A Semi-Automated Methodology for Extracting access control rules from the European Data Protection Directive

Kaniz Fatema; Christophe  Debruyne; Dave Lewis; Declan O'Sullivan; John  P. Morrison; Abdullah-Al Mazed

doi:10.1109/SPW.2016.16

A Semi-Automated Methodology for Extracting access control rules from the European Data Protection Directive

Kaniz Fatema, Christophe Debruyne, Dave Lewis, Declan O'Sullivan, John P. Morrison, Abdullah-Al Mazed

Research output: Chapter in Book/Published conference output › Conference publication

Abstract

Handling personal data in a legally compliant way is an important factor for ensuring the trustworthiness of a service provider. The EU data protection directive (EU DPD) is built in such a way that the outcomes of rules are subject to explanations, contexts with dependencies, and human interpretation. Therefore, the process of obtaining deterministic and formal rules in policy languages from the EU DPD is difficult to fully automate. To tackle this problem, we demonstrate in this paper the use of a Controlled Natural Language (CNL) to encode the rules of the EU DPD, in a manner that can be automatically converted into the policy languages XACML and PERMIS. We also show that forming machine executable rules automatically from the controlled natural language grammar not only has the benefit of ensuring the correctness of those rules but also has potential of making the overall process more efficient.

Original language	English
Title of host publication	IEEE Symposium on Security and Privacy, Fairmont, San Jose, California, 22-26 May 2016
Publisher	IEEE
ISBN (Electronic)	978-1-5090-3690-5
ISBN (Print)	978-1-5090-3691-2
DOIs	https://doi.org/10.1109/SPW.2016.16
Publication status	Published - 4 Aug 2016

Access to Document

10.1109/SPW.2016.16

Cite this

@inproceedings{575d8efecee1445ca1bfd36131a2096b,

title = "A Semi-Automated Methodology for Extracting access control rules from the European Data Protection Directive",

abstract = "Handling personal data in a legally compliant way is an important factor for ensuring the trustworthiness of a service provider. The EU data protection directive (EU DPD) is built in such a way that the outcomes of rules are subject to explanations, contexts with dependencies, and human interpretation. Therefore, the process of obtaining deterministic and formal rules in policy languages from the EU DPD is difficult to fully automate. To tackle this problem, we demonstrate in this paper the use of a Controlled Natural Language (CNL) to encode the rules of the EU DPD, in a manner that can be automatically converted into the policy languages XACML and PERMIS. We also show that forming machine executable rules automatically from the controlled natural language grammar not only has the benefit of ensuring the correctness of those rules but also has potential of making the overall process more efficient.",

author = "Kaniz Fatema and Christophe Debruyne and Dave Lewis and Declan O'Sullivan and {P. Morrison}, John and Abdullah-Al Mazed",

year = "2016",

month = aug,

day = "4",

doi = "10.1109/SPW.2016.16",

language = "English",

isbn = "978-1-5090-3691-2",

booktitle = "IEEE Symposium on Security and Privacy, Fairmont, San Jose, California, 22-26 May 2016",

publisher = "IEEE",

address = "United States",

}

TY - GEN

T1 - A Semi-Automated Methodology for Extracting access control rules from the European Data Protection Directive

AU - Fatema, Kaniz

AU - Debruyne, Christophe

AU - Lewis, Dave

AU - O'Sullivan, Declan

AU - P. Morrison, John

AU - Mazed, Abdullah-Al

PY - 2016/8/4

Y1 - 2016/8/4

N2 - Handling personal data in a legally compliant way is an important factor for ensuring the trustworthiness of a service provider. The EU data protection directive (EU DPD) is built in such a way that the outcomes of rules are subject to explanations, contexts with dependencies, and human interpretation. Therefore, the process of obtaining deterministic and formal rules in policy languages from the EU DPD is difficult to fully automate. To tackle this problem, we demonstrate in this paper the use of a Controlled Natural Language (CNL) to encode the rules of the EU DPD, in a manner that can be automatically converted into the policy languages XACML and PERMIS. We also show that forming machine executable rules automatically from the controlled natural language grammar not only has the benefit of ensuring the correctness of those rules but also has potential of making the overall process more efficient.

AB - Handling personal data in a legally compliant way is an important factor for ensuring the trustworthiness of a service provider. The EU data protection directive (EU DPD) is built in such a way that the outcomes of rules are subject to explanations, contexts with dependencies, and human interpretation. Therefore, the process of obtaining deterministic and formal rules in policy languages from the EU DPD is difficult to fully automate. To tackle this problem, we demonstrate in this paper the use of a Controlled Natural Language (CNL) to encode the rules of the EU DPD, in a manner that can be automatically converted into the policy languages XACML and PERMIS. We also show that forming machine executable rules automatically from the controlled natural language grammar not only has the benefit of ensuring the correctness of those rules but also has potential of making the overall process more efficient.

UR - https://ieeexplore.ieee.org/document/7527749

U2 - 10.1109/SPW.2016.16

DO - 10.1109/SPW.2016.16

M3 - Conference publication

SN - 978-1-5090-3691-2

BT - IEEE Symposium on Security and Privacy, Fairmont, San Jose, California, 22-26 May 2016

PB - IEEE

ER -

A Semi-Automated Methodology for Extracting access control rules from the European Data Protection Directive

Abstract

Access to Document

Other files and links

Fingerprint

Cite this