IIT Home Page CNR Home Page

Analysis of Data Sharing Agreements

An electronic Data Sharing Agreement (DSA) is the machine-processable transposition of a traditional paper contract regulating data sharing among different organizations. DSA conveys different information, like the purpose of data sharing, the parties stipulating the contract, the kind of data, and a set of rules stating which actions are authorized, prohibited, and obliged on such data. Possibly edited by different actors from various perspectives - such as the legal and the business ones - a DSA could quite naturally include conflictual data sharing rules: the same data access request could be permitted according to some rules and denied according to others. Starting from the DSA definition, this paper describes the design of a DSA analysis framework and the development of the associated analysis tool. The DSA-Analyser proposed here evaluates the DSA rules by simulating all the possible contextual conditions, which may occur at access request time and which are linked to the vocabulary associated to the rules themselves. The output of the tool conveniently guides the editor, pointing to those rules, which are potentially conflicting, and highlighting the reasons leading to those conflicts. We have experimented the DSA-Analyser performances in terms of execution time, by varying the number of rules in the DSA, as well as the terms in the DSA vocabulary. Our findings highlight the capability of the analyser to deal with hundreds of rules and dozens of contexts in a reasonable amount of time. These results pave the way to the employment of the analyser in a real-use context.

International Conference on Information Systems Security and Privacy (ICISSP 2017), Porto, 2017

IIT authors:

Type: Contributo in atti di convegno
Field of reference: Information Technology and Communication Systems

File: analyser.pdf

Activity: Legal aspects of Security and Privacy
Privacy and Security in e-Health