Kodex - A Privacy And Security Engineering Toolkit: Discover, Understand, Pseudonymize, Anonymize, Encrypt And Securely Share Sensitive And Personal Data: Privacy And Security As Code

#365
Topic created · 1 Posts · 4 Views

  • Kodex (Community Edition - CE) is an open-source toolkit for privacy and security engineering. It helps you to automate data security and data protection measures in your data engineering workflows. It offers the following functionality:

    • Read data items from a variety of sources such as files, databases or message queues.
    • Protect these data items using various privacy- & security enhancing transformations, like de-identification, masking, pseudonymization, anonymization or encryption.
    • Send the protected items to a variety of destinations.
      With Kodex, you can describe your data protection and data security workflows using a simple, declarative configuration language: Just like DevOps tools let you describe infrastructure as code, Kodex is a PrivacyOps & SecurityOps tool that let you describe privacy and security measures as code.
      Kodex takes care of the boring and difficult aspects of privacy, such as
    • Key management: Kodex manages encryption and pseudonymization keys for you (if you want that).
    • Parameter management: Kodex keeps track of how every single data item was processed so you can prove the compliance of your data workflows and create an audit trail.
    • Data transformation: Kodex implements modern cryptographic and statistical techniques to protect your data.
      Getting started
      To download and install Kodex from source, simply run
    git clone https://github.com/kiprotect/kodex  
    cd kiprotect  
    make  
    make install  
    

    Documentation
    You can find the official documentation at https://heykodex.com/docs.
    Transforming data
    Kodex reads its configuration from so-called blueprints. To get an idea of how this works, check out our blueprints repository, which contains example blueprints together with instructions on how to run them. You can install these blueprints via Kodex (requires Internet access):

    kodex blueprints download  
    

    Alternatively, you can copy them to your machine manually, please refer to the documentation for more details. To then run the pseudonymization example, simply type

    # pseudonymize the example data and write it to a file named 'pseudonymized.json'  
    kodex run pseudonymization/examples/data-types/pseudonymize  
    # depseudonymize the data again and print the result on stdout  
    kodex run pseudonymization/examples/data-types/depseudonymize  
    

    That's it! Kodex takes care of generating and storing cryptographic parameters for the pseudonymization. If you want to manually enter a key instead to generate parameters, you can do that too:

    # pseudonymize the data with a user-supplied key  
    kodex run pseudonymization/examples/data-types/pseudonymize-with-key  
    # depseudonymize with a key as well  
    kodex run pseudonymization/examples/data-types/depseudonymize-with-key  
    

    Running the tests
    Kodex comes with a suite of automated unit tests, which you can run with Make:

    make test  
    

    Testing Plugins
    The plugin test may fail with an error message "plugin was built with a different version of package internal/cpu" which can occur if the compile flags used for compiling the main code and the plugin differ. This might happen e.g. if you perform race condition detection tests. To fix the problem, go to the plugin folder and run

    make clean  
    make  
    

    Running the benchmarks
    Kodex also comes with a number of benchmarks that you can run as follows:

    make bench  
    

    Status & Roadmap
    This is still an early version of Kodex and does not contain many features yet. We will progressively port more functionality from our Enterprise Edition (EE). The following features are next up on our list:

    • Anonymization: Anonymize streaming data using differentially private aggregations.
    • Discovery: Discover sensitive and personal information in your structured and unstructured data.
    • Encryption: Encrypt and decrypt structured data.
    • Data Mapping: Analyze and map your data infrastructure.
    • Consent Management: Manage and enforce processing purposes and user consent for all your data streams.
      Enterprise Edition
      Our open-source work is made possible by commercially offering a Kodex enterprise edition (EE), which extends the community edition (CE) with functionality that supports a deployment of Kodex in a professional enterprise environment. It includes e.g. the following functionality:
    • Advanced, SQL-based configuration & parameter management and storage.
    • REST-based API to control all Kodex functionality.
    • Web interface to manage and monitor data streams.
    • More advanced data transformations.
    • Role-based access control mechanism.
      Are you interested to learn more about Kodex EE? Just visit our website or get in touch with us!
      Download Kodex
Log in to reply