research-article

Capturing P3P semantics using an enforceable lattice-based structure

Authors:

Kambiz Ghazinour,

Ken BarkerAuthors Info & Claims

PAIS '11: Proceedings of the 4th International Workshop on Privacy and Anonymity in the Information Society

Article No.: 4, Pages 1 - 6

https://doi.org/10.1145/1971690.1971694

Published: 25 March 2011 Publication History

Get Access

Abstract

With the increasing amount of data collected by service providers, privacy concerns increase for data owners who must provide private data to receive services. Legislative acts require service providers to protect the privacy of customers. Privacy policy frameworks, such as P3P, assist the service providers by describing their privacy policies to customers (e.g. publishing privacy policy on websites). Unfortunately, providing the policies alone does not guarantee that they are actually enforced. Furthermore, a privacy-preserving model should consider the privacy preferences of both the data provider and collector. This paper discusses the challenges in development of capturing privacy predicates in a lattice structures. A use case study is presented to show the applicability of the lattice approach to a specific domain. We also present a comprehensive study on applying a lattice-based approach to P3P. We show capturing privacy elements of P3P in a lattice format facilitates managing and enforcing policies presented in P3P and accommodates the customization of privacy practices and preferences of data and service providers. We also propose that the outcome of this approach can be used on lattice-based privacy aware access control models [8].

References

[1]

R. Agrawal, P. Bird, T. Grandison, J. Kiernan, S. Logan, and W. Rjaibi. "Extending relational database systems to automatically enforce privacy policies." In ICDE '05: Proceedings of the 21st International Conference on Data Engineering, pp. 1013--1022, Washington, DC, USA, 2005.

Digital Library

Google Scholar

[2]

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. "Hippocratic databases." In VLDB '02: Proceedings of the 28th International Conference on Very Large Databases, volume 28, pp. 143--154, Hong Kong, China, 2002.

Digital Library

Google Scholar

[3]

P. Ashley, S. Hada, G. Karjoth & M. Schunter, "E-P3P privacy policies and privacy authorization." Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, pp.103--109, November 21--21, 2002, Washington.

Digital Library

Google Scholar

[4]

K. Barker, M. Askari, M. Banerjee, K. Ghazinour, B. Mackas, M. Majedi, S. Pun, and A. Williams. "A data privacy taxonomy." In BNCOD: Proceedings of the 26th British National Conference on Databases, pp. 42--54, Berlin, Heidelberg, July 2009. Springer-Verlag.

Digital Library

Google Scholar

[5]

J.-W. Byun and N. Li. "Purpose based access control for privacy protection in relational database systems." The VLDB Journal, the International Journal on Very Large Data Bases, pp. 603--619, September 2006.

Digital Library

Google Scholar

[6]

L. Cranor. "The Platform for Privacy Preferences 1.1 (P3P1.1) Specification". 2006. Available at: http://www.w3.org/TR/P3P11/#RECPNT.

Google Scholar

[7]

B. A. Davey, and H. A. Priestley, "Introduction to lattices and order." Cambridge University press, pp. 33--35, 2002.

Google Scholar

[8]

K. Ghazinour, M. Majedi, K. Barker. "A Lattice-based Privacy Aware Access Control Model", in Proceeding of the IEEE International Conference on Privacy, Security, Risk and Trust, Canada, 2009. pp. 135--141.

Digital Library

Google Scholar

Cited By

View all

Kaplan SBulmer DGosselin AGhanavati S(2021)Lattice-based Contextual Integrity Analysis of Social Network Privacy Policies2021 IEEE 29th International Requirements Engineering Conference Workshops (REW)10.1109/REW53955.2021.00070(394-399)Online publication date: Sep-2021
https://doi.org/10.1109/REW53955.2021.00070
Mohzary MTadisetty SGhazinour K(2020)A Privacy Protection Layer for Wearable DevicesFoundations and Practice of Security10.1007/978-3-030-45371-8_24(363-370)Online publication date: 17-Apr-2020
https://doi.org/10.1007/978-3-030-45371-8_24
Lämmel RPek E(2018)Understanding privacy policiesEmpirical Software Engineering10.1007/s10664-012-9204-118:2(310-374)Online publication date: 26-Dec-2018
https://dl.acm.org/doi/10.1007/s10664-012-9204-1
Show More Cited By

