TUHH Open Research
Help
  • Log In
    New user? Click here to register.Have you forgotten your password?
  • English
  • Deutsch
  • Communities & Collections
  • Publications
  • Research Data
  • People
  • Institutions
  • Projects
  • Statistics
  1. Home
  2. TUHH
  3. Publication References
  4. Precise Analysis of Purpose Limitation in Data Flow Diagrams
 
Options

Precise Analysis of Purpose Limitation in Data Flow Diagrams

Publikationstyp
Conference Paper
Date Issued
2022-08
Sprache
English
Author(s)
Alshareef, Hanaa  
Tuma, Katja  
Stucki, Sandro  
Schneider, Gerardo  
Scandariato, Riccardo  
Institut
Software Security E-22  
TORE-URI
http://hdl.handle.net/11420/13575
Article Number
17
Citation
17th International Conference on Availability, Reliability and Security (ARES 2022)
Contribution to Conference
17th International Conference on Availability, Reliability and Security, ARES 2022  
Publisher DOI
10.1145/3538969.3539010
Scopus ID
2-s2.0-85136988924
Data Flow Diagrams (DFDs) are primarily used for modelling functional properties of a system. In recent work, it was shown that DFDs can be used to also model non-functional properties, such as security and privacy properties, if they are annotated with appropriate security- and privacy-related information. An important privacy principle one may wish to model in this way is purpose limitation. But previous work on privacy-aware DFDs (PA-DFDs) considers purpose limitation only superficially, without explaining how the purpose of DFD activators and flows ought to be specified, checked or inferred. In this paper, we define a rigorous formal framework for (1) annotating DFDs with purpose labels and privacy signatures, (2) checking the consistency of labels and signatures, and (3) inferring labels from signatures. We implement our theoretical framework in a proof-of concept tool consisting of a domain-specific language (DSL) for specifying privacy signatures and algorithms for checking and inferring purpose labels from such signatures. Finally, we evaluate our framework and tool through a case study based on a DFD from the privacy literature.
Subjects
data flow diagram
Privacy by design
purpose limitation
Funding(s)
Assurance and certification in secure Multi-party Open Software and Services  
TUHH
Weiterführende Links
  • Contact
  • Send Feedback
  • Cookie settings
  • Privacy policy
  • Impress
DSpace Software

Built with DSpace-CRIS software - Extension maintained and optimized by 4Science
Design by effective webwork GmbH

  • Deutsche NationalbibliothekDeutsche Nationalbibliothek
  • ORCiD Member OrganizationORCiD Member Organization
  • DataCiteDataCite
  • Re3DataRe3Data
  • OpenDOAROpenDOAR
  • OpenAireOpenAire
  • BASE Bielefeld Academic Search EngineBASE Bielefeld Academic Search Engine
Feedback