A Semi-Automated Methodology for Extracting access control rules from the European Data Protection Directive

Kaniz Fatema, Christophe Debruyne, Dave Lewis, Declan O'Sullivan, John P. Morrison, Abdullah-Al Mazed

    Research output: Chapter in Book/Published conference outputConference publication

    Abstract

    Handling personal data in a legally compliant way is an important factor for ensuring the trustworthiness of a service provider. The EU data protection directive (EU DPD) is built in such a way that the outcomes of rules are subject to explanations, contexts with dependencies, and human interpretation. Therefore, the process of obtaining deterministic and formal rules in policy languages from the EU DPD is difficult to fully automate. To tackle this problem, we demonstrate in this paper the use of a Controlled Natural Language (CNL) to encode the rules of the EU DPD, in a manner that can be automatically converted into the policy languages XACML and PERMIS. We also show that forming machine executable rules automatically from the controlled natural language grammar not only has the benefit of ensuring the correctness of those rules but also has potential of making the overall process more efficient.
    Original languageEnglish
    Title of host publicationIEEE Symposium on Security and Privacy, Fairmont, San Jose, California, 22-26 May 2016
    PublisherIEEE
    ISBN (Electronic)978-1-5090-3690-5
    ISBN (Print)978-1-5090-3691-2
    DOIs
    Publication statusPublished - 4 Aug 2016

    Fingerprint

    Dive into the research topics of 'A Semi-Automated Methodology for Extracting access control rules from the European Data Protection Directive'. Together they form a unique fingerprint.

    Cite this