Privacy-enhanced BPMN: enabling data privacy analysis in business processes models


Privacy-enhancing technologies play an important role in preventing the disclosure of private data as information is transmitted and processed. Although business process model and notation (BPMN) is well suited for expressing stakeholder collaboration and business processes support by technical solutions, little is done to depict and analyze the flow of private information and its technical safeguards as it is disclosed to process participants. This gap motivates the development of privacy-enhanced BPMN (PE-BPMN)—a BPMN language for capturing PET-related activities in order to study the flow of private information and ease the communication of privacy concerns and requirements among stakeholders. We demonstrate its feasibility in a mobile app scenario and present techniques to analyze information disclosures identified by models enriched with PE-BPMN.

This is a preview of subscription content, log in to check access.

Access options

Buy single article

Instant unlimited access to the full article PDF.

US$ 39.95

Price includes VAT for USA

Subscribe to journal

Immediate online access to all issues from 2019. Subscription will auto renew annually.

US$ 99

This is the net price. Taxes to be calculated in checkout.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16


  1. 1.

    For a visualization of published leaks, see

  2. 2.

    For a brief overview of BPMN and its salient features, see the OMG introduction to BPMN at

  3. 3.

    The PETs included in our abstract syntax are selected based on their applicability to the real-world scenario in Sect. 7, and they are sufficiently different from each other to allow discussing various details of the concrete stereotypes.

  4. 4.

  5. 5.

    DARPA Brandeis—

  6. 6.

  7. 7. and


  1. 1.

    Accorsi, R., Lehmann, A., Lohmann, N.: Information leak detection in business process models. Inf. Syst. 47(C), 244–257 (2015)

  2. 2.

    Altuhhova, O., Matulevičius, R., Ahmed, N.: An extension of business process model and notification for security risk management. IJISMD 4(4), 93–113 (2013)

  3. 3.

    Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, vol. 13. ACM New York, NY (2013)

  4. 4.

    Argyropoulos, N., Mouratidis, H., Fish, A.: Attribute-based security verification of business process models,. In: Proceedings of the 19th Conference on Business Informatics, pp. 43–52 (2017)

  5. 5.

    Ayed, G.B., Ghernaouti-Helie, S.: Processes view modeling of identity-related privacy business interoperability: considering user-supremacy federated identity technical model and identity contract negotiation. In: Proceedings of the ASONAM 2012 (2012)

  6. 6.

    Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of the 1979 AFIPS National Computer Conference, pp. 313–317. AFIPS Press, Montvale (1979)

  7. 7.

    Braun, R., Esswein, W.: Classification of domain-specific BPMN extensions. In: The Practice of Enterprise Modeling, LNBIP, pp. 42–57. Springer, Berlin (2014)

  8. 8.

    Brucker, A.D., Hang, I., Lückemeyer, G., Ruparel, R.: SecureBPMN: modeling and enforcing access control requirements in business processes. In: Proceedings of the SACMAT 2012, pp. 123–126. ACM (2012)

  9. 9.

    Cherdantseva, Y., Hilton, J., Rana, O.: Towards SecureBPMN—aligning BPMN with the information assurance and security domain. In: Business Process Model and Notation, LNBIP, pp. 107–115. Springer, Berlin (2012)

  10. 10.

    Chergui, M.E.A., Benslimane, S.M.: A valid BPMN extension for supporting security requirements based on cyber security ontology. In: MEDI 2018, LNCS 11163, pp. 216–232 (2018)

  11. 11.

    Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.-H., Metayer, D.L., Tirtea, R., Schiffner, S.: Privacy and data protection by design-from policy to engineering. Technical report, European Union Agency for Network and Information Security (2015)

  12. 12.

    da Silva, A.R.: Model-driven engineering. Comput. Lang. Syst. Struct. 43, 139–155 (2015)

  13. 13.

    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theor. 22(6), 644–654 (2006)

  14. 14.

    Dumas, M., García-Bañuelos, L., Laud, P.: Differential privacy analysis of data processing workflows. Proc. Third Int. Workshop GraMSec 2016, 62–79 (2016)

  15. 15.

    Dumas, M., La Rosa, M., Mendling, J., Reijers, H.: Fundamentals of Business Process Management. Springer, Berlin (2013)

  16. 16.

    Dumas, M., Garcia-Banuelos, L., Laud, P.: Disclosure analysis of SQL workflows. In: Fifth International Workshop on Graphical Models for Security. (GramSec 2018), co-located with CSF 2018 (2018)

  17. 17.

    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-first Annual ACM Symposium on Theory of Computing, STOC ’09, pp. 169–178, New York, NY, USA. ACM (2009)

  18. 18.

    Greenberg, A.: Apple’s ’differential privacy’ is about collecting your data–but not your data. In: Wired (2016)

  19. 19.

    Heurix, J., Zimmermann, P., Neubauer, T., Fenz, S.: A taxonomy for privacy enhancing technologies. Comput. Secur. 53, 1–17 (2015)

  20. 20.

    International Organization for Standardization: ISO/IEC DIS 29134: Information technology—security techniques—privacy impact assessment—guidelines. Technical report, International Organization for Standardization (2016)

  21. 21.

    JOINT TASK FORCE and TRANSFORMATION INITIATIVE. Security and privacy controls for federal information systems and organizations. NIST Special Publication, 800, 53 (2013)

  22. 22.

    Koorn, R., van Gils, H., ter Hart, J., Overbeek, P., Tellegen, R., Borking, J.: Privacy enhancing technologies, white paper for decision makers. In: Ministry of the Interior and Kingdom Relations, the Netherlands (2004)

  23. 23.

    Ladha, W., Mehandjiev, N., Sampaio, P.: Modelling of privacy-aware business processes in BPMN to protect personal data. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1399–1405 (2014)

  24. 24.

    Lepinski, M., Levin, D., McCarthy, D., Watro, R., Lack, M., Hallenbeck, D., Slater, D.: Privacy-enhanced android for smart cities applications. In: Leon-Garcia, A., Lenort, R., Holman, D., Staš, D., Krutilova, V., Wicher, P., Cagáňová, D., Špirková, D., Golej, J., Nguyen, K., (eds.) Smart City 360, pp 66–77. Springer, Cham (2016)

  25. 25.

    Maines, C.L., Llewelly-Jone, D., Tang, S., Zhou, A.: Cyber security ontology for BPMN-security extensions. In: Proceeding of the IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communication; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, pp. 1756–1763 (2015)

  26. 26.

    Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in service-oriented business process management. ARES 2009, 41–49 (2009)

  27. 27.

    Mouratidis, H., Kalloniatis, C., Islam, S., Hudic, A., Zechner, L.: Model based process to support security and privacy requirements engineering. Int. J. Secure Softw. Eng. 3(3), 1–22 (2012)

  28. 28.

    Mülle, J., von Stackelberg, S., Böhm, K.: A security language for BPMN process models 2011, 9. Technical Report 9, Karlsruhe Reports in Informatics (2011)

  29. 29.

    OMG. Business Process Model and Notation (BPMN).

  30. 30.

    Privacy management reference model and methodology (PMRM) version 1.0. OASIS Committee Specification 02, (2016).

  31. 31.

    Pullonen, P., Matulevicius, R., Bogdanov, D.: PE-BPMN: privacy-enhanced business process model and notation. In: Business Process Management—15th International Conference, BPM 2017, Barcelona, Spain, September 10–15, 2017, Proceedings, pp. 40–56 (2017)

  32. 32.

    Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), 2016.

  33. 33.

    Rodriguez, A., Fernandez-Medina, E., Piattini, M.: A BPMN extension for the modeling of security requirements in business processes. IEICE Trans. Inf. Syst. 90(4), 745–752 (2007)

  34. 34.

    Saleem, M.Q., Jaafar, J.B., Hassan, M.F.: A domain-specific language for modelling security objectives in business process models of SOA applications. Adv. Inf. Sci. Serv. Sci. (AISS) 4(1) (2012)

  35. 35.

    Salnitri, M., Dalpiaz, F., Giorgini, P.: Modelling and verifying security policies in business processes. Lect. Notes Bus. Inf. Process. LNBIP 175, 200–214 (2014)

  36. 36.

    Sang, K.S., Zhou, B.: BPMN security extensions for healthcare process. In: Proceeding of the IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communication; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, pp. 2340–2345 (2015)

  37. 37.

    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

  38. 38.

    Solove, D.J.: A taxonomy of privacy. University of Pennsylvania law review, pp. 477–564 (2006)

  39. 39.

    Souza, A.R.R., Silva, B.L.B., Lins, F.A.A., Damasceno, J.C., Rosa, N.S., Maciel, P.R.M., Medeiros, R.W.A., Stephenson, B., Motahari-Nezhad, H.R., Li, J., Northfleet, C.: Incorporating security requirements into service composition: from modelling to execution. In: ICSOC-ServiceWave 2009, LNCS 5900, pp. 373–388 (2009)

  40. 40.

    Su, J., Shukla, A., Goel, S., Narayanan, A.: De-anonymizing web browsing data with social networks. In: Proceedings of the 26th International Conference on World Wide Web, WWW ’17, pp. 1261–1269. International World Wide Web Conferences Steering Committee (2017)

  41. 41.

    Tom, J., Sing, E., Matulevičius, R.: Conceptual representation of the gdpr: Model and application directions. In: International Conference on Business Informatics Research, pp. 18–28. Springer, Berlin (2018)

  42. 42.

    Weiss, M.A., Archick, K.: US-EU data privacy: from safe harbor to privacy shield. In: Congressional Research Service (2016)

  43. 43.

    Wolter, C., Menzel, M., Schaad, A., Miseldine, P., Meinel, C.: Model-driven business process requirements specification. J. Syst. Archit. 55, 211–223 (2009)

Download references


The authors would like to thank Prof. Marlon Dumas, Peeter Laud, Dan Bogdanov and other members of the NAPLES project for discussions, comments and feedback concerning this study. This research was, in part, funded by the Air Force Research laboratory (AFRL) and Defense Advanced Research Projects Agency (DARPA) under contract FA8750-16-C-0011. The views expressed are those of the authors and do not reflect the official policy or position of the Department of Defense or the U.S. Government. This work was also supported by the European Regional Development Fund through the Excellence in IT in Estonia (EXCITE) and by the Estonian Research Council under Institutional Research Grant IUT27-1.

Author information

Correspondence to Jake Tom.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Communicated by Dr Benoit Combemale.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Pullonen, P., Tom, J., Matulevičius, R. et al. Privacy-enhanced BPMN: enabling data privacy analysis in business processes models. Softw Syst Model 18, 3235–3264 (2019).

Download citation


  • Privacy
  • Business process model and notation (BPMN)
  • Privacy-enhancing technology (PET)
  • Information disclosure