Embed Size (px)
DESCRIPTION
20 minute talk at the Annual Privacy Forum in Limassol on October 11, 2012
Citation preview
IBM Research - Haifa
© 2012 IBM Corporation
Conceptual Framework and Architecture for Privacy Audit
Ksenya Kveler, Kirsten Bock, Pietro Colombo, Tamar Domany, Elena Ferrari, Alan Hartman
IBM Haifa Research Laboratory – KK, TD, AH
Unabhaengiges Landeszentrum fuer Datenschutz - KB
University of Insubria – PC, EF
IBM Research - Haifa
© 2012 IBM Corporation
Agenda
Motivation Tool Enhanced Audit Process Data Protection Goals Data Privacy Compliance Metrics Architecture For Privacy Audit
IBM Research - Haifa
© 2011 IBM Corporation
Motivation
Many organizations collect a lot of private data Most of them want to comply with the law BUT
The privacy protection laws are complex and heterogeneous Privacy compliance audits are expensive
IBM Research - Haifa
© 2011 IBM Corporation
Tool Enhanced Audit Process
Stage 1: Determine targets of evaluation Based on data protection goals – rather than laws Analysis of data collection and storage processes Analysis of the types of data collected
Stage 2: Design metrics Create a UML representation of the privacy requirements Map the processes and IT artifacts onto the model Derive metrics related to the DPG
Stage 3: Build assessment tools Separate metric assessor plugins for each metric
IBM Research - Haifa
© 2012 IBM Corporation
Data Protection Goals
Operative Support of DP by:Data Protection Management System
Protection Measures
User
OperatorProvider
Metering Point Operator
Sub-ProcesssingData (Data Center, Cloud IT-Provider, …)
Roles and Responsibilities
Additional External Actors• Research (engineering, economics, social scienes)• Security Services• Regulators, BNA, Bureau of Standards• Access-, Content-, IT-Provider
Process owners =Responsibilities
1. Legal Balancing of Protection Goals2. Protection Measures Catalogues3. Scalability (normal, high, very high)
LegalRelationships
Operative Support of DP by:External Standards (e.g. ISO2910X), BSI/DSec-Audits
Assessment and Finding of ProtectionNeeds
Data (& formats)Processes (& adresses)Systems (& legal and technical interfaces)Availability
Intervenability
Integrity
Confidentiality
Transparency
Unlinkability
DataProtection Goals
Operative Support of DP by:User Controlled Identity Management
Key-Data
Appl. SpecificData
GatewayData
Admin.Data
AggregatedData
… Processes© Rost
Operative Support of DP by:Data Protection Management System
Protection Measures
User
OperatorProvider
Metering Point Operator
Sub-ProcesssingData (Data Center, Cloud IT-Provider, …)
Roles and Responsibilities
Additional External Actors• Research (engineering, economics, social scienes)• Security Services• Regulators, BNA, Bureau of Standards• Access-, Content-, IT-Provider
Process owners =Responsibilities
1. Legal Balancing of Protection Goals2. Protection Measures Catalogues3. Scalability (normal, high, very high)
LegalRelationships
Operative Support of DP by:External Standards (e.g. ISO2910X), BSI/DSec-Audits
Assessment and Finding of ProtectionNeeds
Data (& formats)Processes (& adresses)Systems (& legal and technical interfaces)Availability
Intervenability
Integrity
Confidentiality
Transparency
Unlinkability
DataProtection Goals
Operative Support of DP by:User Controlled Identity Management
Key-Data
Appl. SpecificData
GatewayData
Admin.Data
AggregatedData
… Processes© Rost
Operative Support of DP by:Data Protection Management System
Protection Measures
User
OperatorProvider
Metering Point Operator
Sub-ProcesssingData (Data Center, Cloud IT-Provider, …)
Roles and Responsibilities
Additional External Actors• Research (engineering, economics, social scienes)• Security Services• Regulators, BNA, Bureau of Standards• Access-, Content-, IT-Provider
Process owners =Responsibilities
1. Legal Balancing of Protection Goals2. Protection Measures Catalogues3. Scalability (normal, high, very high)
LegalRelationships
Operative Support of DP by:External Standards (e.g. ISO2910X), BSI/DSec-Audits
Assessment and Finding of ProtectionNeeds
Data (& formats)Processes (& adresses)Systems (& legal and technical interfaces)Availability
