Advertisement

Efficient Detection of Conflicts in Data Sharing Agreements

  • Gianpiero Costantino
  • Fabio Martinelli
  • Ilaria Matteucci
  • Marinella Petrocchi
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 867)

Abstract

This paper considers Data Sharing Agreements and their management as a key aspect for a secure, private and controlled access and usage of data. Starting from describing formats and languages for the agreements, we then focus on the design, development, and performance evaluation of an analysis tool, to spot potential conflicts within the data privacy policies constituting the agreement. The promising results achieved in terms of the execution time, by varying the number of rules in the agreements, and number of terms in the rules vocabulary, pave the way for the employment of the analyser in a real-use context.

Keywords

Data sharing rules Policy analysis and conflict detection Controlled data sharing DSA management Formal analysis Performances evaluation Data security Data privacy 

Notes

Acknowledgements

Partially supported by the FP7 EU project Coco Cloud [grant no. 610853] and the H2020 EU project C3ISP [grant no. 700294].

References

  1. 1.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lupu, E.C., Lobo, J. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44569-2_2CrossRefMATHGoogle Scholar
  2. 2.
    Casassa Mont, M., Matteucci, I., Petrocchi, M., Sbodio, M.L.: Towards safer information sharing in the cloud. Int. J. Inf. Sec. 14, 319–334 (2015)CrossRefGoogle Scholar
  3. 3.
    Ferraiolo, D., Kuhn, R.: Role-based access control. In: NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)Google Scholar
  4. 4.
    Park, J., Sandhu, R.: The UCON-ABC usage control model. ACM Trans. Inf. Syst. Secur. 7, 128–174 (2004)CrossRefGoogle Scholar
  5. 5.
    Matteucci, I., Petrocchi, M., Sbodio, M.L.: CNL4DSA: a controlled natural language for data sharing agreements. In: Symposium on Applied Computing, pp. 616–620 (2010)Google Scholar
  6. 6.
    Larsen, K.G., Thomsen, B.: A modal process logic. In: LICS, pp. 203–210 (1988)Google Scholar
  7. 7.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C. (eds.): All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-71999-1CrossRefMATHGoogle Scholar
  8. 8.
    Jin, J., Ahn, G.J., Hu, H., Covington, M.J., Zhang, X.: Patient-centric authorization framework for electronic healthcare services. Comput. Secur. 30, 116–127 (2011)CrossRefGoogle Scholar
  9. 9.
    Ruiz, J.F., Petrocchi, M., Matteucci, I., Costantino, G., Gambardella, C., Manea, M., Ozdeniz, A.: A lifecycle for data sharing agreements: how it works out. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 3–20. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-44760-5_1CrossRefGoogle Scholar
  10. 10.
    Caimi, C., Gambardella, C., Manea, M., Petrocchi, M., Stella, D.: Legal and technical perspectives in data sharing agreements definition. In: Berendt, B., Engel, T., Ikonomou, D., Le Métayer, D., Schiffner, S. (eds.) APF 2015. LNCS, vol. 9484, pp. 178–192. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-31456-3_10CrossRefGoogle Scholar
  11. 11.
    Costantino, G., Martinelli, F., Matteucci, I., Petrocchi, M.: Analysis of data sharing agreements. In: Information Systems Security and Privacy, ICISSP 2017, Porto, Portugal, 19–21 February 2017, pp. 167–178 (2017)Google Scholar
  12. 12.
    Matteucci, I., Petrocchi, M., Sbodio, M.L., Wiegand, L.: A design phase for data sharing agreements. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM/SETOP -2011. LNCS, vol. 7122, pp. 25–41. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-28879-1_3CrossRefGoogle Scholar
  13. 13.
    Liang, X., Lv, L., Xia, C., Luo, Y., Li, Y.: A conflict-related rules detection tool for access control policy. In: Su, J., Zhao, B., Sun, Z., Wang, X., Wang, F., Xu, K. (eds.) Frontiers in Internet Technologies. CCIS, vol. 401, pp. 158–169. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-53959-6_15CrossRefGoogle Scholar
  14. 14.
    OASIS: eXtensible Access Control Markup Language (XACML) Version 3.0 (2010)Google Scholar
  15. 15.
    Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Commun. ACM 49, 39–44 (2006)CrossRefGoogle Scholar
  16. 16.
    Lazouski, A., Martinelli, F., Mori, P., Saracino, A.: Stateful usage control for android mobile devices. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 97–112. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-11851-2_7CrossRefGoogle Scholar
  17. 17.
    Gambardella, C., Matteucci, I., Petrocchi, M.: Data sharing agreements: how to glue definition, analysis and mapping together. ERCIM News 2016 (2016)Google Scholar
  18. 18.
    Matteucci, I., Mori, P., Petrocchi, M., Wiegand, L.: Controlled data sharing in E-health. In: Socio-Technical Aspects in Security and Trust, pp. 17–23 (2011)Google Scholar
  19. 19.
    Martinelli, F., Matteucci, I., Petrocchi, M., Wiegand, L.: A formal support for collaborative data sharing. In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds.) CD-ARES 2012. LNCS, vol. 7465, pp. 547–561. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32498-7_42CrossRefGoogle Scholar
  20. 20.
    Arenas, A.E., Aziz, B., Bicarregui, J., Wilson, M.D.: An Event-B approach to data sharing agreements. In: Méry, D., Merz, S. (eds.) IFM 2010. LNCS, vol. 6396, pp. 28–42. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-16265-7_4CrossRefGoogle Scholar
  21. 21.
    Bicarregui, J., Arenas, A., Aziz, B., Massonet, P., Ponsard, C.: Towards modelling obligations in Event-B. In: Börger, E., Butler, M., Bowen, J.P., Boca, P. (eds.) ABZ 2008. LNCS, vol. 5238, pp. 181–194. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-87603-8_15CrossRefMATHGoogle Scholar
  22. 22.
    Huang, H., Kirchner, H.: Formal specification and verification of modular security policy based on colored Petri nets. IEEE Trans. Dependable Secur. Comput. 8, 852–865 (2011)CrossRefGoogle Scholar
  23. 23.
    Lunardelli, A., Matteucci, I., Mori, P., Petrocchi, M.: A prototype for solving conflicts in XACML-based e-Health policies. In: 26th IEEE Symposium on Computer-Based Medical Systems, pp. 449–452 (2013)Google Scholar
  24. 24.
    Matteucci, I., Mori, P., Petrocchi, M.: Prioritized execution of privacy policies. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) DPM/SETOP -2012. LNCS, vol. 7731, pp. 133–145. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-35890-6_10CrossRefGoogle Scholar
  25. 25.
    Saaty, T.L.: How to make a decision: the analytic hierarchy process. Eur. J. Oper. Res. 48, 9–26 (1990)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Gianpiero Costantino
    • 1
  • Fabio Martinelli
    • 1
  • Ilaria Matteucci
    • 1
  • Marinella Petrocchi
    • 1
  1. 1.Istituto di Informatica e Telematica, Consiglio Nazionale delle RicerchePisaItaly

Personalised recommendations