Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
Long term security evolution of AI
and data protection
Antonio Kung
Trialog, 25 rue du Général Foy 75008 Paris
antonio.kung@trialog.com
26 March 2021 Long-term security evolution of AI and data protection Slide 1
This project has received funding from the European
Union’s Horizon 2020 research and innovation
programme under grant agreement No 787034

Long term security evolution of AI and
data protection
❑Background
❑Characterisation of AI-based systems
❑Long term security evolution
❑Using models
26 March 2021 Long-term security evolution of AI and data protection Slide 2

Background
❑Embedded systems, Cyberphysical systems, Internet of things
❑Various domains
❑Privacy
❑Security
❑Trustworthiness
❑Interoperability
❑Architecture
❑AI
❑Involvement in standards
❑Guidance for organisations
❑Guidance for ecosystems
26 March 2021 Long-term security evolution of AI and data protection 3
https://edps.europa.eu/data-protection/ipen-internet-privacy-engineering-network_en
https://ipen.trialog.com/wiki/Wiki_for_Privacy_Standards_and_Privacy_Projects

Background on AI
❑Study impact of AI on security and privacy (ISO/IEC SC27)
❑Study 132 use cases (ISO/IEC 24030 AI use cases)
❑Guidance for security
❑Guidance for privacy
❑Study impact of AI on an ICT domain (ISO TC215)
❑Impact of AI on health ICT
❑Impact of AI on health ICT systems
❑Study impact of AI on architecture (ISO/IEC AG8)
❑For instance alignment of IoT reference architecture with Knowledge
engineering reference architecture
26 March 2021 Long-term security evolution of AI and data protection 4

Long term security evolution of AI and
data protection
❑Background
❑Characterisation of AI-based systems
❑Long term security evolution
❑Using models
26 March 2021 Long-term security evolution of AI and data protection Slide 5

AI based applications
❑Current wave
❑Automatic speech recognition
❑Machine translation
❑Spam filters
❑Search engines
❑…
❑Upcoming wave
❑Autonomous cars
❑Robots for elderly people
❑Autonomous drones
❑…
26 March 2021 Long-term security evolution of AI and data protection 6

Ecosystem Perspective
Example of cooperative ITS
26 March 2021 Long-term security evolution of AI and data protection 7
Pseudonymization authority
Road side unit
Sending vehicle
Receiving vehicle

Ecosystem Perspective
Example of cooperative ITS
26 March 2021 Long-term security evolution of AI and data protection 8
PKI operator
Vehicle
operator
Use case
operator
AI capability
(e.g. autonomous
driving)
AI capability
(e.g. autonomous
driving)

Lifecycle Perspective
26 March 2021 Long-term security evolution of AI and data protection Slide 9
AI system design &
implementation
AI system training
AI system
integration into
SoS
SoS operation
Training data Application data
Continuous improvement

Governance Perspective
26 March 2021 Long-term security evolution of AI and data protection 10
to
on
Governance body
Governed subject Policies
follows
Monitors Establishes

Governance Perspective
26 March 2021 Long-term security evolution of AI and data protection 11
to
on
Governance body
AI-based
Autonomous
System
Policies
follows
Monitors Establishes

Long term security evolution of AI and
data protection
❑Background
❑Characterisation of AI-based systems
❑Long term security evolution
❑Using models
26 March 2021 Long-term security evolution of AI and data protection Slide 12

Ecosystem Perspective
Example of cooperative ITS
26 March 2021 Long-term security evolution of AI and data protection 13
PKI operator
Vehicle
operator
Use case
operator
AI capability
(e.g. autonomous
driving)
AI capability
(e.g. autonomous
driving)

Lifecycle Perspective
26 March 2021 Long-term security evolution of AI and data protection Slide 14
AI system design &
implementation
AI system training
AI system
integration into
SoS
SoS operation
Training data Application data
Continuous improvement

Governance Perspective
26 March 2021 Long-term security evolution of AI and data protection 15
Governance body
AI-based
Autonomous
System
Policies
follows
Monitors Establishes

Approach
Slide 16
System
Trustworthiness
capability
Long-term
security
Technical/
Organisational
Functional
capability
26 March 2021 Long-term security evolution of AI and data protection

Long term security evolution of AI and
data protection
❑Background
❑Characterisation of AI-based systems
❑Long term security evolution
❑Using models
26 March 2021 Long-term security evolution of AI and data protection Slide 17

Using Models
26 March 2021 Long-term security evolution of AI and data protection Slide 18
Model engineering
constructing proportionally-scaled
miniature working representations
of full-sized machines
Model driven engineering
expressing specifications
through processable models.
Diagram orientation (e.g. UML diagrams)
Source wikipedia

Approach
System model
Trustworthiness
Capability model
Long-term
security
model
Functional
capability model
Slide 19
System
Trustworthiness
capability
Functional
capability
26 March 2021 Long-term security evolution of AI and data protection
Long-term
security
Technical/
Organisational

Community of BAMs
❑Best Available protection Models (BAM)
❑most effective and advanced capabilities
❑suitable in practice for privacy compliance
❑designed to address risks on privacy and security.
❑Analogy with best available techniques
26 March 2021 Long-term security evolution of AI and data protection Slide 20

There is a need for many BAMs
26 March 2021 Long-term security evolution of AI and data protection Slide 21
Consumer applications
Protection models
AI in
Health
AI in Social
network
AI in
Mobility
AI in Smart
home
AI in
Fintech
…
IoT applications
Protection models
AI in
Connected
vehicles
AI in E-
mobility
AI in Smart
energy
AI in
Assisted
Living
AI in
Security
…
Data processing
Protection models

Application developer
reuses a BAM and its implementation
26 March 2021 Long-term security evolution of AI and data protection Slide 22
Reuses
Application developer
Open community
repository
Open
source
Guidance
BAM

Application developer
develop a BAM
26 March 2021 Long-term security evolution of AI and data protection Slide 23
Submits
Open community
repository
Open
source
Modelling tools
Uses
Privacy
engineering tools
Application developer
Guidance
BAM

Eclipse Privacy-by-model Community
26 March 2021 Long-term security evolution of AI and data protection Slide 24
Stakeholders
Privacy model expert
PbM Steering committee
(1) Provides
Guidance for models
(3) Provides
model
(3) Provides
model
Stakeholders
Application privacy protection
Project Task force
Stakeholders
Privacy engineering project
Task force
(2) Uses
(2) Uses
Stakeholders
Privacy model expert
PbM Validation committee
(4)Validates
model
(4) Validates
model
Best
Available
Models
(5) Publishes
model

Join the future Privacy-by-model
community!
Philippe Krief: philippe.krief@eclipse-foundation.org
Antonio Kung: antonio.kung@trialog.com
Samuel Martin: ys.martin@upm.es
26 March 2021 Long-term security evolution of AI and data protection Slide 25
This project has received funding from the European
Union’s Horizon 2020 research and innovation
programme under grant agreement No 787034