A UML Profile for Privacy Enforcement

•Descargar como PPTX, PDF•

0 recomendaciones•1,333 vistas

Slides of the paper "A UML Profile for Privacy Enforcement" accepted at the International Workshop on Security for and by Model-Driven Engineering, and presented on June 25 2018.

Ciencias

Data is key
User Information Email, social security number, passport…
Geolocation, videos, pictures, routines…Personal Data

Data is key
User Information Email, social security number, passport…
Geolocation, videos, pictures, routines…Personal Data
Composite information
Route to go to work…
Places to pass the night…

Data is key
User Information
Data is the new currency
Email, social security number, passport…
Geolocation, videos, pictures, routines…Personal Data
Composite information
Route to go to work…
Places to pass the night…

The Open Data Movement
Data should be freely available to everyone
to use and republish as they wish, without
restrictions from copyright, patents or other
mechanisms of control

Let’s not forget to mention…
…harmonize data privacy laws across Europe, to protect and
empower all EU citizens data privacy and to reshape the way
organizations across the region approach data privacy…

How to add this information to existing methodologies?
…how we can leverage existing model-based approaches?
…how hard would it be?
#1
#2
How to convince organizations to annotate their data?
…are they actually concerned?
…would they see it as beneficial?
#3
Is it posible to automatically annotate existing models with privacy
information?
…are there some guidelines?
#4
How to mix data with different privacy enforcement definitions?
…how to deal with UML Class associations?
…what happens when dealing with other UML diagrams?

Except where otherwise noted, content on this presentation is licensed under a Creative Commons Attribution 4.0 International license.
Thanks!
Javier L. Cánovas Izquierdo
jcanovasi@uoc.edu
@jlcanovas
Julian Salas
jsalapi@uoc.edu

Más contenido relacionado

Similar a A UML Profile for Privacy Enforcement

Norman Sadeh's Presentation

Mediabistro

Preserving privacy of users is a key requirement of web-scale data mining applications and systems such as web search, recommender systems, crowdsourced platforms, and analytics applications, and has witnessed a renewed focus in light of recent data breaches and new regulations such as GDPR. In this tutorial, we will first present an overview of privacy breaches over the last two decades and the lessons learned, key regulations and laws, and evolution of privacy techniques leading to differential privacy definition / techniques. Then, we will focus on the application of privacy-preserving data mining techniques in practice, by presenting case studies such as Apple's differential privacy deployment for iOS / macOS, Google's RAPPOR, LinkedIn Salary, and Microsoft's differential privacy deployment for collecting Windows telemetry. We will conclude with open problems and challenges for the data mining / machine learning community, based on our experiences in industry.

Privacy-preserving Data Mining in Industry (WSDM 2019 Tutorial)

Krishnaram Kenthapadi

Oz!a 2009 sna v0.2

Mia Horrigan

Information architecture is not neutral. By organizing information for discovery and use, we not only make information accessible but also provide the lens through which people will experience it. Designing information architectures involves making and imposing value choices, which positions the work and study of information architecture in the realm of ethics. The information architecture community has considered ethics at the micro level, for instance by finding ways to do good in specific interactions. But to what extent have we thought about ethics in the context of our overall profession? When we design IAs do we, as practitioners, surrender our moral authority to someone else? Or do we follow a code?

Ethics and information architecture - The 6th Academics and Practitioners Rou...

Sarah Rice

Security Metrics are often about the performance of information security professionals - tranditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how sucecssful your metrics program is at operationalizing that which is necessary to prevent a breach? Associated Discussion - http://www.irongeek.com/i.php?page=videos/bsideslasvegas2015/gt06-who-watches-the-watchers-metrics-for-security-strategy-michael-roytman

Who Watches the Watchers Metrics for Security Strategy - BsidesLV 2015 - Roytman

Michael Roytman

Privacy-preserving Data Mining in Industry (WWW 2019 Tutorial)

Krishnaram Kenthapadi

Revisiting Digital Media and Internet Research Ethics. A Process Oriented App...

Nele Heise

Managing and publishing sensitive data in the social sciences - Webinar trans...

ARDC

UN Global Pulse Privacy Framing

Micah Altman

AICHROTH Systemaic evaluation and decentralisation for a (bit more) trusted AI

FIAT/IFTA

Slides from my talk at #ToonTechTalks on 27 september 2018 We all see the great potential AI is bringing us. But is it really bringing it to everyone? How are we ensuring under-represented groups are included and vulnerable people are protected? What to do when our technology is unintended biased and discriminating against certain groups. And what if the data and AI is correct, but the by-effect of it is that some groups are put at risk? All questions we need to think about when we are advancing technology for the benefit of humanity. Sharing what I've learned from my work in diversity, digital and from following great minds in this field such as Joanna Bryson, Virginia Dignum, Rumman Chowdhury, Juriaan van Diggelen, Valerie Frissen, Catelijne Muller, and many more.

Technology for everyone - AI ethics and Bias

Marion Mulder

hel29999999999999999999999999999999999999999999.ppt

gealehegn

OpenSourceIntelligence-OSINT.pptx

anonymousanonymous428352

Kato Mivule: COGNITIVE 2013 - An Overview of Data Privacy in Multi-Agent Lear...

Kato Mivule

Security Privacy Concerns Third Party APIs

Dr. V Vorvoreanu

Security Concerns With Privacy in Social Media

Kenie Moses

How do we protect the privacy of users when building large-scale AI based systems? How do we develop machine learning models and systems taking fairness, accuracy, explainability, and transparency into account? Model fairness and explainability and protection of user privacy are considered prerequisites for building trust and adoption of AI systems in high stakes domains. We will first motivate the need for adopting a “fairness, explainability, and privacy by design” approach when developing AI/ML models and systems for different consumer and enterprise applications from the societal, regulatory, customer, end-user, and model developer perspectives. We will then focus on the application of privacy-preserving AI techniques in practice through industry case studies. We will discuss the sociotechnical dimensions and practical challenges, and conclude with the key takeaways and open challenges.

Privacy in AI/ML Systems: Practical Challenges and Lessons Learned

Krishnaram Kenthapadi

Privacy, Data Protection and SNS

dariphagen

Your organization and big data: Managing access, privacy, & security

Louise Spiteri

IIR 2017, Lugano Switzerland

Marco Polignano

Similar a A UML Profile for Privacy Enforcement (20)

Norman Sadeh's Presentation

Privacy-preserving Data Mining in Industry (WSDM 2019 Tutorial)

Oz!a 2009 sna v0.2

Ethics and information architecture - The 6th Academics and Practitioners Rou...

Who Watches the Watchers Metrics for Security Strategy - BsidesLV 2015 - Roytman

Privacy-preserving Data Mining in Industry (WWW 2019 Tutorial)

Revisiting Digital Media and Internet Research Ethics. A Process Oriented App...

Managing and publishing sensitive data in the social sciences - Webinar trans...

UN Global Pulse Privacy Framing

AICHROTH Systemaic evaluation and decentralisation for a (bit more) trusted AI

Technology for everyone - AI ethics and Bias

hel29999999999999999999999999999999999999999999.ppt

OpenSourceIntelligence-OSINT.pptx

Kato Mivule: COGNITIVE 2013 - An Overview of Data Privacy in Multi-Agent Lear...

Security Privacy Concerns Third Party APIs

Security Concerns With Privacy in Social Media

Privacy in AI/ML Systems: Practical Challenges and Lessons Learned

Privacy, Data Protection and SNS

Your organization and big data: Managing access, privacy, & security

IIR 2017, Lugano Switzerland

Más de Javier Canovas

On the Analysis of Non-Coding Roles in Open Source Development

Javier Canovas

Open Source Software Governance Guide: Developing a Matrix of Leading Questio...

Javier Canovas

A Model-based Chatbot Generation Approach to Converse with Open Data Sources

Javier Canovas

Chatbots to Democratize the Access to Information and Internet Services

Javier Canovas

Analysis and Modeling of the Governance in General Programming Languages

Javier Canovas

Automatic Generation of Test Cases for REST APIs: a Specification-Based Approach

Javier Canovas

The Role of Foundations in Open Source Projects

Javier Canovas

An Empirical Study on the Maturity of the Eclipse Modeling Ecosystem

Javier Canovas

Example-driven Web API Specification Discovery

Javier Canovas

Software Modernization Revisited:Challenges and Prospects

Javier Canovas

Findings from GitHub. Methods, Datasets and Limitations

Javier Canovas

Enabling the Definition and Enforcement of Governance Rules in Open Source Sy...

Javier Canovas

Exploring the Use of Labels to Categorize Issues in Open-Source Software Pro...

Javier Canovas

Composing JSON-based Web APIs

Javier Canovas

Retos Actuales en el Desarrollo de Lenguajes Específicos del Dominio

Javier Canovas

Discovering Implicit Schemas in JSON Data

Javier Canovas

Enabling the Collaborative Definition of DSMLs

Javier Canovas

Domain-Specific Languages

Javier Canovas

Modernization in Eclipse

Javier Canovas

Software Modernization

Javier Canovas

Más de Javier Canovas (20)

On the Analysis of Non-Coding Roles in Open Source Development

Open Source Software Governance Guide: Developing a Matrix of Leading Questio...

A Model-based Chatbot Generation Approach to Converse with Open Data Sources

Chatbots to Democratize the Access to Information and Internet Services

Analysis and Modeling of the Governance in General Programming Languages

Automatic Generation of Test Cases for REST APIs: a Specification-Based Approach

The Role of Foundations in Open Source Projects

An Empirical Study on the Maturity of the Eclipse Modeling Ecosystem

Example-driven Web API Specification Discovery

Software Modernization Revisited:Challenges and Prospects

Findings from GitHub. Methods, Datasets and Limitations

Enabling the Definition and Enforcement of Governance Rules in Open Source Sy...

Exploring the Use of Labels to Categorize Issues in Open-Source Software Pro...

Composing JSON-based Web APIs

Retos Actuales en el Desarrollo de Lenguajes Específicos del Dominio

Discovering Implicit Schemas in JSON Data

Enabling the Collaborative Definition of DSMLs

Domain-Specific Languages

Modernization in Eclipse

Software Modernization

Último

FAIRSpectra - Enabling the FAIRification of Analytical Science

Alex Henderson

Introduction to Viruses

Areesha Ahmad

High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...

chandars293

GBSN - Microbiology (Unit 3)

Areesha Ahmad

fruit fly, this slide mainly made for pumpkin fruit fly, this is also known as drosophila melangastor, this type of fruit fly destroyed the mainly vegetables crops. if you want to known examples this types of fly which is destroy the pumpkin, tomato, brinjal, potato, bottle guard, ridge guard, bitter guard, cucumber, water melon, musk melon, bean, long bean and other many vegetables which has fruits. they distryed fruit fly. thank you...

pumpkin fruit fly, water melon fruit fly, cucumber fruit fly

PRADYUMMAURYA1

low price Call me 7857803690 100%genuine sexy VIP call girl safe service WhatsApp chat. 785780369 Normal call kijiye 7857803690 100% genuine young college girl and housewife Full enjoy open minded girl provide 24hour full cooperative model and full satisfactions☎️*78578//03690*⭐Escorts service █▬█⓿▀█▀ call girls and bhabhi available for room Sex and video call service A-1 HIGH CLASS CALL GIRLS TOP MODEL 24X7 HOME/HOTEL Call Girls Safe & Secure High Class Sm Affordable Rate 100% Satisfaction, Unlimited Enjoyment. Any Time for Model/Escort in High class luxury and premium

SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE

ayushi9330

module for grade 9 for distance learning

levieagacer

Bollworms are among the most damaging pests in cotton cultivation, affecting the bolls where the cotton fibers are formed. There are several species of bollworms, each capable of causing significant yield loss and quality degradation if not effectively managed. Here’s a detailed look at the primary bollworm species affecting cotton: Cotton Bollworm (Helicoverpa armigera): Also known as the corn earworm or the Old World bollworm, this pest is found in many regions around the world. It is highly polyphagous (feeds on many different plants) and poses a threat not only to cotton but also to maize, tomatoes, and legumes. The larvae bore into the cotton bolls, feeding on the developing seeds and fibers, which can lead to boll rot. Pink Bollworm (Pectinophora gossypiella): A significant pest of cotton, the pink bollworm larvae infest the cotton bolls, feeding on the seeds and lint. This can severely damage or destroy the bolls. In regions where pink bollworms are prevalent, they have been a major driver for the adoption of genetically engineered Bt cotton, which expresses a bacterium gene toxic to certain insects. Tobacco Budworm (Heliothis virescens): Closely related to the cotton bollworm, the tobacco budworm primarily attacks tobacco but is also a common pest in cotton. It primarily damages the flowers and bolls of the cotton plant. Differentiating between the tobacco budworm and the cotton bollworm based on appearance can be challenging, but it is crucial for effective management. American Bollworm (Helicoverpa zea): Known in some regions as the corn earworm, it is similar in behavior to Helicoverpa armigera and poses a threat to a variety of crops, including cotton. The larvae attack the cotton bolls, leading to direct damage to the cotton lint and seeds. Management Strategies: Cultural Controls: Crop rotation, destruction of crop residues, and deep plowing can help break the pest’s life cycle. Timing of planting can also be adjusted to avoid peak pest infestation. Biological Controls: Natural enemies like Trichogramma wasps, which parasitize bollworm eggs, and predators such as lacewings and ladybugs can be encouraged. Bacillus thuringiensis (Bt) products can also be sprayed, which are particularly effective against young larvae. Chemical Controls: Insecticides may be required when infestation levels exceed economic thresholds. However, resistance management must be considered, alternating modes of action to avoid developing resistance. Genetic Approaches: Bt cotton, genetically modified to express Bacillus thuringiensis toxin, has been highly effective in controlling bollworms and has dramatically reduced the reliance on chemical insecticides. Monitoring and Scouting: Regular field scouting and using pheromone traps to monitor adult populations can help in timely and targeted application of control measures. The effective management of bollworms often requires an integrated approach

Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf

PirithiRaju

Bacterial Identification and Classifications

Areesha Ahmad

Mustard, as a crop, is susceptible to a variety of pests that can affect its growth and yield. Here’s a rundown of some common pests that target mustard plants: Aphids: These small, sap-sucking insects can cause significant damage by feeding on the leaves and stems. Aphids also excrete a sticky substance known as honeydew, which can lead to the growth of sooty mold on the plants. Flea Beetles: These tiny beetles jump like fleas when disturbed and chew small holes in the leaves. They are particularly damaging in the early growth stages of the plant. Cabbage Loopers: The larvae of a type of moth, these caterpillars are known for their distinctive looping movement. They chew large holes in the leaves and can defoliate plants if present in large numbers. Diamondback Moth Larvae: Another caterpillar pest, these larvae chew small holes in the leaves and can cause extensive damage, especially when infestations are heavy. Whiteflies: These are tiny, winged insects that feed on plant sap and can quickly become a problem in greenhouse or close planting conditions. Like aphids, they also secrete honeydew. Cutworms: These are the larvae of certain types of moths and are known for cutting young plants at the stem base at ground level. They are most destructive during the night. Root Maggots: The larvae of root maggot flies, these pests attack the roots of mustard plants, causing wilting and potentially killing young plants. Harlequin Bugs: These are colorful stink bugs that suck the sap from mustard plant stems and leaves, causing the leaves to become stippled, wilt, and eventually die if the infestation is severe. Mustard Sawfly: The larvae of the mustard sawfly can cause considerable defoliation, as they feed voraciously on the leaves. Clubroot: Caused by a fungus-like organism, clubroot affects the roots, causing them to swell and distort. While technically a disease, it is often associated with pest management because controlling it involves similar preventative strategies. Control Measures: Managing pests in mustard involves a combination of cultural, biological, and chemical methods. Crop rotation, resistant varieties, timely sowing, maintaining plant health, and using natural predators like ladybugs and parasitic wasps can help keep pest populations under control. Chemical pesticides should be used as a last resort due to their potential impact on the environment and non-target species.

Pests of mustard_Identification_Management_Dr.UPR.pdf

PirithiRaju

Proteomics: types, protein profiling steps etc.

Silpa

Grade 7 - Lesson 1 - Microscope and Its Functions

OrtegaSyrineMay

Clean In Place(CIP).pptx .

Poonam Aher Patil

Pulmonary drug delivery system M.pharm -2nd sem P'ceutics

sakshisoni2385

Module for Grade 9 for Asynchronous/Distance learning

levieagacer

Thyroid Physiology_Dr.E. Muralinath_ Associate Professor

muralinath2

Factory Acceptance Test( FAT).pptx .

Poonam Aher Patil

Zoology 5th semester notes( Sumit_yadav).pdf

Sumit Kumar yadav

Locating and isolating a gene, FISH, GISH, Chromosome walking and jumping, te...

