A Framework for Model-based Data-Minimization and Security Analysis in Socio-Technical Systems

Vortrag im Doktorandenkolloquium des FB4 von Qusai Ramadan, 09.02.18, 12:15 Uhr

Vortragender: Qusai Ramadan

Datum & Uhrzeit: 09.02.2018, 12:15 - 13:45 Uhr, Gebäude D 239

Gastgeber: Prof. Dr. Jan Jürjens

Titel: A Framework for Model-based Data-Minimization and Security Analysis in Socio-Technical Systems

 

Zusammenfassung:

Departing from data minimization is considered as a necessary and foundation first step to engineer privacy-aware systems. Privacy breaches often do not come from loopholes in the applied privacy enhanced technologies, other threats are related to vulnerabilities in the underlying business processes and the architecture of the targeted system. There are three main sources for such vulnerabilities: First, conflicts between security and data minimization requirements which if they are propagated to the targeted system might endanger its users’ privacy. Second, hidden information flows in the software architecture that might indirectly leak protected data, and as a result, lead to undesirable consequences such as influence biases against the leaked protected data in an automated-decision making activity. Third, in socio-technical systems, security requirements for the organizational and technical aspects of a system are currently dealt with separately, giving rise to substantial misconceptions and errors.

Our proposal suggests to address these issues with a three-fold contribution: First, an extension for the SecBPMN2-model based security engineering approach to allow (i) the specification of procedural data minimization requirements. (ii) an automatic detection of conflicts between security and data-minimization requirements of enriched models. Second, an extension for the UMLsec-model based security engineering approach to support the analysis of hidden information flows which may represent biased influence against protected data. Third, a semi-automated process for enforcing an integrated security management throughout the development process based on security-annotated business processes model (i.e., SecBPMN2 model) and architectural model (i.e., UMLsec model) while establishing traceability.

Was
  • Termin Fachbereich 4
  • Kolloquium Doktoranden FB 4
  • Kolloquium
  • Termin Campus Koblenz
Wann 09.02.2018 12:15 bis
09.03.2018 13:45
Wo D 239
Name Prof. Dr. Jan Jürjens
Termin übernehmen vCal
iCal