DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures

DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures

Privacy and data protection by design are relevant parts of the General Data Protection Regulation (GDPR), in which businesses and organisations are encouraged to implement measures at an early stage of the system design phase to fulfil data protection requirements. This paper addresses the policy a...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Ta Vinh Thong, Eiza Max Hashem
Formato: article
Lenguaje:EN
Publicado: Sciendo 2022
Materias:
privacy
gdpr
formal verification
security
Ethics
BJ1-1725
Electronic computers. Computer science
QA75.5-76.95
Acceso en línea:https://doaj.org/article/12190175f4f74cde98f7979646cc55bd
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:12190175f4f74cde98f7979646cc55bd
record_format dspace
spelling oai:doaj.org-article:12190175f4f74cde98f7979646cc55bd2021-12-05T14:11:10ZDataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures2299-098410.2478/popets-2022-0028https://doaj.org/article/12190175f4f74cde98f7979646cc55bd2022-01-01T00:00:00Zhttps://doi.org/10.2478/popets-2022-0028https://doaj.org/toc/2299-0984Privacy and data protection by design are relevant parts of the General Data Protection Regulation (GDPR), in which businesses and organisations are encouraged to implement measures at an early stage of the system design phase to fulfil data protection requirements. This paper addresses the policy and system architecture design and propose two variants of privacy policy language and architecture description language, respectively, for specifying and verifying data protection and privacy requirements. In addition, we develop a fully automated algorithm based on logic, for verifying three types of conformance relations (privacy, data protection, and functional conformance) between a policy and an architecture specified in our languages’ variants. Compared to related works, this approach supports a more systematic and fine-grained analysis of the privacy, data protection, and functional properties of a system. Our theoretical methods are then implemented as a software tool called DataProVe and its feasibility is demonstrated based on the centralised and decentralised approaches of COVID-19 contact tracing applications.Ta Vinh ThongEiza Max HashemSciendoarticleprivacygdprformal verificationsecurityEthicsBJ1-1725Electronic computers. Computer scienceQA75.5-76.95ENProceedings on Privacy Enhancing Technologies, Vol 2022, Iss 1, Pp 565-585 (2022)
institution DOAJ
collection DOAJ
language EN
topic privacy
gdpr
formal verification
security
Ethics
BJ1-1725
Electronic computers. Computer science
QA75.5-76.95
spellingShingle privacy
gdpr
formal verification
security
Ethics
BJ1-1725
Electronic computers. Computer science
QA75.5-76.95
Ta Vinh Thong
Eiza Max Hashem
DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures
description Privacy and data protection by design are relevant parts of the General Data Protection Regulation (GDPR), in which businesses and organisations are encouraged to implement measures at an early stage of the system design phase to fulfil data protection requirements. This paper addresses the policy and system architecture design and propose two variants of privacy policy language and architecture description language, respectively, for specifying and verifying data protection and privacy requirements. In addition, we develop a fully automated algorithm based on logic, for verifying three types of conformance relations (privacy, data protection, and functional conformance) between a policy and an architecture specified in our languages’ variants. Compared to related works, this approach supports a more systematic and fine-grained analysis of the privacy, data protection, and functional properties of a system. Our theoretical methods are then implemented as a software tool called DataProVe and its feasibility is demonstrated based on the centralised and decentralised approaches of COVID-19 contact tracing applications.
format article
author Ta Vinh Thong
Eiza Max Hashem
author_facet Ta Vinh Thong
Eiza Max Hashem
author_sort Ta Vinh Thong
title DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures
title_short DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures
title_full DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures
title_fullStr DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures
title_full_unstemmed DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures
title_sort dataprove: fully automated conformance verification between data protection policies and system architectures
publisher Sciendo
publishDate 2022
url https://doaj.org/article/12190175f4f74cde98f7979646cc55bd
work_keys_str_mv AT tavinhthong dataprovefullyautomatedconformanceverificationbetweendataprotectionpoliciesandsystemarchitectures
AT eizamaxhashem dataprovefullyautomatedconformanceverificationbetweendataprotectionpoliciesandsystemarchitectures
_version_ 1718371281601036288

Ejemplares similares