Market Watch

Most people share data without thinking about it. They provide information to companies while purchasing merchandise, signing up for email lists, downloading apps and more. They also expect the respective enterprises to safeguard those details. Many intrusions into government and private-sector systems have exposed sensitive mission, business and personal information. Every day it seems that more and more systems are breached and more and more personal information is made available either on the web or, worse, the dark web. Given this backdrop, it is often easy to get lost in the details of cybersecurity and privacy and the seemingly endless discussions about cyber attacks, system breaches, frameworks, requirements, controls, assessments, continuous monitoring and risk management and forget why security and personal privacy matter in an increasingly digital world. We are witnessing and taking part in the greatest information technology revolution in the history of mankind as our society undergoes the transition from a largely paper-based world to a fully digital world.
Market Watch

Publications

Raschke, P.; Herbke, P. and Schwerdtner, H. (2023). t.ex-Graph: Automated Web Tracker Detection Using Centrality Metrics and Data Flow Characteristics. In Proceedings of the 9th International Conference on Information Systems Security and Privacy, ISBN 978-989-758-624-8, ISSN 2184-4356, pages 199-209. https://doi.org/10.5220/0011787300003405

Tobias Eichinger and Axel Küpper. 2023. Distributed Data Minimization for Decentralized Collaborative Filtering Systems. In Proceedings of the 24th International Conference on Distributed Computing and Networking (ICDCN ’23). Association for Computing Machinery, New York, NY, USA, 140–149. https://doi.org/10.1145/3571306.3571400

T. Eichinger and M. Ebermann, “Can We Effectively Use Smart Contracts to Stipulate Time Constraints?,” 2022 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS), Newark, CA, USA, 2022, pp. 11-18, https://doi.org/10.1109/DAPPS55202.2022.00010

Piero A. Bonatti, Luigi Sauro. Sticky Policies in OWL2: Extending PL with Fixpoints and Transitive Closure. Proceedings of the 19th International Conference on Principles of Knowledge Representation and Reasoning, KR2022, July 31 – August 5, 2022, Haifa, Israel.
https://doi.org/10.24963/kr.2022/8

Piero A. Bonatti, Luigi Sauro. Tractable Compliance Checking with Negation. 34th International Workshop on Description Logics (DL 2021), 2021
http://ceur-ws.org/Vol-2954/paper-6.pdf

P. A. Bonatti, L. Sauro and J. Langens, “Representing Consent and Policies for Compliance,” 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2021, pp. 283-291.
https://doi.org/10.1109/EuroSPW54576.2021.00036

Presentations

TRAPEZE poster for download (v. July 2022)
TRAPEZE leaflet v. April 2022

Martin Kurze, “Privacy Policies and Tools Empowering Citizens and Society”, International Conference on Internet Technologies and Society, 24-25 July 2023, Melbourne, Australia.

Martin Kurze, panelist and speaker, presenting TRAPEZE at the “Coinfest Asia”, 22-23 August, 2023, Bali, Indonesia.

Martin Kurze, panelist and speaker, presenting TRAPEZE at the “Coinfest Asia”, August 22nd – 27th, Bali, Indonesia
Martin Kurze presenting TRAPEZE at Coinfest Asia.

P. A. Bonatti: Using DPVCG’s outcome in TRAPEZE’s compliance framework.
Invited presentation at the periodic meeting of W3C’s Data Privacy Vocabularies and Controls Community Group (DPVCG) on 15/9/2021
Slides

Piero Bonatti: Real-time reasoning in OWL2 for GDPR compliance.
IJCAI 2021 – journal track.  Aug 25 and 26, 2021. https://ijcai-21.org/program-journal/
Video | Slides

M. Popovic, N. Tomasevic: A blockchain-based platform for keeping logs of citizens’ consents, LAMBDA 2021 PhD Workshop, June 2021

Piero Bonatti from Università di Napoli Federico II, presenting “Metadata, Policy and Reasoning” in the frame of the TRAPEZE project. The presentation was recorded during the Workshop on Metadata Interoperability on 27 May 2021 as part of the European Big Data Value Data Week.

TRAPEZE project presentation at roundtables organized by EC CNECT:
“ICT Verticals and Horizontals for Blockchain Standardisation”, 13 January 2021
“Extension of ICT Verticals and horizontals for Blockchain Standardisation / Smart-Contracts”, 21 April 2021 | Blogpost

All source code developed by the project is available in the TRAPEZE GitHub repository.

