Context Specification Language for Formal Verification of Consent Properties on Models and Code
Recent privacy laws and regulations raise the stakes in verifying that software systems respect user consent. The current state of the art shows that privacy by design and formal methods can help. Still, ensuring the validity of privacy properties, in particular consent properties, at different stages of software development, is hard. This paper proposes a step towards solving this issue by introducing a new tool, named CASTT, that allows engineers to verify consent properties at two different development stages: system modeling and code verification. To describe the system, this paper introduces a new formal model specification language named CSpeL, which allows to specify the key elements involved in consent and their relationships. We evaluate the correctness and the efficiency of our tool on two use cases targeting different application domains, healthcare and website.
| Context Specification Language for Formally Verifying Consent Properties on Models and Code (TAP-presentation-Myriam-Clouet.pdf) | 1.34MiB |
Tue 18 JulDisplayed time zone: London change
15:30 - 16:30 | TAP Session 3: Formal ModelsResearch Papers at Oak Chair(s): Catherine Dubois ENSIIE Paris-Evry Remote Participants: Zoom Link | ||
15:30 30mTalk | Certified Logic-Based Explainable AI -- The Case of Monotonic Classifiers Research Papers DOI File Attached | ||
16:00 30mTalk | Context Specification Language for Formal Verification of Consent Properties on Models and Code Research Papers P: Myriam Clouet Université Paris-Saclay, CEA, List, Thibaud Antignac CNIL (Commission nationale de l’informatique et des libertés), Mathilde Arnaud Université Paris-Saclay, CEA, List, Julien Signoles Université Paris-Saclay, CEA, List DOI File Attached | ||