Detecting conflicts between security and data-minimization requirements is a challenging task. Since such conflicts arise in the specific context of how the technical and organizational components of the target system interact with each other, their detection requires a thorough understanding of the underlying business processes. For example, a process may require anonymous execution for a task that writes data to a secure data storage, where the identity of the executor is needed for the purpose of accountability.
To address this challenge, we propose an extension of the SecBPMN2 modeling language to enable:
- The specification of process-oriented data-minimization and security requirement
- The detection of conflicts between these requirements based on a catalog of domain-independent anti-patterns.
Latest available version
- Data Minimization Anti-Patterns (150.3 KB)