Skip to main content
SpringerLink
Log in

Model-Based Privacy Analysis in Industrial Ecosystems

  • Conference paper
  • First Online:
Book cover Modelling Foundations and Applications (ECMFA 2017)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10376))

Included in the following conference series:

Abstract

Article 25 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing and the free movement of personal data, refers to data protection by design and by default. Privacy and data protection by design implies that IT systems need to be adapted or focused to technically support privacy and data protection. To this end, we need to verify whether security and privacy are supported by a system, or any change in the design of the system is required. In this paper, we provide a model-based privacy analysis approach to analyze IT systems that provide IT services to service customers. An IT service may rely on different enterprises to process the data that is provided by service customers. Therefore, our approach is modular in the sense that it analyzes the system design of each enterprise individually. The approach is based on the four privacy fundamental elements, namely purpose, visibility, granularity, and retention. We present an implementation of the approach based on the CARiSMA tool. To evaluate our approach, we apply it to an industrial case study.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Personal data in the cloud: The importance of trust. Technical report, Fujitso Global Business Group, Tokyo 105-7123, Japan, September 2010

    Google Scholar 

  2. CARiSMA (2016). https://rgse.uni-koblenz.de/carisma/

  3. The European Parliament and the Council of the European Union, Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Official J. Eur. Union, vol. 199, pp 1–88 (April 2016)

    Google Scholar 

  4. VisiOn Project (2016). http://www.visioneuproject.eu/

  5. Ahmadian, S., Jürjens, J.: Supporting model-based privacy analysis by exploiting privacy level agreements. In: 8th IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2016) (2016)

    Google Scholar 

  6. Antignac, T., Métayer, D.: Privacy by design: from technologies to architectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 1–17. Springer, Cham (2014). doi:10.1007/978-3-319-06749-0_1

    Google Scholar 

  7. Barker, K., Askari, M., Banerjee, M., Ghazinour, K., Mackas, B., Majedi, M., Pun, S., Williams, A.: A Data Privacy Taxonomy, pp. 42–54. Springer, Heidelberg (2009)

    Google Scholar 

  8. Basso, T., Montecchi, L., Moraes, R., Jino, M., Bondavalli, A.: Towards a UML profile for privacy-aware applications. In: 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, pp. 371–378, October 2015

    Google Scholar 

  9. Breu, R., Burger, K., Hafner, M., Jürjens, J., Popp, G., Wimmel, G., Lotz, V.: Key issues of a formally based process model for security engineering. In: Sixteenth International Conference “Software & Systems Engineering & Their Applications”, Paris (2003)

    Google Scholar 

  10. Cavoukian, A., Chibba, M.: Advancing privacy and security in computing, networking and systems innovations through privacy by design. In: Proceedings of the 2009 conference of the Centre for Advanced Studies on Collaborative Research, 2–5 November 2009, Toronto, Ontario, Canada, pp. 358–360 (2009)

    Google Scholar 

  11. Cloud Security Alliance: Privacy Level Agreement [V2]: A Compliance Tool for Providing Cloud Services in the European Union (2013)

    Google Scholar 

  12. Dupressoir, F., Gordon, A.D., Jürjens, J., Naumann, D.A.: Guiding a general-purpose C verifier to prove cryptographic protocols. J. Comput. Secur. 22(5), 823–866 (2014). http://dx.doi.org/10.3233/JCS-140508

    Article  Google Scholar 

  13. Ghazinour, K., Majedi, M., Barker, K.: A lattice-based privacy aware access control model. In: International Conference on Computational Science and Engineering, CSE 2009, vol. 3, pp. 154–159, August 2009

    Google Scholar 

  14. Gürses, S., Gonzalez Troncoso, C., Diaz, C.: Engineering privacy by design. In: Computers, Privacy & Data Protection (2011)

    Google Scholar 

  15. Hafiz, M.: A pattern language for developing privacy enhancing technologies. Softw. Pract. Exper. 43(7), 769–787 (2013)

    Article  Google Scholar 

  16. Hoepman, J.H.: Privacy Design Strategies, pp. 446–459. Springer, Heidelberg (2014)

    Google Scholar 

  17. Jin, X., Sandhu, R.S., Krishnan, R.: RABAC: role-centric attribute-based access control. In: International Conference on Mathematical Methods, Models and Architectures for Computer Network Security (MMM-ACNS), pp. 84–96 (2012)

    Google Scholar 

  18. Jürjens, J.: Secure information flow for concurrent processes. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 395–409. Springer, Heidelberg (2000). doi:10.1007/3-540-44618-4_29

    Chapter  Google Scholar 

  19. Jürjens, J.: Modelling audit security for smart-card payment schemes with UMLsec. In: Dupuy, M., Paradinas, P. (eds.) Trusted Information: The New Decade Challenge, pp. 93–108 (2001). Proceedings of the 16th International Conference on Information Security (SEC 2001). http://www.jurjens.de/jan

  20. Jürjens, J.: Model-based security engineering with UML. In: Aldini, A., Gorrieri, R., Martinelli, F. (eds.) FOSAD 2004-2005. LNCS, vol. 3655, pp. 42–77. Springer, Heidelberg (2005). doi:10.1007/11554578_2

    Chapter  Google Scholar 

  21. Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)

    MATH  Google Scholar 

  22. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requirements Eng. 13(3), 241–255 (2008)

    Article  Google Scholar 

  23. Kerschbaum, F.: Privacy-Preserving Computation, pp. 41–54. Springer, Heidelberg (2014)

    Google Scholar 

  24. Object Management Group (OMG): UML 2.5 Superstructure Specification (2011)

    Google Scholar 

  25. Pearson, S.: Taking account of privacy when designing cloud computing services. In: Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pp. 44–52, CLOUD 2009. IEEE Computer Society (2009)

    Google Scholar 

  26. Pearson, S., Allison, D.: A model-based privacy compliance checker. IJEBR 5(2), 63–83 (2009)

    Google Scholar 

  27. Schneider, K., Knauss, E., Houmb, S., Islam, S., Jürjens, J.: Enhancing security requirements engineering by organisational learning. Requirements Eng. J. (REJ) 17(1), 35–56 (2012)

    Article  Google Scholar 

  28. Spiekermann, S.: The challenges of privacy by design. Commun. ACM 55(7), 38–40 (2012)

    Article  Google Scholar 

  29. Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2009)

    Article  Google Scholar 

  30. van Staden, W., Olivier, M.S.: Using Purpose Lattices to Facilitate Customisation of Privacy Agreements, pp. 201–209. Springer, Heidelberg (2007)

    Google Scholar 

Download references

Acknowledgements

This research was partially supported by the research project Visual Privacy Management in User Centric Open Environments (supported by the EU’s Horizon 2020 program, Proposal number: 653642).

Author information

Authors and Affiliations

  1. Institute for Software Technology, University of Koblenz-Landau, Koblenz, Germany

    Amir Shayan Ahmadian, Daniel Strüber, Volker Riediger & Jan Jürjens

  2. Fraunhofer-Institute for Software and Systems Engineering ISST, Dortmund, Germany

    Jan Jürjens

Authors
  1. Amir Shayan Ahmadian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Strüber
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Volker Riediger
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jan Jürjens
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amir Shayan Ahmadian .

Editor information

Editors and Affiliations

  1. University of Paderborn, Paderborn, Germany

    Anthony Anjorin

  2. Tecnalia Research and Innovation, Derio, Spain

    Huáscar Espinoza

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Ahmadian, A.S., Strüber, D., Riediger, V., Jürjens, J. (2017). Model-Based Privacy Analysis in Industrial Ecosystems. In: Anjorin, A., Espinoza, H. (eds) Modelling Foundations and Applications. ECMFA 2017. Lecture Notes in Computer Science(), vol 10376. Springer, Cham. https://doi.org/10.1007/978-3-319-61482-3_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-61482-3_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-61481-6

  • Online ISBN: 978-3-319-61482-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation