Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Qualitative Privacy Description Language

Integrating Privacy Concepts, Languages, and Technologies

  • Conference paper
  • First Online:
Privacy Technologies and Policy (APF 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9857))

Included in the following conference series:

Abstract

Privacy is a major concern regarding acceptance of technology. Although, general concepts, privacy languages, and technology to implement privacy exist, these aspects are considered rather independently yet. We propose a logic based qualitative privacy description language (QPDL), which allows for an integrated view of these three perspectives and system analysis based on policy formalizations, e.g., system conformance or policy conflicts.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    These are languages whose authors stated that the aim was to address security issues. However, we acknowledge that these languages are very similar to privacy policy languages.

  2. 2.

    We restrict ourselves to this literature and languages as they provide representations interpretable by computers. However, we acknowledge that their also exists a vast amount of privacy policy languages in other fields, e.g., humanities and social sciences.

  3. 3.

    We acknowledge that XML and RDF are two separate formalisms with different properties. However, these differences are not essential for the presented work and thus are neglected.

  4. 4.

    In general relations with any arity are possible.

  5. 5.

    For an overview of tools we refer to https://en.wikipedia.org/wiki/List_of_model_checking_tools.

  6. 6.

    We note that these are only categories of systems and do not address specific implementations.

  7. 7.

    Depending on the implementation this can be a very general alert or a specific listing of all current (and possibly all previous) violations.

  8. 8.

    A straight forward method to implement this behavior would be to delete all available knowledge when a violation is detected. However, this would most likely result in a system that is not very useful.

  9. 9.

    The temporal horizon (when a violation has to be resolved) can be changed, e.g., to ensure the violation is resolved in the next world after its appearance: \(\Box \;(violated(\varPi )\rightarrow \circ \;\lnot violated(\varPi ))\). The same holds also for the temporal horizons used in privacy projecting and privacy conserving systems.

  10. 10.

    QPDL allows to represent all aspects of privacy (concepts, policies, and privacy-enhancing technologies) and as a result we are confident that QPDL is expressive enough to model all reviewed privacy policy languages.

References

  1. Görlach, A., Heinemann, A., Terpstra, W.W.: Survey on location privacy in pervasive computing. In: Robinson, P., Vogt, H., Wagealla, W. (eds.) Privacy, Security and Trust within the Context of Pervasive Computing. The International Series in Engineering and Computer Science, vol. 780, pp. 23–34. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Nissenbaum, H.: Privacy as contextual integrity. Washington Law Rev. 79, 119 (2004)

    Google Scholar 

  3. Schaub, F., Könings, B., Weber, M.: Context-adaptive privacy: leveraging context awareness to support privacy decision making. IEEE Pervasive Comput. 14(1), 34–43 (2015)

    Article  Google Scholar 

  4. Solove, D.J.: Understanding Privacy. Harvard University Press, Cambridge (2008)

    Google Scholar 

  5. Raab, C.D., Bennett, C.J.: Taking the measure of privacy: can data protection be evaluated? Int. Rev. Adm. Sci. 62(4), 535–556 (1996)

    Article  Google Scholar 

  6. Langheinrich, M.: A privacy awareness system for ubiquitous computing environments. In: Borriello, G., Holmquist, L.E. (eds.) UbiComp 2002. LNCS, vol. 2498, pp. 237–245. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  7. Könings, B., Schaub, F.: Territorial privacy in ubiquitous computing. In: Eighth International Conference on Wireless On-Demand Network Systems and Services (WONS), pp. 104–108. IEEE (2011)

    Google Scholar 

  8. Könings, B., Schaub, F., Weber, M., Kargl, F.: Towards territorial privacy in smart environments. In: Intelligent Information Privacy Management, Papers from the 2010 AAAI Spring Symposium, Technical report SS-10-05, Stanford, California, USA, 22–24 March 2010. AAAI (2010)

