A Semi-Automated Methodology for Extracting access control rules from the European Data Protection Directive

Kaniz Fatema, Christophe Debruyne, Dave Lewis, Declan O'Sullivan, John P. Morrison, Abdullah-Al Mazed

Research output: Chapter in Book/Report/Conference proceedingConference publication

Abstract

Handling personal data in a legally compliant way is an important factor for ensuring the trustworthiness of a service provider. The EU data protection directive (EU DPD) is built in such a way that the outcomes of rules are subject to explanations, contexts with dependencies, and human interpretation. Therefore, the process of obtaining deterministic and formal rules in policy languages from the EU DPD is difficult to fully automate. To tackle this problem, we demonstrate in this paper the use of a Controlled Natural Language (CNL) to encode the rules of the EU DPD, in a manner that can be automatically converted into the policy languages XACML and PERMIS. We also show that forming machine executable rules automatically from the controlled natural language grammar not only has the benefit of ensuring the correctness of those rules but also has potential of making the overall process more efficient.
Original languageEnglish
Title of host publicationIEEE Symposium on Security and Privacy, Fairmont, San Jose, California, 22-26 May 2016
PublisherIEEE
ISBN (Electronic)978-1-5090-3690-5
ISBN (Print)978-1-5090-3691-2
DOIs
Publication statusPublished - 4 Aug 2016

Fingerprint Dive into the research topics of 'A Semi-Automated Methodology for Extracting access control rules from the European Data Protection Directive'. Together they form a unique fingerprint.

Cite this