DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures

Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium Pub Date : 2021-11-20 DOI:10.2478/popets-2022-0028

Vinh-Thong Ta, M. Eiza

{"title":"DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures","authors":"Vinh-Thong Ta, M. Eiza","doi":"10.2478/popets-2022-0028","DOIUrl":null,"url":null,"abstract":"Abstract Privacy and data protection by design are relevant parts of the General Data Protection Regulation (GDPR), in which businesses and organisations are encouraged to implement measures at an early stage of the system design phase to fulfil data protection requirements. This paper addresses the policy and system architecture design and propose two variants of privacy policy language and architecture description language, respectively, for specifying and verifying data protection and privacy requirements. In addition, we develop a fully automated algorithm based on logic, for verifying three types of conformance relations (privacy, data protection, and functional conformance) between a policy and an architecture specified in our languages’ variants. Compared to related works, this approach supports a more systematic and fine-grained analysis of the privacy, data protection, and functional properties of a system. Our theoretical methods are then implemented as a software tool called DataProVe and its feasibility is demonstrated based on the centralised and decentralised approaches of COVID-19 contact tracing applications.","PeriodicalId":74556,"journal":{"name":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2478/popets-2022-0028","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Abstract Privacy and data protection by design are relevant parts of the General Data Protection Regulation (GDPR), in which businesses and organisations are encouraged to implement measures at an early stage of the system design phase to fulfil data protection requirements. This paper addresses the policy and system architecture design and propose two variants of privacy policy language and architecture description language, respectively, for specifying and verifying data protection and privacy requirements. In addition, we develop a fully automated algorithm based on logic, for verifying three types of conformance relations (privacy, data protection, and functional conformance) between a policy and an architecture specified in our languages’ variants. Compared to related works, this approach supports a more systematic and fine-grained analysis of the privacy, data protection, and functional properties of a system. Our theoretical methods are then implemented as a software tool called DataProVe and its feasibility is demonstrated based on the centralised and decentralised approaches of COVID-19 contact tracing applications.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

DataProVe：数据保护策略和系统体系结构之间的全自动一致性验证

摘要隐私和设计数据保护是《通用数据保护条例》（GDPR）的相关部分，该条例鼓励企业和组织在系统设计阶段的早期阶段实施措施，以满足数据保护要求。本文讨论了策略和系统架构设计，并分别提出了隐私策略语言和架构描述语言的两种变体，用于指定和验证数据保护和隐私要求。此外，我们开发了一种基于逻辑的全自动算法，用于验证策略和我们语言变体中指定的架构之间的三种类型的一致性关系（隐私、数据保护和功能一致性）。与相关工作相比，这种方法支持对系统的隐私、数据保护和功能属性进行更系统、更细粒度的分析。然后，我们的理论方法被实现为一种名为DataProVe的软件工具，其可行性基于新冠肺炎接触者追踪应用程序的集中式和去中心化方法进行了论证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