Integrated privacy modeling and validation for business process models

Privacy is an important issue, inducing a strong interest in correct holistic treatment of data in processes and systems of enterprises. Beside avoiding infringements, trust in the correct holistic treatment of data increases the overall trust in an enterprise, gaining a competitive advantage. More and more, enterprises utilize business process models (BPMs) to specify, document or optimize (existing) processes and systems. Hence, such BPMs also offer the chance to analyze and validate specifications or existing systems with respect to privacy requirements. In this contribution we present the concept of Integrated Privacy Modeling and Validation and its implementation in our BPM validation and verification framework Business Application Modeler (BAM). BAM enables the automatic validation of BPMs against graphically specified, formal privacy requirements, which can reduce error-prone and expensive manual checking. Furthermore, BAM provides the MultiView concept which allows the definition of concentrated and reduced, privacy related views on BPMs.

[1]  Andreas Speck,et al.  BAM: A Requirements Validation and Verification Framework for Business Process Models , 2011, 2011 11th International Conference on Quality Software.

[2]  Andreas Speck,et al.  Modellierung und Validierung von Datenschutzanforderungen in Prozessmodellen , 2010, FTVI/FTRI.

[3]  Andrew B. Whinston,et al.  E-Process Design and Assurance Using Model Checking , 2000, Computer.

[4]  Jan Mendling,et al.  Metrics for Process Models: Empirical Foundations of Verification, Error Prediction, and Guidelines for Correctness , 2008, Lecture Notes in Business Information Processing.

[5]  Johann Bizer Datenschutz in die Prozesse , 2006, Datenschutz und Datensicherheit - DuD.

[6]  Sven Feja,et al.  Model Checking with Graphical Validation Rules , 2008, 15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ecbs 2008).

[7]  Ivan Bedini,et al.  Handbook of Research on E-Business Standards and Protocols: Documents, Data and Advanced Web Technologies , 2012 .

[8]  Martin Rost,et al.  Privacy By Design und die Neuen Schutzziele , 2011, Datenschutz und Datensicherheit - DuD.

[9]  Bashar Nuseibeh,et al.  Expressing the relationships between multiple views in requirements specification , 1993, ICSE '93.

[10]  Kirsten Bock Privacy by Design and the New Protection Goals , 2011 .

[11]  Andreas Pfitzmann,et al.  Datenschutz-Schutzziele — revisited , 2009, Datenschutz und Datensicherheit - DuD.

[12]  Andreas Speck,et al.  Tool Based Integration of Requirements Modeling and Validation into Business Process Modeling , 2012 .

[13]  Markus Völter,et al.  Model-Driven Software Development: Technology, Engineering, Management , 2006 .