2013
Breaux, Travis; Gordon, David; Papanikolaou, Nick; Pearson, Siani
Mapping Legal Requirements to IT Controls Technical Report
HP Laboratories no. HPL-2013-39, 2013.
Abstract | Links | BibTeX | Tags:
@techreport{breaux-techrep,
title = {Mapping Legal Requirements to IT Controls},
author = {Travis Breaux and David Gordon and Nick Papanikolaou and Siani Pearson},
url = {../files/relaw13.pdf},
year = {2013},
date = {2013-06-01},
booktitle = {Proceedings of the Sixth International Workshop on Requirements Engineering
and Law (RELAW)},
number = {HPL-2013-39},
institution = {HP Laboratories},
abstract = {Information technology (IT) controls are reusable system requirements
that IT managers, administrators and developers use to demonstrate
compliance with international standards, such as ISO 27000 standard.
As controls are reusable, they tend to cover best practice independently
from what specific government laws may require. However, because
considerable effort has already been invested by IT companies in
linking controls to their existing systems, aligning controls with
regulations can yield important savings by avoiding non- compliance
or unnecessary redesign. We report the results of a case study to
align legal requirements from the U.S. and India that govern healthcare
systems with three popular control catalogues: the NIST 800-53, ISO/IEC
27002:2009 and the Cloud Security Alliance CCM v1.3, as well as the
CCHIT EHR Certification Criteria. The contributions include a repeatable
protocol for mapping controls, heuristics to explain the types of
mappings that may arise, and guidance for addressing incomplete mappings.},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
Information technology (IT) controls are reusable system requirements
that IT managers, administrators and developers use to demonstrate
compliance with international standards, such as ISO 27000 standard.
As controls are reusable, they tend to cover best practice independently
from what specific government laws may require. However, because
considerable effort has already been invested by IT companies in
linking controls to their existing systems, aligning controls with
regulations can yield important savings by avoiding non- compliance
or unnecessary redesign. We report the results of a case study to
align legal requirements from the U.S. and India that govern healthcare
systems with three popular control catalogues: the NIST 800-53, ISO/IEC
27002:2009 and the Cloud Security Alliance CCM v1.3, as well as the
CCHIT EHR Certification Criteria. The contributions include a repeatable
protocol for mapping controls, heuristics to explain the types of
mappings that may arise, and guidance for addressing incomplete mappings.
that IT managers, administrators and developers use to demonstrate
compliance with international standards, such as ISO 27000 standard.
As controls are reusable, they tend to cover best practice independently
from what specific government laws may require. However, because
considerable effort has already been invested by IT companies in
linking controls to their existing systems, aligning controls with
regulations can yield important savings by avoiding non- compliance
or unnecessary redesign. We report the results of a case study to
align legal requirements from the U.S. and India that govern healthcare
systems with three popular control catalogues: the NIST 800-53, ISO/IEC
27002:2009 and the Cloud Security Alliance CCM v1.3, as well as the
CCHIT EHR Certification Criteria. The contributions include a repeatable
protocol for mapping controls, heuristics to explain the types of
mappings that may arise, and guidance for addressing incomplete mappings.
Papanikolaou, Nick; Pearson, Siani
Cross-Disciplinary Review of the Concept of Accountability Technical Report
HP Laboratories no. HPL-2013-37, 2013.
@techreport{Papanikolaou2013-techrep,
title = {Cross-Disciplinary Review of the Concept of Accountability},
author = {Nick Papanikolaou and Siani Pearson},
url = {../files/tafc1.pdf},
year = {2013},
date = {2013-06-01},
booktitle = {Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop
on Trustworthiness, Accountability and Forensics in the Cloud (TAFC)},
number = {HPL-2013-37},
institution = {HP Laboratories},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
Papanikolaou, Nick; Pearson, Siani
Cross-Disciplinary Review of the Concept of Accountability Proceedings Article
In: Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC), 2013.
Abstract | Links | BibTeX | Tags:
@inproceedings{Papanikolaou2013,
title = {Cross-Disciplinary Review of the Concept of Accountability},
author = {Nick Papanikolaou and Siani Pearson},
url = {../files/tafc1.pdf},
year = {2013},
date = {2013-05-01},
booktitle = {Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop
on Trustworthiness, Accountability and Forensics in the Cloud (TAFC)},
abstract = {In this paper we discuss previous definitions of the concept of ac-
countability from the literature. Accountability is a multidimensional,
context- dependent concept that is gaining interest as a means of
addressing a number of data protection problems, including global
legal uncertainty and lack of trust.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper we discuss previous definitions of the concept of ac-
countability from the literature. Accountability is a multidimensional,
context- dependent concept that is gaining interest as a means of
addressing a number of data protection problems, including global
legal uncertainty and lack of trust.
countability from the literature. Accountability is a multidimensional,
context- dependent concept that is gaining interest as a means of
addressing a number of data protection problems, including global
legal uncertainty and lack of trust.
Breaux, Travis; Gordon, David; Papanikolaou, Nick; Pearson, Siani
Mapping Legal Requirements to IT Controls Proceedings Article
In: Proceedings of the Sixth International Workshop on Requirements Engineering and Law (RELAW), 2013.
Abstract | Links | BibTeX | Tags:
@inproceedings{Breaux2013,
title = {Mapping Legal Requirements to IT Controls},
author = {Travis Breaux and David Gordon and Nick Papanikolaou and Siani Pearson},
url = {../files/relaw13.pdf},
year = {2013},
date = {2013-01-01},
booktitle = {Proceedings of the Sixth International Workshop on Requirements Engineering
and Law (RELAW)},
abstract = {Information technology (IT) controls are reusable system requirements
that IT managers, administrators and developers use to demonstrate
compliance with international standards, such as ISO 27000 standard.
As controls are reusable, they tend to cover best practice independently
from what specific government laws may require. However, because
considerable effort has already been invested by IT companies in
linking controls to their existing systems, aligning controls with
regulations can yield important savings by avoiding non- compliance
or unnecessary redesign. We report the results of a case study to
align legal requirements from the U.S. and India that govern healthcare
systems with three popular control catalogues: the NIST 800-53, ISO/IEC
27002:2009 and the Cloud Security Alliance CCM v1.3, as well as the
CCHIT EHR Certification Criteria. The contributions include a repeatable
protocol for mapping controls, heuristics to explain the types of
mappings that may arise, and guidance for addressing incomplete mappings.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Information technology (IT) controls are reusable system requirements
that IT managers, administrators and developers use to demonstrate
compliance with international standards, such as ISO 27000 standard.
As controls are reusable, they tend to cover best practice independently
from what specific government laws may require. However, because
considerable effort has already been invested by IT companies in
linking controls to their existing systems, aligning controls with
regulations can yield important savings by avoiding non- compliance
or unnecessary redesign. We report the results of a case study to
align legal requirements from the U.S. and India that govern healthcare
systems with three popular control catalogues: the NIST 800-53, ISO/IEC
27002:2009 and the Cloud Security Alliance CCM v1.3, as well as the
CCHIT EHR Certification Criteria. The contributions include a repeatable
protocol for mapping controls, heuristics to explain the types of
mappings that may arise, and guidance for addressing incomplete mappings.
that IT managers, administrators and developers use to demonstrate
compliance with international standards, such as ISO 27000 standard.
As controls are reusable, they tend to cover best practice independently
from what specific government laws may require. However, because
considerable effort has already been invested by IT companies in
linking controls to their existing systems, aligning controls with
regulations can yield important savings by avoiding non- compliance
or unnecessary redesign. We report the results of a case study to
align legal requirements from the U.S. and India that govern healthcare
systems with three popular control catalogues: the NIST 800-53, ISO/IEC
27002:2009 and the Cloud Security Alliance CCM v1.3, as well as the
CCHIT EHR Certification Criteria. The contributions include a repeatable
protocol for mapping controls, heuristics to explain the types of
mappings that may arise, and guidance for addressing incomplete mappings.
Catteddu, Daniele; Felici, Massimo; Hogben, Giles; Holcroft, Amy; Kosta, Eleni; Leenes, Ronald; Millard, Christopher; Niezen, Maartje; nez, David Nu; Papanikolaou, Nick; Pearson, Siani; Pradelles, Daniel; Reed, Chris; Rong, Chunming; Royer, Jean-Claude; Stefanatou, Dimitra; Wlodarczyk, Tomasz
Towards a Model of Accountability for Cloud Computing Services Technical Report
HP Laboratories no. HPL-2013-38, 2013.
Abstract | Links | BibTeX | Tags:
@techreport{Catteddu-techrep,
title = {Towards a Model of Accountability for Cloud Computing Services},
author = {Daniele Catteddu and Massimo Felici and Giles Hogben and Amy Holcroft and Eleni Kosta and Ronald Leenes and Christopher Millard and Maartje
Niezen and David Nu~nez and Nick Papanikolaou and Siani Pearson and Daniel Pradelles and Chris Reed and Chunming Rong and Jean-Claude
Royer and Dimitra Stefanatou and Tomasz Wlodarczyk},
url = {../files/tafc2.pdf},
year = {2013},
date = {2013-01-01},
booktitle = {Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop
on Trustworthiness, Accountability and Forensics in the Cloud (TAFC)},
number = {HPL-2013-38},
institution = {HP Laboratories},
abstract = {This paper presents a model of accountability for cloud computing
services, based on ongoing work as part of the A4Cloud project. We
define a three-layer model of accountability as a general concept
for data governance, distinguishing between accountability attributes,
accountability practices, and accountability mechanisms and tools.},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
This paper presents a model of accountability for cloud computing
services, based on ongoing work as part of the A4Cloud project. We
define a three-layer model of accountability as a general concept
for data governance, distinguishing between accountability attributes,
accountability practices, and accountability mechanisms and tools.
services, based on ongoing work as part of the A4Cloud project. We
define a three-layer model of accountability as a general concept
for data governance, distinguishing between accountability attributes,
accountability practices, and accountability mechanisms and tools.
Catteddu, Daniele; Felici, Massimo; Hogben, Giles; Holcroft, Amy; Kosta, Eleni; Leenes, Ronald; Millard, Christopher; Niezen, Maartje; nez, David Nu; Papanikolaou, Nick; Pearson, Siani; Pradelles, Daniel; Reed, Chris; Rong, Chunming; Royer, Jean-Claude; Stefanatou, Dimitra; Wlodarczyk, Tomasz
Towards a Model of Accountability for Cloud Computing Services Proceedings Article
In: Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC), 2013.
Abstract | Links | BibTeX | Tags:
@inproceedings{DanieleCatteddu2013,
title = {Towards a Model of Accountability for Cloud Computing Services},
author = {Daniele Catteddu and Massimo Felici and Giles Hogben and Amy Holcroft and Eleni Kosta and Ronald Leenes and Christopher Millard and Maartje
Niezen and David Nu~nez and Nick Papanikolaou and Siani Pearson and Daniel Pradelles and Chris Reed and Chunming Rong and Jean-Claude
Royer and Dimitra Stefanatou and Tomasz Wlodarczyk},
url = {../files/tafc2.pdf},
year = {2013},
date = {2013-01-01},
booktitle = {Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop
on Trustworthiness, Accountability and Forensics in the Cloud (TAFC)},
abstract = {This paper presents a model of accountability for cloud computing
services, based on ongoing work as part of the A4Cloud project1.
We define a three-layer model of accountability as a general concept
for data governance, distinguishing between accountability attributes,
accountability practices, and accountability mechanisms and tools.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This paper presents a model of accountability for cloud computing
services, based on ongoing work as part of the A4Cloud project1.
We define a three-layer model of accountability as a general concept
for data governance, distinguishing between accountability attributes,
accountability practices, and accountability mechanisms and tools.
services, based on ongoing work as part of the A4Cloud project1.
We define a three-layer model of accountability as a general concept
for data governance, distinguishing between accountability attributes,
accountability practices, and accountability mechanisms and tools.
Galis, Alex; Gavras, Anastasius; Alvarez, Federico; Bassi, Alessandro; Bezzi, Michele; Ciavaglia, Laurent; Cleary, Frances; Daras, Petros; de Meer, Herman; Demestichas, Panagiotis; Domingue, John; Kanter, Theo; Karnouskos, Stamatis; Krco, Srdjan; Lefevre, Laurent; Lentjes, Jasper; Li, Man-Sze; Malone, Paul; Manzalini, Antonio; Lotz, Volkmar; Muller, Henning; Oberle, Karsten; O'Connor, Noel; Papanikolaou, Nick; Petcu, Dana; Rahmani, Rahim; Raz, Danny; Richards, Gael; Salvadori, Elio; Sargento, Susana; Schaffers, Hans; Serat, Joan; Stiller, Burkhard; Skarmeta, Antonio; Tutschku, Kurt; Zahariadis, Theodore (Ed.)
The Future Internet / Future Internet Assembly 2013: Validated Results and New Horizons Book
Springer, 2013.
BibTeX | Tags:
@book{Galis2013,
title = {The Future Internet / Future Internet Assembly 2013: Validated Results
and New Horizons},
editor = {Alex Galis and Anastasius Gavras and Federico Alvarez and Alessandro
Bassi and Michele Bezzi and Laurent Ciavaglia and Frances Cleary and Petros Daras and Herman de Meer and Panagiotis Demestichas and John Domingue and Theo Kanter and Stamatis Karnouskos and Srdjan
Krco and Laurent Lefevre and Jasper Lentjes and Man-Sze Li and Paul
Malone and Antonio Manzalini and Volkmar Lotz and Henning Muller and Karsten Oberle and Noel O'Connor and Nick Papanikolaou and Dana
Petcu and Rahim Rahmani and Danny Raz and Gael Richards and Elio
Salvadori and Susana Sargento and Hans Schaffers and Joan Serat and Burkhard Stiller and Antonio Skarmeta and Kurt Tutschku and Theodore
Zahariadis},
year = {2013},
date = {2013-01-01},
publisher = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {book}
}
2012
Cleary, Frances; Howker, Keith; Massacci, Fabio; Wainwright, Nick; Papanikolaou, Nick; Bezzi, Michele; Rodriguez, Pedro Soria
EFFECTS+ Clustering of Trust and Security Research Projects, Identifying Results, Impact and Future Research Roadmap Topics Proceedings Article
In: Proceedings of e-Challenges e-2012 Conference, Lisbon, Portugal, 2012.
