Abstract
Electronic sharing of data among different parties, including groups of organizations and/or individuals, while protecting their legitimate rights on these data, is a key both for business and societal transactions. However, data sharing clauses are usually specified in legal documents that are far from being amenable of automated processing by the electronic platform that should enforce them. Furthermore, different parties usually pursue different interests. This may lead to conflicts that need to be solved for the agreements to succeed. Addressing this problem, in this paper we (i) discuss a proposal for the definition of a machine processable electronic data sharing multilateral contract (e-DSA); (ii) recall a controlled natural language (CNL4DSA) developed for expressing e-DSA clauses, in particular, authorizations and obligations policies on data; (iii) instantiate a resolution process that can solve potential conflicts posed by different stakeholders’ clauses, e.g., legal, organizational, and end-users’ clauses, according to specific criteria. We illustrate our approach on a realistic e-Health scenario derived from one described by a Spanish medical institution. The main novelty of this paper are the reference to the Spanish Data Protection Law (S)DPL as the basic source of policies regulating data exchange and the idea of a multi-step e-DSA definition phase that incrementally increases the contract granularity. To the best of our knowledge, this is one of the first attempts to investigate how a real DPL can be translated into privacy rules electronically manageable by a devoted e-DSA-based infrastructure.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al-Shaer, E.S., Hamed, H.H.: Firewall policy advisor for anomaly discovery and rule editing. In: IFIP/IEEE Integrated Network Management, pp. 17–30 (2003)
Arenas, A.E., Aziz, B., Bicarregui, J., Wilson, M.D.: An event-B approach to data sharing agreements. In: Méry, D., Merz, S. (eds.) IFM 2010. LNCS, vol. 6396, pp. 28–42. Springer, Heidelberg (2010)
Bicarregui, J., Arenas, A., Aziz, B., Massonet, P., Ponsard, C.: Towards modelling obligations in event-B. In: Börger, E., Butler, M., Bowen, J.P., Boca, P. (eds.) ABZ 2008. LNCS, vol. 5238, pp. 181–194. Springer, Heidelberg (2008)
Cholvy, L., Cuppens, F.: Analyzing consistency of security policies. In: IEEE Symposium on Security and Privacy, pp. 103–112 (1997)
Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C. (eds.): All About Maude. LNCS, vol. 4350. Springer, Heidelberg (2007)
Colombo, M., Martinelli, F., Matteucci, I., Petrocchi, M.: Context-aware analysis of data sharing agreements. In: Advances in Human-Oriented and Personalized Mechanisms, Technologies and Services, pp. 99–104 (2010)
Cuppens, F., Cuppens-Boulahia, N., Ghorbel, M.B.: High level conflict management strategies in advanced access control models. ENTCS 186, 3–26 (2007)
De Nicola, R., Ferrari, G.-L., Pugliese, R.: Programming access control: The KLAIM experience. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 48–65. Springer, Heidelberg (2000)
Dunlop, N., Indulska, J., Raymond, K.: Methods for conflict resolution in policy-based management systems. In: Enterprise Distributed Object Computing, pp. 98–109. IEEE (2003)
EU FP7 grant no. 610853. Confidential and Compliant Clouds (Coco Cloud) project (2013). http://www.coco-cloud.eu
Hall-May, M., Kelly, T.: Towards conflict detection and resolution of safety policies. In: International System Safety Conference, pp. 687–695 (2006)
Hansen, R.R., Nielson, F., Nielson, H.R., Probst, C.W.: Static validation of licence conformance policies. In: ARES, pp. 1104–1111 (2008)
Hewlett-Packard Italiana (ed.): Coco-Cloud Deliverable 7.1: Definition of pilot requirements (2014). http://www.coco-cloud.eu/deliverables
Jin, J., Ahn, G.-J., Hu, H., Covington, M.J., Zhang, X.: Patient-centric authorization framework for electronic healthcare services. Comput. Secur. 30(2–3), 116–127 (2011)
Joint NEMA/COCIR/JIRA Security and Privacy Committee (SPC). Break-glass: An approach to granting emergency access to healthcare systems (2004)
Larsen, K.G.: Modal specifications. In: Sifakis, J. (ed.) CAV 1989. LNCS, vol. 407, pp. 232–246. Springer, Heidelberg (1990)
Larsen, K.G., Thomsen, B.: A modal process logic. In: LICS, pp. 203–210 (1988)
Lunardelli, A., Matteucci, I., Mori, P., Petrocchi, M.: A prototype for solving conflicts in XACML-based e-health policies. In: Computer-Based Medical Systems, pp. 449–452. IEEE (2013)
Lupu, E.C., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Trans. Softw. Eng. 25(6), 852–869 (1999)
Masoumzadeh, A., Amini, M., Jalili, R.: Conflict detection and resolution in context-aware authorization. In: Security in Networks and Distributed Systems, pp. 505–511. IEEE (2007)
Matteucci, I., Mori, P., Petrocchi, M.: Prioritized execution of privacy policies. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) DPM 2012 and SETOP 2012. LNCS, vol. 7731, pp. 133–145. Springer, Heidelberg (2013)
Matteucci, I., Mori, P., Petrocchi, M., Wiegand, L.: Controlled data sharing in E-health. In: STAST, pp. 17–23 (2011)
Matteucci, I., Petrocchi, M., Sbodio, M.L.: CNL4DSA: a controlled natural language for data sharing agreements. In: SAC: Privacy on the Web Track, pp. 616–620. ACM (2010)
Matteucci, I., Petrocchi, M., Sbodio, M.L., Wiegand, L.: A design phase for data sharing agreements. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 25–41. Springer, Heidelberg (2012)
Milner, R.: A Calculus of Communicating Systems. Springer-Verlag New York Inc., Secaucus (1982)
Ni, Q., Bertino, E., Lobo, J., Brodie, C., Karat, C.-M., Karat, J., Trombetta, A.: Privacy-aware role-based access control. ACM Trans. Inform. Syst. Secur. 13(3), 24:1–24:31 (2010)
OASIS. eXtensible Access Control Markup Language (XACML) Version 3.0, January 2013
Policy Design Tool (2009). http://www.alphaworks.ibm.com/tech/policydesigntool
Saaty, T.L.: A scaling method for priorities in hierarchical structures. J. Math. Psychol. 15(3), 234–281 (1977)
Saaty, T.L.: Decision-making with the AHP: why is the principal eigenvector necessary. Eur. J. Oper. Res. 145(1), 85–91 (2003)
Saaty, T.L.: Decision making with the analytic hierarchy process. Int. J. Serv. Sci. 1(1), 83–98 (2008)
Syukur, E.: Methods for policy conflict detection and resolution in pervasive computing environments. In: Policy Management for Web (WWW 2005), pp. 10–14. ACM (2005)
Verdejo, A., Martí-Oliet, N.: Implementing CCS in Maude 2. ENTCS 71, 282–300 (2002)
Acknowledgments
The research leading to these results has been partially funded by the European Union Seventh Framework Programme (FP7/2007-2013) under grant no. 610853 (Coco Cloud).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Egea, M., Matteucci, I., Mori, P., Petrocchi, M. (2015). Definition of Data Sharing Agreements. In: Felici, M., Fernández-Gago, C. (eds) Accountability and Security in the Cloud. A4Cloud 2014. Lecture Notes in Computer Science(), vol 8937. Springer, Cham. https://doi.org/10.1007/978-3-319-17199-9_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-17199-9_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17198-2
Online ISBN: 978-3-319-17199-9
eBook Packages: Computer ScienceComputer Science (R0)