Privacy System Vocabulary

This is a vocabulary in EPAL that will be used for modelling the interactions in a Privacy System.

Penn Security Lab University of Pennsylvania

seclab@seas.upenn.edu

200 South 33rd Street, Philadelphia, PA 19104

USA http://www.securitylab.cis.upenn.edu

Subject

Subscriber

Holder

Root category that includes all subcategories

Root of all data types.

Purpose1

Purpose2

Root purpose that includes all others

Publish Subscribe event - T function

Creation event - V relation

Set Policy event - W relation

Action event - U relation

Container for information about the principal involved in the publishing event. This Container has information about the Sigmas that belong to each principal. dateTime values are included to allow for checking expiration of principal permissions

Name of the principal that owns this permission

Name of the subject of the permission

Value of the permission indicator (Can be {dir, bottom} only)

Date and time when the permission expires

Container with the information needed to evaluate a transfer request.

Value of the Sigma that the publisher has on the subject

Value of the Sigma that the subscriber has on the subject

Name of the publisher

Name of the subscriber

Name of the subject of the data

Container with the information needed to evaluate a set policy request.

Value of the Sigma that the setter has on the subject

Value of the Sigma that the recipient has on the subject

Name of the setter

Name of the recipient

Name of the subject of the data

All the data necessary for the evaluation of a set policy event - p sets sigma on q for r at t

Name of the principal that is doing the setting of the permissions

Value of the permission that the setter is setting

Name of the principal that is receiving the permission on the subject

Name of the principal that the permission is being set about

Time and date when the set policy event is taking place

All the data necessary for the evaluation of a creation event - p creates x at t

Name of the principal that is doing the object creation

Object being created

Name of the principal that the object created is about

Time and date when the creation is taking place

All the data necessary for the evaluation of a set publish/subscribe event - p gets x from q at t

Name of the principal that is doing the publishing

Object that is being published

Name of the principal that is receiving the object

Name of the principal that the object is about

Time and date when the publishing/subscribing is taking place

All the data necessary for the evaluation of an action event - p does a on q at t

Name of the principal that is doing the action

Action being done

Name of the principal that is being acted on

Time and date when the action is taking place

Data must be reduced in accuracy before the action of this rule can be executed.