a privacy specification language Return to Main Page

Eddy is a privacy requirements specification language that privacy analysts can use to express requirements over acts to collect, use, transfer and retain personal and technical information. The language uses a simple SQL-like syntax to express whether an action is permitted or prohibited, and to restrict those statements to particular data subjects and purposes. The Eddy specifications are compiled into Description Logic to automatically detect conflicting requirements and to trace data flows within and across specifications. Each specification can describe an organization's data practices, or the data practices of specific components in a software architecure.

For further technical details on Eddy, please see our relevant publications:

  1. Detecting Repurposing and Over-collection in Multi-party Privacy Requirements Specifications
    Travis D. Breaux, Daniel Smullen, Hanan Hibshi. To Appear: 23rd IEEE International Requirements Engineering Conference, Ottawa, Canada, 2015. (pdf)

  2. Eddy, A Formal Language for Specifying and Analyzing Data Flow Specifications for Conflicting Privacy Requirements
    Travis D. Breaux, Hanan Hibshi, Ashwini Rao. Requirements Engineering Journal, 19(3): 281-307, 2014. (doi). This an extended journal version of our conference paper (doi) that was nominated for best paper and presented at IEEE RE'13 (slides)

We provide interactive examples below to demonstrate the Eddy language, and the Java source code is available on GitHub (source) under GPLv2.

View and analyze an existing example
Example specification to illustrate conflict analysis
Example specification to illustrate flow analysis
Example specification to illustrate use limitation analysis