Logo des Repositoriums

Auflistung nach Schlagwort "data protection"

1 - 10 von 14
  • Konferenzbeitrag
    Data Protection Impact Assessment in Identity Control Management with a Focus on Biometrics
    (Open Identity Summit 2020, 2020) Bisztray, Tamas; Gruschka, Nils; Mavroeidis, Vasileios; Fritsch, Lothar
    Privacy issues concerning biometric identification are becoming increasingly relevant due to their proliferation in various fields, including identity and access control management (IAM). The General Data Protection Regulation (GDPR) requires the implementation of a data protection impact assessment for privacy critical systems. In this paper, we analyse the usefulness of two different privacy impact assessment frameworks in the context of biometric data protection. We use experiences from the SWAN project that processes four different biometric characteristics for authentication purposes. The results of this comparison elucidate how useful these frameworks are in identifying sector-specific privacy risks related to IAM and biometric identification.
  • Konferenzbeitrag
    Designing Automotive Case Studies for Architectural Security Analyses
    (Softwaretechnik-Trends Band 43, Heft 4, 2023) Boltz, Nicolas; Walter, Maximilian; Gerking, Christopher
    Digitalization is one of the biggest drivers of advancements in the modern automotive domain. The resulting increase in communication is leading to a more intensive exchange of data and the opening up of for merly closed systems. This raises questions about security and data protection. Software architecture analyses can help identify potential issues, thereby making systems more secure and compliant with data protection laws. Such analyses require representative case studies for development and evaluation. In this paper, we showcase the results of applying requirements and processes for case-study research during three bachelor theses with students. The resulting three case studies center around the automotive and mobility domain and focus on different security and privacy properties. We discuss our insights and experiences regarding the creation of case studies.
  • Zeitschriftenartikel
    Digital natives aren’t concerned much about privacy, or are they?
    (i-com: Vol. 22, No. 1, 2023) Maier, Edith; Doerk, Michael; Reimer, Ulrich; Baldauf, Matthias
    Voice assistants have become embedded in people’s private spaces and domestic lives where they gather enormous amounts of personal information which is why they evoke serious privacy concerns. The paper reports the findings from a mixed-method study with 65 digital natives, their attitudes to privacy and actual and intended behaviour in privacy-sensitive situations and contexts. It also presents their recommendations to governments or organisations with regard to protecting their data. The results show that the majority are concerned about privacy but are willing to disclose personal data if the benefits outweigh the risks. The prevailing attitude is one characterised by uncertainty about what happens with their data, powerlessness about controlling their use, mistrust in big tech companies and uneasiness about the lack of transparency. Few take steps to self-manage their privacy, but rely on the government to take measures at the political and regulatory level. The respondents, however, show scant awareness of existing or planned legislation such as the GDPR and the Digital Services Act, respectively. A few participants are anxious to defend the analogue world and limit digitalization in general which in their opinion only opens the gate to surveillance and misuse.
  • Zeitschriftenartikel
    DPMF: A Modeling Framework for Data Protection by Design
    (Enterprise Modelling and Information Systems Architectures (EMISAJ) – International Journal of Conceptual Modeling: Vol. 15, Nr. 10, 2020) Sion, Laurens; Dewitte, Pierre; Van Landuyt, Dimitri; Wuyts, Kim; Valcke, Peggy; Joosen, Wouter
    Building software-intensive systems that respect the fundamental rights to privacy and data protection requires explicitly addressing data protection issues at the early development stages. Data Protection by Design (DPbD)—as coined by Article 25(1) of the General Data Protection Regulation (GDPR)—therefore calls for an iterative approach based on (i) the notion of risk to data subjects, (ii) a close collaboration between the involved stakeholders and (iii) accountable decision-making. In practice, however, the legal reasoning behind DPbD is often conducted on the basis of informal system descriptions that lack systematicity and reproducibility. This affects the quality of Data Protection Impact Assessments (DPIA)—i.e. the concrete manifestation of DPbD at the organizational level. This is a major stumbling block when it comes to conducting a comprehensive and durable assessment of the risks that takes both the legal and technical complexities into account. In this article, we present DPMF, a data protection modeling framework that allows for a comprehensive and accurate description of the data processing operations in terms of the key concepts used in the GDPR. The proposed modeling approach supports the automation of a number of legal reasonings and compliance assessments (e.g., purpose compatibility) that are commonly addressed in a DPIA exercise and this support is strongly rooted upon the system description models. The DPMF is supported in a prototype modeling tool and its practical applicability is validated in the context of a realistic e-health system for a number of complementary development scenarios.
  • Textdokument
    Enabling SMEs to comply with the complex new EU data protection regulation
    (Open Identity Summit 2019, 2019) Fähnrich, Nicolas; Kubach, Michael
    The European General Data Protection Regulation (GDPR) introduces privacy requirements that pose a complex challenge especially for small and medium sized enterprises (SMEs). In this paper, we present a software-supported process model developed by us that helps SMEs to establish processes ensuring the rights of the data subjects and prepare the documentation that is necessary to comply with the GDPR. Three small case studies illustrate the work with the process model and lessons learned from these practical applications of our tool give further insights into the topic.
