Abstract
In this paper we focus on formalising privacy requirements for the Oxford Radcliffe Biobank (ORB) case study that has emerged within the EnCoRe project. We express the requirements using a logic designed for reasoning about the dynamics of privacy and specifically for capturing the lifecycle of consent and revocation (C&R) controls that a user may invoke. We demonstrate how to tackle ambiguities uncovered in the formalisation and to bridge the gap between user requirements for personal data privacy and system level policy languages effectively.
Chapter PDF
References
Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N.: Reaching for Informed Revocation: Shutting Off the Tap on Personal Data. In: Bezzi, M., Duquenoy, P., Fischer-Hübner, S., Hansen, M., Zhang, G. (eds.) Privacy and Identity. IFIP AICT, vol. 320, pp. 246–258. Springer, Heidelberg (2010)
Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N.: Applying Formal Methods to Detect and Resolve Ambiguities in Privacy Requirements. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity Management for Life. IFIP AICT, vol. 352, pp. 271–282. Springer, Heidelberg (2011)
Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N.: The logic of consent and revocation (2011) (in preparation)
Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (epal). Research report, 3485 (2003)
Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: 2006 IEEE Symposium on Security and Privacy, p. 15. IEEE (2006)
Becker, M.Y., Malkis, A., Bussard, L.: A framework for privacy preferences and data-handling policies. Technical report, Technical Report MSR-TR-2009-128, Microsoft Research (2009)
Bonatti, P.A., Damiani, E., De Capitani di Vemercati, S., Samarati, P.: A component-based architecture for secure data publication. In: Proceedings of 17th Annual Computer Security Applications Conference, ACSAC 2001, pp. 309–318. IEEE (2001)
Cranor, L.F.: Web privacy with P3P. O’Reilly Media (2002)
Nissenbaum, H.: Privacy as contextual integrity. Wash. L. Rev. 79, 119 (2004)
Tschantz, M., Wing, J.: Formal Methods for Privacy. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 1–15. Springer, Heidelberg (2009)
Whitley, E.A.: Perceptions of government technology, surveillance and privacy: the UK identity cards scheme. In: New Directions in Surveillance and Privacy, p. 133 (2009)
Whitley, E.A.: Information privacy consent and the ‘control’ of personal data. Inform. Secur. Tech. Rep. (2009), doi:10.1016/j.istr.2009.10.001
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Agrafiotis, I., Creese, S., Goldsmith, M. (2012). Formalising Requirements for a Biobank Case Study Using a Logic for Consent and Revocation. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2011. IFIP Advances in Information and Communication Technology, vol 375. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31668-5_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-31668-5_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31667-8
Online ISBN: 978-3-642-31668-5
eBook Packages: Computer ScienceComputer Science (R0)