{"id":197,"date":"2022-12-16T23:21:08","date_gmt":"2022-12-16T23:21:08","guid":{"rendered":"https:\/\/semla.dfki.de\/?page_id=197"},"modified":"2025-04-11T10:56:13","modified_gmt":"2025-04-11T10:56:13","slug":"white-paper","status":"publish","type":"page","link":"https:\/\/semla.dfki.de\/de\/white-paper\/","title":{"rendered":"White paper"},"content":{"rendered":"<div class=\"wp-block-columns alignfull has-text-align-left is-layout-flex wp-container-core-columns-is-layout-08aa536d wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"--col-width:12rem;padding-top:0;padding-right:0;padding-bottom:0;padding-left:0;flex-basis:12rem\"><\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"--col-width:;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px\">\n<div class=\"wp-block-group alignwide has-global-padding is-content-justification-center is-layout-constrained wp-container-core-group-is-layout-3da25717 wp-block-group-is-layout-constrained\" style=\"padding-top:0;padding-right:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--30);padding-left:var(--wp--preset--spacing--30)\"><h1 class=\"wp-block-site-title has-xx-large-font-size\"><a href=\"https:\/\/semla.dfki.de\/de\" target=\"_self\" rel=\"home\">SEMLA<\/a><\/h1>\n\n\n<p class=\"has-text-align-center has-large-font-size wp-block-paragraph\">An On-Premises Trusted Research Environment for AI-based R&amp;D with Sensitive Personal Information<\/p>\n\n\n\n<p class=\"has-text-align-right wp-block-paragraph\">Jan Alexandersson, Jochen Britz, Valentin Seimetz, Daniel Tabellion<\/p>\n\n\n\n<p class=\"has-text-align-right wp-block-paragraph\">DFKI GmbH<\/p>\n\n\n\n<h1 class=\"wp-block-heading alignwide has-primary-color has-text-color has-large-font-size\" id=\"Section-1\" style=\"padding-top:var(--wp--preset--spacing--30);text-transform:uppercase\">1. Introduction<\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">We are witnesses to huge and rapid advancements in technical systems based on artificial intelligence (AI). The steady growth in computing power, both in terms of CPU and GPU, along with free access to machine learning libraries fuels this development and the sheer output from the research community as well as the emergence of products with AI technology on the market is impressive. Data of all kinds, be it weather, financial developments, local traffic information alongside personal preferences, biometric data and even diseases make it possible to provide services that go beyond imagination. However, we also see developments where this kind of data is used for unintended or undesired purposes: once information has been published globally on the internet or collected within datasets, not necessarily permitted by the data owner, it is nearly impossible to undo or delete this information.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In Europe, the enactment of the General Data Protection Regulation (GDPR) has on the one hand raised awareness of these risks and, on the other hand, prescribed how personal data must be treated, thus increasing demand for fair and secure handling of this data. GDPR put personal data of individuals and their right<sup class=\"modern-footnotes-footnote\" data-mfn=\"1\" data-mfn-post-scope=\"000000000000033e0000000000000000_197\"><a href=\"javascript:void(0)\"  role=\"button\" aria-pressed=\"false\" aria-describedby=\"mfn-content-000000000000033e0000000000000000_197-1\">1<\/a><\/sup><span id=\"mfn-content-000000000000033e0000000000000000_197-1\" role=\"tooltip\" class=\"modern-footnotes-footnote__note\" tabindex=\"0\" data-mfn=\"1\">EU Charter of Fundamental Rights (Art. 8) states: personal data &#8220;\u2026 must be processed fairly for specified purposes and on the basis of consent of the person concerned or some other legitimate basis laid down by law.&#8221;<\/span> to own, grant usage and retract consent at its core. The research community is obliged to follow strict rules, e.g., minimizing data usage, pseudonymizing and\/or anonymizing data and even deleting data after the research task has been accomplished. Consequently, within research and development there is a need for a new level of so-called Trusted Research Environments (TRE) where the GDPR regulations are in focus. Fortunately, we witness well-founded advancements in this area too. Both cloud-based approaches, like (O&#8217;Reilly, 2020; Arenas et al, 2019) as well as classification schemata, e.g. (LfD, 2018; TCPD, 2016 \u2013 both in German) provide a solid basis for the infrastructure that implements most of European and international legislation requirements on processing security. The latter schemata also consider cases which go beyond this work, such as data concerning witness-protection program and state security.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This work is mainly motivated by DFKI\u2019s involvement in research and development of biomarkers, digital phenotyping, and decision support systems in the healthcare domain. Some examples are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In the project KIttata (Kiefer et al, 2022), the quality of donor corneas is determined in an interactive system consisting of a combination of different AI techniques<\/li>\n\n\n\n<li>In the project KI@HOME (KI@HOME) information from a smart home sensor-set along with health insurance information is used to predict adverse events<\/li>\n\n\n\n<li>In the project MePheSTO (MePheSTO; K\u00f6nig et al, 2022), biomarkers are researched based on audio, video, and wearables during social interaction in the psychiatric domain<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">In TREs, the sensitivity of the data determines the degree of measures to handle the data. According to GDPR, anonymized or pseudonymized data demands less strict measures than plain personal data like videos from social interactions between clinicians and patients. Sensitivity can be classified along well-known classification schemes already used within political and military environments. (O\u2019Reilly, 2020) suggests a five-class schema \u2013 tiers \u2013 ranging from \u201c0: open data\u201d all the way to \u201c4: Very sensitive personal, \u2026 data\u201d and suggest Technical and Organizational Measures (TOM) that implements appropriate measurements. For the cloud-based approach in (Arenas et al, 2019), there is no implementation for their most sensitive level\/tier. Rather, it is suggested to avoid such projects. In SEMLA \u2013 <strong>Se<\/strong>cure <strong>M<\/strong>achine <strong>L<\/strong>earning <strong>A<\/strong>rchitecture \u2013 we adopted these tiers into six sensitivity levels but tier 4 is split into sensitivity levels 4 and 5, where level 5 if foreseen for even more sensitive data not handled in SEMLA. Examples include data concerning witness-protection program and state security data.