Brussels Legal Hackers, profile picture
Uploaded byBrussels Legal Hackers
PDF, PPTX651 views

20171106 - Privacy Design Lab - LINDDUN

The document discusses the LINDDUN framework, a technical data protection impact assessment methodology designed to help organizations achieve GDPR compliance through systematic threat modeling and risk management. It outlines various steps, including system description, threat elicitation, and management, supported by empirical research and industry acceptance. The framework emphasizes the importance of appropriate technical measures to safeguard privacy rights, such as the right to access and the right to be forgotten.

Embed presentation

Download as PDF, PPTX
Towards GDPR Compliance with LINDDUN Aram Hovsepyan Kim Wuyts https://www.facebook.com/LINDDUN.privacy/ https://twitter.com/linddun https://linddun.org
2 2 Large team of professionals § 12 faculty members § 8 research managers § 15 postdocs § 50 PhD Students § Business office Project-centric research § fundamental research at the core § strategic basic research § applied research with industry § contract research Distributed Software Software engineering Secure Software
GDPR Compliance 3 COMPLIANCE LEGALLEGALTECHNICAL
COMPLIANCE GDPR Compliance 4 LEGALLEGALTECHNICAL LIN DDUN › Functional › “Appropriate technical measures…” Right to be forgotten ✔ Right to information ✔ Right to access ✔ Right to rectification ✔ Right to object ✔ Right to data portability ✔
LINDDUN background › Developed before the GDPR hysteria › Scientifically renown › Industrially accepted (ISO27550) 5
LINDDUN › Technical data protection impact assessment methodology › Threat modeling framework › System description › Threat elicitation › Threat management / mitigation 6
LINDDUN* Framework › Step 1: describe the system › create a data flow diagram (DFD) › describe all data › Step 2: elicit threats/risks › map threats to DFD elements › identify threats using attack trees › Step 3: manage threats/risks › prioritize in dialog with the DPO › mitigate using a taxonomy of PETs 7* We present a modified version of LINDDUN
Step 1: Create the Data Flow Diagram 8
Step 1: Create the Data Flow Diagram 9 Cloud Server 1. User 2. Administrator Back-endFront-end 9. Authentication 4. Overall database 6. Authentication 5. Portal facade 8. Portal facade 11. Mail server 7. Chat 10. Chat 13. HTTPS12. HTTPS 3. Ops 14. SSH 15 16 17 18 19 20 21 22 23 24 25 26. Logging 27. Imitate
Step 1: Describe all data › Databases › Files › Logs › apache logs 10
› Linkability › Identifiability › Non-repudiation › Detectability › Disclosure of Information › Unawareness › Non-compliance Step 2: Elicit threats 11
Step 2: Elicit threats 12 Security/Privacy mavens Experts in other areas LINDDUN AttackTrees Checklists CAPEC STRIDE
Step 2: Map threats to DFD elements 13 Linkability Identifiability Non-repudiation Detectability Information Disclosure Content Unawareness Policy&Consent Non-compliance Data store X X X X X X Data flow X X X X X X Process X X X X X X Entity X X X MAPPINGTEMPLATE
Assumptions › Pre-conditions / invariants that invalidate threats, e.g.: › non-repudiation threats often not applicable › secure communication (https A+ grade) › identifiability and linkability threats not be applicable to closed systems 14
Step 2: Identify threat scenarios using attack trees 16
Step 2: example 17 Threat 1 Using the forgot password feature we can identify a system user. DFD 4 (Detectability). Description Forgot password feature asks the email address of the user and after resetting the password says that a reset password email is successfully sent to the user. This could lead to identifiability problems where an attacker can easily check whether the user has a registration within the platform. Countermeasure None Likelihood Limited Impact Negligible Action point Modify the forgot password feature to always produce the same message making it impossible to figure out whether the user with the specified email address exists or not. Reference D_p (12)
Step 2: example 18 Threat 3 Storing a complete log of user actions. DFD 4 (Identifiability, Linkability, Unawareness, Non-compliance) Description All user actions are logged in the system for statistical purposes. This poses a significant privacy threat for a number of categories, such as, unawareness and non-compliance. Note that even if this data is anonymized, the threats for identifiability and linkability remain as we could match the user last login time and figure out the user log actions. Countermeasure None Likelihood Maximum (administrators can always have a look at the complete log). Impact Limited (to be discussed with DPOs). Action point • Make sure the privacy policy reflects that a detailed log is collected. • Keep the log, but drop the link to the users (impossible to track teams). • Reduce the time accuracy for the logs (e.g., keep only the action hour, and not the minute and second). Reference L_ds6, I_ds5, I_ds6, U_2, NC_3 (4)
Step 3: Manage threats › Accept › Mitigate › Avoid › Transfer 19
Step 3: Manage threats 20
Step 3: Manage threats
Step 3: Manage threats
LINDDUN › Systematic technical data privacy impact assessment framework › Solid scientific foundation › 30 years security research › 10 years privacy research › Collaborative effort with COSIC and CiTiP › Validated through empirical studies and pilot projects 23 https://linddun.org

