Research Challenges in Enterprise Privacy Authorization Language

Slides:



Advertisements
Similar presentations
An Adaptive Policy-Based Framework for Network Service Management Leonidas Lymberopoulos Emil Lupu Morris Sloman Department of Computing Imperial College.
Advertisements

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science 1 Three Challenges for Transactional Computing J. Eliot B. Moss Associate Professor,
Flow-based Management Language Tim Hinrichs Natasha Gude* Martín Casado John Mitchell Scott Shenker University of Chicago Stanford University ICSI/UC Berkeley.
Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.
The Future of Scientific Knowledge Discovery in Open Networked Environments: Legal Considerations Michael Madison Professor of Law Faculty Director, Innovation.
IBM Zurich Research Lab © 2004 IBM Corporation PART 5 Enterprise Privacy Policies.
RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.
Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
Automated Analysis and Code Generation for Domain-Specific Models George Edwards Center for Systems and Software Engineering University of Southern California.
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #18-1 Chapter 18: Introduction to Assurance Overview Why assurance? Trust and.
The Development and trial of SEGWorld: A Virtual Environment for Software Engineering Student Group Projects Sarah Drummond & Cornelia Boldyreff Department.
University of Kansas Construction & Integration of Distributed Systems Jerry James Oct. 30, 2000.
09/28/2007 CIS Dept., UMass Dartmouth 1 Trustworthy Agent-Based Online Auction Systems Prof. Haiping Xu Concurrent Software Systems Laboratory Computer.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
15 1 Chapter 15 Database Administration Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.
Cloud Usability Framework
THE DICOM 2013 INTERNATIONAL CONFERENCE & SEMINAR March 14-16Bangalore, India DICOM Medical Image Management the Challenges and Solutions – Cloud as a.
Constraints and Capabilities Workshop Oracle Position Ashok Malhotra Greg Pavlik.
D ATABASE A DMINISTRATION ITEC 450 Fall 2012 Instructor: Dr. Rama Gudhe.
Introduction to Cloud Computing
Role-based Trust Management Security Policy Analysis and Correction Environment (RT-SPACE). Gregory T. Hoffer CS7323 – Research Seminar (Dr. Qi Tian)
A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
Language-Based Information-Flow Security Richard Mancusi CSCI 297.
Gershon Janssen 11 th October 2011 London Privacy Management Reference Model International Cloud Symposium 2011.
Legal localization of P3P as a requirement for its privacy enhancing effect 1 W3C Workshop on the long term Future of P3P and Enterprise Privacy Languages.
1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,
Hao Wang Computer Sciences Department University of Wisconsin-Madison Authentication and Authorization.
Semantic Web and Policy Workshop Panel Contribution Norman M. Sadeh School of Computer Science Carnegie Mellon University Director, e-Supply Chain Management.
11 Usage policies for end point access control  XACML is Oasis standard to express enterprise security policies with a common XML based policy language.
Adaptive Web Caching CS411 Dynamic Web-Based Systems Flying Pig Fei Teng/Long Zhao/Pallavi Shinde Computer Science Department.
DataReader 2 Enhancing Security in Ultra-Large Scale (ULS) Systems using Domain- specific Modeling Joe Hoffert, Akshay Dabholkar, Aniruddha Gokhale, and.
Object Oriented Multi-Database Systems An Overview of Chapters 4 and 5.
Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.
Database Administration
Model Checking Grid Policies JeeHyun Hwang, Mine Altunay, Tao Xie, Vincent Hu Presenter: tanya levshina International Symposium on Grid Computing (ISGC.
CSIIR Workshop March 14-15, Privilege and Policy Management for Cyber Infrastructures Dennis Kafura Markus Lorch Support provided by: Commonwealth.
Personal Information Management in a Ubiquitous Computing Environment Institute of Systems & Information Technologies/KYUSHU Kenichi Takahashi.
Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010.
2015 NetSymm Overview NETSYMM OVERVIEW December
Enhancing Security in Enterprise Distributed Real-time and Embedded Systems using Domain-specific Modeling Akshay Dabholkar, Joe Hoffert, Aniruddha Gokale,
Policy-Based Service Management Prepared For: FIW 2003 An SAIC Company Fuchun Joseph Lin (Joe) Chief Scientist Telcordia Technologies, Inc. 445 South Street.
Policy Based Management for Internet Communities Kevin Feeney, Dave Lewis, Vinny Wade, Knowledge and Data Engineering Group Trinity College Dublin Policy.
AUTOMATIC CONTROL THEORY II Slovak University of Technology Faculty of Material Science and Technology in Trnava.
May 7-8, 2007ICVCI 2007 RTP Autonomic Approach to IT Infrastructure Management in a Virtual Computing Lab Environment H. Abdel SalamK. Maly R. MukkamalaM.
Chairing Challenging Meetings Effectively Karen Heaton Director of Human Resources March 2015.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 6 Slide 1 Software Requirements (utvalgte foiler fra Kap 6 og 7 i Sommerville)
Congress Blueprint --policy abstraction
Data and Applications Security Developments and Directions
Enforcing Privacy Policies for RFID Data Collection and Processing
Institute for Cyber Security
Federated IdM Across Heterogeneous Clouding Environment
Chapter 18: Introduction to Assurance
ELL TITLE I ASSESSMENT: STATE PRACTICES Stanley Rabinowitz, Ph. D
Database System Architecture
The Vision of Autonomic Computing
Enterprise Requirements Literal
Database Administration
A Policy-Based Security Mechanism for Distributed Health Networks
Data and Applications Security Developments and Directions
Automated Analysis and Code Generation for Domain-Specific Models
On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprises IEEE Policy Workshop 2007 Marco Casassa Mont.
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Presentation transcript:

Research Challenges in Enterprise Privacy Authorization Language Ninghui Li Department of Computer Science and CERIAS Purdue University This is ongoing work.

Outline Enforcement Consistency Expressive power Usability March 22, 2004 2

Enforcement Objective: an EPAL Policy needs to be enforced when data are accessed. Challenge: it is inefficient to have each data-base access to call an EPAL policy engine. Research problem: how to translate an EPAL policy into policy configurations in lower-level access control mechanism e.g., into Virtual Private Database policies March 22, 2004 3

Consistency Objective: needs to ensure that an EPAL policy is sufficient to enforce a higher-level privacy policy (e.g., in P3P) promised to customers Challenge: lacks a sufficiently expressive higher-level formal language for expressing privacy policies Research problem: to come up with such a language such that consistency can be checked automatically March 22, 2004 4

Expressive power Objective: needs to ensure that one can express desirable policies in an Enterprise Privacy Authorization Language Challenge: how to deal with dynamic enterprise environments how to control who can change which parts of a policy and how Research problem: to come up with administration models for enterprise privacy management March 22, 2004 5

Usability Problem: needs to ensure that policies can be authored correctly and conveniently Challenge: policy understanding and policy composition are made difficult by the use of both allow and deny with ordered conflict resolution Research problem: to measure/improve usability March 22, 2004 6

Summary Many challenges remain in the area of Enterprise Privacy Authorization Language enforcement consistency expressive power usability Further research is needed March 22, 2004 7

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.