Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
1 © Nokia Solutions and Networks 2014
Privacy Engineering
PUBLIC
Dr Ian Oliver
Security Research, Nokia Networks
7 April 2...
2 © Nokia Solutions and Networks 2014
Contents
•Quick Introduction & Contents
• A note of Privacy by Design
•Data Flow Mod...
3 © Nokia Solutions and Networks 2014
Dataflow Modelling
<Change information classification in footer>
4 © Nokia Solutions and Networks 2014
Data Flow Modelling – Basic Syntax and Semantics
PUBLIC
5 © Nokia Solutions and Networks 2014
Data Flow Modelling - Partitioning
PUBLIC
6 © Nokia Solutions and Networks 2014
Data Flow Modelling - Annotations
PUBLIC
7 © Nokia Solutions and Networks 2014
Data Flow Modelling - Analysis
PUBLIC
•Processes ’preserve’ information
•Boundary Cr...
8 © Nokia Solutions and Networks 2014
Data Flow Modelling - Annotations
PUBLIC
9 © Nokia Solutions and Networks 2014
Ontology and Terminology
<Change information classification in footer>
10 © Nokia Solutions and Networks 2014
Ontology and Terminology
PUBLIC
Personal Data
and
PII
11 © Nokia Solutions and Networks 2014
Ontology and Terminology
PUBLIC
Personal Data
and
PII
are the worst terms you can h...
12 © Nokia Solutions and Networks 2014
Ontology and Terminology
PUBLIC
Personal Data
and
PII
are the worst terms you can h...
13 © Nokia Solutions and Networks 2014
Ontology and Terminology
PUBLIC
14 © Nokia Solutions and Networks 2014
Ontology and Terminology
PUBLIC
15 © Nokia Solutions and Networks 2014
Ontology and Terminology
PUBLIC
16 © Nokia Solutions and Networks 2014
Ontology and Terminology
PUBLIC
17 © Nokia Solutions and Networks 2014
Ontology and Terminology
PUBLIC
18 © Nokia Solutions and Networks 2014
Ontology and Terminology
PUBLIC
19 © Nokia Solutions and Networks 2014
Ontology and Terminology
PUBLIC
20 © Nokia Solutions and Networks 2014
Ontology and Terminology
PUBLIC
Personal Data
and
PII
21 © Nokia Solutions and Networks 2014
Ontology and Terminology
PUBLIC
Personal Data
and
PII
that fact that an information...
22 © Nokia Solutions and Networks 2014
Ontology and Terminology
PUBLIC
Common Terminology and Meaning
is CRITICAL
to a sha...
23 © Nokia Solutions and Networks 2014
Requirements Engineering
<Change information classification in footer>
24 © Nokia Solutions and Networks 2014
Requirements Engineering
PUBLIC
Scary truth for privacy lawyers:
25 © Nokia Solutions and Networks 2014
Requirements Engineering
PUBLIC
Scary truth for privacy lawyers:
You are all requir...
26 © Nokia Solutions and Networks 2014
Requirements Engineering
PUBLIC
27 © Nokia Solutions and Networks 2014
Requirements Engineering
PUBLIC
28 © Nokia Solutions and Networks 2014
Requirements Engineering
PUBLIC
Ontology class x Requirements Aspect x Level of Abs...
29 © Nokia Solutions and Networks 2014
Requirements Engineering
PUBLIC
Ontology class x Requirements Aspect x Level of Abs...
30 © Nokia Solutions and Networks 2014
Requirements Engineering
PUBLIC
Ontology class x Requirements Aspect x Level of Abs...
31 © Nokia Solutions and Networks 2014
Requirements Engineering
PUBLIC
Another scary truth for privacy lawyers:
