Abstract: With more and more personal data being collected and stored by service providers, there is an increasing need to ensure that their usage is compliant with privacy regulations. We consider the specific scenario where policies are defined in metric temporal logic and audited against the database usage logs. Previous works have shown that this can indeed be achieved in an efficient manner for a very expressive set of policies. One of the main ingredients of such an auditing process is clearly the availability of sufficient database logs. Currently, it is a manual process to first determine the logs needed, and then come up with the necessary auditing specifications to generate them. This is not only a time consuming process, but can be erroneous as well leading to either insufficient or redundant logging. Logging in general is costly as it is an overhead on the real-time database performance, and hence redundant logging is not an option either. Our main contribution in this work is to streamline the log generation process by deriving the auditing specifications directly from the given privacy policies. We also show how the required logging can be minimized based on the temporal constraints in the policies. Given privacy policies as input, the output of the proposed tool is the corresponding auditing specifications that can be installed directly in the databases; to produce logs that are both minimal and sufficient to audit the given policies. The tool has been implemented and tested in a real-life scenario.

Advertisements

Leave a reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: