Ontologies for Privacy
-
Upload
ian-oliver -
Category
Internet
-
view
244 -
download
0
Transcript of Ontologies for Privacy
..
Ontologies for Privacy
Dr. Ian OliverSecurity ResearchNokia Networks
14 April 2015
1 © Nokia Solutions and Networks
Outline of the Problem
2 © Nokia Solutions and Networks
Outline of the Solution
3 © Nokia Solutions and Networks
Terminological/Ontological definitions for:
• Legal Concepts• Controller, Processor, Usage vs Purpose• Identity, Provenance• Notice and Consent
• Information Concepts
• SE Concepts (binding)• Data Flow• Logical partitioning: security, archiecture, controller/processor• Requirements
• Risk
4 © Nokia Solutions and Networks
Structure
5 © Nokia Solutions and Networks
Example Descriptive Ontologies
6 © Nokia Solutions and Networks
Understanding PII/Personal Data
7 © Nokia Solutions and Networks
Requirements and Risk
after Solove, Anton-Earp, et al8 © Nokia Solutions and Networks
Example Model
9 © Nokia Solutions and Networks
Conclusions
• Set of individual structures for describing information• Security, Data/Information classification• Usage, Purpose, Provenance, Jurisdiction
• Lesser ‘semantic gap’ between legal and engineering terminology• Avoids unfamiliar terms → eases communication• Keeps legal and engineering in their own domains :-) (culture)
• Links, or at least structure, across development process• Data flow model of the system as the binding structure
• OWL ontologies in development (one day)• Reasoning:
• privacy policy calculation• refinement and retrenchment (managed introduction of risk) of models
• Tool Support, DSL
10 © Nokia Solutions and Networks