a semi automated methodology
play

A Semi-Automated Methodology for extracting access control rules - PowerPoint PPT Presentation

Jan 20, 2023 •246 likes •531 views

A Semi-Automated Methodology for extracting access control rules from the EU- DPD Dr. Kaniz Fatema Research Fellow ADAPT Centre Trinity College Dublin, Ireland E: Kaniz.Fatema@scss.tcd.ie IWPE 16, San Jose, CA. The ADAPT Centre is funded

  1. A Semi-Automated Methodology for extracting access control rules from the EU- DPD Dr. Kaniz Fatema Research Fellow ADAPT Centre Trinity College Dublin, Ireland E: Kaniz.Fatema@scss.tcd.ie IWPE 16, San Jose, CA. The ADAPT Centre is funded under the SFI Research Centres Programme (Grant 13/RC/2106) and is co-funded under the European Regional Development Fund.

  2. Policy Based Authorisation System www.adaptcentre.ie Access to the resource is protected by policies. Database PEP PDP Policies PEP=Policy Enforcement Point PDP=Policy Decision Point Authorisation system

  3. Authors of Privacy Policies www.adaptcentre.ie Privacy Policies may be defined by a number of authors.  Data subject, - whose data is being accessed.  Issuer , e.g.- The Doctor for medical note, University for degree certificate, data subject is the issuer of personal information such as favorite drink.  Controller, e.g.- the health insurance company holding medical record of the data subject, or facebook for personal data.  Law , e.g.- EU data protection directive.

  4. The Proposed System (in a Simplified Form) www.adaptcentre.ie PEP Database 1 4 2 3 Master PDP CRP Data Contr CRP=Conflict Legal Issuer subject oller PDP PDP Resolution Policy PDP PDP CRR=Conflict The authorisation system Access Resolution Rule {condition, DCR} Control DCR=Decision Policies Combining Rule 4

  5. The Methodology for Obtaining Legal Policies www.adaptcentre.ie • Step1. Listing the Legal provisions that are directly related to access control. • Step2. Analysing and Extracting the Legal Access Control Policy • Step3. Refining the Access Control Policies • Step4. The formalization of the access control rules using CNL • Step 5. Convert the controlled natural language rules into executable rules • Step 6. Validate the obtained Legal rules. 5

  6. Step1. Listing the Legal Provisions www.adaptcentre.ie Related to Access Control. The European Union Data Protection Directive consists of eight chapters and 34 articles. For our implementation we considered only the articles directly related to access control. Keywords: process , prohibit , access , collect , block , transfer (i.e. mentions an action on personal data) 6

  7. Step 1 (continued…) www.adaptcentre.ie For example, Article 8.4 states that “Subject to the provision of suitable safeguards, Member States may, for reasons of substantial public interest, lay down exemptions in addition to those laid down in paragraph 2 either by national law or by decision of the supervisory authority.”

  8. Step2. Analysing and Extracting the Legal www.adaptcentre.ie Access Control Policy Access control rules are those that are capable of answering who is allowed to do what on personal data under what condition/s . or On what conditions the personal data can be accessed. 8

  9. Analysing the Legal Texts in Step 2 www.adaptcentre.ie The article 6.1 (a) says “personal data must be processed fairly and lawfully” – This legal rule is too vague to form an automated access control rule. Later in article 7 the criteria for making data processing legitimate are described, these are converted into access control rules. 9

  10. Analysing the Legal Texts in Step 2 (Cont...) www.adaptcentre.ie Article 12(b) states that “ as appropriate the rectification, erasure or blocking of data the processing of which does not comply with the provisions of this Directive” This is not possible to convert into an automated rule as it requires human judgement to ensure that the processing complies with the directive or not. 10

  11. Analysing the Legal Texts in Step 2 (Cont...) www.adaptcentre.ie Article 7(f) “processing of personal data for legitimate interest are allowed except where such interests are overridden by the fundamental rights and freedom of data subject ” It presents an extremely complex condition where the balance of interests are not feasible to be presented in an access control policy.

