Skip to main content
SpringerLink
Log in

Definition of Data Sharing Agreements

The Case of Spanish Data Protection Law

  • Chapter
  • First Online:
Accountability and Security in the Cloud (A4Cloud 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8937))

Included in the following conference series:

Abstract

Electronic sharing of data among different parties, including groups of organizations and/or individuals, while protecting their legitimate rights on these data, is a key both for business and societal transactions. However, data sharing clauses are usually specified in legal documents that are far from being amenable of automated processing by the electronic platform that should enforce them. Furthermore, different parties usually pursue different interests. This may lead to conflicts that need to be solved for the agreements to succeed. Addressing this problem, in this paper we (i) discuss a proposal for the definition of a machine processable electronic data sharing multilateral contract (e-DSA); (ii) recall a controlled natural language (CNL4DSA) developed for expressing e-DSA clauses, in particular, authorizations and obligations policies on data; (iii) instantiate a resolution process that can solve potential conflicts posed by different stakeholders’ clauses, e.g., legal, organizational, and end-users’ clauses, according to specific criteria. We illustrate our approach on a realistic e-Health scenario derived from one described by a Spanish medical institution. The main novelty of this paper are the reference to the Spanish Data Protection Law (S)DPL as the basic source of policies regulating data exchange and the idea of a multi-step e-DSA definition phase that incrementally increases the contract granularity. To the best of our knowledge, this is one of the first attempts to investigate how a real DPL can be translated into privacy rules electronically manageable by a devoted e-DSA-based infrastructure.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Al-Shaer, E.S., Hamed, H.H.: Firewall policy advisor for anomaly discovery and rule editing. In: IFIP/IEEE Integrated Network Management, pp. 17–30 (2003)

    Google Scholar 

  2. Arenas, A.E., Aziz, B., Bicarregui, J., Wilson, M.D.: An event-B approach to data sharing agreements. In: Méry, D., Merz, S. (eds.) IFM 2010. LNCS, vol. 6396, pp. 28–42. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  3. Bicarregui, J., Arenas, A., Aziz, B., Massonet, P., Ponsard, C.: Towards modelling obligations in event-B. In: Börger, E., Butler, M., Bowen, J.P., Boca, P. (eds.) ABZ 2008. LNCS, vol. 5238, pp. 181–194. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  4. Cholvy, L., Cuppens, F.: Analyzing consistency of security policies. In: IEEE Symposium on Security and Privacy, pp. 103–112 (1997)

    Google Scholar 

  5. Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C. (eds.): All About Maude. LNCS, vol. 4350. Springer, Heidelberg (2007)

    MATH  Google Scholar 

  6. Colombo, M., Martinelli, F., Matteucci, I., Petrocchi, M.: Context-aware analysis of data sharing agreements. In: Advances in Human-Oriented and Personalized Mechanisms, Technologies and Services, pp. 99–104 (2010)

    Google Scholar 

  7. Cuppens, F., Cuppens-Boulahia, N., Ghorbel, M.B.: High level conflict management strategies in advanced access control models. ENTCS 186, 3–26 (2007)

    Google Scholar 

  8. De Nicola, R., Ferrari, G.-L., Pugliese, R.: Programming access control: The KLAIM experience. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 48–65. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  9. Dunlop, N., Indulska, J., Raymond, K.: Methods for conflict resolution in policy-based management systems. In: Enterprise Distributed Object Computing, pp. 98–109. IEEE (2003)

    Google Scholar 

  10. EU FP7 grant no. 610853. Confidential and Compliant Clouds (Coco Cloud) project (2013). http://www.coco-cloud.eu

  11. Hall-May, M., Kelly, T.: Towards conflict detection and resolution of safety policies. In: International System Safety Conference, pp. 687–695 (2006)

    Google Scholar 

  12. Hansen, R.R., Nielson, F., Nielson, H.R., Probst, C.W.: Static validation of licence conformance policies. In: ARES, pp. 1104–1111 (2008)

    Google Scholar 

  13. Hewlett-Packard Italiana (ed.): Coco-Cloud Deliverable 7.1: Definition of pilot requirements (2014). http://www.coco-cloud.eu/deliverables

  14. Jin, J., Ahn, G.-J., Hu, H., Covington, M.J., Zhang, X.: Patient-centric authorization framework for electronic healthcare services. Comput. Secur. 30(2–3), 116–127 (2011)

    Article  Google Scholar 

  15. Joint NEMA/COCIR/JIRA Security and Privacy Committee (SPC). Break-glass: An approach to granting emergency access to healthcare systems (2004)

