Publication: Privacy policies verification in composite services using OWL
Issued Date
2017-06-01
Resource Type
ISSN
01674048
Other identifier(s)
2-s2.0-85015055566
Rights
Mahidol University
Rights Holder(s)
SCOPUS
Bibliographic Citation
Computers and Security. Vol.67, (2017), 122-141
Suggested Citation
Assadarat Khurat, Boontawee Suntisrivaraporn, Dieter Gollmann Privacy policies verification in composite services using OWL. Computers and Security. Vol.67, (2017), 122-141. doi:10.1016/j.cose.2017.02.015 Retrieved from: https://repository.li.mahidol.ac.th/handle/20.500.14594/42366
Research Projects
Organizational Units
Authors
Journal Issue
Thesis
Title
Privacy policies verification in composite services using OWL
Other Contributor(s)
Abstract
© 2017 Elsevier Ltd Privacy has been an important issue for online services collecting customer data. P3P is a privacy policy language with a fixed vocabulary to express privacy practices of online services. The matching between the privacy practices (P3P policies) and users’ privacy preferences facilitates the users to be aware of services’ usage of their data. However, the change from single to composite online services raises more privacy concern due to the increasing amount of user data being collected, stored and shared. This change impacts on P3P since it was designed from a single service perspective. In addition, P3P allows the specification of policies containing semantic inconsistencies. In this paper, we extend P3P to be suitable for composite services and propose a formal semantics for P3P using OWL to facilitate reasoning about semantic ambiguities in P3P policies. The constraints defined in our ontology are used to verify potential semantic inconsistencies and to check for conflicts occurring from P3P policies of service members. We have implemented a P3P verification tool and verified five hundred P3P policies collected from actual websites. The verification result shows that more than half of these P3P policies contain conflicts.