English

Transforming Data Flow Diagrams for Privacy Compliance (Long Version)

Software Engineering 2020-11-25 v1

Abstract

Recent regulations, such as the European General Data Protection Regulation (GDPR), put stringent constraints on the handling of personal data. Privacy, like security, is a non-functional property, yet most software design tools are focused on functional aspects, using for instance Data Flow Diagrams (DFDs). In previous work, a conceptual model was introduced where DFDs could be extended into so-called Privacy-Aware Data Flow Diagrams (PA-DFDs) with the aim of adding specific privacy checks to existing DFDs. In this paper, we provide an explicit algorithm and a proof-of-concept implementation to transform DFDs into PA-DFDs. Our tool assists software engineers in the critical but error-prone task of systematically inserting privacy checks during design (they are automatically added by our tool) while still allowing them to inspect and edit the. PA-DFD if necessary. We have also identified and addressed ambiguities and inaccuracies in the high-level transformation proposed in previous work. We apply our approach to two realistic applications from the construction and online retail sectors.

Keywords

Cite

@article{arxiv.2011.12028,
  title  = {Transforming Data Flow Diagrams for Privacy Compliance (Long Version)},
  author = {Hanaa Alshareef and Sandro Stucki and Gerardo Schneider},
  journal= {arXiv preprint arXiv:2011.12028},
  year   = {2020}
}

Comments

This is an extended version of a paper to be presented at MODELSWARD 2021. It contains a more detailed description of our transformation algorithm and an additional case study, which were not included in the conference paper

R2 v1 2026-06-23T20:28:23.685Z