UMLsec4Edge: Extending UMLsec to model data-protection-compliant edge computing systems

TL;DR

UMLsec4Edge is a new UML profile that extends UMLsec to effectively model data protection requirements in edge computing systems, ensuring compliance with regulations like GDPR.

Contribution

This paper introduces UMLsec4Edge, an extension of UMLsec, to comprehensively model data protection aspects in edge computing architectures.

Findings

UMLsec4Edge successfully models data protection requirements.

Application to real-world use cases demonstrates its effectiveness.

UMLsec4Edge meets all specified design requirements.

Abstract

Edge computing enables the processing of data - frequently personal data - at the edge of the network. For personal data, legislation such as the European General Data Protection Regulation requires data protection by design. Hence, data protection has to be accounted for in the design of edge computing systems whenever personal data is involved. This leads to specific requirements for modeling the architecture of edge computing systems, e.g., representation of data and network properties. To the best of our knowledge, no existing modeling language fulfils all these requirements. In our previous work we showed that the commonly used UML profile UMLsec fulfils some of these requirements, and can thus serve as a starting point. The aim of this paper is to create a modeling language which meets all requirements concerning the design of the architecture of edge computing systems accounting for data protection. Thus, we extend UMLsec to satisfy all requirements. We call the resulting UML profile UMLsec4Edge. We follow a systematic approach to develop UMLsec4Edge. We apply UMLsec4Edge to real-world use cases from different domains, and create appropriate deployment diagrams and class diagrams. These diagrams show UMLsec4Edge is capable of meeting the requirements.