Context Specification Language for Formally Verifying Consent Properties on Models and Code

Myriam Clouet; Thibaud Antignac; Mathilde Arnaud; Julien Signoles

doi:10.1007/978-3-031-38828-6_5

Context Specification Language for Formally Verifying Consent Properties on Models and Code

Myriam Clouet
, Thibaud Antignac
, Mathilde Arnaud
, Julien Signoles

Université Paris-Saclay
CNIL (Commission nationale de l’informatique et des libertés)

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

Résumé

Recent privacy laws and regulations raise the stakes in verifying that software systems respect user consent. The current state of the art shows that privacy by design and formal methods can help. Still, ensuring the validity of privacy properties, in particular consent properties, at different stages of software development, is hard. This paper proposes a step towards solving this issue by introducing a new tool, named CASTT, that allows software engineers to verify consent properties at two different development stages: system modeling and code verification. To describe the system, this paper introduces a new formal context specification language, named CSpeL, to specify the key elements involved in consent and their relationships. The tool is evaluated on two use cases targeting different application domains: healthcare and website. We also evaluate the correctness and the efficiency of our tool.

langue originale	Anglais
titre	Tests and Proofs - 17th International Conference, TAP 2023, Proceedings
rédacteurs en chef	Virgile Prevosto, Cristina Seceleanu
Editeur	Springer Science and Business Media Deutschland GmbH
Pages	68-93
Nombre de pages	26
ISBN (imprimé)	9783031388279
Les DOIs	https://doi.org/10.1007/978-3-031-38828-6_5
état	Publié - 1 janv. 2023
Modification externe	Oui
Evénement	Proceedings of the 17th International Conference, TAP 2023 - Leicester, Royaume-Uni Durée: 18 juil. 2023 → 19 juil. 2023

Série de publications

Nom	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	14066 LNCS
ISSN (imprimé)	0302-9743
ISSN (Electronique)	1611-3349

Une conférence

Une conférence	Proceedings of the 17th International Conference, TAP 2023
Pays/Territoire	Royaume-Uni
La ville	Leicester
période	18/07/23 → 19/07/23

Accès au document

10.1007/978-3-031-38828-6_5

Autres fichiers et liens

Lien vers la publication dans Scopus

Contient cette citation

Clouet, M., Antignac, T., Arnaud, M., & Signoles, J. (2023). Context Specification Language for Formally Verifying Consent Properties on Models and Code. Dans V. Prevosto, & C. Seceleanu (eds.), Tests and Proofs - 17th International Conference, TAP 2023, Proceedings (p. 68-93). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol 14066 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-38828-6_5

Clouet, Myriam ; Antignac, Thibaud ; Arnaud, Mathilde et al. / Context Specification Language for Formally Verifying Consent Properties on Models and Code. Tests and Proofs - 17th International Conference, TAP 2023, Proceedings. Editeur / Virgile Prevosto ; Cristina Seceleanu. Springer Science and Business Media Deutschland GmbH, 2023. p. 68-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d88e685ad02049588dd6aa7396e3c5d4,

title = "Context Specification Language for Formally Verifying Consent Properties on Models and Code",

abstract = "Recent privacy laws and regulations raise the stakes in verifying that software systems respect user consent. The current state of the art shows that privacy by design and formal methods can help. Still, ensuring the validity of privacy properties, in particular consent properties, at different stages of software development, is hard. This paper proposes a step towards solving this issue by introducing a new tool, named CASTT, that allows software engineers to verify consent properties at two different development stages: system modeling and code verification. To describe the system, this paper introduces a new formal context specification language, named CSpeL, to specify the key elements involved in consent and their relationships. The tool is evaluated on two use cases targeting different application domains: healthcare and website. We also evaluate the correctness and the efficiency of our tool.",

keywords = "Formal Verification, Privacy, Specification Language",

author = "Myriam Clouet and Thibaud Antignac and Mathilde Arnaud and Julien Signoles",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; Proceedings of the 17th International Conference, TAP 2023 ; Conference date: 18-07-2023 Through 19-07-2023",

year = "2023",

month = jan,

day = "1",

doi = "10.1007/978-3-031-38828-6\_5",

language = "English",

isbn = "9783031388279",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "68--93",

editor = "Virgile Prevosto and Cristina Seceleanu",

booktitle = "Tests and Proofs - 17th International Conference, TAP 2023, Proceedings",

