IIT Home Page CNR Home Page

Towards a Declarative Approach to Stateful and Stateless Usage Control for Data Protection

Virtually any online website or service has a rising need for data protection mechanisms, especially for personal data, considering initiatives such as the new General Data Protection Regulation to operate on the EU economic space, or the Cybersecurity Law for the Chinese market. It seems therefore necessary to dispose of mechanisms that help both users, as well as legal experts and practitioners to automatically manage the processing of personal and sensitive data in a secure and compliant manner, to reduce the probability of human errors. To this aim, we show here our initial proposal for an automatically enforceable policy language, UPOL, for access and usage control of personal information, aiming at transparent and accountable data usage. UPOL extends and combines previous research results, U-XACML and PPL, and it is part of a more general proposal to regulate multi-party data sharing operations. A use case is proposed, considering challenges brought by the new EU’s GDPR.
14th International Conference on Web Information Systems and Technologies, Siviglia, Spagna, 2018

External authors: Francesco Di Cerbo (Security Research, SAP and France )
IIT authors:

Type: Contributo in atti di convegno
Field of reference: Computer Science & Engineering

File: WEBIST_2018_51.pdf

Activity: Big Data & Mobile Cloud
Sicurezza nel Cloud Computing