Abstract
The world of big data has unlocked novel avenues for organizations to generate value via sharing data. Current data ecosystem initiatives such as Gaia-X and IDS are introducing data-driven business models that facilitate access to diverse data sources and automate data exchange processes among organizations. However, this also poses challenges for organizations and their customers in preserving control over their own data. This paper provides an overview of the extension requirements on current usage control concepts in data spaces through technical means to augment data privacy guarantees. Our analysis clarifies the deficiencies regarding privacy within the realms of data sovereignty and sovereign data spaces, as well as the risks and opportunities associated with the application of machine learning on sensitive data. This work identifies promising foundational elements and presents areas of research for the integration of privacy-enhancing technologies into usage control for remote data science.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Akbari Gurabi, M., Mandal, A., Popanda, J., Rapp, R., Decker, S.: Sasp: a semantic web-based approach for management of sharable cybersecurity playbooks. In: Proceedings of the 17th International Conference on Availability, Reliability and Security, pp. 1–8 (2022)
Alboaie, S., Cosovan, D.: Private data system enabling self-sovereign storage managed by executable choreographies. In: Chen, L., Reiser, H. (eds.) Distributed Applications and Interoperable Systems: 17th IFIP WG 6.1 International Conference, DAIS 2017, Held as Part of the 12th International Federated Conference on Distributed Computing Techniques, DisCoTec 2017, Neuchâtel, Switzerland, 19–22 June 2017, Proceedings, vol. 17, pp. 83–98. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-59665-5_6
Araujo, V., Mitra, K., Saguna, S., Åhlund, C.: Performance evaluation of fiware: a cloud-based IoT platform for smart cities. J. Parallel Distrib. Comput. 132, 250–261 (2019)
Autolitano, S., Pawlowska, A.: Europe’s quest for digital sovereignty: Gaia-x as a case study. IAI Papers 21(14), 1–22 (2021)
Caiza, J.C., Martín, Y.S., Guamán, D.S., Del Alamo, J.M., Yelmo, J.C.: Reusable elements for the systematic design of privacy-friendly information systems: a mapping study. IEEE Access 7, 66512–66535 (2019)
Courtney, M.: Regulating the cloud crowd. Eng. Technol. 8(4), 60–63 (2013)
Dankar, F.K., Ibrahim, M.: Fake it till you make it: guidelines for effective synthetic data generation. Appl. Sci. 11(5), 2158 (2021)
Drichel, A., Akbari Gurabi, M., Amelung, T., Meyer, U.: Towards privacy-preserving classification-as-a-service for DGA detection. In: 2021 18th International Conference on Privacy, Security and Trust (PST), pp. 1–10. IEEE (2021)
Dwork, C., Roth, A., et al.: The algorithmic foundations of differential privacy. Found. Trends® Theor. Comput. Sci. 9(3–4), 211–407 (2014)
Ernstberger, J., et al.: Sok: data sovereignty. Cryptology ePrint Archive (2023)
Esposito, C., Castiglione, A., Choo, K.K.R.: Encryption-based solution for data sovereignty in federated clouds. IEEE Cloud Comput. 3(1), 12–17 (2016)
Evans, D., Kolesnikov, V., Rosulek, M., et al.: A pragmatic introduction to secure multi-party computation. Found. Trends® Priv. Secur. 2(2–3), 70–246 (2018)
Gaia-X: Gaia-x usecases. https://gaia-x.eu/use-cases/. Accessed 30 Nov 2023
Giaconi, G., Gunduz, D., Poor, H.V.: Privacy-aware smart metering: progress and challenges. IEEE Signal Process. Mag. 35(6), 59–78 (2018)
Gil, G., Arnaiz, A., Higuero, M., Diez, F.J.: Assessment framework for the identification and evaluation of main features for distributed usage control solutions. ACM Trans. Priv. Secur. 26(1), 1–28 (2022)
Gürses, S.: Can you engineer privacy? Commun. ACM 57(8), 20–23 (2014)
Hoffmann, A., et al.: Distributed manufacturer services to provide product data on the web. In: EG-ICE (2018)
Hummel, P., Braun, M., Tretter, M., Dabrock, P.: Data sovereignty: a review. Big Data Soc. 8(1), 2053951720982012 (2021)
IDS: International data spaces usecases overview. https://internationaldataspaces.org/make/use-cases-overview/. Accessed 30 Nov 2023
Inflectra.com: Principles of requirements engineering or requirements management 101 (2018). https://www.inflectra.com/Ideas/Whitepaper/Principles-of-Requirements-Engineering.aspx. Accessed 14 July 2023
Irion, K.: Government cloud computing and national data sovereignty. Policy Internet 4(3–4), 40–71 (2012)
König, P.D.: The place of conditionality and individual responsibility in a “data-driven economy”. Big Data Soc. 4(2), 2053951717742419 (2017)
Lohmöller, J., Pennekamp, J., Matzutt, R., Wehrle, K.: On the need for strong sovereignty in data ecosystems. Universitätsbibliothek der RWTH Aachen (2022)
Mead, N.R., Miyazaki, S., Zhan, J.: Integrating privacy requirements considerations into a security requirements engineering method and tool. Int. J. Inf. Priv. Secur. Integrity 1(1), 106–126 (2011)
Nitz, L., Gurabi, M.A., Mandal, A., Heitmann, B.: Towards privacy-preserving sharing of cyber threat intelligence for effective response and recovery. ERCIM NEWS 126, 33 (2021)
Nitz, L., Mandal, A.: DGA detection using similarity-preserving bloom encodings. In: European Interdisciplinary Cybersecurity Conference, pp. 116–120 (2023)
Nitz, L., Zadnik, M., Gurabi, M.A., Obrecht, M., Mandal, A.: From collaboration to automation: a proof of concept for improved incident response. ERCIM NEWS 129 (2022)
Otto, B., Steinbuss, S., Teuscher, A., Lohmann, S., et al.: Ids reference architecture model (version 3.0). International Data Spaces Association (2019)
Pretschner, A., Hilty, M., Schütz, F., Schaefer, C., Walter, T.: Usage control enforcement: present and future. IEEE Secur. Priv. 6(4), 44–53 (2008)
Qarawlus, H., Hellmeier, M., Pieperbeck, J., Quensel, R., Biehs, S., Peschke, M.: Sovereign data exchange in cloud-connected IoT using international data spaces. In: 2021 IEEE Cloud Summit (Cloud Summit), pp. 13–18. IEEE (2021)
Rainie, S.C., Schultz, J.L., Briggs, E., Riggs, P., Palmanteer-Holder, N.L.: Data as a strategic resource: self-determination, governance, and the data challenge for indigenous nations in the United States (2017)
Regulation, P.: Regulation (EU) 2016/679 of the European parliament and of the council. Regulation (EU) 679, 2016 (2016)
Saleem, H., Naveed, M.: Sok: anatomy of data breaches. Proc. Priv. Enhancing Technol. 2020(4), 153–174 (2020)
Schütte, J., Brost, G.S.: Lucon: data flow control for message-based IoT systems. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 289–299. IEEE (2018)
Semantha, F.H., Azam, S., Yeo, K.C., Shanmugam, B.: A systematic literature review on privacy by design in the healthcare sector. Electronics 9(3), 452 (2020)
Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2008)
Theissen-Lipp, J., et al.: Semantics in dataspaces: origin and future directions. In: Companion Proceedings of the ACM Web Conference 2023, pp. 1504–1507 (2023)
Walter, M., Suina, M.: Indigenous data, indigenous methodologies and indigenous data sovereignty. Int. J. Soc. Res. Methodol. 22(3), 233–243 (2019)
Yin, H., Guo, D., Wang, K., Jiang, Z., Lyu, Y., Xing, J.: Hyperconnected network: a decentralized trusted computing and networking paradigm. IEEE Netw. 32(1), 112–117 (2018)
Acknowledgements
This work was funded by the TANGO project and partly supported by the BMBF-ANR-funded project Crypto4Graph-AI (funding number 01IS21100A). TANGO project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 101070052.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 IFIP International Federation for Information Processing
About this paper
Cite this paper
Akbari Gurabi, M., Hermsen, F., Mandal, A., Decker, S. (2024). Towards Privacy-Preserving Machine Learning in Sovereign Data Spaces: Opportunities and Challenges. In: Bieker, F., de Conca, S., Gruschka, N., Jensen, M., Schiering, I. (eds) Privacy and Identity Management. Sharing in a Digital World. Privacy and Identity 2023. IFIP Advances in Information and Communication Technology, vol 695. Springer, Cham. https://doi.org/10.1007/978-3-031-57978-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-57978-3_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57977-6
Online ISBN: 978-3-031-57978-3
eBook Packages: Computer ScienceComputer Science (R0)