A UML Profile for Privacy Enforcement

  • Javier Luis Cánovas IzquierdoEmail author
  • Julián Salas
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11176)


Nowadays most software applications have to deal with personal data, specially with the emergence of Web-based applications, where user profile information has become one of their main assets. Due to regulation laws and to protect the privacy of users, customers and companies; most of this information is considered private, and therefore convenient ways to gather, process and store them have to be proposed. A common problem when modeling software systems is the lack of support to specify how to enforce privacy concerns in data models. Current approaches for modeling privacy cover high-level privacy aspects to describe what should be done with the data (e.g., elements to be private) instead of how to do it (e.g., which privacy enhancing technology to use); or propose access control policies, which may cover privacy only partially. In this paper we propose a profile to define and enforce privacy concerns in UML class diagrams. Models annotated with our profile can be used in model-driven methodologies to generate privacy-aware applications.


UML UML-profile Privacy 


  1. 1.
    Ahmadian, A.S., Peldszus, S., Ramadan, Q., Jürjens, J.: Model-based privacy and security analysis with carisma. In: Foundations of Software Engineering, pp. 989–993 (2017)Google Scholar
  2. 2.
    Ahmadian, A.S., Strüber, D., Riediger, V., Jürjens, J.: Model-based privacy analysis in industrial ecosystems. In: European Conference on Modelling Foundations and Applications, pp. 215–231 (2017)CrossRefGoogle Scholar
  3. 3.
    Allison, D.S., Yamany, H.F.E., Capretz, M.A.M.: Metamodel for privacy policies within SOA. In: Workshop on Software Engineering for Secure Systems, pp. 40–46 (2009)Google Scholar
  4. 4.
    Alshammari, M., Simpson, A.: A UML profile for privacy-aware data lifecycle models. In: International Workshop on Computer Security, pp. 189–209 (2017)Google Scholar
  5. 5.
    Basso, T., Montecchi, L., Moraes, R., Jino, M., Bondavalli, A.: Towards a UML profile for privacy-aware applications. In: International Conference on Computer and Information Technology, pp. 371–378 (2015)Google Scholar
  6. 6.
    Busch, M.: Evaluating & engineering: an approach for the development of secure web applications (2016)Google Scholar
  7. 7.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: International Workshop on Policies for Distributed Systems and Networks, pp. 18–38 (2001)Google Scholar
  8. 8.
    Hoepman, J.: Privacy design strategies - (extended abstract). In: International Conference on Systems Security and Privacy Protection, pp. 446–459 (2014)CrossRefGoogle Scholar
  9. 9.
    Jürjens, J.: UMLsec: extending UML for secure systems development. In: 5th International Conference on the Unified Modeling Language, pp. 412–425 (2002)CrossRefGoogle Scholar
  10. 10.
    Mont, M.C., Pearson, S., Creese, S., Goldsmith, M., Papanikolaou, N.: A conceptual model for privacy policies with consent and revocation requirements. In: International Summer School on Privacy and Identity Management for Life, pp. 258–270 (2010)Google Scholar
  11. 11.
    Ni, Q., et al.: Privacy-aware role-based access control. ACM Trans. Inf. Syst. Secur. 13(3), 24:1–24, 31 (2010)Google Scholar
  12. 12.
    OASIS: Extensible Access Control Markup Language (XACML). Accessed April 2018
  13. 13.
    OMG: Unified Modeling Language. Accessed April 2018
  14. 14.
    Salas, J., Domingo-Ferrer, J.: Some basics on privacy techniques, anonymization and their big data challenges. Mathematics in Computer Science (2018, in press)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Samarati, P., Sweeney, L.: Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Technical report (1998)Google Scholar
  16. 16.
    Soria-Comas, J., Domingo-Ferrer, J.: Big data privacy: challenges to privacy principles and models. Data Sci. Eng. 1(1), 21–28 (2016)CrossRefGoogle Scholar
  17. 17.
    Torra, V., Navarro-Arribas, G.: Big data privacy and anonymization. In: Lehmann, A., Whitehouse, D., Fischer-Hübner, S., Fritsch, L., Raab, C. (eds.) Privacy and Identity 2016. IAICT, vol. 498, pp. 15–26. Springer, Cham (2016). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Javier Luis Cánovas Izquierdo
    • 1
    Email author
  • Julián Salas
    • 1
  1. 1.Internet Interdisciplinary Institute (IN3)Universitat Oberta de Catalunya (UOC)BarcelonaSpain

Personalised recommendations