SlideShare ist ein Scribd-Unternehmen logo

Wp4 ws cea2020

Privacy Data Protection for Engineering
Privacy Data Protection for Engineering

WP4 Tool Description - PDP4E-Req, managing privacy and GDPR-related requirements.

Ingenieurwesen
1 von 18
Downloaden Sie, um offline zu lesen
Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering PDP4E-Req Managing privacy and GDPR-related requirements CEA, University of Duisburg-Essen 10.03.2020
Innovation Scenario 10/03/2020 • Privacy engineering posits that privacy must be considered as a primary development aspect: • Privacy must be addressed from the early stages of a systems’ life cycle (by-design) • Requirements related to privacy and data protection must be properly elicited and documented! • This urges the development of systematic methods and tools to support software engineers in the identification and documentation of privacy requirements! • Legal frameworks such as the GDPR introduce new requirement engineering challenges: • Legal provisions are expressed in a jargon alien to most software developers • As opposite to system requirements, provisions are described in a high-level • Multiple interpretations leading to ambiguous/contradictory software requirements • Mapping legal provisions to system requirements is not always straight-forward PDP4E 2
Scope and Objectives 10/03/2020 • Develop requirements engineering methods and tools that: • Support the elicitation of privacy and data protection requirements • Systematically • Structured • Computer aided • Aligned with the GDPR legal provisions • Aligned with privacy and data protection standards (ISO 29100) • Driven by privacy goals such as • Integrity • Confidentiality • Transparency… PDP4E 3
Method Background 10/03/2020 • Privacy scholars have introduced different requirement engineering methods and techniques • ProPAn (Problem-based Privacy Analysis) is a computer-aided method for privacy requirements engineering. • Analyses systematically the functional requirements of a system-to-be with regard to a set of privacy engineering protection goals. • Goals are represented through a taxonomy of high-level privacy requirements. • The taxonomy is derived from the legal framework relevant for the data controller and the data subject (e.g. the GDPR). • The taxonomy guides the identification of critical points in the data flow of the system that may rise privacy concerns from the stakeholders. • The input of the method is a representation of the system-to-be as a Problem Diagram. PDP4E 4
The ProPAn Method 10/03/2020 • The ProPAn method can be divided on two phases: 1. PHASE 1: Identification of Privacy-Relevant Information Flows 2. PHASE 2: Generation of privacy requirements • In Phase 1, ProPAn elaborates on a set of software artefacts: • Context Diagram (1..1) • Problem Diagrams (1..N) • Domain Knowledge diagram (1..N) • Stakeholder Information Flow diagram (1..N) • Personal Information Diagram (1..N) • Available Information Diagram (1..N) Context Elicitation Graph Generation Identification of Personal Data Personal Data Flow Analysis Functional Requirements Context Diagram, Domain Knowledge, Problem Diagrams Detailed Stakeholder Information Flow Graphs Personal Information Diagrams Available Information Diagrams Method Step External Input Internal Input/Output Phase 1: Identification of Privacy-Relevant Information Flows PDP4E 5
The ProPAn Method: Phase 1 10/03/2020 • ProPAn and its artefacts are based on the problem frame notation by Jackson: • Context Diagram (1..1) • Problem Diagrams (1..N) • Domain Knowledge (1..N) • The “world” is modelled in terms of: • Domains • Interfaces • Phenomena (events) exchanged between domains • Causal: Events, actions, messages, and operations. • Symbolic: Data and states. • In this sense, a problem diagram is an event-oriented artefact which is used to specify requirements. Context Elicitation Graph Generation Identification of Personal Data Personal Data Flow Analysis Functional Requirements Context Diagram, Domain Knowledge, Problem Diagrams Detailed Stakeholder Information Flow Graphs Personal Information Diagrams Available Information Diagrams Method Step External Input Internal Input/Output PDP4E 6
The ProPAn Method: Phase 1 10/03/2020 • In order to perform a privacy analysis over a set of functional requirements we need requirements expressed in a data-oriented fashion. • To represent the exchange of personal data, ProPAn introduces a set of refinements and alternative data structures to the original problem diagrams: • Detailed Stakeholder Data Flow Diagrams (DSIFDs) • Available Information Diagrams (AIDs) • Personal Information Diagrams (PIDs) • These new diagrams incorporate additional information which is necessary to conduct a privacy analysis and, therefore privacy requirements derivation. PDP4E 7
ProPAn Requirement Taxonomies 10/03/2020 • ProPAn analyses the GDPR and ISO 29100 using the Privacy Engineering Protection Goals (PEPGs) unlikability, transparency, intervenability, confidentiality, integrity and availability • A set of extensible taxonomies is generated representing a collection of meta-requirements which are necessary for achieving these PEPGs. • Generation of <transparency> meta-requirements: • <transparency> related verbs and nouns such as inform, notify, present, provide, explain and communicate are searched in the GDPR and ISO 29100 to identify <transparency> requirements. • Refinement relations between the identified <transparency> requirements are identified. • If a requirement B refines a requirement A, it means that B adds further details on how or what information has to be made <transparent>. PDP4E 8
ProPAn Transparency Taxonomy 10/03/2020 78 Chapter 5. Refining the Privacy Goal Transparency 5.2.2. Setting up a Transparency Requirements Taxonomy In this section, I structure the identified preliminary transparency requirements into a trans- parency requirements taxonomy. Figure 5.2 shows my taxonomy in the form of a metamodel as a UML class diagram. I structured the transparency requirements into a hierarchy, which is derived from the initial ontology shown in Figure 5.1. I describe my taxonomy in the following from the top to the bottom. An overview of the mapping between the transparency requirements taxonomy to the initial transparency requirements is given in Table 5.1. Figure 5.2.: My proposed taxonomy of transparency requirements. Table 5.1.: Mapping of transparency requirements to preliminary requirements Requirement Attribute Tn TransparencyRequirement data subject, personal data T1 controller T5 counterstakeholder T4, T14 linkability T16 Figure 5.2.: My proposed taxonomy of transparency requirements. Table 5.1.: Mapping of transparency requirements to preliminary requirements Requirement Attribute Tn TransparencyRequirement data subject, personal data T1 controller T5 counterstakeholder T4, T14 linkability T16 sensitiveData T19 PresentationRequirement accessibility T2 language T18 time T16, T29, T30 ExceptionalInformationRequirement case T17, T21, T24, T30 authorities T21 ProcessingInformationRequirement controlOptions T6, T7, T8, T26 mandatory T10, T20 purpose, reason T3, T17, T23 security T22 CollectionInformationRequirement method T11, T28 StorageInformationRequirement retention T13, T15, T25 FlowInformationRequirement contract, country T9, T12, T27 5.2.2.1. Transparency Requirement The top-level element of my hierarchy is the general TransparencyRequirement which corresponds to the initial requirement T1. In my metamodel I declared this requirement as abstract, i.e., it is PDP4E 9
10/03/2020 Requirement Information Deduction Functional Requirement Artefacts Privacy Goal Privacy Requirement Taxonomy Unlinkability Transparency Intervenability Confidentiality Integrity Generation of Privacy Requirement Candidates Semantic Template Adjust Privacy Requirements Validate Privacy Requirements Requirement Information Privacy Requirement Candidates Adjusted Privacy Requirements Validated Privacy Requirements Method Step External Input Internal Input/output Phase 2: Generation of Privacy Requirements The ProPAn Method: Phase 2 PDP4E 10
Generation of Privacy Req. Candidates Information 2016, 7, 28 12 Figure 10. Used Taxonomy of Unlinkability Requirements. UndetectabilityRequirement Pfitzmann and Hansen define undetectability as: “Undetectabilit an item of interest (IOI) from an attacker’s perspective means that the attacker cannot sufficien distinguish whether it exists or not.” AnonymityRequirement Pfitzmann and Hansen define anonymity as: “Anonymity of a sub from an attacker’s perspective means that the attacker cannot sufficiently identify the subject with set of subjects, the anonymity set.” DataUnlinkabilityRequirement Pfitzmann and Hansen define unlinkability as: “Unlinkabi of two or more items of interest (IOIs, e.g., subjects, messages, actions, ...) from an attack perspective means that within the system (comprising these and possibly other items), the attac cannot sufficiently distinguish whether these IOIs are related or not.” Our data unlinkabi requirements express the intended relations between messages, actions, and the like which a sub performs and do not concern the relations of these to the subject itself, as these are represented anonymity requirements. 