Supporting the design of privacy-aware business processes via privacy process patterns

Proceedings - International Conference on Research Challenges in Information Science

Volumn , Issue , 2017, Pages 187-198

  Diamantopoulou, Vasiliki ^a   Argyropoulos, Nikolaos ^a   Kalloniatis, Christos ^b   Gritzalis, Stefanos ^b  

^a UNIVERSITY OF BRIGHTON   (United Kingdom)

^b UNIVERSITY OF THE AEGEAN   (Greece)

Author keywords

Business Processes; Information Security Modelling; Privacy Process Patterns; Requirements Engineering

Indexed keywords

COMPUTER SOFTWARE; REQUIREMENTS ENGINEERING; SECURITY OF DATA;

BUSINESS PROCESS; DESIGN METHODOLOGY; DEVELOPMENT STAGES; EXPERT KNOWLEDGE; PRIVACY CONCERNS; PROCESS PATTERNS; REAL-LIFE SYSTEMS; SOFTWARE SYSTEMS;

DESIGN;

EID: 85024488021     PISSN: 21511349     EISSN: 21511357     Source Type: Conference Proceeding    
DOI: 10.1109/RCIS.2017.7956536     Document Type: Conference Paper

References (55)

1. L. Rainie, S. Kiesler, R. Kang, M. Madden, M. Duggan, S. Brown, and L. Dabbish, "Anonymity, privacy, and security online," Pew Research Center, vol. 5, 2013.
2. E. Commission, "Eurobarometer 431-data protection report," Tech. Rep., 2015.
3. G. T. Duncan, R. W. Pearson et al., "Enhancing access to microdata while protecting confidentiality: Prospects for the future," Statistical Science, vol. 6, no. 3, pp. 219-232, 1991.
4. PwC, "Moving forward with cybersecurity and privacy-how organizations are adopting innovative safeguards to manage threats and achieve competitive advantages in a digital era," Key findings from The Global State of Information Security Survey 2017, Tech. Rep., 2017.
5. A. Cavoukian, "Privacy by design [leading edge]," IEEE Technology and Society Magazine, vol. 31, no. 4, pp. 18-19, 2012.
6. S. Gürses, C. Troncoso, and C. Diaz, "Engineering privacy by design," Computers, Privacy & Data Protection, vol. 14, no. 3, 2011.
7. R. Hes and J. Borking, "Privacy enhancing technologies: The path to anonymity," ISBN, vol. 90, no. 74087, p. 12, 1998.
8. C. Kalloniatis, E. Kavakli, and S. Gritzalis, "Pris methodology: Incorporating privacy requirements into the system design process," in Proceedings of the SREIS 2005 13th IEEE International Requirements Engineering Conference-Symposium on Requirements Engineering for Information Security, J. Mylopoulos, G. Spafford (Eds.), 2005.
9. E. Gamma, Design patterns: Elements of reusable object-oriented software. Pearson Education India, 1995.
10. N. Yoshioka, H. Washizaki, and K. Maruyama, "A survey on security patterns," Progress in informatics, vol. 5, no. 5, pp. 35-47, 2008.
11. C. Kalloniatis, E. Kavakli, and S. Gritzalis, "Using privacy process patterns for incorporating privacy requirements into the system design process," in Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on. IEEE, 2007, pp. 1009-1017.
12. C. Alexander, A pattern language: Towns, buildings, construction. Oxford University Press, 1977.
13. J. O. Borchers, "A pattern approach to interaction design," Ai & Society, vol. 15, no. 4, pp. 359-376, 2001.
14. D. G. Rosado, C. Gutiérrez, E. Fernández-Medina, and M. Piattini, "Security patterns and requirements for internet-based applications," Internet research, vol. 16, no. 5, pp. 519-536, 2006.
15. D. M. Kienzle and M. C. Elder, "Security patterns for web application development," University of Virginia technical report, 2002.
16. L. Compagna, P. El Khoury, A. Krausová, F. Massacci, and N. Zannone, "How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns," Artificial Intelligence and Law, vol. 17, no. 1, pp. 1-30, 2009.
17. L. Compagna, P. E. Khoury, F. Massacci, R. Thomas, and N. Zannone, "How to capture, model, and verify the knowledge of legal, security, and privacy experts: A pattern-based approach," in Proceedings of the 11th international conference on Artificial intelligence and law. ACM, 2007, pp. 149-153.
18. H. Mouratidis, M. Weiss, and P. Giorgini, "Security patterns meet agent oriented software engineering: A complementary solution for developing secure information systems," in International Conference on Conceptual Modeling. Springer, 2005, pp. 225-240.
19. Object Management Group, "Business Process Model and Notation (BPMN) 2.0," Tech. Rep., 2011.
20. N. Argyropoulos, C. Kalloniatis, H. Mouratidis, and A. Fish, "Incorporating privacy patterns into semi-automatic business process derivation," in Research Challenges in Information Science (RCIS), 2016 IEEE Tenth International Conference on. IEEE, 2016, pp. 1-12.
21. J. Mendling, H. A. Reijers, and W. M. van der Aalst, "Seven process modeling guidelines (7pmg)," Information and Software Technology, vol. 52, no. 2, pp. 127-136, 2010.
22. S. Fischer-Hübner, IT-security and privacy: Design and use of privacyenhancing security mechanisms. Springer-Verlag, 2001.
23. J. Cannon, Privacy: What developers and IT professionals should know. Addison-Wesley Professional, 2004.
24. A. Pfitzmann and M. Hansen, "A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management," 2010.
25. ISO/IEC, "29100:2011(e) information technology-security techniques-privacy framework," Tech. Rep., 2011.
26. ISO/CEI, "27000:2014(e) information technology-security techniques-information security management systems-overview and vocabulary," Tech. Rep., 2014.
27. B. Matt et al., Introduction to computer security. Pearson Education India, 2006.
28. A. Jain, P. Flynn, and A. A. Ross, Handbook of biometrics. Springer Science & Business Media, 2007.
29. S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels, "Security and privacy aspects of low-cost radio frequency identification systems," in Security in pervasive computing. Springer, 2004, pp. 201-212.
30. E. Gabber, P. B. Gibbons, Y. Matias, and A. Mayer, "How to make personalized web browsing simple, secure, and anonymous," in International Conference on Financial Cryptography. Springer, 1997, pp. 17-31.
31. M. K. Reiter and A. D. Rubin, "Crowds: Anonymity for web transactions," ACM Transactions on Information and System Security (TISSEC), vol. 1, no. 1, pp. 66-92, 1998.
32. D. Goldschlag, M. Reed, and P. Syverson, "Onion routing," Communications of the ACM, vol. 42, no. 2, pp. 39-41, 1999.
33. D. Chaum, "The dining cryptographers problem: Unconditional sender and recipient untraceability," Journal of cryptology, vol. 1, no. 1, pp. 65-75, 1988.
34. D. L. Chaum, "Untraceable electronic mail, return addresses, and digital pseudonyms," Communications of the ACM, vol. 24, no. 2, pp. 84-90, 1981.
35. C. Shields and B. N. Levine, "A protocol for anonymous communication over the internet," in Proceedings of the 7th ACM conference on Computer and communications security. ACM, 2000, pp. 33-42.
36. K. Bennett and C. Grothoff, "Gap-practical anonymous networking," in International Workshop on Privacy Enhancing Technologies. Springer, 2003, pp. 141-160.
37. R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The secondgeneration onion router," DTIC Document, Tech. Rep., 2004.
38. T. Akers, B. Ware, W. Zheng, M. Kostet, and B. Clark, "Service aggregation gateway," Oct. 19 2006, uS Patent App. 11/551,066.
39. M. D. Mulvenna, S. S. Anand, and A. G. Büchner, "Personalization on the net using web mining: Introduction," Communications of the ACM, vol. 43, no. 8, pp. 122-125, 2000.
40. M. A. Himmel and H. Rodriguez, "Method and apparatus for selective caching and cleaning of history pages for web browsers," Sep. 17 2002, uS Patent 6,453,342.
41. A. Bacard, Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data Protection, and PGP Privacy Software. Peachpit press, 1995.
42. J. R. Wells and E. P. Felt, "System and method for message encryption and signing in a transaction processing system," Apr. 22 2008, uS Patent 7,363,495.
43. E. Parliament. (2016) Regulation (eu) 2016/679 of the european parliament and of the coucil of 27 april 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/ec (general data protection regulation). [Online]. Available: Http://eur-lex.europa.eu/legal-content/EN/TXT/
44. C. Kalloniatis, E. Kavakli, and S. Gritzalis, "Addressing privacy requirements in system design: The pris method," Requirements Engineering, vol. 13, no. 3, pp. 241-255, 2008.
45. -, "Using privacy process patterns for incorporating privacy requirements into the system design process," in Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on. IEEE, 2007, pp. 1009-1017.
46. ICTE-PAN, "Methodologies and tools for building intelligent collaboration and transaction environments in public administration networks," in Project Deliverable D 3.1b. University of the Aegean.
47. S. Gritzalis, "Enhancing web privacy and anonymity in the digital era," Information Management & Computer Security, vol. 12, no. 3, pp. 255-287, 2004.
48. R. Koorn, H. van Gils, J. ter Hart, P. Overbeek, R. Tellegen, and J. Borking, "Privacy enhancing technologies, white paper for decision makers," Ministry of the Interior and Kingdom Relations, the Netherlands, 2004.
49. H. Mouratidis, C. Kalloniatis, S. Islam, M.-P. Huget, and S. Gritzalis, "Aligning security and privacy to support the development of secure information systems." J. UCS, vol. 18, no. 12, pp. 1608-1627, 2012.
50. S. Romanosky, A. Acquisti, J. Hong, L. F. Cranor, and B. Friedman, "Privacy patterns for online interactions," in Proceedings of the 2006 conference on Pattern languages of programs. ACM, 2006, p. 12.
51. E. S. Chung, J. I. Hong, J. Lin, M. K. Prabaker, J. A. Landay, and A. L. Liu, "Development and evaluation of emerging design patterns for ubiquitous computing," in Proceedings of the 5th conference on Designing interactive systems: Processes, practices, methods, and techniques. ACM, 2004, pp. 233-242.
52. M. Hafiz, "A pattern language for developing privacy enhancing technologies," Software: Practice and Experience, vol. 43, no. 7, pp. 769-787, 2013.
53. T. Schümmer, "The public privacy-patterns for filtering personal information in collaborative systems," in Proceedings of the Conference on Human Factors in Computing Systems (CHI), 2004.
54. M. Schumacher, "Security patterns and security standards." in Euro-PLoP, 2002, pp. 289-300.
55. M. Salnitri, F. Dalpiaz, and P. Giorgini, "Designing secure business processes with secbpmn," Software & Systems Modeling, pp. 1-21, 2016.