Index Terms

Capturing P3P semantics using an enforceable lattice-based structure

Recommendations

P3P: Making Privacy Policies More Useful

This article provides an introduction to the World Wide Web Consortium's Platform for Privacy Preferences (P3P) specification. P3P provides a standard way for Web sites to convey their privacy policies in a computer-readable format. The article ...
A formal P3P semantics for composite services
SDM'10: Proceedings of the 7th VLDB conference on Secure data management

As online services are moving from the single service to the composite service paradigm, privacy is becoming an important issue due to the amount of user data being collected and stored. The Platform for Privacy Preferences (P3P) was defined to provide ...
A Model for Privacy Policy Visualization
COMPSAC '09: Proceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference - Volume 02

Privacy is a leading concern for anyone that utilizes computing resources whether shopping on the Internet or visiting their doctor. Legislative acts require enterprises and data collectors to protect the privacy of their customers and data owners. ...

Comments

Information & Contributors

Information

Published In

PAIS '11: Proceedings of the 4th International Workshop on Privacy and Anonymity in the Information Society

March 2011

62 pages

ISBN:9781450306119

DOI:10.1145/1971690

Editors:
Traian Marius Truta
Northern Kentucky University
,
Li Xiong
Emory University
,
Farshad Fotouh
Wayne State University
,
Kjell Orsborn
Uppsala University, Sweden
,
Silvia Stefanova
Uppsala University, Sweden

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 March 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

EDBT/ICDT '11

EDBT/ICDT '11: EDBT/ICDT '11 joint conference

March 25, 2011

Uppsala, Sweden

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
168
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Kaplan SBulmer DGosselin AGhanavati S(2021)Lattice-based Contextual Integrity Analysis of Social Network Privacy Policies2021 IEEE 29th International Requirements Engineering Conference Workshops (REW)10.1109/REW53955.2021.00070(394-399)Online publication date: Sep-2021
https://doi.org/10.1109/REW53955.2021.00070
Mohzary MTadisetty SGhazinour K(2020)A Privacy Protection Layer for Wearable DevicesFoundations and Practice of Security10.1007/978-3-030-45371-8_24(363-370)Online publication date: 17-Apr-2020
https://doi.org/10.1007/978-3-030-45371-8_24
Lämmel RPek E(2018)Understanding privacy policiesEmpirical Software Engineering10.1007/s10664-012-9204-118:2(310-374)Online publication date: 26-Dec-2018
https://dl.acm.org/doi/10.1007/s10664-012-9204-1
Rafferty LKroese BHung P(2015)Toy Computing BackgroundMobile Services for Toy Computing10.1007/978-3-319-21323-1_2(9-38)Online publication date: 25-Aug-2015
https://doi.org/10.1007/978-3-319-21323-1_2
Benghabrit WGrall HRoyer JSellami M(2014)Accountability for Abstract Component DesignProceedings of the 2014 40th EUROMICRO Conference on Software Engineering and Advanced Applications10.1109/SEAA.2014.68(213-220)Online publication date: 27-Aug-2014
https://dl.acm.org/doi/10.1109/SEAA.2014.68
Ghazinour KRazavi ABarker K(2014)A Model for Privacy Compromisation ValueProcedia Computer Science10.1016/j.procs.2014.08.02337(143-152)Online publication date: 2014
https://doi.org/10.1016/j.procs.2014.08.023
Ghazinour KBarker KGuerrini G(2013)A privacy preserving model bridging data provider and collector preferencesProceedings of the Joint EDBT/ICDT 2013 Workshops10.1145/2457317.2457346(174-178)Online publication date: 18-Mar-2013
https://dl.acm.org/doi/10.1145/2457317.2457346
Ghazinour KMatwin SSokolova MGuerrini G(2013)Monitoring and recommending privacy settings in social networksProceedings of the Joint EDBT/ICDT 2013 Workshops10.1145/2457317.2457344(164-168)Online publication date: 18-Mar-2013
https://dl.acm.org/doi/10.1145/2457317.2457344
Banerjee MAdl RWu LBarker K(2011)Quantifying privacy violationsProceedings of the 8th VLDB international conference on Secure data management10.5555/2036996.2036998(1-17)Online publication date: 2-Sep-2011
https://dl.acm.org/doi/10.5555/2036996.2036998

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

P3P: Making Privacy Policies More Useful

A formal P3P semantics for composite services

A Model for Privacy Policy Visualization

Comments

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

P3P: Making Privacy Policies More Useful

A formal P3P semantics for composite services

A Model for Privacy Policy Visualization

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations