A Systematic Approach toward Extracting Technically Enforceable Policies from Data Usage Control Requirements

Arghavan Hosseinzadeh; Andreas Eitel; Christian Jung

doi:10.5220/0008936003970405

A Systematic Approach toward Extracting Technically Enforceable Policies from Data Usage Control Requirements

Arghavan Hosseinzadeh, Andreas Eitel, Christian Jung

2020

Abstract

Solutions for data sovereignty are in high demand as companies are willing to exchange their data in decentralized infrastructures. Data sovereignty is tightly coupled with data security and therefore, with data usage control policy specification. In this paper, we propose an approach to facilitate the processes of policy specification by data owners, policy transformation from a technology-independent to a technology-dependent language, and policy negotiation between the parties who exchange their data. We extracted an enterprise-relevant set of policy classes from the parties’ security requirements in order to implement an editor that supports users in creating their machine-readable policies. Then, we developed an algorithm that benefits from the policy classes and constructs technology-dependent security policy instances. In addition, we proposed a policy negotiation approach which is based on the parameters of the extracted policy classes.

Download

Paper Citation

in Harvard Style

Hosseinzadeh A., Eitel A. and Jung C. (2020). A Systematic Approach toward Extracting Technically Enforceable Policies from Data Usage Control Requirements. In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 397-405. DOI: 10.5220/0008936003970405

in Bibtex Style

@conference{icissp20,
author={Arghavan Hosseinzadeh and Andreas Eitel and Christian Jung},
title={A Systematic Approach toward Extracting Technically Enforceable Policies from Data Usage Control Requirements},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={397-405},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008936003970405},
isbn={978-989-758-399-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - A Systematic Approach toward Extracting Technically Enforceable Policies from Data Usage Control Requirements
SN - 978-989-758-399-5
AU - Hosseinzadeh A.
AU - Eitel A.
AU - Jung C.
PY - 2020
SP - 397
EP - 405
DO - 10.5220/0008936003970405