Abstract | Links | BibTeX | Tags:
@inproceedings{Cleary2012,
title = {EFFECTS+ Clustering of Trust and Security Research Projects, Identifying
Results, Impact and Future Research Roadmap Topics},
author = {Frances Cleary and Keith Howker and Fabio Massacci and Nick Wainwright and Nick Papanikolaou and Michele Bezzi and Pedro Soria Rodriguez},
url = {../files/eChallenges_effectsplus.pdf},
year = {2012},
date = {2012-10-01},
booktitle = {Proceedings of e-Challenges e-2012 Conference},
address = {Lisbon, Portugal},
abstract = {Structured and coordinated clustering increases the effectiveness
of R&D project work helping to raise awareness, align approaches
and create synergies. The project EFFECTS+ coordinates such clustering
and trust and security research project potential impact analysis
activities. This provides the wider community with an interest in
the trust and security research space the opportunity to participate,
contribute to and gain an overall view of current state of the art
and active research projects ongoing within the Europe in this domain.
This paper will provide you with an overview of the activities completed
by EFFECTS+ to date, highlighting the clustering structure and the
research project impact analysis completed so far. EFFECTS+ also
focuses on the development of a trust and security strategic research
agenda for future work. This paper will address the process and structure
adopted by EFFECTS+ for the identification and consolidation of such
future roadmapping content.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Structured and coordinated clustering increases the effectiveness
of R&D project work helping to raise awareness, align approaches
and create synergies. The project EFFECTS+ coordinates such clustering
and trust and security research project potential impact analysis
activities. This provides the wider community with an interest in
the trust and security research space the opportunity to participate,
contribute to and gain an overall view of current state of the art
and active research projects ongoing within the Europe in this domain.
This paper will provide you with an overview of the activities completed
by EFFECTS+ to date, highlighting the clustering structure and the
research project impact analysis completed so far. EFFECTS+ also
focuses on the development of a trust and security strategic research
agenda for future work. This paper will address the process and structure
adopted by EFFECTS+ for the identification and consolidation of such
future roadmapping content.
of R&D project work helping to raise awareness, align approaches
and create synergies. The project EFFECTS+ coordinates such clustering
and trust and security research project potential impact analysis
activities. This provides the wider community with an interest in
the trust and security research space the opportunity to participate,
contribute to and gain an overall view of current state of the art
and active research projects ongoing within the Europe in this domain.
This paper will provide you with an overview of the activities completed
by EFFECTS+ to date, highlighting the clustering structure and the
research project impact analysis completed so far. EFFECTS+ also
focuses on the development of a trust and security strategic research
agenda for future work. This paper will address the process and structure
adopted by EFFECTS+ for the identification and consolidation of such
future roadmapping content.
Wainwright, Nick; Papanikolaou, Nick
Forming A Vision for Future Internet Research Proceedings Article
In: Proceedings of e-Challenges e-2012 Conference, Lisbon, Portugal, 2012.
Abstract | Links | BibTeX | Tags:
@inproceedings{echallenges2012,
title = {Forming A Vision for Future Internet Research},
author = {Nick Wainwright and Nick Papanikolaou},
url = {../files/eChallenges2012.pdf},
year = {2012},
date = {2012-10-01},
booktitle = {Proceedings of e-Challenges e-2012 Conference},
address = {Lisbon, Portugal},
abstract = {This paper presents a vision for the Future Internet and its impact
on indi- viduals, businesses and society as a whole; the vision presented
is based on an ex- tended consultation carried out by the authors
within the European Future Internet research community, as part of
the work of the Future Internet Assembly (FIA). The core result of
this paper is the identification of six research priorities for the
future. We also present a scenario related to the London Olympic
Games, which is intended to link together the research priorities
and related findings.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This paper presents a vision for the Future Internet and its impact
on indi- viduals, businesses and society as a whole; the vision presented
is based on an ex- tended consultation carried out by the authors
within the European Future Internet research community, as part of
the work of the Future Internet Assembly (FIA). The core result of
this paper is the identification of six research priorities for the
future. We also present a scenario related to the London Olympic
Games, which is intended to link together the research priorities
and related findings.
on indi- viduals, businesses and society as a whole; the vision presented
is based on an ex- tended consultation carried out by the authors
within the European Future Internet research community, as part of
the work of the Future Internet Assembly (FIA). The core result of
this paper is the identification of six research priorities for the
future. We also present a scenario related to the London Olympic
Games, which is intended to link together the research priorities
and related findings.
Papanikolaou, Nick
Natural Language Processing of Rules and Regulations for Compliance in the Cloud Proceedings Article
In: Proceedings of DOA-SVI 2012, Rome, Italy, 2012.
Abstract | Links | BibTeX | Tags:
@inproceedings{Papanikolaou2012e,
title = {Natural Language Processing of Rules and Regulations for Compliance
in the Cloud},
author = {Nick Papanikolaou},
url = {../files/DOASVI2012.pdf},
year = {2012},
date = {2012-09-01},
booktitle = {Proceedings of DOA-SVI 2012},
address = {Rome, Italy},
abstract = {We discuss ongoing work on developing tools and techniques for under-
standing natural-language descriptions of security and privacy rules,
particularly in the context of cloud computing services. In particular,
we present a three-part toolkit for analyzing and processing texts,
and enforcing privacy and security rules extracted from those texts.
We are interested in developing efficient, accurate technologies
to reduce the time spent analyzing and reasoning about new privacy
laws and security rules within the enterprise. We describe the tools
we have developed for semantic annotation, and also for information
extraction - these are specifically intended for analysis of cloud
terms of service, and therefore designed to help with self- compliance;
however, the techniques involved should be generalizable to other
rele- vant texts, esp. rules and regulations for data protection.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
We discuss ongoing work on developing tools and techniques for under-
standing natural-language descriptions of security and privacy rules,
particularly in the context of cloud computing services. In particular,
we present a three-part toolkit for analyzing and processing texts,
and enforcing privacy and security rules extracted from those texts.
We are interested in developing efficient, accurate technologies
to reduce the time spent analyzing and reasoning about new privacy
laws and security rules within the enterprise. We describe the tools
we have developed for semantic annotation, and also for information
extraction - these are specifically intended for analysis of cloud
terms of service, and therefore designed to help with self- compliance;
however, the techniques involved should be generalizable to other
rele- vant texts, esp. rules and regulations for data protection.
standing natural-language descriptions of security and privacy rules,
particularly in the context of cloud computing services. In particular,
we present a three-part toolkit for analyzing and processing texts,
and enforcing privacy and security rules extracted from those texts.
We are interested in developing efficient, accurate technologies
to reduce the time spent analyzing and reasoning about new privacy
laws and security rules within the enterprise. We describe the tools
we have developed for semantic annotation, and also for information
extraction - these are specifically intended for analysis of cloud
terms of service, and therefore designed to help with self- compliance;
however, the techniques involved should be generalizable to other
rele- vant texts, esp. rules and regulations for data protection.
Papanikolaou, Nikolaos; Creese, Sadie; Goldsmith, Michael
Refinement Checking for Privacy Policies Journal Article
In: Science of Computer Programming, vol. 77, no. 10, 11, pp. 1198, 2012.
Abstract | Links | BibTeX | Tags:
@article{Papanikolaou2010c,
title = {Refinement Checking for Privacy Policies},
author = {Nikolaos Papanikolaou and Sadie Creese and Michael Goldsmith},
url = {../files/polrefc.pdf},
doi = {10.1016/j.scico.2011.07.009},
year = {2012},
date = {2012-09-01},
journal = {Science of Computer Programming},
volume = {77},
number = {10, 11},
pages = {1198},
abstract = {This paper presents a framework for analysis and comparison of privacy
policies expressed in P3P (Platform for Privacy Preferences). In
contrast to existing approaches to policy analysis, which focus on
demonstrations of equality or equivalence of policies, our approach
makes it possible to check for refinement between policies. We automatically
generate a CSP model from a P3P policy, which represents the policy's
intended semantics; using the FDR model checker, we then perform
various tests (using process refinement) to determine (a) whether
a policy is internally consistent, and (b) whether a given policy
refines another by permitting similar data collection, processing
and sharing practices. Our approach allows for the detection of subtle
differences between practices prescribed by different privacy policies,
the comparison of relative levels of privacy offered by different
policies, and captures the semantics of policies intended in the
original P3P standard. The systematic translation of policies to
CSP provides a formal means of reasoning about websites' privacy
policies, and therefore the practices of various enterprises with
regards to personal data.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper presents a framework for analysis and comparison of privacy
policies expressed in P3P (Platform for Privacy Preferences). In
contrast to existing approaches to policy analysis, which focus on
demonstrations of equality or equivalence of policies, our approach
makes it possible to check for refinement between policies. We automatically
generate a CSP model from a P3P policy, which represents the policy's
intended semantics; using the FDR model checker, we then perform
various tests (using process refinement) to determine (a) whether
a policy is internally consistent, and (b) whether a given policy
refines another by permitting similar data collection, processing
and sharing practices. Our approach allows for the detection of subtle
differences between practices prescribed by different privacy policies,
the comparison of relative levels of privacy offered by different
policies, and captures the semantics of policies intended in the
original P3P standard. The systematic translation of policies to
CSP provides a formal means of reasoning about websites' privacy
policies, and therefore the practices of various enterprises with
regards to personal data.
policies expressed in P3P (Platform for Privacy Preferences). In
contrast to existing approaches to policy analysis, which focus on
demonstrations of equality or equivalence of policies, our approach
makes it possible to check for refinement between policies. We automatically
generate a CSP model from a P3P policy, which represents the policy's
intended semantics; using the FDR model checker, we then perform
various tests (using process refinement) to determine (a) whether
a policy is internally consistent, and (b) whether a given policy
refines another by permitting similar data collection, processing
and sharing practices. Our approach allows for the detection of subtle
differences between practices prescribed by different privacy policies,
the comparison of relative levels of privacy offered by different
policies, and captures the semantics of policies intended in the
original P3P standard. The systematic translation of policies to
CSP provides a formal means of reasoning about websites' privacy
policies, and therefore the practices of various enterprises with
regards to personal data.
Monahan, Brian; Papanikolaou, Nick
Formal Analysis and Verification of Systems Security Models with Gnosis Miscellaneous
2012.
Abstract | Links | BibTeX | Tags:
@misc{Monahan2012a,
title = {Formal Analysis and Verification of Systems Security Models with
Gnosis},
author = {Brian Monahan and Nick Papanikolaou},
url = {../files/monpap2.pdf},
year = {2012},
date = {2012-05-01},
abstract = {Emergent context-dependent non-functional re- quirements, such as
those involving systems security activities and processes are, almost
by definition, difficult to assess for their adequacy. One cannot
easily anticipate and measure the effectiveness of systems defences
in advance of actual field deployment until it is, of course, too
late and the damage has been done. Our approach to security requirements
assessment involves explicitly building systems security models using
Gnosis, a process modelling simulation language developed at HP Labs.
Gnosis models capture security situations which typically include
aspects of the threat environment. In this paper we present the core
aspects of this approach and discuss our latest work on developing
explicit-state model checking of properties of multiple simulation
runs.},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Emergent context-dependent non-functional re- quirements, such as
those involving systems security activities and processes are, almost
by definition, difficult to assess for their adequacy. One cannot
easily anticipate and measure the effectiveness of systems defences
in advance of actual field deployment until it is, of course, too
late and the damage has been done. Our approach to security requirements
assessment involves explicitly building systems security models using
Gnosis, a process modelling simulation language developed at HP Labs.
Gnosis models capture security situations which typically include
aspects of the threat environment. In this paper we present the core
aspects of this approach and discuss our latest work on developing
explicit-state model checking of properties of multiple simulation
runs.
those involving systems security activities and processes are, almost
by definition, difficult to assess for their adequacy. One cannot
easily anticipate and measure the effectiveness of systems defences
in advance of actual field deployment until it is, of course, too
late and the damage has been done. Our approach to security requirements
assessment involves explicitly building systems security models using
Gnosis, a process modelling simulation language developed at HP Labs.
Gnosis models capture security situations which typically include
aspects of the threat environment. In this paper we present the core
aspects of this approach and discuss our latest work on developing
explicit-state model checking of properties of multiple simulation
runs.
Mont, Marco Casassa; McCorry, Kieran; Papanikolaou, Nick; Pearson, Siani
Security And Privacy Governance In Cloud Computing Via SLAs And A Policy Orchestration Service Technical Report
HP Laboratories no. HPL-2012-55, 2012.
