ECMFA_18.pdf (479.44 kB)
Detecting Conflicts between Data-Minimization and Security Requirements in Business Process Models (long version)
Download (479.44 kB) This item is shared privately
journal contribution
modified on 2018-03-13, 09:28 Abstract. Detecting conflicts between security and data-minimization requirements
is a challenging task. Since such conflicts arise in the specific context of
how the technical and organizational components of the target system interact
with each other, their detection requires a thorough understanding of the underlying
business processes. For example, a process may require anonymous execution
for a task that writes data to a secure data storage, where the identity of the
writer is needed for the purpose of accountability. To address this challenge, we
propose an extension of the BPMN 2.0 business process modeling language to
enable: (i) the specification of process-oriented data-minimization and security
requirements, (ii) the detection of conflicts between these requirements based on
a catalog of domain-independent anti-patterns. The considered security requirements
were reused from SecBPMN2, a security-oriented extension of BPMN 2.0,
while the data-minimization part is new. SecBPMN2 also provides a graphical
query language called SecBPMN2-Q, which we extended to formulate our antipatterns.
We report on feasibility and usability of our approach based on a case
study featuring a healthcare management system, and an experimental user study.
