Privacy Compliance Via Model Transformations

Antignac, Thibaud; Scandariato, Riccardo; Schneider, Gerardo

doi:10.1109/eurospw.2018.00024

Cited by 15 publications

(20 citation statements)

References 18 publications

(17 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[24]- [26] have all defined GDPR conceptual models supplemented with compliance rules; while others [27], [28] have defined meta-models for privacy derived from access control paradigms. Yet others ( [29], [30]) have addressed the introduction of privacy concerns into process models by defining extensions to modeling languages (BPMN [12] and Data Flow Diagrams [13]), and their transformations based on privacy patterns. Indeed, Data Flow Diagrams have themselves been repeatedly employed to model data processing activities in the context of security and privacy engineering [31], [32].…”

Section: Positioning Regarding the State Of The Artmentioning

confidence: 99%

A Model-based Approach to Realize Privacy and Data Protection by Design

Pedroza

Muntés-Mulero

Martín

et al. 2021

2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

Section: Positioning Regarding the State Of The Artmentioning

confidence: 99%

A Model-based Approach to Realize Privacy and Data Protection by Design

Pedroza

Muntés-Mulero

Martín

et al. 2021

2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

“…Although authors support that the proposed patterns provide generally applicable privacy guidelines, it is important to note that their work focused only on the following specific GDPR principles, Transparency and Traceability, Purpose Limitation, Data Minimization, Accuracy and Storage Limitation, since the principles of Lawfulness, Fairness, Integrity and Confidentiality and Accountability are considered not to be fulfilled by technical measures in a manageable time limit. Authors in [36] presented an approach based on model transformations, aiming to enable a more constructive approach to privacy by design under the principles of GDPR. Although, their work consists an interesting approach to bridge privacy legal and technical field, it focuses only on limited requirements, such as purpose limitation, or accountability of the data controller and consequently it presents specific technical privacy properties.…”

Section: Privacy By Design Schemes Under Gdprmentioning

confidence: 99%

Incorporating privacy by design in body sensor networks for medical applications: A privacy and data protection framework

et al. 2021

View full text Add to dashboard Cite

Privacy and Data protection are highly complex issues within eHealth/M-Health systems. These systems should meet specific requirements deriving from the organizations and users, as well as from the variety of legal obligations deriving from GDPR that dictate protection rights of data subjects and responsibilities of data controllers. To address that, this paper proposes a Privacy and Data Protection Framework that provides the appropriate steps so as the proper technical, organizational and procedural measures to be undertaken. The framework, beyond previous literature, supports the combination of privacy by design principles with the newly introduced GDPR requirements in order to create a strong elicitation process for deriving the set of the technical security and privacy requirements that should be addressed. It also proposes a process for validating that the elicited requirements are indeed fulfilling the objectives addressed during the Data Protection Impact Assessment (DPIA), carried out according to the GDPR.

show abstract

“…Antigac et al [1] examined how certain properties of a DFD can be hotspots for further investigation. For example, a usage hotspot corresponds with 3 DFD elements: data flow d into process p, process p, and data flow d from p. Antigac et al showed how such hotspots bridge the gap between different models, and provide a basis for subsequent model transformation without fundamentally changing the visual semantics of DFDs.…”

Section: Reasoning About Data Flow Diagrams In Threat Modellingmentioning

confidence: 99%

Contextualisation of Data Flow Diagrams for Security Analysis

Faily

Scandariato

Shostack

et al. 2020

Graphical Models for Security

Self Cite

View full text Add to dashboard Cite

Data flow diagrams (DFDs) are popular for sketching systems for subsequent threat modelling. Their limited semantics make reasoning about them difficult, but enriching them endangers their simplicity and subsequent ease of take up. We present an approach for reasoning about tainted data flows in design-level DFDs by putting them in context with other complementary usability and requirements models. We illustrate our approach using a pilot study, where tainted data flows were identified without any augmentations to either the DFD or its complementary models.

show abstract

Privacy Compliance Via Model Transformations

Cited by 15 publications

References 18 publications

A Model-based Approach to Realize Privacy and Data Protection by Design

A Model-based Approach to Realize Privacy and Data Protection by Design

Incorporating privacy by design in body sensor networks for medical applications: A privacy and data protection framework

Contextualisation of Data Flow Diagrams for Security Analysis

Contact Info

Product

Resources

About