TRAPEZE outcomes and the codebase

NoOpen-Source outcomesContact Licenses (external):
1Policy Editor  Eichinger, Tobias Sul Gi tobias.eichinger@tu-berlin.de  
TUB 
opensource:Apache2.0 
2TRAPEZE Mobile App Eichinger, Tobias Sul Gi tobias.eichinger@tu-berlin.de   
TUB 
opensource:Apache2.0 
3TRAPEZE Privacy Dashboard  Eichinger, Tobias Sul Gi tobias.eichinger@tu-berlin.de   
TUB
opensource:Apache2.0 
4Compliance engine  Piero Bonatti pieroandrea.bonatti@unina.it  
Sotiria Antaranian s.antaranian@atc.gr  
CINI-ATC 
opensource:Apache2.0 
5TRAPEZE Hyperledger Semantic Platform Sotiria Antaranian s.antaranian@atc.gr  
ATC 
opensource:Apache2.0 
6GDPR Parser аnd Site Generator  mail@datenschutzzentrum.de 
ULD 
opensource:EUPL 1.2
7Knowledgebase  Bert Bos  
bert@w3.org  
ERCIM 
opensource:MIT 
8ID wallet  Alexander Vasylchenko alexander.vasylchenko@tenforce.com  
TF 
opensource: MPL 2.0 
9Trapeze Integrated Platform (light) Dejan Paunovic dejan.paunovic@institutepupin.com  
All 
opensource: Apache2.0 

NoProprietary Outcomes Contact Licenses (external): 
1K-ASAP  Amedeo D’Arcangelo amedeo.darcangelo@kaspersky.com  
KSP 
proprietary 
2GAT Amedeo D’Arcangelo  amedeo.darcangelo@kaspersky.com  
KSP 
proprietary 
3PDI – Personal Data Inventory tool  Alexander Vasylchenko alexander.vasylchenko@tenforce.com 
TF 
proprietary 
4Trapeze Integrated Platform (full) Dejan Paunovic dejan.paunovic@institutepupin.com  
All 
proprietary 

Public deliverables

Publicly available technical deliverables produced by the project will be available as soon as they are published. The reports are ordered thematically by “Work Packages”.

A good way to consult the project’s development on the technical issues is our GitHub repository

Citizen-Centric Use Cases and Requirements

Citizen-centric use case scenarios – First version (D1.1) 29 JAN 2021
TRAPEZE will implement three use cases provided by three use case partners. Each use case is designed in a way to prove the feasibility of TRAPEZE outcomes in a realistic business context. The use cases are described independently of each other in separate chapters.

Data Protection Requirements – First Version (D1.2) 31 MAY 2021
This report focuses on enhancing the protection of citizen’s rights with particular focus on the data protection related to fundamental rights as laid down in Articles 7 “Respect for private and family life” and 8 “Protection of personal data” of the Charter of Fundamental Rights of the European Union

Security and Privacy Resilience Framework and Guidelines – First version (D1.3) 27 MAY 2021
This report describes the framework for cybersecurity and privacy allowing TRAPEZE stakeholders to prepare for and adapt to threats, and to respond to and recover from incidents.

Platform specification and design (D1.4) 30 APR 2021
This document presents a high-level perspective on the specification and technical design of the TRAPEZE platform, taking into account the citizen-centric use-case scenarios.

Citizen-centric use case scenarios – Second version (D1.5) 27 AUG 2021
This document provides an updated description of the three use cases (pilots) “My Citizen Profile” from Digital Flanders, “Data Intelligence Hub” from Deutsche Telecom and CaixaBank’s “Customers’ ID wallet”.

Data Protection Requirements – Second Version (D1.6) 30 SEP 2021
This deliverable represents the requirements at month 12 of the project where the initial design of the use cases has become available in Deliverable D1.5. These requirements need to be incorporated in the upcoming design cycles and will be continuously refined.

Security and Privacy Resilience Framework and Guidelines – Second version (D1.7) 28 FEB 2022
This report is an update of D1.3 and describes in more detail the framework for cybersecurity and privacy allowing TRAPEZE stakeholders to prepare for and adapt to threats, and to respond to and recover from incidents.

Platform Specification and Design-Second Version (D1.8) 28 FEB 2022
This report is an update of D1.4 about the specification and technical design of the TRAPEZE platform and presents its high-level technical perspective.

