Skip to main content

Advertisement

Log in

RSL-IL4Privacy: a domain-specific language for the rigorous specification of privacy policies

  • Original Article
  • Published:
Requirements Engineering Aims and scope Submit manuscript

Abstract

Mobile and web applications that manage users’ personal information require developers to align their software design with privacy requirements commonly described in privacy policies. These policies are often the sole means to enforce accountability on that data protection. We propose the RSL-IL4Privacy, a domain-specific language for specifying privacy policies that can be simultaneously manipulated by computers and authored and analyzed by humans. In addition, RSL-IL4Privacy can be used as an intermediate language to support model-to-model transformations from and into other related languages. RSL-IL4Privacy provides policy authors with means to define a privacy policy as a set of declarative statements with explicit relationships to services, data recipients, private data types and enforcement mechanisms. The RSL-IL4Privacy is defined with different technologies for supporting distinct levels of formality, namely support for multiple modes of presenting privacy requirements, including tabular, graphical and textual representations, to increase integration with a wider variety of authoring and analyzing practices. We apply this language to support the analysis and comparison of policies from Facebook, LinkedIn, Twitter, Dropbox and IMDb. We discuss with further detail the application of this approach to the Twitter policy by presenting several examples with multiple representations. Finally, we discuss how RSL-IL4Privacy can improve the quality of privacy policies and also identifies threats to validity.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. Sparx System Enterprise Architect, http://www.sparxsystems.com.

  2. Xtext framework, https://eclipse.org/Xtext.

  3. https://poi.apache.org/.

  4. http://www.eclipse.org/xtend/.

  5. https://github.com/RSLingo/RSLingo4Privacy.

  6. https://twitter.com/privacy?lang=en.

  7. https://www.w3.org/OWL.

  8. http://www.daml.org/.

  9. https://gaius.isri.cmu.edu:8080/eddy.

  10. https://www.sts-tool.eu.

  11. https://github.com/RSLingo/RSLingo4Privacy.

  12. http://www.privacygrade.org/.

References

  1. Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (2016). https://www.eugdpr.org/. Accessed 14 Nov 2018

  2. United States Department of Health and Human Service (2006) HIPAA administrative simplification: enforcement. Fed Regist/Rules Regul 71(32):2006. https://www.federalregister.gov/documents/2009/10/30/E9-26203/hipaa-administrative-simplification-enforcement. Accessed 14 Nov 2018

  3. Government of Canadá (2018) Personal information protection and electronic documents act (PIPEDA). last updated in 2018. http://laws-lois.justice.gc.ca/eng/acts/P-8.6/FullText.html

  4. Pohl K (2010) Requirements engineering: fundamentals, principles and techniques. Springer, New York

    Book  Google Scholar 

  5. Kovitz B (1998) Practical software requirements: manual of content and style, Manning 1998

  6. Deng M, Wuyts K, Scandariato R, Preneel B, Joosen W (2011) A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir Eng 16(1):3–32

    Article  Google Scholar 

  7. The STRIDE Threat Model. msdn.microsoft.com/en-us/library/ee823878(v = cs.20).aspx

  8. Caramujo J, Silva AR (2015) Analyzing privacy policies based on a privacy-aware profile: the Facebook and LinkedIn case studies. In: IEEE 17th conference on business informatics (CBI), July 2015

  9. Silva AR, Caramujo J, Monfared S, Calado P, Breaux T (2016) Improving the specification and analysis of privacy policies: the RSLingo4Privacy approach. In: International conference on enterprise information systems, SCITEPRESS

  10. Bettini L (2013) Implementing domain-specific languages with Xtext and Xtend. Packt Publishing Ltd, Birmingham

    Google Scholar 

  11. Breaux TD, Hibshi H, Rao A (2014) Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements. Requir Eng 19(3):281–307

    Article  Google Scholar 

  12. Van Deursen A, Klint P, Visser J (2000) Domain-specific languages: an annotated bibliography. ACM SIGPLAN Notices 35(6):26–36

    Article  Google Scholar 

  13. da Silva AR (2015) Model-driven engineering: a survey supported by a unified conceptual model. Comput Lang Syst Struct 43:139–155

    Google Scholar 

  14. Meyer J-J (1993) Deontic logic: a concise overview, deontic logic in computer science: normative system specification. Wiley, Hoboken

    MATH  Google Scholar 

  15. Horkoff J, Aydemir FB, Cardoso E, Li T, Maté A, Paja E, Salnitri M, Piras L, Mylopoulos J, Giorgini P (2017) Goal-oriented requirements engineering: an extended systematic mapping study, requirements engineering. Springer, New York, pp 1–28

