Loading…
A model-integrated authoring environment for privacy policies
Privacy policies are rules designed to ensure that individuals’ health data are properly protected. Health Information Systems (HIS) are legally required to adhere to these policies. Since privacy policies are imposed on complex software systems, it is extremely hard to reason about their conformanc...
Saved in:
| Published in: | Science of computer programming 2014-09, Vol.89, p.105-125 |
|---|---|
| Main Authors: | , , , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Privacy policies are rules designed to ensure that individuals’ health data are properly protected. Health Information Systems (HIS) are legally required to adhere to these policies. Since privacy policies are imposed on complex software systems, it is extremely hard to reason about their conformance and consistency. In order to address this problem, we have created a model-driven authoring environment to formally specify privacy policies originally defined in legal terms. In our observation, appropriate formalization of our policy language enabled formal analysis of its policies; these features were key to a successful model-driven engineering process. In this paper we present our modeling language and show its semantic anchoring to analyzable logic programs. We report on several projects where our approach is being applied and validated.
•Model-Integrated Privacy Policy Authoring environment for lawyers and doctors.•Precise semantic anchoring to term algebras and logic programs.•A domain-specific language describing privacy policies with patterns.•An execution environment by the tool FORMULA to prove correctness by design.•A formally underpinned environment to reason about privacy policies. |
|---|---|
| ISSN: | 0167-6423 1872-7964 |
| DOI: | 10.1016/j.scico.2013.05.004 |