  12. Step3. Refining the Access Control Policies www.adaptcentre.ie • Grouping similar rules together. • Ordering them in terms of the exceptions that need to be evaluated before the ones without exceptions. For example, data subjects are allowed unconditional access to their personal data that are held by a data controller, but not if law enforcement would be jeopardised by this. Consequently the rule that concerns law enforcement must be evaluated before the rule that grants the data subject unconditional access. 12

  13. Step4. The Formalization Rules Using CNL www.adaptcentre.ie • Subject (who) • Action (can/cannot perform what) • Resource (on which data item) • Condition (under which conditions) • Effect (grant/deny/BreakTheGlass) • Obligation (subject to these actions being carried out) 13

  14. Example of CNL Converted Rules www.adaptcentre.ie Policy Articles Legal Natural Language Policies No. 1. Article If the requested purpose of processing does not match with any of the original purposes of 6.1 (b) collection or is not for a historical purpose/statistical purpose / scientific purpose deny the request. No. Controlled Natural Language Rule in ABNF of rule 1. ACR 1: If the Action:Purpose:string is not the Resource:PurposesOfCollection:string OR the Action:Purpose:string is not a "historical purpose" / "statistical purpose" / "scientific purpose" then Deny the Access to the PersonalData.

  15. Step 5. Convert the CNL into Executable Rules www.adaptcentre.ie 15

  16. Example of intermediate.xml www.adaptcentre.ie <rule-definition>ACR <rule-id><STRING>3</STRING></rule-id>: <rule-statement>If <conditions><condition> “ACR 3: If the <article>the</article> <attributes><attribute> Environment:RequestTime: <category>Environment</category>: date is less than <name><STRING>RequestTime</STRING> </name>:<type>date</type> Resource:ValidityTime:date </attribute></attributes> then Deny the Access to the <relationalOperator>is less than</relationalOperator> <attributes><attribute> PersonalData .” <category>Resource</category>: <name><STRING>ValidityTime</STRING> </name>:<type>date</type></attribute></attributes> </condition></conditions> then <GrantOrDeny>Deny</GrantOrDeny><article>the</arti cle> CNL rules <actions><action><word>Access</word></action></ac tions> <prep>to</prep><article>the</article> <ResourceType><word>PersonalData</word></Resour ceType></rule-statement>.</rule-definition>

  17. Example of XACML policy produced from the input.txt www.adaptcentre.ie <attribute> <ResourceAttributeDesign <category>Resource</category ator >: AttributeId="ValidityTime" <name><STRING>ValidityTime DataType="http://www.w3.or </STRING> g/2001/XMLSchema#date"/> </name>:<type>date</type>< /attribute> Intermediate.xml XACML policy.xml

  18. Step 6. Validate the Obtained Legal Rules www.adaptcentre.ie Use Cases Preferences are converted Chooses into policies preferences Authorisation Subject system of Kent Data Subject’s Health Centre PDP 18 18

  19. Use Cases (Continued …) www.adaptcentre.ie Data Subject’s Policy • The Doctor of Kent Health centre can read / write /update my medical data. • Researcher are allowed to read my medical data if the data can be anonymised. 19

  20. Use Cases (Continued …) www.adaptcentre.ie Medical record of subject Authorisation system of Kent Health Centre Treating Dr Legal CRP returns DCR=GrantOverrides Legal PDP returns decison = Grant 20

  21. Use Cases (Continued …) www.adaptcentre.ie Medical record of subject Subject Authorisation system of Kent Health Centre Legal CRP returns DCR=GrantOverrides Legal PDP returns decision = Grant 21 21

  22. Use Cases (Continued …) www.adaptcentre.ie Medical record of subject Authorisation system of Kent Health Centre Dr at London hospital Legal CRP returns DCR=GrantOverrides Legal PDP returns decision = BTG 22 22

  23. Use Cases (Continued …) www.adaptcentre.ie Medical record of subject Subject Authorisation system of Kent Health Centre Therapeutic Exception=true Legal CRP returns DCR=DenyOverrides Legal PDP returns decision = Deny 23 23