More Related Content

PDF
Security by Design: An Introduction to Drupal Security
byTara Arnold
 
PPTX
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
bymdagrossa
 
PDF
Securing the Internet from Cyber Criminals
byNarudom Roongsiriwong, CISSP
 
PPTX
Ransomware Detection: Don’t Pay Up. Backup.
bymarketingunitrends
 
PDF
CSF18 - Incident Response in the Cloud - Yuri Diogenes
byNCCOMMS
 
PPTX
Mastering Next Gen SIEM Use Cases (Part 2)
byDNIF
 
PDF
How To Avoid The Top Ten Software Security Flaws
byPriyanka Aash
 
PPTX
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
byStorage Switzerland
 
Security by Design: An Introduction to Drupal Security
byTara Arnold
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
bymdagrossa
 
Securing the Internet from Cyber Criminals
byNarudom Roongsiriwong, CISSP
 
Ransomware Detection: Don’t Pay Up. Backup.
bymarketingunitrends
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
byNCCOMMS
 
Mastering Next Gen SIEM Use Cases (Part 2)
byDNIF
 
How To Avoid The Top Ten Software Security Flaws
byPriyanka Aash
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
byStorage Switzerland
 

What's hot

PPTX
Maltego Webinar Slides
byThreatConnect
 
PDF
From Business Architecture to Security Architecture
byPriyanka Aash
 
PDF
Application Security Verification Standard Project
byNarudom Roongsiriwong, CISSP
 
PDF
Triangulum - Ransomware Evolved - Why your backups arent good enough
byMartin Opsahl
 
PPT
Safeguard your enterprise against ransomware
byQuick Heal Technologies Ltd.
 
PDF
Evidence-Based Security: The New Top Five Controls
byPriyanka Aash
 
PDF
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
byNormShield, Inc.
 
PDF
Network Security - Defense Through Layered Information Security
byEryk Budi Pratama
 
PDF
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
byEC-Council
 
PDF
Cyber intelligence for corporate security
byG3 intelligence Ltd
 
PDF
How Good Security Architecture Saves Corporate Workers from COVID-19
byNarudom Roongsiriwong, CISSP
 
PDF
Cisa ransomware guide
byanpapathanasiou
 
PDF
Overview of the Cyber Kill Chain [TM]
byDavid Sweigert
 
PPTX
Phases of Incident Response
byEC-Council
 
PDF
Implementing An Automated Incident Response Architecture
byPriyanka Aash
 
PDF
Building a Next-Generation Security Operations Center (SOC)
bySqrrl
 
PDF
Top 10 Bad Coding Practices Lead to Security Problems
byNarudom Roongsiriwong, CISSP
 
PDF
Threat Intelligence Is Like Three Day Potty Training
byPriyanka Aash
 
PPTX
Incident Response: Validation, Containment & Forensics
byPriyanka Aash
 
PPTX
Down The Rabbit Hole, From Networker to Security Professional
bySatria Ady Pradana
 
Maltego Webinar Slides
byThreatConnect
 
From Business Architecture to Security Architecture
byPriyanka Aash
 
Application Security Verification Standard Project
byNarudom Roongsiriwong, CISSP
 
Triangulum - Ransomware Evolved - Why your backups arent good enough
byMartin Opsahl
 
Safeguard your enterprise against ransomware
byQuick Heal Technologies Ltd.
 
