Skip to main content
SpringerLink
Log in

Log Analysis for Data Protection Accountability

  • Conference paper
FM 2014: Formal Methods (FM 2014)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 8442))

Included in the following conference series:

Abstract

Accountability is increasingly recognised as a cornerstone of data protection, notably in European regulation, but the term is frequently used in a vague sense. For accountability to bring tangible benefits, the expected properties of personal data handling logs (used as “accounts”) and the assumptions regarding the logging process must be defined with accuracy. In this paper, we provide a formal framework for accountability and show the correctness of the log analysis with respect to abstract traces used to specify privacy policies. We also show that compliance with respect to data protection policies can be checked based on logs free of personal data, and describe the integration of our formal framework in a global accountability process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Article 29 Data Protection Working Party: Opinion 3/2010 on the principle of accountability (2010)

    Google Scholar 

  2. Bella, G., Paulson, L.C.: Accountability Protocols: Formalized and Verified. ACM Trans. Inf. Syst. Secur. 9(2), 138–161 (2006)

    Article  Google Scholar 

  3. Bellare, M., Yee, B.S.: Forward Integrity for Secure Audit Logs. Tech. rep., University of California at San Diego (1997)

    Google Scholar 

  4. Butin, D., Chicote, M., Le Métayer, D.: Log Design for Accountability. In: 2013 IEEE Security & Privacy Workshop on Data Usage Management, pp. 1–7. IEEE Computer Society (2013)

    Google Scholar 

  5. Butin, D., Chicote, M., Le Métayer, D.: Strong Accountability: Beyond Vague Promises. In: Gutwirth, S., Leenes, R., De Hert, P. (eds.) Reloading Data Protection, pp. 343–369. Springer (2014)

    Google Scholar 

  6. Butin, D., Le Métayer, D.: Log Analysis for Data Protection Accountability (Extended Version). Tech. rep., Inria (2013)

    Google Scholar 

  7. Cederquist, J., Corin, R., Dekker, M., Etalle, S., den Hartog, J., Lenzini, G.: Audit-based compliance control. Int. J. Inf. Secur. 6(2), 133–151 (2007)

    Article  Google Scholar 

  8. Center for Information Policy Leadership: Data Protection Accountability: The Essential Elements (2009)

    Google Scholar 

  9. Bennett, C.J.: Implementing Privacy Codes of Practice. Canadian Standards Association (1995)

    Google Scholar 

  10. De Hert, P.: Accountability and System Responsibility: New Concepts in Data Protection Law and Human Rights Law. In: Managing Privacy through Accountability (2012)

    Google Scholar 

  11. Etalle, S., Winsborough, W.H.: A Posteriori Compliance Control. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, SACMAT, pp. 11–20. ACM (2007)

    Google Scholar 

  12. European Commission: Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such Data (2012)

    Google Scholar 

  13. Guagnin, D., Hempel, L., Ilten, C.: Managing Privacy Through Accountability. Palgrave Macmillan (2012)

    Google Scholar 

  14. Haeberlen, A.: A Case for the Accountable Cloud. Operating Systems Review 44(2), 52–57 (2010)

    Article  Google Scholar 

  15. Jagadeesan, R., Jeffrey, A., Pitcher, C., Riely, J.: Towards a Theory of Accountability and Audit. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 152–167. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  16. Joint NEMA/COCIR/JIRA Security and Privacy Committee (SPC): Break-Glass: An Approach to Granting Emergency Access to Healthcare Systems (2004)

    Google Scholar 

  17. Le Métayer, D., Mazza, E., Potet, M.L.: Designing Log Architectures for Legal Evidence. In: Proceedings of the 8th International Conference on Software Engineering and Formal Methods, SEFM 2010, pp. 156–165. IEEE Computer Society (2010)

    Google Scholar 

  18. Organisation for Economic Co-operation and Development: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980)

    Google Scholar 

  19. Schneider, F.B.: Accountability for Perfection. IEEE Security & Privacy 7(2), 3–4 (2009)

    Article  Google Scholar 

  20. Schneier, B., Kelsey, J.: Secure Audit Logs to Support Computer Forensics. ACM Trans. Inf. Syst. Secur. 2(2), 159–176 (1999)

    Article  Google Scholar 

  21. Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an Encrypted and Searchable Audit Log. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2004 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Inria, Université de Lyon, France

    Denis Butin & Daniel Le Métayer

Authors
  1. Denis Butin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Le Métayer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computing Science, Newcastle University, NE1 7RU, Newcastle, UK

    Cliff Jones

  2. Data Abstraction (Pty) Ltd., 7 Saint David’s Park, Saint David’s Place, Parktown, Johannesburg, South Africa

    Pekka Pihlajasaari

  3. Information System Technology and Design, Singapore University of Technology and Design, 20 Dover Road, 138682, Singapore

    Jun Sun

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Butin, D., Le Métayer, D. (2014). Log Analysis for Data Protection Accountability. In: Jones, C., Pihlajasaari, P., Sun, J. (eds) FM 2014: Formal Methods. FM 2014. Lecture Notes in Computer Science, vol 8442. Springer, Cham. https://doi.org/10.1007/978-3-319-06410-9_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-06410-9_12

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-06409-3

  • Online ISBN: 978-3-319-06410-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation