S 4 P Sec PAL for Privacy Moritz

  • Slides: 15
Download presentation
S 4 P Sec. PAL for Privacy Moritz Becker MSRC, Cambridge Alexander Malkis IMDEA,

S 4 P Sec. PAL for Privacy Moritz Becker MSRC, Cambridge Alexander Malkis IMDEA, Madrid Laurent Bussard EMIC, Aachen

Scenario 2. 1) Sending allowed by Pol ? Privacy Pref: Travel. Booking services -

Scenario 2. 1) Sending allowed by Pol ? Privacy Pref: Travel. Booking services - Can use my e-mail address for confirmation Pref. - Must delete my e-mail Privacy address within Preferences 1 year 1. 1) Fix Pref, Pol 1. 2) Pol sat Pref ? Privacy Pol: Is a Travel. Booking - Want to use e-mail for confirmation Pol. to delete e- Promise Privacy mail within 6 months Policy Collected 2. 2) Pol 2 sat Pref? Pol 2 f ta, pre a d ) 3 2. PII 1. 3) data, pref 2. 4) Sending allowed by Pol 2 ? 3. 1) Traces comply with Pol ? traces 1) User perspective (matching privacy) 2) Service perspective (enforcing privacy) 3) Auditor perspective (controlling privacy) Pol 3 2. 5) Pol 4 sat Pref ? Pol 4 2. 6) data, pref PIIs

Preference – ❬Svc❭ will allow Alice to Edit Parental. Controls ? ∧ Alice says

Preference – ❬Svc❭ will allow Alice to Edit Parental. Controls ? ∧ Alice says ❬Svc❭ complies with COPPA ? (1) – Alice says x can say y complies with COPPA if x is member of COPPACompliancy. Schemes (2) – Alice says FTC can say x is member of COPPACompliancy. Schemes (3) – FTC says TRUSTe is member of COPPACompliancy. Schemes (4) – Alice says ❬Svc❭ may use Cookies for x if ❬Svc❭ will revoke Cookies within t where t ≤ 5 yr (5) – Alice says ❬Svc❭ can say ❬Svc❭ will revoke Cookies within t (6) – Alice says ❬Svc❭ may allow Alice to action object (7) – Alice says ❬Svc❭ may revoke Cookies within t (8) – Alice says Alice is using software MSNClient version 9. 5 (9)

Policy – TRUSTe says MS complies with COPPA – MS says MS will allow

Policy – TRUSTe says MS complies with COPPA – MS says MS will allow ❬Usr❭ to Edit Parental. Controls if ❬Usr❭ is member of msntype, msntype supports Parental. Controls, ❬Usr❭ is using software MSNClient version v, where v ≤ 9. 5 – MS says MSNPremium supports Parental. Controls – MS says MSNPlus supports Parental. Controls – MS says MSN can say x is member of g where g {MSN, MSNPremium, MSNPlus} – MSN says Alice is member of MSNPremium – MS says ❬Usr❭ can say ❬Usr❭ is using software MSNClient version v – MS says MS will revoke Cookies within 2 yr – ❬Usr❭ says MS may use Cookies for Ad. Tracking ? ∧ ❬Usr❭ says MS may revoke Cookies within 2 yr ? ∧ ❬Usr❭ says MS may allow ❬Usr❭ to Edit Parental. Controls ? (10) (11) (12) (13) (15) (16) (17) (18) (19)

Alice says MS may use Cookies for Ad. Tracking ? MS says MS will

Alice says MS may use Cookies for Ad. Tracking ? MS says MS will revoke Cookies within 2 yr (18) + Alice says MS can say MS will revoke Cookies within t Alice says MS will revoke Cookies within 2 yr (6)

Alice says MS may use Cookies for Ad. Tracking ? Alice says MS will

Alice says MS may use Cookies for Ad. Tracking ? Alice says MS will revoke Cookies within 2 yr + Alice says MS may use Cookies for x if MS will revoke Cookies within t where t ≤ 5 yr (5) + 2 yr ≤ 5 yr Alice says MS may use Cookies for Ad. Tracking

Behaviours of a trace satisfying preference Alice says MS may: allow Alice to x

Behaviours of a trace satisfying preference Alice says MS may: allow Alice to x y, revoke Cookies within x, use Cookies for x MS says MS will: allow Alice to Edit Parental. Controls?

