nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

Model-Based Privacy Analysis in Industrial Ecosystems

verfasst von : Amir Shayan Ahmadian, Daniel Strüber, Volker Riediger, Jan Jürjens

Erschienen in: Modelling Foundations and Applications

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Article 25 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing and the free movement of personal data, refers to data protection by design and by default. Privacy and data protection by design implies that IT systems need to be adapted or focused to technically support privacy and data protection. To this end, we need to verify whether security and privacy are supported by a system, or any change in the design of the system is required. In this paper, we provide a model-based privacy analysis approach to analyze IT systems that provide IT services to service customers. An IT service may rely on different enterprises to process the data that is provided by service customers. Therefore, our approach is modular in the sense that it analyzes the system design of each enterprise individually. The approach is based on the four privacy fundamental elements, namely purpose, visibility, granularity, and retention. We present an implementation of the approach based on the CARiSMA tool. To evaluate our approach, we apply it to an industrial case study.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Model Consistency for Distributed Collaborative Modeling

Nächstes Kapitel Formulating Model Verification Tasks Prover-Independently as UML Diagrams

Personal data in the cloud: The importance of trust. Technical report, Fujitso Global Business Group, Tokyo 105-7123, Japan, September 2010

CARiSMA (2016). https://rgse.uni-koblenz.de/carisma/

The European Parliament and the Council of the European Union, Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Official J. Eur. Union, vol. 199, pp 1–88 (April 2016)

VisiOn Project (2016). http://www.visioneuproject.eu/

Ahmadian, S., Jürjens, J.: Supporting model-based privacy analysis by exploiting privacy level agreements. In: 8th IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2016) (2016)

Antignac, T., Métayer, D.: Privacy by design: from technologies to architectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 1–17. Springer, Cham (2014). doi:10.1007/978-3-319-06749-0_1

Barker, K., Askari, M., Banerjee, M., Ghazinour, K., Mackas, B., Majedi, M., Pun, S., Williams, A.: A Data Privacy Taxonomy, pp. 42–54. Springer, Heidelberg (2009)

Basso, T., Montecchi, L., Moraes, R., Jino, M., Bondavalli, A.: Towards a UML profile for privacy-aware applications. In: 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, pp. 371–378, October 2015

Breu, R., Burger, K., Hafner, M., Jürjens, J., Popp, G., Wimmel, G., Lotz, V.: Key issues of a formally based process model for security engineering. In: Sixteenth International Conference “Software & Systems Engineering & Their Applications”, Paris (2003)

10.

Cavoukian, A., Chibba, M.: Advancing privacy and security in computing, networking and systems innovations through privacy by design. In: Proceedings of the 2009 conference of the Centre for Advanced Studies on Collaborative Research, 2–5 November 2009, Toronto, Ontario, Canada, pp. 358–360 (2009)

11.

Cloud Security Alliance: Privacy Level Agreement [V2]: A Compliance Tool for Providing Cloud Services in the European Union (2013)

12.

Dupressoir, F., Gordon, A.D., Jürjens, J., Naumann, D.A.: Guiding a general-purpose C verifier to prove cryptographic protocols. J. Comput. Secur. 22(5), 823–866 (2014). http://dx.doi.org/10.3233/JCS-140508 CrossRef

13.

Ghazinour, K., Majedi, M., Barker, K.: A lattice-based privacy aware access control model. In: International Conference on Computational Science and Engineering, CSE 2009, vol. 3, pp. 154–159, August 2009

14.

Gürses, S., Gonzalez Troncoso, C., Diaz, C.: Engineering privacy by design. In: Computers, Privacy & Data Protection (2011)

15.

Hafiz, M.: A pattern language for developing privacy enhancing technologies. Softw. Pract. Exper. 43(7), 769–787 (2013)CrossRef

16.

Hoepman, J.H.: Privacy Design Strategies, pp. 446–459. Springer, Heidelberg (2014)

17.

Jin, X., Sandhu, R.S., Krishnan, R.: RABAC: role-centric attribute-based access control. In: International Conference on Mathematical Methods, Models and Architectures for Computer Network Security (MMM-ACNS), pp. 84–96 (2012)

18.

Jürjens, J.: Secure information flow for concurrent processes. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 395–409. Springer, Heidelberg (2000). doi:10.1007/3-540-44618-4_29 CrossRef

19.

Jürjens, J.: Modelling audit security for smart-card payment schemes with UMLsec. In: Dupuy, M., Paradinas, P. (eds.) Trusted Information: The New Decade Challenge, pp. 93–108 (2001). Proceedings of the 16th International Conference on Information Security (SEC 2001). http://www.jurjens.de/jan

20.

Jürjens, J.: Model-based security engineering with UML. In: Aldini, A., Gorrieri, R., Martinelli, F. (eds.) FOSAD 2004-2005. LNCS, vol. 3655, pp. 42–77. Springer, Heidelberg (2005). doi:10.1007/11554578_2 CrossRef

21.

Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)MATH

22.

Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requirements Eng. 13(3), 241–255 (2008)CrossRef

23.

Kerschbaum, F.: Privacy-Preserving Computation, pp. 41–54. Springer, Heidelberg (2014)

24.

Object Management Group (OMG): UML 2.5 Superstructure Specification (2011)

25.

Pearson, S.: Taking account of privacy when designing cloud computing services. In: Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pp. 44–52, CLOUD 2009. IEEE Computer Society (2009)

26.

Pearson, S., Allison, D.: A model-based privacy compliance checker. IJEBR 5(2), 63–83 (2009)

27.

Schneider, K., Knauss, E., Houmb, S., Islam, S., Jürjens, J.: Enhancing security requirements engineering by organisational learning. Requirements Eng. J. (REJ) 17(1), 35–56 (2012)CrossRef

28.

Spiekermann, S.: The challenges of privacy by design. Commun. ACM 55(7), 38–40 (2012)CrossRef

29.

Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2009)CrossRef

30.

van Staden, W., Olivier, M.S.: Using Purpose Lattices to Facilitate Customisation of Privacy Agreements, pp. 201–209. Springer, Heidelberg (2007)

Titel: Model-Based Privacy Analysis in Industrial Ecosystems
verfasst von: Amir Shayan Ahmadian
Daniel Strüber
Volker Riediger
Jan Jürjens
Verlag: Springer International Publishing
Buch: Modelling Foundations and Applications
Print ISBN: 978-3-319-61481-6

Electronic ISBN: 978-3-319-61482-3

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-61482-3_13

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner