IoT DB-Audit Approach: a contribution to the adaptation of the EXEHDA middleware to the General Data Protection Law
Abstract
The use of the Internet of Things, especially in the healthcare sector, raises concerns related to the handling of personal data. The LGPD regulates the protection of this data in Brazil, encouraging IoT middleware to consider aspects related to their privacy and security. This article discusses the design of an approach, called IoT DB-Audit, that uses database auditing and alerts arising from the processing of association rules to promote compliance with the LGPD. An initial evaluation by users had positive feedback, indicating that the inclusion of auditing can improve the security and privacy of information stored in databases managed by IoT middleware.References
Abbass, W., Baina, A., and Bellafkih, M. (2020). Evaluation of security risks using apriori algorithm. In Proceedings of the 13th International Conference on Intelligent Systems: Theories and Applications, pages 1–6.
Aniche, M. (2022). Effective Software Testing: A developer’s guide. Simon and Schuster.
Anwar, M. R., Panjaitan, R., and Supriati, R. (2021). Implementation of database auditing by synchronization dbms. International Journal of Cyber and IT Service Management, 1(2):197–205.
Badii, C., Bellini, P., Difino, A., and Nesi, P. (2020). Smart city iot platform respecting gdpr privacy and security aspects. IEEE Access, 8:23601–23623.
Buchgeher, G., Fischer, S., Moser, M., and Pichler, J. (2020). An early investigation of unit testing practices of component-based software systems. In 2020 IEEE Workshop on Validation, Analysis and Evolution of Software Tests (VST), pages 12–15. IEEE.
da República, P. (2018). Lei geral de proteção de dados pessoais. Último acesso 17 março 2023.
Davis, F. D., Bagozzi, R. P., and Warshaw, P. R. (1989). User acceptance of computer technology: a comparison of two theoretical models. Management science, 35(8):982–1003.
de Oliveira, N. S., Gomes, M. A., Lopes, R., and Nobre, J. C. (2019). Segurança da informaçao para internet das coisas (iot): uma abordagem sobre a lei geral de proteçao de dados (lgpd). Revista Eletrônica de Iniciação Científica em Computação, 17(4).
Ghedin, W. (2022). Metodologia para cobertura e qualidade no processo de teste de software em nuvem para aplicações web.
Hipp, J., Güntzer, U., and Nakhaeizadeh, G. (2000). Algorithms for association rule mining—a general survey and comparison. ACM sigkdd explorations newsletter, 2(1):58–64.
Hon, W. K., Millard, C., and Singh, J. (2016). Twenty legal considerations for clouds of things. Queen Mary School of Law Legal Studies Research Paper, (216).
Kammüller, F., Ogunyanwo, O. O., and Probst, C. W. (2019). Designing data protection for gdpr compliance into iot healthcare systems. arXiv preprint arXiv:1901.02426.
Lee, Y. and Lee, G. Y. (2021). Security management suitable for lifecycle of personal information in multi-user iot environment. Sensors, 21(22):7592.
Lopes, J. L., Geyer, C. F. R., Barbosa, J. L., Pernas, A. M., and Yamin, A. C. (2014). A middleware architecture for dynamic adaptation in ubiquitous computing. Journal of Universal Computer Science, 20(9):1327–1351.
Pappachan, P., Yus, R., Mehrotra, S., and Freytag, J.-C. (2020). Sieve: A middleware approach to scalable access control for database management systems. arXiv preprint arXiv:2004.07498.
Pereira, I., Mendes, J., Viana, D., Rivero, L., Ferreira, W., and Soares, S. (2022). Extending an lgpd compliance inspection checklist to assess iot solutions: An initial proposal. In Anais Estendidos do XIII Congresso Brasileiro de Software: Teoria e Prática, pages 28–31. SBC.
Semantha, F. H., Azam, S., Shanmugam, B., and Yeo, K. C. (2023). Pbdinehr: A novel privacy by design developed framework using distributed data storage and sharing for secure and scalable electronic health records management. Journal of Sensor and Actuator Networks, 12(2):36.
Sisinni, S. (2021). Verification of Software Integrity in Distributed Systems. PhD thesis, Politecnico di Torino.
Souza, R., Lopes, J., Geyer, C., Cardozo, A., Yamin, A., and Barbosa, J. (2018). An architecture for iot management targeted to context awareness of ubiquitous applications. Journal of Universal Computer Science, 24(10):1452–1471.
Weber, R. H. (2010). Internet of things–new security and privacy challenges. Computer law & security review, 26(1):23–30.
Aniche, M. (2022). Effective Software Testing: A developer’s guide. Simon and Schuster.
Anwar, M. R., Panjaitan, R., and Supriati, R. (2021). Implementation of database auditing by synchronization dbms. International Journal of Cyber and IT Service Management, 1(2):197–205.
Badii, C., Bellini, P., Difino, A., and Nesi, P. (2020). Smart city iot platform respecting gdpr privacy and security aspects. IEEE Access, 8:23601–23623.
Buchgeher, G., Fischer, S., Moser, M., and Pichler, J. (2020). An early investigation of unit testing practices of component-based software systems. In 2020 IEEE Workshop on Validation, Analysis and Evolution of Software Tests (VST), pages 12–15. IEEE.
da República, P. (2018). Lei geral de proteção de dados pessoais. Último acesso 17 março 2023.
Davis, F. D., Bagozzi, R. P., and Warshaw, P. R. (1989). User acceptance of computer technology: a comparison of two theoretical models. Management science, 35(8):982–1003.
de Oliveira, N. S., Gomes, M. A., Lopes, R., and Nobre, J. C. (2019). Segurança da informaçao para internet das coisas (iot): uma abordagem sobre a lei geral de proteçao de dados (lgpd). Revista Eletrônica de Iniciação Científica em Computação, 17(4).
Ghedin, W. (2022). Metodologia para cobertura e qualidade no processo de teste de software em nuvem para aplicações web.
Hipp, J., Güntzer, U., and Nakhaeizadeh, G. (2000). Algorithms for association rule mining—a general survey and comparison. ACM sigkdd explorations newsletter, 2(1):58–64.
Hon, W. K., Millard, C., and Singh, J. (2016). Twenty legal considerations for clouds of things. Queen Mary School of Law Legal Studies Research Paper, (216).
Kammüller, F., Ogunyanwo, O. O., and Probst, C. W. (2019). Designing data protection for gdpr compliance into iot healthcare systems. arXiv preprint arXiv:1901.02426.
Lee, Y. and Lee, G. Y. (2021). Security management suitable for lifecycle of personal information in multi-user iot environment. Sensors, 21(22):7592.
Lopes, J. L., Geyer, C. F. R., Barbosa, J. L., Pernas, A. M., and Yamin, A. C. (2014). A middleware architecture for dynamic adaptation in ubiquitous computing. Journal of Universal Computer Science, 20(9):1327–1351.
Pappachan, P., Yus, R., Mehrotra, S., and Freytag, J.-C. (2020). Sieve: A middleware approach to scalable access control for database management systems. arXiv preprint arXiv:2004.07498.
Pereira, I., Mendes, J., Viana, D., Rivero, L., Ferreira, W., and Soares, S. (2022). Extending an lgpd compliance inspection checklist to assess iot solutions: An initial proposal. In Anais Estendidos do XIII Congresso Brasileiro de Software: Teoria e Prática, pages 28–31. SBC.
Semantha, F. H., Azam, S., Shanmugam, B., and Yeo, K. C. (2023). Pbdinehr: A novel privacy by design developed framework using distributed data storage and sharing for secure and scalable electronic health records management. Journal of Sensor and Actuator Networks, 12(2):36.
Sisinni, S. (2021). Verification of Software Integrity in Distributed Systems. PhD thesis, Politecnico di Torino.
Souza, R., Lopes, J., Geyer, C., Cardozo, A., Yamin, A., and Barbosa, J. (2018). An architecture for iot management targeted to context awareness of ubiquitous applications. Journal of Universal Computer Science, 24(10):1452–1471.
Weber, R. H. (2010). Internet of things–new security and privacy challenges. Computer law & security review, 26(1):23–30.
Published
2024-07-21
How to Cite
ALBANDES, Rogério; LAMBRECHT, Rodrigo; PIEPER, Leandro; BARCELLOS, Franklin; PERNAS, Ana Marilza; YAMIN, Adenauer.
IoT DB-Audit Approach: a contribution to the adaptation of the EXEHDA middleware to the General Data Protection Law. In: PROCEEDINGS OF BRAZILIAN SYMPOSIUM ON UBIQUITOUS AND PERVASIVE COMPUTING (SBCUP), 16. , 2024, Brasília/DF.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 51-60.
ISSN 2595-6183.
DOI: https://doi.org/10.5753/sbcup.2024.2528.
