Towards a Modeling and Analysis Framework for Privacy-Aware Systems

Nowadays, almost any software application deals with private information. However, effective tools that support the specification and implementation of privacy-aware systems are still missing. This work makes a step to address this issue. In this paper we present MAPaS, a model based framework for the modeling and analysis of privacy-aware systems. MAPaS provides a modeling language for the privacy domain and a rich set of functionalities that allow users to easily analyze privacy-preserving characteristics of a system at the early stages of its development. In this paper, besides presenting the main modules of MaPaS, we show how it can effectively help in the development of privacy-aware systems.

[1]  Abdelwahab Hamou-Lhadj,et al.  A UML-Based Domain Specific Modeling Language for the Availability Management Framework , 2010, 2010 IEEE 12th International Symposium on High Assurance Systems Engineering.

[2]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[3]  Nafees Qamar,et al.  Evaluating RBAC Supported Techniques and their Validation and Verification , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[4]  Aniruddha S. Gokhale,et al.  Domain-Specific Modeling , 2008, Handbook of Dynamic System Modeling.

[5]  Limin Jia,et al.  Policy auditing over incomplete logs: theory, implementation and applications , 2011, CCS '11.

[6]  Jeff McAffer,et al.  Eclipse Rich Client Platform: Designing, Coding, and Packaging Java¿ Applications , 2005 .

[7]  Juha-Pekka Tolvanen,et al.  Domain-Specific Modeling: Enabling Full Code Generation , 2008 .

[8]  Felix Klaedtke,et al.  Policy Monitoring in First-Order Temporal Logic , 2010, CAV.

[9]  Bran Selic,et al.  A Systematic Approach to Domain-Specific Language Design Using UML , 2007, 10th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC'07).

[10]  Jerry den Hartog,et al.  Audit-based compliance control , 2007, International Journal of Information Security.

[11]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[12]  Lars Hamann,et al.  OCL Tools Report based on the IDE4OCL Feature Model , 2011, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[13]  Bernhard Rumpe,et al.  Model-driven Development of Complex Software : A Research Roadmap , 2007 .

[14]  Jorge Lobo,et al.  Privacy-Aware Role-Based Access Control , 2007, IEEE Security & Privacy.

[15]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[16]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[17]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[18]  Elena Ferrari,et al.  Privacy-Aware Knowledge Discovery: Novel Applications and New Techniques , 2010 .