Formalising Requirements for a Biobank Case Study Using a Logic for Consent and Revocation

  • Ioannis Agrafiotis
  • Sadie Creese
  • Michael Goldsmith
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 375)


In this paper we focus on formalising privacy requirements for the Oxford Radcliffe Biobank (ORB) case study that has emerged within the EnCoRe project. We express the requirements using a logic designed for reasoning about the dynamics of privacy and specifically for capturing the lifecycle of consent and revocation (C&R) controls that a user may invoke. We demonstrate how to tackle ambiguities uncovered in the formalisation and to bridge the gap between user requirements for personal data privacy and system level policy languages effectively.


Cloud Computing Personal Data Data Subject Tissue Sample Collection Hoare Logic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N.: Reaching for Informed Revocation: Shutting Off the Tap on Personal Data. In: Bezzi, M., Duquenoy, P., Fischer-Hübner, S., Hansen, M., Zhang, G. (eds.) Privacy and Identity. IFIP AICT, vol. 320, pp. 246–258. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N.: Applying Formal Methods to Detect and Resolve Ambiguities in Privacy Requirements. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity Management for Life. IFIP AICT, vol. 352, pp. 271–282. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N.: The logic of consent and revocation (2011) (in preparation)Google Scholar
  4. 4.
    Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (epal). Research report, 3485 (2003)Google Scholar
  5. 5.
    Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: 2006 IEEE Symposium on Security and Privacy, p. 15. IEEE (2006)Google Scholar
  6. 6.
    Becker, M.Y., Malkis, A., Bussard, L.: A framework for privacy preferences and data-handling policies. Technical report, Technical Report MSR-TR-2009-128, Microsoft Research (2009)Google Scholar
  7. 7.
    Bonatti, P.A., Damiani, E., De Capitani di Vemercati, S., Samarati, P.: A component-based architecture for secure data publication. In: Proceedings of 17th Annual Computer Security Applications Conference, ACSAC 2001, pp. 309–318. IEEE (2001)Google Scholar
  8. 8.
    Cranor, L.F.: Web privacy with P3P. O’Reilly Media (2002)Google Scholar
  9. 9.
  10. 10.
    Nissenbaum, H.: Privacy as contextual integrity. Wash. L. Rev. 79, 119 (2004)Google Scholar
  11. 11.
  12. 12.
    Tschantz, M., Wing, J.: Formal Methods for Privacy. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 1–15. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Whitley, E.A.: Perceptions of government technology, surveillance and privacy: the UK identity cards scheme. In: New Directions in Surveillance and Privacy, p. 133 (2009)Google Scholar
  14. 14.
    Whitley, E.A.: Information privacy consent and the ‘control’ of personal data. Inform. Secur. Tech. Rep. (2009), doi:10.1016/j.istr.2009.10.001Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Ioannis Agrafiotis
    • 1
  • Sadie Creese
    • 1
  • Michael Goldsmith
    • 1
  1. 1.Department of Computer ScienceUniversity of OxfordOxfordEngland

Personalised recommendations