methods and tools for gdpr compliance through privacy and ... · 20547-4 big data security and...

Methods and Tools for GDPR Compliance through

Privacy and Data

Protection 4 Engineering

Assurance for complex ecosystems Antonio Kung (Trialog)

Data, ICT services, AI, …: Standardisation and Certification as the new law of everything?

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787034

17/09/2019 Slide 1 Data, ICT services, AI, …: Standardisation and Certification as

the new law of everything?

Speaker

ICT research projects KUL COSIC: Teaha, GST, Sevecom, Preciosa KUL Citip: Paris, Pripare, PDP4E (coordinator)

Other projects Create-IoT (large scale pilots support action) Interconnect (Large Scale Pilot on smart grids,

building, homes) CTI (System X framework on ITS cybersecurity)

Standardisation and certification ISO/IEC JTC1 AG8 Meta reference architecture ISO/IEC SC41 IoT

21823-3 Semantic interoperability 30141 IoT reference architecture

ISO TC22/SC32/WG11 21434 Road vehicles cybersecurity

enginering ISO/IEC JTC1/SC27 (as leader)

27550 privacy engineering 27570 privacy guidelines for smart cities 27030 security and privacy guidelines for IoT 27556 privacy preference management Study period: privacy engineering models Study period: impact of AI on privacy

ISO/IEC JTC1/SC27 (as contributor) 20547-4 big data security and privacy 20745 big data security and privacy

processes NWIP IoT domotics security and privacy Study period evaluation of connected

vehicles based on 15408

17/09/2019 Data, ICT services, AI, …: Standardisation and Certification as

the new law of everything? Slide 2

IPEN member (ipen.trialog.com)


17/09/2019 3

Model driven design

Requirements engineering

Assurance and

certification

Risk management

Smart grid use case

Connected vehicle use

case

Knowledge base

Meta models

PDP4E in a Nutshell



Landscape: System and software assurance (ISO/IEC 15026)


the new law of everything? 5

Objective • System meets specifications

Integrity level

• Representation of degree of confidence : agreement

among stakeholders of a system about risks related to that

system.

• Emphasis on evidence and quality of arguments

Landscape: Conformity assessment (ISO 17000)



Selection

Planning and preparing activities to collect or produce input for determination

Determination

information on fulfilment of specified requirements: sampling, testing, inspection, audit, peer assessment.

Review and attestation

declaration, certification, accreditation. Legend

Selection

Determination


Information on selected items

Information on fulfillment of specified requirements

Fulfillment of specified requirements demonstrated

Surveillance needed?

Need to demonstrate fulfilment of specified requirements

Yes

No function

output of function Express demands Link function

and output

Landscape: Common Criteria (ISO/IEC 15408)



Security assurance

Sufficiency

if controls do what they claim to do, then threats to assets are countered

Risk analysis leading to organisational and technical measures

Correctness Controls do what they claim to do

Evaluation assurance level on technical measures

Security Functional

Requirements

Security Assurance

Requirements

15408 Evaluation

criteria

Describes

Evaluation Assurance Level (EAL)

Target of Evaluation

on to reach

Composed product

certification

Landscape: Common Criteria (ISO/IEC 15408)

Current extension: composition of « small » systems Example: OS + Driver



Product 1 certification

Product 2 certification

Conformity assessment vs Common criteria evaluation



Selection

Determination

sampling

testing

inspection

audit

peer assessment. Evaluation


Review

Attestation

declaration,

certification,

accreditation.

Landscape: Complex systems and Systems of Systems (ISO/IEC/IEEE 21839, 21840, 21841)



Structure of

SoS

• System of interest (SoI)

• Independent operation

and management

Characteristics

of SoS

• Geographical

distribution

• Emergent behaviour

• Evolutionary

development

processes.


Emergent behaviour




Emergent risks



system V Risks

system W Risk

SoS V+W Risks!!!




Governance

Directed SoS Strongest governance. One SoS has authority over the

others. Strong managerial and operational alignment

Acknowledged SoS Agreement to collaborate under an agreed

management structure

Collaborative SoS Agreement on purpose with no agreed management

Virtual SoS No centralized management, no purpose agreement

Assurance issues for SoS



Assurance challenges Impact on assurance

Properties of SoS

Managerial and operation independence SoS emerging capability SoS evolutionary context

Assurance of ecosystem collaborative

capability agreement processes multiple views organisational measures

correctness (not covered in 15408)

Framework for protection profile

Diversity of SoS assurance viewpoints

Perimeter (ecosystem, system of interest, subsystem) representations (Capability, Functionality, Behaviour,

Structure, Service,…) tatic and/or dynamic aspects of SoS

Domain specific needs (e.g. OEM-centric architecture in

automotive domain)

Automotive cybersecurity engineering (ISO/SAE 21434)

Context Vehicle type approval on cybersecurity

based on UN regulation Cybersecurity engineering practice

(ISO/SAE 21434) integrated into automotive engineering practice

ISO/SAE 21434 Copes with the cybersecurity

engineering of an item system or combination of systems to

implement a function at the vehicle level to which cybersecurity activities are applied

Consists of cybersecurity activities



ISO/SAE 21434 focus on risk assessment

ISO/SAE 21434 has a focus on risk assessment for complex automotive systems Takes a architecture driven approach

Attack feasibility attribute

Concept of attack path

Concept of attack feasibility rating

17/09/2019

ISO/SAE 21434 Risk assessment cybersecurity activity

Asset identification

Threat scenario identification

Impact rating

Vulnerability analysis Attack path analysis Attack feasibility rating

RIsk determination

RIsk treatment decision

16 Data, ICT services, AI, …: Standardisation and Certification as


ISO/SAE 21434 viewpoint on assurance: Sufficiency of risk analysis and rigor of cybercurity engineering



Sufficiency of

risk analysis

Risk analysis undertaken with a

commonly agreed degree of

sufficiency in the supply chain

Rigor of

cybersecurity

engineering

if cybersecurity engineering

activities do what they claim to do,

then the item has been

engineered with the appropriate

level of rigor

to reach

Assurance

requirements

Commonly agreed

risk analysis

sufficiency (TAF)

Cybersecurity

Engineering

Assurance

Level (CAL)

ISO/SAE 21434

Road vehicles

Cybersecurity

engineering

Requirements

Describes

Item

Cybersecurity

activities

on

Architecture driven

risk analysis

includes

Bridging 21434 with 15408

An ISO/SAE 21434 item can include ToEs evaluated according to ISO 15408



Examples of ToEs: digital tachograph, mobile C-ITS station,

an HSM in an ECU…

Example: Cooperative Awareness Message (CAM) for safety

17/09/2019 19

Road side unit

Sending vehicle

Receiving vehicle

Broadcast message (CAM – Cooperative Awareness Message)

Position of vehicle

Movement of vehicle (speed, acceleration, steering angle, …) Static information about the vehicle: type and size

Recent Path (limited to the last 30 seconds at maximum)


Privacy-by-design: Pseudonyms (see https://www.sevecom.eu/ 2006-2008)

17/09/2019 20

Pseudonymization authority

Road side unit

Sending vehicle

Receiving vehicle


https://www.sevecom.eu/



Ecosystem

17/09/2019 21

Application operator Road side unit (Safety, Traffic)

Pseudonym operator (PKI)

CAM operator Vehicle

CAM operator Road side unit

Application operator On board safety


Application operator Road side unit (Safety, Traffic)

Pseudonym operator (PKI)

CAM operator Vehicle

CAM operator Road side unit

Application operator On board safety

Ecosystem Risks

17/09/2019 22

Linking data

(using AI) Linking pseudonyms

(using AI)

Identify driving behaviour Identify driving offence


Resulting maze of DPIAs



Application operator C

Application operator

PKI operator

CAM operator

Application operator B

Application operator A

PKI operator Y

PKI operator X

C-ITS Ecosystem specification phase C-ITS Ecosystem deployment phase

One DPIA

CAM operator 1

CAM operator 2

CAM operator 3

CAM operator 4

Methods and Tools for GDPR Compliance through

Privacy and Data

Protection 4 Engineering

Thank you for your attention

Questions?

For more information, visit: www.pdp4e-project.org

Contact points Antonio Kung (Trialog)

[email protected] Yod Samuel Martín (UPM)

[email protected]



http://www.pdp4e-project.org/



mailto:[email protected]

methods and tools for gdpr compliance through privacy and ... · 20547-4 big data security and...

Documents