December 18, 2021
Students: Fernanda Molina
Tutors: <a href=https://www.fing.edu.uy/inco/grupos/gsi/en/team/gustavo-betarte/>Gustavo Betarte</a>, <a href=https://www.fing.edu.uy/inco/grupos/gsi/en/team/carlos-luna/>Carlos Luna</a>
Blockchain is an incipient technology that offers many strengths compared to traditional systems, such as decentralization, transparency and traceability. However, if the technology is to be used for processing personal data, complementary mechanisms must be identified that provide support for building systems that meet security and data protection requirements. In this work we study the integration of off-chain capabilities in blockchain-based solutions, moving data or computational operations outside the core blockchain network. Additionally, we develop a thorough analysis of the European and Uruguayan data protection regulation and discuss the weaknesses and strengths, regarding the security and privacy requirements established by that regulation, of solutions built using blockchain technology. Based on this analysis, we present a system architecture for the design of privacy aware solutions that are built using blockchain technology. We also put forward a systematic approach for performing a security and privacy threat analysis of such kind of solutions. Finally, we illustrate the use of the proposed methodological tools, presenting and discussing both the design and the security and privacy assessment of a system that provides services to handle, store and validate digital academic certificates.