A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive

Fatema, Kaniz; Debruyne, Christophe; Lewis, Dave; O'Sullivan, Declan; Morrison, John P.; Mazed, Abdullah-Al

doi:10.1109/SPW.2016.16

Request a copy

Paper published in a book (Scientific congresses and symposiums)

A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive

Fatema, Kaniz; Debruyne, Christophe; Lewis, Dave et al.

2016 • In 2016 IEEE Security and Privacy Workshops, SP Workshops 2016, San Jose, CA, USA, May 22-26, 2016

Peer reviewed

Permalink
https://hdl.handle.net/2268/263793

DOI
10.1109/SPW.2016.16

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

2016-ipwe-preprint.pdf

Author preprint (584.35 kB)

Request a copy

All documents in ORBi are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Disciplines :

Computer science

Author, co-author :

Fatema, Kaniz; Trinity College Dublin - TCD

Debruyne, Christophe ; Trinity College Dublin - TCD

Lewis, Dave; Trinity College Dublin - TCD

O'Sullivan, Declan; Trinity College Dublin - TCD

Morrison, John P.; University College Cork - UCC

Mazed, Abdullah-Al; Next Gent Security

Language :

English

Title :

A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive

Publication date :

2016

Event name :

2016 IEEE Security and Privacy Workshops

Event date :

May 22-26, 2016

Main work title :

2016 IEEE Security and Privacy Workshops, SP Workshops 2016, San Jose, CA, USA, May 22-26, 2016

Pages :

25-32

Peer reviewed :

Peer reviewed

Additional URL :

https://doi.org/10.1109/SPW.2016.16

Available on ORBi :

since 26 September 2021

Statistics

Number of views

35 (2 by ULiège)

