@InProceedings{LanzingerWeiglDPM2022,
author = {Florian Lanzinger and Alexander Weigl},
editor = {Joaquin Garcia-Alfaro and
Jose Luis Mu{\~{n}}oz-Tapia and
Guillermo Navarro-Arribas and
Miguel Soriano},
title = {Towards a Formal Approach for Data Minimization in Programs},
booktitle = {Data Privacy Management, Cryptocurrencies and Blockchain Technology},
year = {2022},
month = jan,
publisher = {Springer International Publishing},
address = {Cham},
pages = {161--169},
abstract = {As more and more processes are digitized, the protection of personal
data becomes increasingly important for individuals, agencies,
companies, and society in general. One principle of data protection
is data minimization, which limits the processing and storage of
personal data to the minimum necessary for the defined purpose. To
adhere to this principle, an analysis of what data are needed by a
piece of software is required. In this paper, we present an idea for
a program analysis which connects data minimization with secure
information flow to assess which personal data are required by a
program: A program is decomposed into two programs. The first
projects the original input, keeping only the minimal amount of
required data. The second computes the original output from the
projected input. Thus, we achieve a program variant which is
compliant with data minimization. We define the approach, show how it
can be used for different scenarios, and give examples for how to
compute such a decomposition.},
isbn = {978-3-030-93944-1},
doi = {10.1007/978-3-030-93944-1_11}
}
Towards a Formal Approach for Data Minimization in Programs
| Author(s): | Florian Lanzinger and Alexander Weigl |
|---|---|
| In: | Data Privacy Management, Cryptocurrencies and Blockchain Technology |
| Publisher: | Springer International Publishing |
| Year: | 2022 |
| Pages: | 161-169 |
| DOI: | 10.1007/978-3-030-93944-1_11 |
Abstract
As more and more processes are digitized, the protection of personal data becomes increasingly important for individuals, agencies, companies, and society in general. One principle of data protection is data minimization, which limits the processing and storage of personal data to the minimum necessary for the defined purpose. To adhere to this principle, an analysis of what data are needed by a piece of software is required. In this paper, we present an idea for a program analysis which connects data minimization with secure information flow to assess which personal data are required by a program: A program is decomposed into two programs. The first projects the original input, keeping only the minimal amount of required data. The second computes the original output from the projected input. Thus, we achieve a program variant which is compliant with data minimization. We define the approach, show how it can be used for different scenarios, and give examples for how to compute such a decomposition.