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full animated fadeIn delay-100ms\" id=\"Figure-1\"><img loading=\"lazy\" decoding=\"async\" width=\"820\" height=\"742\" src=\"http:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/Tiers-Access.png\" alt=\"Figure 1 \" class=\"wp-image-422\" srcset=\"https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/Tiers-Access.png 820w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/Tiers-Access-300x271.png 300w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/Tiers-Access-768x695.png 768w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/Tiers-Access-13x12.png 13w\" sizes=\"auto, (max-width: 820px) 100vw, 820px\" \/><figcaption class=\"wp-element-caption\">Figure 1: Overview of SEMLA. For each sensitivity level, SEMLA comes with a tailored set of TOMs. Interaction from sensitivity level 2, 3 and 4 demands restrictions in hardware and location. Whereas sensitivity level 2 data can be accessed via VPN using a computer, 3 and 4 demands on-site presence and managed computers. Data of the highest supported sensitivity level 4 is only accessible via strongly restricted offices.<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">The data\u2019s sensitivity levels of the above-mentioned projects are 2<sup>nd<\/sup> level for the KIttata project, 3<sup>rd<\/sup> for the KI@HOME project and 4<sup>th<\/sup> for the MePheSTO project. Projects with sensitive level 4 is the main reason why SEMLA is an on-site solution. SEMLA\u2019s core, see <a href=\"#Figure-1\" class=\"ek-link\">Figure 1<\/a> consists of storage and GPU-powered compute servers isolated from the internet. SEMLA comes with different technical and organizational measures for sensitive data from known offices or even dedicated on-site strongly restricted offices (SEMLab, see <a href=\"#Section-2.3\" class=\"ek-link\">Section 2.3<\/a>) for very sensitive data. Along with the technical solutions, the platform provides an education package, templates for ethical approvals, contracts etc. Much of inspiration has been taken from an Azure-based cloud service in (Arenas et al, 2000), but since SEMLA is a small-scale on-site solution, the technical implementation differs considerably.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Below, we provide more details of SEMLA. In <a href=\"#Section-2\" class=\"ek-link\">Section 2<\/a>, we provide a description of our TOMs, in <a href=\"#Section-3\" class=\"ek-link\">Section 3<\/a>, a set of reference projects.<\/p>\n\n\n\n<h1 class=\"wp-block-heading has-primary-color has-text-color has-large-font-size\" id=\"Section-2\" style=\"text-transform:uppercase\">2. The SEMLA Bag of Technical and Organizational Measures<\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">The ethical and legal conditions under which researchers are allowed to work with personal and sensitive data are prescribed both by regional regulations and by GDPR on the European level. To meet these regulations, protective measures divided into Technical and Organizational Measures, or TOMs for short, must be implemented. In most cases, measures\u2019 actual implementations are not prescribed by the regulations, and they may be implemented either organizationally, technically, or both. It is a well-known fact that technical measures alone cannot provide 100% protection, which is why SEMLA too uses a combination of both. Whereas technical measures rely on IT safety and IT security mechanisms, organizational measures transfer responsibility and trust to people.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In SEMLA, workers\u2019 regulatory compliance is increasingly reduced through the use of technical measures, including guidance and automation. Since some regulations are highly regional and data transfer between regions is constrained, cloud-based solutions are problematic, especially when the headquarters of the hosting company is in another legal region, e.g., between Germany and Spain or between Europe and USA. This is the main reason why SEMLA is an on-premises solution, completely in our hands. SEMLA\u2019s technical platform is tailored for small-scale setups rather than huge data centers and is entirely based on free and open-source software.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The organizational (see <a href=\"#Section-2.2\" class=\"ek-link\">Section 2.1<\/a>) and technical (see <a href=\"#Section-2.1\" class=\"ek-link\">Section 2.2<\/a>) measures are explained in more detail below and their interplay is described by way of examples in <a href=\"#Section-2.3\" class=\"ek-link\">Section 2.3<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-primary-color has-text-color\" id=\"Section-2.1\" style=\"font-size:clamp(0.984rem, 0.984rem + ((1vw - 0.2rem) * 0.938), 1.5rem);\">2.1. Organizational Measures<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Using trusted environments in research aims to reduce the risk of data breaches and leaks of sensitive data. Due to lack of knowledge and negligence, workers may handle data carelessly, weakening data security. Hence, raising awareness of data sensitivity and providing principles for how to work in such an environment is crucial. This section provides an overview of organizational measures applied in SEMLA.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Section-2.1.1\" style=\"font-size:clamp(0.984rem, 0.984rem + ((1vw - 0.2rem) * 0.938), 1.5rem);text-transform:none\">Data Management Plan and Data Life Cycle<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">All data in SEMLA follow a data management plan to guarantee the correct handling. It uses the FAIR<sup class=\"modern-footnotes-footnote\" data-mfn=\"2\" data-mfn-post-scope=\"000000000000033e0000000000000000_197\"><a href=\"javascript:void(0)\"  role=\"button\" aria-pressed=\"false\" aria-describedby=\"mfn-content-000000000000033e0000000000000000_197-2\">2<\/a><\/sup><span id=\"mfn-content-000000000000033e0000000000000000_197-2\" role=\"tooltip\" class=\"modern-footnotes-footnote__note\" tabindex=\"0\" data-mfn=\"2\"><a aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"ek-link\" href=\"https:\/\/www.incf.org\/how-to-write-fair-data-management-plan\" target=\"_blank\">https:\/\/www.incf.org\/how-to-write-fair-data-management-plan<\/a>, <a aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"ek-link\" href=\"https:\/\/www.go-fair.org\/fair-principles\/\" target=\"_blank\">https:\/\/www.go-fair.org\/fair-principles<\/a><\/span> principles to describe and structure data sets, which is important, e.g., for GDPR compliance and the data deletion concept, where findability is key to be able to delete all personal data of an individual on request. The most important part of the management plan is the data life cycle in which research projects get divided into work packages that resolve a specific research topic or question. In SEMLA, the data life cycle is divided into eight different steps, see <a class=\"ek-link\" href=\"#Figure-2\">Figure 2<\/a>. In the first step, ethical approval and potential contractual issues between data owner and recipient are followed by an assessment of the dataset\u2019s sensitivity, e.g., the decision graph in (Arenas et al, 2020)<sup class=\"modern-footnotes-footnote\" data-mfn=\"3\" data-mfn-post-scope=\"000000000000033e0000000000000000_197\"><a href=\"javascript:void(0)\"  role=\"button\" aria-pressed=\"false\" aria-describedby=\"mfn-content-000000000000033e0000000000000000_197-3\">3<\/a><\/sup><span id=\"mfn-content-000000000000033e0000000000000000_197-3\" role=\"tooltip\" class=\"modern-footnotes-footnote__note\" tabindex=\"0\" data-mfn=\"3\">This classification may depend on legal contracts describing a workflow and data access policies.<\/span>. This step also includes assessing the expected result data\u2019s sensitivity as well as the research itself. Depending on the classification outcome \u2013 the sensitivity level \u2013 an appropriately secure and safe research environment is instantiated, thereby applying design principles and technical measures. Next, the datasets are imported, and the actual research is carried out. Data output is re-classified, guiding appropriate export methods based on data\u2019s sensitivity, on legal contracts and the recipient, e.g., the general public or other contractors for further processing. In a last step, following GDPR the trusted research environment including its data sets are deleted.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full animated fadeIn delay-100ms\" id=\"Figure-2\"><img loading=\"lazy\" decoding=\"async\" width=\"806\" height=\"809\" src=\"http:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/lifecycle.png\" alt=\"Figure 2\" class=\"wp-image-403\" srcset=\"https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/lifecycle.png 806w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/lifecycle-300x300.png 300w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/lifecycle-150x150.png 150w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/lifecycle-768x771.png 768w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/lifecycle-12x12.png 12w\" sizes=\"auto, (max-width: 806px) 100vw, 806px\" \/><figcaption class=\"wp-element-caption\">Figure 2 The SEMLA data life cycle describes all the steps from planning data-based research, over data classification and import until data export and deletion.<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Section-2.1.2\" style=\"font-size:clamp(0.984rem, 0.984rem + ((1vw - 0.2rem) * 0.938), 1.5rem);\">Data Classification<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Working in a secure environment could be overwhelmingly complex since specific rules and design principles must be followed. The system\u2019s usability may suffer depending on the measures used, leading to decreased work efficiency. Data sets must be evaluated case by case to tackle the balance between usability and security.<br>Following the Alan Turing Institute\u2019s Data Save Havens (Arenas et al, 2019; O\u2019Really, 2020), data sets are categorized into different tiers. As shown in <a href=\"#Figure-3\" class=\"ek-link\">Figure 3<\/a>, we adopted these tiers into SEMLA\u2019s sensitivity levels but split tier 4 into sensitivity level 4 and 5. The 4<sup>th<\/sup> sensitivity <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">level covers extra sensitive personal data as defined by GDPR in Art. 9<sup class=\"modern-footnotes-footnote\" data-mfn=\"4\" data-mfn-post-scope=\"000000000000033e0000000000000000_197\"><a href=\"javascript:void(0)\"  role=\"button\" aria-pressed=\"false\" aria-describedby=\"mfn-content-000000000000033e0000000000000000_197-4\">4<\/a><\/sup><span id=\"mfn-content-000000000000033e0000000000000000_197-4\" role=\"tooltip\" class=\"modern-footnotes-footnote__note\" tabindex=\"0\" data-mfn=\"4\"><a aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"ek-link\" href=\"https:\/\/gdprinfo.eu\/en-article-9\" target=\"_blank\">https:\/\/gdprinfo.eu\/en-article-9<\/a>, <a aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"ek-link\" href=\"https:\/\/www.gdprsummary.com\/extra-sensitive-data\" target=\"_blank\">https:\/\/www.gdprsummary.com\/extra-sensitive-data<\/a><\/span>, e.g., personal health data and the 5th sensitivity level contains data where disclosure endangers governmental secrets or a person\u2019s freedom or live, e.g., the identities in a witness protection program. This kind of data must not be handled in SEMLA.<br>As Data Save Havens, other established classification schemata, e.g., the \u201cSchutzstufenkonzept\u201d in (LfD, 2018), the \u201cSchutzklassenkonzept\u201d in (TCDP, 2016) or Harvard\u2019s Data Security Levels <sup class=\"modern-footnotes-footnote\" data-mfn=\"5\" data-mfn-post-scope=\"000000000000033e0000000000000000_197\"><a href=\"javascript:void(0)\"  role=\"button\" aria-pressed=\"false\" aria-describedby=\"mfn-content-000000000000033e0000000000000000_197-5\">5<\/a><\/sup><span id=\"mfn-content-000000000000033e0000000000000000_197-5\" role=\"tooltip\" class=\"modern-footnotes-footnote__note\" tabindex=\"0\" data-mfn=\"5\"><a aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"ek-link\" href=\"https:\/\/security.harvard.edu\/data-classification-table\" target=\"_blank\">https:\/\/security.harvard.edu\/data-classification-table<\/a><\/span> all consists of five categories but there classification criteria differ. By using six categories in total, we can map most of them to our approach, as shown in <a class=\"ek-link\" href=\"#Table-1\">Table 1<\/a>.<\/p>\n\n\n\n\n\n<figure id=\"Table-1\" class=\"wp-block-table\">\n<table>\n<tbody>\n<tr style=\"border-bottom: 3px solid; line-break: auto; word-break: normal;\">\n<td style=\"text-align: center;\"><strong>SEMLA<\/strong><\/td>\n<td style=\"text-align: center;\"><strong>Data Save Havens<\/strong><\/td>\n<td style=\"text-align: center;\"><strong>Harvard\u2018s Data Security Levels<\/strong><\/td>\n<td style=\"text-align: center;\"><strong>LfD Nieder<wbr \/>\u00adsachsen<\/strong><\/td>\n<td style=\"text-align: center;\"><strong>TCPD<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\">SL0<\/td>\n<td style=\"text-align: center;\">Tier 0<\/td>\n<td style=\"text-align: center;\">L1<\/td>\n<td style=\"text-align: center;\">A<\/td>\n<td style=\"text-align: center;\">0<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\">SL1<\/td>\n<td style=\"text-align: center;\">Tier 1<\/td>\n<td style=\"text-align: center;\">L2<\/td>\n<td style=\"background-color: var(--wp--preset--color--contrast);\">\u00a0<\/td>\n<td style=\"background-color: var(--wp--preset--color--contrast);\">\u00a0<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\">SL2<\/td>\n<td style=\"text-align: center;\">Tier 2<\/td>\n<td style=\"background-color: var(--wp--preset--color--contrast);\">\u00a0<\/td>\n<td style=\"text-align: center;\">B<\/td>\n<td style=\"text-align: center;\">1<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\">SL3<\/td>\n<td style=\"text-align: center;\">Tier 3<\/td>\n<td style=\"text-align: center;\">L3<\/td>\n<td style=\"text-align: center;\">C<\/td>\n<td style=\"text-align: center;\">2<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\">SL4<\/td>\n<td style=\"text-align: center;\" rowspan=\"3\">Tier 4<\/td>\n<td style=\"text-align: center;\">L4<\/td>\n<td style=\"text-align: center;\">D<\/td>\n<td style=\"text-align: center;\">3<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: center;\" rowspan=\"2\">SL5<\/td>\n<td style=\"text-align: center;\" rowspan=\"2\">L5<\/td>\n<td style=\"text-align: center;\" rowspan=\"2\">E<\/td>\n<td style=\"text-align: center;\" rowspan=\"2\">3+<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<figcaption class=\"wp-element-caption\">Table 1 A rough comparison of established data classification schemata according to their definitions and examples. The SL in the SEMLA column stands for Sensitivity Level.<\/figcaption>\n<\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Depending on the research project, the data\u2019s sensitivity may vary from publicly available data to extra sensitive personal data. In the latter category, data leakage may cause severe risk for the person involved, be it workers or data donors. SEMLA implements TOMs for five different sensitivity levels that are applied to ensure higher security, such as restricting access to certain devices or even biometrically secured offices.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large animated fadeIn delay-100ms\" id=\"Figure-3\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"593\" src=\"http:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/sensitivity-level-1024x593.png\" alt=\"Figure 3\" class=\"wp-image-404\" title=\"\" srcset=\"https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/sensitivity-level-1024x593.png 1024w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/sensitivity-level-300x174.png 300w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/sensitivity-level-768x445.png 768w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/sensitivity-level-18x10.png 18w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/sensitivity-level.png 1175w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Figure 3 SEMLA&#8217;s sensitivity classes for data classification and some of the corresponding measures, ranging from open accessible public data without any restrictions to extra sensitive personal data that can only be accessed from strongly restricted offices. The highest level is for extremely sensitive data whose exceptional security requirements cannot be met by SEMLA.<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Section-2.1.3\" style=\"font-size:clamp(0.984rem, 0.984rem + ((1vw - 0.2rem) * 0.938), 1.5rem);text-transform:none\">4-Eyes-Principle<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">To bulletproof decisions during the whole data life cycle, a 4-eyes-principle is enforced. For example, an additional independent actor enforces a \u201cview from the outside\u201d to the current process by validating and approving export process requests. This prevents sensitive data from being exported by accident.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Section-2.1.4\" style=\"font-size:clamp(0.984rem, 0.984rem + ((1vw - 0.2rem) * 0.938), 1.5rem);text-transform:none\">Education<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Because SEMLA is a complex trusted research environment, working with SEMLA can be overwhelming at first. In order to avoid mistakes due to lack of knowledge and unawareness, each researcher is educated beforehand with help of guidelines on how to work with SEMLA, explaining different scenarios and processes, such as triggering an export process, decrypting data sets, or checking logs for debugging. In addition, researchers are trained in how to handle sensitive data correctly and to sharpen their awareness of different sensitivity levels.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Section-2.1.5\" style=\"font-size:clamp(0.984rem, 0.984rem + ((1vw - 0.2rem) * 0.938), 1.5rem);text-transform:none\">On\/off boarding<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Before being able to access a research environment, each worker will be onboarded, which means a user account is created and access rules and policies are set up. Optionally, to work with data of sensitivity level 4, workers must be enrolled into a SEMLab and its biometric access control system. In addition to these technical steps, each worker is educated, see above, thus guaranteeing that they accept the working rules in SEMLA by means of a SEMLA-specific contract.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Section-2.1.6\" style=\"font-size:clamp(0.984rem, 0.984rem + ((1vw - 0.2rem) * 0.938), 1.5rem);text-transform:none\">Documentation<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Documentation and traceability are crucial parts towards compliance with certain standards like ISO 27001. This is mostly achieved by system-wide logging, but also includes documentation of the complete IT infrastructure: all work instructions, workflows, data collection environments, consents and contracts, room entrance protocols and more.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-primary-color has-text-color\" id=\"Section-2.2\" style=\"font-size:clamp(0.984rem, 0.984rem + ((1vw - 0.2rem) * 0.938), 1.5rem);\">2.2. Technical Measures<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">SEMLA implements a wide palette of technical measures that complement the above-discussed organizational measures to achieve necessary levels of security and trust for extremely sensitive data. Besides system-level and application-level hardening, achieving a proficient level of security requires the implementation and utilization of core concepts, like multi-tenancy, authentication, access control, encryption, comprehensive supervision and more. SEMLA also comes with a multilevel security system adaptable to the severity of a hypothetical data breach and the associated (legal) consequences.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Section-2.2.1\" style=\"font-size:clamp(0.984rem, 0.984rem + ((1vw - 0.2rem) * 0.938), 1.5rem);text-transform:none\">System-level and application-level hardening<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Basic system-level and application-level security is ensured by basing all systems on hardened Linux. Each system in SEMLA has secure boot enabled, enforces SELinux and complies with the European standard ANSSI-BP-028-HIGH, which means they are set up and regularly tested using the corresponding OpenSCAP policy. SEMLA is almost entirely based on open-source software<sup class=\"modern-footnotes-footnote\" data-mfn=\"6\" data-mfn-post-scope=\"000000000000033e0000000000000000_197\"><a href=\"javascript:void(0)\"  role=\"button\" aria-pressed=\"false\" aria-describedby=\"mfn-content-000000000000033e0000000000000000_197-6\">6<\/a><\/sup><span id=\"mfn-content-000000000000033e0000000000000000_197-6\" role=\"tooltip\" class=\"modern-footnotes-footnote__note\" tabindex=\"0\" data-mfn=\"6\">The exceptions: some drivers \u2013 NVIDIA GPU drivers \u2013 and codecs, e.g. MP3.<\/span> which makes it possible to thoroughly assess the trustworthiness of the system including all programs and all necessary dependencies. Each required system package, library, or piece of code is scanned for common vulnerabilities (CVE) before installation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Section-2.2.2\" style=\"font-size:clamp(0.984rem, 0.984rem + ((1vw - 0.2rem) * 0.938), 1.5rem);text-transform:none\">Multi-Tenancy<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">SEMLA is designed based on the idea of multi-tenancy, i.e., the logical separation or compartmentalization of concern for different tenants. Workers are only allowed to view, edit, or interact with (hardware) components, processes, or data they are explicitly granted access to. Encapsulation is implemented by virtualization, meaning each work package consists of one or more Virtual Machines (VMs) responsible for different tasks, see <a href=\"#Figure-4\" class=\"ek-link\">Figure 4<\/a>. In contrast to relying on containerization with a shared kernel, like in a Kubernetes Cluster, this mitigates the risk of potential container breakouts, network, and kernel attacks (MacLeod, 2021; Minna et al, 2021) and shifts mounting and decryption towards the tenant.<br>Moreover, the logical separation of concern demands a global identity management system to enforce consistent and strict access control of files, processes, and services. SEMLA utilizes FreeIPA for identity management and Kerberos, an industry leading single sign-on mechanism, for user authentication. Services, VMs and logs are authenticated via X.509 certificates, issued and managed by FreeIPA as well. To achieve multi-tenancy, any communication between components needs to be restricted. Thus, a crucial step towards strict separation of concern plays the use of isolated networks without internet access and firewalls. Any connection between components in different networks must be explicitly allowed, i.e., communicating with FreeIPA in the management network (see <a href=\"#Figure-4\" class=\"ek-link\">Figure 4<\/a>). To ensure confidentiality and integrity during communication, each connection is secured via HTTPS and IPSec. This way, any information is authenticated and can be monitored.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Section-2.2.3\" style=\"font-size:clamp(0.984rem, 0.984rem + ((1vw - 0.2rem) * 0.938), 1.5rem);text-transform:none\">Encryption<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Besides encrypting all data in transit via HTTPS \u2013 be it internally or externally \u2013 all incoming or outgoing data is additionally end-to-end encrypted and signed via GNU Privacy Guard (GPG), meaning that data is always ciphered before transmission and only deciphered for processing in memory on the receiving end. Consequently, data is never present as plaintext at rest and even in memory while processing<sup class=\"modern-footnotes-footnote\" data-mfn=\"7\" data-mfn-post-scope=\"000000000000033e0000000000000000_197\"><a href=\"javascript:void(0)\"  role=\"button\" aria-pressed=\"false\" aria-describedby=\"mfn-content-000000000000033e0000000000000000_197-7\">7<\/a><\/sup><span id=\"mfn-content-000000000000033e0000000000000000_197-7\" role=\"tooltip\" class=\"modern-footnotes-footnote__note\" tabindex=\"0\" data-mfn=\"7\">The virtualization stack uses memory encryption, as far as provided by the used processor architecture, e.g., AMD Infinity Guard with the EPYC 7002 and 7003 is used.<\/span>, which again mitigates the risk of data leaks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Section-2.2.4\" style=\"font-size:clamp(0.984rem, 0.984rem + ((1vw - 0.2rem) * 0.938), 1.5rem);text-transform:none\">Multilevel Security<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">On top of that, the heterogenous nature and varying sensitivity of work packages and their data sets (categorized in sensitivity levels) require distinct technical measures due to legal obligations.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large animated fadeIn delay-100ms\" id=\"Figure-4\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"726\" src=\"https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/SEMLA_Network_Architecture-Overlay_Network-1024x726.png\" alt=\"Figure 4\" class=\"wp-image-454\" srcset=\"https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/SEMLA_Network_Architecture-Overlay_Network-1024x726.png 1024w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/SEMLA_Network_Architecture-Overlay_Network-300x213.png 300w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/SEMLA_Network_Architecture-Overlay_Network-768x545.png 768w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/SEMLA_Network_Architecture-Overlay_Network-1536x1089.png 1536w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/SEMLA_Network_Architecture-Overlay_Network-2048x1452.png 2048w, https:\/\/semla.dfki.de\/wp-content\/uploads\/2022\/12\/SEMLA_Network_Architecture-Overlay_Network-18x12.png 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Figure 4 The SEMLA Network Architecture. The network is divided into several isolated compartments using Software Defined Networking (SDN). The highly sensitive data is only available in the most inner networks without internet access  protected by multiple firewalls. All communication between network required explicit permission in the form of fine-grained firewall rules.<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">One obvious example is access control. For instance, workers in the lowest two sensitivity levels should be able to connect to VMs in the DMZ network from anywhere on the internet since a data breach of publicly available data would have neither ethical nor legal consequences. For work packages in the highest supported sensitivity level, workers must only be allowed to connect to VMs via dedicated, secure rooms called \u201cSEMLab\u201ds (see <a class=\"ek-link\" href=\"#Section-2.3\">Section 2.3<\/a>). This is because data breach would have severe legal and ethical consequences for all stakeholders, including data donors.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Section-2.2.5\" style=\"font-size:clamp(0.984rem, 0.984rem + ((1vw - 0.2rem) * 0.938), 1.5rem);text-transform:none\">Supervision and Intrusion-Detection<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The second core goal for SEMLA is supervision to assess further and diminish the consequences of potential data breaches. This means full traceability of all user actions, components, processes, and data states across the board, made possible by single sign-on authentication and global access control. By continuously analyzing audit logs and running a series of intrusion-detection and deviation-detection mechanisms, it is possible to react fast in case of suspicion and mitigate further damage.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-primary-color has-text-color\" id=\"Section-2.3\" style=\"font-size:clamp(0.984rem, 0.984rem + ((1vw - 0.2rem) * 0.938), 1.5rem);\">2.3. TOMs Example: SEMLab<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A fundamental example of TOMs is SEMLab, an office designed for working with data of sensitivity level 4. To work in the SEMLab, a worker must pass an enrolment process, including account creation, education on how to work with sensitive data, and to consent to all TOMs.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To use SEMLab, the two initial technical measures carried out at the door are putting the mobile phone in a drawer outside SEMLab and performing an identification step, currently a palm vein recognizer, to open the door. Next, organizational measures and rules apply, e.g., not to open the door for other people, to enter the office alone, to not use any other methods to record the data. Workstation access is secured by a two-factor authentication consisting of a fingerprint and password authentication. The workstation is running a hardened Linux with SELinux, Secure Boot, OpenSCAP, and other hardenings. In addition, workers can only connect to VMs and any additional hardware, e.g., USB sticks, are not accepted. This is covered by both technical and organizational measures. The workstations are connected via external VPN to the core servers without having internet access. Multi-tenancy measures prevent project data from leaving the isolated network or ending up on workstations. To further prevent data leakage, e.g., in the case of audio, workers must use headphones such that they cannot be overheard by others.<\/p>\n\n\n\n<h1 class=\"wp-block-heading has-primary-color has-text-color has-large-font-size\" id=\"Section-3\" style=\"text-transform:uppercase\">3. REFERENCE PROJECTS<\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">The development of SEMLA has largely been use-case driven. Experience in security-by-design and Common Criteria (Britz et al, 2016) has been very helpful, so has the work of the Alan Turing Institute (Arenas et al, 2019; O\u2019Reilly, 2020). The following prototypical projects have been pivotal for the requirements and developments.<\/p>\n\n\n\n<figure id=\"Table-2\" class=\"wp-block-table\">\n<table>\n<tbody>\n<tr style=\"border-bottom: 3px solid;\">\n<td class=\"has-text-align-left\" style=\"text-align: center;\" data-align=\"left\"><strong>Project<\/strong><\/td>\n<td class=\"has-text-align-left\" style=\"text-align: center;\" data-align=\"left\"><strong>Data Type<\/strong><\/td>\n<td class=\"has-text-align-center\" data-align=\"center\"><strong>Sensitivity Level<\/strong><\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><a class=\"ek-link\" href=\"https:\/\/tinyurl.com\/yhut25k4\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">KIttata<\/a> (2020-22):<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Objective: to create a decision support system for the quality estimation for the use case keratoplasty<br \/>Data: pseudonymized cornea photos, donor and recipient<\/td>\n<td class=\"has-text-align-center\" data-align=\"center\">2<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><a class=\"ek-link\" href=\"https:\/\/ki-at-home.de\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">KI@HOME<\/a> (2020-23):<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Objective: Activity and prediction models for elderly people in smart homes<br \/>Data: pseudonymized continuous smart home sensor stream + ground truth: diary + dementia tests + health care records<\/td>\n<td class=\"has-text-align-center\" data-align=\"center\">3<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><a class=\"ek-link\" href=\"https:\/\/www.mephesto.eu\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">MePheSTO<\/a>: (2019-23):<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Objective: Developing a framework for validation of<br \/>digital phenotypes for psychiatric disorders from clinical social interactions.<br \/>Data: raw recordings of clinical-patient interactions: video + audio + questionnaires<\/td>\n<td class=\"has-text-align-center\" data-align=\"center\">4<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\"><a class=\"ek-link\" href=\"https:\/\/ubidenz.de\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">Ubidenz<\/a> (2020-24):<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Objective: Prototyping an ubiquitous digital empathic therapy assistance system.<br \/>Data: raw recordings of clinical-patient interactions: video + audio + questionnaires<\/td>\n<td class=\"has-text-align-center\" data-align=\"center\">4<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n\n\n\n<h1 class=\"wp-block-heading has-primary-color has-text-color has-large-font-size\" id=\"Section-4\" style=\"text-transform:uppercase\">4. Conclusions and Future Work<\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">We have presented a set of technical and organizational measures, brought together into SEMLA, an on-premises trusted research environment tailored for small-scale research for sensitive personal data as found in medical and health R&amp;D projects. A main driver of the development is most prominently GDPR, but also domestic laws and regulations are considered.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">SEMLA is designed around the idea that data\u2019s sensitivity differs and demands different TOMs. Much inspiration has been taken from the TRE community, and in particular the work at the Alan Turing Institute (O&#8217;Reilly, 2020; Arenas et al, 2019), but whereas their approach is cloud-based (Azure), SEMLA\u2019s core is not on the internet, and is available only within isolated networks in the institutes intranet, and for very sensitive data from special offices \u2013 SEMLabs \u2013 equipped with dedicated workstations. Although SEMLA is entirely based on Linux and open-source software, Windows applications, such as the NOVA annotation tool (Heimerl et al, 2019), can be ran only inside additional VMs.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The next steps include the following topics:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Data trustee. Inevitably, managing data touches on extending the SEMLA functionality to serve as a data hub along the complete data life cycle.<\/li>\n\n\n\n<li>Federated learning. Allowing third-party stakeholders to trigger computations on SEMLA-hosted datasets over the internet.<\/li>\n\n\n\n<li>Certification. Currently, according to ISO 2700X and TISAX, and in the near future according to EuroPriSe \u2013 the European Privacy Seal (EuroPriSe, 2022).<\/li>\n\n\n\n<li>Open source. to make SEMLA open source thus allowing other research institutes and actors on the market to easily adapt and use the SEMLA solution.<\/li>\n<\/ul>\n\n\n\n<h1 class=\"wp-block-heading has-primary-color has-text-color has-large-font-size\" id=\"Section-5\" style=\"text-transform:uppercase\">5. REFERENCES<\/h1>\n\n\n\n<ul style=\"margin-top:0;margin-right:0;margin-bottom:0;margin-left:0\" class=\"wp-block-list\">\n<li>KI@HOME project homepage: <a href=\"https:\/\/ki-at-home.de\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"ek-link\">https:\/\/ki-at-home.de<\/a><\/li>\n\n\n\n<li>MePheSTO project homepage: <a href=\"https:\/\/mephesto.eu\" class=\"ek-link\">https:\/\/mephesto.eu<\/a><\/li>\n\n\n\n<li>Ubidenz project homepage: <a href=\"https:\/\/ubidenz.de\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"ek-link\">https:\/\/ubidenz.de<\/a><\/li>\n\n\n\n<li>Arenas, D., Atkins, J., Austin, C., Beavan, D., Egea, A. C., Carlysle-Davies, S., \u2026 &amp; Whitaker, K. (2019). Design choices for productive, secure, data-intensive research at scale in the cloud. arXiv preprint arXiv:1908.08737.