O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

de

Paris wp5 pd-pb_d Slide 1 Paris wp5 pd-pb_d Slide 2 Paris wp5 pd-pb_d Slide 3 Paris wp5 pd-pb_d Slide 4 Paris wp5 pd-pb_d Slide 5 Paris wp5 pd-pb_d Slide 6 Paris wp5 pd-pb_d Slide 7 Paris wp5 pd-pb_d Slide 8 Paris wp5 pd-pb_d Slide 9 Paris wp5 pd-pb_d Slide 10 Paris wp5 pd-pb_d Slide 11 Paris wp5 pd-pb_d Slide 12 Paris wp5 pd-pb_d Slide 13 Paris wp5 pd-pb_d Slide 14 Paris wp5 pd-pb_d Slide 15 Paris wp5 pd-pb_d Slide 16 Paris wp5 pd-pb_d Slide 17 Paris wp5 pd-pb_d Slide 18 Paris wp5 pd-pb_d Slide 19 Paris wp5 pd-pb_d Slide 20 Paris wp5 pd-pb_d Slide 21 Paris wp5 pd-pb_d Slide 22 Paris wp5 pd-pb_d Slide 23 Paris wp5 pd-pb_d Slide 24 Paris wp5 pd-pb_d Slide 25
Próximos SlideShares
What to Upload to SlideShare
Avançar
Transfira para ler offline e ver em ecrã inteiro.

