Incorporating privacy patterns into semi-automatic business process derivation

Nikolaos Argyropoulos; Christos Kalloniatis; Haralambos Mouratidis; Andrew Fish

doi:10.1109/RCIS.2016.7549305

Incorporating privacy patterns into semi-automatic business process derivation

Nikolaos Argyropoulos, Christos Kalloniatis, Haralambos Mouratidis, Andrew Fish

University of Brighton

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

Abstract

The design of systems capable of protecting users' privacy is a challenging endeavour. Since users are becoming more concerned about the amounts of their personal data handled, stored and shared by such systems it is imperative to identify methods for developing privacy-aware information systems. Current approaches either focus on the elicitation of user requirements at an abstract high level or approach the issue of privacy exclusively from a technical point of view. As a result, privacy implementations are often misaligned with the overarching system goals. This work improves the current situation by presenting an approach for the design of privacy-aware business processes. Goal models are created as a first step, for privacy requirements elicitation, and are then transformed into process models, thus bridging the gap between high level goals and low level processes. Privacy process patterns are utilised for the final instantiation of process models, achieving the satisfaction of the identified privacy objectives through the integration of privacy enhancing technologies. The main advantage of the proposed approach is its ability to map privacy from the strategic to the operational level through a semi-automatic process while offering designers adequate guidance to its operationalisation via the use of process patterns.

Original language	English
Title of host publication	2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)
Place of Publication	Piscataway, NJ
Publisher	IEEE
Pages	1-12
Number of pages	12
ISBN (Print)	9781479987115
DOIs	https://doi.org/10.1109/RCIS.2016.7549305
Publication status	Published - 25 Aug 2016
Event	2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS) - Grenoble, France, 1-3 June 2016 Duration: 25 Aug 2016 → …

Conference

Conference	2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)
Period	25/08/16 → …

Bibliographical note

© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Access to Document

10.1109/RCIS.2016.7549305Licence: Unspecified

PID4212663.pdfAccepted author manuscript, 759 KBLicence: Unspecified

Andrew Fish
- Andrew.Fish@brighton.ac.uk
Person: Academic
Haris Mouratidis
- H.Mouratidis@brighton.ac.uk
- School of Computing, Engineering & Maths - Prof of Software Systems Engineering
- Centre for Secure, Intelligent and Usable Systems
Person: Academic

Cite this

@inproceedings{16b6cca246ef43ebaa840dc98900c8be,

title = "Incorporating privacy patterns into semi-automatic business process derivation",

abstract = "The design of systems capable of protecting users' privacy is a challenging endeavour. Since users are becoming more concerned about the amounts of their personal data handled, stored and shared by such systems it is imperative to identify methods for developing privacy-aware information systems. Current approaches either focus on the elicitation of user requirements at an abstract high level or approach the issue of privacy exclusively from a technical point of view. As a result, privacy implementations are often misaligned with the overarching system goals. This work improves the current situation by presenting an approach for the design of privacy-aware business processes. Goal models are created as a first step, for privacy requirements elicitation, and are then transformed into process models, thus bridging the gap between high level goals and low level processes. Privacy process patterns are utilised for the final instantiation of process models, achieving the satisfaction of the identified privacy objectives through the integration of privacy enhancing technologies. The main advantage of the proposed approach is its ability to map privacy from the strategic to the operational level through a semi-automatic process while offering designers adequate guidance to its operationalisation via the use of process patterns.",

author = "Nikolaos Argyropoulos and Christos Kalloniatis and Haralambos Mouratidis and Andrew Fish",

note = "{\textcopyright} 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.; 2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS) ; Conference date: 25-08-2016",

year = "2016",

month = aug,

day = "25",

doi = "10.1109/RCIS.2016.7549305",

language = "English",

isbn = "9781479987115",

pages = "1--12",

booktitle = "2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)",

publisher = "IEEE",

}

Argyropoulos, N, Kalloniatis, C, Mouratidis, H & Fish, A 2016, Incorporating privacy patterns into semi-automatic business process derivation. in 2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS). IEEE, Piscataway, NJ, pp. 1-12, 2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS), 25/08/16. https://doi.org/10.1109/RCIS.2016.7549305

Incorporating privacy patterns into semi-automatic business process derivation. / Argyropoulos, Nikolaos; Kalloniatis, Christos; Mouratidis, Haralambos ; Fish, Andrew.

2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS). Piscataway, NJ : IEEE, 2016. p. 1-12.

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

TY - GEN

T1 - Incorporating privacy patterns into semi-automatic business process derivation

AU - Argyropoulos, Nikolaos

AU - Kalloniatis, Christos

AU - Mouratidis, Haralambos

AU - Fish, Andrew

N1 - © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

PY - 2016/8/25

Y1 - 2016/8/25

N2 - The design of systems capable of protecting users' privacy is a challenging endeavour. Since users are becoming more concerned about the amounts of their personal data handled, stored and shared by such systems it is imperative to identify methods for developing privacy-aware information systems. Current approaches either focus on the elicitation of user requirements at an abstract high level or approach the issue of privacy exclusively from a technical point of view. As a result, privacy implementations are often misaligned with the overarching system goals. This work improves the current situation by presenting an approach for the design of privacy-aware business processes. Goal models are created as a first step, for privacy requirements elicitation, and are then transformed into process models, thus bridging the gap between high level goals and low level processes. Privacy process patterns are utilised for the final instantiation of process models, achieving the satisfaction of the identified privacy objectives through the integration of privacy enhancing technologies. The main advantage of the proposed approach is its ability to map privacy from the strategic to the operational level through a semi-automatic process while offering designers adequate guidance to its operationalisation via the use of process patterns.

AB - The design of systems capable of protecting users' privacy is a challenging endeavour. Since users are becoming more concerned about the amounts of their personal data handled, stored and shared by such systems it is imperative to identify methods for developing privacy-aware information systems. Current approaches either focus on the elicitation of user requirements at an abstract high level or approach the issue of privacy exclusively from a technical point of view. As a result, privacy implementations are often misaligned with the overarching system goals. This work improves the current situation by presenting an approach for the design of privacy-aware business processes. Goal models are created as a first step, for privacy requirements elicitation, and are then transformed into process models, thus bridging the gap between high level goals and low level processes. Privacy process patterns are utilised for the final instantiation of process models, achieving the satisfaction of the identified privacy objectives through the integration of privacy enhancing technologies. The main advantage of the proposed approach is its ability to map privacy from the strategic to the operational level through a semi-automatic process while offering designers adequate guidance to its operationalisation via the use of process patterns.

U2 - 10.1109/RCIS.2016.7549305

DO - 10.1109/RCIS.2016.7549305

M3 - Conference contribution with ISSN or ISBN

SN - 9781479987115

SP - 1

EP - 12

BT - 2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)

PB - IEEE

CY - Piscataway, NJ

T2 - 2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)

Y2 - 25 August 2016

ER -

Incorporating privacy patterns into semi-automatic business process derivation

Abstract

Conference

Bibliographical note

Access to Document

Fingerprint

Profiles

Andrew Fish

Haris Mouratidis

Cite this