Model-driven Approach for Privacy Management in Business Ecosystem

Christophe Feltus, Eric Grandry, Thomas Kupper, Jean-Noël Colin

Abstract

Protection of individuals with regard to the processing of personal data and the free movement of such data constitutes new challenges in terms of privacy management. Although this privacy management ought to be conducted in compliance with national and international regulation, for now we observe that no solution, model or method, fully consider and integrate these new regulations yet. Therefore, in this paper, we propose to tackle this problem through the definition of an expressive privacy metamodel which aims to represent and aggregate the concepts that are relevant to define and to deal with privacy issues, at an organizational level. Secondly, we discuss how this privacy metamodel may support and may help understanding the management of the privacy in enterprises involve in interconnected societies, by integrating the privacy metamodel with the systemic business ecosystem.

References

  1. Ajam, N., Cuppens-Boulahia, N., Cuppens, F., 2013. Contextual privacy management in extended role based access control model. DPM'13. Springer.
  2. Alter, S., 2011. Metamodel for service design and service innovation: Integrating service activities, service systems, and value constellations.
  3. Antón, A.I., Bertino, E., Li, N., Yu, T. 2007. A roadmap for comprehensive online privacy policy management. Commun. ACM 50(7), pp. 109-116.
  4. Ardagna, C. A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P. 2008. A privacy-aware access control system. Journal of Computer Security, 16(4), 369-397.
  5. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunte, M. 2003. Enterprise privacy authorization language, 1.2.
  6. Bettini, C., Wang, X. S., Jajodia, S. 2005. Protecting privacy against location-based personal identification. SDM 2005. p. 185-199.
  7. Cholez, H., Feltus, C., 2014. Towards an innovative systemic approach of risk management. In 7th ACM SIN conference.
  8. CNIL, http://www.cnil.fr/fileadmin/documents/ en/ CNILPIA-1-Methodol ogy.pdf.
  9. Cranor L., 2002. Web privacy with P3P. O'Reilly Media.
  10. CSSF, 2012. Circulaire CSSF 12/544, Optimisation of the supervision exercised on the "support PFS" by a riskbased approach.
  11. De Capitani di Vimercati, S., Foresti, S., Livraga, G., et al. 2012. Data privacy: definitions and techniques. IJUFKS, vol. 20, no 06, p. 793-817.
  12. Domingo-Ferrer, J., 2007. A three-dimensional conceptual framework for database privacy. 4th VLDB, SDM'07.
  13. DP, 1995. data-protection/document/review2012/com_20 12_11_en.pdf.
  14. Feltus, C., Nicolas, D., Poupart, C., 2014. Towards a HL7 based Metamodeling Integration Approach for Embracing the Privacy of Healthcare Patient Records Administration. 7th ACM SIN conference.
  15. Feltus, F., Fontaine, F.-X., Grandry, E., 2015. Towards Systemic Risk Management in the frame of Business Service Ecosystem, ASDENCA 2015.
  16. GDPR, Council of European Union. 269/2014. http://ec.eu ropa.eu/justice/
  17. Hevner, R., March, S. T., Park, J. 2004. Design science in information systems research. MIS 28(1).
  18. Ipswitch, 2015, http://www.ipswitch.com/blog/europeanteams-woefully-underprepared-gdpr/
  19. Mahmoud, Y., Atluri, V., Adam, N. R., 2005. Preserving mobile customer privacy: an access control system for moving objects and customer profiles. Mobisys, ACM.
  20. Martinez-Balleste, A.; Perez-Martinez, P.A.; Solanas, A. 2013. The pursuit of citizens' privacy: a privacy-aware smart city is possible, IEEE, 51(6), pp.136-141.
  21. Merriam, 2016. http://www.merriam-webster.com/ diction ary/information.
  22. Naudet, Y., Mayer, N., Feltus, C., 2016. Towards a Systemic Approach for Information Security Risk Management, ARES 2016. IEEE, Austria.
  23. Ni, Q., Trombetta, A., Bertino, E., Lobo, J. 2007. Privacyaware role based access control. SACMAT 7807, ACM.
  24. NIST, http://csrc.nist.gov/publications/drafts/nistir-8062/ nistir_8062_dra ft.pdf.
  25. Nuseibeh, B., 2010. Mobile privacy requirements on demand. In PROFES 2010. Springer.
  26. Park, J., Sandhu, R. 2002. Towards usage control models: beyond traditional access control. SACMAT 7802. ACM.
  27. Park, J., Sandhu, R. 2000. A position paper: a usage control (UCON) model for social networks privacy.
  28. Peffers, K., Tuunanen, T., Rothenberger, M. A., and Chatterjee, S. 2008. A design science research methodology for information systems research. JMIS 24(3):45-77.
  29. Pérez-Martínez, P.A., Solanas, A. 2011. W3-privacy: the three dimensions of user privacy in LBS, Int'l. Symp.
  30. Rath, T.M.A., Colin, J.-N., 2012. Patient privacy preservation: P-RBAC vs OrBAC in patient controlled records type of centralized healthcare information system. Case study of walloon healthcare network. eTELEMED.
  31. Rath, T.M.A., Colin, J.-N., 2013. Towards enforcement of purpose for privacy policy in distributed healthcare. CCNC. IEEE.
  32. Rumbaugh, J., Jacobson, I., Booch, G. 2004. Unified Modeling Language Reference Manual, The. Pearson Higher Education.
  33. Wang, H., Lee, M. K., & Wang, C. 1998. Consumer privacy concerns about Internet marketing. Communications of the ACM, 41(3), 63-70.
  34. Yang, M., Yu, Y., Bandara, A., Nuseibeh, B. 2014. Adaptive sharing for online social networks: a trade-off between privacy risk and social benefit. TrustCom-14.
  35. Zhu, Y., Peng, L. 2007. Study on K-Anonymity Models of Sharing Medical Information. ICSSSM 2007. IEEE.
Download


Paper Citation


in Harvard Style

Feltus C., Grandry E., Kupper T. and Colin J. (2017). Model-driven Approach for Privacy Management in Business Ecosystem . In Proceedings of the 5th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD, ISBN 978-989-758-210-3, pages 392-400. DOI: 10.5220/0006142203920400


in Bibtex Style

@conference{modelsward17,
author={Christophe Feltus and Eric Grandry and Thomas Kupper and Jean-Noël Colin},
title={Model-driven Approach for Privacy Management in Business Ecosystem},
booktitle={Proceedings of the 5th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,},
year={2017},
pages={392-400},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006142203920400},
isbn={978-989-758-210-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 5th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,
TI - Model-driven Approach for Privacy Management in Business Ecosystem
SN - 978-989-758-210-3
AU - Feltus C.
AU - Grandry E.
AU - Kupper T.
AU - Colin J.
PY - 2017
SP - 392
EP - 400
DO - 10.5220/0006142203920400