A dynamic logic for privacy compliance

Citation
G.aucher,g.boella,"l.van Der Torre, A dynamic logic for privacy compliance, Artificial intelligence and law , 19(2-3), 2011, pp. 187-231
ISSN journal
09248463
Volume
19
Issue
2-3
Year of publication
2011
Pages
187 - 231
Database
ACNP
SICI code
Abstract
Knowledge based privacy policies are more declarative than traditional action based ones, because they specify only what is permitted or forbidden to know, and leave the derivation of the permitted actions to a security monitor. This inference problem is already non trivial with a static privacy policy, and becomes challenging when privacy policies can change over time. We therefore introduce a dynamic modal logic that permits not only to reason about permitted and forbidden knowledge to derive the permitted actions, but also to represent explicitly the declarative privacy policies together with their dynamics. The logic can be used to check both regulatory and behavioral compliance, respectively by checking that the permissions and obligations set up by the security monitor of an organization are not in conflict with the privacy policies, and by checking that these obligations are indeed enforced.