Abstract | Links | BibTeX | Tags:
@techreport{CasassaMont2012a,
title = {Security And Privacy Governance In Cloud Computing Via SLAs And
A Policy Orchestration Service},
author = {Marco Casassa Mont and Kieran McCorry and Nick Papanikolaou and Siani Pearson},
url = {../files/paper-orchestrator.pdf},
year = {2012},
date = {2012-03-01},
number = {HPL-2012-55},
institution = {HP Laboratories},
abstract = {We present in this paper the novel concept of a policy orchestration
service, which is designed to facilitate security and privacy governance
in the enterprise, particularly for the case where various services
are provided to the enterprise through external suppliers in the
cloud. The orchestration service mediates between the enterprises¢
internal decision support systems (which incorporate core security
and privacy recommendations) and the cloud-based service providers,
who are assumed to be bound by contractual service level agreements
with the enterprise. The function of the orchestration service, which
is intended to be accessed as a trusted service in the cloud, is
to ensure that applicable security and privacy recommendations are
actioned by service providers through adequate monitoring and enforcement
mechanisms.},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
We present in this paper the novel concept of a policy orchestration
service, which is designed to facilitate security and privacy governance
in the enterprise, particularly for the case where various services
are provided to the enterprise through external suppliers in the
cloud. The orchestration service mediates between the enterprises¢
internal decision support systems (which incorporate core security
and privacy recommendations) and the cloud-based service providers,
who are assumed to be bound by contractual service level agreements
with the enterprise. The function of the orchestration service, which
is intended to be accessed as a trusted service in the cloud, is
to ensure that applicable security and privacy recommendations are
actioned by service providers through adequate monitoring and enforcement
mechanisms.
service, which is designed to facilitate security and privacy governance
in the enterprise, particularly for the case where various services
are provided to the enterprise through external suppliers in the
cloud. The orchestration service mediates between the enterprises¢
internal decision support systems (which incorporate core security
and privacy recommendations) and the cloud-based service providers,
who are assumed to be bound by contractual service level agreements
with the enterprise. The function of the orchestration service, which
is intended to be accessed as a trusted service in the cloud, is
to ensure that applicable security and privacy recommendations are
actioned by service providers through adequate monitoring and enforcement
mechanisms.
Papanikolaou, Nick; Pearson, Siani; Mont, Marco Casassa; Ko, Ryan
Automating Compliance for Cloud Computing Services Technical Report
HP Laboratories no. HPL-2012-56, 2012.
BibTeX | Tags:
@techreport{Papanikolaou2012c,
title = {Automating Compliance for Cloud Computing Services},
author = {Nick Papanikolaou and Siani Pearson and Marco Casassa Mont and Ryan Ko},
year = {2012},
date = {2012-03-01},
number = {HPL-2012-56},
institution = {HP Laboratories},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
Mont, Marco Casassa; McCorry, Kieran; Papanikolaou, Nick; Pearson, Siani
Security and Privacy Governance In Cloud Computing via SLAs and a Policy Orchestration Service Proceedings Article
In: Proceedings of the 2textsuperscriptnd International Conference on Cloud Computing and Services Science (CLOSER 2012), SciTePress, 2012.
Abstract | Links | BibTeX | Tags:
@inproceedings{CasassaMont2012,
title = {Security and Privacy Governance In Cloud Computing via SLAs and
a Policy Orchestration Service},
author = {Marco Casassa Mont and Kieran McCorry and Nick Papanikolaou and Siani Pearson},
url = {../files/paper-orchestrator.pdf},
year = {2012},
date = {2012-01-01},
booktitle = {Proceedings of the 2textsuperscriptnd International Conference
on Cloud Computing and Services Science (CLOSER 2012)},
publisher = {SciTePress},
abstract = {We present in this paper the novel concept of a policy orchestration
service, which is designed to facilitate security and privacy governance
in the enterprise, particularly for the case where various services
are provided to the enterprise through external suppliers in the
cloud. The orchestration service mediates between the enterprises'
internal decision support systems (which incorporate core security
and privacy recommendations) and the cloud-based service providers,
who are assumed to be bound by contractual service level agreements
with the enterprise. The function of the orchestration service, which
is intended to be accessed as a trusted service in the cloud, is
to ensure that applicable security and privacy recommendations are
actioned by service providers through adequate monitoring and enforcement
mechanisms.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
We present in this paper the novel concept of a policy orchestration
service, which is designed to facilitate security and privacy governance
in the enterprise, particularly for the case where various services
are provided to the enterprise through external suppliers in the
cloud. The orchestration service mediates between the enterprises'
internal decision support systems (which incorporate core security
and privacy recommendations) and the cloud-based service providers,
who are assumed to be bound by contractual service level agreements
with the enterprise. The function of the orchestration service, which
is intended to be accessed as a trusted service in the cloud, is
to ensure that applicable security and privacy recommendations are
actioned by service providers through adequate monitoring and enforcement
mechanisms.
service, which is designed to facilitate security and privacy governance
in the enterprise, particularly for the case where various services
are provided to the enterprise through external suppliers in the
cloud. The orchestration service mediates between the enterprises'
internal decision support systems (which incorporate core security
and privacy recommendations) and the cloud-based service providers,
who are assumed to be bound by contractual service level agreements
with the enterprise. The function of the orchestration service, which
is intended to be accessed as a trusted service in the cloud, is
to ensure that applicable security and privacy recommendations are
actioned by service providers through adequate monitoring and enforcement
mechanisms.
Davidson, Timothy; Gay, Simon J; Mlnarík, Hynek; Nagarajan, Rajagopal; Papanikolaou, Nikolaos
Model Checking for Communicating Quantum Processes Journal Article
In: International Journal of Unconventional Computing, vol. 8, no. 1, pp. 73–98, 2012.
Abstract | Links | BibTeX | Tags:
@article{Davidson2012,
title = {Model Checking for Communicating Quantum Processes},
author = {Timothy Davidson and Simon J Gay and Hynek Mlnarík and Rajagopal
Nagarajan and Nikolaos Papanikolaou},
url = {../files/qmc_translation.pdf},
year = {2012},
date = {2012-01-01},
journal = {International Journal of Unconventional Computing},
volume = {8},
number = {1},
pages = {73--98},
publisher = {Old City Publishing, Inc.},
abstract = {Quantum communication is a rapidly growing area of research and development.
Quantum cryptography has already been implemented for secure communication,
and commercial solutions are available. The application of formal
methods to classical computing and communication systems has been
very successful, and is widely used by industry. We expect similar
benefits for the verification of quantum systems. Communicating Quantum
Processes (CQP) is a process calculus based on the ?-calculus with
the inclusion of primitives for quantum information. Process calculi
provide an algebraic approach to system specification and behavioural
analysis. The Quantum Model Checker (QMC) is a tool for the automated
verification of system correctness. Through an exhaustive search
of the possible executions, QMC can check that correctness properties
expressed using temporal logic formulae are satisfied. In this paper
we describe our approach to the verification of quantum systems using
a combination of process calculus and model checking. We also define
a formal translation from CQP to the modelling language used by QMC
and prove that this preserves the semantics of all supported CQP
processes.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Quantum communication is a rapidly growing area of research and development.
Quantum cryptography has already been implemented for secure communication,
and commercial solutions are available. The application of formal
methods to classical computing and communication systems has been
very successful, and is widely used by industry. We expect similar
benefits for the verification of quantum systems. Communicating Quantum
Processes (CQP) is a process calculus based on the ?-calculus with
the inclusion of primitives for quantum information. Process calculi
provide an algebraic approach to system specification and behavioural
analysis. The Quantum Model Checker (QMC) is a tool for the automated
verification of system correctness. Through an exhaustive search
of the possible executions, QMC can check that correctness properties
expressed using temporal logic formulae are satisfied. In this paper
we describe our approach to the verification of quantum systems using
a combination of process calculus and model checking. We also define
a formal translation from CQP to the modelling language used by QMC
and prove that this preserves the semantics of all supported CQP
processes.
Quantum cryptography has already been implemented for secure communication,
and commercial solutions are available. The application of formal
methods to classical computing and communication systems has been
very successful, and is widely used by industry. We expect similar
benefits for the verification of quantum systems. Communicating Quantum
Processes (CQP) is a process calculus based on the ?-calculus with
the inclusion of primitives for quantum information. Process calculi
provide an algebraic approach to system specification and behavioural
analysis. The Quantum Model Checker (QMC) is a tool for the automated
verification of system correctness. Through an exhaustive search
of the possible executions, QMC can check that correctness properties
expressed using temporal logic formulae are satisfied. In this paper
we describe our approach to the verification of quantum systems using
a combination of process calculus and model checking. We also define
a formal translation from CQP to the modelling language used by QMC
and prove that this preserves the semantics of all supported CQP
processes.
Monahan, Brian; Papanikolaou, Nick
Pattern Detection in Systems Simulation: Towards a Model-Checking Framework for Security Analytics Technical Report
HP Laboratories no. HPL-2012-89, 2012.
Abstract | Links | BibTeX | Tags:
@techreport{Monahan2012,
title = {Pattern Detection in Systems Simulation: Towards a Model-Checking
Framework for Security Analytics},
author = {Brian Monahan and Nick Papanikolaou},
url = {../files/monpap1.pdf},
year = {2012},
date = {2012-01-01},
number = {HPL-2012-89},
institution = {HP Laboratories},
abstract = {In this paper we describe a method, and implemented prototype, for
extracting high-level process models for systems modelled using the
a simulation framework (for illustration we use the Gnosis language
and toolset). Our technique builds a finite state automaton that
characterises one or more simulation runs of a simulation model by
including in its states selected parts of the latter's execution
traces. The intention is that the generated automaton reveals the
high?level structure of the original model, without making reference
to (or requiring knowledge of) the source code of that model. We
discuss applications for this technique and identify several directions
for further work.},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
In this paper we describe a method, and implemented prototype, for
extracting high-level process models for systems modelled using the
a simulation framework (for illustration we use the Gnosis language
and toolset). Our technique builds a finite state automaton that
characterises one or more simulation runs of a simulation model by
including in its states selected parts of the latter's execution
traces. The intention is that the generated automaton reveals the
high?level structure of the original model, without making reference
to (or requiring knowledge of) the source code of that model. We
discuss applications for this technique and identify several directions
for further work.
extracting high-level process models for systems modelled using the
a simulation framework (for illustration we use the Gnosis language
and toolset). Our technique builds a finite state automaton that
characterises one or more simulation runs of a simulation model by
including in its states selected parts of the latter's execution
traces. The intention is that the generated automaton reveals the
high?level structure of the original model, without making reference
to (or requiring knowledge of) the source code of that model. We
discuss applications for this technique and identify several directions
for further work.
Papanikolaou, Nick
Review of Algorithms and Theory of Computation Handbook by Mikhail J. Atallah and Marina Blanton Journal Article
In: ACM SIGACT News, vol. 43, no. 2, pp. 29–32, 2012.
@article{newreview2012,
title = {Review of Algorithms and Theory of Computation Handbook by Mikhail
J. Atallah and Marina Blanton},
author = {Nick Papanikolaou},
url = {../files/handbookreview.pdf},
doi = {10.1145/2261417.2261425},
year = {2012},
date = {2012-01-01},
journal = {ACM SIGACT News},
volume = {43},
number = {2},
pages = {29--32},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Papanikolaou, Nick
Intelligent Information Gathering for Security and Privacy Compliance in Cloud Computing Technical Report
HP Laboratories no. HPL-2012-71, 2012.
BibTeX | Tags:
@techreport{Papanikolaou2012d,
title = {Intelligent Information Gathering for Security and Privacy Compliance
in Cloud Computing},
author = {Nick Papanikolaou},
year = {2012},
date = {2012-01-01},
number = {HPL-2012-71},
institution = {HP Laboratories},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
Papanikolaou, Nikolaos; Pearson, Siani; Mont, Marco Casassa; Brown, Richard; McCorry, Kieran; Sander, Tomas; Rao., Prasad
An online knowledge base store (KB Store) Journal Article
In: Research Disclosure, pp. 114–115, 2012, (ID 574026).
@article{Papanikolaou2012a,
title = {An online knowledge base store (KB Store)},
author = {Nikolaos Papanikolaou and Siani Pearson and Marco Casassa Mont and Richard Brown and Kieran McCorry and Tomas Sander and Prasad
Rao.},
year = {2012},
date = {2012-01-01},
journal = {Research Disclosure},
pages = {114--115},
abstract = {This paper presents the idea of a Knowledge Base Store.},
note = {ID 574026},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper presents the idea of a Knowledge Base Store.
Papanikolaou, Nick; Pearson, Siani; Mont, Marco Casassa; Ko, Ryan
Automating Compliance for Cloud Computing Services Proceedings Article
In: Proceedings of the 2nd International Conference on Cloud Computing and Services Science (CLOSER 2012), SciTePress, 2012.
Abstract | Links | BibTeX | Tags:
@inproceedings{Papanikolaou2012b,
title = {Automating Compliance for Cloud Computing Services},
author = {Nick Papanikolaou and Siani Pearson and Marco Casassa Mont and Ryan Ko},
url = {../files/paper-nlp.pdf},
year = {2012},
date = {2012-01-01},
booktitle = {Proceedings of the 2nd International Conference on Cloud Computing
and Services Science (CLOSER 2012)},
publisher = {SciTePress},
abstract = {We present an integrated approach for automating service providers'
compliance with data protection laws and regulations, business and
technical requirements in cloud computing. The techniques we propose
in particular include: natural-language analysis (of legislative
and regulatory texts, and corporate security rulebooks) and extraction
of enforceable rules, use of sticky policies, automated policy enforcement
and active monitoring of data, particularly in cloud environments.
We discuss ongoing work on developing a software tool for natural-language
processing of cloud terms of service and other related policy texts.
We also identify opportunities for future software development in
the area of cloud computing compliance.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
We present an integrated approach for automating service providers'
compliance with data protection laws and regulations, business and
technical requirements in cloud computing. The techniques we propose
in particular include: natural-language analysis (of legislative
and regulatory texts, and corporate security rulebooks) and extraction
of enforceable rules, use of sticky policies, automated policy enforcement
and active monitoring of data, particularly in cloud environments.
We discuss ongoing work on developing a software tool for natural-language
processing of cloud terms of service and other related policy texts.
We also identify opportunities for future software development in
the area of cloud computing compliance.
compliance with data protection laws and regulations, business and
technical requirements in cloud computing. The techniques we propose
in particular include: natural-language analysis (of legislative
and regulatory texts, and corporate security rulebooks) and extraction
of enforceable rules, use of sticky policies, automated policy enforcement
and active monitoring of data, particularly in cloud environments.
We discuss ongoing work on developing a software tool for natural-language
processing of cloud terms of service and other related policy texts.
We also identify opportunities for future software development in
the area of cloud computing compliance.
