A Formal Modeling Scheme for Analyzing a Software System Design against the GDPR

Vanezi, Evangelia; Kapitsaki, Georgia M.; Kouzapas, Dimitrios; Philippou, Anna

doi:10.5220/0007722900680079

Cited by 5 publications

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While there are works in literature [50,[52][53][54][55][56][57] that have focused on extracting privacy-related and software requirements from GDPR, our work is focused on assisting developers with the compliance requirements associated with Android permissions declarations and UML design based on articles from the GDPR law. We provide a literature review of two key areas that relate to our work: (i) completeness checking of privacy policies, and (ii) completeness checking of software (applications) against data protection regulations.…”

Section: Literature Reviewmentioning

confidence: 99%

“…The algorithms investigated are Universal Sentence Encoder (USE) [40], Sentence Bert (SBERT) [41], Glove [42], Bi-Directional Encoder Representations (BERT) word embedding [43], N-Grams, Vector Space Modelling (VSM) [44,45] and Fuzzy String Matching (FSM). • Requirements Engineering: While other techniques have operationalized requirements from texts using statistical NLP [46], semantic frames [47], semantic parsing [48], domain-specific language [49], graphical modelling language [50], privacy-enhanced busi-ness process model and notation [51],information-flow labels [21], we used statistical NLP and UML mapping to identify permission-related requirement. • Privacy Policy Generation at Design Time Using UML Diagrams: Using modelling languages for visualising a system at design time, we implement a solution that helps developers to generate compliant sensitive permission declarations using UML diagrams (class diagrams, activity diagrams etc) during design time.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Runtime and Design Time Completeness Checking of Dangerous Android App Permissions Against GDPR

Mcconkey,

Olukoya

2024

IEEE Access

View full text Add to dashboard Cite

Data and privacy laws, such as the GDPR, require mobile apps that collect and process the personal data of their citizens to have a legally-compliant policy. Since these mobile apps are hosted on app distribution platforms such as Google Play Store and App Store, the app publishers also require the app developers who wish to submit a new app or make changes to an existing app to be transparent about their app privacy practices regarding handling sensitive user data that requires sensitive permissions such as calendar, camera, microphone. To verify compliance with privacy regulators and app distribution platforms, the app privacy policies and permissions are investigated for consistency. However, little has been done to investigate GDPR completeness checking within the Android permission ecosystem. In this paper, we investigate the design and runtime approaches towards completeness checking of sensitive ('dangerous') Android permission policy declarations against GDPR. In this paper, we investigate the design and runtime approaches towards completeness checking of dangerous Android permission policy declarations against GDPR. Leveraging the MPP-270 annotated corpus that describes permission declarations in application privacy policies, six natural language processing and language modelling algorithms are developed to measure permission completeness during runtime while a proof of concept Class Unified Modeling Language Diagram (UML) tool is developed to generate GDPR-compliant permission policy declarations using UML diagrams during design time. This paper makes a significant contribution to the identification of appropriate permission policy declaration methodologies that a developer can use to target particular GDPR laws, increasing GDPR compliance by 12% in cases during runtime using BERT word embedding, measuring GDPR compliance in permission policy sentences, and a UML-driven tool to generate compliant permission declarations.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

mentioning

confidence: 99%

Runtime and Design Time Completeness Checking of Dangerous Android App Permissions Against GDPR

Mcconkey,

Olukoya

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Assessment pipelines, therefore, need to involve interdisciplinary knowledge, including evaluation criteria supported by legal and not only technical interpretations. Some research explicitly highlights the need to incorporate interdisciplinary knowledge into the evaluation pipeline (ID17, ID1051), while others do include a preliminary interdisciplinary analysis (ID21,ID25).…”

Section: Trends and Findingsmentioning

confidence: 99%

Contribution to Software Quality Control Techniques for Assessing Privacy and Data Protection

Loachamín¹

View full text Add to dashboard Cite

Son muchas las personas que han contribuido y que han hecho posible que pueda escribir estas líneas en este momento. Han sido años muy intensos, de mucho aprendizaje, y quiero agradecerles infinitamente por todo el apoyo recibido.Chema, siempre recuerdo tus palabras ante mi primera crisis en el doctorado (apenas a siete meses de empezarlo :-D): "no pienses solo en lo que te queda por hacer, mira hacia atrás, mira lo que has conseguido". Gracias por todas tus palabras de aliento, por tu confianza, apoyo y orientación que han hecho posible finalizar este trabajo.Al grupo de investigación, muchas gracias por su apoyo durante mis estudios de doctorado. Lucas, Ana, Esperanza y Belén, muchas gracias por todo su soporte. Samuel, siempre que surge una oportunidad contamos como anécdota lo de los "microyods" y de alguien que lo sabe ¡casi todo! Gracias, contigo siempre se aprendía algo nuevo.Julio César y Juanito, les agradezco porque han estado en los buenos momentos (los cafetitos, las "filosofadas", las alitas, las salidas, …), pero sobre todo les agradezco infinitamente porque han estado en los momentos no tan buenos ¡de corazón, gracias! Amigos, ustedes son unos cracks, a quienes admiro y de quienes he aprendido y seguro seguiré aprendiendo un montón de cosas.Gracias también a mis amigos JuanK, Lily, Nao, Esteban, Leo, Andrés, Pául, Moni, Marco y Jacky las reuniones y conversas hicieron más llevadera la distancia :). Lily, Esteban y Sonia, gracias por el tiempo y cariño a mi peque.Given the multidisciplinary nature of some of the studies in this thesis, national and international researchers have collaborated in elaborating these contributions. These collaborations have been performed in the context of national and international research projects and a research stay in a prestigious institution. In addition, these contributions have been validated via publications in relevant journals and conferences. v ContentsResumen .

show abstract

Towards GDPR Compliant Software Design: A Formal Framework for Analyzing System Models

Vanezi

Kouzapas

Kapitsaki

et al. 2020

Communications in Computer and Information Science

View full text Add to dashboard Cite

A Formal Modeling Scheme for Analyzing a Software System Design against the GDPR

Cited by 5 publications

References 0 publications

Runtime and Design Time Completeness Checking of Dangerous Android App Permissions Against GDPR

Runtime and Design Time Completeness Checking of Dangerous Android App Permissions Against GDPR

Contribution to Software Quality Control Techniques for Assessing Privacy and Data Protection

Towards GDPR Compliant Software Design: A Formal Framework for Analyzing System Models

Contact Info

Product

Resources

About