{"id":"https://openalex.org/W3115619699","doi":"https://doi.org/10.1109/isncc49221.2020.9297309","title":"Automating GDPR Compliance Verification for Cloud-hosted Services","display_name":"Automating GDPR Compliance Verification for Cloud-hosted Services","publication_year":2020,"publication_date":"2020-10-20","ids":{"openalex":"https://openalex.org/W3115619699","doi":"https://doi.org/10.1109/isncc49221.2020.9297309","mag":"3115619699"},"language":"en","primary_location":{"id":"doi:10.1109/isncc49221.2020.9297309","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isncc49221.2020.9297309","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 International Symposium on Networks, Computers and Communications (ISNCC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005882626","display_name":"Masoud Barati","orcid":"https://orcid.org/0000-0001-7829-2240"},"institutions":[{"id":"https://openalex.org/I79510175","display_name":"Cardiff University","ror":"https://ror.org/03kk7td41","country_code":"GB","type":"education","lineage":["https://openalex.org/I79510175"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Masoud Barati","raw_affiliation_strings":["Cardiff University,School of Computer Science &#x0026; Informatics,Cardiff,UK"],"affiliations":[{"raw_affiliation_string":"Cardiff University,School of Computer Science &#x0026; Informatics,Cardiff,UK","institution_ids":["https://openalex.org/I79510175"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042246090","display_name":"George Theodorakopoulos","orcid":"https://orcid.org/0000-0003-2701-7809"},"institutions":[{"id":"https://openalex.org/I79510175","display_name":"Cardiff University","ror":"https://ror.org/03kk7td41","country_code":"GB","type":"education","lineage":["https://openalex.org/I79510175"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"George Theodorakopoulos","raw_affiliation_strings":["Cardiff University,School of Computer Science &#x0026; Informatics,Cardiff,UK"],"affiliations":[{"raw_affiliation_string":"Cardiff University,School of Computer Science &#x0026; Informatics,Cardiff,UK","institution_ids":["https://openalex.org/I79510175"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5021973291","display_name":"Omer Rana","orcid":"https://orcid.org/0000-0003-3597-2646"},"institutions":[{"id":"https://openalex.org/I79510175","display_name":"Cardiff University","ror":"https://ror.org/03kk7td41","country_code":"GB","type":"education","lineage":["https://openalex.org/I79510175"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Omer Rana","raw_affiliation_strings":["Cardiff University,School of Computer Science &#x0026; Informatics,Cardiff,UK"],"affiliations":[{"raw_affiliation_string":"Cardiff University,School of Computer Science &#x0026; Informatics,Cardiff,UK","institution_ids":["https://openalex.org/I79510175"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5005882626"],"corresponding_institution_ids":["https://openalex.org/I79510175"],"apc_list":null,"apc_paid":null,"fwci":0.7268,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.83237076,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9952999949455261,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9952999949455261,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T13364","display_name":"Digitalization, Law, and Regulation","score":0.9926000237464905,"subfield":{"id":"https://openalex.org/subfields/3308","display_name":"Law"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9897000193595886,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.7735602855682373},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7155047655105591},{"id":"https://openalex.org/keywords/abstraction","display_name":"Abstraction","score":0.5728704929351807},{"id":"https://openalex.org/keywords/business-process","display_name":"Business process","score":0.5479337573051453},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.49584922194480896},{"id":"https://openalex.org/keywords/database-transaction","display_name":"Database transaction","score":0.46158555150032043},{"id":"https://openalex.org/keywords/general-data-protection-regulation","display_name":"General Data Protection Regulation","score":0.4443620443344116},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.44352957606315613},{"id":"https://openalex.org/keywords/model-checking","display_name":"Model checking","score":0.4322967231273651},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.3907548189163208},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.3456958532333374},{"id":"https://openalex.org/keywords/data-protection-act-1998","display_name":"Data Protection Act 1998","score":0.3176153898239136},{"id":"https://openalex.org/keywords/work-in-process","display_name":"Work in process","score":0.17306208610534668},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.14491957426071167},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.09479287266731262}],"concepts":[{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.7735602855682373},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7155047655105591},{"id":"https://openalex.org/C124304363","wikidata":"https://www.wikidata.org/wiki/Q673661","display_name":"Abstraction","level":2,"score":0.5728704929351807},{"id":"https://openalex.org/C85345410","wikidata":"https://www.wikidata.org/wiki/Q851587","display_name":"Business process","level":3,"score":0.5479337573051453},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.49584922194480896},{"id":"https://openalex.org/C75949130","wikidata":"https://www.wikidata.org/wiki/Q848010","display_name":"Database transaction","level":2,"score":0.46158555150032043},{"id":"https://openalex.org/C3090818","wikidata":"https://www.wikidata.org/wiki/Q1172506","display_name":"General Data Protection Regulation","level":3,"score":0.4443620443344116},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.44352957606315613},{"id":"https://openalex.org/C110251889","wikidata":"https://www.wikidata.org/wiki/Q1569697","display_name":"Model checking","level":2,"score":0.4322967231273651},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.3907548189163208},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.3456958532333374},{"id":"https://openalex.org/C69360830","wikidata":"https://www.wikidata.org/wiki/Q1172237","display_name":"Data Protection Act 1998","level":2,"score":0.3176153898239136},{"id":"https://openalex.org/C174998907","wikidata":"https://www.wikidata.org/wiki/Q357662","display_name":"Work in process","level":2,"score":0.17306208610534668},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.14491957426071167},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.09479287266731262},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/isncc49221.2020.9297309","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isncc49221.2020.9297309","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 International Symposium on Networks, Computers and Communications (ISNCC)","raw_type":"proceedings-article"},{"id":"pmh:oai:https://orca.cardiff.ac.uk:137148","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4306401195","display_name":"ORCA Online Research @Cardiff (Cardiff University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79510175","host_organization_name":"Cardiff University","host_organization_lineage":["https://openalex.org/I79510175"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"},{"id":"pmh:oai:napier-surface.worktribe.com:2767122","is_oa":false,"landing_page_url":"http://researchrepository.napier.ac.uk/Output/2767122","pdf_url":null,"source":{"id":"https://openalex.org/S4306400544","display_name":"Research Output (Edinburgh Napier University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I251738","host_organization_name":"Edinburgh Napier University","host_organization_lineage":["https://openalex.org/I251738"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference Proceeding"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5799999833106995,"id":"https://metadata.un.org/sdg/8","display_name":"Decent work and economic growth"}],"awards":[{"id":"https://openalex.org/G6864186609","display_name":null,"funder_award_id":"EP/R033439/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"}],"funders":[{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W77536652","https://openalex.org/W148563599","https://openalex.org/W1518240578","https://openalex.org/W1962072139","https://openalex.org/W2101508170","https://openalex.org/W2121944695","https://openalex.org/W2131693903","https://openalex.org/W2913357391","https://openalex.org/W2940932661","https://openalex.org/W2989842267","https://openalex.org/W3003609934","https://openalex.org/W4233755518","https://openalex.org/W4242936134","https://openalex.org/W6603128705"],"related_works":["https://openalex.org/W278680301","https://openalex.org/W2917102635","https://openalex.org/W3023256691","https://openalex.org/W2789497412","https://openalex.org/W2883729192","https://openalex.org/W2910484607","https://openalex.org/W2794700933","https://openalex.org/W2901967497","https://openalex.org/W3048759155","https://openalex.org/W3000605968"],"abstract_inverted_index":{"Cloud-hosted":[0],"business":[1,89,127],"processes":[2,90],"require":[3],"access":[4],"to":[5,8,12,35,122],"customer":[6],"data":[7,32,44,86],"complete":[9],"a":[10,14,70,115,137],"transaction,":[11],"improve":[13],"customer's":[15],"on-line":[16,51],"experience":[17],"or":[18,47],"provide":[19],"useful":[20],"product":[21],"recommendations.":[22],"However,":[23],"privacy":[24],"concerns":[25],"associated":[26],"with":[27,53,91,130],"the":[28,61,107,112,134],"use":[29],"of":[30,126],"this":[31],"have":[33],"led":[34],"legal":[36],"regulations":[37],"that":[38],"impose":[39],"restrictions":[40],"on":[41],"how":[42],"such":[43],"is":[45],"requested":[46],"processed":[48],"by":[49],"an":[50,92],"service,":[52],"large":[54],"penalties":[55],"for":[56,72],"violating":[57],"these":[58],"restrictions,":[59],"e.g.":[60],"European":[62],"General":[63],"Data":[64],"Protection":[65],"Regulation":[66],"(GDPR).":[67],"We":[68,132],"propose":[69],"framework":[71,81],"helping":[73],"cloud-hosted":[74],"services":[75],"automate":[76],"GDPR":[77,99],"compliance":[78,125],"checking.":[79],"The":[80],"comprises":[82],"three":[83],"steps:":[84],"represent":[85],"flow":[87],"in":[88,114,120],"appropriate":[93],"abstraction":[94,113],"(timed":[95],"transition":[96],"systems),":[97],"formalise":[98],"rules":[100],"and":[101,103,110],"obligations":[102],"incorporate":[104],"them":[105],"into":[106],"same":[108],"abstraction,":[109],"implement":[111],"model":[116],"checking":[117],"tool":[118],"(Uppaal)":[119],"order":[121,140],"automatically":[123],"verify":[124],"process":[128],"activities":[129],"GDPR.":[131],"demonstrate":[133],"approach":[135],"using":[136],"cloud-based":[138],"purchase":[139],"system.":[141]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":4},{"year":2021,"cited_by_count":2}],"updated_date":"2026-03-22T08:09:32.410652","created_date":"2025-10-10T00:00:00"}