32 © Nokia Solutions and Networks 2014
Requirements Engineering
PUBLIC
Another scary truth for privacy lawyers:
Policies a...
33 © Nokia Solutions and Networks 2014
Requirements Engineering
PUBLIC
Another scary truth for privacy lawyers:
Policies a...
34 © Nokia Solutions and Networks 2014
Requirements Engineering
PUBLIC
Another scary truth for privacy lawyers:
Policies a...
35 © Nokia Solutions and Networks 2014
Requirements Engineering
PUBLIC
increasing strength of requirements
or
decreasing r...
36 © Nokia Solutions and Networks 2014
Requirements Engineering
PUBLIC
increasing strength of requirements
or
decreasing r...
37 © Nokia Solutions and Networks 2014
Requirements Engineering
PUBLIC
increasing strength of requirements
or
decreasing r...
38 © Nokia Solutions and Networks 2014
Requirements Engineering
PUBLIC
increasing strength of requirements
or
decreasing r...
39 © Nokia Solutions and Networks 2014
Risk
<Change information classification in footer>
40 © Nokia Solutions and Networks 2014
Risk
PUBLIC
•Information classes
•The role of modelling and terminology
•Analysis, ...
41 © Nokia Solutions and Networks 2014
Risk
PUBLIC
•Information classes
•The role of modelling and terminology
•Analysis, ...
42 © Nokia Solutions and Networks 2014
Risk
PUBLIC
We do not have simple metrics for risk
Other than potential cost in fin...
43 © Nokia Solutions and Networks 2014
Risk
PUBLIC
The role of modelling and
terminology
44 © Nokia Solutions and Networks 2014
Risk
PUBLIC
Failure Mode and
Effect Analysis
45 © Nokia Solutions and Networks 2014
Risk
PUBLIC
Anonymisation
•k-anonymisation
•l-diversity
•Differential Privacy
•Hash...
46 © Nokia Solutions and Networks 2014
Risk
PUBLIC
Syntactical Changes
eg: Hashing
47 © Nokia Solutions and Networks 2014
Culture
<Change information classification in footer>
48 © Nokia Solutions and Networks 2014
Culture
PUBLIC
•Information classes
•The role of modelling and terminology
•Analysi...
49 © Nokia Solutions and Networks 2014
Culture
PUBLIC
•Information classes
•The role of modelling and terminology
•Analysi...
50 © Nokia Solutions and Networks 2014
Culture
PUBLIC
51 © Nokia Solutions and Networks 2014
Culture
PUBLIC
52 © Nokia Solutions and Networks 2014
Culture
PUBLIC
53 © Nokia Solutions and Networks 2014
Culture
PUBLIC
54 © Nokia Solutions and Networks 2014
Culture
PUBLIC
55 © Nokia Solutions and Networks 2014
Culture
PUBLIC
Privacy Engineering Culture is about
managinging, quantifying and qu...
56 © Nokia Solutions and Networks 2014
Summary
<Change information classification in footer>
57 © Nokia Solutions and Networks 2014
•Quick Introduction
•Data Flow Modelling
• Language and its semantics
• Analysis
•O...
58 © Nokia Solutions and Networks 2014
The End
<Change information classification in footer>
59 © Nokia Solutions and Networks 2014
Colors and fonts
Use sentence case for slide titles
<Change information classificat...
60 © Nokia Solutions and Networks 2014
Colors and text combinations
<Change information classification in footer>
Aa Aa Aa...
Privacy Engineering Tutorial  (TrustCom2015)
Upcoming SlideShare
Loading in …5
×

Privacy Engineering Tutorial (TrustCom2015)

982 views

Published on

Privacy Engineering Tutorial Slides from TrustCom 2015 in Helsinki

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Privacy Engineering Tutorial (TrustCom2015)

  1. 1. 1 © Nokia Solutions and Networks 2014 Privacy Engineering PUBLIC Dr Ian Oliver Security Research, Nokia Networks 7 April 2015
  2. 2. 2 © Nokia Solutions and Networks 2014 Contents •Quick Introduction & Contents • A note of Privacy by Design •Data Flow Modelling • Language and its semantics • Analysis •Ontology and Terminology • What’s wrong with ”PII” and ”Personal Data” • Ontologies of Information, Requirements and RIsk •Requirements Engineering • Aspects, Development Flow and Privacy Ontologies PUBLIC •Risk • Information classes • The role of modelling and terminology • Analysis, FMEA, RCA • Metrics • Differential Privacy, k-Anon, l-Div etc • Hashing, and the identifier problem • Encryption •Culture • Aviation, Surgery (!) • Privacy as a safety-critical concern •Summary and Questions
  3. 3. 3 © Nokia Solutions and Networks 2014 Dataflow Modelling <Change information classification in footer>
  4. 4. 4 © Nokia Solutions and Networks 2014 Data Flow Modelling – Basic Syntax and Semantics PUBLIC
  5. 5. 5 © Nokia Solutions and Networks 2014 Data Flow Modelling - Partitioning PUBLIC
  6. 6. 6 © Nokia Solutions and Networks 2014 Data Flow Modelling - Annotations PUBLIC
  7. 7. 7 © Nokia Solutions and Networks 2014 Data Flow Modelling - Analysis PUBLIC •Processes ’preserve’ information •Boundary Crossing •Policy Calculation • (and therefore Policy Generation)
  8. 8. 8 © Nokia Solutions and Networks 2014 Data Flow Modelling - Annotations PUBLIC
  9. 9. 9 © Nokia Solutions and Networks 2014 Ontology and Terminology <Change information classification in footer>
  10. 10. 10 © Nokia Solutions and Networks 2014 Ontology and Terminology PUBLIC Personal Data and PII
  11. 11. 11 © Nokia Solutions and Networks 2014 Ontology and Terminology PUBLIC Personal Data and PII are the worst terms you can have for describing data
  12. 12. 12 © Nokia Solutions and Networks 2014 Ontology and Terminology PUBLIC Personal Data and PII are the worst terms you can have for describing data these terms should be banned! never use them!
  13. 13. 13 © Nokia Solutions and Networks 2014 Ontology and Terminology PUBLIC
  14. 14. 14 © Nokia Solutions and Networks 2014 Ontology and Terminology PUBLIC
  15. 15. 15 © Nokia Solutions and Networks 2014 Ontology and Terminology PUBLIC
  16. 16. 16 © Nokia Solutions and Networks 2014 Ontology and Terminology PUBLIC
  17. 17. 17 © Nokia Solutions and Networks 2014 Ontology and Terminology PUBLIC
  18. 18. 18 © Nokia Solutions and Networks 2014 Ontology and Terminology PUBLIC
  19. 19. 19 © Nokia Solutions and Networks 2014 Ontology and Terminology PUBLIC
  20. 20. 20 © Nokia Solutions and Networks 2014 Ontology and Terminology PUBLIC Personal Data and PII
  21. 21. 21 © Nokia Solutions and Networks 2014 Ontology and Terminology PUBLIC Personal Data and PII that fact that an information set contains is derived or calculated from: the information type, usage, purpose, provenance, jurisdiction etc. of the information set’s contents
  22. 22. 22 © Nokia Solutions and Networks 2014 Ontology and Terminology PUBLIC Common Terminology and Meaning is CRITICAL to a shared understanding between all privacy parties (lawyers, engineers, advocates)
  23. 23. 23 © Nokia Solutions and Networks 2014 Requirements Engineering <Change information classification in footer>
  24. 24. 24 © Nokia Solutions and Networks 2014 Requirements Engineering PUBLIC Scary truth for privacy lawyers:
  25. 25. 25 © Nokia Solutions and Networks 2014 Requirements Engineering PUBLIC Scary truth for privacy lawyers: You are all requirements engineers!
  26. 26. 26 © Nokia Solutions and Networks 2014 Requirements Engineering PUBLIC
  27. 27. 27 © Nokia Solutions and Networks 2014 Requirements Engineering PUBLIC
  28. 28. 28 © Nokia Solutions and Networks 2014 Requirements Engineering PUBLIC Ontology class x Requirements Aspect x Level of Abstraction
  29. 29. 29 © Nokia Solutions and Networks 2014 Requirements Engineering PUBLIC Ontology class x Requirements Aspect x Level of Abstraction x Specific/Edge Cases
  30. 30. 30 © Nokia Solutions and Networks 2014 Requirements Engineering PUBLIC Ontology class x Requirements Aspect x Level of Abstraction x Specific/Edge Cases  Patterns
  31. 31. 31 © Nokia Solutions and Networks 2014 Requirements Engineering PUBLIC Another scary truth for privacy lawyers:
  32. 32. 32 © Nokia Solutions and Networks 2014 Requirements Engineering PUBLIC Another scary truth for privacy lawyers: Policies are Requirements
  33. 33. 33 © Nokia Solutions and Networks 2014 Requirements Engineering PUBLIC Another scary truth for privacy lawyers: Policies are Requirements furthermore!
  34. 34. 34 © Nokia Solutions and Networks 2014 Requirements Engineering PUBLIC Another scary truth for privacy lawyers: Policies are Requirements furthermore! Requirements are Policies!
  35. 35. 35 © Nokia Solutions and Networks 2014 Requirements Engineering PUBLIC increasing strength of requirements or decreasing risk
  36. 36. 36 © Nokia Solutions and Networks 2014 Requirements Engineering PUBLIC increasing strength of requirements or decreasing risk beyond here we can not construct a system
  37. 37. 37 © Nokia Solutions and Networks 2014 Requirements Engineering PUBLIC increasing strength of requirements or decreasing risk beyond here we can not construct a system the sum of all our requirements
  38. 38. 38 © Nokia Solutions and Networks 2014 Requirements Engineering PUBLIC increasing strength of requirements or decreasing risk beyond here we can not construct a system the sum of all our requirements zone of acceptable risk retrenchment of requirements
  39. 39. 39 © Nokia Solutions and Networks 2014 Risk <Change information classification in footer>
  40. 40. 40 © Nokia Solutions and Networks 2014 Risk PUBLIC •Information classes •The role of modelling and terminology •Analysis, FMEA, RCA •Metrics •Differential Privacy, k-Anon, l-Div etc •Hashing, and the identifier problem •Encryption Privacy Engineering is about managing risk through a well-defined, rigorous process of construction and measurement encompassing all abstraction levels
  41. 41. 41 © Nokia Solutions and Networks 2014 Risk PUBLIC •Information classes •The role of modelling and terminology •Analysis, FMEA, RCA •Metrics •Differential Privacy, k-Anon, l-Div etc •Hashing, and the identifier problem •Encryption Privacy Engineering is about managing risk through a well-defined, rigorous process of construction and measurement encompassing all abstraction levels •lawyers call this due dilligence •engineers call this ”good engineering” •privacy advocates call this ”woo yeah!! privacy baby!!”
  42. 42. 42 © Nokia Solutions and Networks 2014 Risk PUBLIC We do not have simple metrics for risk Other than potential cost in financial terms
  43. 43. 43 © Nokia Solutions and Networks 2014 Risk PUBLIC The role of modelling and terminology
  44. 44. 44 © Nokia Solutions and Networks 2014 Risk PUBLIC Failure Mode and Effect Analysis
  45. 45. 45 © Nokia Solutions and Networks 2014 Risk PUBLIC Anonymisation •k-anonymisation •l-diversity •Differential Privacy •Hashing •Encryption
  46. 46. 46 © Nokia Solutions and Networks 2014 Risk PUBLIC Syntactical Changes eg: Hashing
  47. 47. 47 © Nokia Solutions and Networks 2014 Culture <Change information classification in footer>
  48. 48. 48 © Nokia Solutions and Networks 2014 Culture PUBLIC •Information classes •The role of modelling and terminology •Analysis, FMEA, RCA •Metrics •Differential Privacy, k-Anon, l-Div etc •Hashing, and the identifier problem •Encryption Privacy should be a safety-critical aspect of engineering
  49. 49. 49 © Nokia Solutions and Networks 2014 Culture PUBLIC •Information classes •The role of modelling and terminology •Analysis, FMEA, RCA •Metrics •Differential Privacy, k-Anon, l-Div etc •Hashing, and the identifier problem •Encryption Privacy should be, must become a safety-critical aspect of engineering
  50. 50. 50 © Nokia Solutions and Networks 2014 Culture PUBLIC
  51. 51. 51 © Nokia Solutions and Networks 2014 Culture PUBLIC
  52. 52. 52 © Nokia Solutions and Networks 2014 Culture PUBLIC
  53. 53. 53 © Nokia Solutions and Networks 2014 Culture PUBLIC
  54. 54. 54 © Nokia Solutions and Networks 2014 Culture PUBLIC
  55. 55. 55 © Nokia Solutions and Networks 2014 Culture PUBLIC Privacy Engineering Culture is about managinging, quantifying and qualifying risk not eliminating it
  56. 56. 56 © Nokia Solutions and Networks 2014 Summary <Change information classification in footer>
  57. 57. 57 © Nokia Solutions and Networks 2014 •Quick Introduction •Data Flow Modelling • Language and its semantics • Analysis •Ontology and Terminology • What’s wrong with ”PII” and ”Personal Data” • Ontologies of Information, Requirements and RIsk •Requirements Engineering • Aspects, Development Flow and Privacy Ontologies PUBLIC •Risk • Information classes • The role of modelling and terminology • Analysis, FMEA, RCA • Metrics • Differential Privacy, k-Anon, l-Div etc • Hashing, and the identifier problem • Encryption •Culture • Aviation, Surgery (!) • Privacy as a safety-critical concern
  58. 58. 58 © Nokia Solutions and Networks 2014 The End <Change information classification in footer>
  59. 59. 59 © Nokia Solutions and Networks 2014 Colors and fonts Use sentence case for slide titles <Change information classification in footer> Core and background colors 18 65 145 0 201 255 104 113 122 168 187 192 216 217 218 R G B We use blue and white predominantly, and selectively call out key points in light blue. If necessary, we use our palette of grays to help highlight supporting information. Document fonts Nokia Pure is our business font and should be used as a priority. If you do not have this font installed, Arial is the acceptable alternative. the presentation title should be in lower case using Nokia Pure Headline Light. Slide titles should be in sentence case using Nokia Pure Headline Light. Body copy text should be sentence case using Nokia Pure Text Light.
  60. 60. 60 © Nokia Solutions and Networks 2014 Colors and text combinations <Change information classification in footer> Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa Aa X X X X X XX ! X ! ! ! ! ! X X ! Aa Aa Aa Aa Aa X ! ! X ! Do not use. Avoid using with small text. !

×