Evidence-Based Security: The New Top Five Controls
byPriyanka Aash
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
byNormShield, Inc.
 
Network Security - Defense Through Layered Information Security
byEryk Budi Pratama
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
byEC-Council
 
Cyber intelligence for corporate security
byG3 intelligence Ltd
 
How Good Security Architecture Saves Corporate Workers from COVID-19
byNarudom Roongsiriwong, CISSP
 
Cisa ransomware guide
byanpapathanasiou
 
Overview of the Cyber Kill Chain [TM]
byDavid Sweigert
 
Phases of Incident Response
byEC-Council
 
Implementing An Automated Incident Response Architecture
byPriyanka Aash
 
Building a Next-Generation Security Operations Center (SOC)
bySqrrl
 
Top 10 Bad Coding Practices Lead to Security Problems
byNarudom Roongsiriwong, CISSP
 
Threat Intelligence Is Like Three Day Potty Training
byPriyanka Aash
 
Incident Response: Validation, Containment & Forensics
byPriyanka Aash
 
Down The Rabbit Hole, From Networker to Security Professional
bySatria Ady Pradana
 

Viewers also liked

PDF
#Ready4EUdataP Privacy by Design: effetti pratici sui sistemi IT Giancarlo Butti
byEuroPrivacy
 
PPT
Privacy by Design Seminar - Jan 22, 2015
byDr. Ann Cavoukian
 
PPTX
Managing Cloud Security Design and Implementation in a Ransomware World
byMongoDB
 
PPTX
Privacy by Design: White Papaer
byKristyn Greenwood
 
PDF
Advantages of privacy by design in IoE
byMarc Vael
 
PDF
Top career課件
byQilian
 
PDF
Privacy By Designer (PHP.ghent)
byAnn Wuyts
 
PDF
Don't Ask, Don't Tell - The Virtues of Privacy By Design
byEleanor McHugh
 
PPTX
Privacy by design
byblogzilla
 
PDF
Safeguarding privacy in research design
byMarlon Domingus
 
PDF
Google在被遺忘權 (Right to Be Forgotten)中所扮演的角色
byWayne Chung
 
PPSX
Information Security Governance: Concepts, Security Management & Metrics
byMarius FAILLOT DEVARRE
 
PPTX
Privacy by Design - taking in account the state of the art
byJames Mulhern
 
PDF
Security by design: An Introduction to Drupal Security
byMediacurrent
 
PDF
Ame Elliott – No, Thank You: User Experience Design for Privacy
byNEXT Conference
 
PDF
Data Pipeline Matters
byJazz Yao-Tsung Wang
 
PDF
The AI Rush
byJean-Baptiste Dumont
 
#Ready4EUdataP Privacy by Design: effetti pratici sui sistemi IT Giancarlo Butti
byEuroPrivacy
 
Privacy by Design Seminar - Jan 22, 2015
byDr. Ann Cavoukian
 
Managing Cloud Security Design and Implementation in a Ransomware World
byMongoDB
 
Privacy by Design: White Papaer
byKristyn Greenwood
 
Advantages of privacy by design in IoE
byMarc Vael
 
Top career課件
byQilian
 
Privacy By Designer (PHP.ghent)
byAnn Wuyts
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
byEleanor McHugh
 
Privacy by design
byblogzilla
 
Safeguarding privacy in research design
byMarlon Domingus
 
Google在被遺忘權 (Right to Be Forgotten)中所扮演的角色
byWayne Chung
 
Information Security Governance: Concepts, Security Management & Metrics
byMarius FAILLOT DEVARRE
 
Privacy by Design - taking in account the state of the art
byJames Mulhern
 
Security by design: An Introduction to Drupal Security
byMediacurrent
 
Ame Elliott – No, Thank You: User Experience Design for Privacy
byNEXT Conference
 
Data Pipeline Matters
byJazz Yao-Tsung Wang
 
The AI Rush
byJean-Baptiste Dumont
 

Similar to 20171106 - Privacy Design Lab - LINDDUN

PDF
Privacy: Regulatory Pressure is the Consequence of a Broader Problem
byMatthew Karnas
 
PDF
Threat Modeling Everything
byAnne Oikarinen
 
PDF
Privacy & Data Breach: 2012 Recap, 2013 Predictions
byResilient Systems
 
PPT
The Countdown is on: Key Things to Know About the GDPR
byCase IQ
 
PPTX
Privacy in AI/ML Systems: Practical Challenges and Lessons Learned
byKrishnaram Kenthapadi
 
PDF
[AIIM18] GDPR: whose job is it now? - Paul Lanois
byAIIM International
 
PPTX
GDPR How to get started?
byPeter Witsenburg
 
PDF
Intelligent cyber security solutions
bySwapnil Deshmukh
 
PDF
eu-market-access-gdpr-fundamentals-by-risk-associates
byMohsin Termezy
 
PDF
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
byHappiest Minds Technologies
 
PDF
How to Approach the NYDFS Proposed Cybersecurity Requirements
byKyle Brown
 
PPTX
Data Privacy for Information Security Professionals Part 1
byDione McBride, CISSP, CIPP/E
 
PPTX
Elkoumy - Libra - ICPM22.pptx
byGamal Elkoumy
 
PPTX
Save Your Network – Protecting Healthcare Data from Deadly Breaches
byLancope, Inc.
 
PPTX
What is the GDPR & What does it mean for YOUR business?
byNexsen Pruet
 
PPTX
DevSecCon London 2018: How to fit threat modelling into agile development: sl...
byDevSecCon
 
PPTX
WP Helsinki Meetup - GDPR for devs
byTiia Rantanen
 
PDF
GDPR/CCPA Compliance and Data Governance in Hadoop
byEyad Garelnabi
 
PPTX
GDPR and eHealth for the pharma industry (VFenR presentation)
byErik Vollebregt
 
PDF
Mcis 2018 DEFeND Project
byDEFeND Project
 
Privacy: Regulatory Pressure is the Consequence of a Broader Problem
byMatthew Karnas
 
Threat Modeling Everything
byAnne Oikarinen
 
Privacy & Data Breach: 2012 Recap, 2013 Predictions
byResilient Systems
 
The Countdown is on: Key Things to Know About the GDPR
byCase IQ
 
Privacy in AI/ML Systems: Practical Challenges and Lessons Learned
byKrishnaram Kenthapadi
 
[AIIM18] GDPR: whose job is it now? - Paul Lanois
byAIIM International
 
GDPR How to get started?
byPeter Witsenburg
 
Intelligent cyber security solutions
bySwapnil Deshmukh
 
eu-market-access-gdpr-fundamentals-by-risk-associates
byMohsin Termezy
 
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
byHappiest Minds Technologies
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
byKyle Brown
 
Data Privacy for Information Security Professionals Part 1
byDione McBride, CISSP, CIPP/E
 
Elkoumy - Libra - ICPM22.pptx
byGamal Elkoumy
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
byLancope, Inc.
 
What is the GDPR & What does it mean for YOUR business?
byNexsen Pruet
 
DevSecCon London 2018: How to fit threat modelling into agile development: sl...
byDevSecCon
 
WP Helsinki Meetup - GDPR for devs
byTiia Rantanen
 
GDPR/CCPA Compliance and Data Governance in Hadoop
byEyad Garelnabi
 
GDPR and eHealth for the pharma industry (VFenR presentation)
byErik Vollebregt
 
Mcis 2018 DEFeND Project
byDEFeND Project
 

More from Brussels Legal Hackers

PPTX
20190528 - Guidelines for Trustworthy AI
byBrussels Legal Hackers
 
PDF
20190423 PRiSE model to tackle data protection impact assessments and data pr...
byBrussels Legal Hackers
 
PPTX
20190316 - CLBFest - Blockchain & the law - Willem Van de Wiele
byBrussels Legal Hackers
 
PDF
20190316 - CLBFest - Blockchain is WTF - Gerrie Smits
byBrussels Legal Hackers
 
PDF
20190316 - CLBFest - 1337 to legal - Koen Vingerhoets
byBrussels Legal Hackers
 
PPTX
20190316 - CLBFest - GDPR & Blockchain - Axel Beelen
byBrussels Legal Hackers
 
PPTX
20190316 - CLBFest - Cryptocurrencies and tax - Hendrik Putman
byBrussels Legal Hackers
 
PDF
20190221 Algorithmic transparency and accountability in practice
byBrussels Legal Hackers
 
PPTX
20190221 Data subject rights in practice
byBrussels Legal Hackers
 
PPTX
20180619 Controller-to-Processor agreements
byBrussels Legal Hackers
 
PPTX
20180607 - Tech Summit presentation
byBrussels Legal Hackers
 
PPTX
20180317 CLBfest 2018 - Trase
byBrussels Legal Hackers
 
PPTX
20171108 IAPP Congress - Privacy by Design presentation
byBrussels Legal Hackers
 
PPTX
20170601 - Digital festival presentation
byBrussels Legal Hackers
 
PPTX
20170801 GDPR Q&A intro
byBrussels Legal Hackers
 
PDF
20170620 MEETUP intro to blockchain and smart contracts (2)
byBrussels Legal Hackers
 
PPTX
20170620 MEETUP smart contracts proof of concept for prescriptions
byBrussels Legal Hackers
 
PDF
20170620 MEETUP intro to blockchain and smart contracts (1)
byBrussels Legal Hackers
 
PPTX
20170418 MEETUP on Creative Commons
byBrussels Legal Hackers
 
PDF
20170122 MEETUP on autonomous vehicles
byBrussels Legal Hackers
 
20190528 - Guidelines for Trustworthy AI
byBrussels Legal Hackers
 
20190423 PRiSE model to tackle data protection impact assessments and data pr...
byBrussels Legal Hackers
 
20190316 - CLBFest - Blockchain & the law - Willem Van de Wiele
byBrussels Legal Hackers
 
20190316 - CLBFest - Blockchain is WTF - Gerrie Smits
byBrussels Legal Hackers
 
20190316 - CLBFest - 1337 to legal - Koen Vingerhoets
byBrussels Legal Hackers
 
20190316 - CLBFest - GDPR & Blockchain - Axel Beelen
byBrussels Legal Hackers
 
20190316 - CLBFest - Cryptocurrencies and tax - Hendrik Putman
byBrussels Legal Hackers
 
20190221 Algorithmic transparency and accountability in practice
byBrussels Legal Hackers
 
20190221 Data subject rights in practice
byBrussels Legal Hackers
 
20180619 Controller-to-Processor agreements
byBrussels Legal Hackers
 
20180607 - Tech Summit presentation
byBrussels Legal Hackers
 
20180317 CLBfest 2018 - Trase
byBrussels Legal Hackers
 
20171108 IAPP Congress - Privacy by Design presentation
byBrussels Legal Hackers
 
20170601 - Digital festival presentation
byBrussels Legal Hackers
 
20170801 GDPR Q&A intro
byBrussels Legal Hackers
 
20170620 MEETUP intro to blockchain and smart contracts (2)
byBrussels Legal Hackers
 
20170620 MEETUP smart contracts proof of concept for prescriptions
byBrussels Legal Hackers
 
20170620 MEETUP intro to blockchain and smart contracts (1)
byBrussels Legal Hackers
 
20170418 MEETUP on Creative Commons
byBrussels Legal Hackers
 
20170122 MEETUP on autonomous vehicles
byBrussels Legal Hackers
 

Recently uploaded

DOCX
Mobile applications Devlopment ReTest year 2025-2026
byDr. Mazin Mohamed alkathiri
 
