KIT | KIT-Bibliothek | Impressum | Datenschutz

Towards a Formal Approach for Data Minimization in Programs (Short Paper)

Lanzinger, Florian ORCID iD icon; Weigl, Alexander ORCID iD icon

Abstract (englisch):

As more and more processes are digitized, the protection of personal data becomes increasingly important for individuals, agencies, companies, and society in general. One principle of data protection is data minimization, which limits the processing and storage of personal data to the minimum necessary for the defined purpose. To adhere to this principle, an analysis of what data are needed by a piece of software is required. In this paper, we present an idea for a program analysis which connects data minimization with secure information flow to assess which personal data are required by a program: A program is decomposed into two programs. The first projects the original input, keeping only the minimal amount of required data. The second computes the original output from the projected input. Thus, we achieve a program variant which is compliant with data minimization. We define the approach, show how it can be used for different scenarios, and give examples for how to compute such a decomposition.


Postprint §
DOI: 10.5445/IR/1000139604
Veröffentlicht am 02.01.2023
Originalveröffentlichung
DOI: 10.1007/978-3-030-93944-1_11
Dimensions
Zitationen: 1
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Informationssicherheit und Verlässlichkeit (KASTEL)
Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL)
Publikationstyp Proceedingsbeitrag
Publikationsjahr 2022
Sprache Englisch
Identifikator ISBN: 978-3-030-93943-4
KITopen-ID: 1000139604
HGF-Programm 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems
Erschienen in Data Privacy Management, Cryptocurrencies and Blockchain Technology : ESORICS 2021 International Workshops, DPM 2021 and CBT 2021, Darmstadt, Germany, October 8, 2021, Revised Selected Papers. Ed.: J. Garcia-Alfaro
Veranstaltung 26th European Symposium on Research in Computer Security (ESORICS 2021), Darmstadt, Deutschland, 04.10.2021 – 08.10.2021
Auflage 1st ed.
Verlag Springer International Publishing
Seiten 161-169
Serie Security and Cryptology ; 13140
Vorab online veröffentlicht am 01.01.2022
Schlagwörter secure information flow; data minimzation; GDPR
Nachgewiesen in Dimensions
Scopus
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page