<\/li>\n\n\n\n<li>Minna, F., Blaise, A., Rebecchi, F., Chandrasekaran, B., &amp; Massacci, F. (2021). Understanding the security implications of kubernetes networking. IEEE Security &amp; Privacy, 19(05), 46-56.<\/li>\n\n\n\n<li>Kiefer, G. L., Safi, T., Nadig, M., Sharma, M., Sakha, M. M., Ndiaye, A., \u2026 &amp; Alexandersson, J. (2022). An AI-Based Decision Support System for Quality Control Applied to the Use Case Donor Cornea. In International Conference on Human-Computer Interaction (pp. 257-274). Springer, Cham.<\/li>\n\n\n\n<li>K\u00f6nig, A., M\u00fcller, P., Tr\u00f6ger, J., Lindsay, H., Alexandersson, J., Hinze, J., Riemenschneider, M., Postin, D., Ettore, E., Lecomte, A. and Musiol, M., 2022. Multimodal phenotyping of psychiatric disorders from social interaction: Protocol of a clinical multicenter prospective study. Personalized Medicine in Psychiatry, 33, p.100094.<\/li>\n\n\n\n<li>Britz, J., Alexandersson, J. and Stephan, W., 2016. UCH goes EAL4\u2014the foundation of an eco system for ambient assisted living: ISO\/IEC 15408 Common Criteria Based Implementation of the ISO\/IEC 24752 Universal Control Hub Middleware. In Ambient Assisted Living (pp. 83-96). Springer, Cham.<\/li>\n\n\n\n<li>Heimerl, A., Baur, T., Lingenfelser, F., Wagner, J. and Andr\u00e9, E., 2019, September. NOVA-a tool for eXplainable Cooperative Machine Learning. In 2019 8th International Conference on Affective Computing and Intelligent Interaction (ACII) (pp. 109-115). IEEE.<\/li>\n\n\n\n<li>MacLeod, M. (2021). Escaping from a Virtualised Environment: An Evaluation of Container Breakout Techniques. <a href=\"https:\/\/supermairio.github.io\/assets\/pdfs\/Dissertation.pdf\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"ek-link\">https:\/\/supermairio.github.io\/assets\/pdfs\/Dissertation.pdf<\/a><\/li>\n\n\n\n<li>O&#8217;Reilly, Martin (2020): Data Safe Havens in the Cloud: Overview Poster from 2nd Research Software London and South East Workshop on 06 February 2020. figshare. Poster. <a href=\"https:\/\/doi.org\/10.6084\/m9.figshare.11815224.v6\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"ek-link\">https:\/\/doi.org\/10.6084\/m9.figshare.11815224.v6<\/a><\/li>\n\n\n\n<li>The Alan  Turing Institute: Data Save Havens    <a href=\"https:\/\/www.turing.ac.uk\/research\/research-projects\/data-safe-havens-cloud\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"ek-link\">https:\/\/www.turing.ac.uk\/research\/research-projects\/data-safe-havens-cloud<\/a><\/li>\n\n\n\n<li>Landesbeauftragte f\u00fcr den Datenschutz (LfD) Niedersachsen, 2018. Schutzstufenkonzept der LfD Niedersachsen: <a href=\"https:\/\/lfd.niedersachsen.de\/startseite\/themen\/technik_und_organisation\/schutzstufen\/schutzstufen-56140.html\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"ek-link\">https:\/\/lfd.niedersachsen.de\/startseite\/themen\/technik_und_organisation\/schutzstufen\/schutzstufen-56140.html<\/a><\/li>\n\n\n\n<li>TCPD, 2016. Schutzklassenkonzept f\u00fcr die Datenschutz- Zertifizierung nach TCDP Version 1.0: <a href=\"https:\/\/tcdp.de\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"ek-link\">https:\/\/tcdp.de<\/a><\/li>\n\n\n\n<li>EuroPriSe homepage: <a href=\"https:\/\/www.euprivacyseal.com\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"ek-link\">https:\/\/www.euprivacyseal.com<\/a><\/li>\n<\/ul>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"--col-width:12rem;padding-top:0;padding-right:0;padding-bottom:0;padding-left:0;flex-basis:12rem\">\n<div class=\"wp-block-senff-sticky-block\" data-topspace=\"20\" data-cfa=\"true\" data-minwidth=\"0\" data-maxwidth=\"99999\" data-pushup=\"\" data-zindex=\"1\">\n<div class=\"wp-block-group alignfull is-vertical is-content-justification-right is-layout-flex wp-container-core-group-is-layout-30c8f6fa wp-block-group-is-layout-flex\" id=\"whitepaper-download-button\" style=\"padding-top:var(--wp--preset--spacing--30);padding-right:var(--wp--preset--spacing--30);padding-bottom:0;padding-left:0\">\n<div class=\"wp-block-buttons is-horizontal is-content-justification-right is-layout-flex wp-container-core-buttons-is-layout-9396d498 wp-block-buttons-is-layout-flex\" style=\"margin-top:0;margin-bottom:0.5rem\">\n<div class=\"wp-block-button is-style-fill\"><a class=\"wp-block-button__link has-base-color has-text-color wp-element-button\" href=\"http:\/\/semla.dfki.de\/wp-content\/uploads\/2023\/10\/SEMLA-whitepaper-v1.0.1.pdf\" style=\"border-radius:5%\" target=\"_blank\" rel=\"noreferrer noopener\">Download<\/a><\/div>\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Version 1.0.1<\/p>\n\n\n\n<p class=\"has-text-align-right has-small-font-size wp-block-paragraph\">14 December 2022<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>An On-Premises Trusted Research Environment for AI-based R&amp;D with Sensitive Personal Information Jan Alexandersson, Jochen Britz, Valentin Seimetz, Daniel Tabellion DFKI GmbH 1. Introduction We are witnesses to huge and rapid advancements in technical systems based on artificial intelligence (AI). The steady growth in computing power, both in terms of CPU and GPU, along with [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-197","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/semla.dfki.de\/de\/wp-json\/wp\/v2\/pages\/197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/semla.dfki.de\/de\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/semla.dfki.de\/de\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/semla.dfki.de\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/semla.dfki.de\/de\/wp-json\/wp\/v2\/comments?post=197"}],"version-history":[{"count":79,"href":"https:\/\/semla.dfki.de\/de\/wp-json\/wp\/v2\/pages\/197\/revisions"}],"predecessor-version":[{"id":580,"href":"https:\/\/semla.dfki.de\/de\/wp-json\/wp\/v2\/pages\/197\/revisions\/580"}],"wp:attachment":[{"href":"https:\/\/semla.dfki.de\/de\/wp-json\/wp\/v2\/media?parent=197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}