Formalising Requirements for a Biobank Case Study Using a Logic for Consent and Revocation

Agrafiotis, Ioannis; Creese, Sadie; Goldsmith, Michael

doi:10.1007/978-3-642-31668-5_18

Cited by 2 publications

(4 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We note here the previous work by Samarati et al [27] which treats further the divide between high-level policies and low-level enforcement mechanisms.…”

Section: Policy Layers and Dependencies In Organisationsmentioning

confidence: 68%

A Conceptual Model for Privacy Policies with Consent and Revocation Requirements

Mont¹,

Pearson²,

Creese

et al. 2011

IFIP Advances in Information and Communication Technology

Self Cite

View full text Add to dashboard Cite

Abstract. This paper proposes a conceptual model for privacy policies that takes into account privacy requirements arising from different stakeholders, with legal, business and technical backgrounds. Current approaches to privacy management are either high-level, enforcing privacy of personal data using legal compliance, risk and impact assessments, or low-level, focusing on the technical implementation of access controls to personal data held by an enterprise. High-level approaches tend to address privacy as an afterthought in ordinary business practice, and involve ad hoc enforcement practices; low-level approaches often leave out important legal and business considerations focusing solely on technical management of privacy policies. Hence, neither is a panacea and the low level approaches are often not adopted in real environments. Our conceptual model provides a means to express privacy policy requirements as well as users' privacy preferences. It enables structured reasoning regarding containment and implementation between various policies at the high level, and enables easy traceability into the low-level policy implementations. Thus it offers a means to reason about correctness that links low-level privacy management mechanisms to stakeholder requirements, thereby encouraging exploitation of the low-level methods. We also present the notion of a consent and revocation policy. A consent and revocation policy is different from a privacy policy in that it defines not enterprise practices with regards to personal data, but more specifically, for each item of personal data held by an enterprise, what consent preferences a user may express and to what degree, and in what ways he or she can revoke their personal data. This builds on earlier work on defining the different forms of revocation for personal data, and on formal models of consent and revocation processes. The work and approach discussed in this paper is currently carried out in the context of the UK collaborative project EnCoRe (Ensuring Consent and Revocation).

show abstract

“…We note here the previous work by Samarati et al [27] which treats further the divide between high-level policies and low-level enforcement mechanisms.…”

Section: Policy Layers and Dependencies In Organisationsmentioning

confidence: 68%

A Conceptual Model for Privacy Policies with Consent and Revocation Requirements

Mont¹,

Pearson²,

Creese

et al. 2011

IFIP Advances in Information and Communication Technology

Self Cite

View full text Add to dashboard Cite

show abstract

“…We have concluded that there exist at least eight different types of revocation [6]. These are: We have applied our model to a real world case study, in order to validate it and elicit requirements for the EnCoRe system [7]. Our logic is designed to provide a formal verification framework for privacy and identity management systems.…”

Section: Modelling Consent and Revocationmentioning

confidence: 99%

“…Our logic is designed to provide a formal verification framework for privacy and identity management systems. It fills the gap between data-privacy policy languages and high-level requirements by focusing on the semantics of the process of consent and revocation when applied to the handling and use of personal data [7].…”

Section: Modelling Consent and Revocationmentioning

confidence: 99%

See 1 more Smart Citation

Applying Formal Methods to Detect and Resolve Ambiguities in Privacy Requirements

Agrafiotis

Creese

Goldsmith

et al. 2011

IFIP Advances in Information and Communication Technology

Self Cite

View full text Add to dashboard Cite

Abstract. In this paper, we demonstrate how formal methods can be used to unambiguously express privacy requirements. We focus on requirements for consent and revocation controls in a real world case study that has emerged within the EnCoRe project. We analyse the ambiguities and issues that arise when requirements expressed in natural language are transformed into a formal notation, and propose solutions to address these issues. These ambiguities were brought to our attention only through the use of a formal notation, which we have designed specifically for this purpose.

show abstract

Formalising Requirements for a Biobank Case Study Using a Logic for Consent and Revocation

Cited by 2 publications

References 6 publications

A Conceptual Model for Privacy Policies with Consent and Revocation Requirements

A Conceptual Model for Privacy Policies with Consent and Revocation Requirements

Applying Formal Methods to Detect and Resolve Ambiguities in Privacy Requirements

Contact Info

Product

Resources

About