  24. Use Cases (Continued …) www.adaptcentre.ie Medical record of subject Authorisation system of Researcher Kent Health Centre Legal CRP returns DCR=DenyOverrides Data Subject’s PDP returns decision = Grant with obligation to anonymise data 24 24

  25. Facts and Findings www.adaptcentre.ie We applied our approach on 53 rules of the EU DPD. From the 53 rules of the EU DPD that were considered for analysis in step 2, 27 of them could contribute to the construction of enforceable authorisation rules. However, 14 rules among these 53 are found to be guidelines or instructions only and did not therefore map into authorisation rules. 3 rules are supported by the system design. The remaining 9 rules are found to be too dependent on other laws or human judgement to be turned into access control rules by themselves.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

From Web 2.0 to Semantic Web A Semi-Automated Approach Andreas He, Christian Maa and Francis

From Web 2.0 to Semantic Web A Semi-Automated Approach Andreas He, Christian Maa and Francis

From Web 2.0 to Semantic Web A Semi-Automated Approach Andreas He, Christian Maa and Francis Dierick Lycos Europe 01/06/2008 | 1 Outline Motivation Proposals for better tagging Tag suggestion / semi-automated tagging Tag

478 views • 32 slides
Semi-Automated Cartographic Techniques to Analyse the Geomorphometric Parameters in High Altitude

Semi-Automated Cartographic Techniques to Analyse the Geomorphometric Parameters in High Altitude

Semi-Automated Cartographic Techniques to Analyse the Geomorphometric Parameters in High Altitude Glacierised Terrain using SRTM DEM Data M. TAMIL SELVAN Remote Sensing and GIS Centre Jawaharlal Nehru University, New Delhi, India

544 views • 37 slides
EVALUATI ON OF SEMI - AUTOMATED ONTOLOGY I NSTANCE MI GRATI ON Maxim Davidovsky Zaporozhye

EVALUATI ON OF SEMI - AUTOMATED ONTOLOGY I NSTANCE MI GRATI ON Maxim Davidovsky Zaporozhye

EVALUATI ON OF SEMI - AUTOMATED ONTOLOGY I NSTANCE MI GRATI ON Maxim Davidovsky Zaporozhye National University Vadim Ermolayev Vyacheslav Tolok Wolf-Ekkehard Matzke Cadence Design Systems GmbH 4-th International Symposium on

712 views • 22 slides
Semi Annual Board Update Introduction I d i Portfolio engineering methodology

Semi Annual Board Update Introduction I d i Portfolio engineering methodology

Semi Annual Board Update Introduction I d i Portfolio engineering methodology Portfolio engineering methodology Fund composition Fund composition Performance Current economic conditions and future rebalancing b l

407 views • 36 slides
Semi-Automated Analysis Software for a Novel Biochemistry Assay A thesis submitted in partial

Semi-Automated Analysis Software for a Novel Biochemistry Assay A thesis submitted in partial

Semi-Automated Analysis Software for a Novel Biochemistry Assay A thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in Computer Science Joseph Vesco Special Thanks Dr. Frederick C. Harris, Jr.

785 views • 54 slides
Semi-Automated Underwater Video Mapping System Christopher Butler, Clifton Robertson, Brian

Semi-Automated Underwater Video Mapping System Christopher Butler, Clifton Robertson, Brian

Semi-Automated Underwater Video Mapping System Christopher Butler, Clifton Robertson, Brian Marsh, and Aaron Kline Mentors: Dr. Paul Ayers, Dr. Raj Raman, and Dr. Daniel Yoder Underwater Habitats Problems Human Activity Over

353 views • 16 slides
Semi-Automated Magazine Layout Using Content-Based Image Features Mikko Kuhna Aalto University

Semi-Automated Magazine Layout Using Content-Based Image Features Mikko Kuhna Aalto University

ACM Multimedia 12 31.10.2012 Semi-Automated Magazine Layout Using Content-Based Image Features Mikko Kuhna Aalto University Ida-Maria Kivel School of Science Pirkko Oittinen Department of Media Technology Contents 1. Introduction

