Experiences in the logical specification of the HIPAA and GLBA privacy laws

DeYoung, Henry; Garg, Deepak; Jia, Limin; Kaynar, Dilsun; Datta, Anupam

doi:10.1145/1866919.1866930

Cited by 64 publications

(73 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To address this limitation, many logics and languages have been proposed for specifying privacy policies. Some examples are P3P [48,49], EPAL [50,51], Privacy APIs [52], LPU [53,54], past-only fragment of first-order temporal logic (FOTL) [10,11], predLTL [55], pLogic [56], PrivacyLFP [12], MFOTL [5][6][7], the guarded fragment of first-order logic with explicit time [4], and P-RBAC [57]. Our policy language, GMP, is more expressive than many existing policy languages such as LPU [53,54], P3P [48,49], EPAL [50,51], and P-RBAC [57].…”

Section: Related Workmentioning

confidence: 99%

“…First, they both assume that privacy policies are represented in first-order temporal logic, extended with explicit time. Such extensions have been demonstrated adequate for representing the privacy requirements of both HIPAA and GLBA [12]. Second, to ensure that only finitely many instances of quantifiers are tested during compliance checking, both lines of work use static policy checks to restrict the syntax of the logic.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Temporal Mode-Checking for Runtime Monitoring of Privacy Policies

Chowdhury

Jia

Garg³

et al. 2014

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Fragments of first-order temporal logic are useful for representing many practical privacy and security policies. Past work has proposed two strategies for checking event trace (audit log) compliance with policies: online monitoring and offline audit. Although online monitoring is space-and timeefficient, existing techniques insist that satisfying instances of all subformulas of the policy be amenable to caching, which limits expressiveness when some subformulas have infinite support. In contrast, offline audit is brute force and can handle more policies but is not as efficient. This paper proposes a new online monitoring algorithm that caches satisfying instances when it can, and falls back to the brute force search when it cannot. Our key technical insight is a new flowand time-sensitive static check of variable groundedness, called the temporal mode check, which determines subformulas for which such caching is feasible and those for which it is not and, hence, guides our algorithm. We prove the correctness of our algorithm and evaluate its performance over synthetic traces and realistic policies.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Temporal Mode-Checking for Runtime Monitoring of Privacy Policies

Chowdhury

Jia

Garg³

et al. 2014

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

show abstract

“…The idea that privacy expectations can be stated using context-relative informational norms is formalized in a semantic model and logic of privacy proposed with colleagues at Stanford and New York University [1] and developed further in follow-up work with my students and postdoctoral researchers [8]. At a high-level, the model consists of a set of interacting agents in roles who perform actions involving personal information in a given context.…”

Section: Contextual Integrity and Logic Of Privacymentioning

confidence: 99%

“…We arrive at this enforceable logic by restricting the syntax of the expressive first-order logic we used in our earlier work to develop the first complete formalization of two US privacy laws-the HIPAA Privacy Rule for healthcare organizations and the Gramm-Leach-Bliley Act for financial institutions [8] 1 . These comprehensive case studies shed light on common concepts that arise in transmission principles in practice-data attributes, dynamic roles, notice and consent (formalized as temporal properties), purposes of uses and disclosures, and principals' beliefs-as well as how individual transmission principles are composed in privacy policies 2 .…”

Section: Contextual Integrity and Logic Of Privacymentioning

confidence: 99%

“…This article provides an overview of a body of work on formalizing and enforcing practical privacy policies using computational techniques [1,2,[4][5][6][7][8][9][16][17][18] conducted jointly with my students, postdoctoral researchers, and colleagues at Carnegie Mellon, Stanford, and New York University. We find that one significant difference from traditional security settings is that the enforcement mechanisms in privacy settings often have only black-box access to the programs and people who operate on personal information.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Privacy through Accountability: A Computer Science Perspective

Datta

2014

Distributed Computing and Internet Technology

Self Cite

View full text Add to dashboard Cite

Abstract. Privacy has become a significant concern in modern society as personal information about individuals is increasingly collected, used, and shared, often using digital technologies, by a wide range of organizations. To mitigate privacy concerns, organizations are required to respect privacy laws in regulated sectors (e.g., HIPAA in healthcare, GLBA in financial sector) and to adhere to self-declared privacy policies in self-regulated sectors (e.g., privacy policies of companies such as Google and Facebook in Web services). This article provides an overview of a body of work on formalizing and enforcing privacy policies. We formalize privacy policies that prescribe and proscribe flows of personal information as well as those that place restrictions on the purposes for which a governed entity may use personal information. Recognizing that traditional preventive access control and information flow control mechanisms are inadequate for enforcing such privacy policies, we develop principled accountability mechanisms that seek to encourage policy-compliant behavior by detecting policy violations, assigning blame, and punishing violators. We apply these techniques to several U.S. privacy laws and organizational privacy policies, in particular, producing the first complete logical specification and audit of all disclosure-related clauses of the HIPAA Privacy Rule.

show abstract