Data-minimization and Fairness-aware SecBPMN2
Detecting conflicts between security, data-minimization, and fairness requirements is a challenging task. Since such conflicts arise in the specific context of how the technical and organizational components of the target system interact with each other, their detection requires a thorough understanding of the underlying business processes. For example, a process may require anonymous execution for a task that writes data to a secure data storage, where the identity of the executor is needed for the purpose of accountability.
To address this challenge, we propose an extension of the SecBPMN2 modeling language to enable:
- The specification of process-oriented security, data-minimization and fairness requirements.
- The specification of security, data-minimization and fairness requirements as SecBPMN2 queries that can be verified against Security, data-minimization, and fairness-annotated SecBPMN2 models.
- The detection of conflicts between these requirements based on a catalog of domain-independent anti-patterns.