TY - JOUR
T1 - Dynamic generation of access control policies from social policies
AU - Van Binsbergen, L. Thomas
AU - Kebede, Milen G.
AU - Baugh, Joshua
AU - Engers, Tom Van
AU - Van Vuurden, Dannis G.
N1 - Publisher Copyright:
© 2021 Elsevier B.V.. All rights reserved.
PY - 2021
Y1 - 2021
N2 - Access to and processing of personal data is regulated by norms that are written down in legal source documents, including laws, regulations and contracts. Compliance can be automated through the formalisation of these norms, reducing human effort and making the applied interpretations explicit. In addition, trust between parties may increase, thus promoting collaborations to gain more insights from sharing data. Although several policy specification languages have been proposed, there are not many that can be used to specify both social policies, such as privacy regulations and contracts, and system-level policies such as those used for access control. In this work, we present extensions to eFLINT, a domain-specific language developed to formalise norms from various sources. The extensions make it possible to interconnect social and system-level policies. We demonstrate the new features of eFLINT within the healthcare domain by formalising the regulatory document of the SIOPE DIPG/DMG Network, a consortium established to advance research into a rare form of pediatric brain cancer, and by showing how the resulting specifications are used to automate compliance checking of access and processing requests made by members of the consortium.
AB - Access to and processing of personal data is regulated by norms that are written down in legal source documents, including laws, regulations and contracts. Compliance can be automated through the formalisation of these norms, reducing human effort and making the applied interpretations explicit. In addition, trust between parties may increase, thus promoting collaborations to gain more insights from sharing data. Although several policy specification languages have been proposed, there are not many that can be used to specify both social policies, such as privacy regulations and contracts, and system-level policies such as those used for access control. In this work, we present extensions to eFLINT, a domain-specific language developed to formalise norms from various sources. The extensions make it possible to interconnect social and system-level policies. We demonstrate the new features of eFLINT within the healthcare domain by formalising the regulatory document of the SIOPE DIPG/DMG Network, a consortium established to advance research into a rare form of pediatric brain cancer, and by showing how the resulting specifications are used to automate compliance checking of access and processing requests made by members of the consortium.
KW - Access control
KW - GDPR
KW - Healthcare data sharing
KW - Policy specification languages
UR - http://www.scopus.com/inward/record.url?scp=85124627189&partnerID=8YFLogxK
U2 - 10.1016/j.procs.2021.12.221
DO - 10.1016/j.procs.2021.12.221
M3 - Conference article
AN - SCOPUS:85124627189
SN - 1877-0509
VL - 198
SP - 140
EP - 147
JO - Procedia Computer Science
JF - Procedia Computer Science
T2 - 12th International Conference on Emerging Ubiquitous Systems and Pervasive Networks, EUSPN 2021 / 11th International Conference on Current and Future Trends of Information and Communication Technologies in Healthcare, ICTH 2021
Y2 - 1 November 2021 through 4 November 2021
ER -