Skip to main content

Log Analysis for Data Protection Accountability

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNPSE,volume 8442)

Abstract

Accountability is increasingly recognised as a cornerstone of data protection, notably in European regulation, but the term is frequently used in a vague sense. For accountability to bring tangible benefits, the expected properties of personal data handling logs (used as “accounts”) and the assumptions regarding the logging process must be defined with accuracy. In this paper, we provide a formal framework for accountability and show the correctness of the log analysis with respect to abstract traces used to specify privacy policies. We also show that compliance with respect to data protection policies can be checked based on logs free of personal data, and describe the integration of our formal framework in a global accountability process.

Keywords

  • Privacy Policy
  • Personal Data
  • Data Protection
  • Data Subject
  • Policy Language

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-06410-9_12
  • Chapter length: 16 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   109.00
Price excludes VAT (USA)
  • ISBN: 978-3-319-06410-9
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   139.99
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Article 29 Data Protection Working Party: Opinion 3/2010 on the principle of accountability (2010)

    Google Scholar 

  2. Bella, G., Paulson, L.C.: Accountability Protocols: Formalized and Verified. ACM Trans. Inf. Syst. Secur. 9(2), 138–161 (2006)

    CrossRef  Google Scholar 

  3. Bellare, M., Yee, B.S.: Forward Integrity for Secure Audit Logs. Tech. rep., University of California at San Diego (1997)

    Google Scholar 

  4. Butin, D., Chicote, M., Le Métayer, D.: Log Design for Accountability. In: 2013 IEEE Security & Privacy Workshop on Data Usage Management, pp. 1–7. IEEE Computer Society (2013)

    Google Scholar 

  5. Butin, D., Chicote, M., Le Métayer, D.: Strong Accountability: Beyond Vague Promises. In: Gutwirth, S., Leenes, R., De Hert, P. (eds.) Reloading Data Protection, pp. 343–369. Springer (2014)

    Google Scholar 

  6. Butin, D., Le Métayer, D.: Log Analysis for Data Protection Accountability (Extended Version). Tech. rep., Inria (2013)

    Google Scholar 

  7. Cederquist, J., Corin, R., Dekker, M., Etalle, S., den Hartog, J., Lenzini, G.: Audit-based compliance control. Int. J. Inf. Secur. 6(2), 133–151 (2007)

    CrossRef  Google Scholar 

  8. Center for Information Policy Leadership: Data Protection Accountability: The Essential Elements (2009)

    Google Scholar 

  9. Bennett, C.J.: Implementing Privacy Codes of Practice. Canadian Standards Association (1995)

    Google Scholar 

  10. De Hert, P.: Accountability and System Responsibility: New Concepts in Data Protection Law and Human Rights Law. In: Managing Privacy through Accountability (2012)

    Google Scholar 

  11. Etalle, S., Winsborough, W.H.: A Posteriori Compliance Control. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, SACMAT, pp. 11–20. ACM (2007)

    Google Scholar 

  12. European Commission: Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data (2012)

    Google Scholar 

  13. Guagnin, D., Hempel, L., Ilten, C.: Managing Privacy Through Accountability. Palgrave Macmillan (2012)

    Google Scholar 

  14. Haeberlen, A.: A Case for the Accountable Cloud. Operating Systems Review 44(2), 52–57 (2010)

    CrossRef  Google Scholar 

  15. Jagadeesan, R., Jeffrey, A., Pitcher, C., Riely, J.: Towards a Theory of Accountability and Audit. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 152–167. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  16. Joint NEMA/COCIR/JIRA Security and Privacy Committee (SPC): Break-Glass: An Approach to Granting Emergency Access to Healthcare Systems (2004)

    Google Scholar 

  17. Le Métayer, D., Mazza, E., Potet, M.L.: Designing Log Architectures for Legal Evidence. In: Proceedings of the 8th International Conference on Software Engineering and Formal Methods, SEFM 2010, pp. 156–165. IEEE Computer Society (2010)

    Google Scholar 

  18. Organisation for Economic Co-operation and Development: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980)

    Google Scholar 

  19. Schneider, F.B.: Accountability for Perfection. IEEE Security & Privacy 7(2), 3–4 (2009)

    CrossRef  Google Scholar 

  20. Schneier, B., Kelsey, J.: Secure Audit Logs to Support Computer Forensics. ACM Trans. Inf. Syst. Secur. 2(2), 159–176 (1999)

    CrossRef  Google Scholar 

  21. Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an Encrypted and Searchable Audit Log. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2004 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Butin, D., Le Métayer, D. (2014). Log Analysis for Data Protection Accountability. In: Jones, C., Pihlajasaari, P., Sun, J. (eds) FM 2014: Formal Methods. FM 2014. Lecture Notes in Computer Science, vol 8442. Springer, Cham. https://doi.org/10.1007/978-3-319-06410-9_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-06410-9_12

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-06409-3

  • Online ISBN: 978-3-319-06410-9

  • eBook Packages: Computer ScienceComputer Science (R0)