  • Konferenzbeitrag
    A Human Digital Twin as Building Block of Open Identity Management for the Internet of Things
    (Open Identity Summit 2020, 2020) Zibuschka, Jan; Ruff, Christopher; Horch, Andrea; Roßnagel, Heiko
    In networked industry, digital twins aggregate product data along the entire life cycle, from design and production to deployment. This enables interoperability between different data sources and analysis functions and creates an integrated data environment. Human digital twins have the potential to create a similarly interoperable and integrated data environment for more user-centric use cases in the field of the Internet of Things. In this case, personal data is processed and transmitted; therefore, the underlying infrastructure is then not product data management but identity management. In this paper, we discuss general aspects of the human digital twin, its role in open identity management systems, and illustrate its application in the field of home, building and office automation. We identify advantages and limitations and suggest future research opportunities.
  • Konferenzbeitrag
    Mapping Identity Management in Data Lakes
    (Open Identity Summit 2021, 2021) Zibuschka, Jan; Fritsch, Lothar
    Data lakes are an emerging paradigm for large-scale, integrated data processing within organizations. While it has been noted in earlier work that data governance is central for the successful operation of a data lake, and that privacy is a central issue in such a setting as personal information may be processed, the governance of personal information in data lakes has received only cursory attention. We propose tackling this information using identity management functions and perform a systematic gap analysis based on the FIDIS typology of identity management systems.
  • Konferenzbeitrag
    Optimized Cloud Deployment of Multi-tenant Software Considering Data Protection Concerns -- Abridged Version
    (Software Engineering und Software Management 2018, 2018) Mann, Zoltán; Metzger, Andreas
    This work was presented as full paper at the 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), 2017. Concerns about protecting personal data and intellectual property are major obstacles to the adoption of cloud services. To ensure that a cloud tenant’s data cannot be accessed by malicious code of another tenant, critical software components of different tenants are traditionally deployed on separate physical machines. However, such physical separation limits hardware utilization, leading to cost overheads due to inefficient resource usage. Secure enclaves offer mechanisms to protect code and data from potentially malicious code deployed on the same machine, thereby offering an alternative to physical separation. We show how secure enclaves can be employed to address data protection concerns of cloud tenants during resource optimization in software deployment. We provide a model, formalization and experimental evaluation of an efficient algorithmic approach to compute an optimized deployment of software components and virtual machines, taking into account data protection concerns and the availability of secure enclaves. Our experimental results show that even if only 20% of the physical machines offer secure enclaves, savings of energy consumption (a major cost driver) may be as high as 47.5%.
  • Zeitschriftenartikel
    RFID – ist Sicherheit in offenen Anwendungen erreichbar?
    (Wirtschaftsinformatik: Vol. 50, No. 5, 2008) Wonnemann, Claus
    RFID-Technologie wird bereits seit vielen Jahren erfolgreich für die Steuerung industrieller Prozesse eingesetzt. Nur ein kleiner Teil dieser Anwendungen benutzt RFID allerdings in offenen Kreisläufen, in denen auch unternehmensfremde Personen mit Transpondern interagieren. Dies sind genau die Fälle, in denen der Einsatz von RFID zur Verletzung von Datensicherheit und informationeller Selbstbestimmung Einzelner führen kann.Der Beitrag untersucht die spezifischen Bedrohungen, die in derartigen Szenarien von RFID ausgehen können und stellt aktuelle Forschungsergebnisse vor, mit denen diesen Bedrohungen begegnet werden kann. Dabei werden neben Möglichkeiten zur Zugriffkontrolle auf Transponderebene auch regulatorische Maßnahmen und Mechanismen zur Kontrolle nachfolgender Datenverarbeitung untersucht.AbstractRFID technology has been successfully deployed in industry for many years. Only a small fraction of these deployments uses RFID in applications that allow external parties to get in touch with transponders. These are exactly those cases in which violations of data protection goals or an individual’s personal privacy might happen due to RFID usage.The article examines the specific threats that might evolve from the application of RFID technology in suchlike scenarios and presents current research tackling those threats. Along with access control techniques, approaches striving to rule out misuse through regulations and mechanisms for backend usage control are discussed.
  • Konferenzbeitrag
    Self-sovereign identity systems and European data protection regulations: an analysis of roles and responsibilities
    (Open Identity Summit 2021, 2021) Chomczyk Penedo, Andrés
    Decentralized identity systems have taken a key role in the identity management landscape. Self-sovereign identity management systems have promised to return control over identity to individuals. However, these promises still need to be assessed against the existing regulatory framework. As identity attributes can be considered personal data, rules such as the General Data Protection Regulation are applicable. The existing legal literature has still not delivered an analysis of who is a controller and who is a processor in the context of a self-sovereign identity system for the process of identity creation. As such, the purpose of this contribution is to tackle this challenge.