Number of downloads

0 (0 by ULiège)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

Bibliography

K. Fatema, D.W. Chadwick and B.V. Alsenoy, "Extracting Access Control and Conflict Resolution Policies from European Data Protection Law," in Privacy and Identity Management for Life, Springer, Heidelberg, 2012, pp. 59-72.
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
OASIS XACML 2.0. eXtensible Access Control Markup Language (XACML)Version 2.0, Oct, 2005, http://www.oasisopen.org/committees/tc-home.phpwg-abbrev=xacml# XACML20.
D. Chadwick, G. Zhao, S. Otenko, R. Laborde, L. Su, T. A. Nguyen, "PERMIS: a modular authorization infrastructure," Concurrency And Computation: Practice And Experience, vol 20, issue 11, pp 1341-1357. 2008.
Health Information Privacy, HIPAA 1996 privacy and Security Rules, http://www.hhs.gov/ocr/privacy/
Protection of personal information in the private sector, http://www2.parl.gc.ca/HousePublications/Publication.aspxpub=bill &doc=C-6&parl=36&ses=2&language=E&File=32#4
Australian Govt. Com Law, Privacy Act 1988,http://www.comlaw.gov.au/Series/C2004A03712
OECD, Privacy and Personal Data Control, http://www.oecd.org/dataoecd/30/32/37626097.pdf
N. Papanikolaou, S. Pearson, M.C. Mont. "Towards naturallanguage understanding and automated enforcement of privacy rules and regulations in the cloud: survey and bibliography," in Secure and Trust Computing, Data Management, Applications, Springer, 2011, pp. 166-173.
G. Karjoth, M. Schunter and M. Waidner, "Privacy-enabled services for enterprises," in 13th International Workshop on Database and Expert Systems Applications, IEEE Computer Society, Washington DC, 2002, pp. 483-487.
M. C. Mont, "Dealing with Privacy Obligations: Important Aspects and Technical Approaches," in International conference on trust and privacy in digital business, Zaragoza, 2004.
C. A. Ardagna, L. Bussard, S. D. C. Vimercati, G. Neven, S. Paraboschi, E. Pedrini, F-S. Preiss, D. Raggett, P. Samarati, S. Trabelsi and M. Verdicchio, "PrimeLifePolicy Language," in Workshop on Access Control Application Scenarios, W3C, 2009.
S. Trabelsi, A Njeh, L. Bussard, G. Neven, "PPL Engine: A Symmetric Architecture for Privacy Policy Handling," in W3C Workshop on Privacy and data usage control, October, 2010.
D. W. Chadwick and K. Fatema, "An advanced policy based authorisation infrastructure," in Proceedings of the 5th ACM workshop on Digital identity management, DIM'09, Chicago, Illinois, USA, 2009, pp.81-84.
K. Fatema, D.W. Chadwick and S. Lievens, "A Multi Privacy Policy Enforcement System," in Privacy and Identity 2010, IFIP AICT 352, 2011, pp. 297-310.
K. Fatema and D. Chadwick, "Resolving Policy Conflicts-Integrating Policies from Multiple Authors," in CAiSE International Workshops, Thessaloniki, Greece, 2014.
OASIS XACML 3.0. eXtensible Access Control Markup Language (XACML) Version 3.0, 16 April, 2009, http://docs.oasisopen.org/xacml/3.0/xacml-3.0-core-spec-en.html.
W3C: The Platform for Privacy Preferences 1.0 (P3P 1.0), Technical Report, 2002.
N. Sadeh, A. Acquisti, T.D. Breaux, L.F. Cranor, A.M. McDonald, J. Reidenberg, N.A. Smith, F. Liu, N.C. Russell, F. Schaub, S. Wilson, J.T. Graves, P.G. Leon, R. Ramanath, A. Rao, "Towards Usable Privacy Policies: Semi-automatically Extracting Data Practices From Websites' Privacy Policies," FTC PrivacyCon, Jan 2016.
N. Casellas, M. R. D. L Mozos, P.Casanovas, "Ontology-Enhanced Legal Decision-Support Tools: The NEURONA Data Protection Compliance Application," Eleventh International Conference on Substantive Technology in Legal Education and Practice, University of Zaragoza, July 2010.
N. Casellas, J-E. Nieto, A. Merono, A. Roig, S. Torralba, M. Reyes, P. Casanovas, "Ontology Semantics for Data Privacy Compliance: the NEURONA Ontology," in AAAI Spring Symposium Series Technical Reports (Intelligent Information Privacy Management), Stanford, March 2010.
T. D. Breaux, A. I. Antón, "Analyzing Regulatory Rules for Privacy and Security Requirements," in IEEE Transactions on Software Engineering, Special Issue on Software Engineering for Secure Systems (IEEE TSE), vol 34, Issue 1, pp 5-20, 2008.
T. D. Breaux, A. I. Antón, "A Systematic Method for Acquiring Regulatory Requirements: A Frame-Based Approach," in Proc. 6th International Workshop on Requirements for High Assurance Systems (RHAS-6), Delhi, India, Sep. 2007.
T. D. Breaux, A. I. Antón, "Analyzing Goal Semantics for Rights, Permissions and Obligations," in Proc. IEEE 13th International Requirements Engineering Conference (RE'05), Paris, France, Aug. 2005, pp. 177-186.
N. Kiyavitskaya, N. Zeni, T.D. Breaux, A.I. Antón, J.R. Cordy, L. Mich, J. Mylopoulos, "Automating the Extraction of Rights and Obligations for Regulatory Compliance," in: proc. 27th International Conference on Conceptual Modelling (ER'08), Barcelona, Spain, Oct. 2008, pp 154-168.
K. Fatema, "Adding Privacy Protection to Policy Based Authorisation Systems," PhD thesis, University of Kent, UK, 2013.
N. E. Fuchs, & R. Schwitter, "Specifying logic programs in controlled natural language," in: arXiv preprint cmp-lg/9507009, 1995.
D. Crocker & P. Overell, "Augmented BNF for syntax specifications: ABNF," RFC 5234, 2005.
K. Fisler, S. Krishnamurthi, L. A. Meyerovich, M. C. Tschantz, "Verification and change-impact analysis of access-control policies," in 27th International Conference on Software engineering. ACM, 2005, pp. 196-205. ().
A. Wyner, K. Angelov, G. Barzdins, D. Damljanovic, B. Davis, N. Fuchs & J. Sowa, "On controlled natural languages: Properties and prospects," in Controlled Natural Language, Springer Berlin Heidelberg, 2010, pp 281-289.
I. Matteucci, M. Petrocchi, & M. L. Sbodio, "CNL4DSA: a controlled natural language for data sharing agreements," in: Proceedings of the 2010 ACM Symposium on Applied Computing, 2010, pp 616-620, ACM.
S. Ferré, "SQUALL: A controlled natural language for querying and updating RDF graphs," in: Controlled Natural Language, Springer, Berlin, Heidelberg, 2012, pp. 11-25.
A. Cregan, R. Schwitter & T. Meyer, "Sydney OWL Syntax-towards a Controlled Natural Language Syntax for OWL 1.1," in: OWLED. Vol. 258, 2007.
L Shi, D.W. Chadwick, "A controlled natural language interface for authoring access control policies," in: proceedings of the 2011 ACM Symposium on Applied Computing, ACM, 2011.
K. K. Waterman, "Pre-processing legal text: policy parsing and isomorphic intermediate representation," in: AAAI Spring Symposium: Intelligent Information Privacy Management, 2010.
M.C. Mont, S. Pearson, S. Creese, M. Goldsmith and N. Papanikolaou. "EnCoRe: towards a conceptual model for privacy policies." PrimeLife/IFIP Summer School 2010: Privacy and Identity Management for Life. Helsingborg, Sweden: Springer, 2010.
K. Bekara, M. Laurent. "A semantic information model based on the privacy legislation." IEEE Conference on Network and Information Systems Security (SAR-SSI). IEEE, 2011, pp.1-6.
Appendix, available at https://db.tt/e8hcGxsR .