Nowadays, most of business practices involve personal data pro- cessing of customers and employees. This is strictly regulated by legislation to protect the rights of the data subject. Enforcing regulation into enterprise information system is a non-trivial task that requires an interdisciplinary approach. This paper presents a declarative framework to support the specification of information system designs, purpose-aware access control policies, and the legal requirements derived from the European Data Protection Directive. This allows for compliance checking via a reduction to policy refinement that is supported by available automated tools. We briefly discuss the results of the compliance analysis with a prototype tool on a simple but realistic scenario about the processing of personal data to produce salary slips of employees in an Italian organization.
Security Analysis and Legal Compliance Checking for the Design of Privacy-friendly Information Systems / Guarda, P.; Ranise, Silvio; Siswantoro, Hari. - ELETTRONICO. - (2017), pp. 247-254. (Intervento presentato al convegno SACMAT Symposium on Access Control Models and Technologies tenutosi a Indianapolis, Indiana, USA nel 21-23 June 2017) [10.1145/3078861.3078879].
Security Analysis and Legal Compliance Checking for the Design of Privacy-friendly Information Systems
Guarda P.;Ranise, Silvio;Siswantoro, Hari
2017-01-01
Abstract
Nowadays, most of business practices involve personal data pro- cessing of customers and employees. This is strictly regulated by legislation to protect the rights of the data subject. Enforcing regulation into enterprise information system is a non-trivial task that requires an interdisciplinary approach. This paper presents a declarative framework to support the specification of information system designs, purpose-aware access control policies, and the legal requirements derived from the European Data Protection Directive. This allows for compliance checking via a reduction to policy refinement that is supported by available automated tools. We briefly discuss the results of the compliance analysis with a prototype tool on a simple but realistic scenario about the processing of personal data to produce salary slips of employees in an Italian organization.File | Dimensione | Formato | |
---|---|---|---|
p247-guarda.pdf
Solo gestori archivio
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.51 MB
Formato
Adobe PDF
|
1.51 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione