KIT | KIT-Bibliothek | Impressum | Datenschutz

Towards a Formal Approach for Data Minimization in Programs [in press]

Lanzinger, Florian; Weigl, Alexander

As more and more processes are digitized, the protection of personal data
becomes increasingly important for individuals, agencies, companies,
and society in general. One principle of data protection is data minimization,
which limits the processing and storage of personal data to the minimum
necessary for the defined purpose. To adhere to this principle, an
analysis of what data are needed by a piece of software is required. In
this paper, we present an idea for a program analysis which connects data
minimization with secure information flow to assess which personal data are
required by a program: A program is decomposed into two
programs. The first projects the original input, keeping only the minimal
amount of required data. The second computes the original output
from the projected input. Thus, we achieve a program variant which is
compliant with data minimization. We define the approach, show how it can be
used for different scenarios, and give examples for how to compute such
a decomposition.

Zugehörige Institution(en) am KIT Institut für Informationssicherheit und Verlässlichkeit (KASTEL)
Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL)
Publikationstyp Proceedingsbeitrag
Publikationsjahr 2021
Sprache Englisch
Identifikator KITopen-ID: 1000139604
HGF-Programm 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems
Erschienen in Data Privacy Management, Cryptocurrencies and Blockchain Technology
Verlag Springer International Publishing
Serie Lecture Notes in Computer Science
Schlagwörter secure information flow; data minimzation; GDPR
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page