Wainwright, Nick; Papanikolaou, Nick
The FIA Research Roadmap: Priorities for Future Internet Research Book Section
In: Alvarez, F; Cleary, F; Daras, P; Domingue, J; Galis, A; Garcia, A; Gavras, A; Karnourskos, S; Krco, S; Li, M -S; Lotz, V; Müller, H; Salvadori, E; Sassen, A -M; Schaffers, H; Stiller, B; Tselentis, G; Turkama, P; Zahariadis, T (Ed.): Future Internet --- From Technological Promises to Reality, vol. 7281, Springer, 2012.
Abstract | Links | BibTeX | Tags:
@incollection{Wainwright2012,
title = {The FIA Research Roadmap: Priorities for Future Internet Research},
author = {Nick Wainwright and Nick Papanikolaou},
editor = {F Alvarez and F Cleary and P Daras and J Domingue and A Galis and A Garcia and A Gavras and S Karnourskos and S Krco and M -S Li and V Lotz and H Müller and E Salvadori and A -M Sassen and H Schaffers and B Stiller and G Tselentis and P Turkama and T Zahariadis},
url = {../files/fiapaper.pdf},
year = {2012},
date = {2012-01-01},
booktitle = {Future Internet --- From Technological Promises to Reality},
volume = {7281},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
abstract = {The Future Internet Assembly Research Roadmap for Framework Programme
8 captures the ideas and contributions of the FIA community on the
important research topics that should be addressed for the Framework
Programme 8 research programmes broadly grouped around three main
concerns; economic and business interests; societal interests and
challenges; technical disruptions and capabilities.
The contents of this roadmap originate with the community of researchers
working on all aspects of the Future Internet and meet to share and
discuss ideas through the Future Internet Assembly through an open
consultation of research projects who participate in FIA. This roadmap
is primarily concerned with identifying research that can be carried
out in the second half of this decade and which will have an impact
in 2020 and beyond. By impact, we mean will result in products, services,
systems, capabilities, that come to market and are available and
deployed in that timeframe.
The approach adopted in this report is to integrate contributions
across the entire space of future Internet research with the aim
of bringing out the vision for how and where the Internet will make
a significant difference in the future and identifying the broad
challenges and gaps, and identifying the solutions and research needs
in the future. In this report we have summarised and grouped ideas
with the aim of identifying the strong themes and consistent challenges
that emerge looking across the whole agenda.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
The Future Internet Assembly Research Roadmap for Framework Programme
8 captures the ideas and contributions of the FIA community on the
important research topics that should be addressed for the Framework
Programme 8 research programmes broadly grouped around three main
concerns; economic and business interests; societal interests and
challenges; technical disruptions and capabilities.
The contents of this roadmap originate with the community of researchers
working on all aspects of the Future Internet and meet to share and
discuss ideas through the Future Internet Assembly through an open
consultation of research projects who participate in FIA. This roadmap
is primarily concerned with identifying research that can be carried
out in the second half of this decade and which will have an impact
in 2020 and beyond. By impact, we mean will result in products, services,
systems, capabilities, that come to market and are available and
deployed in that timeframe.
The approach adopted in this report is to integrate contributions
across the entire space of future Internet research with the aim
of bringing out the vision for how and where the Internet will make
a significant difference in the future and identifying the broad
challenges and gaps, and identifying the solutions and research needs
in the future. In this report we have summarised and grouped ideas
with the aim of identifying the strong themes and consistent challenges
that emerge looking across the whole agenda.
8 captures the ideas and contributions of the FIA community on the
important research topics that should be addressed for the Framework
Programme 8 research programmes broadly grouped around three main
concerns; economic and business interests; societal interests and
challenges; technical disruptions and capabilities.
The contents of this roadmap originate with the community of researchers
working on all aspects of the Future Internet and meet to share and
discuss ideas through the Future Internet Assembly through an open
consultation of research projects who participate in FIA. This roadmap
is primarily concerned with identifying research that can be carried
out in the second half of this decade and which will have an impact
in 2020 and beyond. By impact, we mean will result in products, services,
systems, capabilities, that come to market and are available and
deployed in that timeframe.
The approach adopted in this report is to integrate contributions
across the entire space of future Internet research with the aim
of bringing out the vision for how and where the Internet will make
a significant difference in the future and identifying the broad
challenges and gaps, and identifying the solutions and research needs
in the future. In this report we have summarised and grouped ideas
with the aim of identifying the strong themes and consistent challenges
that emerge looking across the whole agenda.
Wainwright, Nick; Papanikolaou, Nick
The FIA Research Roadmap: Priorities for Future Internet Research Technical Report
HP Laboratories no. HPL-2012-70, 2012.
Abstract | Links | BibTeX | Tags:
@techreport{Wainwright2012a,
title = {The FIA Research Roadmap: Priorities for Future Internet
Research},
author = {Nick Wainwright and Nick Papanikolaou},
url = {../files/fiapaper.pdf},
year = {2012},
date = {2012-01-01},
number = {HPL-2012-70},
institution = {HP Laboratories},
abstract = {We describe the key findings of the Future Internet Assembly Research
Roadmap for Framework Programme 8, which captures the ideas and contributions
of the FIA community on the important research topics that should
be addressed in future funding programmes. The findings of the roadmap
have been produced through an open consultation of research projects
who participate in FIA. It is primarily concerned with identifying
research that can be carried out in the second half of this decade
and which will have an impact in 2020 and beyond. By ¡impact¢ we
mean will result in products, services, systems, capabilities, that
come to market and are available and deployed in that timeframe.},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
We describe the key findings of the Future Internet Assembly Research
Roadmap for Framework Programme 8, which captures the ideas and contributions
of the FIA community on the important research topics that should
be addressed in future funding programmes. The findings of the roadmap
have been produced through an open consultation of research projects
who participate in FIA. It is primarily concerned with identifying
research that can be carried out in the second half of this decade
and which will have an impact in 2020 and beyond. By ¡impact¢ we
mean will result in products, services, systems, capabilities, that
come to market and are available and deployed in that timeframe.
Roadmap for Framework Programme 8, which captures the ideas and contributions
of the FIA community on the important research topics that should
be addressed in future funding programmes. The findings of the roadmap
have been produced through an open consultation of research projects
who participate in FIA. It is primarily concerned with identifying
research that can be carried out in the second half of this decade
and which will have an impact in 2020 and beyond. By ¡impact¢ we
mean will result in products, services, systems, capabilities, that
come to market and are available and deployed in that timeframe.
2011
Papanikolaou, Nick; Pearson, Siani; Mont, Marco Casassa
Automated Understanding of Cloud Terms of Service and SLAs Proceedings Article
In: Proceedings of The 22nd Hewlett-Packard Colloquium on Information Security, Royal Holloway, University of London, 2011.
Abstract | Links | BibTeX | Tags:
@inproceedings{Papanikolaou2011f,
title = {Automated Understanding of Cloud Terms of Service and SLAs},
author = {Nick Papanikolaou and Siani Pearson and Marco Casassa Mont},
url = {../files/CloudCom2011.pdf},
year = {2011},
date = {2011-12-01},
booktitle = {Proceedings of The 22nd Hewlett-Packard Colloquium on Information
Security},
address = {Royal Holloway, University of London},
abstract = {We argue in favour of a set of particular tools and approaches to
help achieve accountability in cloud computing. Our concern is helping
cloud providers achieve their security goals and meeting their customers'
security and privacy requirements. The techniques we propose in particular
include: natural-language analysis (of legislative and regulatory
texts, and corporate security rulebooks) and extraction of enforceable
rules, use of sticky policies, automated policy enforcement and active
monitoring of data, particularly in cloud environments. This is a
position paper reporting our initial thinking and current progress.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
We argue in favour of a set of particular tools and approaches to
help achieve accountability in cloud computing. Our concern is helping
cloud providers achieve their security goals and meeting their customers'
security and privacy requirements. The techniques we propose in particular
include: natural-language analysis (of legislative and regulatory
texts, and corporate security rulebooks) and extraction of enforceable
rules, use of sticky policies, automated policy enforcement and active
monitoring of data, particularly in cloud environments. This is a
position paper reporting our initial thinking and current progress.
help achieve accountability in cloud computing. Our concern is helping
cloud providers achieve their security goals and meeting their customers'
security and privacy requirements. The techniques we propose in particular
include: natural-language analysis (of legislative and regulatory
texts, and corporate security rulebooks) and extraction of enforceable
rules, use of sticky policies, automated policy enforcement and active
monitoring of data, particularly in cloud environments. This is a
position paper reporting our initial thinking and current progress.
Papanikolaou, Nick; Pearson, Siani; Mont, Marco Casassa
Automated Understanding of Cloud Terms of Service and SLAs Proceedings Article
In: Proceedings of IEEE CloudCom 2011, Athens, Greece, 2011.
Abstract | Links | BibTeX | Tags:
@inproceedings{Papanikolaou2011e,
title = {Automated Understanding of Cloud Terms of Service and SLAs},
author = {Nick Papanikolaou and Siani Pearson and Marco Casassa Mont},
url = {../files/CloudCom2011.pdf},
year = {2011},
date = {2011-11-01},
booktitle = {Proceedings of IEEE CloudCom 2011},
address = {Athens, Greece},
abstract = {We argue in favour of a set of particular tools and approaches to
help achieve accountability in cloud computing. Our concern is helping
cloud providers achieve their security goals and meeting their customers'
security and privacy requirements. The techniques we propose in particular
include: natural-language analysis (of legislative and regulatory
texts, and corporate security rulebooks) and extraction of enforceable
rules, use of sticky policies, automated policy enforcement and active
monitoring of data, particularly in cloud environments. This is a
position paper reporting our initial thinking and current progress.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
We argue in favour of a set of particular tools and approaches to
help achieve accountability in cloud computing. Our concern is helping
cloud providers achieve their security goals and meeting their customers'
security and privacy requirements. The techniques we propose in particular
include: natural-language analysis (of legislative and regulatory
texts, and corporate security rulebooks) and extraction of enforceable
rules, use of sticky policies, automated policy enforcement and active
monitoring of data, particularly in cloud environments. This is a
position paper reporting our initial thinking and current progress.
help achieve accountability in cloud computing. Our concern is helping
cloud providers achieve their security goals and meeting their customers'
security and privacy requirements. The techniques we propose in particular
include: natural-language analysis (of legislative and regulatory
texts, and corporate security rulebooks) and extraction of enforceable
rules, use of sticky policies, automated policy enforcement and active
monitoring of data, particularly in cloud environments. This is a
position paper reporting our initial thinking and current progress.
Wainwright, Nick; Nick,
2011, (Produced under the auspices of the EC EFFECTSPLUS Research Project.).
Abstract | Links | BibTeX | Tags:
@misc{Papanikolaou2011c,
title = {Trust and Security in the Future Internet: Setting the Context. Towards
a vision and analysis of fundamental change areas, challenges and
potential solutions as discussed at EFFECTSPLUS Clustering and Roadmapping
Events},
author = {Nick Wainwright and Nick},
url = {../files/tsroadmap.pdf},
year = {2011},
date = {2011-05-01},
abstract = {The initial materials for the trust and security roadmap were gathered
at three meetings organised in Effectsplus: (a) the Open Communications
Event (01/02/2011), (b) the Technical Cluster meeting (29/03/2011),
and (c) the Technical Cluster meeting (04/07/2011). At each of these
events, the WP4 participants, Nick Wainwright and Nick Papanikolaou
(HP) organised dedicated roadmapping sessions to gather inputs and
validate results from earlier sessions. The structure of the sessions
involved a presentation of the community¢s view of trust and security,
followed by an interactive discussion of core topics.
The results of our analysis were processed, written up and circulated
in the European re? search community of trust and security projects.
The final version was presented at the Future Internet Assembly in
Poznan (24?28/10/2011).},
note = {Produced under the auspices of the EC EFFECTSPLUS Research Project.},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
The initial materials for the trust and security roadmap were gathered
at three meetings organised in Effectsplus: (a) the Open Communications
Event (01/02/2011), (b) the Technical Cluster meeting (29/03/2011),
and (c) the Technical Cluster meeting (04/07/2011). At each of these
events, the WP4 participants, Nick Wainwright and Nick Papanikolaou
(HP) organised dedicated roadmapping sessions to gather inputs and
validate results from earlier sessions. The structure of the sessions
involved a presentation of the community¢s view of trust and security,
followed by an interactive discussion of core topics.
The results of our analysis were processed, written up and circulated
in the European re? search community of trust and security projects.
The final version was presented at the Future Internet Assembly in
Poznan (24?28/10/2011).
at three meetings organised in Effectsplus: (a) the Open Communications
Event (01/02/2011), (b) the Technical Cluster meeting (29/03/2011),
and (c) the Technical Cluster meeting (04/07/2011). At each of these
events, the WP4 participants, Nick Wainwright and Nick Papanikolaou
(HP) organised dedicated roadmapping sessions to gather inputs and
validate results from earlier sessions. The structure of the sessions
involved a presentation of the community¢s view of trust and security,
followed by an interactive discussion of core topics.
The results of our analysis were processed, written up and circulated
in the European re? search community of trust and security projects.
The final version was presented at the Future Internet Assembly in
Poznan (24?28/10/2011).
Papanikolaou, Nick
Achieving Compliance Through Natural-Language Analysis of Service Level Agreements for Cloud Services Technical Report
HP Laboratories no. HPL-2011-167, 2011.
