Options
2016
Conference Paper
Titel
Supporting model-based privacy analysis by exploiting privacy level agreements
Abstract
Security and privacy are increasing concerns for both IT service customers and providers. According to cloud security alliance (CSA), privacy level agreements (PLAs) are intended to be used as appendixes to service level agreements and are likely to become as an industry standardized way for cloud service providers to describe the level of privacy and data protection. In this paper, we introduce an approach to verify whether the system design of a service provider supports the service customer's privacy and security preferences, by exploiting PLAs. In the first step, we formalize the PLAs. To this end, a metamodel for the PLAs is provided. This metamodel is based on the PLA outline provided by CSA, which is originally based on Directive 95/46/EC. In our research, we first investigate if an adaptation of the PLA outline with respect to the Regulation 2016/679 (repealing of Directive 95/46/EC) on the protection of natural persons with respect to the processing of personal data, is required. Afterwards, we describe how the PLAs are used to support model- based privacy and security analyses. Moreover, we explain how the analyses results can be used to refine PLAs. Our approach is supported by the CARiSMA tool. To evaluate the approach, we applied it to a real industry case study.