    Google Scholar 

  9. Könings, B., Schaub, F., Weber, M.: Who, how, and why? Enhancing privacy awareness in ubiquitous computing. In: 2013 IEEE International Conference on Pervasive Computing and Communications Workshops, PERCOM 2013 Workshops, San Diego, CA, USA, 18–22 March 2013, pp. 364–367. IEEE (2013)

    Google Scholar 

  10. Wernke, M., Skvortsov, P., Dürr, F., Rothermel, K.: A classification of location privacy attacks and approaches. Pers. Ubiquit. Comput. 18(1), 163–175 (2014)

    Article  Google Scholar 

  11. Kumaraguru, P., Cranor, L., Lobo, J., Calo, S.: A survey of privacy policy languages. In: SOUPS 2007: Proceedings of the 3rd Symposium on Usable Privacy and Security (2007)

    Google Scholar 

  12. Kasem-Madani, S., Meier, M.: Security and privacy policy languages: a survey, categorization and gap identification. CoRR abs/1512.00201 (2015)

    Google Scholar 

  13. Matheus, A., Herrmann, J.: Geospatial eXtensible Access Control Markup Language (GeoXACML) - Version 1 Corrigendum. Open Geospatial Consortium Inc., OGC (2011)

    Google Scholar 

  14. Herrmann, J.: Administration of (geo)xacml policies for spatial data infrastructures. In: Bertino, E., Damiani, M.L., Ghinita, G. (eds.) Proceedings of the 4th ACM SIGSPATIAL International Workshop on Security and Privacy in GIS and LBS, SPRINGL 2011, November 1st, 2011, pp. 53–59. ACM, Chicago (2011)

    Google Scholar 

  15. Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: IEEE Symposium on Security and Privacy (S&P 2006), 21–24 May 2006, Berkeley, California, USA, pp. 184–198. IEEE Computer Society (2006)

    Google Scholar 

  16. Barth, A., Mitchell, J.C., Datta, A., Sundaram, S.: Privacy and utility in business processes. In: 20th IEEE Computer Security Foundations Symposium, CSF 2007, 6-8 July 2007, Venice, Italy, pp. 279–294. IEEE Computer Society (2007)

    Google Scholar 

  17. Dillaway, B., Hogg, J.: Security policy assertion language (SecPal) specification, version 1.0. Microsoft Research, 15 February 2007

    Google Scholar 

  18. Becker, M.Y., Fournet, C., Gordon, A.D.: Design and semantics of a decentralized authorization language. In: 20th IEEE Computer Security Foundations Symposium, CSF 2007, 6-8 July 2007, Venice, Italy, pp. 3–15. IEEE Computer Society (2007)

    Google Scholar 

  19. Becker, M.Y., Fournet, C., Gordon, A.D.: SecPal: design and semantics of a decentralized authorization language. J. Comput. Secur. 18(4), 619–665 (2010)

    Article  Google Scholar 

  20. Ni, Q., Trombetta, A., Bertino, E., Lobo, J.: Privacy-aware role based access control. In: Lotz, V., Thuraisingham, B.M. (eds.) SACMAT 2007, 12th ACM Symposium on Access Control Models and Technologies Proceedings, Sophia Antipolis, France, 20–22 June 2007, pp. 41–50. ACM (2007)

    Google Scholar 

  21. Ni, Q., Bertino, E., Lobo, J., Brodie, C., Karat, C.-M., Karat, J., Trombetta, A.: Privacy-aware role-based access control. ACM Trans. Inf. Syst. Secur. 13(3) (2010)

    Google Scholar 

  22. Becker, M.Y., Malkis, A., Bussard, L.: A framework for privacy preferences and data-handling policies. Technical report, Microsoft Research Cambridge Technical Report, MSR-TR-2009-128 (2009)

    Google Scholar 

  23. Azraoui, M., Elkhiyaoui, K., Önen, M., Bernsmed, K., De Oliveira, A.S., Sendor, J.: A-PPL: an accountability policy language. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/SETOP/QASA 2014. LNCS, vol. 8872, pp. 319–326. Springer, Heidelberg (2015)