    Google Scholar 

  16. Larsen, K.G.: Modal specifications. In: Sifakis, J. (ed.) CAV 1989. LNCS, vol. 407, pp. 232–246. Springer, Heidelberg (1990)

    Chapter  Google Scholar 

  17. Larsen, K.G., Thomsen, B.: A modal process logic. In: LICS, pp. 203–210 (1988)

    Google Scholar 

  18. Lunardelli, A., Matteucci, I., Mori, P., Petrocchi, M.: A prototype for solving conflicts in XACML-based e-health policies. In: Computer-Based Medical Systems, pp. 449–452. IEEE (2013)

    Google Scholar 

  19. Lupu, E.C., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Trans. Softw. Eng. 25(6), 852–869 (1999)

    Article  Google Scholar 

  20. Masoumzadeh, A., Amini, M., Jalili, R.: Conflict detection and resolution in context-aware authorization. In: Security in Networks and Distributed Systems, pp. 505–511. IEEE (2007)

    Google Scholar 

  21. Matteucci, I., Mori, P., Petrocchi, M.: Prioritized execution of privacy policies. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) DPM 2012 and SETOP 2012. LNCS, vol. 7731, pp. 133–145. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  22. Matteucci, I., Mori, P., Petrocchi, M., Wiegand, L.: Controlled data sharing in E-health. In: STAST, pp. 17–23 (2011)

    Google Scholar 

  23. Matteucci, I., Petrocchi, M., Sbodio, M.L.: CNL4DSA: a controlled natural language for data sharing agreements. In: SAC: Privacy on the Web Track, pp. 616–620. ACM (2010)

    Google Scholar 

  24. Matteucci, I., Petrocchi, M., Sbodio, M.L., Wiegand, L.: A design phase for data sharing agreements. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 25–41. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  25. Milner, R.: A Calculus of Communicating Systems. Springer-Verlag New York Inc., Secaucus (1982)

    Google Scholar 

  26. Ni, Q., Bertino, E., Lobo, J., Brodie, C., Karat, C.-M., Karat, J., Trombetta, A.: Privacy-aware role-based access control. ACM Trans. Inform. Syst. Secur. 13(3), 24:1–24:31 (2010)

    Article  Google Scholar 

  27. OASIS. eXtensible Access Control Markup Language (XACML) Version 3.0, January 2013

    Google Scholar 

  28. Policy Design Tool (2009). http://www.alphaworks.ibm.com/tech/policydesigntool

  29. Saaty, T.L.: A scaling method for priorities in hierarchical structures. J. Math. Psychol. 15(3), 234–281 (1977)

    Article  MATH  MathSciNet  Google Scholar 

  30. Saaty, T.L.: Decision-making with the AHP: why is the principal eigenvector necessary. Eur. J. Oper. Res. 145(1), 85–91 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  31. Saaty, T.L.: Decision making with the analytic hierarchy process. Int. J. Serv. Sci. 1(1), 83–98 (2008)

    MathSciNet  Google Scholar 

  32. Syukur, E.: Methods for policy conflict detection and resolution in pervasive computing environments. In: Policy Management for Web (WWW 2005), pp. 10–14. ACM (2005)

    Google Scholar 

  33. Verdejo, A., Martí-Oliet, N.: Implementing CCS in Maude 2. ENTCS 71, 282–300 (2002)

    Google Scholar 

Download references

Acknowledgments

The research leading to these results has been partially funded by the European Union Seventh Framework Programme (FP7/2007-2013) under grant no. 610853 (Coco Cloud).

Author information

Authors and Affiliations

  1. Atos Research and Innovation, Madrid, Spain

    Marina Egea

  2. Istituto di Informatica e Telematica, CNR, Pisa, Italy

    Ilaria Matteucci, Paolo Mori & Marinella Petrocchi

Authors
  1. Marina Egea
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ilaria Matteucci
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paolo Mori
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Marinella Petrocchi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marinella Petrocchi .

Editor information

Editors and Affiliations

  1. HP Labs, Bristol, United Kingdom

    Massimo Felici

  2. University of Malaga, Malaga, Spain

    Carmen Fernández-Gago

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Egea, M., Matteucci, I., Mori, P., Petrocchi, M. (2015). Definition of Data Sharing Agreements. In: Felici, M., Fernández-Gago, C. (eds) Accountability and Security in the Cloud. A4Cloud 2014. Lecture Notes in Computer Science(), vol 8937. Springer, Cham. https://doi.org/10.1007/978-3-319-17199-9_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17199-9_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17198-2

  • Online ISBN: 978-3-319-17199-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation