The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization and fairness requirements

A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization and fairness requirements
A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization and fairness requirements
Requirements are inherently prone to conflicts. Security, data-minimization, and fairness requirements are no exception. Importantly, undetected conflicts between such requirements can lead to severe effects, including privacy infringement and legal sanctions. Detecting conflicts between security, data-minimization, and fairness requirements is a challenging task, as such conflicts are context-specific and their detection requires a thorough understanding of the underlying business processes. For example, a process may require anonymous execution of a task that writes data into a secure data storage, where the identity of the writer is needed for the purpose of accountability. Moreover, conflicts not arise from trade-offs between requirements elicited from the stakeholders, but also from misinterpretation of elicited requirements while implementing them in business processes, leading to a non-alignment between the data subjects’ requirements and their specifications. Both types of conflicts are substantial challenges for conflict detection. To address these challenges, we propose a BPMN-based framework that supports: (i) the design of business processes considering security, data-minimization and fairness requirements, (ii) the encoding of such requirements as reusable, domain-specific patterns, (iii) the checking of alignment between the encoded requirements and annotated BPMN models based on these patterns, and (iv) the detection of conflicts between the specified requirements in the BPMN models based on a catalog of domain-independent anti-patterns. The security requirements were reused from SecBPMN2, a security-oriented BPMN 2.0 extension, while the fairness and data-minimization parts are new. For formulating our patterns and anti-patterns, we extended a graphical query language called SecBPMN2-Q. We report on the feasibility and the usability of our approach based on a case study featuring a healthcare management system, and an experimental user study.
BPMN, Conflicts, Data minimization, Fairness, Requirements engineering, Security
1619-1366
1191-1227
Ramadan, Qusai
27948227-07d5-46bb-960c-36456427a987
Strüber, Daniel
ae70c183-98b8-4354-848f-ff94841329e6
Salnitri, Mattia
0c6f85c2-2437-42a7-9d3c-945b3fc95a55
Jürjens, Jan
725dbc83-3fd3-4831-8dc1-8b7c7f93ce8a
Riediger, Volker
8a2a060e-6a33-48df-beb5-85d5a7f57d64
Staab, Steffen
bf48d51b-bd11-4d58-8e1c-4e6e03b30c49
Ramadan, Qusai
27948227-07d5-46bb-960c-36456427a987
Strüber, Daniel
ae70c183-98b8-4354-848f-ff94841329e6
Salnitri, Mattia
0c6f85c2-2437-42a7-9d3c-945b3fc95a55
Jürjens, Jan
725dbc83-3fd3-4831-8dc1-8b7c7f93ce8a
Riediger, Volker
8a2a060e-6a33-48df-beb5-85d5a7f57d64
Staab, Steffen
bf48d51b-bd11-4d58-8e1c-4e6e03b30c49

Ramadan, Qusai, Strüber, Daniel, Salnitri, Mattia, Jürjens, Jan, Riediger, Volker and Staab, Steffen (2020) A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization and fairness requirements. Software and Systems Modeling, 19 (5), 1191-1227. (doi:10.1007/s10270-020-00781-x).

Record type: Article

Abstract

Requirements are inherently prone to conflicts. Security, data-minimization, and fairness requirements are no exception. Importantly, undetected conflicts between such requirements can lead to severe effects, including privacy infringement and legal sanctions. Detecting conflicts between security, data-minimization, and fairness requirements is a challenging task, as such conflicts are context-specific and their detection requires a thorough understanding of the underlying business processes. For example, a process may require anonymous execution of a task that writes data into a secure data storage, where the identity of the writer is needed for the purpose of accountability. Moreover, conflicts not arise from trade-offs between requirements elicited from the stakeholders, but also from misinterpretation of elicited requirements while implementing them in business processes, leading to a non-alignment between the data subjects’ requirements and their specifications. Both types of conflicts are substantial challenges for conflict detection. To address these challenges, we propose a BPMN-based framework that supports: (i) the design of business processes considering security, data-minimization and fairness requirements, (ii) the encoding of such requirements as reusable, domain-specific patterns, (iii) the checking of alignment between the encoded requirements and annotated BPMN models based on these patterns, and (iv) the detection of conflicts between the specified requirements in the BPMN models based on a catalog of domain-independent anti-patterns. The security requirements were reused from SecBPMN2, a security-oriented BPMN 2.0 extension, while the fairness and data-minimization parts are new. For formulating our patterns and anti-patterns, we extended a graphical query language called SecBPMN2-Q. We report on the feasibility and the usability of our approach based on a case study featuring a healthcare management system, and an experimental user study.

Text
paper - Accepted Manuscript
Available under License Creative Commons Attribution Non-commercial No Derivatives.
Download (1MB)
Text
Ramadan2020_Article_ASemi-automatedBPMN-basedFrame - Version of Record
Available under License Creative Commons Attribution.
Download (4MB)

More information

Accepted/In Press date: 17 December 2019
e-pub ahead of print date: 7 February 2020
Published date: 1 September 2020
Additional Information: Funding Information: Open access funding provided by University of Gothenburg. We wish to thank Paolo Giorgini and the STS tool development team in the University of Trento for providing us with access to the source code of the STS tool. We also thank the participants of our experiment study. We wish to thank the anonymous referees, Julian Flake, and Ahd Al-Salman for their comments that helped us to improve the manuscript. Publisher Copyright: © 2020, The Author(s).
Keywords: BPMN, Conflicts, Data minimization, Fairness, Requirements engineering, Security
Learn more about Web and Internet Science research

Identifiers

Local EPrints ID: 437177
URI: http://eprints.soton.ac.uk/id/eprint/437177
DOI: doi:10.1007/s10270-020-00781-x
ISSN: 1619-1366
PURE UUID: 482c0db7-dc19-4993-b8dd-2992d0a85b19
ORCID for Steffen Staab: ORCID iD orcid.org/0000-0002-0780-4154

Catalogue record

Date deposited: 21 Jan 2020 17:32
Last modified: 17 Mar 2024 05:10

Export record

Altmetrics

Contributors

Author: Qusai Ramadan
Author: Daniel Strüber
Author: Mattia Salnitri
Author: Jan Jürjens
Author: Volker Riediger
Author: Steffen Staab ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×