10/03/2020 Information 2016, 7, 28 10 of 32 Figure 9. View on the available information diagram for the insurance application showing which links between the personal data of the patient are available at the insurance application. Application to Running Example Figure 8 shows all personal information that was identified for the patient. During the personal data flow analysis new personal information was identified based on the personal data that were identified during the step Identification of Personal Data (cf. Figure 6). All newly identified personal data can be derived from or is contained in the initially identified personal data and additionally, we identified contains and derivedFrom relations among the initially identified personal data. For example, we identified that the healthInformation of patients can be derived from the patient’s healthStatus. Furthermore, it was identified that the diagnosis, which doctors create for patients, and the chosen treatment are derived from the patient’s healthStatus by doctors. In addition, from the diagnosis and treatment, the costs for the performed treatment (treatmentCosts) can be derived. Figure 7 shows which personal information of patients are available at the insurance application. For example, from requirement R3 (attribute origin) it was identified that for accounting, the patient’s diagnosis, treatment, treatment costs, and insurance number are sent to the insurance application. Insurance Employee Available Information Diagram Figure 7. View on the available information diagram for the insurance application showing the which personal data of patients are available at the insurance application. During the information flow analysis, we elicit two additional relations between the identified personal data. The relation contains documents that one personal information contains another personal information. We document this using an aggregation with stereotype «contains». The relation derivedFrom documents that a personal information can be derived from one or several other pieces of personal information. We document this using a dependency with stereotype «derivedFrom». The contains and derivedFrom relations are–in contrast to the linkable relation–globally valid elations, i.e., the relations are not only available at specific domains, they are valid at all domains. Figures 8 and 9 present views on a personal information diagram and an available information diagram. These diagrams show how the contains, derivedFrom, and linkable relations are modeled. Figure 8. View on the final personal information diagram for the patient showing the personal information of the patient and the relations between this personal information. Patient Personal Information Diagram Unlikability Requirements Taxonomy Figure 10. Used Taxonomy of Unlinkability Requirements. UndetectabilityRequirement Pfitzmann and Hansen define undetectability as: “Undetectability of an item of interest (IOI) from an attacker’s perspective means that the attacker cannot sufficiently distinguish whether it exists or not.” AnonymityRequirement Pfitzmann and Hansen define anonymity as: “Anonymity of a subject from an attacker’s perspective means that the attacker cannot sufficiently identify the subject within a set of subjects, the anonymity set.” DataUnlinkabilityRequirement Pfitzmann and Hansen define unlinkability as: “Unlinkability of two or more items of interest (IOIs, e.g., subjects, messages, actions, ...) from an attacker’s perspective means that within the system (comprising these and possibly other items), the attacker cannot sufficiently distinguish whether these IOIs are related or not.” Our data unlinkability requirements express the intended relations between messages, actions, and the like which a subject performs and do not concern the relations of these to the subject itself, as these are represented by anonymity requirements. 6.1.1. Undetectability Based on the above given definition of Pfitzmann and Hansen, an undetectability requirement of our taxonomy (cf. Figure 10) has the following meaning: The <counterstakeholder>s shall not be able to sufficiently distinguish whether the personal information <phenomena> of the <stakeholder> exists or not. If a personal information of a stakeholder is not available at a counterstakeholder and also not part of any personal information available at the counterstakeholder, then we assume that this personal information is undetectable for the counterstakeholder. Note that an undetectability requirement may be too strong for this case, because the counterstakeholder may be allowed to know that a specific personal information exists, but may not be allowed to know the content of it. Hence, the user may weaken an undetectability requirement in the next step of our method (Section 7) to a confidentiality requirement. To keep the number of requirements that are generated small, we create for each pair of stakeholder and counterstakeholder only one undetectability requirement containing all personal information of the stakeholder that shall be undetectable for the counterstakeholder. A personal information p that Information 2016, 7, 28 13 of 32 Application to Running Example For the sake of simplicity, we only consider the stakeholder patient and the counterstakeholder insurance employee for the generation of the unlinkability requirements. To the biddable domain insurance employee the same personal information of the patient is available as at the insurance application (cf. Figure 7). Hence, an undetectability requirement is generated for the counterstakeholder insurance employee and the stakeholder patient with all personal data of the patient (cf. Figure 8) that is not available at the insurance employee as value for the attribute phenomena. The undetectability requirement is represented in the first row in Table 1. When we instantiate the above template for the meaning of an undetectability requirement, then we get the following textual representation of it: The insurance employee shall not be able to sufficiently distinguish whether the personal information healthStatus, mobileDevices, deviceId, vitalSigns, and notes of the patient exist or not. Table 1. Unlinkability requirements for the stakeholder patient and the counterstakeholder insurance employee. UnlinkabilityRequirement Phenomena / Pairs Semantic Template DEDUCTION Unlikability Requirement Candidate PDP4E 11
Generation of Privacy Req. Candidates 10/03/2020 • The software artefacts generated in Phase 1 are used together with the taxonomies to generate a set of privacy requirement candidates in Phase 2. • Generate undetectability requirements for a stakeholder S regarding a counter-stakeholder C: • Analyse the Personal Information Diagram of S and the Available Information Diagram of C • “A personal information p of S shall be undetectable for C when p is not available to C” Each type of privacy requirement (i.e. unlikability, transparency, intervenability, etc…) is generated by reasoning over the information available in ProPAn’s models. We create an undetectability requirement for those information in the Personal Information Diagram of S that are not available at the Available Information Diagram of C PDP4E 12
ProPAn: Issues and disadvantages 10/03/2020 • The meta-requirement taxonomies of ProPAn may not be exhaustive (w.r.t. GDPR). • There is a high amount of redundancy across the ProPAn diagrams: • The attribute Linkability appears in the PID and in the AID • The attribute Origin appears in the PID and the AID • Stakeholders (including data subjects), data-storages and processes are represented all together in a same diagram (as consequence of starting from contextual information) • In terms of context modelling this representation is adequate. • In terms of privacy analysis, a more structured representation is necessary! We want to maintain the level of granularity achieved by ProPAn but improving its interpretability and eliminate redundancy. PDP4E 13
10/03/2020 PDP4E-REQ: Privacy Requirements Engineering Method/Tool PDP4E-REQ (tool) Requirement Information Deduction ProPAn Artefacts PDP Goal Requirement Metamodel Data Protection Principle Hansen Generation of Privacy Requirement Candidates Semantic Template Adjust Privacy Requirements Validate Privacy Requirements Requirement Information Privacy Requirement Candidates Adjusted Privacy Requirements Validated Privacy Requirements Method Step External Input Internal Input/output P-DFD ProPAn Taxonomy PDP Metamodel External Input (new) X PDP4E 14
PDP4E-REQ Tool • There was a constant exchange of ideas/views between CEA and UDE • Harmonize the method/tool according to the necessities of requirement engineers • Reduce overhead to optimize the method’s applicability • Our most salient achievements so far: • Definition of a light-weigh methodology for privacy and GDPR requirements engineering • Definition of data structures that support the methodology (e.g. DFDs) • Reuse and adaptation of ProPAn code in PDP4E-Req • Implementation of the method and its data structures • Validation of the tool with a case study (Smart Grids) 10/03/2020 PDP4E 15
DFDs in PDP4E-Req • Functional requirements are translated into one or more DFD elements: 10/03/2020 • Data Record Requirement (DRR): Collection of data records (e.g. personal data) • Data Process Requirement (DPR): Activities that are performed over data records. • Data Flow Requirement (DFR): Exchange of information between DRR and DPR. • The DFD elements are annotated with attributes such as data sensitivity, degree of linkability and retention time. PDP4E-Req DFD Metamodel PDP4E 16
Future plans • This is a first attempt to bridge the accountability gap in requirement engineering. • Harmonization between legal provisions and technical requirements is an ongoing challenge: • New legal provisions will appear in future. • Privacy requirement taxonomies are elaborated manually. • Methodological point of view • Update the methodology accordingly • Have a better coverage of the GDPR • Tool point of view • Improve GUI • Implements filters to help to navigate in model, and requirements. • Continue the coverage about the requirement generation. 10/03/2020 PDP4E 17
Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering For more information, visit: www.pdp4e-project.org Thank you for your attention Questions? Contributions: patrick.tessier@cea.fr gabriel.pedroza@cea.fr nicolas.diaz-ferreyra@uni-due.de

