A Formal Support for Collaborative Data Sharing

  • Fabio Martinelli
  • Ilaria Matteucci
  • Marinella Petrocchi
  • Luca Wiegand
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7465)

Abstract

Collaborating entities usually require the exchange of personal information for the achievement of a common goal, including enabling business transactions and the provisioning of critical services. A key issue affecting these interactions is the lack of control on how data is going to be used and processed by the entities that share it. To partially solve the issue, parties may have defined a set of data sharing policies regulating the exchange of data they own, or over which they have jurisdiction. However, distinct set of policies, defined by different authorities, may lead to conflicts once enacted, since, e.g., different subjects may have defined different permissions on the same data set. This paper focuses on policy analysis and offers a formal support for coming up with a conflict-free set of data sharing policies. We illustrate the methodology on the example of an emergency management.

Keywords

Contextual Condition Formal Support Rescue Team Alert State Fire Brigade 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Matteucci, I., Petrocchi, M., Sbodio, M.L., Wiegand, L.: A Design Phase for Data Sharing Agreements. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 25–41. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  2. 2.
    Oklahoma Health Care Authority: Interagency Agreement, http://www.okhca.org/provider/contracts/ffs/pdflib/mhcm_over21.pdf (last access April 11, 2012)
  3. 3.
    National Research Network: Data Sharing Agreement Template, www.researchtoolkit.org/primer/docs/AAFP-NRNDUA.pdf (last access April 11, 2012)
  4. 4.
    National Collaborative on Workforce and Disability: Sample Inter-Agency Data Sharing Agreement, http://www.ncwd-youth.info/assets/guides/assessment/sample_forms/data_share.pdf (last access April 11, 2012)
  5. 5.
    Matteucci, I., Petrocchi, M., Sbodio, M.L.: CNL4DSA: a Controlled Natural Language for Data Sharing Agreements. In: SAC: Privacy on the Web Track, pp. 616–620. ACM (2010)Google Scholar
  6. 6.
    Larsen, K.G., Thomsen, B.: A modal process logic. In: LICS, pp. 203–210 (1988)Google Scholar
  7. 7.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C. (eds.): All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007)MATHGoogle Scholar
  8. 8.
    Verdejo, A., Martí-Oliet, N.: Implementing CCS in Maude 2. ENTCS, vol. 71 (2002)Google Scholar
  9. 9.
    Colombo, M., Martinelli, F., Matteucci, I., Petrocchi, M.: Context-aware analysis of data sharing agreements. In: Advances in Human-Oriented and Personalized Mechanisms, Technologies and Services (2010)Google Scholar
  10. 10.
    Ölveczky, P.C., Meseguer, J.: Semantics and pragmatics of Real-Time Maude. Higher-Order and Symbolic Computation 20(1-2), 161–196 (2007)MATHCrossRefGoogle Scholar
  11. 11.
    AlTurki, M., Meseguer, J.: PVeStA: A Parallel Statistical Model Checking and Quantitative Analysis Tool. In: Corradini, A., Klin, B., Cîrstea, C. (eds.) CALCO 2011. LNCS, vol. 6859, pp. 386–392. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    North American Electronic Reliability Corporation: Critical infrastructure protection: Security guidelines, http://www.nerc.com (last access April 19, 2012)
  13. 13.
    U.S. Department of Justice: Justice information sharing, http://it.ojp.gov/default.aspx (last access April 19, 2012)
  14. 14.
    Natural Resources Canada: Best practices for sharing sensitive environmental geospatial data (2010), www.geoconnections.org
  15. 15.
    US Fire Administration: Critical infrastructure protection – information sharing and analysis center, http://www.usfa.fema.gov/fireservice/subjects/emr-isac/ (last access April 19, 2012)
  16. 16.
    Abadi, M.: Logic in Access Control. In: LICS, p. 228. IEEE (2003)Google Scholar
  17. 17.
    Bicarregui, J., Arenas, A.E., Aziz, B., Massonet, P., Ponsard, C.: Towards Modelling Obligations in Event-B. In: Börger, E., Butler, M., Bowen, J.P., Boca, P. (eds.) ABZ 2008. LNCS, vol. 5238, pp. 181–194. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Arenas, A.E., Aziz, B., Bicarregui, J., Wilson, M.D.: An Event-B Approach to Data Sharing Agreements. In: Méry, D., Merz, S. (eds.) IFM 2010. LNCS, vol. 6396, pp. 28–42. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Ni, Q., et al.: Privacy-aware Role-based Access Control. ACM Transactions on Information and System Security 13 (2010)Google Scholar
  20. 20.
  21. 21.
    De Nicola, R., Ferrari, G.-L., Pugliese, R.: Programming Access Control: The KLAIM Experience. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 48–65. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  22. 22.
    Hansen, R.R., Nielson, F., Nielson, H.R., Probst, C.W.: Static Validation of Licence Conformance Policies. In: ARES, pp. 1104–1111 (2008)Google Scholar
  23. 23.
    Scalavino, E., Gowadia, V., Lupu, E.C.: PAES: Policy-Based Authority Evaluation Scheme. In: DBSec, pp. 268–282 (2009)Google Scholar
  24. 24.
    Scalavino, E., Russello, G., Ball, R., Gowadia, V., Lupu, E.C.: An Opportunistic Authority Evaluation Scheme for Data Security in Crisis Management Scenarios. In: ASIACCS (2010)Google Scholar
  25. 25.
    Craven, R., et al.: Expressive Policy Analysis with Enhanced System Dynamicity. In: ASIACCS (2009)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Fabio Martinelli
    • 1
  • Ilaria Matteucci
    • 1
  • Marinella Petrocchi
    • 1
  • Luca Wiegand
    • 1
  1. 1.Istituto di Informatica e TelematicaCNRPisaItaly

Personalised recommendations