Abstract
Nowadays most software applications have to deal with personal data, specially with the emergence of Web-based applications, where user profile information has become one of their main assets. Due to regulation laws and to protect the privacy of users, customers and companies; most of this information is considered private, and therefore convenient ways to gather, process and store them have to be proposed. A common problem when modeling software systems is the lack of support to specify how to enforce privacy concerns in data models. Current approaches for modeling privacy cover high-level privacy aspects to describe what should be done with the data (e.g., elements to be private) instead of how to do it (e.g., which privacy enhancing technology to use); or propose access control policies, which may cover privacy only partially. In this paper we propose a profile to define and enforce privacy concerns in UML class diagrams. Models annotated with our profile can be used in model-driven methodologies to generate privacy-aware applications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The profile implementation and example are available at http://hdl.handle.net/20.500.12004/1/A/UMLPP/001.
References
Ahmadian, A.S., Peldszus, S., Ramadan, Q., Jürjens, J.: Model-based privacy and security analysis with carisma. In: Foundations of Software Engineering, pp. 989–993 (2017)
Ahmadian, A.S., Strüber, D., Riediger, V., Jürjens, J.: Model-based privacy analysis in industrial ecosystems. In: European Conference on Modelling Foundations and Applications, pp. 215–231 (2017)
Allison, D.S., Yamany, H.F.E., Capretz, M.A.M.: Metamodel for privacy policies within SOA. In: Workshop on Software Engineering for Secure Systems, pp. 40–46 (2009)
Alshammari, M., Simpson, A.: A UML profile for privacy-aware data lifecycle models. In: International Workshop on Computer Security, pp. 189–209 (2017)
Basso, T., Montecchi, L., Moraes, R., Jino, M., Bondavalli, A.: Towards a UML profile for privacy-aware applications. In: International Conference on Computer and Information Technology, pp. 371–378 (2015)
Busch, M.: Evaluating & engineering: an approach for the development of secure web applications (2016)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: International Workshop on Policies for Distributed Systems and Networks, pp. 18–38 (2001)
Hoepman, J.: Privacy design strategies - (extended abstract). In: International Conference on Systems Security and Privacy Protection, pp. 446–459 (2014)
Jürjens, J.: UMLsec: extending UML for secure systems development. In: 5th International Conference on the Unified Modeling Language, pp. 412–425 (2002)
Mont, M.C., Pearson, S., Creese, S., Goldsmith, M., Papanikolaou, N.: A conceptual model for privacy policies with consent and revocation requirements. In: International Summer School on Privacy and Identity Management for Life, pp. 258–270 (2010)
Ni, Q., et al.: Privacy-aware role-based access control. ACM Trans. Inf. Syst. Secur. 13(3), 24:1–24, 31 (2010)
OASIS: Extensible Access Control Markup Language (XACML). http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml. Accessed April 2018
OMG: Unified Modeling Language. https://www.omg.org/spec/UML/2.5/. Accessed April 2018
Salas, J., Domingo-Ferrer, J.: Some basics on privacy techniques, anonymization and their big data challenges. Mathematics in Computer Science (2018, in press)
Samarati, P., Sweeney, L.: Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Technical report (1998)
Soria-Comas, J., Domingo-Ferrer, J.: Big data privacy: challenges to privacy principles and models. Data Sci. Eng. 1(1), 21–28 (2016)
Torra, V., Navarro-Arribas, G.: Big data privacy and anonymization. In: Lehmann, A., Whitehouse, D., Fischer-Hübner, S., Fritsch, L., Raab, C. (eds.) Privacy and Identity 2016. IAICT, vol. 498, pp. 15–26. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-55783-0_2
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Cánovas Izquierdo, J.L., Salas, J. (2018). A UML Profile for Privacy Enforcement. In: Mazzara, M., Ober, I., Salaün, G. (eds) Software Technologies: Applications and Foundations. STAF 2018. Lecture Notes in Computer Science(), vol 11176. Springer, Cham. https://doi.org/10.1007/978-3-030-04771-9_46
Download citation
DOI: https://doi.org/10.1007/978-3-030-04771-9_46
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04770-2
Online ISBN: 978-3-030-04771-9
eBook Packages: Computer ScienceComputer Science (R0)