Empfohlen

Wp4 overall approach_v1
Wp4 overall approach_v1Wp4 overall approach_v1
Wp4 overall approach_v1Privacy Data Protection for Engineering
 
Paris wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_studyParis wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_studyPrivacy Data Protection for Engineering
 
Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Privacy Data Protection for Engineering
 
Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4Privacy Data Protection for Engineering
 
Dpm presentation
Dpm presentationDpm presentation
Dpm presentationPrivacy Data Protection for Engineering
 
Pdp4 e forum
Pdp4 e forumPdp4 e forum
Pdp4 e forumPrivacy Data Protection for Engineering
 
Paris wp5 pd-pb_d
Paris wp5 pd-pb_dParis wp5 pd-pb_d
Paris wp5 pd-pb_dPrivacy Data Protection for Engineering
 
Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Privacy Data Protection for Engineering
 

Empfohlen

Wp4 overall approach_v1
Wp4 overall approach_v1Wp4 overall approach_v1
Wp4 overall approach_v1Privacy Data Protection for Engineering
 
Paris wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_studyParis wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_studyPrivacy Data Protection for Engineering
 
Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Privacy Data Protection for Engineering
 
Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4Privacy Data Protection for Engineering
 
Dpm presentation
Dpm presentationDpm presentation
Dpm presentationPrivacy Data Protection for Engineering
 
Pdp4 e forum
Pdp4 e forumPdp4 e forum
Pdp4 e forumPrivacy Data Protection for Engineering
 
Paris wp5 pd-pb_d
Paris wp5 pd-pb_dParis wp5 pd-pb_d
Paris wp5 pd-pb_dPrivacy Data Protection for Engineering
 
Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Privacy Data Protection for Engineering
 
Beawre pitch
Beawre pitchBeawre pitch
Beawre pitchPrivacy Data Protection for Engineering
 
Pdp4e IPEN-2019
Pdp4e IPEN-2019Pdp4e IPEN-2019
Pdp4e IPEN-2019Privacy Data Protection for Engineering
 
Privacy Data Protection for Engineers - PDP4E
Privacy Data Protection for Engineers - PDP4EPrivacy Data Protection for Engineers - PDP4E
Privacy Data Protection for Engineers - PDP4EPrivacy Data Protection for Engineering
 
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral ResearchersAdjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral ResearchersTravis Greene
 
GDPR master class - transparent research projects
GDPR master class - transparent research projectsGDPR master class - transparent research projects
GDPR master class - transparent research projectsMRS
 
GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)MRS
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationUlf Mattsson
 
Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project DEFeND Project
 
Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019Privacy Data Protection for Engineering
 
Secure access to biomedical data sources for legal data sharing-kuchinke
Secure access to biomedical data sources for legal data sharing-kuchinkeSecure access to biomedical data sources for legal data sharing-kuchinke
Secure access to biomedical data sources for legal data sharing-kuchinkeWolfgang Kuchinke
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Kontakt.io webinar with Cassia Networks
Kontakt.io webinar with Cassia NetworksKontakt.io webinar with Cassia Networks
Kontakt.io webinar with Cassia Networkskontakt.io
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...Ulf Mattsson
 
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...Csaba Krasznay
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesUlf Mattsson
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
 
New enterprise application and data security challenges and solutions apr 2...
New enterprise application and data security challenges and solutions apr 2...New enterprise application and data security challenges and solutions apr 2...
New enterprise application and data security challenges and solutions apr 2...Ulf Mattsson
 
Project department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursProject department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursSAHIL781034
 
Soa
SoaSoa
SoaPrabhat gangwar
 
Association rule visualization technique
Association rule visualization techniqueAssociation rule visualization technique
Association rule visualization techniquemustafasmart
 
Data attribute security and privacy in Collaborative distributed database Pub...
Data attribute security and privacy in Collaborative distributed database Pub...Data attribute security and privacy in Collaborative distributed database Pub...
Data attribute security and privacy in Collaborative distributed database Pub...International Journal of Engineering Inventions www.ijeijournal.com
 

Weitere ähnliche Inhalte

Was ist angesagt?

Adjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral ResearchersAdjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral ResearchersTravis Greene
 
GDPR master class - transparent research projects
GDPR master class - transparent research projectsGDPR master class - transparent research projects
GDPR master class - transparent research projectsMRS
 
GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)MRS
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationUlf Mattsson
 
Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project DEFeND Project
 
Secure access to biomedical data sources for legal data sharing-kuchinke
Secure access to biomedical data sources for legal data sharing-kuchinkeSecure access to biomedical data sources for legal data sharing-kuchinke
Secure access to biomedical data sources for legal data sharing-kuchinkeWolfgang Kuchinke
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Kontakt.io webinar with Cassia Networks
Kontakt.io webinar with Cassia NetworksKontakt.io webinar with Cassia Networks
Kontakt.io webinar with Cassia Networkskontakt.io
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...Ulf Mattsson
 
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...Csaba Krasznay
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesUlf Mattsson
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
 
New enterprise application and data security challenges and solutions apr 2...
New enterprise application and data security challenges and solutions apr 2...New enterprise application and data security challenges and solutions apr 2...
New enterprise application and data security challenges and solutions apr 2...Ulf Mattsson
 
Project department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursProject department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursSAHIL781034
 

Was ist angesagt? (20)

Beawre pitch
Beawre pitchBeawre pitch
Beawre pitch
 
Pdp4e IPEN-2019
Pdp4e IPEN-2019Pdp4e IPEN-2019
Pdp4e IPEN-2019
 
Privacy Data Protection for Engineers - PDP4E
Privacy Data Protection for Engineers - PDP4EPrivacy Data Protection for Engineers - PDP4E
Privacy Data Protection for Engineers - PDP4E
 
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral ResearchersAdjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
 
GDPR master class - transparent research projects
GDPR master class - transparent research projectsGDPR master class - transparent research projects
GDPR master class - transparent research projects
 
GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computation
 
Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project
 
Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019
 
Secure access to biomedical data sources for legal data sharing-kuchinke
Secure access to biomedical data sources for legal data sharing-kuchinkeSecure access to biomedical data sources for legal data sharing-kuchinke
Secure access to biomedical data sources for legal data sharing-kuchinke
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
Kontakt.io webinar with Cassia Networks
Kontakt.io webinar with Cassia NetworksKontakt.io webinar with Cassia Networks
Kontakt.io webinar with Cassia Networks
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
 
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
 
New enterprise application and data security challenges and solutions apr 2...
New enterprise application and data security challenges and solutions apr 2...New enterprise application and data security challenges and solutions apr 2...
New enterprise application and data security challenges and solutions apr 2...
 
Project department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis coursProject department of defense (do d) ready purposethis cours
Project department of defense (do d) ready purposethis cours
 
Soa
SoaSoa
Soa
 

Ähnlich wie Wp4 ws cea2020

Association rule visualization technique
Association rule visualization techniqueAssociation rule visualization technique
Association rule visualization techniquemustafasmart
 
A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...
A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...
A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...IRJET Journal
 
A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...
A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...
A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...IRJET Journal
 
IEEE 2014 JAVA DATA MINING PROJECTS M privacy for collaborative data publishing
IEEE 2014 JAVA DATA MINING PROJECTS M privacy for collaborative data publishingIEEE 2014 JAVA DATA MINING PROJECTS M privacy for collaborative data publishing
IEEE 2014 JAVA DATA MINING PROJECTS M privacy for collaborative data publishingIEEEFINALYEARSTUDENTPROJECTS
 
2014 IEEE JAVA DATA MINING PROJECT M privacy for collaborative data publishing
2014 IEEE JAVA DATA MINING PROJECT M privacy for collaborative data publishing2014 IEEE JAVA DATA MINING PROJECT M privacy for collaborative data publishing
2014 IEEE JAVA DATA MINING PROJECT M privacy for collaborative data publishingIEEEMEMTECHSTUDENTSPROJECTS
 
Visualization of Computer Forensics Analysis on Digital Evidence
Visualization of Computer Forensics Analysis on Digital EvidenceVisualization of Computer Forensics Analysis on Digital Evidence
Visualization of Computer Forensics Analysis on Digital EvidenceMuhd Mu'izuddin
 
20190423 PRiSE model to tackle data protection impact assessments and data pr...
20190423 PRiSE model to tackle data protection impact assessments and data pr...20190423 PRiSE model to tackle data protection impact assessments and data pr...
20190423 PRiSE model to tackle data protection impact assessments and data pr...Brussels Legal Hackers
 
Week10 Analysing Client Requirements
Week10 Analysing Client RequirementsWeek10 Analysing Client Requirements
Week10 Analysing Client Requirementshapy
 
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Consulting
 
IRJET - Virtual Data Auditing at Overcast Environment
IRJET - Virtual Data Auditing at Overcast EnvironmentIRJET - Virtual Data Auditing at Overcast Environment
IRJET - Virtual Data Auditing at Overcast EnvironmentIRJET Journal
 
Final review m score
Final review m scoreFinal review m score
Final review m scoreazhar4010
 
IRJET- A Survey on Mining of Tweeter Data for Predicting User Behavior
IRJET- A Survey on Mining of Tweeter Data for Predicting User BehaviorIRJET- A Survey on Mining of Tweeter Data for Predicting User Behavior
IRJET- A Survey on Mining of Tweeter Data for Predicting User BehaviorIRJET Journal
 
Prompt Detection of Transformed Data Brench
Prompt Detection of Transformed Data BrenchPrompt Detection of Transformed Data Brench
Prompt Detection of Transformed Data BrenchIRJET Journal
 
KIT-601 Lecture Notes-UNIT-1.pdf
KIT-601 Lecture Notes-UNIT-1.pdfKIT-601 Lecture Notes-UNIT-1.pdf
KIT-601 Lecture Notes-UNIT-1.pdfDr. Radhey Shyam
 
Confidential data identification using
Confidential data identification usingConfidential data identification using
Confidential data identification usingIJDKP
 
Paper id 28201425
Paper id 28201425Paper id 28201425
Paper id 28201425IJRAT
 
Ensure GDPR Compliance with LeanIX
Ensure GDPR Compliance with LeanIXEnsure GDPR Compliance with LeanIX
Ensure GDPR Compliance with LeanIXLeanIX GmbH
 

Ähnlich wie Wp4 ws cea2020 (20)

Association rule visualization technique
Association rule visualization techniqueAssociation rule visualization technique
Association rule visualization technique
 
Data attribute security and privacy in Collaborative distributed database Pub...
Data attribute security and privacy in Collaborative distributed database Pub...Data attribute security and privacy in Collaborative distributed database Pub...
Data attribute security and privacy in Collaborative distributed database Pub...
 