@techreport{Papanikolaou2011,
title = {Achieving Compliance Through Natural-Language Analysis of Service
Level Agreements for Cloud Services},
author = {Nick Papanikolaou},
year = {2011},
date = {2011-01-01},
number = {HPL-2011-167},
institution = {HP Laboratories},
abstract = {We discuss how to apply automated natural-language processing to cloud
SLAs in order to extract formal rules pertaining to security and
privacy. SLAs tend to contain comparatively predictable, prescriptive
language, making the extraction of certain types of rule possible
automatically. Our approach enables the extraction and semantic representation
of rules. This enables the policies of different cloud service providers
to be compared with regards to particular attributes, and also paves
the way for automated compliance checking and enforcement of privacy
and security rules in cloud infrastructures.},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
We discuss how to apply automated natural-language processing to cloud
SLAs in order to extract formal rules pertaining to security and
privacy. SLAs tend to contain comparatively predictable, prescriptive
language, making the extraction of certain types of rule possible
automatically. Our approach enables the extraction and semantic representation
of rules. This enables the policies of different cloud service providers
to be compared with regards to particular attributes, and also paves
the way for automated compliance checking and enforcement of privacy
and security rules in cloud infrastructures.
SLAs in order to extract formal rules pertaining to security and
privacy. SLAs tend to contain comparatively predictable, prescriptive
language, making the extraction of certain types of rule possible
automatically. Our approach enables the extraction and semantic representation
of rules. This enables the policies of different cloud service providers
to be compared with regards to particular attributes, and also paves
the way for automated compliance checking and enforcement of privacy
and security rules in cloud infrastructures.
Papanikolaou, Nick; Pearson, Siani; Mont, Marco Casassa
Towards Natural-Language Understanding and Automated Enforcement of Privacy Rules and Regulations in the Cloud: Survey and Bibliography Technical Report
HP Laboratories no. HPL-2011-117, 2011.
@techreport{Papanikolaou2011a,
title = {Towards Natural-Language Understanding and Automated Enforcement
of Privacy Rules and Regulations in the Cloud: Survey and Bibliography},
author = {Nick Papanikolaou and Siani Pearson and Marco Casassa Mont},
year = {2011},
date = {2011-01-01},
number = {HPL-2011-117},
institution = {HP Laboratories},
abstract = {In this paper we survey existing work on automatically processing
legal, regulatory and other policy texts for the extraction and representation
of privacy knowledge and rules. Our objective is to link and apply
some of these techniques to policy enforcement and compliance, to
provide a core means of achieving and maintaining customer privacy
in an enterprise context, particularly where data is stored and processed
in cloud data centres. We sketch our thoughts on how this might be
done given the many different, but so far strictly distinct from
one another, approaches to natural-language analysis of legal and
other prescriptive texts, approaches to knowledge extraction, semantic
representation, and automated enforcement of privacy rules.},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
In this paper we survey existing work on automatically processing
legal, regulatory and other policy texts for the extraction and representation
of privacy knowledge and rules. Our objective is to link and apply
some of these techniques to policy enforcement and compliance, to
provide a core means of achieving and maintaining customer privacy
in an enterprise context, particularly where data is stored and processed
in cloud data centres. We sketch our thoughts on how this might be
done given the many different, but so far strictly distinct from
one another, approaches to natural-language analysis of legal and
other prescriptive texts, approaches to knowledge extraction, semantic
representation, and automated enforcement of privacy rules.
legal, regulatory and other policy texts for the extraction and representation
of privacy knowledge and rules. Our objective is to link and apply
some of these techniques to policy enforcement and compliance, to
provide a core means of achieving and maintaining customer privacy
in an enterprise context, particularly where data is stored and processed
in cloud data centres. We sketch our thoughts on how this might be
done given the many different, but so far strictly distinct from
one another, approaches to natural-language analysis of legal and
other prescriptive texts, approaches to knowledge extraction, semantic
representation, and automated enforcement of privacy rules.
Papanikolaou, Nick; Pearson, Siani; Mont, Marco Casassa
Towards Natural-Language Understanding and Automated Enforcement of Privacy Rules and Regulations in the Cloud: Survey and Bibliography Proceedings Article
In: Proceedings of 1st International Workshop on Security and Trust in Virtualised Environments (STAVE 2011), 2011.
Abstract | Links | BibTeX | Tags:
@inproceedings{Papanikolaou2011d,
title = {Towards Natural-Language Understanding and Automated Enforcement
of Privacy Rules and Regulations in the Cloud: Survey and Bibliography},
author = {Nick Papanikolaou and Siani Pearson and Marco Casassa Mont},
url = {../files/STAVEPaperFinal.pdf},
year = {2011},
date = {2011-01-01},
booktitle = {Proceedings of 1st International Workshop on Security and Trust in
Virtualised Environments (STAVE 2011)},
abstract = {In this paper we survey existing work on automatically processing
legal, regulatory and other policy texts for the extraction and representation
of privacy knowledge and rules. Our objective is to link and apply
some of these techniques to policy enforcement and compliance, to
provide a core means of achieving and maintaining customer privacy
in an enterprise context, particularly where data is stored and processed
in cloud data centres. We sketch our thoughts on how this might be
done given the many different, but so far strictly distinct from
one another, approaches to natural-language analysis of legal and
other prescriptive texts, approaches to knowledge extraction, semantic
representation, and automated enforcement of privacy rules.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper we survey existing work on automatically processing
legal, regulatory and other policy texts for the extraction and representation
of privacy knowledge and rules. Our objective is to link and apply
some of these techniques to policy enforcement and compliance, to
provide a core means of achieving and maintaining customer privacy
in an enterprise context, particularly where data is stored and processed
in cloud data centres. We sketch our thoughts on how this might be
done given the many different, but so far strictly distinct from
one another, approaches to natural-language analysis of legal and
other prescriptive texts, approaches to knowledge extraction, semantic
representation, and automated enforcement of privacy rules.
legal, regulatory and other policy texts for the extraction and representation
of privacy knowledge and rules. Our objective is to link and apply
some of these techniques to policy enforcement and compliance, to
provide a core means of achieving and maintaining customer privacy
in an enterprise context, particularly where data is stored and processed
in cloud data centres. We sketch our thoughts on how this might be
done given the many different, but so far strictly distinct from
one another, approaches to natural-language analysis of legal and
other prescriptive texts, approaches to knowledge extraction, semantic
representation, and automated enforcement of privacy rules.
Papanikolaou, Nick; Pearson, Siani; Mont, Marco Casassa
In: Secure and Trust Computing, Data Management and Applications, vol. 187, pp. 166–173, Springer, 2011.
@incollection{Papanikolaou2011g,
title = {Towards Natural-Language Understanding and Automated Enforcement
of Privacy Rules and Regulations in the Cloud: Survey and Bibliography},
author = {Nick Papanikolaou and Siani Pearson and Marco Casassa Mont},
url = {../files/STAVEPaperFinal.pdf},
year = {2011},
date = {2011-01-01},
booktitle = {Secure and Trust Computing, Data Management and Applications},
volume = {187},
pages = {166--173},
publisher = {Springer},
series = {Communications in Computer and Information Science},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
Papanikolaou, Nick; Pearson, Siani; Mont, Marco Casassa; Ko, Ryan
Towards Greater Accountability in Cloud Computing through Natural-Language Analysis and Automated Policy Enforcement Technical Report
HP Laboratories no. HPL-2011-118, 2011.
Abstract | Links | BibTeX | Tags:
@techreport{Papanikolaou2011b,
title = {Towards Greater Accountability in Cloud Computing through Natural-Language
Analysis and Automated Policy Enforcement},
author = {Nick Papanikolaou and Siani Pearson and Marco Casassa Mont and Ryan Ko},
url = {../files/tr2011b.pdf},
year = {2011},
date = {2011-01-01},
number = {HPL-2011-118},
institution = {HP Laboratories},
abstract = {We argue in favour of a set of particular tools and approaches to
achieve accountability in cloud computing. Our concern is helping
cloud providers achieve their security goals and meeting their customers'
security and privacy requirements. The techniques we propose in particular
include: natural-language analysis (of legislative and regulatory
texts, and corporate security rulebooks) and extraction of enforceable
rules, use of sticky policies, automated policy enforcement and active
monitoring of data, particularly in cloud environments.},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
We argue in favour of a set of particular tools and approaches to
achieve accountability in cloud computing. Our concern is helping
cloud providers achieve their security goals and meeting their customers'
security and privacy requirements. The techniques we propose in particular
include: natural-language analysis (of legislative and regulatory
texts, and corporate security rulebooks) and extraction of enforceable
rules, use of sticky policies, automated policy enforcement and active
monitoring of data, particularly in cloud environments.
achieve accountability in cloud computing. Our concern is helping
cloud providers achieve their security goals and meeting their customers'
security and privacy requirements. The techniques we propose in particular
include: natural-language analysis (of legislative and regulatory
texts, and corporate security rulebooks) and extraction of enforceable
rules, use of sticky policies, automated policy enforcement and active
monitoring of data, particularly in cloud environments.
Wainwright, Nick; Papanikolaou, Nick
Future Internet Assembly Research Roadmap Miscellaneous
2011, (Produced under the auspices of the EC EFFECTSPLUS Research Project.).
Abstract | Links | BibTeX | Tags:
@misc{Wainwright2011,
title = {Future Internet Assembly Research Roadmap},
author = {Nick Wainwright and Nick Papanikolaou},
editor = {Nick Wainwright and Nick Papanikolaou},
url = {http://fisa.future-internet.eu/index.php/FIA_Research_Roadmap},
year = {2011},
date = {2011-01-01},
publisher = {European Commission},
abstract = {The Future Internet Assembly Research Roadmap for Framework Programme
8 captures the ideas and contributions of the FIA community on the
important research topics that should be addressed for the Framework
Programme 8 research programmes broadly grouped around three main
concerns; economic and business interests; societal interests and
challenges; technical disruptions and capabilities.
The contents of this roadmap originate with the community of researchers
working on all aspects of the Future Internet and meet to share and
discuss ideas through the Future Internet Assembly through an open
consultation of research projects who participate in FIA. This roadmap
is primarily concerned with identifying research that can be carried
out in the second half of this decade and which will have an impact
in 2020 and beyond. By impact, we mean will result in products, services,
systems, capabilities, that come to market and are available and
deployed in that timeframe.
The approach adopted in this report is to integrate contributions
across the entire space of future Internet research with the aim
of bringing out the vision for how and where the Internet will make
a significant difference in the future and identifying the broad
challenges and gaps, and identifying the solutions and research needs
in the future. In this report we have summarised and grouped ideas
with the aim of identifying the strong themes and consistent challenges
that emerge looking across the whole agenda.},
note = {Produced under the auspices of the EC EFFECTSPLUS Research Project.},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
The Future Internet Assembly Research Roadmap for Framework Programme
8 captures the ideas and contributions of the FIA community on the
important research topics that should be addressed for the Framework
Programme 8 research programmes broadly grouped around three main
concerns; economic and business interests; societal interests and
challenges; technical disruptions and capabilities.
The contents of this roadmap originate with the community of researchers
working on all aspects of the Future Internet and meet to share and
discuss ideas through the Future Internet Assembly through an open
consultation of research projects who participate in FIA. This roadmap
is primarily concerned with identifying research that can be carried
out in the second half of this decade and which will have an impact
in 2020 and beyond. By impact, we mean will result in products, services,
systems, capabilities, that come to market and are available and
deployed in that timeframe.
The approach adopted in this report is to integrate contributions
across the entire space of future Internet research with the aim
of bringing out the vision for how and where the Internet will make
a significant difference in the future and identifying the broad
challenges and gaps, and identifying the solutions and research needs
in the future. In this report we have summarised and grouped ideas
with the aim of identifying the strong themes and consistent challenges
that emerge looking across the whole agenda.
8 captures the ideas and contributions of the FIA community on the
important research topics that should be addressed for the Framework
Programme 8 research programmes broadly grouped around three main
concerns; economic and business interests; societal interests and
challenges; technical disruptions and capabilities.
The contents of this roadmap originate with the community of researchers
working on all aspects of the Future Internet and meet to share and
discuss ideas through the Future Internet Assembly through an open
consultation of research projects who participate in FIA. This roadmap
is primarily concerned with identifying research that can be carried
out in the second half of this decade and which will have an impact
in 2020 and beyond. By impact, we mean will result in products, services,
systems, capabilities, that come to market and are available and
deployed in that timeframe.
The approach adopted in this report is to integrate contributions
across the entire space of future Internet research with the aim
of bringing out the vision for how and where the Internet will make
a significant difference in the future and identifying the broad
challenges and gaps, and identifying the solutions and research needs
in the future. In this report we have summarised and grouped ideas
with the aim of identifying the strong themes and consistent challenges
that emerge looking across the whole agenda.
2010
Agrafiotis, Ioannis; Creese, Sadie; Goldsmith, Michael; Papanikolaou, Nick; Mont, Marco Casassa; Pearson, Siani
Defining Consent and Revocation Policies Proceedings Article
In: Pre-Proceedings of PrimeLife/IFIP Summer School 2010: Privacy and Identity Management for Life, Helsingborg, Sweden, 2010.
Abstract | Links | BibTeX | Tags:
@inproceedings{Agrafiotis2010b,
title = {Defining Consent and Revocation Policies},
author = {Ioannis Agrafiotis and Sadie Creese and Michael Goldsmith and Nick
Papanikolaou and Marco Casassa Mont and Siani Pearson},
url = {../files/definingcrpol.pdf},
year = {2010},
date = {2010-08-01},
booktitle = {Pre-Proceedings of PrimeLife/IFIP Summer School 2010: Privacy and
Identity Management for Life},
address = {Helsingborg, Sweden},
abstract = {In this paper we present the notion of a consent and revocation policy,
as it has been defined within the context of the EnCoRe project.
A consent and revocation policy is different to a privacy policy
in that it defines not enterprise practices with regards to personal
data, but more specifically, for each item of personal data held
by an enterprise, what consent preferences a user may express and
to what degree, and in what ways he or she can revoke their personal
data. This builds on earlier work on defining the different forms
of revocation for personal data, and on formal models of consent
and revocation processes.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper we present the notion of a consent and revocation policy,
as it has been defined within the context of the EnCoRe project.