896 views • 42 slides
Intelligent Indexing: A Semi-Automated, Trainable System for Field Labeling Robert Clawson, Bill

Intelligent Indexing: A Semi-Automated, Trainable System for Field Labeling Robert Clawson, Bill

Intelligent Indexing: A Semi-Automated, Trainable System for Field Labeling Robert Clawson, Bill Barrett Brigham Young University What is indexing? Currently Our Research 5-10 times faster More accurate More enjoyable Word

264 views • 15 slides
A Semi-Automatic Methodology for Repairing Faulty Web Sites M. Alpuente 1 , D. Ballis 2 , M.

A Semi-Automatic Methodology for Repairing Faulty Web Sites M. Alpuente 1 , D. Ballis 2 , M.

A Semi-Automatic Methodology for Repairing Faulty Web Sites M. Alpuente 1 , D. Ballis 2 , M. Falaschi 3 and J. Garca-Viv 1 1 DSIC, Universidad Politcnica de Valencia, Camino de Vera s/n, Apdo. 22012, 1 DSIC, Universidad Politcnica de

814 views • 38 slides
Towards an Improved Methodology for Automated Readability Prediction Philip van Oosten, Dries

Towards an Improved Methodology for Automated Readability Prediction Philip van Oosten, Dries

Towards an Improved Methodology for Automated Readability Prediction Philip van Oosten, Dries Tanghe, V eronique Hoste LT 3 Language and Translation Technology Team Faculty of Translation Studies University College Ghent { philip.vanoosten,

477 views • 32 slides
Semi-automatic generation of multilingual glossaries Ilan Kernerman K Dictionaries Ltd, Tel Aviv

Semi-automatic generation of multilingual glossaries Ilan Kernerman K Dictionaries Ltd, Tel Aviv

MultilingualWeb Workshop Riga, 29 April 2015 Semi-automatic generation of multilingual glossaries Ilan Kernerman K Dictionaries Ltd, Tel Aviv SUMMARY K Dictionaries semi-automated multilingual glossaries stem from our unique English

785 views • 21 slides
Methodology for Comparison and Ranking of SAT Solvers Mladen Nikoli c Third Workshop on

Methodology for Comparison and Ranking of SAT Solvers Mladen Nikoli c Third Workshop on

Introduction Preliminaries Methodology Evaluation Related work Conclusions Methodology for Comparison and Ranking of SAT Solvers Mladen Nikoli c Third Workshop on Formal and Automated Theorem Prooving and Applications January 29, 2010.

974 views • 27 slides
CS 671 Automated Reasoning Reflection Reflection basic methodology Represent object and

CS 671 Automated Reasoning Reflection Reflection basic methodology Represent object and

CS 671 Automated Reasoning Reflection Reflection basic methodology Represent object and meta level in type theory Represent meta-logical concepts as Nuprl terms Express specific object logic in represented meta logic Build

334 views • 9 slides
Automated Model Builder (AMB) and AFCs Presented By: Nate Schweighart TVA Transmission

Automated Model Builder (AMB) and AFCs Presented By: Nate Schweighart TVA Transmission

2008 ITO LG&amp;E/KU Stakeholder Meeting Automated Model Builder (AMB) and AFCs Presented By: Nate Schweighart TVA Transmission Reliability Engineering 1 AFC Methodology-Modeling Process AFC Methodology-Modeling Process Every day TVA

468 views • 12 slides
Why did my car just do that? Explaining semi-autonomous driving actions to improve driver

Why did my car just do that? Explaining semi-autonomous driving actions to improve driver

Why did my car just do that? Explaining semi-autonomous driving actions to improve driver understanding, trust, and performance Hazem Ibrahim Agenda 1. Background and Introduction 2. Methodology 3. Results 4. Discussion 5. Future Work

544 views • 17 slides
Semi-Automated SVG Programming via Direct Manipulation Brian Hempel and Ravi Chugh Direct

Semi-Automated SVG Programming via Direct Manipulation Brian Hempel and Ravi Chugh Direct

