Tools
Tools
Thong Ta, V and Hashem Eiza, M (2021) DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures. Proceedings on Privacy Enhancing Technologies (PoPETs), 2022 (1). pp. 565-585. ISSN 2299-0984
|
Text
DataProVe.pdf - Published Version Available under License Creative Commons Attribution Non-commercial No Derivatives. Download (876kB) | Preview |
Abstract
Privacy and data protection by design are relevant parts of the General Data Protection Regulation (GDPR), in which businesses and organisations are encouraged to implement measures at an early stage of the system design phase to fulfil data protection requirements. This paper addresses the policy and system architecture design and propose two variants of privacy policy language and architecture description language, respectively, for specifying and verifying data protection and privacy requirements. In addition, we develop a fully automated algorithm based on logic, for verifying three types of conformance relations (privacy, data protection, and functional conformance) between a policy and an architecture specified in our languages’ variants. Compared to related works, this approach supports a more systematic and fine-grained analysis of the privacy, data protection, and functional properties of a system. Our theoretical methods are then implemented as a software tool called DataProVe and its feasibility is demonstrated based on the centralised and decentralised approaches of COVID-19 contact tracing applications.
| Item Type: | Article |
|---|---|
| Subjects: | H Social Sciences > HF Commerce > HF5001 Business |
| Divisions: | Computer Science & Mathematics |
| Publisher: | Sciendo |
| Date Deposited: | 02 Dec 2021 10:56 |
| Last Modified: | 02 Dec 2021 11:00 |
| DOI or ID number: | 10.2478/popets-2022-0028 |
| URI: | https://researchonline.ljmu.ac.uk/id/eprint/15721 |
 |
View Item |