A consent and revocation policy is different to a privacy policy
in that it defines not enterprise practices with regards to personal
data, but more specifically, for each item of personal data held
by an enterprise, what consent preferences a user may express and
to what degree, and in what ways he or she can revoke their personal
data. This builds on earlier work on defining the different forms
of revocation for personal data, and on formal models of consent
and revocation processes.
as it has been defined within the context of the EnCoRe project.
A consent and revocation policy is different to a privacy policy
in that it defines not enterprise practices with regards to personal
data, but more specifically, for each item of personal data held
by an enterprise, what consent preferences a user may express and
to what degree, and in what ways he or she can revoke their personal
data. This builds on earlier work on defining the different forms
of revocation for personal data, and on formal models of consent
and revocation processes.
Papanikolaou, Nick; Creese, Sadie; Goldsmith, Michael; Mont, Casassa; Pearson, Siani
EnCoRe: Towards a Holistic Approach to Privacy Proceedings Article
In: Proceedings of International Conference on Security and Cryptography (SECRYPT 2010), Athens, Greece, 2010.
Abstract | Links | BibTeX | Tags:
@inproceedings{Papanikolaou2010d,
title = {EnCoRe: Towards a Holistic Approach to Privacy},
author = {Nick Papanikolaou and Sadie Creese and Michael Goldsmith and Casassa Mont and Siani Pearson},
url = {../files/ieee-secrypt.pdf},
year = {2010},
date = {2010-07-01},
booktitle = {Proceedings of International Conference on Security and Cryptography
(SECRYPT 2010)},
address = {Athens, Greece},
abstract = {Privacy requirements for IT systems and solutions arise from a variety
of sources, including legislation, sector-specific regulation, organisational
guidelines, social and user expectations. In this paper we present
and discuss a holistic approach to the management of privacy - explored
in the context of the EnCoRe project - which takes into account the
need to deal with these different types of policies, at different
levels of abstraction as well as risk assessment methods to assess
them based on specific threats, needs and constraints. We discuss
examples of privacy requirements and related policies coming from
different sources. We then present how a privacy-aware risk assessment
approach (which leverages and extends traditional security-driven
risk assessment approaches) can be used to analyse these policies,
assess their compliance to requirements, identify gaps and mandate
the adoption of specific controls. We explain its relevance and implications
in an employee data case study, involving the management of privacy
consent and revocation. This is work in progress, carried out in
the context of the EnCoRe collaborative project.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Privacy requirements for IT systems and solutions arise from a variety
of sources, including legislation, sector-specific regulation, organisational
guidelines, social and user expectations. In this paper we present
and discuss a holistic approach to the management of privacy - explored
in the context of the EnCoRe project - which takes into account the
need to deal with these different types of policies, at different
levels of abstraction as well as risk assessment methods to assess
them based on specific threats, needs and constraints. We discuss
examples of privacy requirements and related policies coming from
different sources. We then present how a privacy-aware risk assessment
approach (which leverages and extends traditional security-driven
risk assessment approaches) can be used to analyse these policies,
assess their compliance to requirements, identify gaps and mandate
the adoption of specific controls. We explain its relevance and implications
in an employee data case study, involving the management of privacy
consent and revocation. This is work in progress, carried out in
the context of the EnCoRe collaborative project.
of sources, including legislation, sector-specific regulation, organisational
guidelines, social and user expectations. In this paper we present
and discuss a holistic approach to the management of privacy - explored
in the context of the EnCoRe project - which takes into account the
need to deal with these different types of policies, at different
levels of abstraction as well as risk assessment methods to assess
them based on specific threats, needs and constraints. We discuss
examples of privacy requirements and related policies coming from
different sources. We then present how a privacy-aware risk assessment
approach (which leverages and extends traditional security-driven
risk assessment approaches) can be used to analyse these policies,
assess their compliance to requirements, identify gaps and mandate
the adoption of specific controls. We explain its relevance and implications
in an employee data case study, involving the management of privacy
consent and revocation. This is work in progress, carried out in
the context of the EnCoRe collaborative project.
Adetoye, Adedayo O; Papanikolaou, Nikolaos
Static Analysis of Information Release in Interactive Programs Journal Article
In: Electronic Communications of the EASST, vol. 35, 2010.
Abstract | Links | BibTeX | Tags:
@article{Adetoye2010,
title = {Static Analysis of Information Release in Interactive Programs},
author = {Adedayo O Adetoye and Nikolaos Papanikolaou},
url = {../files/staticanalysis.pdf},
doi = {ISSN 1863-2122},
year = {2010},
date = {2010-01-01},
journal = {Electronic Communications of the EASST},
volume = {35},
abstract = {In this paper we present a model for analysing information release
(or leakage) in programs written in a simple imperative language.
We present the semantics of the language, an attacker model, and
the notion of an information release policy. Our key contribution
is the use of static analysis to compute information release of programs
and to verify it against a policy. We demonstrate our approach by
analysing information released to an attacker by faulty password
checking programs; our example is taken from a known ?aw in versions
of OpenSSH distributed with various Unix, Linux, and OpenBSD operating
systems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In this paper we present a model for analysing information release
(or leakage) in programs written in a simple imperative language.
We present the semantics of the language, an attacker model, and
the notion of an information release policy. Our key contribution
is the use of static analysis to compute information release of programs
and to verify it against a policy. We demonstrate our approach by
analysing information released to an attacker by faulty password
checking programs; our example is taken from a known ?aw in versions
of OpenSSH distributed with various Unix, Linux, and OpenBSD operating
systems.
(or leakage) in programs written in a simple imperative language.
We present the semantics of the language, an attacker model, and
the notion of an information release policy. Our key contribution
is the use of static analysis to compute information release of programs
and to verify it against a policy. We demonstrate our approach by
analysing information released to an attacker by faulty password
checking programs; our example is taken from a known ?aw in versions
of OpenSSH distributed with various Unix, Linux, and OpenBSD operating
systems.
Agrafiotis, Ioannis; Creese, Sadie; Goldsmith, Michael; Papanikolaou, Nick
Applying Formal Methods to Describe Privacy Control Requirements in a Real Scenario: Emerging Ambiguities and Proposed Solutions Proceedings Article
In: Proceedings of PrimeLife/IFIP Summer School 2010: Privacy and Identity Management for Life, Helsingborg, Sweden, 2010.
Abstract | Links | BibTeX | Tags:
@inproceedings{Agrafiotis2010,
title = {Applying Formal Methods to Describe Privacy Control Requirements
in a Real Scenario: Emerging Ambiguities and Proposed Solutions},
author = {Ioannis Agrafiotis and Sadie Creese and Michael Goldsmith and Nick
Papanikolaou},
url = {../files/PrimeLife-Jo.pdf},
year = {2010},
date = {2010-01-01},
booktitle = {Proceedings of PrimeLife/IFIP Summer School 2010: Privacy and Identity
Management for Life, Helsingborg, Sweden},
abstract = {In this paper, we demonstrate how formal methods can be used to unambiguously
express privacy requirements. We focus on requirements for consent
and revocation controls in a real world case study that has emerged
within the EnCoRe project. We analyse the ambiguities and issues
that arise when requirements expressed in natural language are transformed
into a formal notation, and propose solutions to address these issues.
These ambiguities were brought to our attention only through the
use of a formal notation, which we have designed specifically for
this purpose.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper, we demonstrate how formal methods can be used to unambiguously
express privacy requirements. We focus on requirements for consent
and revocation controls in a real world case study that has emerged
within the EnCoRe project. We analyse the ambiguities and issues
that arise when requirements expressed in natural language are transformed
into a formal notation, and propose solutions to address these issues.
These ambiguities were brought to our attention only through the
use of a formal notation, which we have designed specifically for
this purpose.
express privacy requirements. We focus on requirements for consent
and revocation controls in a real world case study that has emerged
within the EnCoRe project. We analyse the ambiguities and issues
that arise when requirements expressed in natural language are transformed
into a formal notation, and propose solutions to address these issues.
These ambiguities were brought to our attention only through the
use of a formal notation, which we have designed specifically for
this purpose.
Agrafiotis, Ioannis; Creese, Sadie; Goldsmith, Michael; Papanikolaou, Nick
Towards a Logic of Consent and Revocation Miscellaneous
2010, (Internal Report, EnCoRe Research Project.).
Abstract | Links | BibTeX | Tags:
@misc{Agrafiotis2010a,
title = {Towards a Logic of Consent and Revocation},
author = {Ioannis Agrafiotis and Sadie Creese and Michael Goldsmith and Nick
Papanikolaou},
url = {../files/logic-cr.pdf},
year = {2010},
date = {2010-01-01},
abstract = {Our aim is to provide a mechanism for bridging the gap between data
privacy policy languages and high-level requirements. We introduce
a logic for reasoning about the dynamics of privacy. In particular,
we focus on the semantics of the processes of consent and revocation
when applied to the handling and use of personal data. Our logic
provides the basis for a formal verification framework for privacy
and identity management systems. It is independent of any particular
policy description language for privacy preferences and privacy-aware
access control, and can be used to verify correctness of policy against
requirements specifications, as well as consistency across a policy
set. We give examples of how the logic can be used to specify aspects
of high-level privacy policies.},
note = {Internal Report, EnCoRe Research Project.},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Our aim is to provide a mechanism for bridging the gap between data
privacy policy languages and high-level requirements. We introduce
a logic for reasoning about the dynamics of privacy. In particular,
we focus on the semantics of the processes of consent and revocation
when applied to the handling and use of personal data. Our logic
provides the basis for a formal verification framework for privacy
and identity management systems. It is independent of any particular
policy description language for privacy preferences and privacy-aware
access control, and can be used to verify correctness of policy against
requirements specifications, as well as consistency across a policy
set. We give examples of how the logic can be used to specify aspects
of high-level privacy policies.
privacy policy languages and high-level requirements. We introduce
a logic for reasoning about the dynamics of privacy. In particular,
we focus on the semantics of the processes of consent and revocation
when applied to the handling and use of personal data. Our logic
provides the basis for a formal verification framework for privacy
and identity management systems. It is independent of any particular
policy description language for privacy preferences and privacy-aware
access control, and can be used to verify correctness of policy against
requirements specifications, as well as consistency across a policy
set. We give examples of how the logic can be used to specify aspects
of high-level privacy policies.
Agrafiotis, Ioannis; Creese, Sadie; Goldsmith, Michael; Papanikolaou, Nick
Taxonomy of Consent and Revocation Technical Report
2010.
@techreport{Agrafiotis2010c,
title = {Taxonomy of Consent and Revocation},
author = {Ioannis Agrafiotis and Sadie Creese and Michael Goldsmith and Nick
Papanikolaou},
year = {2010},
date = {2010-01-01},
abstract = {This document is a taxonomy of the core concepts associated with consent
and revocation in the context of online privacy, as they have been
agreed and defined in the EnCoRe research project. A number of core
concepts have been identified, classified and defined in line with
the
needs and applications of EnCoRe; the relationships and linkages between
these concepts are presented diagrammatically.},
howpublished = {EnCoRe Project Deliverable},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
This document is a taxonomy of the core concepts associated with consent
and revocation in the context of online privacy, as they have been
agreed and defined in the EnCoRe research project. A number of core
concepts have been identified, classified and defined in line with
the
needs and applications of EnCoRe; the relationships and linkages between
these concepts are presented diagrammatically.
and revocation in the context of online privacy, as they have been
agreed and defined in the EnCoRe research project. A number of core
concepts have been identified, classified and defined in line with
the
needs and applications of EnCoRe; the relationships and linkages between
these concepts are presented diagrammatically.
Adetoye, Adedayo O; Papanikolaou, Nikolaos
Static Analysis of Information Release in Interactive Programs Journal Article
In: Electronic Communications of the EASST, vol. 35, 2010.
Abstract | Links | BibTeX | Tags:
@article{Adetoye2010b,
title = {Static Analysis of Information Release in Interactive Programs},
author = {Adedayo O Adetoye and Nikolaos Papanikolaou},
url = {../files/staticanalysis.pdf},
doi = {ISSN 1863-2122},
year = {2010},
date = {2010-01-01},
journal = {Electronic Communications of the EASST},
volume = {35},
abstract = {In this paper we present a model for analysing information release
(or leakage) in programs written in a simple imperative language.
We present the semantics of the language, an attacker model, and
the notion of an information release policy. Our key contribution
is the use of static analysis to compute information release of programs
and to verify it against a policy. We demonstrate our approach by
analysing information released to an attacker by faulty password
checking programs; our example is taken from a known ?aw in versions
of OpenSSH distributed with various Unix, Linux, and OpenBSD operating
systems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In this paper we present a model for analysing information release
(or leakage) in programs written in a simple imperative language.
We present the semantics of the language, an attacker model, and
the notion of an information release policy. Our key contribution
is the use of static analysis to compute information release of programs
and to verify it against a policy. We demonstrate our approach by
analysing information released to an attacker by faulty password
checking programs; our example is taken from a known ?aw in versions
of OpenSSH distributed with various Unix, Linux, and OpenBSD operating
systems.
(or leakage) in programs written in a simple imperative language.
We present the semantics of the language, an attacker model, and
the notion of an information release policy. Our key contribution
is the use of static analysis to compute information release of programs
and to verify it against a policy. We demonstrate our approach by
analysing information released to an attacker by faulty password
checking programs; our example is taken from a known ?aw in versions
of OpenSSH distributed with various Unix, Linux, and OpenBSD operating
systems.
Agrafiotis, Ioannis; Creese, Sadie; Goldsmith, Michael; Papanikolaou, Nick
Applying Formal Methods to Describe Privacy Control Requirements in a Real Scenario: Emerging Ambiguities and Proposed Solutions Proceedings Article
In: Proceedings of PrimeLife/IFIP Summer School 2010: Privacy and Identity Management for Life, Helsingborg, Sweden, 2010.