PDF
NAVIGATE PHARMACY CAREER OPPORTUNITIES.pdf
byMd. Zakaria Faruki
 
PPTX
Hypothesis. its definition and typrs pptx
byMakarand Joshi
 
PPTX
Enquesta_Quiz__Jan1st week 2025 round up.pptx
byNitin Suresh
 
PDF
Ketogenic diet in Epilepsy in children..
bymirzasania0810
 
PPTX
Rectal Surgery in Senior Citiizens .pptx
byJohn Thanakumar
 
PPTX
CROP RESIDUE MANAGEMANT AND ITS EFFECT ON SOIL HEALTH
byShraddha Maurya
 
PPTX
What is the Post load hook in Odoo 18
byCeline George
 
PDF
Prescription Writing- Elements, Parts, and Exercises
byDr. Ishita Agarwal
 
PPTX
Unit I — General Physiology: Basic Concepts
byRAKESH SAJJAN
 
PDF
FAMILY ASSESSMENT FORMAT - CHN practical
byDr. Sudhadevi Sadanandan
 
PPTX
Introduction to Sampling Methods :Basic Concept
byvetri339874
 
PDF
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
PDF
Orchard Floor Managment.pdf Orchard Floor Management
bybisensharad
 
PDF
Language and curriculum (B. Ed) semester 2
bynehapanna60
 
PPTX
Cost of Capital - Cost of Equity, Cost of debenture, Cost of Preference share...
bySundar B N
 
PDF
2025 | Quiz9 | Cinema Connect Trivia Questions Only
bySoumik Biswas
 
PPTX
Role of the Uninstall Hook in Odoo 18 Module Cleanup
byCeline George
 
PPTX
The Silence and the Whip: How Non-Verbal Acting Served Two Diverging Genres
by6x5csns4pn
 
PPTX
ICH Harmonization A Global Pathway to Unified Drug Regulation.pptx
byDr. Smita Kumbhar
 
Mobile applications Devlopment ReTest year 2025-2026
byDr. Mazin Mohamed alkathiri
 
NAVIGATE PHARMACY CAREER OPPORTUNITIES.pdf
byMd. Zakaria Faruki
 
Hypothesis. its definition and typrs pptx
byMakarand Joshi
 
Enquesta_Quiz__Jan1st week 2025 round up.pptx
byNitin Suresh
 
Ketogenic diet in Epilepsy in children..
bymirzasania0810
 
Rectal Surgery in Senior Citiizens .pptx
byJohn Thanakumar
 
CROP RESIDUE MANAGEMANT AND ITS EFFECT ON SOIL HEALTH
byShraddha Maurya
 
What is the Post load hook in Odoo 18
byCeline George
 
Prescription Writing- Elements, Parts, and Exercises
byDr. Ishita Agarwal
 
Unit I — General Physiology: Basic Concepts
byRAKESH SAJJAN
 
FAMILY ASSESSMENT FORMAT - CHN practical
byDr. Sudhadevi Sadanandan
 
Introduction to Sampling Methods :Basic Concept
byvetri339874
 
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
Orchard Floor Managment.pdf Orchard Floor Management
bybisensharad
 
Language and curriculum (B. Ed) semester 2
bynehapanna60
 
Cost of Capital - Cost of Equity, Cost of debenture, Cost of Preference share...
bySundar B N
 
2025 | Quiz9 | Cinema Connect Trivia Questions Only
bySoumik Biswas
 
Role of the Uninstall Hook in Odoo 18 Module Cleanup
byCeline George
 
The Silence and the Whip: How Non-Verbal Acting Served Two Diverging Genres
by6x5csns4pn
 
ICH Harmonization A Global Pathway to Unified Drug Regulation.pptx
byDr. Smita Kumbhar
 

