Sammendrag
Nowadays, compliance with the General Data Protection Regulation (GDPR) poses a significant challenge for enterprises processing personal data. The GDPR protects individuals' privacy and imposes strict requirements on the processing of such data. Failure to comply with the GDPR can result in fines of up to 20 million Euros or even 4% of the company's total annual turnover. In this thesis, Farzane Karami has focused on exploring methods to enforce the GDPR requirements at the level of a programming language. Karami’s approach involves designing an object-oriented programming language that enforces the GDPR's data usage requirements during program execution. The contributions of this thesis can be categorized as follows: 1) Designing a data protection language (called DPL) with the necessary language features to enforce the GDPR requirements, 2) Formalizing and simulating DPL’s semantics in a logical framework, which provides an executable interpreter to experiment and verify that DPL programs cannot violate the GDPR properties 3) Providing a pen and paper proof to verify our claims. In this thesis, we also conduct research on enforcing security policies in distributed systems, where only authorized entities can access confidential data. We use the language-based approaches and formal methods to automate program analysis and verify whether a program is secure.
Artikkelliste
Paper 1: DPL A Language for GDPR Enforcement. Farzane Karami, David Basin, Einar Broch Johnsen. IEEE 35th Computer Security Foundations Symposium (CSF), 2022, pp. 112–129. DOI: 10.1109/CSF54842.2022.9919687. The article is included in the thesis. Also available at: https://doi.org/10.1109/CSF54842.2022.9919687 |
Paper 2: An Evaluation of Interaction Paradigms for Active Objects. Farzane Karami, Olaf Owe, Toktam Ramezanifarkhani. Journal of Logical and Algebraic Methods in Programming, 2019, Volume 103, pp. 154–183. DOI: 10.1016/j.jlamp.2018.11.008. The article is included in the thesis. Also available at: https://doi.org/10.1016/j.jlamp.2018.11.008 |
Paper 3: Information-Flow-Control by means of Security Wrappers for Active Object Languages with Futures. Published in Nordic Conference on Secure IT Systems, 2020, Lecture Notes in Computer Science, volume 12556, pp. 74–91. DOI: 10.1007/978-3-030-70852-8_5. The article is included in the thesis. Also available at: https://doi.org/10.1007/978-3-030-70852-8_5 |