direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Page Content

Information Governance

In order to be practically applicable, modern information systems must meet a broad variety of requirements in matters of security and privacy. These requirements typically depend on multiple factors like the application domain (e.g., specific regulatory requirements for the financial sector or for smart grids), the kind of data being collected and processed (e.g. personal data, business secrets, etc.) or the location of storage and processing. Furthermore, security and privacy are never the sole goal of systems design but rather conflict with other functional and non-functional objectives like functionality, performance, scalability, usability, interoperability, etc.

In order to appropriately pay regard to these factors and to bring them into reasonable balance, our research approach to security and privacy explicitly comprises interdisciplinary aspects like techno-legal questions of security and privacy ("compliance"), security economics, or collaborative privacy governance. Based on our strong interdisciplinary expertise, integrating these perspectives with methods like cloud benchmarking and technologies like preference languages/ontologies, usage control mechanisms or blockchains allows us to develop novel approaches that are suitable for coping with current and upcoming security and privacy challenges in fields like Cloud/Fog Computing, IoT, Smart Grid, Industry 4.0 and many more. Our overall goal are concrete information systems as well as concepts and mechanisms for building such systems that provide security and privacy "by design".

A particular focus of our research lies on the comprehensive while still practically applicable transformation of legal and regulatory requirements into concrete technical designs. While, for instance, the concept of "privacy by design" has primarily been picked up in the information systems domain as being about security, data minimization and anonymity, we also consider further core concepts of privacy/data protection law like "informed consent" or "purpose limitation" and transform them into technical representations like technology-mediated privacy preferences or purpose-aware consent management systems.

Related Projects

Publications

Max-R. Ulbricht and Frank Pallas (2018). Nutzungspräferenzen im Internet der Dinge. digma - Zeitschrift für Datenrecht und Informationssicherheit 4/2018, 208-211.


Frank Pallas (2018). Datenschutz in Zeiten alles durchdringender Vernetzung: Herausforderungen für das Zusammenspiel von Technik und Regulierung. Die Fortentwicklung des Datenschutzes - Zwischen Systemgestaltung und Selbstregulierung. Springer, 17-37.

Link to publication

M. Henze and V. Almeida and J. Bacon and M. Herschel and M. Ott and F. Pallas and T. Pasquier and S. Puglisi and M. Seltzer and M. Winikoff and M. Zitterbart (2018). Engineering Accountable Systems. Towards Accountable Systems (Dagstuhl Seminar 18181). Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 137-140.

Link to publication

M.-R. Ulbricht and F. Pallas (2018). YaPPL - A Lightweight Privacy Preference Language for Legally Sufficient and Automated Consent Provision in IoT Scenarios. Proceedings of Data Privacy Management 2018. Springer International Publishing.

Link to publication

Frank Pallas and Martin Grambow (2018). Three Tales of Disillusion: Benchmarking Property Preserving Encryption Schemes. 15th International Conference on Trust, Privacy and Security in Digital Business - TrustBus 2018, 39–54.

Link to publication

Zusatzinformationen / Extras

Quick Access:

Schnellnavigation zur Seite über Nummerneingabe

Auxiliary Functions