PE-BPMN: Privacy-Enhanced Business Process Model and Notation

  • Pille PullonenEmail author
  • Raimundas Matulevičius
  • Dan Bogdanov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10445)


Privacy Enhancing Technologies (PETs) play an important role in preventing privacy leakage of data along information flows. Although business process modelling is well-suited for expressing stakeholder collaboration and process support by technical solutions, little is done to visualise and analyse privacy leakages in the processes. We propose PE-BPMN – privacy-enhanced extensions to the BPMN language for capturing data leakages. We demonstrate its feasibility in the mobile app scenario where private data leakages are determined. Our approach helps system builders make decisions on the privacy solutions at the early stages of development and lets auditors analyse existing systems.


Privacy Business process model and notation (BPMN) Privacy enhancing technology Data leakage 



The authors would like to thank Prof. Marlon Dumas, Peeter Laud and other members of the NAPLES project for discussions, comments and feedback concerning this study. This research was, in part, funded by the Air Force Research laboratory (AFRL) and Defense Advanced Research Projects Agency (DARPA) under contract FA8750-16-C-0011. The views expressed are those of the authors and do not reflect the official policy or position of the Department of Defense or the U.S. Government. This work was also supported by the European Regional Development Fund through the Excellence in IT in Estonia (EXCITE) and by the Estonian Research Council under Institutional Research Grant IUT27-1.


  1. 1.
    Privacy management reference model and methodology (PMRM) version 1.0. OASIS Committee Specification 02 (2016).
  2. 2.
    Accorsi, R., Lehmann, A., Lohmann, N.: Information leak detection in business process models. Inf. Syst. 47(C), 244–257 (2015)CrossRefGoogle Scholar
  3. 3.
    Altuhhova, O., Matulevičius, R., Ahmed, N.: An extension of business process model and notification for security risk management. IJISMD 4(4), 93–113 (2013)Google Scholar
  4. 4.
    Ayed, G.B., Ghernaouti-Helie, S.: Processes view modeling of identity-related privacy business interoperability: considering user-supremacy federated identity technical model and identity contract negotiation. In: 2012 Proceedings of the ASONAM (2012)Google Scholar
  5. 5.
    Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of the 1979 AFIPS National Computer Conference, pp. 313–317. AFIPS Press (1979)Google Scholar
  6. 6.
    Boyle, E., Gilboa, N., Ishai, Y.: Function secret sharing. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 337–367. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46803-6_12CrossRefGoogle Scholar
  7. 7.
    Brucker, A.D., Hang, I., Lückemeyer, G., Ruparel, R.: SecureBPMN: modeling and enforcing access control requirements in business processes. In: Proceedings of the SACMAT 2012, pp. 123–126. ACM (2012)Google Scholar
  8. 8.
    Cherdantseva, Y., Hilton, J., Rana, O.: Towards SecureBPMN - aligning BPMN with the information assurance and security domain. In: Mendling, J., Weidlich, M. (eds.) BPMN 2012. LNBIP, vol. 125, pp. 107–115. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33155-8_9CrossRefGoogle Scholar
  9. 9.
    Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.-H., Metayer, D.L., Tirtea, R., Schiffner, S.: Privacy and data protection by design-from policy to engineering. Technical report, European Union Agency for Network and Information Security (2015)Google Scholar
  10. 10.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theor. 22(6), 644–654 (2006)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Dumas, M., García-Bañuelos, L., Laud, P.: Differential privacy analysis of data processing workflows. In: Kordy, B., Ekstedt, M., Kim, D.S. (eds.) GraMSec 2016. LNCS, vol. 9987, pp. 62–79. Springer, Cham (2016). doi: 10.1007/978-3-319-46263-9_4CrossRefGoogle Scholar
  12. 12.
    Dumas, M., La Rosa, M., Mendling, J., Reijers, H.: Fundamentals of Business Process Management. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  13. 13.
    Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016).
  14. 14.
    Joint Task Force and Transformation Initiative: Security and privacy controls for federal information systems and organizations. NIST Special Publication, 800:53 (2013)Google Scholar
  15. 15.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-first Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 169–178. ACM, New York (2009)Google Scholar
  16. 16.
    Greenberg, A.: Apple’s ‘Differential Privacy’ is about collecting your data-but not your data. Wired (2016)Google Scholar
  17. 17.
    Heurix, J., Zimmermann, P., Neubauer, T., Fenz, S.: A taxonomy for privacy enhancing technologies. Comput. Secur. 53, 1–17 (2015)CrossRefGoogle Scholar
  18. 18.
    ISO/IEC DIS 29134: Information technology - security techniques - privacy impact assessment - guidelines. Technical report, International Organization for Standardization (2016)Google Scholar
  19. 19.
    Koorn, R., van Gils, H., ter Hart, J., Overbeek, P., Tellegen, R., Borking, J.: Privacy Enhancing Technologies, White Paper for Decision Makers. Ministry of the Interior and Kingdom Relations, The Netherlands (2004)Google Scholar
  20. 20.
    Ladha, W., Mehandjiev, N., Sampaio, P.: Modelling of privacy-aware business processes in BPMN to protect personal data. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1399–1405 (2014)Google Scholar
  21. 21.
    Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in service-oriented business process management. In: ARES 2009, pp. 41–49 (2009)Google Scholar
  22. 22.
    Mouratidis, H., Kalloniatis, C., Islam, S., Hudic, A., Zechner, L.: Model based process to support security and privacy requirements engineering. Int. J. Secur. Softw. Eng. 3(3), 1–22 (2012)CrossRefGoogle Scholar
  23. 23.
    OMG: Business Process Model and Notation (BPMN).
  24. 24.
    Rodriguez, A., Fernandez-Medina, E., Piattini, M.: A BPMN extension for the modeling of security requirements in business processes. IEICE Trans. Inf. Syst. 90(4), 745–752 (2007)CrossRefGoogle Scholar
  25. 25.
    Schleicher, D., Leymann, F., Schumm, D., Weidmann, M.: Compliance scopes: extending the BPMN 2.0 meta model to specify compliance requirements. In: SOCA 2010, pp. 1–8 (2010)Google Scholar
  26. 26.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefGoogle Scholar
  27. 27.
    Solove, D.J.: A taxonomy of privacy. Univ. Pa. Law Rev. 154, 477–564 (2006)CrossRefGoogle Scholar
  28. 28.
    Weiss, M.A., Archick, K.: US-EU Data Privacy: From Safe Harbor to Privacy Shield. Congressional Research Service (2016)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Pille Pullonen
    • 1
    Email author
  • Raimundas Matulevičius
    • 2
  • Dan Bogdanov
    • 1
  1. 1.Cybernetica ASTartuEstonia
  2. 2.University of TartuTartuEstonia

Personalised recommendations