UMLsec4Edge Extending UMLsec to model data protection related requirements in edge computing Sven Smolka1 Jan Laufer1 Zolt anAdam Mann2 Klaus Pohl1
2025-05-06
0
0
332.67KB
8 页
10玖币
侵权投诉
UMLsec4Edge: Extending UMLsec to model data
protection related requirements in edge computing
Sven Smolka1, Jan Laufer1, Zolt´
an ´
Ad´
am Mann2, Klaus Pohl1
1paluno – The Ruhr Institute for Software Technology, University of Duisburg-Essen, Essen, Germany
2Complex Cyber Infrastructure (CCI) group, University of Amsterdam, Amsterdam, The Netherlands
Abstract—Edge computing enables the processing of data –
frequently personal data – at the edge of the network. For
personal data, legislation such as the European General Data
Protection Regulation requires data protection by design. Hence,
data protection has to be accounted for in the design of edge
computing systems whenever personal data is involved. This
leads to specific requirements for modeling the architecture of
edge computing systems, e.g., representation of data and network
properties.
To the best of our knowledge, no existing modeling language
fulfils all these requirements. In our previous work we showed
that the commonly used UML profile UMLsec fulfils some of
these requirements, and can thus serve as a starting point.
The aim of this paper is to create a modeling language which
meets all requirements concerning the design of the architecture
of edge computing systems accounting for data protection. Thus,
we extend UMLsec to satisfy all requirements. We call the
resulting UML profile UMLsec4Edge. We follow a systematic
approach to develop UMLsec4Edge. We apply UMLsec4Edge to
real-world use cases from different domains, and create appro-
priate deployment diagrams and class diagrams. These diagrams
show UMLsec4Edge is capable of meeting the requirements.
Index Terms—edge computing, data protection, UMLsec, fog
computing
I. INTRODUCTION
Motivation: Edge computing enables real-time data pro-
cessing with low network communication latency and satisfac-
tory quality of service at the same time. Due to these positive
characteristics, edge computing systems become increasingly
popular [1]. So-called edge nodes can perform tasks that most
end devices (e.g. IoT devices) are not capable of due to
insufficient computing power [2]. Edge nodes can also pre-
process data, for example to reduce the amount of data that is
sent to the cloud for further processing [1]. However, process-
ing (personal) data at the edge of the network leads to new
challenges. For example, edge nodes may use different types
of communication (e.g., 5G or WLAN) which offer different
levels of data protection. Regulations such as the General
Data Protection Regulation (GDPR) of the European Union
[3] prescribe the protection of personal data. In particular, the
GDPR stipulates the need for data protection by design. To
ensure data protection by design in edge computing systems,
requirements for modeling the architecture of edge computing
systems emerge [4] which can be sorted into categories: “net-
work properties”, “devices”, “actors”, and “data properties”.
Work partially funded by the European Union’s Horizon 2020 research and
innovation programme under grant agreement no. 871525 (FogProtect). Useful
discussions with project partners are gratefully acknowledged.
Problem statement & Aim of the paper: Existing model-
ing languages used in system design focus either on security
(e.g. [5], [6]), or on privacy (e.g. [7], [8]), or none of the
above. Although the GDPR requires appropriate security under
Article 32, the definition of data protection goes beyond that
of security and privacy. Existing modeling languages cannot
capture all aspects of edge computing systems related to data
protection, for example, the different levels of data protection
stemming from different types of communication technologies
[4]. To the best of our knowledge, there is no modeling
language which covers all requirements on the modeling of
the architecture of data-protection-compliant edge computing
systems. We identified UMLsec (an extension of the well-
known modeling language UML) as a promising starting
point to model data protection concerns in edge computing
systems, because UMLsec is capable of modeling information
security aspects for software systems. UMLsec addresses the
“data properties” requirement category as well as parts of the
categories “network properties” and “devices”.
The aim of this paper is to create a modeling language which
satisfies the identified requirements concerning the design of
the architecture of edge computing systems, accounting for
data protection.
Contribution & Approach: To achieve this goal, this paper
provides the following contributions.
•A new modeling language called UMLsec4Edge that
supports the modeling of data-protection-compliant edge
computing systems. UMLsec4Edge is an extension of
UMLsec, focusing on deployment and class diagrams. We
focus on these diagram types because the architecture of
systems and dependencies between system components
have great impact on data protection by design.
•A formalization of UMLsec4Edge as well as an UML
profile created with the modeling platform Papyrus.
•Deployment and class diagrams of three real-world use
cases which employ edge computing in diverse appli-
cation domains. The use cases originate from the EU-
funded research project FogProtect [9]. The diagrams
confirm that UMLsec4Edge meets the requirements by
addressing the shortcomings of UMLsec.
The creation of UMLsec4Edge follows a systematic approach
based on the work of Lagarde et al. [10], including a literature
search focusing on UML profiles covering security, privacy, or
data protection to assess alternative extension options.
arXiv:2210.09358v1 [cs.SE] 17 Oct 2022
Outline: Sec. II defines terminology and introduces the
requirements for modeling the architecture of edge com-
puting systems accounting for data protection. Sec. III de-
scribes our systematic development approach and as a re-
sult the UMLsec4Edge profile. Sec. IV shows extracts from
UMLsec4Edge diagrams and discusses threats to validity. Sec.
V examines related work, while Sec. VI concludes the paper.
Additional material, including the full UMLsec4Edge profile,
complete diagrams, and further information on the systematic
approach and literature review, can be found online1.
II. REQUIREMENTS TO MODEL DATA PROTECTION IN EDGE
COMPUTING SYSTEMS
A. Data protection in edge computing systems
The term data protection refers to the protection of per-
sonal data. Regulations such as the GDPR [3] prescribe this
protection. The GDPR requires the enforcement of technical
and organizational measures to prevent so called personal
data breaches. Personal data breaches occur, e.g., whenever
an unauthorized actor accesses personal data. Any system, and
therefore also an edge computing system, which processes per-
sonal data must ensure the absence of personal data breaches.
Ensuring data protection in edge computing systems faces
new challenges compared to more established computing
paradigms like cloud computing. End devices and edge nodes
could differ in hardware configuration, preventing the imple-
mentation of uniform data protection mechanisms such as
hardware enclaves across all devices. Moreover, end devices
and edge nodes can be deployed almost anywhere. Thus, they
may not be protected by sufficient physical security measures,
so there is a threat of attackers physically compromise them.
Since the GDPR requires systems processing personal data
to ensure data protection by design, such data protection
challenges need to be considered when developing an edge
computing system, already starting with the architectural de-
sign of the system. In our previous work [4], we identified four
data-protection-related requirements on modeling languages
for modeling the architecture of edge computing system:
(R-1) Network properties: It must be possible to model
different communication types between devices in an edge
computing system as well as possible threats posed by them.
(R-2) Devices: It must be possible to model different device
types in an edge computing system as well as threats posed
by their use.
(R-3) Actors: It must be possible to model actors within an
edge computing system, as well as their trust in each other,
their relationship to data, and their data-specific roles.
(R-4) Data properties: It must be possible to model data
protection requirements specifying whether data must not be
disclosed, manipulated, or deleted.
B. Modeling edge computing architectures with UMLsec
In our previous work [4], we analyzed to what extent
UMLsec [5] supports modeling data protection requirements
1See https://git.uni-due.de/fogprotect/umlsec4edge
and threats to data protection during the design of edge
computing systems. We concluded that UMLsec provides a
reasonable basis for satisfying the identified requirements:
(R-1): UMLsec introduces stereotypes such as <<wire>>
or <<LAN>>, which can be used to assign a connection type to
a communication path between nodes in deployment diagrams.
In addition, UMLsec introduces the adversary model, which
represents the threat of unauthorized reading, insertion, and
deletion of data during data exchange over a communication
path of a certain connection type. UMLsec is limited in
having only stereotypes representing wired connection types.
In edge computing systems, however, data exchange between
nodes often takes place wirelessly. Consequently, UMLsec
only partially addresses (R-1).
(R-2): UMLsec allows assigning device types to nodes by
stereotypes like <<POS device>>. The adversary model
then allows the representation of the threat of unauthorized
physical access to these types of devices. However, there are
no stereotypes for device types common in edge computing
systems. Accordingly, the threat of unauthorized physical
access to them cannot be modeled in the adversary model. In
addition, UMLsec cannot model threats occurring when data
is exchanged between components placed on the same node.
Overall, UMLsec fulfills a part of (R-2).
(R-3): UMLsec has no stereotypes or tags to model actors
within an edge computing system as well as their trust in
each other, their relationship to the data, and their data-specific
roles. Accordingly, UMLsec does not address (R-3).
(R-4): UMLsec introduces stereotypes and tags to model
the security requirements of data during data exchange in
terms of confidentiality, integrity, and availability. For ex-
ample, UMLsec introduces the stereotype <<secrecy>>,
which can be attached to dependencies between nodes and
components in a deployment diagram to define the security
requirement of disallowing data to be read by an attacker
during data exchange. In combination with the adversary
model (which represents the threats of data transmission over
a communication channel with a specific connection type), it
is possible to evaluate whether security objectives are met by
the system design. Thus, UMLsec addresses (R-4).
Table I summarizes the restrictions that make UMLsec not
fulfill the requirements. The table also lists the stereotypes and
tags of our UMLsec4Edge profile (presented in the following
section) leading to the fulfillment of the requirements.
III. UMLSEC4EDGE
A. Systematic Approach towards UMLsec4Edge
To create our UMLsec4Edge profile that satisfies all the
requirements, we conduct a systematic extension of UMLsec.
Since UMLsec already partially addresses (R-1) and (R-2)
in deployment diagrams, it is reasonable to extend UMLsec
with respect to deployment diagrams to fully address the
requirements. As UMLsec does not address (R-3), we extend
UMLsec with respect to class diagrams, since the data of a
system is often modeled in class diagrams. Fig. 1 shows our
systematic approach of extending UMLsec. We first create
摘要:
展开>>
收起<<
UMLsec4Edge:ExtendingUMLsectomodeldataprotectionrelatedrequirementsinedgecomputingSvenSmolka1,JanLaufer1,Zolt´an´Ad´amMann2,KlausPohl11palunoTheRuhrInstituteforSoftwareTechnology,UniversityofDuisburg-Essen,Essen,Germany2ComplexCyberInfrastructure(CCI)group,UniversityofAmsterdam,Amsterdam,TheNetherl...
声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!
相关推荐
-
架构演进:小米的经验分享VIP免费
2025-03-31 5 -
Universal and Independent Multilingual Probing Framework for Exhaustive Model Interpretation and Evaluation Oleg Serikov Vitaly Protasov Ekaterina Voloshina Viktoria Knyazkova
2025-05-06 0 -
Universal cover-time distribution of heterogeneous random walks Jia-Qi Dong1 2Wen-Hui Han1Yisen Wang1Xiao-Song Chen3and Liang Huang1 1Lanzhou Center for Theoretical Physics and Key Laboratory of Theoretical Physics of Gansu Province
2025-05-06 0 -
Universal Evasion Attacks on Summarization Scoring Wenchuan Mu Kwan Hui Lim Singapore University of Technology and Design
2025-05-06 0 -
Universal hidden monotonic trend estimation with contrastive learning Edouard Pineau
2025-05-06 0 -
Universal Quantum Speedup for Branch-and-Bound Branch-and-Cut and Tree-Search Algorithms Shouvanik Chakrabarti Pierre Minssen Romina Yalovetzky and Marco Pistoia
2025-05-06 0 -
Universality class of the glassy random laser Jacopo Niedda1 2Giacomo Gradenigo3 4 2Luca Leuzzi2 1and Giorgio Parisi1 2 5 6 1Dipartimento di Fisica Universit a di Roma Sapienza Piazzale A. Moro 2 I-00185 Roma Italy
2025-05-06 0 -
Universality classes of thermalization for mesoscopic Floquet systems Alan Morningstar1 2David A. Huse1and Vedika Khemani2 1Department of Physics Princeton University Princeton NJ 08544 USA
2025-05-06 0 -
UNIVERSIDADE ESTADUAL DE CAMPINAS Instituto de F sica Gleb Wataghin Jo ao Paulo Picchetti
2025-05-06 0 -
University of Cape Towns WMT22 System Multilingual Machine Translation for Southern African Languages Khalid N. Elmadani Francois Meyer Jan Buys
2025-05-06 0
分类:图书资源
价格:10玖币
属性:8 页
大小:332.67KB
格式:PDF
时间:2025-05-06
作者详情
相关内容
-
Universal Quantum Speedup for Branch-and-Bound Branch-and-Cut and Tree-Search Algorithms Shouvanik Chakrabarti Pierre Minssen Romina Yalovetzky and Marco Pistoia
分类:图书资源
时间:2025-05-06
标签:无
格式:PDF
价格:10 玖币
-
Universality class of the glassy random laser Jacopo Niedda1 2Giacomo Gradenigo3 4 2Luca Leuzzi2 1and Giorgio Parisi1 2 5 6 1Dipartimento di Fisica Universit a di Roma Sapienza Piazzale A. Moro 2 I-00185 Roma Italy
分类:图书资源
时间:2025-05-06
标签:无
格式:PDF
价格:10 玖币
-
Universality classes of thermalization for mesoscopic Floquet systems Alan Morningstar1 2David A. Huse1and Vedika Khemani2 1Department of Physics Princeton University Princeton NJ 08544 USA
分类:图书资源
时间:2025-05-06
标签:无
格式:PDF
价格:10 玖币
-
UNIVERSIDADE ESTADUAL DE CAMPINAS Instituto de F sica Gleb Wataghin Jo ao Paulo Picchetti
分类:图书资源
时间:2025-05-06
标签:无
格式:PDF
价格:10 玖币
-
University of Cape Towns WMT22 System Multilingual Machine Translation for Southern African Languages Khalid N. Elmadani Francois Meyer Jan Buys
分类:图书资源
时间:2025-05-06
标签:无
格式:PDF
价格:10 玖币
渝公网安备50010702506394
