By Topic

Transforming Privacy Policies to Auditing Specifications

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Biswas, D. ; Nokia Res., Lausanne, Switzerland ; Niemi, V.

With more and more personal data being collected and stored by service providers, there is an increasing need to ensure that their usage is compliant with privacy regulations. We consider the specific scenario where policies are defined in metric temporal logic and audited against the database usage logs. Previous works have shown that this can indeed be achieved in an efficient manner for a very expressive set of policies. One of the main ingredients of such an auditing process is the availability of sufficient database logs. Currently, it is a manual process to first determine the logs needed, and then come up with the necessary auditing specifications to generate them. This is not only a time consuming process but can be erroneous as well, leading to either insufficient or redundant logging. Logging in general is costly as it is an overhead on the real-time database performance, and hence redundant logging is not an alternative either. Our contribution in this work is to streamline the log generation process by deriving the auditing specifications directly from the policies to be audited. We also show how the required logging can be minimized based on the temporal constraints specified in the policies. Given privacy policies as input, the output of the proposed tool is the corresponding auditing specifications that can be installed directly in the databases, to produce logs that are both minimal and sufficient to audit the given policies. The tool has been implemented and tested in a real-life scenario.

Published in:

High-Assurance Systems Engineering (HASE), 2011 IEEE 13th International Symposium on

Date of Conference:

10-12 Nov. 2011