Support for Model-Based Data Sovereignty Analysis

The rapid growth of data as a commodity has led to the rise of data space ecosystems, emphasizing secure and sovereign data exchange across company borders. The International Data Spaces Reference Architecture Model (IDS-RAM) and Dataspace Protocol represent frameworks designed to enable secure and standardized data sharing across organizations and sectors. As with any traditional system, to ensure compliance with data security and sovereignty requirements, adherence to IDS-RAM and data space protocols must be integrated from the design phase of data space systems. For this, our contributions in this paper are threefold: (i) a mapping from requirements of IDS-RAM and Dataspace Protocol specifications to model-based analysis checks of UMLsec and existing extensions, (ii) two data sovereignty-oriented checks as extensions to UMLsec, namely Usage Control and Transfer Process Protocol, and (iii) an applicability evaluation based on a case study of the European Health Data Space (EHDS).