P2BAC: Privacy Policy Based Access Control Using P-LPL
Jens Leicht, Maritta Heisel
2023
Abstract
Privacy policies are used to inform end-users about the processing of their personal data by service providers on the Internet. These policies are, however, not systematically enforced. There could be discrepancies between the policy provided to the end-users and the actual access control policies applied by the service provider. We propose the Privacy Policy Based Access Control (P2BAC) system to tackle this issue. P2BAC uses computer-processable privacy policies expressed in the Prolog-Layered Privacy Language (P-LPL) to make decisions on whether some data may be accessed for a specific purpose. With P2BAC we extend the Privacy Policy Compliance Guidance (PriPoCoG) framework. Since P-LPL privacy policies can be customized by the end-user, we can consider end-users’ privacy preferences during access control. P2BAC uses query rewriting to perform the access control. The decision point is implemented in Prolog and directly operates on the P-LPL privacy policy.
DownloadPaper Citation
in Harvard Style
Leicht J. and Heisel M. (2023). P2BAC: Privacy Policy Based Access Control Using P-LPL. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-624-8, pages 686-697. DOI: 10.5220/0011788500003405
in Bibtex Style
@conference{icissp23,
author={Jens Leicht and Maritta Heisel},
title={P2BAC: Privacy Policy Based Access Control Using P-LPL},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2023},
pages={686-697},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011788500003405},
isbn={978-989-758-624-8},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - P2BAC: Privacy Policy Based Access Control Using P-LPL
SN - 978-989-758-624-8
AU - Leicht J.
AU - Heisel M.
PY - 2023
SP - 686
EP - 697
DO - 10.5220/0011788500003405