}

Clouet, M, Antignac, T, Arnaud, M & Signoles, J 2023, Context Specification Language for Formally Verifying Consent Properties on Models and Code. Dans V Prevosto & C Seceleanu (eds), Tests and Proofs - 17th International Conference, TAP 2023, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), VOL. 14066 LNCS, Springer Science and Business Media Deutschland GmbH, p. 68-93, Proceedings of the 17th International Conference, TAP 2023, Leicester, Royaume-Uni, 18/07/23. https://doi.org/10.1007/978-3-031-38828-6_5

Context Specification Language for Formally Verifying Consent Properties on Models and Code. / Clouet, Myriam; Antignac, Thibaud; Arnaud, Mathilde et al.
Tests and Proofs - 17th International Conference, TAP 2023, Proceedings. Ed. / Virgile Prevosto; Cristina Seceleanu. Springer Science and Business Media Deutschland GmbH, 2023. p. 68-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol 14066 LNCS).

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

TY - GEN

T1 - Context Specification Language for Formally Verifying Consent Properties on Models and Code

AU - Clouet, Myriam

AU - Antignac, Thibaud

AU - Arnaud, Mathilde

AU - Signoles, Julien

PY - 2023/1/1

Y1 - 2023/1/1

N2 - Recent privacy laws and regulations raise the stakes in verifying that software systems respect user consent. The current state of the art shows that privacy by design and formal methods can help. Still, ensuring the validity of privacy properties, in particular consent properties, at different stages of software development, is hard. This paper proposes a step towards solving this issue by introducing a new tool, named CASTT, that allows software engineers to verify consent properties at two different development stages: system modeling and code verification. To describe the system, this paper introduces a new formal context specification language, named CSpeL, to specify the key elements involved in consent and their relationships. The tool is evaluated on two use cases targeting different application domains: healthcare and website. We also evaluate the correctness and the efficiency of our tool.

AB - Recent privacy laws and regulations raise the stakes in verifying that software systems respect user consent. The current state of the art shows that privacy by design and formal methods can help. Still, ensuring the validity of privacy properties, in particular consent properties, at different stages of software development, is hard. This paper proposes a step towards solving this issue by introducing a new tool, named CASTT, that allows software engineers to verify consent properties at two different development stages: system modeling and code verification. To describe the system, this paper introduces a new formal context specification language, named CSpeL, to specify the key elements involved in consent and their relationships. The tool is evaluated on two use cases targeting different application domains: healthcare and website. We also evaluate the correctness and the efficiency of our tool.

KW - Formal Verification

KW - Privacy

KW - Specification Language

UR - https://www.scopus.com/pages/publications/85172416216

U2 - 10.1007/978-3-031-38828-6_5

DO - 10.1007/978-3-031-38828-6_5

M3 - Conference contribution

AN - SCOPUS:85172416216

SN - 9783031388279

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 68

EP - 93

BT - Tests and Proofs - 17th International Conference, TAP 2023, Proceedings

A2 - Prevosto, Virgile

A2 - Seceleanu, Cristina

PB - Springer Science and Business Media Deutschland GmbH

T2 - Proceedings of the 17th International Conference, TAP 2023

Y2 - 18 July 2023 through 19 July 2023

ER -

Clouet M, Antignac T, Arnaud M, Signoles J. Context Specification Language for Formally Verifying Consent Properties on Models and Code. Dans Prevosto V, Seceleanu C, rédacteurs en chef, Tests and Proofs - 17th International Conference, TAP 2023, Proceedings. Springer Science and Business Media Deutschland GmbH. 2023. p. 68-93. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-38828-6_5