Michael J. May scite author profile

Michael J. May

5Publications

151Citation Statements Received

43Citation Statements Given

How they've been cited

169

151

How they cite others

Affiliations

Arava Institute, California University of Pennsylvania, Technical University of Munich

Publications

Order By: Most citations

Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies

May

Gunter

Lee

View full text Add to dashboard Cite

There is a growing interest in establishing rules to regulate the privacy of citizens in the treatment of sensitive personal data such as medical and financial records. Such rules must be respected by software used in these sectors. The regulatory statements are somewhat informal and must be interpreted carefully in the software interface to private data. This paper describes techniques to formalize regulatory privacy rules and how to exploit this formalization to analyze the rules automatically. Our formalism, which we call privacy APIs, is an extension of access control matrix operations to include (1) operations for notification and logging and (2) constructs that ease the mapping between legal and formal language. We validate the expressive power of privacy APIs by encoding the 2000 and 2003 HIPAA consent rules in our system. This formalization is then encoded into Promela and we validate the usefulness of the formalism by using the SPIN model checker to verify properties that distinguish the two versions of HIPAA. Comments Copyright 2006. Reprinted from Computer Security Foundations Workshop (CSFW 2006)This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.

show abstract

A Formal Privacy System and Its Application to Location Based Services

Gunter

May

Stubblebine³

2005

View full text Add to dashboard Cite

WSEmail: secure Internet messaging based on Web services

Lux

May

Bhattad

et al. 2005

View full text Add to dashboard Cite

Internet messaging (email) faces a variety of challenges not envisioned in its original design. Efforts have been made to compensate for limitations in security, flexibility, and integration within the existing standards and software base, but many aspects of these objectives can be obtained more easily from a fresh design. A fresh design will be easier to deploy if it is based on an emerging suite of high-level standards. In this work we explore the idea of redesigning email as a family of web services, an approach we call WSEmail. Existing standards and software for web services provide a high-level foundation with many of the desired properties. We illustrate a design, some sample applications, steps toward a theoretical foundation for its security, and an implementation. Our prototype illustrates a number of useful features: messages secured under federated identities, flexible treatment of access control, ondemand attachments, semantic routing, modular extensibility, and integration with instant messaging.

show abstract

Combating Ransomware using Content Analysis and Complex File Events

May¹,

Laron²

2019

View full text Add to dashboard Cite

Securing the drop-box architecture for assisted living

May

Shin

Gunter

et al. 2006

View full text Add to dashboard Cite

Home medical devices enable individuals to monitor some of their own health information without the need for visits by nurses or trips to medical facilities. This enables more continuous information to be provided at lower cost and will lead to better healthcare outcomes. The technology depends on network communication of sensitive health data. Requirements for reliability and ease-of-use provide challenges for securing these communications. In this paper we look at protocols for the drop-box architecture, an approach to assisted living that relies on a partially-trusted Assisted Living Service Provider (ALSP). We sketch the requirements and architecture for assisted living based on this architecture and describe its communication protocols. In particular, we give a detailed description of its report and alarm transmission protocols and give an automated proof of correspondence theorems for them. Our formulation shows how to characterize the partial trust vested in the ALSP and use the existing tools to verify this partial trust. AbstractHome medical devices enable individuals to monitor some of their own health information without the need for visits by nurses or trips to medical facilities. This enables more continuous information to be provided at lower cost and will lead to better healthcare outcomes. The technology depends on network communication of sensitive health data. Requirements for reliability and ease-of-use provide challenges for securing these communications. In this paper we look at protocols for the drop-box architecture, an approach to assisted living that relies on a partiallytrusted Assisted Living Service Provider (ALSP). We sketch the requirements and architecture for assisted living based on this architecture and describe its communication protocols. In particular, we give a detailed description of its report and alarm transmission protocols and give an automated proof of correspondence theorems for them. Our formulation shows how to characterize the partial trust vested in the ALSP and use the existing tools to verify this partial trust.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Michael J. May

Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies

A Formal Privacy System and Its Application to Location Based Services

WSEmail: secure Internet messaging based on Web services

Combating Ransomware using Content Analysis and Complex File Events

Securing the drop-box architecture for assisted living

Contact Info

Product

Resources

About