• search hit 36 of 76
Back to Result List

Data Protection Assurance by Design: Support for Conflict Detection, Requirements Traceability and Fairness Analysis

  • Data-minimization and fairness are fundamental data protection requirements to avoid privacy threats and discrimination. Violations of data protection requirements often result from: First, conflicts between security, data-minimization and fairness requirements. Second, data protection requirements for the organizational and technical aspects of a system that are currently dealt with separately, giving rise to misconceptions and errors. Third, hidden data correlations that might lead to influence biases against protected characteristics of individuals such as ethnicity in decision-making software. For the effective assurance of data protection needs, it is important to avoid sources of violations right from the design modeling phase. However, a model-based approach that addresses the issues above is missing. To handle the issues above, this thesis introduces a model-based methodology called MoPrivFair (Model-based Privacy & Fairness). MoPrivFair comprises three sub-frameworks: First, a framework that extends the SecBPMN2 approach to allow detecting conflicts between security, data-minimization and fairness requirements. Second, a framework for enforcing an integrated data-protection management throughout the development process based on a business processes model (i.e., SecBPMN2 model) and a software architecture model (i.e., UMLsec model) annotated with data protection requirements while establishing traceability. Third, the UML extension UMLfair to support individual fairness analysis and reporting discriminatory behaviors. Each of the proposed frameworks is supported by automated tool support. We validated the applicability and usability of our conflict detection technique based on a health care management case study, and an experimental user study, respectively. Based on an air traffic management case study, we reported on the applicability of our technique for enforcing an integrated data-protection management. We validated the applicability of our individual fairness analysis technique using three case studies featuring a school management system, a delivery management system and a loan management system. The results show a promising outlook on the applicability of our proposed frameworks in real-world settings.

Download full text files

Export metadata

Author:Qusai Ramadan
Referee:Jan Jürjens, Andreas Mauthe
Advisor:Jan Jürjens
Document Type:Doctoral Thesis
Date of completion:2020/06/23
Date of publication:2020/06/24
Publishing institution:Universität Koblenz, Universitätsbibliothek
Granting institution:Universität Koblenz, Fachbereich 4
Date of final exam:2020/06/19
Release Date:2020/06/24
Tag:BPMN; Data protection; UML; conflict detection; fairness; model-based; traceability; transformation
GND Keyword:BPMN; Datenschutz; Rückverfolgbarkeit; UML
Number of pages:xvii, 215
Institutes:Fachbereich 4 / Institut für Softwaretechnik
Dewey Decimal Classification:0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 004 Datenverarbeitung; Informatik
BKL-Classification:54 Informatik / 54.38 Computersicherheit
Licence (German):License LogoEs gilt das deutsche Urheberrecht: § 53 UrhG