PDGuard: New innovative software architecture for the secure processing and protection of personal data, created by AUEB’s researchers
Athens, 3rd December 2019
PRESS RELEASE
PDGuard: New innovative software architecture for the secure processing and protection of personal data, created by AUEB’s researchers
The protection of personal data has a new ally, the PDGuard software architecture, developed by researchers of the Business Analytics Lab, at the Department of Management Science and Technology (DMST) of Athens University of Economics and Business (AUEB).
Dr. Dimitris Mitropoulos, Thodoris Sotiropoulos, Nikos Koutsavassilis and Professor Diomidis Spinellis presented the novel architecture, applied in two different case studies, in a recent research paper (https://link.springer.com/article/10.1007/s10207-019-00468-5) which was published by the International Journal of Information Security, a well-respected journal in information security.
As Dr. Dimitris Mitropoulos states “The PDGuard architecture changes the way we control and protect our personal data, offering the user means to reliably monitor the way that applications use their personal data. Moreover, it can be easily incorporated into business processes that handle personal data so that the data are not available without informed consent”.
Online personal data are rarely, if ever, effectively controlled by the users they concern. Worse, as demonstrated by the numerous leaks reported each week, the organizations that store and process them fail to adequately safeguard the required confidentiality. PDGuard is a novel software architecture that addresses both problems. In the context of PDGuard, personal data are always stored encrypted as opaque objects. Processing them can only be performed through the PDGuard Application Programming Interface (API), under data and action-specific authorizations supplied online by third-party agents. Through these agents end-users can easily and reliably authorize and audit how organizations use their personal data, a concept aligned with the European Union’s General Data Protection Regulation (GDPR). A static verifier can be employed to identify accidental API misuses.
“PDGuard demonstrates the excellent “dialogue” between the university research and the society, and the University's contribution as a knowledge hub with immediate and effective implementation to the market," as Professor Diomidis Spinellis noticed. "In DMST Department, the production of knowledge and the extroversion, linking up applied research, production and the market, for the benefit of citizens, are significant parameters for the development of the Department and its human capital, with cooperations within and outside Greece”.
Following a security-by-design approach, PDGuard changes the problem of personal data management from the, apparently, intractable problem of supervising processes, operations, personnel, and a large software stack to that of auditing the applications that use the framework for compliance. The framework’s applicability is exemplified by a reference implementation and two use cases including an existing PDGuard-based e-shop, and a PDGuard-integration into The Guardian newspaper’s website identity application
Notably, Dr. Mitropoulos was invited to present PDGuard at the ΜyData General Meeting, as a keynote speaker. The meeting was organized by MyData, which is one of the largest community regarding personal data and their management, worldwide.
For more information on PDGuard software, you are kindly requested to contact Mr. Dimitris Mitropoulos (dimitro@aueb.gr).
Business Analytics Lab
The laboratory was created to serve teaching and research needs in the field of "Business Analytics" and in particular in the following areas, with emphasis on the needs of all types of agencies:
- Methods, technologies and applications of collection, processing, representation, modeling and data analysis.
- Software applications and data analysis related to the subject of the laboratory.
- Data analysis systems and data analysis applications in the development and operation of any systems.
- Methods, technologies and applications of large scale optimization problem virtualization and solving.