SUBJECT-OBJECT MODEL FOR THE UNIFIED ANALYSIS OF PERSONAL DATA PROTECTION METHODS

This article addresses the security of personal data in information systems and a method for protecting such data from leaks: storing it in a depersonalized form. A subject-object model is proposed that formalizes the processes of data generation, transfer, and processing with regard to the interaction between subjects and objects of the information system. Within this model, the main depersonalization methods are analyzed, including identifier substitution, modification of data structure and semantics, decomposition, and shuffling. For each method, sequences of operations are constructed to demonstrate their application in the context of data flows and access control. It is shown that most approaches are implemented with the involvement of a trusted intermediary, which enables the concept of “one-sided pseudonymization.” Special attention is given to the classification of methods according to the existence and accessibility of de-anonymization mechanisms, which makes it possible to distinguish three levels of depersonalization – from pseudonymization to full anonymization. The proposed approach provides a higher level of abstraction in the analysis of data protection methods and contributes to the development of unified solutions in the field of information security.