On the Definition and Policies of Confidentiality

Johs  Hansen Hammer; Gerardo  Schneider

3rd International ICST Symposium on Information Assurance and Security

Research Article

On the Definition and Policies of Confidentiality

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.1109/IAS.2007.20,
    author={Johs  Hansen Hammer and Gerardo  Schneider},
    title={On the Definition and Policies of Confidentiality},
    proceedings={3rd International ICST Symposium on  Information Assurance and Security},
    publisher={IEEE},
    proceedings_a={IAS},
    year={2007},
    month={9},
    keywords={confidentiality  norms  policies.},
    doi={10.1109/IAS.2007.20}
}

Johs Hansen Hammer
Gerardo Schneider
Year: 2007
On the Definition and Policies of Confidentiality
IAS
IEEE
DOI: 10.1109/IAS.2007.20

Johs Hansen Hammer¹^,*, Gerardo Schneider²^,*

1: NAV, Oslo, Norway
2: Dept. of Informatics, University of Oslo, Norway

*Contact email: johs.hammer@nav.no, gerardo@iﬁ.uio.no

Abstract

In this paper we propose a more general definition of confidentiality, as an aspect of information security including information flow control. We discuss central aspects of confidentiality and their relation with norms and policies, and we introduce a language, with a deontic flavor, to express such norms and policies. Our language may be regarded as a first step towards a formal specification of security policies for confidentiality. We provide a number of examples of useful norms on confidentiality, and we discuss confidentiality policies from real scenarios.

Keywords: confidentiality norms policies.

Published: 2007-09-10
Publisher: IEEE
Modified: 2011-08-02

: http://dx.doi.org/10.1109/IAS.2007.20