• Treffer 2 von 3
Zurück zur Trefferliste

Data Protection Assurance by Design: Support for Conflict Detection, Requirements Traceability and Fairness Analysis

  • Data-minimization and fairness are fundamental data protection requirements to avoid privacy threats and discrimination. Violations of data protection requirements often result from: First, conflicts between security, data-minimization and fairness requirements. Second, data protection requirements for the organizational and technical aspects of a system that are currently dealt with separately, giving rise to misconceptions and errors. Third, hidden data correlations that might lead to influence biases against protected characteristics of individuals such as ethnicity in decision-making software. For the effective assurance of data protection needs, it is important to avoid sources of violations right from the design modeling phase. However, a model-based approach that addresses the issues above is missing. To handle the issues above, this thesis introduces a model-based methodology called MoPrivFair (Model-based Privacy & Fairness). MoPrivFair comprises three sub-frameworks: First, a framework that extends the SecBPMN2 approach to allow detecting conflicts between security, data-minimization and fairness requirements. Second, a framework for enforcing an integrated data-protection management throughout the development process based on a business processes model (i.e., SecBPMN2 model) and a software architecture model (i.e., UMLsec model) annotated with data protection requirements while establishing traceability. Third, the UML extension UMLfair to support individual fairness analysis and reporting discriminatory behaviors. Each of the proposed frameworks is supported by automated tool support. We validated the applicability and usability of our conflict detection technique based on a health care management case study, and an experimental user study, respectively. Based on an air traffic management case study, we reported on the applicability of our technique for enforcing an integrated data-protection management. We validated the applicability of our individual fairness analysis technique using three case studies featuring a school management system, a delivery management system and a loan management system. The results show a promising outlook on the applicability of our proposed frameworks in real-world settings.

Volltext Dateien herunterladen

Metadaten exportieren

Metadaten
Verfasserangaben:Qusai Ramadan
URN:urn:nbn:de:kola-20776
Gutachter:Jan Jürjens, Andreas Mauthe
Betreuer:Jan Jürjens
Dokumentart:Dissertation
Sprache:Englisch
Datum der Fertigstellung:23.06.2020
Datum der Veröffentlichung:24.06.2020
Veröffentlichende Institution:Universität Koblenz, Universitätsbibliothek
Titel verleihende Institution:Universität Koblenz, Fachbereich 4
Datum der Abschlussprüfung:19.06.2020
Datum der Freischaltung:24.06.2020
Freies Schlagwort / Tag:BPMN; Data protection; UML; conflict detection; fairness; model-based; traceability; transformation
GND-Schlagwort:BPMN; Datenschutz; Rückverfolgbarkeit; UML
Seitenzahl:xvii, 215
Institute:Fachbereich 4 / Institut für Softwaretechnik
DDC-Klassifikation:0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 004 Datenverarbeitung; Informatik
BKL-Klassifikation:54 Informatik / 54.38 Computersicherheit
Lizenz (Deutsch):License LogoEs gilt das deutsche Urheberrecht: § 53 UrhG