Policy Management, Transparency and Compliance

Policy Language – First version (D2.1) 31 MAR 2021
This report introduces the first version of the policy language of TRAPEZE, called PLinst, and– in preparation for the next version of the language – it proposes policy histories as an efficient way to support negation in consent policies.

Sticky Policies – First version (D2.2) 30 AUG 2021
A sticky policy is a machine-readable policy that accompanies the data, regulating its usage and specifying the applicable obligations and organizational constraints as the data migrates across multiple recipients. All kinds of TRAPEZE’s policies can be sticky policies.

Transparency and compliance checking – First version (D2.3) 27 AUG 2021
This first report on reasoning algorithms introduces correct and complete algorithms that support compliance checking for two of the planned new features of TRAPEZE’s policy language, namely instances and negation.

Compliance and explanation engines – First version (D2.4) 27 AUG 2021
The first version of TRAPEZE’s engine can check the compliance and the consistency of policies written in PLinst (see also TRAPEZE deliverable D2.1).

Engine scalability properties – First version (D2.5) 11 AUG 2022
This deliverable reports the result of a systematic performance analysis of TRAPEZE’s reasoner for PLinst (i.e. version 1 of TRAPEZE’s policy language, which extends SPECIAL’s language with instances). The data and code used for the experiments can be found here.

Policy Language – Second version (D2.6) 31 AUG 2022
This report introduces the second version of the policy language of TRAPEZE, called PLT2, which extends SPECIAL’s policy language with instance-valued properties and exceptions in data subject policies.

Sticky Policies – Second version (D2.7) 31 AUG 2022
This report is an update of D2.2 and describes an implementation of a blockchain-based solution on how to make sticky policies (and their evolution) tamper-proof and how to make the connection between the sticky policy and the data tamper-proof.

Transparency and compliance checking algorithms – Second version (D2.8) 31 AUG 2022
This second report on reasoning algorithms introduces correct and complete algorithms for flexible sticky policies, the new feature of TRAPEZE’s policy language.

Compliance and explanation engines – Second Version (D2.9) 31 AUG 2023
This report is divided into two sections. The first part discusses the features of the second version of the Java compliance engine, designed for high-speed compliance checks with support for instances, negation, and select sticky policies. The second part focuses on the implementation of a broader approach to sticky policies based on previous work in D2.8. The report concludes with a summary and final remarks.

Engine scalability properties – Second Version (2.10) 31. AUG 2023
This report contains a systematic performance analysis of the second version of the Java compliance
engine, which supports instances, negation (more precisely, exceptions to a general
policy), and a selected range of sticky policies of practical interest.

TRAPEZE Platform, Integration and Components

Securing citizens’ smart terminals and online communication – First version (D3.3) 27 AUG 2021
This deliverable identifies the interactions between the TRAPEZE platform and the citizens via their personal smartphones or tablets and the best ways to protect them through the Kaspersky Mobile Security SDK (KMS-SDK), a multi-layered security framework for building online protection directly into mobile applications.

TRAPEZE Platform – First version (D3.4) 28 FEB 2022
This report describes the interim implementation of the TRAPEZE platform. The interim implementation does not include all components and it is not expected to cover all functionality needed. It is a snapshot of the progress toward the final product at month 18 which will eventually meet the quality standards required for mission-critical software.

Securing citizens smart terminals and online communication – Second Version (D3.7) 29.APR 2023
This deliverable focuses on the interactions between the TRAPEZE platform and citizens using their personal smartphones or tablets. It emphasizes the use of the Kaspersky Mobile Security SDK (KMS-SDK), a comprehensive security framework integrated into mobile applications to protect users. The TRAPEZE Mobile app, designed for Android devices, leverages KMS-SDK features tailored to citizens’ needs. It offers security against various threats, alerts users about malicious websites, and ensures the safety of online communications.

TRAPEZE platform – Second version (D3.8) 30 AUG 2023
This report details the implementation of the TRAPEZE platform, which followed an iterative approach to integrate technical developments from various work packages. As the project evolved, additional components and functionalities were incorporated into the platform. Furthermore, based on extensive feedback from end-users, adjustments and refinements were made to better align with identified requirements and the end-user perspective.

Citizen Interaction, User Experience and Sociological Considerations

Dynamic consent mechanisms (D4.1) 23 DEC 2021
This deliverable focuses on consent management on the privacy dashboard (https://dashboard.trapeze-project.eu/). A prototype version of the privacy dashboard has been used in the first usability test.

Privacy dashboards – First version (D4.2) 28 FEB 2022
This deliverable reports on the TRAPEZE privacy dashboard, a web application that establishes both transparency and control. Transparency features include data exploration that allows users to display the data usage and potential risks associated with processing. Control features include consent management and incident reporting to limit data usage. The privacy dashboard can generally be understood as a personal data processing limitation dashboard.

Usability and accessibility testing report – First version (D4.3) 23 DEC 2021
This report presents the findings of the first round of usability and accessibility testing of the privacy management dashboard that is being developed under TRAPEZE.

Privacy preferences and sociological aspects analysis–first version (D4.4) 23 DEC 2021
This report presents the findings of the survey that was conducted to gain an understanding of European citizens’ attitudes, knowledge and actions with regard to the safety and protection of their personal data. This also includes assessing citizens’ interest in the different citizen-facing tools that are being developed under TRAPEZE.

Data Protection Requirements for the TRAPEZE Privacy Dashboard (Working Document WD1.0) 29 APR 2022

Dynamic consent mechanisms – Second version (D4.5) 2 May 2023
This report focuses on enabling European citizens to perform consent management themselves on the privacy dashboard. The results of the first usability test motivated a novel design in the upcoming Versions v1 and v2 of the privacy dashboard.

Privacy dashboards – Second version (D4.6) 30 June 2023
This report describes the privacy dashboard as one of software components of the TRAPEZE platform. The dashboard is available at https://dashboard.trapeze-project.eu

Usability and accessibility testing – Second version (D4.7) 27 APR 2023
This report outlines the evaluation of the usability and accessibility of the TRAPEZE privacy dashboard among a group of citizens. The report focuses on the results of the second phase of usability and accessibility testing conducted from June to December 2022. It also informs about the ongoing third phase of testing, occurring between March and June 2023.

Privacy preferences and sociological aspects analysis – Second version (D4.8) 30 June 2023
The report outlines the work carried out on analyzing privacy preferences and sociological aspects. The objective was to comprehend European citizens’ behaviors and attitudes regarding the security of their personal data. This was achieved through a survey conducted in various European countries in 2021, along with a literature review of similar recent studies up to 2023, which provided additional insights beyond the survey’s outcomes.

Raising Citizen’s Security & Privacy Awareness and Competence

Security and Data Protection knowledge base – First version (D5.2) 03 MAR 2022
This report explains the security and data protection knowledge base that provides additional information to users of the help desk and the dashboards. It is a database with various kinds of background information and pointers to online texts.

Citizen-centric help desk-First version (D5.3) 30 APR 2022
This report describes the citizen-centric help desk, designed to provide citizens with a central information point for security and privacy topics.

Security & Privacy Awareness and Competence Testing-First Version (D5.4) 09 MAY 2022
This report describes Kaspersky’s K-ASAP training platform created to improve citizens’ Security &
Privacy Awareness and Competence, and how it is tested by the users and evaluated from the users’ perspective.

Security and Data Protection knowledge base – Second version (D5.6) 30 APR 2023
This report describes the security and data protection knowledge base providing additional information to users of the help desk and the dashboards.

Citizen-centric help desk – Second version (D57) 29 AUG 2023
This report presents the citizen-centric helpdesk offering a dynamic web application as a solution to bridge the gap between privacy awareness and action. This interactive tool not only simplifies complex privacy laws but also empowers users through interactive tests and gamified learning experiences.

Use Case Implementation and Platform Evaluation

Public penetration_hacking challenges – First version (D6.3) 26 JUL 2022
This deliverable reports on the challenge to verify that the TRAPEZE infrastructure complies with policies and regulations, and ensures that data are shared only with authorized individuals. The challenge is implemented on the openbugbounty.org platform and continues until the end of the project. Everyone can participate in the program.

Integrated platform testing – First version (D6.4) 31 AUG 2022
This report presents the results of the TRAPEZE platform evaluation using the methodology of the “Special Transparency and Consent Benchmark”. This report serves as a summary of current tests and results and will be updated regularly as the project advances.

Integrated platform testing – Second version (D6.7) 30 JUNE 2023
This document is an update to the initial version of the integrated platform testing. It primarily covers the latest tested components from the first version, along with newly developed components since the initial deliverable submission. Additionally, it provides extra reporting on the resource consumption of the server hosting the System Under Test (SUT).