Extending model-based privacy analysis for the industrial data space by exploiting privacy level agreements

Proceedings of the ACM Symposium on Applied Computing

Volumn , Issue , 2018, Pages 1142-1149

  Ahmadian, Amir Shayan ^a   Jürjens, Jan ^a,b   Strüber, Daniel ^a  

^a University of Koblenz Landau   (Germany)

^b Fraunhofer ISST   (Germany)

Author keywords

GDPR; Industrial data space; Model based privacy analysis; Personal data; Privacy by design

Indexed keywords

ECOSYSTEMS; ELECTRONIC DATA INTERCHANGE; NETWORK SECURITY; SALES; SOFTWARE DESIGN;

CURRENT TECHNOLOGY; GDPR; INDUSTRIAL DATUM; INDUSTRIAL ECOSYSTEMS; MODEL-BASED OPC; PRIVACY ANALYSIS; PRIVACY LEVELS; PRIVACY PREFERENCES;

DATA PRIVACY;

EID: 85050540996     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/3167132.3167256     Document Type: Conference Paper

References (33)

1. Amir Shayan Ahmadian and Jan Jürjens. 2016. Supporting Model-Based Privacy Analysis by Exploiting Privacy Level Agreements. In 2016 IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2016, Luxembourg, December 12-15, 2016. 360-365.
2. Amir Shayan Ahmadian, Sven Peldszus, Qusai Ramadan, and Jan Jürjens. 2017. Model-based privacy and security analysis with CARiSMA. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2017, Paderborn, Germany, September 4-8, 2017. 989-993. https://doi.org/10.1145/ 3106237.3122823
3. Amir Shayan Ahmadian, Daniel Strüber, Volker Riediger, and Jan Jürjens. 2017. Model-Based Privacy Analysis in Industrial Ecosystems. In Modelling Foundations and Applications-13th European Conference, ECMFA 2017, Held as Part of STAF 2017, Marburg, Germany, July 19-20, 2017, Proceedings. 215-231. https://doi.org/ 10.1007/978-3-319-61482-3-13
4. Amir Shayan Ahmadian, Daniel Strüber, Volker Riediger, and Jan Jürjens. 2018. Supporting Privacy Impact Assessment by Model-Based Privacy Analysis. In Proceedings of ACM SAC Conference (SAC18). ACM, New York, NY, USA. accepted.
5. Thibaud Antignac and Daniel Le Métayer. 2014. Privacy by Design: From Technologies to Architectures. Springer International Publishing.
6. S. Auer, J. Jürjens, B. Otto, G. Brost, C. Lange, C. Quix, J. Cirullies, S. Lohmann, J. Schon, A. Eitel, C. Mader, D. Schulz, T. Ernst, N. Menz, J. SchÃijtte, C. Haas, R. Nagel, M. Spiekermann, M. Huber, H. Pettenpohl, S. Wenzel, C. Jung, and J. Pullmann. 2017. Reference architecture model for the industrial data space. White Paper. Fraunhofer. www.industrialdataspace.org
7. Ken Barker, Mina Askari, Mishtu Banerjee, Kambiz Ghazinour, Brenan Mackas, Maryam Majedi, Sampson Pun, and Adepele Williams. 2009. A Data Privacy Taxonomy. Springer Berlin Heidelberg.
8. T. Basso, L. Montecchi, R. Moraes, M. Jino, and A. Bondavalli. 2015. Towards a UML Profile for Privacy-Aware Applications. In 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing.
9. Victoria Bellotti and Abigail Sellen. 1993. Design for Privacy in Ubiquitous Computing Environments. In Proceedings of the Third Conference on European Conference on Computer-Supported Cooperative Work.
10. Ann Cavoukian and Michelle Chibba. 2009. Advancing privacy and security in computing, networking and systems innovations through privacy by design. In Proceedings of the 2009 conference of the Centre for Advanced Studies on Collaborative Research, November 2-5, 2009, Toronto, Ontario, Canada.
11. Cloud Security Alliance. 2013. Privacy Level Agreement [V2]: A Compliance Tool for Providing Cloud Services in the European Union. (2013).
12. Pietro Colombo and Elena Ferrari. 2012. Towards a modeling and analysis framework for privacy-aware systems. In Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Confernece on Social Computing (SocialCom). IEEE, 81-90.
