Software and Systems Modeling

, Volume 18, Issue 6, pp 3235–3264 | Cite as

Privacy-enhanced BPMN: enabling data privacy analysis in business processes models

  • Pille Pullonen
  • Jake TomEmail author
  • Raimundas Matulevičius
  • Aivo Toots
Regular Paper


Privacy-enhancing technologies play an important role in preventing the disclosure of private data as information is transmitted and processed. Although business process model and notation (BPMN) is well suited for expressing stakeholder collaboration and business processes support by technical solutions, little is done to depict and analyze the flow of private information and its technical safeguards as it is disclosed to process participants. This gap motivates the development of privacy-enhanced BPMN (PE-BPMN)—a BPMN language for capturing PET-related activities in order to study the flow of private information and ease the communication of privacy concerns and requirements among stakeholders. We demonstrate its feasibility in a mobile app scenario and present techniques to analyze information disclosures identified by models enriched with PE-BPMN.


Privacy Business process model and notation (BPMN) Privacy-enhancing technology (PET) Information disclosure 



The authors would like to thank Prof. Marlon Dumas, Peeter Laud, Dan Bogdanov and other members of the NAPLES project for discussions, comments and feedback concerning this study. This research was, in part, funded by the Air Force Research laboratory (AFRL) and Defense Advanced Research Projects Agency (DARPA) under contract FA8750-16-C-0011. The views expressed are those of the authors and do not reflect the official policy or position of the Department of Defense or the U.S. Government. This work was also supported by the European Regional Development Fund through the Excellence in IT in Estonia (EXCITE) and by the Estonian Research Council under Institutional Research Grant IUT27-1.


  1. 1.
    Accorsi, R., Lehmann, A., Lohmann, N.: Information leak detection in business process models. Inf. Syst. 47(C), 244–257 (2015)CrossRefGoogle Scholar
  2. 2.
    Altuhhova, O., Matulevičius, R., Ahmed, N.: An extension of business process model and notification for security risk management. IJISMD 4(4), 93–113 (2013)Google Scholar
  3. 3.
    Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, vol. 13. ACM New York, NY (2013)Google Scholar
  4. 4.
    Argyropoulos, N., Mouratidis, H., Fish, A.: Attribute-based security verification of business process models,. In: Proceedings of the 19th Conference on Business Informatics, pp. 43–52 (2017)Google Scholar
  5. 5.
    Ayed, G.B., Ghernaouti-Helie, S.: Processes view modeling of identity-related privacy business interoperability: considering user-supremacy federated identity technical model and identity contract negotiation. In: Proceedings of the ASONAM 2012 (2012)Google Scholar
  6. 6.
    Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of the 1979 AFIPS National Computer Conference, pp. 313–317. AFIPS Press, Montvale (1979)Google Scholar
  7. 7.
    Braun, R., Esswein, W.: Classification of domain-specific BPMN extensions. In: The Practice of Enterprise Modeling, LNBIP, pp. 42–57. Springer, Berlin (2014)Google Scholar
  8. 8.
    Brucker, A.D., Hang, I., Lückemeyer, G., Ruparel, R.: SecureBPMN: modeling and enforcing access control requirements in business processes. In: Proceedings of the SACMAT 2012, pp. 123–126. ACM (2012)Google Scholar
  9. 9.
    Cherdantseva, Y., Hilton, J., Rana, O.: Towards SecureBPMN—aligning BPMN with the information assurance and security domain. In: Business Process Model and Notation, LNBIP, pp. 107–115. Springer, Berlin (2012)Google Scholar
  10. 10.
    Chergui, M.E.A., Benslimane, S.M.: A valid BPMN extension for supporting security requirements based on cyber security ontology. In: MEDI 2018, LNCS 11163, pp. 216–232 (2018)Google Scholar
  11. 11.
    Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.-H., Metayer, D.L., Tirtea, R., Schiffner, S.: Privacy and data protection by design-from policy to engineering. Technical report, European Union Agency for Network and Information Security (2015)Google Scholar
  12. 12.
    da Silva, A.R.: Model-driven engineering. Comput. Lang. Syst. Struct. 43, 139–155 (2015)Google Scholar
  13. 13.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theor. 22(6), 644–654 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Dumas, M., García-Bañuelos, L., Laud, P.: Differential privacy analysis of data processing workflows. Proc. Third Int. Workshop GraMSec 2016, 62–79 (2016)Google Scholar
  15. 15.
    Dumas, M., La Rosa, M., Mendling, J., Reijers, H.: Fundamentals of Business Process Management. Springer, Berlin (2013)CrossRefGoogle Scholar
  16. 16.
    Dumas, M., Garcia-Banuelos, L., Laud, P.: Disclosure analysis of SQL workflows. In: Fifth International Workshop on Graphical Models for Security. (GramSec 2018), co-located with CSF 2018 (2018)Google Scholar
  17. 17.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-first Annual ACM Symposium on Theory of Computing, STOC ’09, pp. 169–178, New York, NY, USA. ACM (2009)Google Scholar
  18. 18.
    Greenberg, A.: Apple’s ’differential privacy’ is about collecting your data–but not your data. In: Wired (2016)Google Scholar
  19. 19.
    Heurix, J., Zimmermann, P., Neubauer, T., Fenz, S.: A taxonomy for privacy enhancing technologies. Comput. Secur. 53, 1–17 (2015)CrossRefGoogle Scholar
  20. 20.
    International Organization for Standardization: ISO/IEC DIS 29134: Information technology—security techniques—privacy impact assessment—guidelines. Technical report, International Organization for Standardization (2016)Google Scholar
  21. 21.
    JOINT TASK FORCE and TRANSFORMATION INITIATIVE. Security and privacy controls for federal information systems and organizations. NIST Special Publication, 800, 53 (2013)Google Scholar
  22. 22.
    Koorn, R., van Gils, H., ter Hart, J., Overbeek, P., Tellegen, R., Borking, J.: Privacy enhancing technologies, white paper for decision makers. In: Ministry of the Interior and Kingdom Relations, the Netherlands (2004)Google Scholar
  23. 23.
    Ladha, W., Mehandjiev, N., Sampaio, P.: Modelling of privacy-aware business processes in BPMN to protect personal data. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1399–1405 (2014)Google Scholar
  24. 24.
    Lepinski, M., Levin, D., McCarthy, D., Watro, R., Lack, M., Hallenbeck, D., Slater, D.: Privacy-enhanced android for smart cities applications. In: Leon-Garcia, A., Lenort, R., Holman, D., Staš, D., Krutilova, V., Wicher, P., Cagáňová, D., Špirková, D., Golej, J., Nguyen, K., (eds.) Smart City 360, pp 66–77. Springer, Cham (2016)Google Scholar
  25. 25.
    Maines, C.L., Llewelly-Jone, D., Tang, S., Zhou, A.: Cyber security ontology for BPMN-security extensions. In: Proceeding of the IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communication; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, pp. 1756–1763 (2015)Google Scholar
  26. 26.
    Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in service-oriented business process management. ARES 2009, 41–49 (2009)Google Scholar
  27. 27.
    Mouratidis, H., Kalloniatis, C., Islam, S., Hudic, A., Zechner, L.: Model based process to support security and privacy requirements engineering. Int. J. Secure Softw. Eng. 3(3), 1–22 (2012)CrossRefGoogle Scholar
  28. 28.
    Mülle, J., von Stackelberg, S., Böhm, K.: A security language for BPMN process models 2011, 9. Technical Report 9, Karlsruhe Reports in Informatics (2011)Google Scholar
  29. 29.
    OMG. Business Process Model and Notation (BPMN).
  30. 30.
    Privacy management reference model and methodology (PMRM) version 1.0. OASIS Committee Specification 02, (2016).
  31. 31.
    Pullonen, P., Matulevicius, R., Bogdanov, D.: PE-BPMN: privacy-enhanced business process model and notation. In: Business Process Management—15th International Conference, BPM 2017, Barcelona, Spain, September 10–15, 2017, Proceedings, pp. 40–56 (2017)Google Scholar
  32. 32.
    Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), 2016.
  33. 33.
    Rodriguez, A., Fernandez-Medina, E., Piattini, M.: A BPMN extension for the modeling of security requirements in business processes. IEICE Trans. Inf. Syst. 90(4), 745–752 (2007)CrossRefGoogle Scholar
  34. 34.
    Saleem, M.Q., Jaafar, J.B., Hassan, M.F.: A domain-specific language for modelling security objectives in business process models of SOA applications. Adv. Inf. Sci. Serv. Sci. (AISS) 4(1) (2012)Google Scholar
  35. 35.
    Salnitri, M., Dalpiaz, F., Giorgini, P.: Modelling and verifying security policies in business processes. Lect. Notes Bus. Inf. Process. LNBIP 175, 200–214 (2014)Google Scholar
  36. 36.
    Sang, K.S., Zhou, B.: BPMN security extensions for healthcare process. In: Proceeding of the IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communication; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, pp. 2340–2345 (2015)Google Scholar
  37. 37.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  38. 38.
    Solove, D.J.: A taxonomy of privacy. University of Pennsylvania law review, pp. 477–564 (2006)Google Scholar
  39. 39.
    Souza, A.R.R., Silva, B.L.B., Lins, F.A.A., Damasceno, J.C., Rosa, N.S., Maciel, P.R.M., Medeiros, R.W.A., Stephenson, B., Motahari-Nezhad, H.R., Li, J., Northfleet, C.: Incorporating security requirements into service composition: from modelling to execution. In: ICSOC-ServiceWave 2009, LNCS 5900, pp. 373–388 (2009)Google Scholar
  40. 40.
    Su, J., Shukla, A., Goel, S., Narayanan, A.: De-anonymizing web browsing data with social networks. In: Proceedings of the 26th International Conference on World Wide Web, WWW ’17, pp. 1261–1269. International World Wide Web Conferences Steering Committee (2017)Google Scholar
  41. 41.
    Tom, J., Sing, E., Matulevičius, R.: Conceptual representation of the gdpr: Model and application directions. In: International Conference on Business Informatics Research, pp. 18–28. Springer, Berlin (2018)Google Scholar
  42. 42.
    Weiss, M.A., Archick, K.: US-EU data privacy: from safe harbor to privacy shield. In: Congressional Research Service (2016)Google Scholar
  43. 43.
    Wolter, C., Menzel, M., Schaad, A., Miseldine, P., Meinel, C.: Model-driven business process requirements specification. J. Syst. Archit. 55, 211–223 (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  • Pille Pullonen
    • 1
  • Jake Tom
    • 2
    Email author
  • Raimundas Matulevičius
    • 2
  • Aivo Toots
    • 1
  1. 1.CyberneticaTartuEstonia
  2. 2.University of TartuTartuEstonia

Personalised recommendations