A Formal Privacy Management Framework

Métayer, Daniel Le

doi:10.1007/978-3-642-01465-9_11

Cited by 30 publications

(21 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Several articles already mention the limits of the pure security approach (for instance [19]) and suggest to rely on the concept of accountability. Thus, there is a recent interest and active researches for accountability which overlap several domains like security [19,20,21], language representation [22,13], auditing systems [8,23], evidence collection [15,14] and so on. However, only few of them consider an interdisciplinary view of accountability taking into account legal and business aspects.…”

Section: Related Workmentioning

confidence: 99%

Accountability for data protection

Sellami

Royer²,

Benghabrit

2014

2014 International Workshop on Computational Intelligence for Multimedia Understanding (IWCIM)

View full text Add to dashboard Cite

Guarantees on the fair-use of provided or collected personal data is central to consumers while using on-line services. Also, service providers have to provide such guarantees to be in-line with current legislation in data protection and to promote their offered services. In this paper, we introduce the concept of accountability as a solution to data protection. We describe preliminary work around an accountability framework, in which we consider the accountability from the design time by providing design principles for accountable services, and an abstract language to describe accountability policies.

show abstract

Section: Related Workmentioning

confidence: 99%

Accountability for data protection

Sellami

Royer²,

Benghabrit

2014

2014 International Workshop on Computational Intelligence for Multimedia Understanding (IWCIM)

View full text Add to dashboard Cite

show abstract

“…• Language based approaches: a number of languages and logics have been proposed to express privacy policies [1, 3,4,5,11,12,13,21,23,30,24,35,38,53]. These languages may target citizens, businesses or organizations; they can be used to express individual privacy policies, corporate rules or legal rules.…”

Section: Related Workmentioning

confidence: 99%

“…[1, 3,4,5,30,21,35,38,53]), they can be used to verify consistency properties or to check if a system complies with a privacy policy. These verifications can be performed either a priori, through static verification techniques, on the fly, using monitoring, or a posteriori in the context of audits or accountability procedures.…”

Section: Related Workmentioning

confidence: 99%

Privacy by design

Métayer

2013

Proceedings of the Third ACM Conference on Data and Application Security and Privacy

Self Cite

View full text Add to dashboard Cite

The privacy by design approach has already been applied in different areas. We believe that the next challenge in this area today is to go beyond individual cases and to provide methodologies to explore the design space in a systematic way. As a first step in this direction, we focus in this paper on the data minimization principle and consider different options using decentralized architectures in which actors do not necessarily trust each other. We propose a framework to express the parameters to be taken into account (the service to be performed, the actors involved, their respective requirements, etc.) and an inference system to derive properties such as the possibility for an actor to detect potential errors (or frauds) in the computation of a variable. This inference system can be used in the design phase to check if an architecture meets the requirements of the parties or to point out conflicting requirements.

show abstract

“…Verification of policies uses a static control/data flow analysis. Métayer proposes a formal framework to deliver the individuals consent regarding the processing of its personal information through software agents [17].…”

Section: Formal System Descriptionmentioning

confidence: 99%

Privacy Verification Using Ontologies

Kost

Freytag

Kargl

et al. 2011

2011 Sixth International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Abstract-As information systems extensively exchange information between participants, privacy concerns may arise from its potential misuse. A Privacy by Design (PbD) approach considers privacy requirements of different stakeholders during the design and the implementation of a system. Currently, a comprehensive approach for privacy requirement engineering, implementation, and verification is largely missing. This paper extends current design methods by additional (formal) steps which take advantage of ontologies. The proposed extensions result in a systematic approach that better protects privacy in future information systems.

show abstract

A Formal Privacy Management Framework

Cited by 30 publications

References 21 publications

Accountability for data protection

Accountability for data protection

Privacy by design

Privacy Verification Using Ontologies

Contact Info

Product

Resources

About