Background 

Data Markets, trading platforms where companies offer and buy data, are an important infrastructure in data-driven economy and research. The details of individual data markets differ, but they share a central characteristic: An organisation provides a central marketplace for data, which other companies and individuals can use to trade data.

This centralized approach also has its disadvantages: Even though a Data Market itself does not store the actual data but rather acts only as an intermediary, metadata still accumulates. For example, the operator gets information about who offers which data sets and who buys data from whom, which can be problematic. In addition, many organisations want to use a data market as a purely internal tool and do not want to have to offer their data to external parties. Especially for small and medium-sized enterprises, but also for research institutions, the design and implementation of their own data market is often not feasible due to the required resources and missing know-how, especially in the area of security.

Project content & objectives

Rather than try to adapt internal company structures to the tool Data Markets this project aims to provide potential providers of Data Markets with simple options to roll out a Data Market that is suitable for their requirements. 

The project has the following main objectives: 

• Creating attacker models and derived security models for all forms of on-premise data markets  
• Prototype development of a "construction kit" for on-premise data markets with suitable security architecture including integration and evaluation of concepts for pre- and post-processing of data 
• Evaluating the security architecture based on concrete instantiations of various on-premise data markets 

Methodology 

To achieve these objectives, the project consists of three phases:

Requirements analysis and modelling

The special structures and mechanisms of on-premise data markets are systematically determined and described in a requirements analysis. The different actors and their possible trust relationships to each other are systematized and modelled. Furthermore, the effects on market mechanisms are analysed and described.

Prototypical implementation of the kit and modules

Based on the requirements and different models, it is explored how the automatic generation of suitable basic frameworks of on-premise data markets can be implemented. This requires the addition of individual modules such as encryption or fingerprinting, dynamically adapted to the requirements of a data market model. 

Evaluation 

In order to determine whether the developed methods and technologies also work in realistic environments (e.g. with regard to data volume, speed, etc.), the most important results are implemented in a prototype. This concerns especially the creation of specific models but also the automatic configuration of market and security models, and the technologies for the automated implementation of concrete data markets. In addition, the security models are tested in practice with regard to their actual maturity. The necessary test data markets are also created automatically. The methods required for this are developed within the project and can be used after the project as a valuable tool for creating more complex test data markets.