Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Detecting conflicts between data-minimization and security requirements in business process models

: Ramadan, Qusai; Strüber, Daniel; Salnitri, Mattia; Riediger, Volker; Jürjens, Jan


Pierantonio, A.:
Modelling foundations and applications. 14th European conference, ECMFA 2018 : Held as part of STAF 2018, Toulouse, France, June 26-28, 2018; Proceedings
Cham: Springer International Publishing, 2018 (Lecture Notes in Computer Science 10890)
ISBN: 978-3-319-92996-5 (Print)
ISBN: 978-3-319-92997-2 (Online)
European Conference on Modelling Foundations and Applications (ECMFA) <14, 2018, Toulouse>
Software Technologies - Applications and Foundations Conference (STAF) <2018, Toulouse>
Fraunhofer ISST ()

Detecting conflicts between security and data-minimization requirements is a challenging task. Since such conflicts arise in the specific context of how the technical and organizational components of the target system interact with each other, their detection requires a thorough understanding of the underlying business processes. For example, a process may require anonymous execution for a task that writes data to a secure data storage, where the identity of the writer is needed for the purpose of accountability. To address this challenge, we propose an extension of the BPMN 2.0 business process modeling language to enable: (i) the specification of process-oriented data-minimization and security requirements, (ii) the detection of conflicts between these requirements based on a catalog of domain-independent anti-patterns. The considered security requirements were reused from SecBPMN2, a security-oriented extension of BPMN 2.0, while the data-minimization part is new. Se cBPMN2 also provides a graphical query language called SecBPMN2-Q, which we extended to formulate our anti-patterns. We report on feasibility and usability of our approach based on a case study featuring a healthcare management system, and an experimental user study.