    Google Scholar 

  24. Benghabrit, W., Grall, H., Royer, J., Sellami, M., Azraoui, M., Elkhiyaoui, K., Önen, M., de Oliveira, A.S., Bernsmed, K.: A cloud accountability policy representation framework. In: Helfert, M., Desprez, F., Ferguson, D., Leymann, F., Muñoz, V.M., eds.: CLOSER 2014 - Proceedings of the 4th International Conference on Cloud Computing and Services Science, Barcelona, Spain, 3–5 April 2014, pp. 489–498. SciTePress (2014)

    Google Scholar 

  25. Reiff-Marganiec, S., Turner, K., Blair, L., Campbell, G., Wang, F.: Appel: An adaptable and programmable policy environment and language. Technical report, Technical report CSM-161, Department of Computing Science and Mathematics, University of Stirling, UK (2014)

    Google Scholar 

  26. Langheinrich, M.: A P3P preference exchange language (APPEL). W3C Working Draft (2001)

    Google Scholar 

  27. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: XPref: a preference language for P3P. Comput. Netw. 48(5), 809–827 (2005)

    Article  MATH  Google Scholar 

  28. Iyilade, J., Vassileva, J.: P2U: A privacy policy specification language for secondary data sharing and usage. In: 35 IEEE Security and Privacy Workshops, SPW 2014, San Jose, CA, USA, 17–18 May 2014, pp. 18–22. IEEE Computer Society (2014)

    Google Scholar 

  29. Chowdhury, O., Jia, L., Garg, D., Datta, A.: Temporal mode-checking for runtime monitoring of privacy policies. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 131–149. Springer, Heidelberg (2014)

    Google Scholar 

  30. Chowdhury, O., Gampe, A., Niu, J., von Ronne, J., Bennatt, J., Datta, A., Jia, L., Winsborough, W.H.: Privacy promises that can be kept: a policy analysis method with application to the HIPAA privacy rule. In: Conti, M., Vaidya, J., Schaad, A. (eds.) 18th ACM Symposium on Access Control Models and Technologies, SACMAT 2013, Amsterdam, The Netherlands, 12–14 June 2013, pp. 3–14. ACM (2013)

    Google Scholar 

  31. Hada, S., Kudo, M.: XML access control language: provisional authorization for XML documents. Language Specification (2000)

    Google Scholar 

  32. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: A language for specifying security and management policies for distributed systems. Technical report 20, Department of Computing, Imperial College, London (2000)

    Google Scholar 

  33. Damianou, N., Dulay, N., Lupu, E.C., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, p. 18. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  34. Erlingsson, Ú., Schneider, F.B.: IRM enforcement of Java stack inspection. In: IEEE Symposium on Security and Privacy, Berkeley, California, USA, 14–17 May 2000, pp. 246–255. IEEE Computer Society (2000)

    Google Scholar 

  35. Hallam-Baker, P.: Security assertions markup language, 1–24, May 14 2001

    Google Scholar 

  36. Hughes, J., Maler, E.: Security assertion markup language (SAML) v2. 0 technical overview. OASIS SSTC Working Draft sstc-saml-tech-overview-2.0-draft-08 (2005)

    Google Scholar 

  37. Lalana, K.: Rei: A policy language for the me-centric project. Technical report, TechReport, HP Labs (2002)

    Google Scholar 

  38. Bauer, L., Ligatti, J., Walker, D.: A language and system for composing security policies. Technical report, Princeton University (2004)

    Google Scholar 

  39. OASIS Standard: eXtensible Access Control Markup Language (XACML)version 2.0 (2005). http://docs.oasisopen.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf

  40. Aktug, I., Naliuka, K.: ConSpec - a formal language for policy specification. Electr. Notes Theor. Comput. Sci. 197(1), 45–58 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  41. von Oheimb, D., Mödersheim, S.: ASLan++ — a formal security specification language for distributed systems. In: Aichernig, B.K., de Boer, F.S., Bonsangue, M.M. (eds.) Formal Methods for Components and Objects. LNCS, vol. 6957, pp. 1–22. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  42. Reagle, J., Cranor, L.F.: The platform for privacy preferences. Commun. ACM 42(2), 48–55 (1999)

