Extending XACML to Express and Enforce Laws and Regulations Privacy Policies

Tariq Alshugran; Julius Dichter; Amalia Rusu

doi:10.1109/LISAT.2015.7160190

Extending XACML to Express and Enforce Laws and Regulations Privacy Policies

Tariq Alshugran, Julius Dichter, Amalia Rusu

Fairfield University

Research output: Contribution to journal › Article › peer-review

Abstract

Some software applications are developed to collect, store, and manage users' personal, medical, or financial information. In the United States, such applications are required to preserve users' privacy and to be compliant with the federal privacy laws and regulations. To formally guarantee compliance with federal regulations, it is necessary to express the privacy rules enforced by those regulations in a standard policy specification language. In this work we evaluate the eXtensible Access Control Model Language (XACML) as a formal specification language for privacy laws and regulations. Furthermore, we evaluate XACML features and attributes to extend it in order to enforce those privacy rules.

Original language	American English
Journal	Systems, Applications and Technology Conference (LISAT)
DOIs	https://doi.org/10.1109/LISAT.2015.7160190
State	Published - May 1 2015

Keywords

Privacy Policies
Federal Regulations
Specification Languages
Access Control Models
XACML

Disciplines

Engineering

Access to Document

10.1109/LISAT.2015.7160190License: CC BY

Cite this

@article{67a3c14d7bd1488b8d36d8155f3ffd21,

title = "Extending XACML to Express and Enforce Laws and Regulations Privacy Policies",

abstract = " Some software applications are developed to collect, store, and manage users' personal, medical, or financial information. In the United States, such applications are required to preserve users' privacy and to be compliant with the federal privacy laws and regulations. To formally guarantee compliance with federal regulations, it is necessary to express the privacy rules enforced by those regulations in a standard policy specification language. In this work we evaluate the eXtensible Access Control Model Language (XACML) as a formal specification language for privacy laws and regulations. Furthermore, we evaluate XACML features and attributes to extend it in order to enforce those privacy rules.",

keywords = "Privacy Policies, Federal Regulations, Specification Languages, Access Control Models, XACML",

author = "Tariq Alshugran and Julius Dichter and Amalia Rusu",

year = "2015",

month = may,

day = "1",

doi = "10.1109/LISAT.2015.7160190",

language = "American English",

journal = "Systems, Applications and Technology Conference (LISAT)",

}

TY - JOUR

T1 - Extending XACML to Express and Enforce Laws and Regulations Privacy Policies

AU - Alshugran, Tariq

AU - Dichter, Julius

AU - Rusu, Amalia

PY - 2015/5/1

Y1 - 2015/5/1

N2 - Some software applications are developed to collect, store, and manage users' personal, medical, or financial information. In the United States, such applications are required to preserve users' privacy and to be compliant with the federal privacy laws and regulations. To formally guarantee compliance with federal regulations, it is necessary to express the privacy rules enforced by those regulations in a standard policy specification language. In this work we evaluate the eXtensible Access Control Model Language (XACML) as a formal specification language for privacy laws and regulations. Furthermore, we evaluate XACML features and attributes to extend it in order to enforce those privacy rules.

AB - Some software applications are developed to collect, store, and manage users' personal, medical, or financial information. In the United States, such applications are required to preserve users' privacy and to be compliant with the federal privacy laws and regulations. To formally guarantee compliance with federal regulations, it is necessary to express the privacy rules enforced by those regulations in a standard policy specification language. In this work we evaluate the eXtensible Access Control Model Language (XACML) as a formal specification language for privacy laws and regulations. Furthermore, we evaluate XACML features and attributes to extend it in order to enforce those privacy rules.

KW - Privacy Policies

KW - Federal Regulations

KW - Specification Languages

KW - Access Control Models

KW - XACML

UR - https://digitalcommons.fairfield.edu/engineering-facultypubs/221

UR - https://libraryapps.fairfield.edu/openurl?institution=01FUNI_INST&vid=01FUNI_INST:MAIN&sid=google&auinit=T&aulast=Alshugran&atitle=Extending%20XACML%20to%20express%20and%20enforce%20laws%20and%20regulations%20privacy%20policies&id=doi:10.1109%2FLISAT.2015.7160190

U2 - 10.1109/LISAT.2015.7160190

DO - 10.1109/LISAT.2015.7160190

M3 - Article

JO - Systems, Applications and Technology Conference (LISAT)

JF - Systems, Applications and Technology Conference (LISAT)

ER -

Extending XACML to Express and Enforce Laws and Regulations Privacy Policies

Abstract

Keywords

Disciplines

Access to Document

Other files and links

Cite this