Abstract | Links | BibTeX | Tags:
@inproceedings{Agrafiotis2010d,
title = {Applying Formal Methods to Describe Privacy Control Requirements
in a Real Scenario: Emerging Ambiguities and Proposed Solutions},
author = {Ioannis Agrafiotis and Sadie Creese and Michael Goldsmith and Nick
Papanikolaou},
url = {../files/PrimeLife-Jo.pdf},
year = {2010},
date = {2010-01-01},
booktitle = {Proceedings of PrimeLife/IFIP Summer School 2010: Privacy and Identity
Management for Life, Helsingborg, Sweden},
abstract = {In this paper, we demonstrate how formal methods can be used to unambiguously
express privacy requirements. We focus on requirements for consent
and revocation controls in a real world case study that has emerged
within the EnCoRe project. We analyse the ambiguities and issues
that arise when requirements expressed in natural language are transformed
into a formal notation, and propose solutions to address these issues.
These ambiguities were brought to our attention only through the
use of a formal notation, which we have designed specifically for
this purpose.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper, we demonstrate how formal methods can be used to unambiguously
express privacy requirements. We focus on requirements for consent
and revocation controls in a real world case study that has emerged
within the EnCoRe project. We analyse the ambiguities and issues
that arise when requirements expressed in natural language are transformed
into a formal notation, and propose solutions to address these issues.
These ambiguities were brought to our attention only through the
use of a formal notation, which we have designed specifically for
this purpose.
express privacy requirements. We focus on requirements for consent
and revocation controls in a real world case study that has emerged
within the EnCoRe project. We analyse the ambiguities and issues
that arise when requirements expressed in natural language are transformed
into a formal notation, and propose solutions to address these issues.
These ambiguities were brought to our attention only through the
use of a formal notation, which we have designed specifically for
this purpose.
Agrafiotis, Ioannis; Creese, Sadie; Goldsmith, Michael; Papanikolaou, Nick
Towards a Logic of Consent and Revocation Miscellaneous
2010, (Internal Report, EnCoRe Research Project.).
Abstract | Links | BibTeX | Tags:
@misc{Agrafiotis2010ab,
title = {Towards a Logic of Consent and Revocation},
author = {Ioannis Agrafiotis and Sadie Creese and Michael Goldsmith and Nick
Papanikolaou},
url = {../files/logic-cr.pdf},
year = {2010},
date = {2010-01-01},
abstract = {Our aim is to provide a mechanism for bridging the gap between data
privacy policy languages and high-level requirements. We introduce
a logic for reasoning about the dynamics of privacy. In particular,
we focus on the semantics of the processes of consent and revocation
when applied to the handling and use of personal data. Our logic
provides the basis for a formal verification framework for privacy
and identity management systems. It is independent of any particular
policy description language for privacy preferences and privacy-aware
access control, and can be used to verify correctness of policy against
requirements specifications, as well as consistency across a policy
set. We give examples of how the logic can be used to specify aspects
of high-level privacy policies.},
note = {Internal Report, EnCoRe Research Project.},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Our aim is to provide a mechanism for bridging the gap between data
privacy policy languages and high-level requirements. We introduce
a logic for reasoning about the dynamics of privacy. In particular,
we focus on the semantics of the processes of consent and revocation
when applied to the handling and use of personal data. Our logic
provides the basis for a formal verification framework for privacy
and identity management systems. It is independent of any particular
policy description language for privacy preferences and privacy-aware
access control, and can be used to verify correctness of policy against
requirements specifications, as well as consistency across a policy
set. We give examples of how the logic can be used to specify aspects
of high-level privacy policies.
privacy policy languages and high-level requirements. We introduce
a logic for reasoning about the dynamics of privacy. In particular,
we focus on the semantics of the processes of consent and revocation
when applied to the handling and use of personal data. Our logic
provides the basis for a formal verification framework for privacy
and identity management systems. It is independent of any particular
policy description language for privacy preferences and privacy-aware
access control, and can be used to verify correctness of policy against
requirements specifications, as well as consistency across a policy
set. We give examples of how the logic can be used to specify aspects
of high-level privacy policies.
Agrafiotis, Ioannis; Creese, Sadie; Goldsmith, Michael; Papanikolaou, Nick
Taxonomy of Consent and Revocation Technical Report
2010.
@techreport{Agrafiotis2010cb,
title = {Taxonomy of Consent and Revocation},
author = {Ioannis Agrafiotis and Sadie Creese and Michael Goldsmith and Nick
Papanikolaou},
year = {2010},
date = {2010-01-01},
abstract = {This document is a taxonomy of the core concepts associated with consent
and revocation in the context of online privacy, as they have been
agreed and defined in the EnCoRe research project. A number of core
concepts have been identified, classified and defined in line with
the
needs and applications of EnCoRe; the relationships and linkages between
these concepts are presented diagrammatically.},
howpublished = {EnCoRe Project Deliverable},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
This document is a taxonomy of the core concepts associated with consent
and revocation in the context of online privacy, as they have been
agreed and defined in the EnCoRe research project. A number of core
concepts have been identified, classified and defined in line with
the
needs and applications of EnCoRe; the relationships and linkages between
these concepts are presented diagrammatically.
and revocation in the context of online privacy, as they have been
agreed and defined in the EnCoRe research project. A number of core
concepts have been identified, classified and defined in line with
the
needs and applications of EnCoRe; the relationships and linkages between
these concepts are presented diagrammatically.
Mont, Marco Casassa; Pearson, Siani; Creese, Sadie; Goldsmith, Michael; Papanikolaou, Nick
A Conceptual Model for Privacy Policies with Consent and Revocation Requirements Proceedings Article
In: Proceedings of PrimeLife/IFIP Summer School 2010: Privacy and Identity Management for Life, Springer-Verlag, 2010.
Abstract | Links | BibTeX | Tags:
@inproceedings{CasassaMont2010a,
title = {A Conceptual Model for Privacy Policies with Consent and Revocation
Requirements},
author = {Marco Casassa Mont and Siani Pearson and Sadie Creese and Michael
Goldsmith and Nick Papanikolaou},
url = {../files/PrimeLife-Conceptual.pdf},
year = {2010},
date = {2010-01-01},
booktitle = {Proceedings of PrimeLife/IFIP Summer School 2010: Privacy and Identity
Management for Life},
publisher = {Springer-Verlag},
series = {Lecture Notes in Computer Science},
abstract = {This paper proposes a conceptual model for privacy policies that takes
into account privacy requirements arising from different stakeholders,
with legal, business and technical backgrounds. Current approaches
to privacy management are either high-level, enforcing privacy of
personal data using legal compliance, risk and impact assessments,
or low-level, focusing on the technical implementation of access
controls to personal data held by an enterprise. High-level approaches
tend to address privacy as an afterthought in ordinary business practice,
and involve ad hoc enforcement practices; low-level approaches often
leave out important legal and business considerations focusing solely
on technical management of privacy policies. Hence, neither is a
panacea and the low level approaches are often not adopted in real
environments. Our conceptual model provides a means to express privacy
policy requirements as well as users' privacy preferences. It enables
structured reasoning regarding containment and implementation between
various policies at the high level, and enables easy traceability
into the low-level policy implementations. Thus it offers a means
to reason about correctness that links low-level privacy management
mechanisms to stakeholder requirements, thereby encouraging exploitation
of the low-level methods. We also present the notion of a consent
and revocation policy. A consent and revocation policy is different
to a privacy policy in that it defines not enterprise practices with
regards to personal data, but more specifically, for each item of
personal data held by an enterprise, what consent preferences a user
may express and to what degree, and in what ways he or she
can revoke their personal data. This builds on earlier work on defining
the different forms of revocation for personal data, and on formal
models of consent and revocation processes. The work and approach
discussed in this paper is currently carried out in the context of
the UK collaborative project EnCoRe (Ensuring Consent and Revocation).},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This paper proposes a conceptual model for privacy policies that takes
into account privacy requirements arising from different stakeholders,
with legal, business and technical backgrounds. Current approaches
to privacy management are either high-level, enforcing privacy of
personal data using legal compliance, risk and impact assessments,
or low-level, focusing on the technical implementation of access
controls to personal data held by an enterprise. High-level approaches
tend to address privacy as an afterthought in ordinary business practice,
and involve ad hoc enforcement practices; low-level approaches often
leave out important legal and business considerations focusing solely
on technical management of privacy policies. Hence, neither is a
panacea and the low level approaches are often not adopted in real
environments. Our conceptual model provides a means to express privacy
policy requirements as well as users' privacy preferences. It enables
structured reasoning regarding containment and implementation between
various policies at the high level, and enables easy traceability
into the low-level policy implementations. Thus it offers a means
to reason about correctness that links low-level privacy management
mechanisms to stakeholder requirements, thereby encouraging exploitation
of the low-level methods. We also present the notion of a consent
and revocation policy. A consent and revocation policy is different
to a privacy policy in that it defines not enterprise practices with
regards to personal data, but more specifically, for each item of
personal data held by an enterprise, what consent preferences a user
may express and to what degree, and in what ways he or she
can revoke their personal data. This builds on earlier work on defining
the different forms of revocation for personal data, and on formal
models of consent and revocation processes. The work and approach
discussed in this paper is currently carried out in the context of
the UK collaborative project EnCoRe (Ensuring Consent and Revocation).
into account privacy requirements arising from different stakeholders,
with legal, business and technical backgrounds. Current approaches
to privacy management are either high-level, enforcing privacy of
personal data using legal compliance, risk and impact assessments,
or low-level, focusing on the technical implementation of access
controls to personal data held by an enterprise. High-level approaches
tend to address privacy as an afterthought in ordinary business practice,
and involve ad hoc enforcement practices; low-level approaches often
leave out important legal and business considerations focusing solely
on technical management of privacy policies. Hence, neither is a
panacea and the low level approaches are often not adopted in real
environments. Our conceptual model provides a means to express privacy
policy requirements as well as users' privacy preferences. It enables
structured reasoning regarding containment and implementation between
various policies at the high level, and enables easy traceability
into the low-level policy implementations. Thus it offers a means
to reason about correctness that links low-level privacy management
mechanisms to stakeholder requirements, thereby encouraging exploitation
of the low-level methods. We also present the notion of a consent
and revocation policy. A consent and revocation policy is different
to a privacy policy in that it defines not enterprise practices with
regards to personal data, but more specifically, for each item of
personal data held by an enterprise, what consent preferences a user
may express and to what degree, and in what ways he or she
can revoke their personal data. This builds on earlier work on defining
the different forms of revocation for personal data, and on formal
models of consent and revocation processes. The work and approach
discussed in this paper is currently carried out in the context of
the UK collaborative project EnCoRe (Ensuring Consent and Revocation).
Mont, Marco Casassa; Pearson, Siani; Goldsmith, Michael; Papanikolaou, Nick
Towards A Conceptual Model For Privacy Policies Technical Report
HP Laboratories no. HPL-2010-82, 2010.
@techreport{CasassaMont2010b,
title = {Towards A Conceptual Model For Privacy Policies},
author = {Marco Casassa Mont and Siani Pearson and Michael Goldsmith and Nick Papanikolaou},
year = {2010},
date = {2010-01-01},
number = {HPL-2010-82},
institution = {HP Laboratories},
abstract = {This paper proposes a conceptual model for privacy policies that takes
into account privacy requirements arising from different stakeholders,
with legal, business and technical backgrounds. Current approaches
to privacy management are either high-level, enforcing privacy of
personal data using legal compliance, risk and impact assessments,
or low-level, focusing on the technical implementation of access
controls to personal data held by an enterprise. High-level approaches
tend to address privacy as an afterthought in ordinary business practice,
and involve ad hoc enforcement practices; low-level approaches often
leave out important legal and business considerations focusing solely
on technical management of privacy policies. Hence, neither is a
panacea and the low level approaches are often not adopted in real
environments. Our conceptual model provides a means to express privacy
policy requirements as well as users' privacy preferences. It enables
structured reasoning regarding containment and implementation between
various policies at the high level, and enables easy traceability
into the low-level policy implementations. Thus it offers a means
to reason about correctness that links low-level privacy management
mechanisms to stakeholder requirements, thereby encouraging exploitation
of the low-level methods. The work and approach discussed in this
paper is currently carried out in the context of the UK EnCoRe (Ensuring
Consent and Revocation) collaborative project.},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
This paper proposes a conceptual model for privacy policies that takes
into account privacy requirements arising from different stakeholders,
with legal, business and technical backgrounds. Current approaches
to privacy management are either high-level, enforcing privacy of
personal data using legal compliance, risk and impact assessments,
or low-level, focusing on the technical implementation of access
controls to personal data held by an enterprise. High-level approaches
tend to address privacy as an afterthought in ordinary business practice,
and involve ad hoc enforcement practices; low-level approaches often
leave out important legal and business considerations focusing solely
on technical management of privacy policies. Hence, neither is a
panacea and the low level approaches are often not adopted in real
environments. Our conceptual model provides a means to express privacy
policy requirements as well as users' privacy preferences. It enables
structured reasoning regarding containment and implementation between
various policies at the high level, and enables easy traceability
into the low-level policy implementations. Thus it offers a means
to reason about correctness that links low-level privacy management
mechanisms to stakeholder requirements, thereby encouraging exploitation
of the low-level methods. The work and approach discussed in this
paper is currently carried out in the context of the UK EnCoRe (Ensuring
Consent and Revocation) collaborative project.
into account privacy requirements arising from different stakeholders,
with legal, business and technical backgrounds. Current approaches
to privacy management are either high-level, enforcing privacy of
personal data using legal compliance, risk and impact assessments,
or low-level, focusing on the technical implementation of access
controls to personal data held by an enterprise. High-level approaches
tend to address privacy as an afterthought in ordinary business practice,
and involve ad hoc enforcement practices; low-level approaches often
leave out important legal and business considerations focusing solely
on technical management of privacy policies. Hence, neither is a
panacea and the low level approaches are often not adopted in real
environments. Our conceptual model provides a means to express privacy
policy requirements as well as users' privacy preferences. It enables
structured reasoning regarding containment and implementation between
various policies at the high level, and enables easy traceability
into the low-level policy implementations. Thus it offers a means
to reason about correctness that links low-level privacy management
mechanisms to stakeholder requirements, thereby encouraging exploitation
of the low-level methods. The work and approach discussed in this
paper is currently carried out in the context of the UK EnCoRe (Ensuring
Consent and Revocation) collaborative project.