    Article  Google Scholar 

  43. Cranor, L., Langheinrich, M., Marchiori, M., Reagle, J.: The platform for privacy preferences 1.0 (P3P1.0) specification. W3C Recommendation, April 2002

    Google Scholar 

  44. Bohrer, K., Holland, B.: Customer profile exchange (CPExchange) specification. public document

    Google Scholar 

  45. Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  46. Ashley, P., Hada, S., Karjoth, G., Schunter, M.: E-P3P privacy policies and privacy authorization. In: Jajodia, S., Samarati, P., (eds.) Proceedings of the 2002 ACM Workshop on Privacy in the Electronic Society, WPES 2002, Washington, DC, USA, 21 November 2002, pp. 103–109. ACM (2002)

    Google Scholar 

  47. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (EPAL 1.2). Submission to W3C (2003)

    Google Scholar 

  48. May, M.J., Gunter, C.A., Lee, I.: Privacy APIs: access control techniques to analyze and verify legal privacy policies. In: 19th IEEE Computer Security Foundations Workshop, (CSFW-19 2006), 5–7 July 2006, Venice, Italy, pp. 85–97. IEEE Computer Society (2006)

    Google Scholar 

  49. Vimercati, G., Paraboschi, S., Pedrini, E., Preiss, F.S., Raggett, D., Samarati, P., Trabelsi, S., Verdicchio, M.: Primelife policy language (2009)

    Google Scholar 

  50. Trabelsi, S., Sendor, J., Reinicke, S.: PPL: primelife privacy policy engine. In: POLICY 2011, IEEE International Symposium on Policies for Distributed Systems and Networks, Pisa, Italy, 6–8 June 2011, pp. 184–185. IEEE Computer Society (2011)

    Google Scholar 

  51. DeYoung, H., Garg, D., Jia, L., Kaynar, D.K., Datta, A.: Experiences in the logical specification of the HIPAA and GLBA privacy laws. In: Al-Shaer, E., Frikken, K.B. (eds.) Proceedings of the 2010 ACM Workshop on Privacy in the Electronic Society, WPES 2010, Chicago, Illinois, USA, 4 October 2010, pp. 73–82. ACM (2010)

    Google Scholar 

  52. Khandelwal, A., Bao, J., Kagal, L., Jacobi, I., Ding, L., Hendler, J.: Analyzing the AIR language: a semantic web (production) rule language. In: Hitzler, P., Lukasiewicz, T. (eds.) RR 2010. LNCS, vol. 6333, pp. 58–72. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  53. Becker, M.Y., Malkis, A., Bussard, L.: A practical generic privacy language. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 125–139. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  54. Yang, J., Yessenov, K., Solar-Lezama, A.: A language for automatically enforcing privacy policies. In: Field, J., Hicks, M. (eds.) Proceedings of the 39th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2012, Philadelphia, Pennsylvania, USA, 22–28 January 2012, pp. 85–96. ACM (2012)

    Google Scholar 

  55. Senicar, V., Jerman-Blazic, B., Klobucar, T.: Privacy-enhancing technologies - approaches and development. Comput. Stand. Interfaces 25(2), 147–158 (2003)

    Article  Google Scholar 

  56. Hafiz, M.: A pattern language for developing privacy enhancing technologies. Softw. Pract. Exper. 43(7), 769–787 (2013)

    Article  Google Scholar 

  57. Cherrueau, R., Douence, R., Südholt, M.: A language for the composition of privacy-enforcement techniques. In: IEEE TrustCom/BigDataSE/ISPA, Helsinki, Finland, 20–22 August 2015, vol. 1, pp. 1037–1044. IEEE (2015)

    Google Scholar 

  58. Fischer-Hübner, S.: Privacy and security at risk in the global information society. Inf. Commun. Soc. 1(4), 420–441 (1998)

