Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

A UML Profile for Privacy Enforcement

901 vues

Publié le

Slides of the paper "A UML Profile for Privacy Enforcement" accepted at the International Workshop on Security for and by
Model-Driven Engineering, and presented on June 25 2018.

Publié dans : Sciences
  • Login to see the comments

  • Soyez le premier à aimer ceci

A UML Profile for Privacy Enforcement

  1. 1. A UML Profile for Privacy Enforcement Javier L. Cánovas Izquierdo, Julián Salas unsplash/matthew-henry
  2. 2. flickr/clark-tibbs Motivation
  3. 3. Data is key
  4. 4. Data is key User Information Email, social security number, passport… Geolocation, videos, pictures, routines…Personal Data
  5. 5. Data is key User Information Email, social security number, passport… Geolocation, videos, pictures, routines…Personal Data Composite information Route to go to work… Places to pass the night…
  6. 6. Data is key User Information Data is the new currency Email, social security number, passport… Geolocation, videos, pictures, routines…Personal Data Composite information Route to go to work… Places to pass the night…
  7. 7. Data is key User Information Data is the new currency Email, social security number, passport… Geolocation, videos, pictures, routines…Personal Data Composite information Route to go to work… Places to pass the night…
  8. 8. The Open Data Movement Data should be freely available to everyone to use and republish as they wish, without restrictions from copyright, patents or other mechanisms of control
  9. 9. The Open Data Movement Data should be freely available to everyone to use and republish as they wish, without restrictions from copyright, patents or other mechanisms of control •Geographic, geopolitical and financial data Statistics Election results Legal acts Data on crime, health, the environment, transport and scientific research
  10. 10. The Open Data Movement Data should be freely available to everyone to use and republish as they wish, without restrictions from copyright, patents or other mechanisms of control •Geographic, geopolitical and financial data Statistics Election results Legal acts Data on crime, health, the environment, transport and scientific research BUT…
  11. 11. Let’s not forget to mention… …harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy…
  12. 12. KEEP CALM AND COMPLY WITH GDPR
  13. 13. How is it treated currently?
  14. 14. How is it treated currently?…in MDE?
  15. 15. How is it treated currently?…in MDE?
  16. 16. How is it treated currently?…in MDE? Privacy and security at high-level Methodological approaches Access control policy solutions Mont, M.C., Pearson, S., Creese, S., Goldsmith, M., Papanikolaou, N.: A Conceptual Model for Privacy Policies with Consent and Revocation Requirements Allison, D.S., Yamany, H.F.E., Capretz, M.A.M.: Metamodel for privacy policies within SOA Busch, M.: Evaluating & engineering: an approach for the development of secure web applications Basso, T., Montecchi, L., Moraes, R., Jino, M., Bondavalli, A.: Towards a UML profile for privacy-aware applications Ahmadian, A.S., Peldszus, S., Ramadan, Q., Jürjens, J.: Model-based privacy and security analysis with carisma Ahmadian, A.S., Strüber, D., Riediger, V., Jürjens, J.: Model-based privacy analysis in industrial ecosystems Alshammari, M., Simpson, A.: A UML profile for privacy-aware data lifecycle models XACML, PRBAC, UMLSec, Ponder
  17. 17. Unsplash/david-iskander Our Proposal
  18. 18. Example
  19. 19. Example
  20. 20. A profile for privacy enforcement
  21. 21. A profile for privacy enforcement
  22. 22. A profile for privacy enforcement
  23. 23. A profile for privacy enforcement
  24. 24. A profile for privacy enforcement
  25. 25. A profile for privacy enforcement
  26. 26. A profile for privacy enforcement
  27. 27. Example with our profile
  28. 28. Conclusion • Profile to specify privacy • Models annotated with the profile can promote privacy enforcement What we have shown What we want to do next Application to specific fields Promoting Open Data
  29. 29. Challenges Flickr/TimPainter
  30. 30. How to add this information to existing methodologies? …how we can leverage existing model-based approaches? …how hard would it be? #1 #2 How to convince organizations to annotate their data? …are they actually concerned? …would they see it as beneficial? #3 Is it posible to automatically annotate existing models with privacy information? …are there some guidelines? #4 How to mix data with different privacy enforcement definitions? …how to deal with UML Class associations? …what happens when dealing with other UML diagrams?
  31. 31. Except where otherwise noted, content on this presentation is licensed under a Creative Commons Attribution 4.0 International license. Thanks! Javier L. Cánovas Izquierdo jcanovasi@uoc.edu @jlcanovas Julian Salas jsalapi@uoc.edu

×