Abstract
When consumers build value-added services on top of data resources they do not control, they need to manage their information supply chains to ensure that their data suppliers produce and supply required data as needed. Producers also need to manage their information supply chains to ensure that their data is disseminated and protected appropriately. In this paper, we present a framework for data sharing agreements (DSA) that supports a wide variety of data sharing policies. A DSA is modeled as a set of obligation constraints expressed over a dataflow graph whose nodes are principals with local stores and whose edges are (typed) channels along which data flows. We present a specification language for DSAs in which obligations are expressed as distributed temporal logic (DTL) predicates over data resources, dataflow events, and datastore events. We illustrate the use of our framework via a case study based on a real-world data sharing agreement and discuss issues related to the analysis and compliance of agreements.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Arasu, A., Widom, J.: A denotational semantics for continuous queries over streams and relations. SIGMOD Record 33(3), 6–12 (2004)
Babcock, B., Babu, S., Datar, M., Motwani, R., Widom, J.: Models and issues in data stream systems. In: Proceedings of the ACM SIGACT-SIGMOD Symposium on Principles of Database Systems, pp. 1–16 (2002)
Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Obligation monitoring in policy management. In: 3rd IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), June 2002, pp. 2–12 (2002)
Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and obligations in policy management and security applications. In: VLDB, pp. 502–513 (2002)
Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and obligations in policy rule management. J. Network Syst. Manage. 11(3) (2003)
Bierman, G.M., Meijer, E., Schulte, W.: The essence of data access in Cω. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 287–311. Springer, Heidelberg (2005)
Chomicki, J., Lobo, J., Naqvi, S.A.: Conflict resolution using logic programming. IEEE Trans. Knowl. Data Eng. 15(1), 244–249 (2003)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)
Ehrich, H.-D., Caleiro, C.: Specifying communication in distributed information systems. Acta Inf. 36(8), 591–616 (2000)
Firozabadi, B.S., Sergot, M.J., Squicciarini, A.C., Bertino, E.: A framework for contractual resource sharing in coalitions. In: Proceedings of the 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), pp. 117–126 (2004)
Gama, P., Ferreira, P.: Obligation policies: An enforcement platform. In: Proceedings of the 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), pp. 203–212 (2005)
Hilty, M., Basin, D., Pretschner, A.: On obligations. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 98–117. Springer, Heidelberg (2005)
Irwin, K., Yu, T., Winsborough, W.H.: On the modeling and analysis of obligations. In: Proceedings 13th ACM Conference on Computer and Communications Security (to appear, 2006)
Keller, A., Ludwig, H.: The WSLA framework: Specifying and monitoring service level agreements for web services. Journal of Network and Systems Management, Special Issue on E-Business Management 11(1) (March 2003)
Leavens, G.T., Wahls, T., Baker, A.L.: Formal semantics for SA style data flow diagram specification languages. In: Proceedings of the ACM Symposium on Applied Computing (SAC), pp. 526–532 (1999)
Levy, A.Y., Mendelzon, A.O., Sagiv, Y., Srivastava, D.: Answering queries using views. In: Proceedings of the Fourteenth ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems, pp. 95–104 (1995)
Meyer, J.-J.C., Wieringa, R., Dignum, F.: The role of deontic logic in the specification of information systems. In: Logics for Databases and Information Systems, pp. 71–115. Kluwer, Dordrecht (1998)
Park, J., Sandhu, R.: The UCONABC usage control model. ACM Transactions on Information and System Security 7(1), 128–174 (2004)
Seligman, L., Rosenthal, A., Caverlee, J.: Data service agreements: Toward a data supply chain. In: Workshop on Information Integration on the Web, at VLDB 2004 (2004)
Swarup, V., Seligman, L., Rosenthal, A.: Specifying data sharing agreements. In: Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2006), pp. 157–162. IEEE Computer Society, Los Alamitos (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Swarup, V., Seligman, L., Rosenthal, A. (2006). A Data Sharing Agreement Framework. In: Bagchi, A., Atluri, V. (eds) Information Systems Security. ICISS 2006. Lecture Notes in Computer Science, vol 4332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11961635_2
Download citation
DOI: https://doi.org/10.1007/11961635_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68962-1
Online ISBN: 978-3-540-68963-8
eBook Packages: Computer ScienceComputer Science (R0)