13. Robert France and Bernhard Rumpe. 2007. Model-driven Development of Complex Software: A Research Roadmap. In 2007 Future of Software Engineering (FOSE '07).
14. Munawar Hafiz. 2013. A pattern language for developing privacy enhancing technologies. Softw., Pract. Exper. 7 (2013), 769-787.
15. Jaap-Henk Hoepman. 2014. Privacy Design Strategies. Springer Berlin Heidelberg.
16. Jason I. Hong, Jennifer D. Ng, Scott Lederer, and James A. Landay. 2004. Privacy Risk Models for Designing Privacy-sensitive Ubiquitous Computing Systems. In Proceedings of the 5th Conference on Designing Interactive Systems: processes, Practices, Methods, and Techniques (DIS '04).
17. S. H. Houmb, G. Georg, J. Jürjens, and R. B. France. 2006. An Integrated Security Verification and Security Solution Design Trade-off Analysis Approach. In Integrating Security and Software Engineering: Advances and Future Vision, H. Mouratidis (Ed.). Idea Group, 190-219.
18. Industrial Data Space Association. 2014. Industrial Data Space Use Case Broschuere. (2014).
19. Xin Jin, Ravi Sandhu, and Ram Krishnan. 2012. RABAC: Role-Centric Attribute-Based Access Control. Springer Berlin Heidelberg.
20. J. Jürjens. 2001. Modelling audit security for smart-card payment schemes with UMLsec. In Trusted Information: The New Decade Challenge. Proceedings of the 16th International Conference on Information Security (SEC 2001).
21. Jan Jürjens. 2005. Secure systems development with UML. Springer.
22. J. Jürjens and G. Wimmel. 2001. Formally Testing Fail-safety of Electronic Purse Protocols. In 16th International Conference on Automated Software Engineering (ASE 2001). IEEE, 408-411.
23. Christos Kalloniatis, Evangelia Kavakli, and Stefanos Gritzalis. 2008. Addressing privacy requirements in system design: the PriS method. Requirements Engineering 13, 3 (2008).
24. Marie Caroline Oetzel and Sarah Spiekermann. 2014. A systematic methodology for privacy impact assessments: a design science approach. European Journal of Information Systems (2014).
25. I. Oliver. 2016. Experiences in the Development and Usage of a Privacy Requirements Framework. In 2016 IEEE 24th International Requirements Engineering Conference (RE).
26. B. Otto, J. Jürjens, J. Schon, S. Auer, N. Menz, S. Wenzel, and J. Cirullies. 2016. Industrial Data Space: Digital Sovereignity over Data. Technical Report. Fraunhofer.
27. Siani Pearson. 2009. Taking Account of Privacy when Designing Cloud Computing Services. In Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing (CLOUD '09). IEEE Computer Society.
28. Thomas Ruhroth and Jan Jürjens. 2012. Supporting Security Assurance in the Context of Evolution: Modular Modeling and Analysis with UMLsec. In 14th International IEEE Symposium on High-Assurance Systems Engineering, HASE 2012, Omaha, NE, USA, October 25-27, 2012. 177-184.
29. K. Schneider, E. Knauss, S. Houmb, S. Islam, and J. Jürjens. 2012. Enhancing Security Requirements Engineering by Organisational Learning. Requirements Engineering Journal (REJ) 17, 1 (2012), 35-56.
30. Sarah Spiekermann. 2012. The Challenges of Privacy by Design. Commun. ACM 55 (July 2012), 38-40.
31. Sarah Spiekermann and Lorrie Faith Cranor. 2009. Engineering Privacy. IEEE Trans. Softw. Eng. 35, 1 (Jan. 2009).
32. Harald Störrle. 2017. How Are Conceptual Models Used in Industrial Software Development? A Descriptive Survey. In Proceedings of the 21st International Conference on Evaluation and Assessment in Software Engineering (EASE'17).
33. The European Parliament and the Council of the Europeam Union. 2016. Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Union (2016).