{"title":"扩展XACML以表达和执行法律法规隐私策略","authors":"Tariq Alshugran, J. Dichter, A. Rusu","doi":"10.1109/LISAT.2015.7160190","DOIUrl":null,"url":null,"abstract":"Some software applications are developed to collect, store, and manage users' personal, medical, or financial information. In the United States, such applications are required to preserve users' privacy and to be compliant with the federal privacy laws and regulations. To formally guarantee compliance with federal regulations, it is necessary to express the privacy rules enforced by those regulations in a standard policy specification language. In this work we evaluate the eXtensible Access Control Model Language (XACML) as a formal specification language for privacy laws and regulations. Furthermore, we evaluate XACML features and attributes to extend it in order to enforce those privacy rules.","PeriodicalId":235333,"journal":{"name":"2015 Long Island Systems, Applications and Technology","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2015-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Extending XACML to express and enforce laws and regulations privacy policies\",\"authors\":\"Tariq Alshugran, J. Dichter, A. Rusu\",\"doi\":\"10.1109/LISAT.2015.7160190\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Some software applications are developed to collect, store, and manage users' personal, medical, or financial information. In the United States, such applications are required to preserve users' privacy and to be compliant with the federal privacy laws and regulations. To formally guarantee compliance with federal regulations, it is necessary to express the privacy rules enforced by those regulations in a standard policy specification language. In this work we evaluate the eXtensible Access Control Model Language (XACML) as a formal specification language for privacy laws and regulations. Furthermore, we evaluate XACML features and attributes to extend it in order to enforce those privacy rules.\",\"PeriodicalId\":235333,\"journal\":{\"name\":\"2015 Long Island Systems, Applications and Technology\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 Long Island Systems, Applications and Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/LISAT.2015.7160190\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 Long Island Systems, Applications and Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LISAT.2015.7160190","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Extending XACML to express and enforce laws and regulations privacy policies
Some software applications are developed to collect, store, and manage users' personal, medical, or financial information. In the United States, such applications are required to preserve users' privacy and to be compliant with the federal privacy laws and regulations. To formally guarantee compliance with federal regulations, it is necessary to express the privacy rules enforced by those regulations in a standard policy specification language. In this work we evaluate the eXtensible Access Control Model Language (XACML) as a formal specification language for privacy laws and regulations. Furthermore, we evaluate XACML features and attributes to extend it in order to enforce those privacy rules.