Security Analysis and Legal Compliance Checking for the Design of Privacy-friendly Information Systems

Publons ID(not set)
Wos IDWOS:000614039400028
Doi10.1145/3078861.3078879
TitleSecurity Analysis and Legal Compliance Checking for the Design of Privacy-friendly Information Systems
First Author
Last Author
AuthorsGuarda, P; Ranise, S; Siswantoro, H;
Publish Date2017
Journal NamePROCEEDINGS OF THE 22ND ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES (SACMAT'17)
Citation8
AbstractNowadays, most of business practices involve personal data processing of customers and employees. This is strictly regulated by legislation to protect the rights of the data subject. Enforcing regulation into enterprise information system is a non-trivial task that requires an interdisciplinary approach. This paper presents a declarative framework to support the specification of information system designs, purpose-aware access control policies, and the legal requirements derived from the European Data Protection Directive. This allows for compliance checking via a reduction to policy refinement that is supported by available automated tools. We briefly discuss the results of the compliance analysis with a prototype tool on a simple but realistic scenario about the processing of personal data to produce salary slips of employees in an Italian organization.
Publish TypeBook
Publish Year2017
Page Begin247
Page End254
Issn
Eissn
Urlhttps://www.webofscience.com/wos/woscc/full-record/WOS:000614039400028
AuthorIr HARI SISWANTORO, S.T, M.T, Ph.D
File135967.pdf