    Article  Google Scholar 

  59. Goldberg, I.: Privacy-enhancing technologies for the internet, II: five years later. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 1–12. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  60. Goldberg, I., Wagner, D., Brewer, E.: Privacy-enhancing technologies for the internet. In: Proceedings, COMPCON 1997, pp. 103–109. IEEE, February 1997

    Google Scholar 

  61. Kuipers, B.: Qualitative Reasoning: Modeling and Simulation with Incomplete Knowledge. The MIT Press, Cambridge (1994)

    Google Scholar 

  62. Cohn, A.G., Hazarika, S.M.: Qualitative spatial representation and reasoning: an overview. Fundamenta Informaticae 46(1–2), 1–29 (2001)

    MathSciNet  MATH  Google Scholar 

  63. Renz, J., Nebel, B.: Qualitative spatial reasoning using constraint calculi. In: Handbook of Spatial Logics, pp. 161–215 (2007)

    Google Scholar 

  64. Renz, J., Rauh, R., Knauff, M.: Towards cognitive adequacy of topological spatial relations. In: Habel, C., Brauer, W., Freksa, C., Wender, K.F. (eds.) Spatial Cognition 2000. LNCS (LNAI), vol. 1849, pp. 184–197. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  65. Cohn, A.G., Bennett, B., Gooday, J.M., Gotts, N.: RCC: a calculus for region based qualitative spatial reasoning. GeoInformatica 1, 275–316 (1997)

    Article  Google Scholar 

  66. Pnueli, A.: The temporal logic of programs. In: Proceeding of FOCS, pp. 46–57 (1977)

    Google Scholar 

  67. Sistla, A.P.: Safety, liveness and fairness in temporal logic. Formal Aspects Comput. 6(5), 495–511 (1994)

    Article  MATH  Google Scholar 

  68. Dylla, F., Kreutzmann, A., Wolter, D.: A qualitative representation of social conventions for application in robotics. In: AAAI Spring Symposium Series (2014)

    Google Scholar 

  69. Wolter, D., Wallgrün, J.O.: Qualitative spatial reasoning for applications: new challenges and the SparQ toolbox. In: Hazarika, S.M. (ed.) Qualitative Spatio-Temporal Representation and Reasoning: Trends and Future Directions. IGI Global, Hershey (2011)

    Google Scholar 

  70. van de Ven, J., Dylla, F.: Privacy classification for ambient intelligence. In: Aarts, E., de Ruyter, B., Markopoulos, P., van Loenen, E., Wichert, R., Schouten, B., Terken, J., Van Kranenburg, R., Ouden, E.D., O’Hare, G. (eds.) AmI 2014. LNCS, vol. 8850, pp. 328–343. Springer, Heidelberg (2014)

    Google Scholar 

Download references

Acknowledgement

We acknowledge German Research Foundation (DFG) funding for project SOCIAL (FR 806/15-1). We thank the anonymous reviewers for their thoughtful and constructive comments.

Author information

Authors and Affiliations

  1. Bremen Spatial Cognition Center, University of Bremen, Bremen, Germany

    Jasper van de Ven & Frank Dylla

Authors
  1. Jasper van de Ven
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Frank Dylla
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jasper van de Ven .

Editor information

Editors and Affiliations

  1. ENISA , Athens, Greece

    Stefan Schiffner

  2. Goethe University Frankfurt am Main , Frankfurt, Germany

    Jetzabel Serna

  3. ENISA , Athens, Greece

    Demosthenes Ikonomou

  4. Goethe University Frankfurt am Main , Frankfurt, Germany

    Kai Rannenberg

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

van de Ven, J., Dylla, F. (2016). Qualitative Privacy Description Language. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds) Privacy Technologies and Policy. APF 2016. Lecture Notes in Computer Science(), vol 9857. Springer, Cham. https://doi.org/10.1007/978-3-319-44760-5_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-44760-5_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-44759-9

  • Online ISBN: 978-3-319-44760-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation