By Topic

Preserving Privacy Based on Semantic Policy Tools

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Lalana Kagal ; MIT, Cambridge ; Joe Pato

Different organizations are constantly collecting, analyzing, and storing individuals' private data: shopping sites want to provide better service and recommendations, hospitals to improve healthcare, and government agencies to enable national defense and law enforcement. Sharing data lets these organizations discover important knowledge and draw useful conclusions but raises concerns about information privacy and trust. Until recently, the focus was on restricting access to data on a "need-to-know" basis, but since the 9/11 Commission, the paradigm has shifted to a "need to share." The authors explore the use of semantic privacy policies, justifications for data requests, and automated auditing to encourage sharing of sensitive data between organizations. They describe an architecture based on policy tools that evaluate incoming queries against semantic policies and domain knowledge and provide a justification for each query-why they're permitted, denied, or inapplicable. Using a semantic policy language gives policies explicit semantics that allow all participants to unambiguously understand their meaning. The justifications generated by checking incoming requests against these policies help requesters formulate privacy-aware queries. Reasoning over event logs and justifications allows data owners to verify that their privacy policies are being correctly enforced.

Published in:

IEEE Security & Privacy  (Volume:8 ,  Issue: 4 )