Towards Inherent Privacy Awareness in Workflows

This paper presents a holistic approach to the realisation of Privacy by Design in workflow environments, ensuring that workflow models are rendered privacy-aware already at their specification phase. In this direction, the proposed framework, considering the particular technical requirements stemming from data protection principles, is centred around the following features: a novel, ontology-based approach to workflow modelling, which manages, unlike all other existing technologies, to adequately capture privacy aspects pertaining to workflow execution; the appropriate codification of privacy requirements into compliance rules and directives; an automated procedure for the verification of workflow models and their subsequent transformation, if needed, so that they become inherently privacy-aware before being deployed for execution.

[1]  Andreas Schaad,et al.  Model-driven business process security requirement specification , 2009, J. Syst. Archit..

[2]  Andreas Speck,et al.  Integrated privacy modeling and validation for business process models , 2012, EDBT-ICDT '12.

[3]  Shazia Wasim Sadiq,et al.  Detecting Regulatory Compliance for Business Process Models through Semantic Annotations , 2008, Business Process Management Workshops.

[4]  Wil M.P. van der Aalst,et al.  YAWL: yet another workflow language , 2005, Inf. Syst..

[5]  Dimitra I. Kaklamani,et al.  A Workflow Checking Approach for Inherent Privacy Awareness in Network Monitoring , 2011, DPM/SETOP.

[6]  Samuel Paul Kaluvuri,et al.  A Data-Centric Approach for Privacy-Aware Business Process Enablement , 2011, IWEI.

[7]  Colin J. Fidge,et al.  Privacy-Aware Workflow Management , 2013, Business Process Management.

[8]  George Yee Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards , 2011 .

[9]  Scott Klasky,et al.  Scientific Process Automation and Workflow Management , 2009 .

[10]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[11]  Nora Cuppens-Boulahia,et al.  Leveraging Ontologies upon a Holistic Privacy-Aware Access Control Model , 2013, FPS.

[12]  Dimitra I. Kaklamani,et al.  Workflow Modeling Technologies , 2015 .

[13]  Nora Cuppens-Boulahia,et al.  A privacy-aware access control model for distributed network monitoring , 2013, Comput. Electr. Eng..

[14]  A. B. Kahn,et al.  Topological sorting of large networks , 1962, CACM.

[15]  Hao Wang,et al.  Towards workflow verification , 2010, CASCON.

[16]  Jan Vanthienen,et al.  Designing Compliant Business Processes with Obligations and Permissions , 2006, Business Process Management Workshops.

[17]  Elisa Bertino,et al.  Access Control and Authorization Constraints for WS-BPEL , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[18]  Nora Cuppens-Boulahia,et al.  Modeling contextual security policies , 2008, International Journal of Information Security.

[19]  Dimitra I. Kaklamani,et al.  Privacy-Aware Access Control , 2015 .

[20]  M. Cruz-cunha,et al.  Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance , 2014 .

[21]  Amitava Bagchi,et al.  On Detecting Data Flow Errors in Workflows , 2010, JDIQ.

[22]  Guido Governatori,et al.  Compliance aware business process design , 2008 .

[23]  Mehdi Khosrow-Pour,et al.  Printed at: , 2011 .

[24]  Shazia Wasim Sadiq,et al.  Measurement of Compliance Distance in Business Processes , 2008, Inf. Syst. Manag..

[25]  A. Cavoukian Privacy by Design: Origins, Meaning, and Prospects for Assuring Privacy and Trust in the Information Era , 2012 .

[26]  Nora Cuppens-Boulahia,et al.  Deploying Security Policy in Intra and Inter Workflow Management Systems , 2009, 2009 International Conference on Availability, Reliability and Security.

[27]  Jan H. P. Eloff,et al.  Separation of duties for access control enforcement in workflow environments , 2001, IBM Syst. J..

[28]  Mathias Weske,et al.  Visually specifying compliance rules and explaining their violations for business processes , 2011, J. Vis. Lang. Comput..

[29]  Dimitra I. Kaklamani,et al.  An ontology-based approach towards comprehensive workflow modelling , 2014, IET Softw..

[30]  Andreas Schaad,et al.  Modeling of Task-Based Authorization Constraints in BPMN , 2007, BPM.

[31]  Christoph Bussler,et al.  Workflow Management: Modeling Concepts, Architecture and Implementation , 1996 .

[32]  Andreas Schaad,et al.  Task-based entailment constraints for basic workflow patterns , 2008, SACMAT '08.