Natural Language Processing of Rules and Regulations for Compliance in the Cloud
We discuss ongoing work on developing tools and techniques for understanding natural-language descriptions of security and privacy rules, particularly in the context of cloud computing services. In particular, we present a three-part toolkit for analyzing and processing texts, and enforcing privacy and security rules extracted from those texts. We are interested in developing efficient, accurate technologies to reduce the time spent analyzing and reasoning about new privacy laws and security rules within the enterprise. We describe the tools we have developed for semantic annotation, and also for information extraction - these are specifically intended for analysis of cloud terms of service, and therefore designed to help with self-compliance; however, the techniques involved should be generalizable to other relevant texts, esp. rules and regulations for data protection.
KeywordsCloud Computing Cloud Service Natural Language Processing Service Level Agreement Cloud Service Provider
Unable to display preview. Download preview PDF.
- 1.Ong, V.: An Architecture and Prototype System for Automatically Processing Natural-Language Statements of Policy. Thesis, Naval Postgraduate School, Monterey, California (2001)Google Scholar
- 2.Manning, C.D., Schutze, H.: Foundations of Statistical Natural Language Processing. MIT Press (1999)Google Scholar
- 3.Breaux, T.D., Vail, M.W., Antón, A.I.: Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations. In: Proceedings of 14th IEEE International Requirements Engineering Conference, RE 2006 (2006)Google Scholar
- 4.Cunningham, H., Maynard, D., Bontcheva, K., Tablan, V., Aswani, N., Ro-berts, I., Gorrell, G., Funk, A., Roberts, A., Damljanovic, D., Heitz, T., Greenwood, M.A., Saggion, H., Petrak, J., Li, Y., Peters, W.: Text Processing with GATE (Version 6). Department of Computer Science, University of Sheffield (2011)Google Scholar
- 6.Papanikolaou, N., Creese, S., Goldsmith, M.: Refinement checking for privacy policies. Science of Computer Programming (2011) (article in press), doi:10.1016/j.scico, 07.009Google Scholar
- 7.Casassa Mont, M., Pearson, S., Creese, S., Goldsmith, M., Papanikolaou, N.: A Conceptual Model for Privacy Policies with Consent and Revocation Requirements. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity 2010. IFIP AICT, vol. 352, pp. 258–270. Springer, Heidelberg (2011)CrossRefGoogle Scholar
- 9.Bradshaw, S., Millard, C., Walden, I.: Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services. Queen Mary University of London, School of Law Legal Studies Research Paper No. 63/2010 (2010), http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1662374 (accessed May 14, 2012)
- 10.Breaux, T.D., Gordon, D.G.: Regulatory Requirements as Open Systems: Structures, Patterns and Metrics for the Design of Formal Requirements Specifications. Technical Report CMU-ISR-11-100, Institute for Software Research, Carnegie-Mellon University (2011), http://reports-archive.adm.cs.cmu.edu/anon/isr2011/CMU-ISR-11-100.pdf (accessed May 14, 2012)