Strong and weak policy relations

Michael J. May; Carl A. Gunter; Insup Lee; Steve Zdancewic

doi:10.1109/POLICY.2009.20

Strong and weak policy relations

Michael J. May, Carl A. Gunter, Insup Lee, Steve Zdancewic

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Access control and privacy policy relations tend to focus on decision outcomes and are very sensitive to defined terms and state. Small changes or updates to a policy language or vocabulary may make two similar policies incomparable. To address this we develop two flexible policy relations derived from bisimulation in process calculi. Strong licensing compares the outcome of two policies strictly, similar to strong bisimulation. Weak licensing compares the outcome of policies more flexibly by ignoring irrelevant (non-confiicting) differences between out-comes, similar to weak bisimulation. We illustrate the relations usine examples from P3P.

Original language	English (US)
Title of host publication	Proceedings - 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009
Pages	33-36
Number of pages	4
DOIs	https://doi.org/10.1109/POLICY.2009.20
State	Published - 2009
Event	2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009 - London, United Kingdom Duration: Jul 20 2009 → Jul 22 2009

Publication series

Name	Proceedings - 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009

Other

Other	2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009
Country/Territory	United Kingdom
City	London
Period	7/20/09 → 7/22/09

Keywords

Policy analysis
Privacy policies

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Electrical and Electronic Engineering

Online availability

10.1109/POLICY.2009.20

Library availability

Discover UIUC Full Text

Cite this

May, M. J., Gunter, C. A., Lee, I., & Zdancewic, S. (2009). Strong and weak policy relations. In Proceedings - 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009 (pp. 33-36). Article 5197378 (Proceedings - 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009). https://doi.org/10.1109/POLICY.2009.20

Strong and weak policy relations. / May, Michael J.; Gunter, Carl A.; Lee, Insup et al.
Proceedings - 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009. 2009. p. 33-36 5197378 (Proceedings - 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

May, MJ, Gunter, CA, Lee, I & Zdancewic, S 2009, Strong and weak policy relations. in Proceedings - 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009., 5197378, Proceedings - 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009, pp. 33-36, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009, London, United Kingdom, 7/20/09. https://doi.org/10.1109/POLICY.2009.20

@inproceedings{516477d2590c40d89277fdad1b592c3a,

title = "Strong and weak policy relations",

abstract = "Access control and privacy policy relations tend to focus on decision outcomes and are very sensitive to defined terms and state. Small changes or updates to a policy language or vocabulary may make two similar policies incomparable. To address this we develop two flexible policy relations derived from bisimulation in process calculi. Strong licensing compares the outcome of two policies strictly, similar to strong bisimulation. Weak licensing compares the outcome of policies more flexibly by ignoring irrelevant (non-confiicting) differences between out-comes, similar to weak bisimulation. We illustrate the relations usine examples from P3P.",

keywords = "Policy analysis, Privacy policies",

author = "May, {Michael J.} and Gunter, {Carl A.} and Insup Lee and Steve Zdancewic",

year = "2009",

doi = "10.1109/POLICY.2009.20",

language = "English (US)",

isbn = "9780769537429",

series = "Proceedings - 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009",

pages = "33--36",

booktitle = "Proceedings - 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009",

note = "2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009 ; Conference date: 20-07-2009 Through 22-07-2009",

}

TY - GEN

T1 - Strong and weak policy relations

AU - May, Michael J.

AU - Gunter, Carl A.

AU - Lee, Insup

AU - Zdancewic, Steve

PY - 2009

Y1 - 2009

N2 - Access control and privacy policy relations tend to focus on decision outcomes and are very sensitive to defined terms and state. Small changes or updates to a policy language or vocabulary may make two similar policies incomparable. To address this we develop two flexible policy relations derived from bisimulation in process calculi. Strong licensing compares the outcome of two policies strictly, similar to strong bisimulation. Weak licensing compares the outcome of policies more flexibly by ignoring irrelevant (non-confiicting) differences between out-comes, similar to weak bisimulation. We illustrate the relations usine examples from P3P.

AB - Access control and privacy policy relations tend to focus on decision outcomes and are very sensitive to defined terms and state. Small changes or updates to a policy language or vocabulary may make two similar policies incomparable. To address this we develop two flexible policy relations derived from bisimulation in process calculi. Strong licensing compares the outcome of two policies strictly, similar to strong bisimulation. Weak licensing compares the outcome of policies more flexibly by ignoring irrelevant (non-confiicting) differences between out-comes, similar to weak bisimulation. We illustrate the relations usine examples from P3P.

KW - Policy analysis

KW - Privacy policies

UR - http://www.scopus.com/inward/record.url?scp=71049149331&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=71049149331&partnerID=8YFLogxK

U2 - 10.1109/POLICY.2009.20

DO - 10.1109/POLICY.2009.20

M3 - Conference contribution

AN - SCOPUS:71049149331

SN - 9780769537429

T3 - Proceedings - 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009

SP - 33

EP - 36

BT - Proceedings - 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009

T2 - 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009

Y2 - 20 July 2009 through 22 July 2009

ER -

Strong and weak policy relations

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this