Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Supporting model-based privacy analysis by exploiting privacy level agreements

: Ahmadian, A.S.; Jürjens, J.


Varrette, S. ; Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society:
8th IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2016. Proceedings : 12-15 December 2016, Luxembourg City, Luxembourg
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2016
ISBN: 978-1-5090-1445-3
ISBN: 1-5090-1446-2
ISBN: 978-1-5090-1446-0
International Conference on Cloud Computing Technology and Science (CloudCom) <8, 2016, Luxembourg>
European Commission EC
H2020; 653642; VisiOn
Visual Privacy Management in User Centric Open Environments
Fraunhofer ISST ()

Security and privacy are increasing concerns for both IT service customers and providers. According to cloud security alliance (CSA), privacy level agreements (PLAs) are intended to be used as appendixes to service level agreements and are likely to become as an industry standardized way for cloud service providers to describe the level of privacy and data protection. In this paper, we introduce an approach to verify whether the system design of a service provider supports the service customer's privacy and security preferences, by exploiting PLAs. In the first step, we formalize the PLAs. To this end, a metamodel for the PLAs is provided. This metamodel is based on the PLA outline provided by CSA, which is originally based on Directive 95/46/EC. In our research, we first investigate if an adaptation of the PLA outline with respect to the Regulation 2016/679 (repealing of Directive 95/46/EC) on the protection of natural persons with respect to the processing of personal data, is required. Afterwards, we describe how the PLAs are used to support model- based privacy and security analyses. Moreover, we explain how the analyses results can be used to refine PLAs. Our approach is supported by the CARiSMA tool. To evaluate the approach, we applied it to a real industry case study.