Hawk: DevOps-driven Transparency and Accountability in Cloud Native Systems

• URL: http://arxiv.org/abs/2306.02496v1
• Date: Sun, 4 Jun 2023 22:09:42 GMT
• Title: Hawk: DevOps-driven Transparency and Accountability in Cloud Native Systems
• Authors: Elias Gr\"unewald, Jannis Kiesel, Siar-Remzi Akbayin, Frank Pallas
• Abstract summary: Transparency is one of the most important principles of modern privacy regulations. Data controllers must provide data subjects with precise information about the collection, processing, storage, and transfer of personal data.
• Score: 0.0
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Transparency is one of the most important principles of modern privacy regulations, such as the GDPR or CCPA. To be compliant with such regulatory frameworks, data controllers must provide data subjects with precise information about the collection, processing, storage, and transfer of personal data. To do so, respective facts and details must be compiled and always kept up to date. In traditional, rather static system environments, this inventory (including details such as the purposes of processing or the storage duration for each system component) could be done manually. In current circumstances of agile, DevOps-driven, and cloud-native information systems engineering, however, such manual practices do not suit anymore, making it increasingly hard for data controllers to achieve regulatory compliance. To allow for proper collection and maintenance of always up-to-date transparency information smoothly integrating into DevOps practices, we herein propose a set of novel approaches explicitly tailored to specific phases of the DevOps lifecycle most relevant in matters of privacy-related transparency and accountability at runtime: Release, Operation, and Monitoring. For each of these phases, we examine the specific challenges arising in determining the details of personal data processing, develop a distinct approach and provide respective proof of concept implementations that can easily be applied in cloud native systems. We also demonstrate how these components can be integrated with each other to establish transparency information comprising design- and runtime-elements. Furthermore, our experimental evaluation indicates reasonable overheads. On this basis, data controllers can fulfill their regulatory transparency obligations in line with actual engineering practices.

Related papers

• Flex: End-to-End Text-Instructed Visual Navigation with Foundation Models [59.892436892964376]
  We investigate the minimal data requirements and architectural adaptations necessary to achieve robust closed-loop performance with vision-based control policies. Our findings are synthesized in Flex (Fly-lexically), a framework that uses pre-trained Vision Language Models (VLMs) as frozen patch-wise feature extractors. We demonstrate the effectiveness of this approach on quadrotor fly-to-target tasks, where agents trained via behavior cloning successfully generalize to real-world scenes.
  arXiv  Detail & Related papers  (2024-10-16T19:59:31Z)
• Extending Business Process Management for Regulatory Transparency [0.0]
  We bridge the gap between business processes and application systems by providing a plug-in extension to BPMN featuring regulatory transparency information. We leverage process mining techniques to discover and analyze personal data flows in business processes.
  arXiv  Detail & Related papers  (2024-06-14T12:08:34Z)
• Semantic Modelling of Organizational Knowledge as a Basis for Enterprise Data Governance 4.0 -- Application to a Unified Clinical Data Model [6.302916372143144]
  We establish a simple, cost-efficient framework that enables metadata-driven, agile and (semi-automated) data governance. We explain how we implement and use this framework to integrate 25 years of clinical study data at an enterprise scale in a fully productive environment.
  arXiv  Detail & Related papers  (2023-10-20T19:36:03Z)
• Auditing and Generating Synthetic Data with Controllable Trust Trade-offs [54.262044436203965]
  We introduce a holistic auditing framework that comprehensively evaluates synthetic datasets and AI models. It focuses on preventing bias and discrimination, ensures fidelity to the source data, assesses utility, robustness, and privacy preservation. We demonstrate the framework's effectiveness by auditing various generative models across diverse use cases.
  arXiv  Detail & Related papers  (2023-04-21T09:03:18Z)
• Enabling Versatile Privacy Interfaces Using Machine-Readable Transparency Information [0.0]
  We argue that privacy shall incorporate the context of display, personal preferences, and individual competences of data subjects. We provide a general model of how transparency information can be provided from a data controller to data subjects. We show how transparency can be enhanced using machine-readable transparency information and how data controllers can meet respective regulatory obligations.
  arXiv  Detail & Related papers  (2023-02-21T20:40:26Z)
• Scalable Discovery and Continuous Inventory of Personal Data at Rest in Cloud Native Systems [0.0]
  Cloud native systems are processing large amounts of personal data through numerous and possibly multi-paradigmatic data stores. From a privacy engineering perspective, a core challenge is to keep track of all exact locations, where personal data is being stored. We present Teiresias, comprising i) a workflow pattern for scalable discovery of personal data at rest, and ii) a cloud native system architecture and open source prototype implementation of said workflow pattern.
  arXiv  Detail & Related papers  (2022-09-09T10:45:34Z)
• SOLIS -- The MLOps journey from data acquisition to actionable insights [62.997667081978825]
  In this paper we present a unified deployment pipeline and freedom-to-operate approach that supports all requirements while using basic cross-platform tensor framework and script language engines. This approach however does not supply the needed procedures and pipelines for the actual deployment of machine learning capabilities in real production grade systems.
  arXiv  Detail & Related papers  (2021-12-22T14:45:37Z)
• Learning to Limit Data Collection via Scaling Laws: Data Minimization Compliance in Practice [62.44110411199835]
  We build on literature in machine learning law to propose framework for limiting collection based on data interpretation that ties data to system performance. We formalize a data minimization criterion based on performance curve derivatives and provide an effective and interpretable piecewise power law technique.
  arXiv  Detail & Related papers  (2021-07-16T19:59:01Z)
• TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures [0.0]
  Transparency provides information about what personal data is collected for which purposes, how long it is stored, or to which parties it is transferred. Technical approaches for implementing transparency in practice are, however, only rarely considered. We introduce 1) a transparency-focused extension of OpenAPI specifications that allows individual service descriptions to be enriched with transparency-related annotations in a bottom-up fashion and 2) a set of higher-order tools for aggregating respective information across multiple, interdependent services and for coherently integrating our approach into automated CI/CD-pipelines.
  arXiv  Detail & Related papers  (2021-06-10T18:42:50Z)
• Trustworthy Transparency by Design [57.67333075002697]
  We propose a transparency framework for software design, incorporating research on user trust and experience. Our framework enables developing software that incorporates transparency in its design.
  arXiv  Detail & Related papers  (2021-03-19T12:34:01Z)
• Petri Nets with Parameterised Data: Modelling and Verification (Extended Version) [67.99023219822564]
  We introduce and study an extension of coloured Petri nets, called catalog-nets, providing two key features to capture this type of processes. We show that fresh-value injection is a particularly complex feature to handle, and discuss strategies to tame it.
  arXiv  Detail & Related papers  (2020-06-11T17:26:08Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.