Model-Checking the Implementation of Consent

Raúl Pardo, Daniel Le Métayer

Publikation: Konference artikel i Proceeding eller bog/rapport kapitelKonferencebidrag i proceedingsForskningpeer review

Abstract

Privacy policies define the terms under which personal data may be collected and processed by data controllers. The General Data Protection Regulation (GDPR) imposes requirements on these policies that are often difficult to implement. Difficulties arise in particular due to the heterogeneity of existing systems (e.g., the Internet of Things (IoT), web technology, etc.). In this paper, we propose a method to refine high level GDPR privacy requirements for informed consent into low-level computational models. The method is aimed at software developers implementing systems that require consent management. We mechanize our models in TLA+ and use model-checking to prove that the low-level computational models implement the high-level privacy requirements; TLA+ has been used by software engineers in companies such as Microsoft or Amazon. We demonstrate our method in two real world scenarios: an implementation of cookie banners and a IoT system communicating via Bluetooth low energy.
OriginalsprogEngelsk
TitelModel-Checking the Implementation of Consent
Vol/bind15280
ForlagSpringer, Cham
Publikationsdato2024
Sider253-271
DOI
StatusUdgivet - 2024
Begivenhed22nd International Conference on Software Engineering and Formal Methods - Aveiro, Portugal
Varighed: 4 nov. 20248 nov. 2024
https://sefm-conference.github.io/2024/

Konference

Konference22nd International Conference on Software Engineering and Formal Methods
Land/OmrådePortugal
ByAveiro
Periode04/11/202408/11/2024
Internetadresse

Fingeraftryk

Dyk ned i forskningsemnerne om 'Model-Checking the Implementation of Consent'. Sammen danner de et unikt fingeraftryk.

Citationsformater