search

Spyderisk / domain-network

Network domain model
Apache License 2.0
1 stars 0 forks source link

GDPR Bugs #184

Open mike1813 opened 2 days ago

mike1813 commented 2 days ago

In a recent test for something else, @samuelsenior and I found that at least one GDPR compliance threat was not generated when really it should have been.

Actions:

mike1813 commented 1 day ago

The test case is Issue 184 Test 01.nq.gz, which should work with any reasonably recent domain model (v6a or later).

The test case involves an Adult using a Workstation to run an Application to process some locally stored Data, where this Data relates to some other Human. In the original test this could be restricted to an Adult or a Child to check which GDPR threats were found, but here they can be a Human.

We should get GDPR compliance threats including a P.GDPR.HuDPS-io.6 threat (no legal basis for personal data processing). This threat did not appear in the system-modeller user interface, but it turns out that's because the threat is triggered if and only if the data subject has a selected control signifying they are protected by the GDPR (i.e., they are a citizen or resident of an EU member state, or a state where GDPR is applicable via some treaty or other association with the EU).

This threat (and other GDPR threats) are not broken. The reason they are triggered threats is because we don't want GDPR threats to appear if the GDPR is not applicable, e.g., if one is analysing a target system where the data subject is a citizen of the UK or USA.

The best way to ensure this in future is to make package#GDPR which contains these threats an optional package. It can then be left out when building a deployable domain model for a system modeller instance used to model systems with users in other jurisdictions.

Once that is the case, there would be no need for GDPR compliance threats to be triggered. The package can be included for system modeller deployments to analyse systems where the GDPR is expected to apply, and the threats would then appear without the need to select controls.

The action is therefore to remove the triggering control strategies from GDPR compliance threats, but this should only be done one we have addressed issues #182 and https://github.com/Spyderisk/domain-csv2nq/issues/10, so that package#GDPR can become an optional package that can be excluded by csv2nq if not required.