Supporting the design of privacy-aware business processes via privacy process patterns

Diamantopoulou, Vasiliki; Argyropoulos, N. G.; Kalloniatis, Christos; Gritzalis, Stefanos

doi:10.1109/rcis.2017.7956536

Cited by 21 publications

(27 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Diamantopoulou et al [19] provide a set of privacy process patterns for security and data-minimization concepts, aiming to provide predefined solutions for different types of privacy concerns in the implementation phase. In addition to the textual description of the patterns, BPMN design patterns were provided to guide operationalization at the business process level.…”

Section: Data-minimization-aware Approachesmentioning

confidence: 99%

A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization, and fairness requirements

et al. 2020

View full text Add to dashboard Cite

Requirements are inherently prone to conflicts. Security, data-minimization, and fairness requirements are no exception. Importantly, undetected conflicts between such requirements can lead to severe effects, including privacy infringement and legal sanctions. Detecting conflicts between security, data-minimization, and fairness requirements is a challenging task, as such conflicts are context-specific and their detection requires a thorough understanding of the underlying business processes. For example, a process may require anonymous execution of a task that writes data into a secure data storage, where the identity of the writer is needed for the purpose of accountability. Moreover, conflicts not arise from trade-offs between requirements elicited from the stakeholders, but also from misinterpretation of elicited requirements while implementing them in business processes, leading to a non-alignment between the data subjects' requirements and their specifications. Both types of conflicts are substantial challenges for conflict detection. To address these challenges, we propose a BPMN-based framework that supports: (i) the design of business processes considering security, data-minimization and fairness requirements, (ii) the encoding of such requirements as reusable, domain-specific patterns, (iii) the checking of alignment between the encoded requirements and annotated BPMN models based on these patterns, and (iv) the detection of conflicts between the specified requirements in the BPMN models based on a catalog of domain-independent anti-patterns. The security requirements were reused from SecBPMN2, a security-oriented BPMN 2.0 extension, while the fairness and data-minimization parts are new. For formulating our patterns and anti-patterns, we extended a graphical query language called SecBPMN2-Q. We report on the feasibility and the usability of our approach based on a case study featuring a healthcare management system, and an experimental user study.

show abstract

Section: Data-minimization-aware Approachesmentioning

confidence: 99%

A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization, and fairness requirements

et al. 2020

View full text Add to dashboard Cite

show abstract

“…For example, if a user should be required to access a service using their alias, then it conflicts with the general concept of Anonymity. However, if some aspects supplement or overlap concerning requirements, then they cannot be considered as conflicts [14]. Confidentiality, Integrity, and Anonymity, which are different aspects but ultimately strive towards the same goal of protecting data against unauthorized tampering, do not conflict with each other.…”

Section: ) Privacy Requirementsmentioning

confidence: 99%

Towards Detecting and Mitigating Conflicts for Privacy and Security Requirements

Alkubaisy

Cox

Mouratidis

2019

2019 13th International Conference on Research Challenges in Information Science (RCIS)

View full text Add to dashboard Cite

requirement engineering live in a world were contradiction is the norm. Hence, development of software engineering is usually an adjustable and upgrading cyclical process. We found in the literature that some requirements conflict with other requirements. We will focus in this study on identification and resolution of conflicts between security and privacy requirements. Although, most the recent studies focus on identifying conflicts without proposing a solution to resolve it. This paper presents an approach to identifying and resolving conflicting privacy and security requirements as patterns. By using patterns to describe the problem we can propose a solution for each conflict.

show abstract

“…Software systems dealing with sensitive and personal user data are facing critical roadblocks regarding the issue of maintaining high level of effective data privacy in recent times [1]. In any information system, privacy and confidentiality are the basic security goals to be taken into consideration.…”

Section: Introductionmentioning

confidence: 99%

“…[2]. In spite of its importance, the issue of privacy is oftentimes taken as an afterthought, mainly because of insufficient expertise/awareness among system designers and developers [1]. Security requirements may bypass the foundational goals of privacy if privacy requirements are not implemented with enough clarity [2].…”

Section: Introductionmentioning

confidence: 99%

A Systematic Literature Review on Privacy by Design in the Healthcare Sector

et al. 2020

View full text Add to dashboard Cite

In this digital age, we are observing an exponential proliferation of sophisticated hardware- and software-based solutions that are able to interact with the users at almost every sensitive aspect of our lives, collecting and analysing a range of data about us. These data, or the derived information out of it, are often too personal to fall into unwanted hands, and thus users are almost always wary of the privacy of such private data that are being continuously collected through these digital mediums. To further complicate the issue, the infringement cases of such databanks are on a sharp rise. Several frameworks have been devised in various parts of the globe to safeguard the issue of data privacy; in parallel, constant research is also being conducted on closing the loopholes within these frameworks. This study aimed to analyse the contemporary privacy by design frameworks to identify the key limitations. Seven contemporary privacy by design frameworks were examined in-depth in this research that was based on a systematic literature review. The result, targeted at the healthcare sector, is expected to produce a high degree of fortification against data breaches in the personal information domain.

show abstract

Supporting the design of privacy-aware business processes via privacy process patterns

Cited by 21 publications

References 29 publications

A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization, and fairness requirements

A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization, and fairness requirements

Towards Detecting and Mitigating Conflicts for Privacy and Security Requirements

A Systematic Literature Review on Privacy by Design in the Healthcare Sector

Contact Info

Product

Resources

About