20171106 - Privacy Design Lab - LINDDUN

  • 1.
    Towards GDPR Compliancewith LINDDUN Aram Hovsepyan Kim Wuyts https://www.facebook.com/LINDDUN.privacy/ https://twitter.com/linddun https://linddun.org
  • 2.
    2 2 Large team of professionals §12 faculty members § 8 research managers § 15 postdocs § 50 PhD Students § Business office Project-centric research § fundamental research at the core § strategic basic research § applied research with industry § contract research Distributed Software Software engineering Secure Software
  • 3.
  • 4.
    COMPLIANCE GDPR Compliance 4 LEGALLEGALTECHNICAL LIN DDUN › Functional ›“Appropriate technical measures…” Right to be forgotten ✔ Right to information ✔ Right to access ✔ Right to rectification ✔ Right to object ✔ Right to data portability ✔
  • 5.
    LINDDUN background › Developedbefore the GDPR hysteria › Scientifically renown › Industrially accepted (ISO27550) 5
  • 6.
    LINDDUN › Technical dataprotection impact assessment methodology › Threat modeling framework › System description › Threat elicitation › Threat management / mitigation 6
  • 7.
    LINDDUN* Framework › Step1: describe the system › create a data flow diagram (DFD) › describe all data › Step 2: elicit threats/risks › map threats to DFD elements › identify threats using attack trees › Step 3: manage threats/risks › prioritize in dialog with the DPO › mitigate using a taxonomy of PETs 7* We present a modified version of LINDDUN
  • 8.
    Step 1: Createthe Data Flow Diagram 8
  • 9.
    Step 1: Createthe Data Flow Diagram 9 Cloud Server 1. User 2. Administrator Back-endFront-end 9. Authentication 4. Overall database 6. Authentication 5. Portal facade 8. Portal facade 11. Mail server 7. Chat 10. Chat 13. HTTPS12. HTTPS 3. Ops 14. SSH 15 16 17 18 19 20 21 22 23 24 25 26. Logging 27. Imitate
  • 10.
    Step 1: Describeall data › Databases › Files › Logs › apache logs 10
  • 11.
    › Linkability › Identifiability ›Non-repudiation › Detectability › Disclosure of Information › Unawareness › Non-compliance Step 2: Elicit threats 11
  • 12.
    Step 2: Elicitthreats 12 Security/Privacy mavens Experts in other areas LINDDUN AttackTrees Checklists CAPEC STRIDE
  • 13.
    Step 2: Mapthreats to DFD elements 13 Linkability Identifiability Non-repudiation Detectability Information Disclosure Content Unawareness Policy&Consent Non-compliance Data store X X X X X X Data flow X X X X X X Process X X X X X X Entity X X X MAPPINGTEMPLATE
  • 14.
    Assumptions › Pre-conditions /invariants that invalidate threats, e.g.: › non-repudiation threats often not applicable › secure communication (https A+ grade) › identifiability and linkability threats not be applicable to closed systems 14
  • 16.
    Step 2: Identifythreat scenarios using attack trees 16
  • 17.
    Step 2: example 17 Threat1 Using the forgot password feature we can identify a system user. DFD 4 (Detectability). Description Forgot password feature asks the email address of the user and after resetting the password says that a reset password email is successfully sent to the user. This could lead to identifiability problems where an attacker can easily check whether the user has a registration within the platform. Countermeasure None Likelihood Limited Impact Negligible Action point Modify the forgot password feature to always produce the same message making it impossible to figure out whether the user with the specified email address exists or not. Reference D_p (12)
  • 18.
    Step 2: example 18 Threat3 Storing a complete log of user actions. DFD 4 (Identifiability, Linkability, Unawareness, Non-compliance) Description All user actions are logged in the system for statistical purposes. This poses a significant privacy threat for a number of categories, such as, unawareness and non-compliance. Note that even if this data is anonymized, the threats for identifiability and linkability remain as we could match the user last login time and figure out the user log actions. Countermeasure None Likelihood Maximum (administrators can always have a look at the complete log). Impact Limited (to be discussed with DPOs). Action point • Make sure the privacy policy reflects that a detailed log is collected. • Keep the log, but drop the link to the users (impossible to track teams). • Reduce the time accuracy for the logs (e.g., keep only the action hour, and not the minute and second). Reference L_ds6, I_ds5, I_ds6, U_2, NC_3 (4)
  • 19.
    Step 3: Managethreats › Accept › Mitigate › Avoid › Transfer 19
  • 20.
    Step 3: Managethreats 20
  • 21.
  • 22.
  • 23.
    LINDDUN › Systematic technicaldata privacy impact assessment framework › Solid scientific foundation › 30 years security research › 10 years privacy research › Collaborative effort with COSIC and CiTiP › Validated through empirical studies and pilot projects 23 https://linddun.org