Semi-Automated SVG Programming via Direct Manipulation Brian Hempel and Ravi Chugh Direct Manipulation 2 Direct Manipulation Drawing Documents And so many more 3 But not for one application 4 Programming 5 Programming 5

1.2k views • 91 slides
On Timed Models of Gene Networks Gregory Batt, Ramzi Ben Salah, Oded Maler Verimag 2007 Systems

On Timed Models of Gene Networks Gregory Batt, Ramzi Ben Salah, Oded Maler Verimag 2007 Systems

On Timed Models of Gene Networks Gregory Batt, Ramzi Ben Salah, Oded Maler Verimag 2007 Systems Biology Systems Biology: the new gold rush for many mathematical and technical disciplines Biophysics, Biomatics, Bioinformatics, ...

750 views • 54 slides
Nonparametric Variational Auto-encoders for Hierarchical Representation Learning Prasoon Goyal,

Nonparametric Variational Auto-encoders for Hierarchical Representation Learning Prasoon Goyal,

Nonparametric Variational Auto-encoders for Hierarchical Representation Learning Prasoon Goyal, Zhiting Hu, Xiaodan Liang, Chenyu Wang, Eric P. Xing Presented by: Zhi Li Motivation Variational Autoencoders can be used for unsupervised

604 views • 15 slides
Presentation and Management of Uncomplicated vs Complicated Gram Positive Bacteremias CSHP

Presentation and Management of Uncomplicated vs Complicated Gram Positive Bacteremias CSHP

Presentation and Management of Uncomplicated vs Complicated Gram Positive Bacteremias CSHP Symposium June 2020 Julia Cahill BScPhm ACPR MPH FHA Clinical Pharmacy Specialist, AMS Julia.cahill@fraserhealth.ca Presenter Disclosure I have no

776 views • 42 slides
Class Slides CRP 566 Week 3 Firm location, regional trade evaluation Community Economics Slides

Class Slides CRP 566 Week 3 Firm location, regional trade evaluation Community Economics Slides

9/10/2015 Class Slides CRP 566 Week 3 Firm location, regional trade evaluation Community Economics Slides From Shaffer, Deller, &amp; Marcouiller 1 9/10/2015 Market for Goods and Services Central Place Dynamics 2 9/10/2015 Central Place Dynamics

613 views • 24 slides
Consumer Choice and Industrial Policy Catherine Waddams Centre for Competition Policy

Consumer Choice and Industrial Policy Catherine Waddams Centre for Competition Policy

Consumer Choice and Industrial Policy Catherine Waddams Centre for Competition Policy University of East Anglia with Monica Giulietti, Michael Waterson, Christopher Wilson ACCC 2005 regulatory conference, Queensland, July 2005 The (UK)

419 views • 29 slides
Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri

Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri

Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri Demchenko, Leon Gommans, Cees de Laat System and Network Engineering Group University of Amsterdam POLICY2007 Workshop 13-15 June 2007, Bologna Outline

532 views • 25 slides
1 ADP: The Acyclic- -Dependencies Dependencies ADP: The Acyclic CCP (contd) CCP (contd)

1 ADP: The Acyclic- -Dependencies Dependencies ADP: The Acyclic CCP (contd) CCP (contd)

REP: The Reuse Release Equivalence Release Equivalence REP: The Reuse Six Principles of Package Design Six Principles of Package Design Principle Principle 1. Reuse Reuse Release Equivalence Release Equivalence 1. Principle

278 views • 5 slides
Analysis of MAP in CRP Normal-Normal model ukasz Rajkowski Faculty of Mathematics, Informatics

Analysis of MAP in CRP Normal-Normal model ukasz Rajkowski Faculty of Mathematics, Informatics

Analysis of MAP in CRP Normal-Normal model ukasz Rajkowski Faculty of Mathematics, Informatics and Mechanics University of Warsaw l.rajkowski@mimuw.edu.pl November 28, 2016 ukasz Rajkowski Analysis of MAP in CRP Normal-Normal model

799 views • 52 slides

More recommend