A-PPL: An Accountability Policy Language

  • Monir Azraoui
  • Kaoutar Elkhiyaoui
  • Melek Önen
  • Karin Bernsmed
  • Anderson Santana De Oliveira
  • Jakub Sendor
Conference paper

DOI: 10.1007/978-3-319-17016-9_21

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8872)
Cite this paper as:
Azraoui M., Elkhiyaoui K., Önen M., Bernsmed K., De Oliveira A.S., Sendor J. (2015) A-PPL: An Accountability Policy Language. In: Garcia-Alfaro J. et al. (eds) Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance. Lecture Notes in Computer Science, vol 8872. Springer, Cham

Abstract

Cloud Computing raises various security and privacy challenges due to the customers’ inherent lack of control over their outsourced data. One approach to encourage customers to take advantage of the cloud is the design of new accountability solutions which improve the degree of transparency with respect to data processing. In this paper, we focus on accountability policies and propose A-PPL, an accountability policy language that represents machine-readable accountability policies. A-PPL extends the PPL language by allowing customers to define additional rules on data retention, data location, logging and notification. The use of A-PPL is illustrated with a use case where medical sensors collect personal data which are then stored and processed in the cloud. We define accountability obligations related to this use case and translate them into A-PPL policies as a proof of concept of our proposal.

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Monir Azraoui
    • 1
  • Kaoutar Elkhiyaoui
    • 1
  • Melek Önen
    • 1
  • Karin Bernsmed
    • 2
  • Anderson Santana De Oliveira
    • 3
  • Jakub Sendor
    • 3
  1. 1.EURECOMBiot Sophia AntipolisBiotFrance
  2. 2.SINTEF ICTTrondheimNorway
  3. 3.SAP Labs FranceMougins Sophia AntipolisAntipolisFrance

Personalised recommendations