Gay, Simon J; Nagarajan, Rajagopal; Papanikolaou, Nikolaos
Specification and Verification of Quantum Protocols Book Section
In: Gay, S J; Mackie, I (Ed.): Semantic Techniques in Quantum Computation, Cambridge University Press, 2010.
Abstract | Links | BibTeX | Tags:
@incollection{Gay2010,
title = {Specification and Verification of Quantum Protocols},
author = {Simon J Gay and Rajagopal Nagarajan and Nikolaos Papanikolaou},
editor = {S J Gay and I Mackie},
url = {http://www.amazon.co.uk/Semantic-Techniques-Quantum-Computation-Simon/dp/052151374X/ref=sr_1_10?ie=UTF8&s=books&qid=1243948315&sr=1-10},
year = {2010},
date = {2010-01-01},
booktitle = {Semantic Techniques in Quantum Computation},
publisher = {Cambridge University Press},
chapter = {11},
abstract = {We describe model-checking techniques for protocols arising in quantum
information theory and quantum cryptography. We discuss the theory
and implementation of practical model checker, QMC, for quantum protocols.
In our framework, we assume that the quantum operations performed
in a protocol are restricted to those within stabilizer formalism;
while this particular set of operations is not universal for quantum
computation, it allows us to develop models of several useful protocols
as well as of systems involving both classical and quantum information
processing. We discuss the modeling language of QMC, the logic used
for verification, the verification algorithms that have been implemented
in the tool. We demonstrate our techniques with applications to number
of case studies, including quantum teleportation and BB84 quantum
coin-flipping protocol.},
keywords = {},
pubstate = {published},
tppubtype = {incollection}
}
We describe model-checking techniques for protocols arising in quantum
information theory and quantum cryptography. We discuss the theory
and implementation of practical model checker, QMC, for quantum protocols.
In our framework, we assume that the quantum operations performed
in a protocol are restricted to those within stabilizer formalism;
while this particular set of operations is not universal for quantum
computation, it allows us to develop models of several useful protocols
as well as of systems involving both classical and quantum information
processing. We discuss the modeling language of QMC, the logic used
for verification, the verification algorithms that have been implemented
in the tool. We demonstrate our techniques with applications to number
of case studies, including quantum teleportation and BB84 quantum
coin-flipping protocol.
information theory and quantum cryptography. We discuss the theory
and implementation of practical model checker, QMC, for quantum protocols.
In our framework, we assume that the quantum operations performed
in a protocol are restricted to those within stabilizer formalism;
while this particular set of operations is not universal for quantum
computation, it allows us to develop models of several useful protocols
as well as of systems involving both classical and quantum information
processing. We discuss the modeling language of QMC, the logic used
for verification, the verification algorithms that have been implemented
in the tool. We demonstrate our techniques with applications to number
of case studies, including quantum teleportation and BB84 quantum
coin-flipping protocol.
Papanikolaou, Nick
Review of The Space and Motion of Communicating Agents by Robin Milner, Cambridge University Press, 2009 (ISBN: 978-0-521-73833-0) Journal Article
In: ACM SIGACT News, vol. 41, no. 3, pp. 51–-55, 2010.
@article{Papanikolaou2010b,
title = {Review of The Space and Motion of Communicating Agents by Robin Milner,
Cambridge University Press, 2009 (ISBN: 978-0-521-73833-0)},
author = {Nick Papanikolaou},
url = {../files/milnerreview.pdf},
year = {2010},
date = {2010-01-01},
journal = {ACM SIGACT News},
volume = {41},
number = {3},
pages = {51---55},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Papanikolaou, Nick; Creese, Sadie; Goldsmith, Michael; Mont, Casassa; Pearson, Siani
EnCoRe: Towards a holistic approach to privacy Technical Report
HP Laboratories no. HPL-2010-83, 2010.
@techreport{Papanikolaou2010c,
title = {EnCoRe: Towards a holistic approach to privacy},
author = {Nick Papanikolaou and Sadie Creese and Michael Goldsmith and Casassa Mont and Siani Pearson},
year = {2010},
date = {2010-01-01},
number = {HPL-2010-83},
institution = {HP Laboratories},
abstract = {We make the case for an integrated approach to privacy management
within organisations. Current approaches to privacy management are
either too high-level, enforcing privacy of personal data using legal
compliance, risk and impact assessments, or too low-level, focusing
only on the technical implementation of access controls to personal
data held by an enterprise. High-level approaches tend to address
privacy as an afterthought in ordinary business practice, and involve
ad hoc enforcement practices; low-level approaches often leave out
important legal and business considerations. As part of the EnCoRe
project we are developing a methodology which tries to bridge the
gap between privacy risk and impact assessment with the technical
management of privacy policies. We are working to define a conceptual
model as a means of expressing policy requirements as well as users'
privacy preferences and as a way to bridge the gap described above.
We aim to show the value of this approach in collaborative case studies
(including corporate personnel management, biobanks and assisted
living) in the context of the EnCoRe project.},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
We make the case for an integrated approach to privacy management
within organisations. Current approaches to privacy management are
either too high-level, enforcing privacy of personal data using legal
compliance, risk and impact assessments, or too low-level, focusing
only on the technical implementation of access controls to personal
data held by an enterprise. High-level approaches tend to address
privacy as an afterthought in ordinary business practice, and involve
ad hoc enforcement practices; low-level approaches often leave out
important legal and business considerations. As part of the EnCoRe
project we are developing a methodology which tries to bridge the
gap between privacy risk and impact assessment with the technical
management of privacy policies. We are working to define a conceptual
model as a means of expressing policy requirements as well as users'
privacy preferences and as a way to bridge the gap described above.
We aim to show the value of this approach in collaborative case studies
(including corporate personnel management, biobanks and assisted
living) in the context of the EnCoRe project.
within organisations. Current approaches to privacy management are
either too high-level, enforcing privacy of personal data using legal
compliance, risk and impact assessments, or too low-level, focusing
only on the technical implementation of access controls to personal
data held by an enterprise. High-level approaches tend to address
privacy as an afterthought in ordinary business practice, and involve
ad hoc enforcement practices; low-level approaches often leave out
important legal and business considerations. As part of the EnCoRe
project we are developing a methodology which tries to bridge the
gap between privacy risk and impact assessment with the technical
management of privacy policies. We are working to define a conceptual
model as a means of expressing policy requirements as well as users'
privacy preferences and as a way to bridge the gap described above.
We aim to show the value of this approach in collaborative case studies
(including corporate personnel management, biobanks and assisted
living) in the context of the EnCoRe project.
2009
Agrafiotis, Ioannis; Creese, Sadie; Goldsmith, Michael; Papanikolaou, Nikolaos
Reaching for Informed Revocation: Shutting Off the Tap on Personal Data Proceedings Article
In: Proceedings of Fifth International Summer School on Privacy and Identity Management for Life, Nice, France, 2009.
Abstract | Links | BibTeX | Tags:
@inproceedings{Agrafiotis2009,
title = {Reaching for Informed Revocation: Shutting Off the Tap on Personal
Data},
author = {Ioannis Agrafiotis and Sadie Creese and Michael Goldsmith and Nikolaos
Papanikolaou},
url = {../files/primelife-revo.pdf},
year = {2009},
date = {2009-09-01},
booktitle = {Proceedings of Fifth International Summer School on Privacy and Identity
Management for Life},
address = {Nice, France},
abstract = {We introduce a revocation model for handling personal data in cyberspace.
The model is motivated by a series of workshops undertaken by the
EnCoRe project aimed at understanding the control requirements of
a variety of data subjects. We observe that there is a lack of understanding
of the various technical options available for implementing revocation
preferences, and introduce the concept of informed revocation by
analogy to Faden and Beauchamp's informed consent. We argue that
we can overcome the limitations associated with informed consent
via the implementation of EnCoRe technology solutions. Finally, we
apply our model and demonstrate its validity to a number of data-handling
scenarios which have arisen in the context of the EnCoRe research
project. We have found that users tend to alter their default privacy
preferences when they are informed of all the different types of
revocation available to them.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
We introduce a revocation model for handling personal data in cyberspace.
The model is motivated by a series of workshops undertaken by the
EnCoRe project aimed at understanding the control requirements of
a variety of data subjects. We observe that there is a lack of understanding
of the various technical options available for implementing revocation
preferences, and introduce the concept of informed revocation by
analogy to Faden and Beauchamp's informed consent. We argue that
we can overcome the limitations associated with informed consent
via the implementation of EnCoRe technology solutions. Finally, we
apply our model and demonstrate its validity to a number of data-handling
scenarios which have arisen in the context of the EnCoRe research
project. We have found that users tend to alter their default privacy
preferences when they are informed of all the different types of
revocation available to them.
The model is motivated by a series of workshops undertaken by the
EnCoRe project aimed at understanding the control requirements of
a variety of data subjects. We observe that there is a lack of understanding
of the various technical options available for implementing revocation
preferences, and introduce the concept of informed revocation by
analogy to Faden and Beauchamp's informed consent. We argue that
we can overcome the limitations associated with informed consent
via the implementation of EnCoRe technology solutions. Finally, we
apply our model and demonstrate its validity to a number of data-handling
scenarios which have arisen in the context of the EnCoRe research
project. We have found that users tend to alter their default privacy
preferences when they are informed of all the different types of
revocation available to them.
Agrafiotis, Ioannis; Creese, Sadie; Goldsmith, Michael; Papanikolaou, Nikolaos
Reaching for Informed Revocation: Shutting Off the Tap on Personal Data Proceedings Article
In: Proceedings of Fifth International Summer School on Privacy and Identity Management for Life, Nice, France, 2009.
Abstract | Links | BibTeX | Tags:
@inproceedings{Agrafiotis2009b,
title = {Reaching for Informed Revocation: Shutting Off the Tap on Personal
Data},
author = {Ioannis Agrafiotis and Sadie Creese and Michael Goldsmith and Nikolaos
Papanikolaou},
url = {../files/primelife-revo.pdf},
year = {2009},
date = {2009-09-01},
booktitle = {Proceedings of Fifth International Summer School on Privacy and Identity
Management for Life},
address = {Nice, France},
abstract = {We introduce a revocation model for handling personal data in cyberspace.
The model is motivated by a series of workshops undertaken by the
EnCoRe project aimed at understanding the control requirements of
a variety of data subjects. We observe that there is a lack of understanding
of the various technical options available for implementing revocation
preferences, and introduce the concept of informed revocation by
analogy to Faden and Beauchamp's informed consent. We argue that
we can overcome the limitations associated with informed consent
via the implementation of EnCoRe technology solutions. Finally, we
apply our model and demonstrate its validity to a number of data-handling
scenarios which have arisen in the context of the EnCoRe research
project. We have found that users tend to alter their default privacy
preferences when they are informed of all the different types of
revocation available to them.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
We introduce a revocation model for handling personal data in cyberspace.
The model is motivated by a series of workshops undertaken by the
EnCoRe project aimed at understanding the control requirements of
a variety of data subjects. We observe that there is a lack of understanding
of the various technical options available for implementing revocation
preferences, and introduce the concept of informed revocation by
analogy to Faden and Beauchamp's informed consent. We argue that
we can overcome the limitations associated with informed consent
via the implementation of EnCoRe technology solutions. Finally, we
apply our model and demonstrate its validity to a number of data-handling
scenarios which have arisen in the context of the EnCoRe research
project. We have found that users tend to alter their default privacy
preferences when they are informed of all the different types of
revocation available to them.
The model is motivated by a series of workshops undertaken by the
EnCoRe project aimed at understanding the control requirements of
a variety of data subjects. We observe that there is a lack of understanding
of the various technical options available for implementing revocation
preferences, and introduce the concept of informed revocation by
analogy to Faden and Beauchamp's informed consent. We argue that
we can overcome the limitations associated with informed consent
via the implementation of EnCoRe technology solutions. Finally, we
apply our model and demonstrate its validity to a number of data-handling
scenarios which have arisen in the context of the EnCoRe research
project. We have found that users tend to alter their default privacy
preferences when they are informed of all the different types of
revocation available to them.
Papanikolaou, Nikolaos; Creese, Sadie; Goldsmith, Michael
Policy Refinement Checking Proceedings Article
In: Proceedings of Ninth International Workshop on Automated Verification of Critical Systems (AVoCS 09), Swansea University, 2009.
Abstract | Links | BibTeX | Tags:
@inproceedings{Papanikolaou2009b,
title = {Policy Refinement Checking},
author = {Nikolaos Papanikolaou and Sadie Creese and Michael Goldsmith},
url = {../files/polrefc-avocs.pdf},
year = {2009},
date = {2009-09-01},
booktitle = {Proceedings of Ninth International Workshop on Automated Verification
of Critical Systems (AVoCS 09)},
address = {Swansea University},
abstract = {We introduce refinement checking for privacy policies expressed in
P3P. Our method involves a translation of privacy policies to a set
of process specifications in CSP, which describe how the privacy
policy is enforced. The technique is described through an example
involving medical data collected by a biobank.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
We introduce refinement checking for privacy policies expressed in
P3P. Our method involves a translation of privacy policies to a set
of process specifications in CSP, which describe how the privacy
policy is enforced. The technique is described through an example
involving medical data collected by a biobank.
P3P. Our method involves a translation of privacy policies to a set
of process specifications in CSP, which describe how the privacy
policy is enforced. The technique is described through an example
involving medical data collected by a biobank.