A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...
A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...
A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...
 
A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...
A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...
A Muilt-Keyword Ranked Based Search and Privacy Preservation of Distributed D...
 
IEEE 2014 JAVA DATA MINING PROJECTS M privacy for collaborative data publishing
IEEE 2014 JAVA DATA MINING PROJECTS M privacy for collaborative data publishingIEEE 2014 JAVA DATA MINING PROJECTS M privacy for collaborative data publishing
IEEE 2014 JAVA DATA MINING PROJECTS M privacy for collaborative data publishing
 
2014 IEEE JAVA DATA MINING PROJECT M privacy for collaborative data publishing
2014 IEEE JAVA DATA MINING PROJECT M privacy for collaborative data publishing2014 IEEE JAVA DATA MINING PROJECT M privacy for collaborative data publishing
2014 IEEE JAVA DATA MINING PROJECT M privacy for collaborative data publishing
 
Visualization of Computer Forensics Analysis on Digital Evidence
Visualization of Computer Forensics Analysis on Digital EvidenceVisualization of Computer Forensics Analysis on Digital Evidence
Visualization of Computer Forensics Analysis on Digital Evidence
 
20190423 PRiSE model to tackle data protection impact assessments and data pr...
20190423 PRiSE model to tackle data protection impact assessments and data pr...20190423 PRiSE model to tackle data protection impact assessments and data pr...
20190423 PRiSE model to tackle data protection impact assessments and data pr...
 
Week10 Analysing Client Requirements
Week10 Analysing Client RequirementsWeek10 Analysing Client Requirements
Week10 Analysing Client Requirements
 
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
 
IRJET - Virtual Data Auditing at Overcast Environment
IRJET - Virtual Data Auditing at Overcast EnvironmentIRJET - Virtual Data Auditing at Overcast Environment
IRJET - Virtual Data Auditing at Overcast Environment
 
Final review m score
Final review m scoreFinal review m score
Final review m score
 
IRJET- A Survey on Mining of Tweeter Data for Predicting User Behavior
IRJET- A Survey on Mining of Tweeter Data for Predicting User BehaviorIRJET- A Survey on Mining of Tweeter Data for Predicting User Behavior
IRJET- A Survey on Mining of Tweeter Data for Predicting User Behavior
 
Prompt Detection of Transformed Data Brench
Prompt Detection of Transformed Data BrenchPrompt Detection of Transformed Data Brench
Prompt Detection of Transformed Data Brench
 
KIT-601 Lecture Notes-UNIT-1.pdf
KIT-601 Lecture Notes-UNIT-1.pdfKIT-601 Lecture Notes-UNIT-1.pdf
KIT-601 Lecture Notes-UNIT-1.pdf
 
Confidential data identification using
Confidential data identification usingConfidential data identification using
Confidential data identification using
 
Paper id 28201425
Paper id 28201425Paper id 28201425
Paper id 28201425
 
Strategic plan
Strategic planStrategic plan
Strategic plan
 
Ensure GDPR Compliance with LeanIX
Ensure GDPR Compliance with LeanIXEnsure GDPR Compliance with LeanIX
Ensure GDPR Compliance with LeanIX
 
CHINO poster IM/IFIP
CHINO poster IM/IFIPCHINO poster IM/IFIP
CHINO poster IM/IFIP
 

Mehr von Privacy Data Protection for Engineering

Long term security evolution of ai and data protection antonio kung trialog...
Long term security evolution of ai and data protection antonio kung trialog...Long term security evolution of ai and data protection antonio kung trialog...
Long term security evolution of ai and data protection antonio kung trialog...Privacy Data Protection for Engineering
 

Mehr von Privacy Data Protection for Engineering (8)

Wp6 public
Wp6 publicWp6 public
Wp6 public
 
Long term security evolution of ai and data protection antonio kung trialog...
Long term security evolution of ai and data protection antonio kung trialog...Long term security evolution of ai and data protection antonio kung trialog...
Long term security evolution of ai and data protection antonio kung trialog...
 
Granular or holistic approaches - Antonio Kung
Granular or holistic approaches - Antonio KungGranular or holistic approaches - Antonio Kung
Granular or holistic approaches - Antonio Kung
 
Granular or holistic approaches 210126 Alejandra Ruiz
Granular or holistic approaches 210126 Alejandra RuizGranular or holistic approaches 210126 Alejandra Ruiz
Granular or holistic approaches 210126 Alejandra Ruiz
 
Antonio kung impact of ai on privacy sept 10
Antonio kung impact of ai on privacy sept 10Antonio kung impact of ai on privacy sept 10
Antonio kung impact of ai on privacy sept 10
 
Antonio kung - pdp4e privacy engineering oxford sept 9 - v2
Antonio kung - pdp4e privacy engineering oxford sept 9 - v2Antonio kung - pdp4e privacy engineering oxford sept 9 - v2
Antonio kung - pdp4e privacy engineering oxford sept 9 - v2
 
Ipen 2019 roma status of privacy engineering standardisation v2
Ipen 2019 roma status of privacy engineering standardisation v2Ipen 2019 roma status of privacy engineering standardisation v2
Ipen 2019 roma status of privacy engineering standardisation v2
 
Ipen2018
Ipen2018Ipen2018
Ipen2018
 

Kürzlich hochgeladen

ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.pptROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.pptJohnWilliam111370
 
11. Properties of Liquid Fuels in Energy Engineering.pdf
11. Properties of Liquid Fuels in Energy Engineering.pdf11. Properties of Liquid Fuels in Energy Engineering.pdf
11. Properties of Liquid Fuels in Energy Engineering.pdfHafizMudaserAhmad
 
Main Memory Management in Operating System
Main Memory Management in Operating SystemMain Memory Management in Operating System
Main Memory Management in Operating SystemRashmi Bhat
 
Earthing details of Electrical Substation
Earthing details of Electrical SubstationEarthing details of Electrical Substation
Earthing details of Electrical Substationstephanwindworld
 
Energy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptxEnergy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptxsiddharthjain2303
 
Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxRomil Mishra
 
Immutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfImmutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfDrew Moseley
 
DEVICE DRIVERS AND INTERRUPTS SERVICE MECHANISM.pdf
DEVICE DRIVERS AND INTERRUPTS SERVICE MECHANISM.pdfDEVICE DRIVERS AND INTERRUPTS SERVICE MECHANISM.pdf
DEVICE DRIVERS AND INTERRUPTS SERVICE MECHANISM.pdfAkritiPradhan2
 
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.elesangwon
 
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMSHigh Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMSsandhya757531
 
Python Programming for basic beginners.pptx
Python Programming for basic beginners.pptxPython Programming for basic beginners.pptx
Python Programming for basic beginners.pptxmohitesoham12
 
Novel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending ActuatorsNovel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending ActuatorsResearcher Researcher
 
multiple access in wireless communication
multiple access in wireless communicationmultiple access in wireless communication
multiple access in wireless communicationpanditadesh123
 
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfModule-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfManish Kumar
 
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONTHE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONjhunlian
 
Research Methodology for Engineering pdf
Research Methodology for Engineering pdfResearch Methodology for Engineering pdf
Research Methodology for Engineering pdfCaalaaAbdulkerim
 
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...Sumanth A
 
System Simulation and Modelling with types and Event Scheduling
System Simulation and Modelling with types and Event SchedulingSystem Simulation and Modelling with types and Event Scheduling
System Simulation and Modelling with types and Event SchedulingBootNeck1
 
signals in triangulation .. ...Surveying
signals in triangulation .. ...Surveyingsignals in triangulation .. ...Surveying
signals in triangulation .. ...Surveyingsapna80328
 
Turn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxTurn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxStephen Sitton
 

Kürzlich hochgeladen (20)

ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.pptROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
 
11. Properties of Liquid Fuels in Energy Engineering.pdf
11. Properties of Liquid Fuels in Energy Engineering.pdf11. Properties of Liquid Fuels in Energy Engineering.pdf
11. Properties of Liquid Fuels in Energy Engineering.pdf
 
Main Memory Management in Operating System
Main Memory Management in Operating SystemMain Memory Management in Operating System
Main Memory Management in Operating System
 
Earthing details of Electrical Substation
Earthing details of Electrical SubstationEarthing details of Electrical Substation
Earthing details of Electrical Substation
 
Energy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptxEnergy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptx
 
Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptx
 
Immutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfImmutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdf
 
DEVICE DRIVERS AND INTERRUPTS SERVICE MECHANISM.pdf
DEVICE DRIVERS AND INTERRUPTS SERVICE MECHANISM.pdfDEVICE DRIVERS AND INTERRUPTS SERVICE MECHANISM.pdf
DEVICE DRIVERS AND INTERRUPTS SERVICE MECHANISM.pdf
 
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
2022 AWS DNA Hackathon 장애 대응 솔루션 jarvis.
 
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMSHigh Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
High Voltage Engineering- OVER VOLTAGES IN ELECTRICAL POWER SYSTEMS
 
Python Programming for basic beginners.pptx
Python Programming for basic beginners.pptxPython Programming for basic beginners.pptx
Python Programming for basic beginners.pptx
 
Novel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending ActuatorsNovel 3D-Printed Soft Linear and Bending Actuators
Novel 3D-Printed Soft Linear and Bending Actuators
 
multiple access in wireless communication
multiple access in wireless communicationmultiple access in wireless communication
multiple access in wireless communication
 
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfModule-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
 
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONTHE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
 
Research Methodology for Engineering pdf
Research Methodology for Engineering pdfResearch Methodology for Engineering pdf
Research Methodology for Engineering pdf
 
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
 
System Simulation and Modelling with types and Event Scheduling
System Simulation and Modelling with types and Event SchedulingSystem Simulation and Modelling with types and Event Scheduling
System Simulation and Modelling with types and Event Scheduling
 
signals in triangulation .. ...Surveying
signals in triangulation .. ...Surveyingsignals in triangulation .. ...Surveying
signals in triangulation .. ...Surveying
 
Turn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxTurn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptx
 

Wp4 ws cea2020

  • 1. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering PDP4E-Req Managing privacy and GDPR-related requirements CEA, University of Duisburg-Essen 10.03.2020
  • 2. Innovation Scenario 10/03/2020 • Privacy engineering posits that privacy must be considered as a primary development aspect: • Privacy must be addressed from the early stages of a systems’ life cycle (by-design) • Requirements related to privacy and data protection must be properly elicited and documented! • This urges the development of systematic methods and tools to support software engineers in the identification and documentation of privacy requirements! • Legal frameworks such as the GDPR introduce new requirement engineering challenges: • Legal provisions are expressed in a jargon alien to most software developers • As opposite to system requirements, provisions are described in a high-level • Multiple interpretations leading to ambiguous/contradictory software requirements • Mapping legal provisions to system requirements is not always straight-forward PDP4E 2
  • 3. Scope and Objectives 10/03/2020 • Develop requirements engineering methods and tools that: • Support the elicitation of privacy and data protection requirements • Systematically • Structured • Computer aided • Aligned with the GDPR legal provisions • Aligned with privacy and data protection standards (ISO 29100) • Driven by privacy goals such as • Integrity • Confidentiality • Transparency… PDP4E 3
  • 4. Method Background 10/03/2020 • Privacy scholars have introduced different requirement engineering methods and techniques • ProPAn (Problem-based Privacy Analysis) is a computer-aided method for privacy requirements engineering. • Analyses systematically the functional requirements of a system-to-be with regard to a set of privacy engineering protection goals. • Goals are represented through a taxonomy of high-level privacy requirements. • The taxonomy is derived from the legal framework relevant for the data controller and the data subject (e.g. the GDPR). • The taxonomy guides the identification of critical points in the data flow of the system that may rise privacy concerns from the stakeholders. • The input of the method is a representation of the system-to-be as a Problem Diagram. PDP4E 4
  • 5. The ProPAn Method 10/03/2020 • The ProPAn method can be divided on two phases: 1. PHASE 1: Identification of Privacy-Relevant Information Flows 2. PHASE 2: Generation of privacy requirements • In Phase 1, ProPAn elaborates on a set of software artefacts: • Context Diagram (1..1) • Problem Diagrams (1..N) • Domain Knowledge diagram (1..N) • Stakeholder Information Flow diagram (1..N) • Personal Information Diagram (1..N) • Available Information Diagram (1..N) Context Elicitation Graph Generation Identification of Personal Data Personal Data Flow Analysis Functional Requirements Context Diagram, Domain Knowledge, Problem Diagrams Detailed Stakeholder Information Flow Graphs Personal Information Diagrams Available Information Diagrams Method Step External Input Internal Input/Output Phase 1: Identification of Privacy-Relevant Information Flows PDP4E 5
  • 6. The ProPAn Method: Phase 1 10/03/2020 • ProPAn and its artefacts are based on the problem frame notation by Jackson: • Context Diagram (1..1) • Problem Diagrams (1..N) • Domain Knowledge (1..N) • The “world” is modelled in terms of: • Domains • Interfaces • Phenomena (events) exchanged between domains • Causal: Events, actions, messages, and operations. • Symbolic: Data and states. • In this sense, a problem diagram is an event-oriented artefact which is used to specify requirements. Context Elicitation Graph Generation Identification of Personal Data Personal Data Flow Analysis Functional Requirements Context Diagram, Domain Knowledge, Problem Diagrams Detailed Stakeholder Information Flow Graphs Personal Information Diagrams Available Information Diagrams Method Step External Input Internal Input/Output PDP4E 6
  • 7. The ProPAn Method: Phase 1 10/03/2020 • In order to perform a privacy analysis over a set of functional requirements we need requirements expressed in a data-oriented fashion. • To represent the exchange of personal data, ProPAn introduces a set of refinements and alternative data structures to the original problem diagrams: • Detailed Stakeholder Data Flow Diagrams (DSIFDs) • Available Information Diagrams (AIDs) • Personal Information Diagrams (PIDs) • These new diagrams incorporate additional information which is necessary to conduct a privacy analysis and, therefore privacy requirements derivation. PDP4E 7
  • 8. ProPAn Requirement Taxonomies 10/03/2020 • ProPAn analyses the GDPR and ISO 29100 using the Privacy Engineering Protection Goals (PEPGs) unlikability, transparency, intervenability, confidentiality, integrity and availability • A set of extensible taxonomies is generated representing a collection of meta-requirements which are necessary for achieving these PEPGs. • Generation of <transparency> meta-requirements: • <transparency> related verbs and nouns such as inform, notify, present, provide, explain and communicate are searched in the GDPR and ISO 29100 to identify <transparency> requirements. • Refinement relations between the identified <transparency> requirements are identified. • If a requirement B refines a requirement A, it means that B adds further details on how or what information has to be made <transparent>. PDP4E 8
  • 9. ProPAn Transparency Taxonomy 10/03/2020 78 Chapter 5. Refining the Privacy Goal Transparency 5.2.2. Setting up a Transparency Requirements Taxonomy In this section, I structure the identified preliminary transparency requirements into a trans- parency requirements taxonomy. Figure 5.2 shows my taxonomy in the form of a metamodel as a UML class diagram. I structured the transparency requirements into a hierarchy, which is derived from the initial ontology shown in Figure 5.1. I describe my taxonomy in the following from the top to the bottom. An overview of the mapping between the transparency requirements taxonomy to the initial transparency requirements is given in Table 5.1. Figure 5.2.: My proposed taxonomy of transparency requirements. Table 5.1.: Mapping of transparency requirements to preliminary requirements Requirement Attribute Tn TransparencyRequirement data subject, personal data T1 controller T5 counterstakeholder T4, T14 linkability T16 Figure 5.2.: My proposed taxonomy of transparency requirements. Table 5.1.: Mapping of transparency requirements to preliminary requirements Requirement Attribute Tn TransparencyRequirement data subject, personal data T1 controller T5 counterstakeholder T4, T14 linkability T16 sensitiveData T19 PresentationRequirement accessibility T2 language T18 time T16, T29, T30 ExceptionalInformationRequirement case T17, T21, T24, T30 authorities T21 ProcessingInformationRequirement controlOptions T6, T7, T8, T26 mandatory T10, T20 purpose, reason T3, T17, T23 security T22 CollectionInformationRequirement method T11, T28 StorageInformationRequirement retention T13, T15, T25 FlowInformationRequirement contract, country T9, T12, T27 5.2.2.1. Transparency Requirement The top-level element of my hierarchy is the general TransparencyRequirement which corresponds to the initial requirement T1. In my metamodel I declared this requirement as abstract, i.e., it is PDP4E 9
  • 10. 10/03/2020 Requirement Information Deduction Functional Requirement Artefacts Privacy Goal Privacy Requirement Taxonomy Unlinkability Transparency Intervenability Confidentiality Integrity Generation of Privacy Requirement Candidates Semantic Template Adjust Privacy Requirements Validate Privacy Requirements Requirement Information Privacy Requirement Candidates Adjusted Privacy Requirements Validated Privacy Requirements Method Step External Input Internal Input/output Phase 2: Generation of Privacy Requirements The ProPAn Method: Phase 2 PDP4E 10
  • 11. Generation of Privacy Req. Candidates Information 2016, 7, 28 12 Figure 10. Used Taxonomy of Unlinkability Requirements. UndetectabilityRequirement Pfitzmann and Hansen define undetectability as: “Undetectabilit an item of interest (IOI) from an attacker’s perspective means that the attacker cannot sufficien distinguish whether it exists or not.” AnonymityRequirement Pfitzmann and Hansen define anonymity as: “Anonymity of a sub from an attacker’s perspective means that the attacker cannot sufficiently identify the subject with set of subjects, the anonymity set.” DataUnlinkabilityRequirement Pfitzmann and Hansen define unlinkability as: “Unlinkabi of two or more items of interest (IOIs, e.g., subjects, messages, actions, ...) from an attack perspective means that within the system (comprising these and possibly other items), the attac cannot sufficiently distinguish whether these IOIs are related or not.” Our data unlinkabi requirements express the intended relations between messages, actions, and the like which a sub performs and do not concern the relations of these to the subject itself, as these are represented anonymity requirements. 10/03/2020 Information 2016, 7, 28 10 of 32 Figure 9. View on the available information diagram for the insurance application showing which links between the personal data of the patient are available at the insurance application. Application to Running Example Figure 8 shows all personal information that was identified for the patient. During the personal data flow analysis new personal information was identified based on the personal data that were identified during the step Identification of Personal Data (cf. Figure 6). All newly identified personal data can be derived from or is contained in the initially identified personal data and additionally, we identified contains and derivedFrom relations among the initially identified personal data. For example, we identified that the healthInformation of patients can be derived from the patient’s healthStatus. Furthermore, it was identified that the diagnosis, which doctors create for patients, and the chosen treatment are derived from the patient’s healthStatus by doctors. In addition, from the diagnosis and treatment, the costs for the performed treatment (treatmentCosts) can be derived. Figure 7 shows which personal information of patients are available at the insurance application. For example, from requirement R3 (attribute origin) it was identified that for accounting, the patient’s diagnosis, treatment, treatment costs, and insurance number are sent to the insurance application. Insurance Employee Available Information Diagram Figure 7. View on the available information diagram for the insurance application showing the which personal data of patients are available at the insurance application. During the information flow analysis, we elicit two additional relations between the identified personal data. The relation contains documents that one personal information contains another personal information. We document this using an aggregation with stereotype «contains». The relation derivedFrom documents that a personal information can be derived from one or several other pieces of personal information. We document this using a dependency with stereotype «derivedFrom». The contains and derivedFrom relations are–in contrast to the linkable relation–globally valid elations, i.e., the relations are not only available at specific domains, they are valid at all domains. Figures 8 and 9 present views on a personal information diagram and an available information diagram. These diagrams show how the contains, derivedFrom, and linkable relations are modeled. Figure 8. View on the final personal information diagram for the patient showing the personal information of the patient and the relations between this personal information. Patient Personal Information Diagram Unlikability Requirements Taxonomy Figure 10. Used Taxonomy of Unlinkability Requirements. UndetectabilityRequirement Pfitzmann and Hansen define undetectability as: “Undetectability of an item of interest (IOI) from an attacker’s perspective means that the attacker cannot sufficiently distinguish whether it exists or not.” AnonymityRequirement Pfitzmann and Hansen define anonymity as: “Anonymity of a subject from an attacker’s perspective means that the attacker cannot sufficiently identify the subject within a set of subjects, the anonymity set.” DataUnlinkabilityRequirement Pfitzmann and Hansen define unlinkability as: “Unlinkability of two or more items of interest (IOIs, e.g., subjects, messages, actions, ...) from an attacker’s perspective means that within the system (comprising these and possibly other items), the attacker cannot sufficiently distinguish whether these IOIs are related or not.” Our data unlinkability requirements express the intended relations between messages, actions, and the like which a subject performs and do not concern the relations of these to the subject itself, as these are represented by anonymity requirements. 6.1.1. Undetectability Based on the above given definition of Pfitzmann and Hansen, an undetectability requirement of our taxonomy (cf. Figure 10) has the following meaning: The <counterstakeholder>s shall not be able to sufficiently distinguish whether the personal information <phenomena> of the <stakeholder> exists or not. If a personal information of a stakeholder is not available at a counterstakeholder and also not part of any personal information available at the counterstakeholder, then we assume that this personal information is undetectable for the counterstakeholder. Note that an undetectability requirement may be too strong for this case, because the counterstakeholder may be allowed to know that a specific personal information exists, but may not be allowed to know the content of it. Hence, the user may weaken an undetectability requirement in the next step of our method (Section 7) to a confidentiality requirement. To keep the number of requirements that are generated small, we create for each pair of stakeholder and counterstakeholder only one undetectability requirement containing all personal information of the stakeholder that shall be undetectable for the counterstakeholder. A personal information p that Information 2016, 7, 28 13 of 32 Application to Running Example For the sake of simplicity, we only consider the stakeholder patient and the counterstakeholder insurance employee for the generation of the unlinkability requirements. To the biddable domain insurance employee the same personal information of the patient is available as at the insurance application (cf. Figure 7). Hence, an undetectability requirement is generated for the counterstakeholder insurance employee and the stakeholder patient with all personal data of the patient (cf. Figure 8) that is not available at the insurance employee as value for the attribute phenomena. The undetectability requirement is represented in the first row in Table 1. When we instantiate the above template for the meaning of an undetectability requirement, then we get the following textual representation of it: The insurance employee shall not be able to sufficiently distinguish whether the personal information healthStatus, mobileDevices, deviceId, vitalSigns, and notes of the patient exist or not. Table 1. Unlinkability requirements for the stakeholder patient and the counterstakeholder insurance employee. UnlinkabilityRequirement Phenomena / Pairs Semantic Template DEDUCTION Unlikability Requirement Candidate PDP4E 11
  • 12. Generation of Privacy Req. Candidates 10/03/2020 • The software artefacts generated in Phase 1 are used together with the taxonomies to generate a set of privacy requirement candidates in Phase 2. • Generate undetectability requirements for a stakeholder S regarding a counter-stakeholder C: • Analyse the Personal Information Diagram of S and the Available Information Diagram of C • “A personal information p of S shall be undetectable for C when p is not available to C” Each type of privacy requirement (i.e. unlikability, transparency, intervenability, etc…) is generated by reasoning over the information available in ProPAn’s models. We create an undetectability requirement for those information in the Personal Information Diagram of S that are not available at the Available Information Diagram of C PDP4E 12
  • 13. ProPAn: Issues and disadvantages 10/03/2020 • The meta-requirement taxonomies of ProPAn may not be exhaustive (w.r.t. GDPR). • There is a high amount of redundancy across the ProPAn diagrams: • The attribute Linkability appears in the PID and in the AID • The attribute Origin appears in the PID and the AID • Stakeholders (including data subjects), data-storages and processes are represented all together in a same diagram (as consequence of starting from contextual information) • In terms of context modelling this representation is adequate. • In terms of privacy analysis, a more structured representation is necessary! We want to maintain the level of granularity achieved by ProPAn but improving its interpretability and eliminate redundancy. PDP4E 13
  • 14. 10/03/2020 PDP4E-REQ: Privacy Requirements Engineering Method/Tool PDP4E-REQ (tool) Requirement Information Deduction ProPAn Artefacts PDP Goal Requirement Metamodel Data Protection Principle Hansen Generation of Privacy Requirement Candidates Semantic Template Adjust Privacy Requirements Validate Privacy Requirements Requirement Information Privacy Requirement Candidates Adjusted Privacy Requirements Validated Privacy Requirements Method Step External Input Internal Input/output P-DFD ProPAn Taxonomy PDP Metamodel External Input (new) X PDP4E 14
  • 15. PDP4E-REQ Tool • There was a constant exchange of ideas/views between CEA and UDE • Harmonize the method/tool according to the necessities of requirement engineers • Reduce overhead to optimize the method’s applicability • Our most salient achievements so far: • Definition of a light-weigh methodology for privacy and GDPR requirements engineering • Definition of data structures that support the methodology (e.g. DFDs) • Reuse and adaptation of ProPAn code in PDP4E-Req • Implementation of the method and its data structures • Validation of the tool with a case study (Smart Grids) 10/03/2020 PDP4E 15
  • 16. DFDs in PDP4E-Req • Functional requirements are translated into one or more DFD elements: 10/03/2020 • Data Record Requirement (DRR): Collection of data records (e.g. personal data) • Data Process Requirement (DPR): Activities that are performed over data records. • Data Flow Requirement (DFR): Exchange of information between DRR and DPR. • The DFD elements are annotated with attributes such as data sensitivity, degree of linkability and retention time. PDP4E-Req DFD Metamodel PDP4E 16
  • 17. Future plans • This is a first attempt to bridge the accountability gap in requirement engineering. • Harmonization between legal provisions and technical requirements is an ongoing challenge: • New legal provisions will appear in future. • Privacy requirement taxonomies are elaborated manually. • Methodological point of view • Update the methodology accordingly • Have a better coverage of the GDPR • Tool point of view • Improve GUI • Implements filters to help to navigate in model, and requirements. • Continue the coverage about the requirement generation. 10/03/2020 PDP4E 17
  • 18. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering For more information, visit: www.pdp4e-project.org Thank you for your attention Questions? Contributions: patrick.tessier@cea.fr gabriel.pedroza@cea.fr nicolas.diaz-ferreyra@uni-due.de