0 gostaram

Compartilhar

Baixar para ler offline

Paris wp5 pd-pb_d

Baixar para ler offline

Presentation of Data Protection

  • Seja a primeira pessoa a gostar disto

Paris wp5 pd-pb_d

  1. 1. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering Privacy and Data Protection by Design CEA, UPM, Beawre, Trialog Methods and Tools for Privacy and Data Protection by Design 2020/03/10
  2. 2. Outline Privacy and Data Protection by Design (PDPbD): context and challenges Proposed method for PDPbD Tool support for the method Personal Data Detector Module Module for Privacy Model-driven design Module for Code Validation Work progress and perspectives 2019/03/10 Privacy and Data Protection by Design PDP4E
  3. 3. Context Design engineers’ ecosystem:  Several stakeholders and actors  Variety of needs and objectives  Solution for conflicting goals/reqs. Designer’s questions to address:  Which privacy-aspects introduce during systems design?  How identified concerns can be considered at early design steps?  How privacy-by-design can be effectively realized? 2019/03/10 PDP4E Data Industry Developers Individuals Policy makers Attackers Wistleblowers Engineers Dark/hidden actors Image borrowed from https://www.digitalvidya.com/ Privacy and Data Protection by Design Privacy and Data Protection by Design
  4. 4. PDP by Design Method 2019/03/10 PDP4E Main characteristics: Combined bottom-up and top- down approaches:  From data structures to data and data-flow (process) models  Allocation over an architecture model  Architecture refinement towards code Identification of personal data Models improved by Privacy-by- design strategies (ISO 27550) Validation of properties at code level Privacy and Data Protection by Design
  5. 5. Tool support for the PDPbD method 2019/03/10 PDP4E PDPbD Framework 1) Personal Data Detector - Data structures - Identified personal data - Confidence scores Code validation and verification - Privacy flaws - Code improvement 2) Privacy Model-driven designer 3) Module for Code Validation Target of Validation - Components - Pointers to code - Privacy properties Privacy and Data Protection by Design
  6. 6. Interactions with other PDP4E tools Tool support for the PDPbD method 2019/03/10 PDP4E WP5 Risks Requirements Assurance Requirements engineering: • From GDPR • As elicited from ProPAn • Integrating aspects from ISO 29100 Risks analysis: • Impacted assets • Countermeasures, PETs • DFDs ↔ Arch. Assurance process: • Reqs. Fulfillment • Targets of validation • V&V cases/outcomes Personal Data Detector • SQL data • Scores on SQL data • Exporting SQL data and scores Papyrus Data Models • Instances of imported SQL data • Abstract representation of imported SQL data • Extension of UML class diagrams Papyrus Process Models • Processes involving data • Associations to abstract representation of data • Extension of UML Activity diagrams (DFD) Papyrus Architecture Models • Non-automated allocation/mapping to target functional architecture • Functional architecture : UML Composite Structure diagrams • Components architecture: UML Composite Structure diagrams Code Validation • Requirements/properties • Frama-C • SecureFlow • Extensions for PDP Privacy and Data Protection by Design
  7. 7. PDPbD Framework 2019/03/10 PDP4E Personal Data Detector Victor Muntés (Beawre) Privacy and Data Protection by Design
  8. 8. PDPbD Framework 2019/03/10 PDP4E Privacy Model-driven Designer Gabriel Pedroza (CEA) Privacy and Data Protection by Design
  9. 9. Personal data detector Privacy and Data Protection Model-driven Design PDP4E - Code validation and verification - Code improvement Risk Management Requirem. Engineering Systems Assurance System (Asset) models Evidences (traceability, V&V…) Privacy Controls Requirements (GDPR, ISO29100) 2019/03/10 Privacy and Data Protection by Design
  10. 10. Privacy and Data Protection Model-driven Design Usage 1)Choose design strategy to fulfill goals/requirements 2)Design/enrich system Process models 3)Apply strategy (e.g., inform, control, enforce, demonstrate) 1)Choose design strategy to fulfill goals/requirements 2)Design/enrich system data models 3)Apply strategy (e.g., minimize, separate, abstract, hide) WP5 PDP4E 2019/03/10 Privacy and Data Protection by Design
  11. 11. Privacy and Data Protection Model-driven Design 2019/03/10 PDP4E Implementation Excerpt of Art. 7 1) GDPR metamodel 2) Profile: PDPbD Framework DSML 3) Privacy Mechanisms - GDPR Libraries (patterns) - PDP Techniques 4) Front-end customization - GUI, explorer filters - menus, palettes Privacy and Data Protection by Design
  12. 12. Privacy and Data Protection Model-driven Design PDP4E Data-oriented model Abstract data Structured data User defined data types Predefined types:  Table  DataLink  OpaqueData Table Import Data-oriented strategies:  Minimize  Separate  Abstract  Hide 2019/03/10 Privacy and Data Protection by Design
  13. 13. Privacy and Data Protection Model-driven Design PDP4E Data-oriented strategies (27550 – Privacy Engineering) 2019/03/10 Privacy and Data Protection by Design
  14. 14. Privacy and Data Protection Model-driven Design Built-in techniques: K-anonymity Quasi-identifiers  Models are associated to strategies  Implemented strategies help to improve models  Conformity with privacy principles PDP4E 14 2020/03/10 Privacy and Data Protection by Design
  15. 15. Privacy and Data Protection Model-driven Design Built-in techniques: K-anonymity  2-Anonymized table PDP4E 15 2020/03/10 Privacy and Data Protection by Design
  16. 16. Privacy and Data Protection Model-driven Design PDP4E Process-oriented model DFD implementation:  External entities  Data stores  Processes  Directed data flows DFD Refinement  DFD-L0 to DFD-L1 Data-oriented strategies:  Inform  Control  Enforce  Demonstrate Level 0 DFD 2019/03/10 Level 1 DFD Strategies dialog Privacy and Data Protection by Design
  17. 17. Privacy and Data Protection Model-driven Design Implementation of a Data Flow Diagram (DFD)  Process  External Entities  Data Store  Data Flow Edges  Input / Output Pins PDP4E 17 2020/03/10 Privacy and Data Protection by Design
  18. 18. Privacy and Data Protection Model-driven Design PDP4E Process-oriented strategies (ISO 27550 – Privacy Engineering) 2019/03/10 Privacy and Data Protection by Design
  19. 19. Privacy and Data Protection Model-driven Design Built-in technique: Consent Pattern  The pattern introduces GDPR consent notions  The pattern is applied on a target DFD model  Instantiation guidance for the user PDP4E 19 2020/03/10 Conditions for Consent (GDPR): Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. Privacy and Data Protection by Design
  20. 20. Privacy and Data Protection Model-driven Design Built-in technique: Consent Pattern Instantiation  Detailed view PDP4E 20 2020/03/10 Privacy and Data Protection by Design
  21. 21. Privacy and Data Protection Model-driven Design Architecture model  Components supporting –functional- processes and tasks  Detailed view of components  Vulnerabilities  Privacy measures (PETS)  Technology  Subcomponents  Ports  Connectors PDP4E 21 2020/03/10 Privacy and Data Protection by Design
  22. 22. Privacy and Data Protection Model-driven Design Built-in technique: Process-to-Architecture Allocation  Generate functional architecture aligned to DFD  Manually explore allocation: Process/Tasks  Component/subcomponent  Reference to external artefacts, e.g., code  PDP4E 22 2020/03/10 Privacy and Data Protection by Design
  23. 23. PDPbD Framework 2019/03/10 WP5 PDP4E Module for Code Validation Julien Signoles (CEA)
  24. 24. Current status and perspectives PDP4E Deliverables available in (https://pdp4e-project.eu) Task 5.1:  D5.4 Specification of the method for Privacy and Data Protection by Design (M14) Task 5.2:  D5.1, D5.2 Specification of PDPbD Framework (M14, M18) Task 5.3:  D5.6 First release of the PDPbD Framework (M18)  Perspectives: Framework validation through Smart Grid Case Study Consolidation of the PDPbD Framework Dissemination and exploitation through publications and meetups 2019/03/10 WP5
  25. 25. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering For more information, visit: www.pdp4e-project.org Thank you for your attention Questions? WP Leader: CEA gabriel.pedroza@cea.fr

Presentation of Data Protection

Vistos

Vistos totais

12

No Slideshare

0

De incorporações

0

Número de incorporações

0

Ações

Baixados

0

Compartilhados

0

Comentários

0

Curtir

0

×