    Google Scholar 

  16. Ribeiro A, Silva AR (2017) RSLingo4Privacy studio: a tool to improve the specification and analysis of privacy policies. In: International conference on enterprise information systems, SCITEPRESS

  17. Baader F (2003) The description logic handbook: theory, implementantion and applications. Cambridge University Press, Cambridge

    Google Scholar 

  18. Han W, Lei C (2012) A survey on policy languages in network and security management. Comput Netw 56(1):477–489

    Article  Google Scholar 

  19. Anthonysamy P, Rashid A, Chitchyan R (2017) Privacy requirements: present and future. In: Proceedings of the 39th international conference on software engineering, IEEE Press

  20. Kapitsaki G, Venieris I (2008) PCP: privacy-aware context profile towards context-aware application development. In: 10th international conference on information integration and web-based applications & services. pp 104–110

  21. L. Kagal, T. Finin and A. Joshi, “A policy language for a pervasive computing environment”, 4th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 63—74, June 2003

  22. Karat J, Karat CM, Brodie C, Feng J (2005) Designing natural language and structured entry methods for privacy policy authoring. In: Human–Computer Interaction—INTERACT. Springer, pp 671-684

  23. W3C, The platform for privacy preferences (P3P) project: http://www.w3.org/P3P/. Accessed 14 Nov 2018

  24. eXtensible Access Control Markup Language (XACML) Version 3.0. 22 January 2013. OASIS Standard

  25. Enterprise Policy Authorization Language 1.2 (EPAL) Specification, W3C. https://www.w3.org/Submission/2003/SUBM-EPAL-20031110. Accessed 14 Nov 2018

  26. P3P Preference Exchange Language 1.0 (APPEL) Specification, W3C, http://www.w3.org/TR/P3P-preferences. Accessed 14 Nov 2018

  27. Cranor LF (2003) P3P: making privacy policies more useful. IEEE Secur Priv 6:50–55

    Article  Google Scholar 

  28. Backes M, Pfitzmann B, Schunter M (2003) A toolkit for managing enterprise privacy policies, In: European symposium on research in computer security. Springer

  29. Brodie CA, Karat C-M, Karat J (2006) An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench. In: Proceedings of the second symposium on Usable privacy and security. ACM

  30. W3C, P3P 1.0 Implementations. http://www.w3.org/P3P/implementations. Accessed 14 Nov 2018

  31. Uszok A, Bradshaw J, Jeffers R, Suri N, Hayes P, Breedy M, Bunch L, Johnson M, Kulkarni S, Lott J (2003) KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement. In: 4th IEEE international workshop on policies for distributed systems and networks, pp 93–96

  32. Paja E, Dalpiaz F, Giorgini P (2015) Modeling and reasoning about security requirements in socio-technical systems. Data Knowl Eng 98:123–143

    Article  Google Scholar 

  33. W3C (2011) Notation3 (N3): a readable RDF syntax. https://www.w3.org/TeamSubmission/n3/. Accessed 14 Nov 2018

  34. Shah AB (2005) An integrated development environment for policies. Master Thesis. University of Baltimore

  35. Dalpiaz F, Paja E, Giorgini P (2016) Security requirements engineering: designing secure socio-technical systems. MIT Press, Cambridge

    Google Scholar 

  36. Wishart R, Corapi D, Marinovic S, Sloman M (2010) Collaborative privacy policy authoring in a social networking context. In: Proceedings of the policy symposium. IEEE, pp 1–8

  37. Winkler S, Zeadally S (2016) Privacy policy analysis of popular web platforms. IEEETechnology and Society Magazine 35(2):75–85

    Article  Google Scholar 

  38. Gharib M, Giorgini P, Mylopoulos J (2017) Towards an ontology for privacy requirements via a systematic literature review. In: International conference on conceptual modeling. Springer

  39. Mouratidis H, Giorgini P (2007) Secure tropos: a security-oriented extension of the tropos methodology. Int J Software Eng Knowl Eng 17(02):285–309

    Article  Google Scholar 

  40. Moore B, Ellesson E, Strassner J, Westerinen A (2001) Policy core information 1.0 specification, RFC 3060. http://www.ietf.org/rfc/rfc3060. Accessed 14 Nov 2018

