro Conti
University of Padua, Italy
,
Program Chairs:
Jaideep Vaidya
Rutgers University, USA
,
Andreas Schaad
SAP AG, Germany

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 June 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT '13

Sponsor:

SIGSAC

SACMAT '13: 18th ACM Symposium on Access Control Models and Technologies

June 12 - 14, 2013

Amsterdam, The Netherlands

Acceptance Rates

SACMAT '13 Paper Acceptance Rate 19 of 62 submissions, 31%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
479
Total Downloads

Downloads (Last 12 months)22
Downloads (Last 6 weeks)5

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yang CLi YXu MChen ZLiu YHuang GLiu XSpinellis DGousios GChechik MDi Penta M(2021)TaintStream: fine-grained taint tracking for big data platforms through dynamic code translationProceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3468264.3468532(806-817)Online publication date: 20-Aug-2021
https://dl.acm.org/doi/10.1145/3468264.3468532
Kotal AJoshi APande Joshi K(2021)The Effect of Text Ambiguity on creating Policy Knowledge Graphs2021 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom)10.1109/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00201(1491-1500)Online publication date: Sep-2021
https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00201
Mir D(2021)Designing for the Privacy CommonsGoverning Privacy in Knowledge Commons10.1017/9781108749978.011(245-267)Online publication date: 29-Mar-2021
https://doi.org/10.1017/9781108749978.011
Tavakolan MFaridi I(2020)Applying Privacy-Aware Policies in IoT Devices Using Privacy Metrics2020 International Conference on Communications, Computing, Cybersecurity, and Informatics (CCCI)10.1109/CCCI49893.2020.9256605(1-5)Online publication date: 3-Nov-2020
https://doi.org/10.1109/CCCI49893.2020.9256605
Cheung KHuth MKirk LLundbæk LMarques RPetsche JKerschbaum FMashatan ANiu JLee A(2019)Owner-Centric Sharing of Physical Resources, Data, and Data-Driven Insights in Digital EcosystemsProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3326326(73-81)Online publication date: 28-May-2019
https://dl.acm.org/doi/10.1145/3322431.3326326
Shvartzshnaider YPavlinovic ZBalashankar AWies TSubramanian LNissenbaum HMittal P(2019)VACCINE: Using Contextual Integrity For Data Leakage DetectionThe World Wide Web Conference10.1145/3308558.3313655(1702-1712)Online publication date: 13-May-2019
https://dl.acm.org/doi/10.1145/3308558.3313655
Wang LNear JSomani NGao PLow ADao DSong D(2019)Data Capsule: A New Paradigm for Automatic Compliance with Data Privacy RegulationsHeterogeneous Data Management, Polystores, and Analytics for Healthcare10.1007/978-3-030-33752-0_1(3-23)Online publication date: 23-Oct-2019
https://doi.org/10.1007/978-3-030-33752-0_1
Apthorpe NShvartzshnaider YMathur AReisman DFeamster N(2018)Discovering Smart Home Internet of Things Privacy Norms Using Contextual IntegrityProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/32142622:2(1-23)Online publication date: 5-Jul-2018
https://dl.acm.org/doi/10.1145/3214262
Gerl ABennani NKosch HBrunie L(2018)LPL, Towards a GDPR-Compliant Privacy Language: Formal Definition and UsageTransactions on Large-Scale Data- and Knowledge-Centered Systems XXXVII10.1007/978-3-662-57932-9_2(41-80)Online publication date: 2-Aug-2018
https://doi.org/10.1007/978-3-662-57932-9_2
MacGahan TJohnson CRodriguez Avon Ronne JNiu JBertino ESandhu RWeippl E(2017)Provable Enforcement of HIPAA-Compliant Release of Medical Records Using the History Aware Programming LanguageProceedings of the 22nd ACM on Symposium on Access Control Models and Technologies10.1145/3078861.3084176(191-198)Online publication date: 7-Jun-2017
https://dl.acm.org/doi/10.1145/3078861.3084176
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents