A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization, and fairness requirements

被引:23
作者
Ramadan, Qusai [1 ]
Strueber, Daniel [2 ]
Salnitri, Mattia [3 ]
Juerjens, Jan [1 ,4 ]
Riediger, Volker [1 ]
Staab, Steffen [5 ,6 ]
机构
[1] Univ Koblenz Landau, Koblenz, Germany
[2] Univ Gothenburg, Chalmers Univ, Gothenburg, Sweden
[3] Politecn Milan, Milan, Italy
[4] Fraunhofer Inst Software & Syst Engn ISST, Dortmund, Germany
[5] Univ Stuttgart, Stuttgart, Germany
[6] Univ Southampton, Southampton, Hants, England
来源
SOFTWARE AND SYSTEMS MODELING | 2020年 / 19卷 / 05期
关键词
Conflicts; Requirements engineering; Security; Data minimization; Fairness; BPMN; PRIVACY; SYSTEM; IDENTIFICATION; KNOWLEDGE; DESIGN; GOAL;
D O I
10.1007/s10270-020-00781-x
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Requirements are inherently prone to conflicts. Security, data-minimization, and fairness requirements are no exception. Importantly, undetected conflicts between such requirements can lead to severe effects, including privacy infringement and legal sanctions. Detecting conflicts between security, data-minimization, and fairness requirements is a challenging task, as such conflicts are context-specific and their detection requires a thorough understanding of the underlying business processes. For example, a process may require anonymous execution of a task that writes data into a secure data storage, where the identity of the writer is needed for the purpose of accountability. Moreover, conflicts not arise from trade-offs between requirements elicited from the stakeholders, but also from misinterpretation of elicited requirements while implementing them in business processes, leading to a non-alignment between the data subjects' requirements and their specifications. Both types of conflicts are substantial challenges for conflict detection. To address these challenges, we propose a BPMN-based framework that supports: (i) the design of business processes considering security, data-minimization and fairness requirements, (ii) the encoding of such requirements as reusable, domain-specific patterns, (iii) the checking of alignment between the encoded requirements and annotated BPMN models based on these patterns, and (iv) the detection of conflicts between the specified requirements in the BPMN models based on a catalog of domain-independent anti-patterns. The security requirements were reused from SecBPMN2, a security-oriented BPMN 2.0 extension, while the fairness and data-minimization parts are new. For formulating our patterns and anti-patterns, we extended a graphical query language called SecBPMN2-Q. We report on the feasibility and the usability of our approach based on a case study featuring a healthcare management system, and an experimental user study.
引用
收藏
页码:1191 / 1227
页数:37
相关论文
共 76 条
  • [1] Model-Based Privacy Analysis in Industrial Ecosystems
    Ahmadian, Amir Shayan
    Strueber, Daniel
    Riediger, Volker
    Juerjens, Jan
    [J]. MODELLING FOUNDATIONS AND APPLICATIONS, ECMFA 2017, 2017, 10376 : 215 - 231
  • [2] AHMADIAN AS, 2018, ACM S APPL COMP
  • [3] Albarghouthi A., 2016, ARXIV161006067
  • [4] Aldekhail M, 2016, INT J ADV COMPUT SC, V7, P326
  • [5] Alkubaisy D, 2017, INT CONF RES CHAL, P427, DOI 10.1109/RCIS.2017.7956571
  • [6] [Anonymous], 2007, SURVEY ZERO KNOWLEDG
  • [7] [Anonymous], TERMINOLOGY TALKING
  • [8] Arsac W, 2011, LECT NOTES COMPUT SC, V6542, P29, DOI 10.1007/978-3-642-19125-1_3
  • [9] Big Data's Disparate Impact
    Barocas, Solon
    Selbst, Andrew D.
    [J]. CALIFORNIA LAW REVIEW, 2016, 104 (03) : 671 - 732
  • [10] Brucker A.D., 2012, Proceedings of the 17th ACM symposium on access control models and technologies (SACMAT '12), P123, DOI [DOI 10.1145/2295136.2295160, 10.1145/2295136.2295160]
12345678