The Community for Technology Leaders
RSS Icon
Issue No.04 - July/August (2010 vol.8)
pp: 25-30
Lalana Kagal , MIT, Cambridge
Joe Pato , HP Labs, Cambridge
Different organizations are constantly collecting, analyzing, and storing individuals' private data: shopping sites want to provide better service and recommendations, hospitals to improve healthcare, and government agencies to enable national defense and law enforcement. Sharing data lets these organizations discover important knowledge and draw useful conclusions but raises concerns about information privacy and trust. Until recently, the focus was on restricting access to data on a "need-to-know" basis, but since the 9/11 Commission, the paradigm has shifted to a "need to share." The authors explore the use of semantic privacy policies, justifications for data requests, and automated auditing to encourage sharing of sensitive data between organizations. They describe an architecture based on policy tools that evaluate incoming queries against semantic policies and domain knowledge and provide a justification for each query—why they're permitted, denied, or inapplicable. Using a semantic policy language gives policies explicit semantics that allow all participants to unambiguously understand their meaning. The justifications generated by checking incoming requests against these policies help requesters formulate privacy-aware queries. Reasoning over event logs and justifications allows data owners to verify that their privacy policies are being correctly enforced.
privacy policy, justifications, proofs, sharing, trust
Lalana Kagal, Joe Pato, "Preserving Privacy Based on Semantic Policy Tools", IEEE Security & Privacy, vol.8, no. 4, pp. 25-30, July/August 2010, doi:10.1109/MSP.2010.89
1. D.J. Weitzner et al., "Information Accountability," Comm. ACM, June 2008, pp. 82–87.
2. K. Krasnow Waterman, "Pre-Processing Legal Text: Policy Parsing and Isomorphic Intermediate Representation," Intelligent Information Privacy Management Symp., AAAI Spring Symp., 2010; kkw-preprocessingwaterman.PRIVACY2010.parsing_privacy.pdf .
3. T. Breaux and A. Anton, "Analyzing Regulatory Rules for Privacy and Security Requirements," IEEE Trans. Software Eng., vol. 34, no. 1, 2008, pp. 5–20.
4. L. Kagal, C. Hanson, and D. Weitzner, "Using Dependency Tracking to Provide Explanations for Policy Management," Proc. 2008 IEEE Workshop Policies For Distributed Systems and Networks, IEEE CS Press, 2008, pp. 54–61.
5. T. Berners-Lee, J. Hendler, and O. Lassila, "The Semantic Web," Scientific Am., May 2001; www.sciam.comarticle.cfm?articleID=00048144-10D2-1C70-84A9809EC588EF21&pageNumber=1&catID=2 .
6. SPARQL RDF Query Language (SPARQL), World Wide Web Consortium (W3C), 2008;
7. J. Bradshaw et al., "Representation and Reasoning about DAML-based Policy and Domain Services in KAoS," Proc. 2nd Int'l Joint Conf. Autonomous Agents and Multiagent Systems (AAMAS 03), ACM Press, 2003, pp. 835–842.
8. L. Kagal, T. Finin, and A. Joshi, "A Policy-Based Approach to Security for the Semantic Web," Proc. 2nd Int'l Semantic Web Conf. (ISWC 03), LNCS, Springer, 2003, pp. 402–418.
9. H. Story et al., "FOAF+SSL: RESTful Authentication for the Social Web," Proc. 1st Workshop on Trust and Privacy on the Social and Semantic Web (colocated with the European Semantic Web Conf.), 2009.
10. F. McSherry, "Privacy Integrated Queries," Proc. ACM SIGMOD Int'l Conf. Management of Data (SIGMOD 09), ACM Press, 2009, pp. 19–30.
6 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool