EXAM - Environment for XACML Policy Analysis and Management

As large organizations are transitioning into policy based management for tasks such as access control, network security, data privacy etc, the management and consolidation of a large number of policies is becoming a crucial component of such policy based systems. In large-scale distributed collaborative applications like web services, there is need for analysing policy interaction and performing policy integration. In this work, we propose and implement a comprehensive environment for policy analysis and management, which can be used to perform a variety of functions such as policy property analyses, policy integration(decomposition) etc. Currently our work focuses on analysis of access control policies written in the dialect of XACML (Extensible Access Control Markup Language). We consider XACML policies because XACML is a rich language which can represent many policies of interest to real world applications and is gaining widespread adoption in the industry. We believe that many of our proposed techniques can be extended to policies other than access control.

More details can be found at: EXAM.

Privacy-aware Role Based Access Control

Privacy is today a key issue in information technology and has received increasing attention from consumers, stakeholders, and legislators. Conventional access models, such as Mandatory Access Control (MAC) and Discretionary Access Control (DAC), are not designed to enforce privacy policies and barely meet the requirements of privacy protection. However, existing access control technology can be used as a starting point for managing personal identifiable information in a trustworthy fashion. A language used for privacy policies must be the same as or integrated with the language used for access control policies, because both types of policy usually control access to the same resources and should not conflict with one another. Therefore we have proposed a family of Privacy aware Role Based Access Control (P-RBAC) models that naturally extend classical RBAC models to support privacy policies.

We believe that a RBAC-based solution to the problem of privacy-aware access control may have a great potential. It could be easily deployed in systems already adopting RBAC and would thus allow one to seamlessly introduce access control policies specialized for privacy enforcement. For details, please look at: Privacy-aware Role Based Access Control.

Communicating with End Users about Privacy Policies

Once organizations have determined and defined their privacy policies, they must find some way to communicate their privacy practices to their customers.  If people cannot understand these privacy policies, they are essentially useless. The Platform for Privacy Preferences (P3P), a machine-readable format for privacy policies, was developed in 2002 to facilitate user access to privacy information. We are developing a P3P-enhanced search interface, named Privacy Finder, to help users more easily understand privacy policies.  Like a nutrition label for privacy, Privacy Finder offers a privacy report that summarizes the most important and relevant information use elements present in the privacy policy.

Please see Communicating with End Users about Privacy Policies for more details.

Expandable Grids

Designing good user interfaces for creating, viewing, and maintaining privacy policies is becoming increasingly important. As consumers share more and more personal data with enterprises, they demand that their data be better protected. On the enterprise side, new privacy legislation imposes a greater need to protect personal data. Protecting data requires policies that dictate who may access that data under what circumstances, and it requires communicating those policies to the people to whom they apply. We call the collection of activities surrounding policies -- creating, viewing, and maintaining -- policy "authoring". We are developing a new means, called Expandable Grids, to support people in policy authoring activities.

Please see Expandable Grids for more details.

Privacy Policy Analysis

We studied the deployment of computer-readable privacy policies encoded using the standard W3C Platform for Privacy Preferences (P3P) format to inform questions about P3P's usefulness to end users and researchers. We found that P3P adoption is increasing overall and that P3P adoption rates greatly vary across industries. We found that P3P had been deployed on 10% of the sites returned in the top-20 results of typical searches, and on 21% of the sites returned in the top-20 results of e-commerce searches. We examined a set of over 5,000 web sites in both 2003 and 2006 and found that P3P deployment among these sites increased over that time period, although we observed decreases in some sectors.

In the Fall of 2007 we observed 470 new P3P policies created over a two month period. We found high rates of syntax errors among P3P policies, but much lower rates of critical errors that prevent a P3P user agent from interpreting them.We also found that most P3P policies have discrepancies with their natural language counterparts. Some of these discrepancies can be attributed to ambiguities, while others cause the two policies to have completely different meanings. Finally, we show that the privacy policies of P3P-enabled popular websites are similar to the privacy policies of popular websites that do not use P3P.

Please see Privacy Policy Analysis for more details.

Privacy Policy Langauges

Studies have shown that human-readable policies are long and difficult to understand and system administrators find it difficult to maintain internal enforcement mechanisms in organizations. As a result, Privacy Policy Languages were designed to express these policies in machine-readable format. This helps consumers in making informed decisions and organizations in protecting consumers' privacy.

Many languages are available for representing human-readable privacy policies and access control policies in machine-readable format, but there is no single framework or metric to analyze and evaluate the languages. In our research, we summarize the literature available on the privacy policy languages; provide an account of the features, characteristics, and requirements of the languages and describe a comprehensive framework for analysis. We expect our results to aid implementers in choosing an existing language and also to provide guidelines for building languages in future.

Please see Privacy Policy Languages for more details.

Fine-Grained Access Control in Relational Databases

Databases are increasingly being used to store information covered by heterogeneous policies such as privacy policies, which require support for access control with great flexibility. This has led to increasing interest in using fine-grained access control, where different cells in a relation may be governed by different access control rules. Although several proposals have been made to support fine-grained access control, there currently does not exist a formal notion of correctness regarding the query answering procedure. In this work, we propose such a formal notion of correctness in fine-grained database access control, and discuss why existing approaches fall short in some circumstances.  We then propose a fine-grained access control solution that strives to meet the proposed criteria.

Please see Fine-Grained Access Control in Relational Databases for more details.

Role Mining

Role-based access control (RBAC) has established itself as a well-accepted model for access control in many organizations and enterprises. The process of building an RBAC system is referred to as role engineering. According to a NIST report, the process of role engineering is the costliest part of migrating to an RBAC implementation. The problem of role mining, which applies data mining technique to construct RBAC systems from user-permission relations so as to minimize human effects, has raised significant interests in the research community. This project aims at developing new role mining techniques to construct RBAC systems that are optimized with respect to some objective measure of “goodness”, such as the structural complexity of systems. Also, by taking user attributes into account, we try to construct RBAC systems through role mining such that roles in the systems have semantic meanings. This overcomes a major weakness of existing role mining approaches, whose constructed roles do not have meanings. Last but not least, we study the problem of building RBAC systems whose cost of future updates is minimum.

PRiMMA: Privacy Rights Management for Mobile Applications

The age of Ubiquitous Computing is approaching fast: most people in the UK over the age of 8 carry mobile phones, which are becoming increasingly sophisticated interactive computing devices. Location-based services are also increasing in popularity and sophistication. There are many tracking and monitoring devices being developed that have a range of potential applications, from supporting mobile learning to remote health monitoring of the elderly and chronically ill. However, do users actually understand how much of their personal information is being shared with others? In a recently released report from the UK Information Commissioner, we were warned that the UK in particular is 'sleepwalking into a surveillance society', as ordinary members of the public give up vast amounts of personal information with no significant personal or societal advantage gained. In general, there will be a trade off between usefulness of disclosing private information and the risk of it being misused. This project will investigate techniques for protecting the private information typically generated from ubiquitous computing applications from malicious or accidental misuse.

The project will investigate privacy requirements across the general population for a specific set of ubiquitous computing technologies. These requirements will be used to produce a Privacy Rights Management (PRM) framework that enables users to specify privacy preferences, to help visualize them, to learn from the user's behaviour what their likely preferences are, and to enforce privacy policies. We will make use of a large cohort of over 1000 OU students with a broad range of ages and backgrounds, both for identifying requirements and for evaluating tools for privacy management.

Please see PRiMMA: Privacy Rights Management for Mobile Applications for more details.