A Data-Centric Approach for Privacy-Aware Business Process Enablement

Short, Stuart; Kaluvuri, Samuel Paul

doi:10.1007/978-3-642-19680-5_16

Cited by 10 publications

(7 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…[30] models a system's behaviour in terms of a Business Processing Model Notation (BPMN) diagram and then the goal is to check whether this is compliant with the system's P3P privacy policy. [31] integrate links to the privacy policy in the system's workflow (e.g. the BPEL specification), these are then checked by an analysis tool at design time to determine if the workflow agrees with the policy.…”

Section: Privacy Frameworkmentioning

confidence: 99%

Pseudonymization risk analysis in distributed systems

Neumann

Grace

Burns

et al. 2019

J Internet Serv Appl

View full text Add to dashboard Cite

In an era of big data, online services are becoming increasingly data-centric; they collect, process, analyze and anonymously disclose growing amounts of personal data in the form of pseudonymized data sets. It is crucial that such systems are engineered to both protect individual user (data subject) privacy and give back control of personal data to the user. In terms of pseudonymized data this means that unwanted individuals should not be able to deduce sensitive information about the user. However, the plethora of pseudonymization algorithms and tuneable parameters that currently exist make it difficult for a non expert developer (data controller) to understand and realise strong privacy guarantees. In this paper we propose a principled Model-Driven Engineering (MDE) framework to model data services in terms of their pseudonymization strategies and identify the risks to breaches of user privacy. A developer can explore alternative pseudonymization strategies to determine the effectiveness of their pseudonymization strategy in terms of quantifiable metrics: i) violations of privacy requirements for every user in the current data set; ii) the trade-off between conforming to these requirements and the usefulness of the data for its intended purposes. We demonstrate through an experimental evaluation that the information provided by the framework is useful, particularly in complex situations where privacy requirements are different for different users, and can inform decisions to optimize a chosen strategy in comparison to applying an off-the-shelf algorithm.

show abstract

Section: Privacy Frameworkmentioning

confidence: 99%

Pseudonymization risk analysis in distributed systems

Neumann

Grace

Burns

et al. 2019

J Internet Serv Appl

View full text Add to dashboard Cite

show abstract

“…Chinosi et al [4] model a system's behaviour in terms of a Business Processing Model Notation (BPMN) diagram and then the goal is to check whether this is compliant with the system's P3P privacy policy. Short et al [25] integrate links to the privacy policy in the system's workflow (e.g. the BPEL specification), these are then checked by an analysis tool at design time to determine if the workflow agrees with the policy.…”

Section: Related Workmentioning

confidence: 99%

Towards a Model of User-centered Privacy Preservation

Grace

Surridge

2017

Proceedings of the 12th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

The growth in cloud-based services tailored for users means more and more personal data is being exploited, and with this comes the need to better handle user privacy. Software technologies concentrating on privacy preservation typically present a one-size fits all solution. However, users have different viewpoints of what privacy means to them and therefore, configurable and dynamic privacy preserving solutions have the potential to create useful and tailored services without breaching any user's privacy. In this paper, we present a model of user-centered privacy that can be used to analyse a service's behaviour against user preferences, such that a user can be informed of the privacy implications of that service and what fine-grained actions they can take to maintain their privacy. We show through a case-study that the user-based privacy model can: i) provide customizable privacy aligned with user needs; and ii) identify potential privacy breaches. CCS CONCEPTS Security and privacy → Domain-specific security and privacy architectures; Social and professional topics → Privacy policies; Computer systems organization → Cloud computing;

show abstract

“…Short et al [30] provide an approach for dealing with the inclusion of internal and/or external services in a business process that contains data-handling policies. Wang et al [31] suggest a method to govern adaptive distributed business processes at run time with an aspect-oriented programming approach.…”

Section: Related Workmentioning

confidence: 99%

A Framework for Systematic Refinement of Trustworthiness Requirements

Mohammadi

Heisel

2017

Information

View full text Add to dashboard Cite

Abstract:The trustworthiness of systems that support complex collaborative business processes is an emergent property. In order to address users' trust concerns, trustworthiness requirements of software systems must be elicited and satisfied. The aim of this paper is to address the gap that exists between end-users' trust concerns and the lack of implementation of proper trustworthiness requirements. New technologies like cloud computing bring new capabilities for hosting and offering complex collaborative business operations. However, these advances might bring undesirable side effects, e.g., introducing new vulnerabilities and threats caused by collaboration and data exchange over the Internet. Hence, users become more concerned about trust. Trust is subjective; trustworthiness requirements for addressing trust concerns are difficult to elicit, especially if there are different parties involved in the business process. We propose a user-centered trustworthiness requirement analysis and modeling framework. We integrate the subjective trust concerns into goal models and embed them into business process models as objective trustworthiness requirements. Business process model and notation is extended to enable modeling trustworthiness requirements. This paper focuses on the challenges of elicitation, refinement and modeling trustworthiness requirements. An application example from the healthcare domain is used to demonstrate our approach.

show abstract

A Data-Centric Approach for Privacy-Aware Business Process Enablement

Cited by 10 publications

References 11 publications

Pseudonymization risk analysis in distributed systems

Pseudonymization risk analysis in distributed systems

Towards a Model of User-centered Privacy Preservation

A Framework for Systematic Refinement of Trustworthiness Requirements

Contact Info

Product

Resources

About