Advertisement

A Design Phase for Data Sharing Agreements

  • Ilaria Matteucci
  • Marinella Petrocchi
  • Marco Luca Sbodio
  • Luca Wiegand
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7122)

Abstract

The number of factories, service providers, retailers, and final users that create networks and establish collaborations for increasing their productivity and competitiveness is constantly growing, especially by effect of the globalization and outsourcing of industrial activities. This trend introduces new complexities in the value supply chain, not last the need for secure and private data sharing among the collaborating parties. A Data Sharing Agreement (DSA) represents a flexible means to assure privacy and security of electronic data exchange. DSA is a formal document regulating data exchange in a controlled manner, by defining a set of policies specifying what parties are allowed, or required, or denied to do with respect to data covered by the agreement. A key factor in the adoption of DSAs is their usability. Here, we propose an approach for a consistent and automated design phase of the agreements. In particular, we present an authoring tool for a user-friendly and cooperative editing of DSA and an analysis tool to identify possible conflicts or incompatibilities among the DSA policies.

Keywords

Data Protection Policy Specification Policy Authoring Policy Analysis 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    The Consequence Team: D2.1: Methodologies and Tools for Data Sharing Agreements Infrastructure (2008), http://www.consequence-project.eu/Deliverables_Y1/D2.1.pdf
  2. 2.
    Matteucci, I., Petrocchi, M., Sbodio, M.L.: CNL4DSA: a Controlled Natural Language for Data Sharing Agreements. In: SAC: Privacy on the Web Track. ACM (2010)Google Scholar
  3. 3.
    Larsen, K.G., Thomsen, B.: A modal process logic. In: LICS, pp. 203–210 (1988)Google Scholar
  4. 4.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Bevilacqua, V., Talcott, C. (eds.): All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350, pp. 737–749. Springer, Heidelberg (2007)zbMATHCrossRefGoogle Scholar
  5. 5.
    The Consequence Team: D6.4: Final Evaluation of the Sensitive Data Test Bed (2011), http://www.consequence-project.eu/Deliverables_Y3/D6.4.pdf
  6. 6.
    The Consequence Team: D5.4: Final Evaluation of the Policy-Based Security for Crisis Management Test Bed (2011), http://www.consequence-project.eu/Deliverables_Y3/D5.4.pdf
  7. 7.
    Brodie, C., et al.: The Coalition Policy Management Portal for Policy Authoring, Verification, and Deployment. In: POLICY, pp. 247–249 (2008)Google Scholar
  8. 8.
    Swarup, V., Seligman, L., Rosenthal, A.: A Data Sharing Agreement Framework. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 22–36. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Swarup, V., et al.: Specifying Data Sharing Agreements. In: POLICY, pp. 157–162 (2006)Google Scholar
  10. 10.
    Brodie, C., et al.: An Empirical Study of Natural Language Parsing of Privacy Policy Rules using the SPARCLE Policy Workbench. In: SOUPS, pp. 8–19. ACM (2006)Google Scholar
  11. 11.
    Fisler, K., Krishnamurthi, S.: A Model of Triangulating Environments for Policy Authoring. In: SACMAT, pp. 3–12. ACM (2010)Google Scholar
  12. 12.
    Mousas, A.S., et al.: Visualising Access Control: The PRISM Approach. In: Panhellenic Conference on Informatics (2010)Google Scholar
  13. 13.
    Abadi, M.: Logic in Access Control. In: LICS, p. 228. IEEE (2003)Google Scholar
  14. 14.
    Bicarregui, J., Arenas, A., Aziz, B., Massonet, P., Ponsard, C.: Towards Modelling Obligations in Event-B. In: Börger, E., Butler, M., Bowen, J.P., Boca, P. (eds.) ABZ 2008. LNCS, vol. 5238, pp. 181–194. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Arenas, A., Aziz, B., Bicarregui, J., Wilson, M.D.: An Event-B Approach to Data Sharing Agreements. In: Méry, D., Merz, S. (eds.) IFM 2010. LNCS, vol. 6396, pp. 28–42. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Craven, R., et al.: Expressive Policy Analysis with Enhanced System Dynamicity. In: ASIACCS (2009)Google Scholar
  17. 17.
    Ni, Q., et al.: Privacy-aware Role-based Access Control. ACM Transactions on Information and System Security 13 (2010)Google Scholar
  18. 18.
  19. 19.
    De Nicola, R., Ferrari, G.L., Pugliese, R.: Programming Access Control: The KLAIM Experience. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 48–65. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  20. 20.
    Hansen, R.R., Nielson, F., Nielson, H.R., Probst, C.W.: Static Validation of Licence Conformance Policies. In: ARES, pp. 1104–1111 (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Ilaria Matteucci
    • 1
  • Marinella Petrocchi
    • 1
  • Marco Luca Sbodio
    • 2
  • Luca Wiegand
    • 1
  1. 1.IIT-CNRPisaItaly
  2. 2.HP Innovation CenterItaly

Personalised recommendations