Abstract
This paper considers Data Sharing Agreements and their management as a key aspect for a secure, private and controlled access and usage of data. Starting from describing formats and languages for the agreements, we then focus on the design, development, and performance evaluation of an analysis tool, to spot potential conflicts within the data privacy policies constituting the agreement. The promising results achieved in terms of the execution time, by varying the number of rules in the agreements, and number of terms in the rules vocabulary, pave the way for the employment of the analyser in a real-use context.
Extended and revised version of “Analysis of Data Sharing Agreements”, appeared in proceedings of ICISSP, 2017.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The original design and development of DSA-based frameworks, as well as recent innovation updates, have been carried out within past and ongoing EU projects. The interested reader can consult: http://www.consequence-project.eu/, http://www.coco-cloud.eu/, http://c3isp.eu/. (All URLs in this paper accessed on August 3, 2017).
- 2.
Terminology adopted in the European Parliament Directive 95/46/EC and in the new General Data Protection Regulation (GDPR, actionable from 2018).
- 3.
- 4.
- 5.
For the sake of readability, we write contexts in a semi-natural language format.
References
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lupu, E.C., Lobo, J. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44569-2_2
Casassa Mont, M., Matteucci, I., Petrocchi, M., Sbodio, M.L.: Towards safer information sharing in the cloud. Int. J. Inf. Sec. 14, 319–334 (2015)
Ferraiolo, D., Kuhn, R.: Role-based access control. In: NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)
Park, J., Sandhu, R.: The UCON-ABC usage control model. ACM Trans. Inf. Syst. Secur. 7, 128–174 (2004)
Matteucci, I., Petrocchi, M., Sbodio, M.L.: CNL4DSA: a controlled natural language for data sharing agreements. In: Symposium on Applied Computing, pp. 616–620 (2010)
Larsen, K.G., Thomsen, B.: A modal process logic. In: LICS, pp. 203–210 (1988)
Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C. (eds.): All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71999-1
Jin, J., Ahn, G.J., Hu, H., Covington, M.J., Zhang, X.: Patient-centric authorization framework for electronic healthcare services. Comput. Secur. 30, 116–127 (2011)
Ruiz, J.F., Petrocchi, M., Matteucci, I., Costantino, G., Gambardella, C., Manea, M., Ozdeniz, A.: A lifecycle for data sharing agreements: how it works out. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 3–20. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44760-5_1
Caimi, C., Gambardella, C., Manea, M., Petrocchi, M., Stella, D.: Legal and technical perspectives in data sharing agreements definition. In: Berendt, B., Engel, T., Ikonomou, D., Le Métayer, D., Schiffner, S. (eds.) APF 2015. LNCS, vol. 9484, pp. 178–192. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31456-3_10
Costantino, G., Martinelli, F., Matteucci, I., Petrocchi, M.: Analysis of data sharing agreements. In: Information Systems Security and Privacy, ICISSP 2017, Porto, Portugal, 19–21 February 2017, pp. 167–178 (2017)
Matteucci, I., Petrocchi, M., Sbodio, M.L., Wiegand, L.: A design phase for data sharing agreements. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM/SETOP -2011. LNCS, vol. 7122, pp. 25–41. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28879-1_3
Liang, X., Lv, L., Xia, C., Luo, Y., Li, Y.: A conflict-related rules detection tool for access control policy. In: Su, J., Zhao, B., Sun, Z., Wang, X., Wang, F., Xu, K. (eds.) Frontiers in Internet Technologies. CCIS, vol. 401, pp. 158–169. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-53959-6_15
OASIS: eXtensible Access Control Markup Language (XACML) Version 3.0 (2010)
Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Commun. ACM 49, 39–44 (2006)
Lazouski, A., Martinelli, F., Mori, P., Saracino, A.: Stateful usage control for android mobile devices. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 97–112. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11851-2_7
Gambardella, C., Matteucci, I., Petrocchi, M.: Data sharing agreements: how to glue definition, analysis and mapping together. ERCIM News 2016 (2016)
Matteucci, I., Mori, P., Petrocchi, M., Wiegand, L.: Controlled data sharing in E-health. In: Socio-Technical Aspects in Security and Trust, pp. 17–23 (2011)
Martinelli, F., Matteucci, I., Petrocchi, M., Wiegand, L.: A formal support for collaborative data sharing. In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds.) CD-ARES 2012. LNCS, vol. 7465, pp. 547–561. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32498-7_42
Arenas, A.E., Aziz, B., Bicarregui, J., Wilson, M.D.: An Event-B approach to data sharing agreements. In: Méry, D., Merz, S. (eds.) IFM 2010. LNCS, vol. 6396, pp. 28–42. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16265-7_4
Bicarregui, J., Arenas, A., Aziz, B., Massonet, P., Ponsard, C.: Towards modelling obligations in Event-B. In: Börger, E., Butler, M., Bowen, J.P., Boca, P. (eds.) ABZ 2008. LNCS, vol. 5238, pp. 181–194. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-87603-8_15
Huang, H., Kirchner, H.: Formal specification and verification of modular security policy based on colored Petri nets. IEEE Trans. Dependable Secur. Comput. 8, 852–865 (2011)
Lunardelli, A., Matteucci, I., Mori, P., Petrocchi, M.: A prototype for solving conflicts in XACML-based e-Health policies. In: 26th IEEE Symposium on Computer-Based Medical Systems, pp. 449–452 (2013)
Matteucci, I., Mori, P., Petrocchi, M.: Prioritized execution of privacy policies. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) DPM/SETOP -2012. LNCS, vol. 7731, pp. 133–145. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35890-6_10
Saaty, T.L.: How to make a decision: the analytic hierarchy process. Eur. J. Oper. Res. 48, 9–26 (1990)
Acknowledgements
Partially supported by the FP7 EU project Coco Cloud [grant no. 610853] and the H2020 EU project C3ISP [grant no. 700294].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Costantino, G., Martinelli, F., Matteucci, I., Petrocchi, M. (2018). Efficient Detection of Conflicts in Data Sharing Agreements. In: Mori, P., Furnell, S., Camp, O. (eds) Information Systems Security and Privacy. ICISSP 2017. Communications in Computer and Information Science, vol 867. Springer, Cham. https://doi.org/10.1007/978-3-319-93354-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-93354-2_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-93353-5
Online ISBN: 978-3-319-93354-2
eBook Packages: Computer ScienceComputer Science (R0)