{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T00:50:48Z","timestamp":1740099048426,"version":"3.37.3"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319929965"},{"type":"electronic","value":"9783319929972"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-92997-2_12","type":"book-chapter","created":{"date-parts":[[2018,5,28]],"date-time":"2018-05-28T08:13:16Z","timestamp":1527495196000},"page":"179-198","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Detecting Conflicts Between Data-Minimization and Security Requirements in Business Process Models"],"prefix":"10.1007","author":[{"given":"Qusai","family":"Ramadan","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"Str\u00fcber","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mattia","family":"Salnitri","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Volker","family":"Riediger","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jan","family":"J\u00fcrjens","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,5,29]]},"reference":[{"key":"12_CR1","unstructured":"BPMN 2.0. http:\/\/www.omg.org\/spec\/BPMN\/2.0\/"},{"key":"12_CR2","unstructured":"STS. http:\/\/www.sts-tool.eu\/downloads\/secbpmn-dm\/"},{"key":"12_CR3","unstructured":"VisiOn. http:\/\/www.visioneuproject.eu\/"},{"key":"12_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1007\/978-3-319-61482-3_13","volume-title":"Modelling Foundations and Applications","author":"AS Ahmadian","year":"2017","unstructured":"Ahmadian, A.S., Str\u00fcber, D., Riediger, V., J\u00fcrjens, J.: Model-based privacy analysis in industrial ecosystems. In: Anjorin, A., Espinoza, H. (eds.) ECMFA 2017. LNCS, vol. 10376, pp. 215\u2013231. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-61482-3_13"},{"key":"12_CR5","doi-asserted-by":"crossref","unstructured":"Ahmadian, A.S., Str\u00fcber, D., Riediger, V., J\u00fcrjens, J.: Supporting privacy impact assessment by model-based privacy analysis. In: ACM Symposium on Applied Computing. ACM (2018, to appear)","DOI":"10.1145\/3167132.3167288"},{"key":"12_CR6","doi-asserted-by":"crossref","unstructured":"Alkubaisy, D.: A framework managing conflicts between security and privacy requirements. In: International Conference on Research Challenges in Information Science, pp. 427\u2013432. IEEE (2017)","DOI":"10.1109\/RCIS.2017.7956571"},{"key":"12_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1007\/978-3-642-19125-1_3","volume-title":"Engineering Secure Software and Systems","author":"W Arsac","year":"2011","unstructured":"Arsac, W., Compagna, L., Pellegrino, G., Ponta, S.E.: Security validation of business processes via model-checking. In: Erlingsson, \u00da., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 29\u201342. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-19125-1_3"},{"key":"12_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-54069-1_1","volume-title":"Privacy Technologies and Policy","author":"K Beckers","year":"2014","unstructured":"Beckers, K., Fa\u00dfbender, S., Heisel, M., Meis, R.: A problem-based approach for computer-aided privacy threat identification. In: Preneel, B., Ikonomou, D. (eds.) APF 2012. LNCS, vol. 8319, pp. 1\u201316. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-54069-1_1"},{"key":"12_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1007\/978-3-319-61470-0_8","volume-title":"Graph Transformation","author":"K Born","year":"2017","unstructured":"Born, K., Lambers, L., Str\u00fcber, D., Taentzer, G.: Granularity of conflicts and dependencies in graph transformation systems. In: de Lara, J., Plump, D. (eds.) ICGT 2017. LNCS, vol. 10373, pp. 125\u2013141. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-61470-0_8"},{"key":"12_CR10","doi-asserted-by":"crossref","unstructured":"Brucker, A.D., Hang, I., L\u00fcckemeyer, G., Ruparel, R.: SecureBPMN: modeling and enforcing access control requirements in business processes. In: ACM Symposium on Access Control Models and Technologies, pp. 123\u2013126. ACM (2012)","DOI":"10.1145\/2295136.2295160"},{"issue":"1","key":"12_CR11","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/s00766-010-0115-7","volume":"16","author":"M Deng","year":"2011","unstructured":"Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 16(1), 3\u201332 (2011)","journal-title":"Requir. Eng."},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"Diamantopoulou, V., Argyropoulos, N., Kalloniatis, C., Gritzalis, S.: Supporting the design of privacy-aware business processes via privacy process patterns. In: International Conference on Research Challenges in Information Science, pp. 187\u2013198. IEEE (2017)","DOI":"10.1109\/RCIS.2017.7956536"},{"key":"12_CR13","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1007\/978-3-319-23276-8_29","volume-title":"Global Security, Safety and Sustainability: Tomorrow\u2019s Challenges of Cyber Security","author":"D Ganji","year":"2015","unstructured":"Ganji, D., Mouratidis, H., Gheytassi, S.M., Petridis, M.: Conflicts between security and privacy measures in software requirements engineering. In: Jahankhani, H., Carlile, A., Akhgar, B., Taal, A., Hessami, A.G., Hosseinian-Far, A. (eds.) ICGS3 2015. CCIS, vol. 534, pp. 323\u2013334. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-23276-8_29"},{"key":"12_CR14","unstructured":"G\u00fcrses, S., Troncoso, C., Diaz, C.: Engineering privacy by design. Comput. Priv. Data Protect. 14(3) (2011)"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"Hansen, M., Jensen, M., Rost, M.: Protection goals for privacy engineering. In: 2015 IEEE Security and Privacy Workshops, SPW, pp. 159\u2013166. IEEE (2015)","DOI":"10.1109\/SPW.2015.13"},{"key":"12_CR16","unstructured":"ISO and IEC: Common Criteria for Information Technology Security Evaluation - Part 2 Security functional components. In: ISO\/IEC 15408, International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) (2012)"},{"issue":"3","key":"12_CR17","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1007\/s00766-008-0067-3","volume":"13","author":"C Kalloniatis","year":"2008","unstructured":"Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requir. Eng. 13(3), 241\u2013255 (2008)","journal-title":"Requir. Eng."},{"key":"12_CR18","doi-asserted-by":"crossref","unstructured":"Labda, W., Mehandjiev, N., Sampaio, P.: Modeling of privacy-aware business processes in BPMN to protect personal data. In: ACM Symposium on Applied Computing, pp. 1399\u20131405. ACM (2014)","DOI":"10.1145\/2554850.2555014"},{"key":"12_CR19","doi-asserted-by":"crossref","unstructured":"Lambers, L., Str\u00fcber, D., Taentzer, G., Born, K., Huebert, J.: Multi-granular conflict and dependency analysis in software engineering based on graph transformation. In: International Conference on Software Engineering. IEEE\/ACM (2018, to appear)","DOI":"10.1145\/3180155.3180258"},{"key":"12_CR20","doi-asserted-by":"crossref","unstructured":"Maines, C.L., Llewellyn-Jones, D., Tang, S., Zhou, B.: A cyber security ontology for BPMN-security extensions. In: International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing, pp. 1756\u20131763. IEEE (2015)","DOI":"10.1109\/CIT\/IUCC\/DASC\/PICOM.2015.265"},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"Meis, R., Heisel, M.: Systematic identification of information flows from requirements to support privacy impact assessments. In: International Joint Conference on Software Technologies, vol. 2, pp. 1\u201310. IEEE (2015)","DOI":"10.5220\/0005518500430052"},{"key":"12_CR22","doi-asserted-by":"crossref","unstructured":"Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in service-oriented business process management. In: International Conference on Availability, Reliability and Security, pp. 41\u201348. IEEE (2009)","DOI":"10.1109\/ARES.2009.90"},{"key":"12_CR23","unstructured":"Mohr, A.: A survey of zero-knowledge proofs with applications to cryptography, pp. 1\u201312. Southern Illinois University, Carbondale (2007)"},{"issue":"6","key":"12_CR24","doi-asserted-by":"publisher","first-page":"756","DOI":"10.1109\/TSE.2009.67","volume":"35","author":"D Moody","year":"2009","unstructured":"Moody, D.: The \u201cphysics\u201d of notations: toward a scientific basis for constructing visual notations in software engineering. IEEE Trans. Softw. Eng. 35(6), 756\u2013779 (2009)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"12_CR25","doi-asserted-by":"crossref","unstructured":"Morton, A., Sasse, M.A.: Privacy is a process, not a PET: a theory for effective privacy practice. In: Proceedings of the 2012 Workshop on New Security Paradigms, pp. 87\u2013104. ACM (2012)","DOI":"10.1145\/2413296.2413305"},{"issue":"12","key":"12_CR26","first-page":"1608","volume":"18","author":"H Mouratidis","year":"2012","unstructured":"Mouratidis, H., Kalloniatis, C., Islam, S., Huget, M.