Silpa

GBSN - Microbiology (Unit 2)

Areesha Ahmad

A UML Profile for Privacy Enforcement

1. A UML Profile for Privacy Enforcement Javier L. Cánovas Izquierdo, Julián Salas unsplash/matthew-henry

2. flickr/clark-tibbs Motivation

3. Data is key

4. Data is key User Information Email, social security number, passport… Geolocation, videos, pictures, routines…Personal Data

5. Data is key User Information Email, social security number, passport… Geolocation, videos, pictures, routines…Personal Data Composite information Route to go to work… Places to pass the night…

6. Data is key User Information Data is the new currency Email, social security number, passport… Geolocation, videos, pictures, routines…Personal Data Composite information Route to go to work… Places to pass the night…

7. Data is key User Information Data is the new currency Email, social security number, passport… Geolocation, videos, pictures, routines…Personal Data Composite information Route to go to work… Places to pass the night…

8. The Open Data Movement Data should be freely available to everyone to use and republish as they wish, without restrictions from copyright, patents or other mechanisms of control

9. The Open Data Movement Data should be freely available to everyone to use and republish as they wish, without restrictions from copyright, patents or other mechanisms of control •Geographic, geopolitical and financial data Statistics Election results Legal acts Data on crime, health, the environment, transport and scientific research

10. The Open Data Movement Data should be freely available to everyone to use and republish as they wish, without restrictions from copyright, patents or other mechanisms of control •Geographic, geopolitical and financial data Statistics Election results Legal acts Data on crime, health, the environment, transport and scientific research BUT…

11. Let’s not forget to mention… …harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy…

12. KEEP CALM AND COMPLY WITH GDPR

13. How is it treated currently?

14. How is it treated currently?…in MDE?

15. How is it treated currently?…in MDE?

16. How is it treated currently?…in MDE? Privacy and security at high-level Methodological approaches Access control policy solutions Mont, M.C., Pearson, S., Creese, S., Goldsmith, M., Papanikolaou, N.: A Conceptual Model for Privacy Policies with Consent and Revocation Requirements Allison, D.S., Yamany, H.F.E., Capretz, M.A.M.: Metamodel for privacy policies within SOA Busch, M.: Evaluating & engineering: an approach for the development of secure web applications Basso, T., Montecchi, L., Moraes, R., Jino, M., Bondavalli, A.: Towards a UML profile for privacy-aware applications Ahmadian, A.S., Peldszus, S., Ramadan, Q., Jürjens, J.: Model-based privacy and security analysis with carisma Ahmadian, A.S., Strüber, D., Riediger, V., Jürjens, J.: Model-based privacy analysis in industrial ecosystems Alshammari, M., Simpson, A.: A UML profile for privacy-aware data lifecycle models XACML, PRBAC, UMLSec, Ponder

17. Unsplash/david-iskander Our Proposal

18. Example

19. Example

20. A profile for privacy enforcement

21. A profile for privacy enforcement

22. A profile for privacy enforcement

23. A profile for privacy enforcement

24. A profile for privacy enforcement

25. A profile for privacy enforcement

26. A profile for privacy enforcement

27. Example with our profile

28. Conclusion • Profile to specify privacy • Models annotated with the profile can promote privacy enforcement What we have shown What we want to do next Application to specific fields Promoting Open Data

29. Challenges Flickr/TimPainter

30. How to add this information to existing methodologies? …how we can leverage existing model-based approaches? …how hard would it be? #1 #2 How to convince organizations to annotate their data? …are they actually concerned? …would they see it as beneficial? #3 Is it posible to automatically annotate existing models with privacy information? …are there some guidelines? #4 How to mix data with different privacy enforcement definitions? …how to deal with UML Class associations? …what happens when dealing with other UML diagrams?

31. Except where otherwise noted, content on this presentation is licensed under a Creative Commons Attribution 4.0 International license. Thanks! Javier L. Cánovas Izquierdo jcanovasi@uoc.edu @jlcanovas Julian Salas jsalapi@uoc.edu

A UML Profile for Privacy Enforcement

Recomendados

Recomendados

Más contenido relacionado

Similar a A UML Profile for Privacy Enforcement

Similar a A UML Profile for Privacy Enforcement (20)

Más de Javier Canovas

Más de Javier Canovas (20)

Último

Último (20)

A UML Profile for Privacy Enforcement