Abstract
Privacy, like security, is a non-functional property, yet most software design tools are focused on functional aspects, using for instance Data Flow Diagrams (DFDs). In previous work, a conceptual model was introduced where DFDs were extended into so-called Privacy-Aware Data Flow Diagrams (PA-DFDs) with the aim of adding specific privacy checks to existing DFDs. An implementation to add such automatic checks has also been developed. In this paper, we define the notion of refinement for both DFDs and PA-DFDs as a special type of structure-preserving map (or graph homomorphism). We also provide three algorithms to find, check and transform refinements, and we show that the standard diagram “transform\(\rightarrow \)refine/refine\(\rightarrow \)transform” commutes. We have implemented our algorithms in a proof-of-concept tool called DFD Refinery, and have applied it to realistic scenarios.
This research has been partially supported by the Cultural Office of the Saudi Embassy in Berlin, Germany and by the Swedish Research Council (Vetenskapsrądet) under Grant 2018-04230 “Perspex”.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Source code available at https://github.com/alshareef-hanaa/Refining_PA-DFD.
References
Abrial, J.R.: The B tool (Abstract). In: Bloomfield, R.E., Marshall, L.S., Jones, R.B. (eds.) VDM 1988. LNCS, vol. 328, pp. 86–87. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-50214-9_8
Abrial, J.R., Abrial, J.R.: The B-book: Assigning Programs to Meanings. Cambridge University Press, Cambridge (2005)
Abrial, J.R., Hallerstede, S.: Refinement, decomposition, and instantiation of discrete models: application to event-b. Fundamenta Informaticae 77(1), 1–28 (2007)
Alshareef, H., Stucki, S., Schneider, G.: Transforming data flow diagrams for privacy compliance (long version). CoRR abs/2011.12028 (2020)
Alshareef, H., Stucki, S., Schneider, G.: Transforming data flow diagrams for privacy compliance. In: MODELSWARD 2021, pp. 207–215. SCITEPRESS (2021)
Antignac, T., Scandariato, R., Schneider, G.: A privacy-aware conceptual model for handling personal data. In: ISoLA 2016, pp. 942–957 (2016)
Antignac, T., Scandariato, R., Schneider, G.: Privacy compliance via model transformations. In: IWPE 2018, pp. 120–126. IEEE (2018)
Back, R.J.R., von Wright, J.: Refinement calculus, part I: sequential nondeterministic programs. In: de Bakker, J.W., de Roever, W.-P., Rozenberg, G. (eds.) REX 1989. LNCS, vol. 430, pp. 42–66. Springer, Heidelberg (1990). https://doi.org/10.1007/3-540-52559-9_60
Bruza, P.D., Van der Weide, T.: The semantics of data flow diagrams. University of Nijmegen, Department of Informatics (1989)
Butler, G., Grogono, P., Shinghal, R., Tjandra, I.: Analyzing the logical structure of data flow diagrams in software documents. In: Proceedings of the 3rd International Conference on Document Analysis and Recognition, vol. 2, pp. 575–578. IEEE (1995)
Cavoukian, A.: Privacy by design: origins, meaning, and prospects for assuring privacy and trust in the information era. In: Privacy Protection Measures and Technologies in Business Organisations, pp. 170–208. IGI Global (2012)
Chong, H.Y., Diamantopoulos, A.: Integrating advanced technologies to uphold security of payment: data flow diagram. Autom. Construct. 114, 103–158 (2020)
Danezis, G., et al.: Privacy and data protection by design. ENISA Report (2015)
DeMarco, T.: Structure analysis and system specification. In: Broy, M., Denert, E. (eds.) Pioneers and Their Contributions to Software Engineering, pp. 255–288. Springer, Heidelberg (1979). https://doi.org/10.1007/978-3-642-48354-7_9
Dennis, A., Wixom, B.H., Roth, R.M.: Systems Analysis and Design. Wiley, New York (2018)
European Commission: General data protection regulation (GDPR). Regulation 2016/679, European Commission (2016)
Faitelson, D., Tyszberowicz, S.: UML diagram refinement (focusing on class-and use case diagrams). In: ICSE 2017, pp. 735–745. IEEE/ACM (2017)
Falkenberg, E., Pols, R.V.D., Weide, T.V.D.: Understanding process structure diagrams. Inf. Syst. 16(4), 417–428 (1991)
France, R.B.: Semantically extended data flow diagrams: a formal specification tool. IEEE Trans. Softw. Eng. 18(4), 329 (1992)
Fraser, M.D., Kumar, K., Vaishnavi, V.K.: Informal and formal requirements specification languages: bridging the gap. IEEE Trans. Softw. Eng. 17(5), 454–466 (1991)
Gao, X.L., Miao, H.K., Liu, L.: Functionality semantics of predicate data flow diagram. J. Shanghai Univ. (English Ed.) 8(3), 309–316 (2004)
Henriksen, M.: Draw.io libraries for threat modeling diagrams (2018). https://github.com/michenriksen/drawio-threatmodeling
Hert, P.D., Papakonstantinou, V.: The new general data protection regulation: still a sound system for the protection of individuals? Comput. Law Secur. Rev. 32(2), 179–194 (2016)
Ibrahim, R., et al.: Formalization of the data flow diagram rules for consistency check. arXiv preprint arXiv:1011.0278 (2010)
Jones, C.B.: Systematic Software Development Using VDM. Prentice Hall International Series in Computer Science (1990)
de Lara, J., Vangheluwe, H.: Using AToM\(^3\) as a meta-CASE tool. In: Proceedings of the 4st International Conference on Enterprise Information Systems (ICEIS 2002), pp. 642–649 (2002)
Lee, P.T., Tan, K.: Modelling of visualised data-flow diagrams using petri net model. Softw. Eng. J. 7(1), 4–12 (1992)
Schneider, G.: Is privacy by construction possible? In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11244, pp. 471–485. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03418-4_28
Tao, Y., Kung, C.: Formal definition and verification of data flow diagrams. J. Syst. Softw. 16(1), 29–36 (1991)
Tsormpatzoudi, P., Berendt, B., Coudert, F.: Privacy by design: from research and policy to practice – the challenge of multi-disciplinarity. In: Berendt, B., Engel, T., Ikonomou, D., Le Métayer, D., Schiffner, S. (eds.) APF 2015. LNCS, vol. 9484, pp. 199–212. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31456-3_12
Wing, J.M., Zaremski, A.M.: Unintrusive ways to integrate formal specifications in practice. In: Prehn, S., Toetenel, W.J. (eds.) VDM 1991. LNCS, vol. 551, pp. 545–569. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-54834-3_32
Woodcock, J., Davies, J.: Using Z: Specification, Refinement, and Proof. Prentice Hall, Upper Saddle River (1996)
Woodman, M.: Yourdon dataflow diagrams: a tool for disciplined requirements analysis. Inf. Softw. Technol. 30(9), 515–533 (1988)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Additional Transformation Rules
A Additional Transformation Rules
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Alshareef, H., Stucki, S., Schneider, G. (2021). Refining Privacy-Aware Data Flow Diagrams. In: Calinescu, R., Păsăreanu, C.S. (eds) Software Engineering and Formal Methods. SEFM 2021. Lecture Notes in Computer Science(), vol 13085. Springer, Cham. https://doi.org/10.1007/978-3-030-92124-8_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-92124-8_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92123-1
Online ISBN: 978-3-030-92124-8
eBook Packages: Computer ScienceComputer Science (R0)