Formal methods as a link between software code and legal rules
SEFM'11 Proceedings of the 9th international conference on Software engineering and formal methods
TreeDroid: a tree automaton based approach to enforcing data processing policies
Proceedings of the 2012 ACM conference on Computer and communications security
| Hi-index | 0.00 |
Organizations have to comply with a growing number of rules (legal, regulatory, contractual, etc.) and it becomes more and more challenging for them to ensure that they really meet all their obligations. IT systems, even if they cannot provide the full answer to this complex issue, can help organizations in the management and monitoring of their obligations. In this paper, we derive a set of requirements from representative examples of obligations and propose a language providing essential features such as ``contrary to duty'' obligations, obligations with deadlines and contextual obligations. We define its semantics, suggest its implementation as an audit mechanism, and show its application to the definition of privacy policy rules.