Slides of the paper "A UML Profile for Privacy Enforcement" accepted at the International Workshop on Security for and by
Model-Driven Engineering, and presented on June 25 2018.
4. Data is key
User Information Email, social security number, passport…
Geolocation, videos, pictures, routines…Personal Data
5. Data is key
User Information Email, social security number, passport…
Geolocation, videos, pictures, routines…Personal Data
Composite information
Route to go to work…
Places to pass the night…
6. Data is key
User Information
Data is the new currency
Email, social security number, passport…
Geolocation, videos, pictures, routines…Personal Data
Composite information
Route to go to work…
Places to pass the night…
7. Data is key
User Information
Data is the new currency
Email, social security number, passport…
Geolocation, videos, pictures, routines…Personal Data
Composite information
Route to go to work…
Places to pass the night…
8. The Open Data Movement
Data should be freely available to everyone
to use and republish as they wish, without
restrictions from copyright, patents or other
mechanisms of control
9. The Open Data Movement
Data should be freely available to everyone
to use and republish as they wish, without
restrictions from copyright, patents or other
mechanisms of control
•Geographic,
geopolitical
and financial
data
Statistics
Election results Legal acts
Data on crime, health, the
environment, transport
and scientific research
10. The Open Data Movement
Data should be freely available to everyone
to use and republish as they wish, without
restrictions from copyright, patents or other
mechanisms of control
•Geographic,
geopolitical
and financial
data
Statistics
Election results Legal acts
Data on crime, health, the
environment, transport
and scientific research
BUT…
11. Let’s not forget to mention…
…harmonize data privacy laws across Europe, to protect and
empower all EU citizens data privacy and to reshape the way
organizations across the region approach data privacy…
16. How is it treated currently?…in MDE?
Privacy and security at high-level
Methodological approaches
Access control policy solutions
Mont, M.C., Pearson, S., Creese, S., Goldsmith, M., Papanikolaou, N.: A Conceptual Model for Privacy Policies with
Consent and Revocation Requirements
Allison, D.S., Yamany, H.F.E., Capretz, M.A.M.: Metamodel for privacy policies within SOA
Busch, M.: Evaluating & engineering: an approach for the development of secure web applications
Basso, T., Montecchi, L., Moraes, R., Jino, M., Bondavalli, A.: Towards a UML profile for privacy-aware applications
Ahmadian, A.S., Peldszus, S., Ramadan, Q., Jürjens, J.: Model-based privacy and security analysis with carisma
Ahmadian, A.S., Strüber, D., Riediger, V., Jürjens, J.: Model-based privacy analysis in industrial ecosystems
Alshammari, M., Simpson, A.: A UML profile for privacy-aware data lifecycle models
XACML, PRBAC, UMLSec, Ponder
28. Conclusion
• Profile to specify privacy
• Models annotated with the profile
can promote privacy enforcement
What we have shown
What we want to do next
Application to specific fields
Promoting Open Data
30. How to add this information to existing methodologies?
…how we can leverage existing model-based approaches?
…how hard would it be?
#1
#2
How to convince organizations to annotate their data?
…are they actually concerned?
…would they see it as beneficial?
#3
Is it posible to automatically annotate existing models with privacy
information?
…are there some guidelines?
#4
How to mix data with different privacy enforcement definitions?
…how to deal with UML Class associations?
…what happens when dealing with other UML diagrams?
31. Except where otherwise noted, content on this presentation is licensed under a Creative Commons Attribution 4.0 International license.
Thanks!
Javier L. Cánovas Izquierdo
jcanovasi@uoc.edu
@jlcanovas
Julian Salas
jsalapi@uoc.edu