Intervenability
Integrity
Confidentiality
Transparency
Unlinkability
DataProtection Goals
Operative Support of DP by:User Controlled Identity Management
Key-Data
Appl. SpecificData
GatewayData
Admin.Data
AggregatedData
…
Operative Support of DP by:Data Protection Management SystemOperative Support of DP by:Data Protection Management System
Protection Measures
User
OperatorProvider
Metering Point Operator
Sub-ProcesssingData (Data Center, Cloud IT-Provider, …)
Roles and Responsibilities
Additional External Actors• Research (engineering, economics, social scienes)• Security Services• Regulators, BNA, Bureau of Standards• Access-, Content-, IT-Provider
Process owners =Responsibilities
1. Legal Balancing of Protection Goals2. Protection Measures Catalogues3. Scalability (normal, high, very high)
LegalRelationships
Operative Support of DP by:External Standards (e.g. ISO2910X), BSI/DSec-Audits
Assessment and Finding of ProtectionNeeds
Data (& formats)Processes (& adresses)Systems (& legal and technical interfaces)Availability
Intervenability
Integrity
Confidentiality
Transparency
Unlinkability
DataProtection Goals
Operative Support of DP by:User Controlled Identity Management
Key-Data
Appl. SpecificData
GatewayData
Admin.Data
AggregatedData
…
Protection Measures
User
OperatorProvider
Metering Point Operator
Sub-ProcesssingData (Data Center, Cloud IT-Provider, …)
Roles and Responsibilities
Additional External Actors• Research (engineering, economics, social scienes)• Security Services• Regulators, BNA, Bureau of Standards• Access-, Content-, IT-Provider
Process owners =Responsibilities
1. Legal Balancing of Protection Goals2. Protection Measures Catalogues3. Scalability (normal, high, very high)
LegalRelationships
Operative Support of DP by:External Standards (e.g. ISO2910X), BSI/DSec-Audits
Assessment and Finding of ProtectionNeeds
Data (& formats)Processes (& adresses)Systems (& legal and technical interfaces)Availability
Intervenability
Integrity
Confidentiality
Transparency
Unlinkability
DataProtection Goals
Protection Measures
User
OperatorProvider
Metering Point Operator
Sub-ProcesssingData (Data Center, Cloud IT-Provider, …)
Roles and Responsibilities
User
OperatorProvider
Metering Point Operator
Sub-ProcesssingData (Data Center, Cloud IT-Provider, …)
Roles and Responsibilities
Additional External Actors• Research (engineering, economics, social scienes)• Security Services• Regulators, BNA, Bureau of Standards• Access-, Content-, IT-Provider
Process owners =Responsibilities
1. Legal Balancing of Protection Goals2. Protection Measures Catalogues3. Scalability (normal, high, very high)
LegalRelationships
Operative Support of DP by:External Standards (e.g. ISO2910X), BSI/DSec-Audits
Assessment and Finding of ProtectionNeeds
Data (& formats)Processes (& adresses)Systems (& legal and technical interfaces)Availability
Intervenability
Integrity
Confidentiality
Transparency
Unlinkability
DataProtection Goals
Availability
Intervenability
Integrity
Confidentiality
Transparency
Unlinkability
DataProtection Goals
Operative Support of DP by:User Controlled Identity Management
Key-Data
Appl. SpecificData
GatewayData
Admin.Data
AggregatedData
…Key-Data
Appl. SpecificData
GatewayData
Admin.Data
AggregatedData
… Processes© Rost
Processes© Rost
IBM Research - Haifa
© 2012 IBM Corporation6
Data Privacy Compliance Metrics Privacy conceptual model defines a language for expressing privacy
requirements
Constraints on the model are weighted by the assessor, and associated with Data Protection Goals
The system under assessment is mapped onto the privacy requirements model
Metrics are derived from the weighted sum of constraints satisfied by the system under assessment
IBM Research - Haifa
© 2012 IBM Corporation7
Architecture for Data Privacy Audit
IBM Research - Haifa
© 2012 IBM Corporation
Sample Audit Report
IBM Research - Haifa
© 2012 IBM Corporation
Main contributions
Linkage between data protection goals and privacy compliance metrics
Conceptual model for privacy requirements including a set of UML classes and constraints
Extensible and transparent architecture for privacy compliance assessment tools
