针对GDPR分析软件系统设计的形式化建模方案

International Conference on Evaluation of Novel Approaches to Software Engineering Pub Date : 2019-05-04 DOI:10.5220/0007722900680079

E. Vanezi, G. Kapitsaki, Dimitrios Kouzapas, A. Philippou

{"title":"针对GDPR分析软件系统设计的形式化建模方案","authors":"E. Vanezi, G. Kapitsaki, Dimitrios Kouzapas, A. Philippou","doi":"10.5220/0007722900680079","DOIUrl":null,"url":null,"abstract":"Since the adoption of the EU General Data Protection Regulation (GDPR) in May 2018, designing software systems that conform to the GDPR principles has become vital. Modeling languages can be a facilitator for this process, following the principles of model-driven development. In this paper, we present our work on the usage of a π-calculus-based language for modeling and reasoning about the GDPR provisions of 1) lawfulness of processing by providing consent, 2) consent withdrawal, and 3) right to erasure. A static analysis method based on type checking is proposed to validate that a model conforms to associated privacy requirements. This is the first step towards a rigorous Privacy-By-Design methodology for analyzing and validating a software system model against the GDPR. A use case is presented to discuss and illustrate the framework.","PeriodicalId":420861,"journal":{"name":"International Conference on Evaluation of Novel Approaches to Software Engineering","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"A Formal Modeling Scheme for Analyzing a Software System Design against the GDPR\",\"authors\":\"E. Vanezi, G. Kapitsaki, Dimitrios Kouzapas, A. Philippou\",\"doi\":\"10.5220/0007722900680079\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Since the adoption of the EU General Data Protection Regulation (GDPR) in May 2018, designing software systems that conform to the GDPR principles has become vital. Modeling languages can be a facilitator for this process, following the principles of model-driven development. In this paper, we present our work on the usage of a π-calculus-based language for modeling and reasoning about the GDPR provisions of 1) lawfulness of processing by providing consent, 2) consent withdrawal, and 3) right to erasure. A static analysis method based on type checking is proposed to validate that a model conforms to associated privacy requirements. This is the first step towards a rigorous Privacy-By-Design methodology for analyzing and validating a software system model against the GDPR. A use case is presented to discuss and illustrate the framework.\",\"PeriodicalId\":420861,\"journal\":{\"name\":\"International Conference on Evaluation of Novel Approaches to Software Engineering\",\"volume\":\"47 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-05-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Conference on Evaluation of Novel Approaches to Software Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5220/0007722900680079\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Evaluation of Novel Approaches to Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5220/0007722900680079","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

自2018年5月欧盟通用数据保护条例(GDPR)通过以来，设计符合GDPR原则的软件系统变得至关重要。建模语言可以成为这个过程的推动者，遵循模型驱动开发的原则。在本文中，我们介绍了我们在使用基于π-微积分的语言来建模和推理GDPR条款的工作:1)通过提供同意处理的合法性，2)同意撤回，以及3)删除权。提出了一种基于类型检查的静态分析方法来验证模型是否符合相关的隐私要求。这是针对GDPR分析和验证软件系统模型的严格隐私设计方法的第一步。给出了一个用例来讨论和说明该框架。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Formal Modeling Scheme for Analyzing a Software System Design against the GDPR

Since the adoption of the EU General Data Protection Regulation (GDPR) in May 2018, designing software systems that conform to the GDPR principles has become vital. Modeling languages can be a facilitator for this process, following the principles of model-driven development. In this paper, we present our work on the usage of a π-calculus-based language for modeling and reasoning about the GDPR provisions of 1) lawfulness of processing by providing consent, 2) consent withdrawal, and 3) right to erasure. A static analysis method based on type checking is proposed to validate that a model conforms to associated privacy requirements. This is the first step towards a rigorous Privacy-By-Design methodology for analyzing and validating a software system model against the GDPR. A use case is presented to discuss and illustrate the framework.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Conference on Evaluation of Novel Approaches to Software Engineering

自引率

0.00%

发文量