Behaviours of a trace satisfying policy Alice says MS may: allow Alice to Edit

Behaviours of a trace satisfying policy Alice says MS may: allow Alice to Edit Parental. Controls ? , revoke Cookies within 2 yr ? , use Cookies for Ad. Tracking ? MS says MS will: allow Alice to Edit Parental. Controls, revoke Cookies within 2 yr

Preference satisfies policy Policy traces Preference traces

Preference satisfies policy Policy traces Preference traces

U→S 1. Choose Pref, Pol 2. Check Pref⊧Pol 3. S keeps a copy of

U→S 1. Choose Pref, Pol 2. Check Pref⊧Pol 3. S keeps a copy of instantiated Pref, Pol, and uninstantiated Pref

S → S’ �send Email to Marketing� Beh 1. Does Pol(S) allow �send…� 2.

S → S’ �send Email to Marketing� Beh 1. Does Pol(S) allow �send…� 2. Check Pref(U)⊧Pol(S’) 3. S’ keeps a copy of instantiated Pref(U), Pol(S’), and uninstantiated Pref(U)

Policy evolution • S wants: – Disclose to previously unknown party or – Not

Policy evolution • S wants: – Disclose to previously unknown party or – Not to notify the user despite having promised so • User feels ok, if preference is still satisfied • S has to: – Amend policy such that new behaviours comply and check Pref⊧New. Pol, or – Continue complying with Old. Pol

Guarantees: U → S (and policy evolves) • If PII at S, then U

Guarantees: U → S (and policy evolves) • If PII at S, then U has sent it before. • If trace of S complies with (current) Pol, then trace of S complies with Pref

Guarantees: U→S, S→S’ (and policy evolves) • If PII at S’, then – U

Guarantees: U→S, S→S’ (and policy evolves) • If PII at S’, then – U has sent PII to S’, or – some S has sent PII to S’, and If trace of S complies with its (current) Pol, then �send PII to S’�allowed by Pref

S 4 P Sec. PAL for Privacy Moritz Becker MSRC, Cambridge Alexander Malkis IMDEA,

S 4 P Sec. PAL for Privacy Moritz Becker MSRC, Cambridge Alexander Malkis IMDEA, Madrid Laurent Bussard EMIC, Aachen

PAL sznes televzi rendszer tartalomjegyzk z PAL azPAL sznes televzi rendszer tartalomjegyzk z PAL az
Tutoropleiding PAL Rob Vierendeels OOFProject Pal scoort opTutoropleiding PAL Rob Vierendeels OOFProject Pal scoort op
Pay Pal Holdings Andrew Schurr Background Pay PalPay Pal Holdings Andrew Schurr Background Pay Pal
PAL PEER ASSISTED LEARNING Stripping PAL back thePAL PEER ASSISTED LEARNING Stripping PAL back the
PAL Seminar New Addition to SEIKO Backsurface PALPAL Seminar New Addition to SEIKO Backsurface PAL
PAL PLUNGERS BY PAL PLUNGERS LLC ALRDC ARTIFICIALPAL PLUNGERS BY PAL PLUNGERS LLC ALRDC ARTIFICIAL
Fallbeispiel Privacy Was ist Privacy Wie wird PrivacyFallbeispiel Privacy Was ist Privacy Wie wird Privacy
How Privacy Relates to Security Privacy Symposium PrivacyHow Privacy Relates to Security Privacy Symposium Privacy
Case studies Privacy Privacy Privacy Is an EUCase studies Privacy Privacy Privacy Is an EU
Sec PAL A security policy language to supportSec PAL A security policy language to support
Authorization Security Policy Assertion Language 1 Sec PALAuthorization Security Policy Assertion Language 1 Sec PAL
Sec 25 1 EULERS METHOD Sec 25 1Sec 25 1 EULERS METHOD Sec 25 1
Patents Part 1 Sec 21 Patentable Inventions SecPatents Part 1 Sec 21 Patentable Inventions Sec
Sec Tor 2007 Welcome to Sec Tor 2007Sec Tor 2007 Welcome to Sec Tor 2007