Visible to the public Model-Based Privacy and Security Analysis with CARiSMA

TitleModel-Based Privacy and Security Analysis with CARiSMA
Publication TypeConference Paper
Year of Publication2017
AuthorsAhmadian, Amir Shayan, Peldszus, Sven, Ramadan, Qusai, Jürjens, Jan
Conference NameProceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5105-8
KeywordsMeasurement, Metrics, Model-based analysis, privacy, privacy models, pubcrawl, security, System design analysis
Abstract

We present CARiSMA, a tool that is originally designed to support model-based security analysis of IT systems. In our recent work, we added several new functionalities to CARiSMA to support the privacy of personal data. Moreover, we introduced a mechanism to assist the system designers to perform a CARiSMA analysis by automatically initializing an appropriate CARiSMA analysis concerning security and privacy requirements. The motivation for our work is Article 25 of Regulation (EU) 2016/679, which requires appropriate technical and organizational controls must be implemented for ensuring that, by default, the processing of personal data complies with the principles on processing of personal data. This implies that initially IT systems must be analyzed to verify if such principles are respected. System models allow the system developers to handle the complexity of systems and to focus on key aspects such as privacy and security. CARiSMA is available at http://carisma.umlsec.de and our screen cast at https://youtu.be/b5zeHig3ARw.

URLhttps://dl.acm.org/citation.cfm?doid=3106237.3122823
DOI10.1145/3106237.3122823
Citation Keyahmadian_model-based_2017