Model-Based Privacy Analysis in Industrial Ecosystems

被引：12

作者：

Ahmadian, Amir Shayan ^{[1
]}

Strueber, Daniel ^{[1
]}

Riediger, Volker ^{[1
]}

Juerjens, Jan ^{[1
,2
]}

机构：

[1] Univ Koblenz Landau, Inst Software Technol, Koblenz, Germany

[2] Fraunhofer Inst Software & Syst Engn ISST, Dortmund, Germany

来源：

MODELLING FOUNDATIONS AND APPLICATIONS, ECMFA 2017 | 2017年 / 10376卷

基金：

欧盟地平线“2020”;

关键词：

REQUIREMENTS;

D O I：

10.1007/978-3-319-61482-3_13

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Article 25 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing and the free movement of personal data, refers to data protection by design and by default. Privacy and data protection by design implies that IT systems need to be adapted or focused to technically support privacy and data protection. To this end, we need to verify whether security and privacy are supported by a system, or any change in the design of the system is required. In this paper, we provide a model-based privacy analysis approach to analyze IT systems that provide IT services to service customers. An IT service may rely on different enterprises to process the data that is provided by service customers. Therefore, our approach is modular in the sense that it analyzes the system design of each enterprise individually. The approach is based on the four privacy fundamental elements, namely purpose, visibility, granularity, and retention. We present an implementation of the approach based on the CARiSMA tool. To evaluate our approach, we apply it to an industrial case study.

引用

页码：215 / 231

页数：17

共 27 条

[1] Ahmadian S, 2016, 8 IEEE INT C CLOUD C
[2] [Anonymous], COMPUTERS PRIVACY DA
[3] Antignac Thibaud, 2014, Privacy Technologies and Policy. Second Annual Privacy Forum, APF 2014. Proceedings: LNCS 8450, P1, DOI 10.1007/978-3-319-06749-0_1
[4] Barker K, 2009, LECT NOTES COMPUT SC, V5588, P42, DOI 10.1007/978-3-642-02843-4_7
[5] Towards a UML Profile for Privacy-Aware Applications
Basso, Tania
Montecchi, Leonardo
Moraes, Regina
Jino, Mario
Bondavalli, Andrea
[J]. CIT/IUCC/DASC/PICOM 2015 IEEE INTERNATIONAL CONFERENCE ON COMPUTER AND INFORMATION TECHNOLOGY - UBIQUITOUS COMPUTING AND COMMUNICATIONS - DEPENDABLE, AUTONOMIC AND SECURE COMPUTING - PERVASIVE INTELLIGENCE AND COMPUTING, 2015, : 371 - 378
[6] BREU R, 2003, 16 INT C SOFTW SYST
[7] Cavoukian A., 2009, P 2009 C CTR ADV STU, P358
[8] Cloud Security Alliance, 2013, PRIV LEV AGR V2 COMP
[9] Guiding a general-purpose C verifier to prove cryptographic protocols
Dupressoir, Francois
Gordon, Andrew D.
Jurjens, Jan
Naumann, David A.
[J]. JOURNAL OF COMPUTER SECURITY, 2014, 22 (05) : 823 - 866
[10] Ghazinour Kambiz, 2009, 2009 International Conference on Computational Science and Engineering (CSE), P154, DOI 10.1109/CSE.2009.356

← 1 2 3 →