-P., Gritzalis, S.: Aligning security and privacy to support the development of secure information systems. J. UCS 18(12), 1608\u20131627 (2012)","journal-title":"J. UCS"},{"key":"12_CR27","unstructured":"M\u00fclle, J., von Stackelberg, S., B\u00f6hm, K.: A security language for BPMN process models. KIT, Fakult\u00e4t f\u00fcr Informatik (2011)"},{"key":"12_CR28","unstructured":"Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: anonymity, unlinkability, unobservability, pseudonymity, and identity management. Technical report, TU Dresden and ULD Kiel (2011)"},{"key":"12_CR29","doi-asserted-by":"crossref","unstructured":"Ramadan, Q., Salnitri, M., Str\u00fcber, D., J\u00fcrjens, J., Giorgini, P.: From secure business process modeling to design-level security verification. In: International Conference on Model Driven Engineering Languages and Systems, pp. 123\u2013133. IEEE (2017)","DOI":"10.1109\/MODELS.2017.10"},{"key":"12_CR30","unstructured":"Ramadan, Q., Str\u00fcber, D., Salnitri, M., Riediger, V., J\u00fcrjens, J.: Detecting Conflicts between Data-Minimization and Security Requirements in Business Process Models, Long Version (2018). https:\/\/figshare.com\/s\/664b1c79c55130a44e79"},{"issue":"3","key":"12_CR31","doi-asserted-by":"publisher","first-page":"446","DOI":"10.1016\/j.dss.2011.01.018","volume":"51","author":"A Rodr\u00edguez","year":"2011","unstructured":"Rodr\u00edguez, A., Fern\u00e1ndez-Medina, E., Trujillo, J., Piattini, M.: Secure business process model specification through a UML 2.0 activity diagram profile. Decis. Support Syst. 51(3), 446\u2013465 (2011)","journal-title":"Decis. Support Syst."},{"issue":"1","key":"12_CR32","doi-asserted-by":"publisher","first-page":"353","DOI":"10.4156\/aiss.vol4.issue1.45","volume":"4","author":"M Saleem","year":"2012","unstructured":"Saleem, M., Jaafar, J., Hassan, M.: A domain-specific language for modelling security objectives in a business process models of SOA applications. AISS 4(1), 353\u2013362 (2012)","journal-title":"AISS"},{"key":"12_CR33","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"200","DOI":"10.1007\/978-3-662-43745-2_14","volume-title":"Enterprise, Business-Process and Information Systems Modeling","author":"M Salnitri","year":"2014","unstructured":"Salnitri, M., Dalpiaz, F., Giorgini, P.: Modeling and verifying security policies in business processes. In: Bider, I., Gaaloul, K., Krogstie, J., Nurcan, S., Proper, H.A., Schmidt, R., Soffer, P. (eds.) BPMDS\/EMMSAD -2014. LNBIP, vol. 175, pp. 200\u2013214. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-43745-2_14"},{"issue":"1","key":"12_CR34","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1109\/TSE.2008.88","volume":"35","author":"S Spiekermann","year":"2009","unstructured":"Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Software Eng. 35(1), 67\u201382 (2009)","journal-title":"IEEE Trans. Software Eng."},{"key":"12_CR35","volume-title":"Handbook of Privacy and Privacy-Enhancing Technologies","author":"GW Blarkom Van","year":"2003","unstructured":"Van Blarkom, G.W., Borking, J.J., Olk, J.G.E.: Handbook of Privacy and Privacy-Enhancing Technologies. Privacy Incorporated Software Agent (PISA) Consortium, The Hague (2003)"},{"key":"12_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"381","DOI":"10.1007\/10958513_29","volume-title":"Information Security","author":"JL Vivas","year":"2003","unstructured":"Vivas, J.L., Montenegro, J.A., L\u00f3pez, J.: Towards a business process-driven framework for security engineering with the UML. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 381\u2013395. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/10958513_29"},{"key":"12_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1007\/978-3-540-75183-0_5","volume-title":"Business Process Management","author":"C Wolter","year":"2007","unstructured":"Wolter, C., Schaad, A.: Modeling of task-based authorization constraints in BPMN. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 64\u201379. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-75183-0_5"}],"container-title":["Lecture Notes in Computer Science","Modelling Foundations and Applications"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-92997-2_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,18]],"date-time":"2019-10-18T13:58:02Z","timestamp":1571407082000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-92997-2_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319929965","9783319929972"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-92997-2_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]}}}