A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive

Kaniz Fatema; Christophe Debruyne; Dave Lewis; Declan Osullivan; John P. Morrison; Abdullah Al Mazed

doi:10.1109/SPW.2016.16

A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive

Kaniz Fatema
, Christophe Debruyne
, Dave Lewis
, Declan Osullivan
, John P. Morrison
, Abdullah Al Mazed

School of Computer Science and Information Technology

Trinity College Dublin
Next Gen Security

Research output: Chapter in Book/Report/Conference proceedings › Conference proceeding › peer-review

Abstract

Handling personal data in a legally compliant way is an important factor for ensuring the trustworthiness of a service provider. The EU data protection directive (EU DPD) is built in such a way that the outcomes of rules are subject to explanations, contexts with dependencies, and human interpretation. Therefore, the process of obtaining deterministic and formal rules in policy languages from the EU DPD is difficult to fully automate. To tackle this problem, we demonstrate in this paper the use of a Controlled Natural Language (CNL) to encode the rules of the EU DPD, in a manner that can be automatically converted into the policy languages XACML and PERMIS. We also show that forming machine executable rules automatically from the controlled natural language grammar not only has the benefit of ensuring the correctness of those rules but also has potential of making the overall process more efficient.

Original language	English
Title of host publication	Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	25-32
Number of pages	8
ISBN (Electronic)	9781509008247
DOIs	https://doi.org/10.1109/SPW.2016.16
Publication status	Published - 1 Aug 2016
Event	2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016 - San Jose, United States Duration: 23 May 2016 → 25 May 2016

Publication series

Name	Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016

Conference

Conference	2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016
Country/Territory	United States
City	San Jose
Period	23/05/16 → 25/05/16

Keywords

Access Control
Conflict Resolution
Controlled Natural Language
EU Data Protection Directive
Legal PDP
Rules

Access to Document

10.1109/SPW.2016.16

Cite this

Fatema, K., Debruyne, C., Lewis, D., Osullivan, D., Morrison, J. P., & Mazed, A. A. (2016). A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive. In Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016 (pp. 25-32). Article 7527749 (Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SPW.2016.16

Fatema, Kaniz ; Debruyne, Christophe ; Lewis, Dave et al. / A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive. Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 25-32 (Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016).

@inproceedings{5eabe85c867f426391bf28be5c9eefe1,

title = "A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive",

abstract = "Handling personal data in a legally compliant way is an important factor for ensuring the trustworthiness of a service provider. The EU data protection directive (EU DPD) is built in such a way that the outcomes of rules are subject to explanations, contexts with dependencies, and human interpretation. Therefore, the process of obtaining deterministic and formal rules in policy languages from the EU DPD is difficult to fully automate. To tackle this problem, we demonstrate in this paper the use of a Controlled Natural Language (CNL) to encode the rules of the EU DPD, in a manner that can be automatically converted into the policy languages XACML and PERMIS. We also show that forming machine executable rules automatically from the controlled natural language grammar not only has the benefit of ensuring the correctness of those rules but also has potential of making the overall process more efficient.",

keywords = "Access Control, Conflict Resolution, Controlled Natural Language, EU Data Protection Directive, Legal PDP, Rules",

author = "Kaniz Fatema and Christophe Debruyne and Dave Lewis and Declan Osullivan and Morrison, \{John P.\} and Mazed, \{Abdullah Al\}",

note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016 ; Conference date: 23-05-2016 Through 25-05-2016",

year = "2016",

month = aug,

day = "1",

doi = "10.1109/SPW.2016.16",

language = "English",

series = "Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "25--32",

booktitle = "Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016",

address = "United States",

}

Fatema, K, Debruyne, C, Lewis, D, Osullivan, D, Morrison, JP & Mazed, AA 2016, A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive. in Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016., 7527749, Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016, Institute of Electrical and Electronics Engineers Inc., pp. 25-32, 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016, San Jose, United States, 23/05/16. https://doi.org/10.1109/SPW.2016.16

A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive. / Fatema, Kaniz; Debruyne, Christophe; Lewis, Dave et al.
Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016. Institute of Electrical and Electronics Engineers Inc., 2016. p. 25-32 7527749 (Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016).

Research output: Chapter in Book/Report/Conference proceedings › Conference proceeding › peer-review

TY - GEN

T1 - A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive

AU - Fatema, Kaniz

AU - Debruyne, Christophe

AU - Lewis, Dave

AU - Osullivan, Declan

AU - Morrison, John P.

AU - Mazed, Abdullah Al

PY - 2016/8/1

Y1 - 2016/8/1

N2 - Handling personal data in a legally compliant way is an important factor for ensuring the trustworthiness of a service provider. The EU data protection directive (EU DPD) is built in such a way that the outcomes of rules are subject to explanations, contexts with dependencies, and human interpretation. Therefore, the process of obtaining deterministic and formal rules in policy languages from the EU DPD is difficult to fully automate. To tackle this problem, we demonstrate in this paper the use of a Controlled Natural Language (CNL) to encode the rules of the EU DPD, in a manner that can be automatically converted into the policy languages XACML and PERMIS. We also show that forming machine executable rules automatically from the controlled natural language grammar not only has the benefit of ensuring the correctness of those rules but also has potential of making the overall process more efficient.

AB - Handling personal data in a legally compliant way is an important factor for ensuring the trustworthiness of a service provider. The EU data protection directive (EU DPD) is built in such a way that the outcomes of rules are subject to explanations, contexts with dependencies, and human interpretation. Therefore, the process of obtaining deterministic and formal rules in policy languages from the EU DPD is difficult to fully automate. To tackle this problem, we demonstrate in this paper the use of a Controlled Natural Language (CNL) to encode the rules of the EU DPD, in a manner that can be automatically converted into the policy languages XACML and PERMIS. We also show that forming machine executable rules automatically from the controlled natural language grammar not only has the benefit of ensuring the correctness of those rules but also has potential of making the overall process more efficient.

KW - Access Control

KW - Conflict Resolution

KW - Controlled Natural Language

KW - EU Data Protection Directive

KW - Legal PDP

KW - Rules

UR - https://www.scopus.com/pages/publications/85008627544

U2 - 10.1109/SPW.2016.16

DO - 10.1109/SPW.2016.16

M3 - Conference proceeding

AN - SCOPUS:85008627544

T3 - Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016

SP - 25

EP - 32

BT - Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016

Y2 - 23 May 2016 through 25 May 2016

ER -

Fatema K, Debruyne C, Lewis D, Osullivan D, Morrison JP, Mazed AA. A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive. In Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016. Institute of Electrical and Electronics Engineers Inc. 2016. p. 25-32. 7527749. (Proceedings - 2016 IEEE Symposium on Security and Privacy Workshops, SPW 2016). doi: 10.1109/SPW.2016.16

A Semi-Automated Methodology for Extracting Access Control Rules from the European Data Protection Directive

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this