Abstract
Collaborating entities usually require the exchange of personal information for the achievement of a common goal, including enabling business transactions and the provisioning of critical services. A key issue affecting these interactions is the lack of control on how data is going to be used and processed by the entities that share it. To partially solve the issue, parties may have defined a set of data sharing policies regulating the exchange of data they own, or over which they have jurisdiction. However, distinct set of policies, defined by different authorities, may lead to conflicts once enacted, since, e.g., different subjects may have defined different permissions on the same data set. This paper focuses on policy analysis and offers a formal support for coming up with a conflict-free set of data sharing policies. We illustrate the methodology on the example of an emergency management.
The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant no 257930 (Aniketos) and under grant no 256980 (NESSoS), and from the IIT internal project Mobi-Care.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Matteucci, I., Petrocchi, M., Sbodio, M.L., Wiegand, L.: A Design Phase for Data Sharing Agreements. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 25–41. Springer, Heidelberg (2012)
Oklahoma Health Care Authority: Interagency Agreement, http://www.okhca.org/provider/contracts/ffs/pdflib/mhcm_over21.pdf (last access April 11, 2012)
National Research Network: Data Sharing Agreement Template, www.researchtoolkit.org/primer/docs/AAFP-NRNDUA.pdf (last access April 11, 2012)
National Collaborative on Workforce and Disability: Sample Inter-Agency Data Sharing Agreement, http://www.ncwd-youth.info/assets/guides/assessment/sample_forms/data_share.pdf (last access April 11, 2012)
Matteucci, I., Petrocchi, M., Sbodio, M.L.: CNL4DSA: a Controlled Natural Language for Data Sharing Agreements. In: SAC: Privacy on the Web Track, pp. 616–620. ACM (2010)
Larsen, K.G., Thomsen, B.: A modal process logic. In: LICS, pp. 203–210 (1988)
Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C. (eds.): All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007)
Verdejo, A., Martí-Oliet, N.: Implementing CCS in Maude 2. ENTCS, vol. 71 (2002)
Colombo, M., Martinelli, F., Matteucci, I., Petrocchi, M.: Context-aware analysis of data sharing agreements. In: Advances in Human-Oriented and Personalized Mechanisms, Technologies and Services (2010)
Ölveczky, P.C., Meseguer, J.: Semantics and pragmatics of Real-Time Maude. Higher-Order and Symbolic Computation 20(1-2), 161–196 (2007)
AlTurki, M., Meseguer, J.: PVeStA: A Parallel Statistical Model Checking and Quantitative Analysis Tool. In: Corradini, A., Klin, B., Cîrstea, C. (eds.) CALCO 2011. LNCS, vol. 6859, pp. 386–392. Springer, Heidelberg (2011)
North American Electronic Reliability Corporation: Critical infrastructure protection: Security guidelines, http://www.nerc.com (last access April 19, 2012)
U.S. Department of Justice: Justice information sharing, http://it.ojp.gov/default.aspx (last access April 19, 2012)
Natural Resources Canada: Best practices for sharing sensitive environmental geospatial data (2010), www.geoconnections.org
US Fire Administration: Critical infrastructure protection – information sharing and analysis center, http://www.usfa.fema.gov/fireservice/subjects/emr-isac/ (last access April 19, 2012)
Abadi, M.: Logic in Access Control. In: LICS, p. 228. IEEE (2003)
Bicarregui, J., Arenas, A.E., Aziz, B., Massonet, P., Ponsard, C.: Towards Modelling Obligations in Event-B. In: Börger, E., Butler, M., Bowen, J.P., Boca, P. (eds.) ABZ 2008. LNCS, vol. 5238, pp. 181–194. Springer, Heidelberg (2008)
Arenas, A.E., Aziz, B., Bicarregui, J., Wilson, M.D.: An Event-B Approach to Data Sharing Agreements. In: Méry, D., Merz, S. (eds.) IFM 2010. LNCS, vol. 6396, pp. 28–42. Springer, Heidelberg (2010)
Ni, Q., et al.: Privacy-aware Role-based Access Control. ACM Transactions on Information and System Security 13 (2010)
Policy Design Tool (2009), http://www.alphaworks.ibm.com/tech/policydesigntool
De Nicola, R., Ferrari, G.-L., Pugliese, R.: Programming Access Control: The KLAIM Experience. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 48–65. Springer, Heidelberg (2000)
Hansen, R.R., Nielson, F., Nielson, H.R., Probst, C.W.: Static Validation of Licence Conformance Policies. In: ARES, pp. 1104–1111 (2008)
Scalavino, E., Gowadia, V., Lupu, E.C.: PAES: Policy-Based Authority Evaluation Scheme. In: DBSec, pp. 268–282 (2009)
Scalavino, E., Russello, G., Ball, R., Gowadia, V., Lupu, E.C.: An Opportunistic Authority Evaluation Scheme for Data Security in Crisis Management Scenarios. In: ASIACCS (2010)
Craven, R., et al.: Expressive Policy Analysis with Enhanced System Dynamicity. In: ASIACCS (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Martinelli, F., Matteucci, I., Petrocchi, M., Wiegand, L. (2012). A Formal Support for Collaborative Data Sharing. In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds) Multidisciplinary Research and Practice for Information Systems. CD-ARES 2012. Lecture Notes in Computer Science, vol 7465. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32498-7_42
Download citation
DOI: https://doi.org/10.1007/978-3-642-32498-7_42
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32497-0
Online ISBN: 978-3-642-32498-7
eBook Packages: Computer ScienceComputer Science (R0)