Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Model-based privacy analysis in industrial ecosystems

: Ahmadian, A.S.; Strüber, D.; Riediger, V.; Jürjens, J.


Anjorin, A.:
Modelling foundations and applications. 13th European Conference, ECMFA 2017 : Held as part of STAF 2017; Marburg, Germany, July 19-20, 2017; Proceedings
Cham: Springer International Publishing, 2017 (Lecture Notes in Computer Science 10376)
ISBN: 978-3-319-61481-6 (Print)
ISBN: 978-3-319-61482-3 (Online)
European Conference on Modelling Foundations and Applications (ECMFA) <13, 2017, Marburg>
Conference "Software Technologies - Applications and Foundations" (STAF) <2017, Marburg>
Fraunhofer ISST ()

Article 25 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing and the free movement of personal data, refers to data protection by design and by default. Privacy and data protection by design implies that IT systems need to be adapted or focused to technically support privacy and data protection. To this end, we need to verify whether security and privacy are supported by a system, or any change in the design of the system is required. In this paper, we provide a model-based privacy analysis approach to analyze IT systems that provide IT services to service customers. An IT service may rely on different enterprises to process the data that is provided by service customers. Therefore, our approach is modular in the sense that it analyzes the system design of each enterprise individually. The approach is based on the four privacy fundamental elements, namely purpose, visibility, granularity, and retention. We present an implementation of the approach based on the CARiSMA tool. To evaluate our approach, we apply it to an industrial case study.