Refinement checking for privacy policies

This paper presents a framework for analysis and comparison of privacy policies expressed in P3P (Platform for Privacy Preferences). In contrast to existing approaches to policy analysis, which focus on demonstrations of equality or equivalence of policies, our approach makes it possible to check fo...

全面介紹

書目詳細資料
Main Authors: Papanikolaou, N, Creese, S, Goldsmith, M
格式: Journal article
語言:English
出版: 2012
_version_ 1826298421952118784
author Papanikolaou, N
Creese, S
Goldsmith, M
author_facet Papanikolaou, N
Creese, S
Goldsmith, M
author_sort Papanikolaou, N
collection OXFORD
description This paper presents a framework for analysis and comparison of privacy policies expressed in P3P (Platform for Privacy Preferences). In contrast to existing approaches to policy analysis, which focus on demonstrations of equality or equivalence of policies, our approach makes it possible to check for refinement between policies. We automatically generate a CSP model from a P3P policy, which represents the policy's intended semantics; using the FDR model checker, we then perform various tests (using process refinement) to determine (a) whether a policy is internally consistent, and (b) whether a given policy refines another by permitting similar data collection, processing and sharing practices. Our approach allows for the detection of subtle differences between practices prescribed by different privacy policies, the comparison of relative levels of privacy offered by different policies, and captures the semantics of policies intended in the original P3P standard. The systematic translation of policies to CSP provides a formal means of reasoning about websites' privacy policies, and therefore the practices of various enterprises with regards to personal data. © 2011 Elsevier B.V. All rights reserved.
first_indexed 2024-03-07T04:46:35Z
format Journal article
id oxford-uuid:d3835f17-0bf6-4bef-a6b7-74d95c81889e
institution University of Oxford
language English
last_indexed 2024-03-07T04:46:35Z
publishDate 2012
record_format dspace
spelling oxford-uuid:d3835f17-0bf6-4bef-a6b7-74d95c81889e2022-03-27T08:11:37ZRefinement checking for privacy policiesJournal articlehttp://purl.org/coar/resource_type/c_dcae04bcuuid:d3835f17-0bf6-4bef-a6b7-74d95c81889eEnglishSymplectic Elements at Oxford2012Papanikolaou, NCreese, SGoldsmith, MThis paper presents a framework for analysis and comparison of privacy policies expressed in P3P (Platform for Privacy Preferences). In contrast to existing approaches to policy analysis, which focus on demonstrations of equality or equivalence of policies, our approach makes it possible to check for refinement between policies. We automatically generate a CSP model from a P3P policy, which represents the policy's intended semantics; using the FDR model checker, we then perform various tests (using process refinement) to determine (a) whether a policy is internally consistent, and (b) whether a given policy refines another by permitting similar data collection, processing and sharing practices. Our approach allows for the detection of subtle differences between practices prescribed by different privacy policies, the comparison of relative levels of privacy offered by different policies, and captures the semantics of policies intended in the original P3P standard. The systematic translation of policies to CSP provides a formal means of reasoning about websites' privacy policies, and therefore the practices of various enterprises with regards to personal data. © 2011 Elsevier B.V. All rights reserved.
spellingShingle Papanikolaou, N
Creese, S
Goldsmith, M
Refinement checking for privacy policies
title Refinement checking for privacy policies
title_full Refinement checking for privacy policies
title_fullStr Refinement checking for privacy policies
title_full_unstemmed Refinement checking for privacy policies
title_short Refinement checking for privacy policies
title_sort refinement checking for privacy policies
work_keys_str_mv AT papanikolaoun refinementcheckingforprivacypolicies
AT creeses refinementcheckingforprivacypolicies
AT goldsmithm refinementcheckingforprivacypolicies