Context Specification Language for Formally Verifying Consent Properties on Models and Code

Myriam Clouet; Thibaud Antignac; Mathilde Arnaud; Julien Signoles

doi:10.1007/978-3-031-38828-6_5

Context Specification Language for Formally Verifying Consent Properties on Models and Code

Myriam Clouet, Thibaud Antignac, Mathilde Arnaud, Julien Signoles

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Recent privacy laws and regulations raise the stakes in verifying that software systems respect user consent. The current state of the art shows that privacy by design and formal methods can help. Still, ensuring the validity of privacy properties, in particular consent properties, at different stages of software development, is hard. This paper proposes a step towards solving this issue by introducing a new tool, named CASTT, that allows software engineers to verify consent properties at two different development stages: system modeling and code verification. To describe the system, this paper introduces a new formal context specification language, named CSpeL, to specify the key elements involved in consent and their relationships. The tool is evaluated on two use cases targeting different application domains: healthcare and website. We also evaluate the correctness and the efficiency of our tool.

Original language	English
Title of host publication	Tests and Proofs - 17th International Conference, TAP 2023, Proceedings
Editors	Virgile Prevosto, Cristina Seceleanu
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	68-93
Number of pages	26
ISBN (Print)	9783031388279
DOIs	https://doi.org/10.1007/978-3-031-38828-6_5
Publication status	Published - 1 Jan 2023
Externally published	Yes
Event	Proceedings of the 17th International Conference, TAP 2023 - Leicester, United Kingdom Duration: 18 Jul 2023 → 19 Jul 2023

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14066 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Proceedings of the 17th International Conference, TAP 2023
Country/Territory	United Kingdom
City	Leicester
Period	18/07/23 → 19/07/23

Keywords

Formal Verification
Privacy
Specification Language

Access to Document

10.1007/978-3-031-38828-6_5

Cite this

Clouet, M., Antignac, T., Arnaud, M., & Signoles, J. (2023). Context Specification Language for Formally Verifying Consent Properties on Models and Code. In V. Prevosto, & C. Seceleanu (Eds.), Tests and Proofs - 17th International Conference, TAP 2023, Proceedings (pp. 68-93). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14066 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-38828-6_5

Clouet, Myriam ; Antignac, Thibaud ; Arnaud, Mathilde et al. / Context Specification Language for Formally Verifying Consent Properties on Models and Code. Tests and Proofs - 17th International Conference, TAP 2023, Proceedings. editor / Virgile Prevosto ; Cristina Seceleanu. Springer Science and Business Media Deutschland GmbH, 2023. pp. 68-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d88e685ad02049588dd6aa7396e3c5d4,

title = "Context Specification Language for Formally Verifying Consent Properties on Models and Code",

abstract = "Recent privacy laws and regulations raise the stakes in verifying that software systems respect user consent. The current state of the art shows that privacy by design and formal methods can help. Still, ensuring the validity of privacy properties, in particular consent properties, at different stages of software development, is hard. This paper proposes a step towards solving this issue by introducing a new tool, named CASTT, that allows software engineers to verify consent properties at two different development stages: system modeling and code verification. To describe the system, this paper introduces a new formal context specification language, named CSpeL, to specify the key elements involved in consent and their relationships. The tool is evaluated on two use cases targeting different application domains: healthcare and website. We also evaluate the correctness and the efficiency of our tool.",

keywords = "Formal Verification, Privacy, Specification Language",

author = "Myriam Clouet and Thibaud Antignac and Mathilde Arnaud and Julien Signoles",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; Proceedings of the 17th International Conference, TAP 2023 ; Conference date: 18-07-2023 Through 19-07-2023",

year = "2023",

month = jan,

day = "1",

doi = "10.1007/978-3-031-38828-6\_5",

language = "English",

isbn = "9783031388279",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "68--93",

editor = "Virgile Prevosto and Cristina Seceleanu",

booktitle = "Tests and Proofs - 17th International Conference, TAP 2023, Proceedings",

}

Clouet, M, Antignac, T, Arnaud, M & Signoles, J 2023, Context Specification Language for Formally Verifying Consent Properties on Models and Code. in V Prevosto & C Seceleanu (eds), Tests and Proofs - 17th International Conference, TAP 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 14066 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 68-93, Proceedings of the 17th International Conference, TAP 2023, Leicester, United Kingdom, 18/07/23. https://doi.org/10.1007/978-3-031-38828-6_5

Context Specification Language for Formally Verifying Consent Properties on Models and Code. / Clouet, Myriam; Antignac, Thibaud; Arnaud, Mathilde et al.
Tests and Proofs - 17th International Conference, TAP 2023, Proceedings. ed. / Virgile Prevosto; Cristina Seceleanu. Springer Science and Business Media Deutschland GmbH, 2023. p. 68-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 14066 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Context Specification Language for Formally Verifying Consent Properties on Models and Code

AU - Clouet, Myriam

AU - Antignac, Thibaud

AU - Arnaud, Mathilde

AU - Signoles, Julien

PY - 2023/1/1

Y1 - 2023/1/1

N2 - Recent privacy laws and regulations raise the stakes in verifying that software systems respect user consent. The current state of the art shows that privacy by design and formal methods can help. Still, ensuring the validity of privacy properties, in particular consent properties, at different stages of software development, is hard. This paper proposes a step towards solving this issue by introducing a new tool, named CASTT, that allows software engineers to verify consent properties at two different development stages: system modeling and code verification. To describe the system, this paper introduces a new formal context specification language, named CSpeL, to specify the key elements involved in consent and their relationships. The tool is evaluated on two use cases targeting different application domains: healthcare and website. We also evaluate the correctness and the efficiency of our tool.

AB - Recent privacy laws and regulations raise the stakes in verifying that software systems respect user consent. The current state of the art shows that privacy by design and formal methods can help. Still, ensuring the validity of privacy properties, in particular consent properties, at different stages of software development, is hard. This paper proposes a step towards solving this issue by introducing a new tool, named CASTT, that allows software engineers to verify consent properties at two different development stages: system modeling and code verification. To describe the system, this paper introduces a new formal context specification language, named CSpeL, to specify the key elements involved in consent and their relationships. The tool is evaluated on two use cases targeting different application domains: healthcare and website. We also evaluate the correctness and the efficiency of our tool.

KW - Formal Verification

KW - Privacy

KW - Specification Language

U2 - 10.1007/978-3-031-38828-6_5

DO - 10.1007/978-3-031-38828-6_5

M3 - Conference contribution

AN - SCOPUS:85172416216

SN - 9783031388279

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 68

EP - 93

BT - Tests and Proofs - 17th International Conference, TAP 2023, Proceedings

A2 - Prevosto, Virgile

A2 - Seceleanu, Cristina

PB - Springer Science and Business Media Deutschland GmbH

T2 - Proceedings of the 17th International Conference, TAP 2023

Y2 - 18 July 2023 through 19 July 2023

ER -

Clouet M, Antignac T, Arnaud M, Signoles J. Context Specification Language for Formally Verifying Consent Properties on Models and Code. In Prevosto V, Seceleanu C, editors, Tests and Proofs - 17th International Conference, TAP 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. p. 68-93. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-38828-6_5