  41. Nadas A, Levendovszky T, Jackson EK, Madari I, Sztipanovits J (2014) A model-integrated authoring environment for privacy policies. Sci Comput Program. 89(Part B):105–125

    Article  Google Scholar 

  42. Breaux T, Anton A (2008) Analyzing regulatory rules for privacy and security requirements. IEEE Trans Softw Eng 34:5–20

    Article  Google Scholar 

  43. Young J (2011) Commitment analysis to operationalize software requirements from privacy policies”. Requir Eng 16:33–46

    Article  Google Scholar 

  44. Nissenbaum H (2004) Privacy as contextual integrity. Wash L Rev 79:119

    Google Scholar 

  45. Solove DJ (2006) A taxonomy of privacy. Univ Pa Law Rev 154:477

    Article  Google Scholar 

  46. Massey A, Otto P, Hayward L, Anton A (2010) Evaluating existing security and privacy requirements for legal compliance. In: Proceedings of the RE

  47. Anton AI, Bertino E, Li N, Yu T (2007) A roadmap for comprehensive online privacy policy management. Commun ACM 50:109–116

    Article  Google Scholar 

  48. Barth A, Datta A, Mitchell JC, Nissenbaum H (2006) Privacy and contextual integrity: framework and applications. In: Proceedings 2006 IEEE symposium on security and privacy

  49. Cleland-Huang J, Czauderna A, Gibiec M, Emenecker J (2010) A machine learning approach for tracing regulatory codes to product specific requirements. In: ICSE

  50. Gervasi V, Zowghi D (2005) Reasoning about inconsistencies in natural language requirements. ACM Trans Softw Eng Methodol 14:277–330

    Article  Google Scholar 

  51. Guha A, Fredrikson M, Livshits B, Swamy N (2011) Verified security for browser extensions. In: 2011 IEEE symposium on security and privacy

  52. Johnson ML, Egelman S, Bellovin SM (2012) Facebook and privacy: it’s complicated. In: SOUPS

  53. Gurses S, Rizk R, Gunther O (2008) Privacy design in online social networks: learning from privacy breaches and community feedback. In: ICIS 2008 proceedings. ACM

  54. Bonneau J, Preibusch S (2010) The privacy jungle: on the market for data protection in social networks. In: Economics of information security and privacy. Springer

  55. Acquisti A, Gross R (2006) Imagined communities: awareness, information sharing, and privacy on the facebook. In: Privacy enhancing technologies. Springer

  56. Drgon M, Magnuson G, Sabo J (eds) (2016) Privacy management reference model and methodology (PMRM) version 1.0. OASIS. http://docs.oasis-open.org/pmrm/PMRM/v1.0/cs02/PMRM-v1.0-cs02.html. Accessed 14 Nov 2018

  57. Diamantopoulou V, Pavlidis M, Mouratidis H (2017) Privacy level agreements for public administration information systems. In: CAiSE 2017 forum and doctoral consortium papers

  58. Kalloniatis C, Kavakli E, Gritzalis S (2008) Addressing privacy requirements in system design: the PriS method. Requir Eng 13(3):241–255

    Article  Google Scholar 

  59. Nurse JR, Atamli A, Martin A (2016) Towards a usable framework for modelling security and privacy risks in the smart home. In: International conference on human aspects of information security, privacy, and trust. Springer, pp 255–267

  60. Bhatia J, Breaux T, Schaub F (2016) Privacy goal mining through hybridized task re-composition. ACM Trans Soft Eng Method 25:22

    Google Scholar 

  61. Gonçalves L, Silva AR (2018) Towards a catalogue of reusable security requirements, vulnerabilities and threats. In: Designing digitalization (ISD2018 Proceedings). ISBN:978-91-7753-876-9. http://aisel.aisnet.org/isd2014/proceedings2018/HCI/5. Accessed 14 Nov 2018

Download references

Acknowledgements

This work was partially supported by national funds under FCT projects UID/CEC/50021/2013, EXCL/EEI-ESS/0257/2012, CMUP-EPB/TIC/0053/2013 and the project TT-MDD-Mindbury/2014.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to João Caramujo.

Appendix: Complete RSL-IL4Privacy metamodel

Appendix: Complete RSL-IL4Privacy metamodel

figure a

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Caramujo, J., Rodrigues da Silva, A., Monfared, S. et al. RSL-IL4Privacy: a domain-specific language for the rigorous specification of privacy policies. Requirements Eng 24, 1–26 (2019). https://doi.org/10.1007/s00766-018-0305-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00766-018-0305-2

Keywords

Navigation