Nowadays, most of business practices involve personal data pro- cessing of customers and employees. This is strictly regulated by legislation to protect the rights of the data subject. Enforcing regulation into enterprise information system is a non-trivial task that requires an interdisciplinary approach. This paper presents a declarative framework to support the specification of information system designs, purpose-aware access control policies, and the legal requirements derived from the European Data Protection Directive. This allows for compliance checking via a reduction to policy refinement that is supported by available automated tools. We briefly discuss the results of the compliance analysis with a prototype tool on a simple but realistic scenario about the processing of personal data to produce salary slips of employees in an Italian organization.

Security Analysis and Legal Compliance Checking for the Design of Privacy-friendly Information Systems / Guarda, P.; Ranise, Silvio; Siswantoro, Hari. - ELETTRONICO. - (2017), pp. 247-254. (Intervento presentato al convegno SACMAT Symposium on Access Control Models and Technologies tenutosi a Indianapolis, Indiana, USA nel 21-23 June 2017) [10.1145/3078861.3078879].

Security Analysis and Legal Compliance Checking for the Design of Privacy-friendly Information Systems

Guarda P.;Ranise, Silvio;Siswantoro, Hari
2017-01-01

Abstract

Nowadays, most of business practices involve personal data pro- cessing of customers and employees. This is strictly regulated by legislation to protect the rights of the data subject. Enforcing regulation into enterprise information system is a non-trivial task that requires an interdisciplinary approach. This paper presents a declarative framework to support the specification of information system designs, purpose-aware access control policies, and the legal requirements derived from the European Data Protection Directive. This allows for compliance checking via a reduction to policy refinement that is supported by available automated tools. We briefly discuss the results of the compliance analysis with a prototype tool on a simple but realistic scenario about the processing of personal data to produce salary slips of employees in an Italian organization.
2017
SACMAT ‘17 Abstracts Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies
New York, NY, USA
ACM
978-1-4503-4702-0
Guarda, P.; Ranise, Silvio; Siswantoro, Hari
Security Analysis and Legal Compliance Checking for the Design of Privacy-friendly Information Systems / Guarda, P.; Ranise, Silvio; Siswantoro, Hari. - ELETTRONICO. - (2017), pp. 247-254. (Intervento presentato al convegno SACMAT Symposium on Access Control Models and Technologies tenutosi a Indianapolis, Indiana, USA nel 21-23 June 2017) [10.1145/3078861.3078879].
File in questo prodotto:
File Dimensione Formato  
p247-guarda.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 1.51 MB
Formato Adobe PDF
1.51 MB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/194630
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 12
  • ???jsp.display-item.citation.isi??? 8
  • OpenAlex ND
social impact