1 / 0

Data Handling Generic Enabler PPL – File Store Scenario

Data Handling Generic Enabler PPL – File Store Scenario. Fi-ware Security WP Slim Trabelsi Francesco Di Cerbo. Agenda. Motivation Privacy Policies Access and Usage Control PPL Language PPL Architecture Use Case: Social networks API Overview PPL V2 for Developers Live Demo .

konane
Download Presentation

Data Handling Generic Enabler PPL – File Store Scenario

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Handling Generic EnablerPPL – File Store Scenario

    Fi-ware Security WP Slim Trabelsi Francesco Di Cerbo
  2. Agenda Motivation Privacy Policies Access and Usage Control PPL Language PPL Architecture Use Case: Social networks API Overview PPL V2 for Developers Live Demo
  3. Private Data Collected
  4. Questions ? Is the information necessary for the online activity I am engaging in? How does the website use personal information once it is collected? Do I have a choice about the way information about me is used or shared? What guaranties do I have that the information is protected?
  5. Not CompliantWithTheirPolicies !! Scenario test case We made a simple empirical study to test if these privacy policies are enforced. Resullts 42,85% of the contacted websites are not compliant with their privacy policies. 19,04% of the websites are responsible for SCAM e-mails
  6. We use the PPL Language An XML-based (human and machine readable) language expressing User’s privacy preferences and Server’s privacy policy This language offers the possibility to express Access Control Rules (XACML extension) Data Handling Rules (Purpose, Downstream Usage) Obligations
  7. PPL Architecture: Full Version
  8. PPL Architecture: Light Version
  9. PPL Engine: Internal Architecture
  10. Use case Scenario : Secure File Store Requirements File Store services (like Dropbox), offers basic access control functionalities (delegation, public/private folders, etc) Usage control is under covered Notification on the usage conditions of the data Retention period Logging and auditing tools Encryption Etc.
  11. Use case Scenario : Secure File Store
  12. Use case Scenario : Secure File Store
  13. PPL V2 for Developers Live Demo Dropbox-Like application supporting Access and usage control features of PPL Delegation to access data Retention period Notification on the access of the data Monitoring interface to visualize the activity of the data The Policy creation is supported by the web interface No matching
  14. Conclusion PPL : Data handling Generic Enabler Access Control : XACML standard Usage Control: PPL Language Although if the set of API is complex, a subset can be easily used to achieve basic privacy goals The version 2 of PPL is operational, and released soon Adapted to developers (easy and clear) Web Interface to generate the sticky Policies Short term upgrades Using the Privacy GE of anonymous authentication Connect to the IDM GE for logging and basic authentication Integration og the accountability GE for performing Audits and compliance checkings

  15. Thank You!

More Related