We introduce refinement checking for privacy policies expressed in P3P and XACML. Our method involves a translation of privacy policies to a set of process specifications in CSP, which describe how the privacy policy is enforced. The technique is described through an example involving medical data collected by a biobank.

Modality inconsistency is one of the security policy evaluation challenges, which arises because of the existence of both positive and negative authorizations for a given subject-object pair. An inconsistency analysis model is needed to discover inconsistency based on the inheritance relationship between concepts and resolved it by using predefined resolution rules. Previous studies handle moda...

Traditional access control solutions, based on preliminary identification and authentication of the access requester, are not adequate for open Web service systems, where servers generally do not have prior knowledge of the requesters. In this paper, we provide some extensions to the eXtensible Access Control Markup Language (XACML), which is the most significant and emerging solution for contr...

The processing of data is often restricted by contractual and legal requirements for protecting privacy and IPRs. Policies provide means to control how and by whom data is processed. Conditions of policies may depend on the previous processing of the data. However, existing policy languages do not provide means to express such conditions. In this work we present a formal model and language allo...

The processing of data is often restricted by contractual and legal requirements for protecting privacy and IPRs. Policies provide means to control how and by whom data is processed. Conditions of policies may depend on the previous processing of the data. However, existing policy languages do not provide means to express such conditions. In this work we present a formal model and language allo...

In this position paper, we claim that access control policy languages can be extended to address data handling. Indeed, matching users’ privacy preferences and services’ privacy policies as well as enforcing what services can do with collected data rely on authorization queries and obligations, which exist in some access control languages. We present results from extending SecPAL to address dat...

Among the challenges of managing NASA’s information systems is the management (that is, creation, coordination, verification, validation, and enforcement) of many different role-based access control policies and mechanisms. This paper describes an actual data federation use case that demonstrates the inefficiencies created by this challenge and presents an approach to reducing these inefficienc...