Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Dealing with Privacy for Protecting Information

  • Conference paper
  • First Online:
Systems, Software and Services Process Improvement (EuroSPI 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1442))

Included in the following conference series:

Abstract

Privacy is being a trending topic in cybersecurity context not only because it is related to current regulations such as GDPR, but also because it has an impact on every citizen within this digitalized world. In fact, there is a huge number of software systems managing or processing information related to individuals in somehow, and therefore software developments producing these systems must consider specific privacy measures. Privacy by design concept and shift left strategies are considering privacy as a special topic to be treated along the software development project. In this context, Very Small Companies are required to modify their development processes for including privacy. This paper provides a modification of the ISO/IEC 29110 basic profile, a set of activities for designing a privacy preserving approach, and the results of applying differential privacy mechanisms with an illustrative example.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. The European Parliament and of the Council: Directive 95/46/EC (General Data Protection Regulation) (2016). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679

  2. National Institute of Standards and Technology (NIST): Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf

  3. Larrucea, X., Santamaria, I., Fernandez‐Gauna, B.: Managing security debt across PLC phases in a VSE context. J. Softw.: Evol. Process (2019). https://doi.org/10.1002/smr.2214

  4. Hicken, A.: Using static analysis to achieve “secure-by-design” for GDPR. https://blog.parasoft.com/using-static-analysis-to-security-design-in-gdpr. Accessed 23 Apr 2020

  5. Larrucea, X., Santamaria, I., Colomo-Palacios, R.: Assessing source code vulnerabilities in a cloud-based system for health systems: OpenNCP. IET Softw. 13, 195–202 (2019). https://doi.org/10.1049/iet-sen.2018.5294

    Article  Google Scholar 

  6. Larrucea, X., Moffie, M., Asaf, S., Santamaria, I.: Towards a GDPR compliant way to secure European cross border Healthcare Industry 4.0. Comput. Stand. Interfaces 69, 103408 (2020). https://doi.org/10.1016/j.csi.2019.103408

    Article  Google Scholar 

  7. ENISA: Information exchange and communication - What to share. https://www.enisa.europa.eu/topics/national-cyber-security-strategies/information-sharing/isacs-toolkit/tools/build/information-exchange-and-communication/what-to-share. Accessed 30 Dec 2020

  8. Sanchez-Gordon, M.-L., de Amescua, A., O’Connor, R.V., Larrucea, X.: A standard-based framework to integrate software work in small settings. Comput. Stand. Interfaces 54, 162–175 (2017). https://doi.org/10.1016/j.csi.2016.11.009

    Article  Google Scholar 

  9. ISO/IEC: ISO/IEC TR 29110-1:2011. ISO/IEC (2011)

    Google Scholar 

  10. Larrucea, X., O’Connor, R.V., Colomo-Palacios, R., Laporte, C.Y.: Software process improvement in very small organizations. IEEE Softw. 33, 85–89 (2016). https://doi.org/10.1109/MS.2016.42

    Article  Google Scholar 

  11. Larrucea, X., Fernandez-Gauna, B.: A mapping study about the standard ISO/IEC29110. Comput. Stand. Interfaces (2019). https://doi.org/10.1016/j.csi.2019.03.005

  12. Larrucea, X., Santamaría, I.: Correlations study and clustering from SPI experiences in small settings. J. Softw.: Evol. Process 31(1), e1989 (2018). https://doi.org/10.1002/smr.1989

    Article  Google Scholar 

  13. Larrucea, X., Santamaria, I.: Survival studies based on ISO/IEC29110: industrial experiences. Comput. Stand. Interfaces 60, 73–79 (2018). https://doi.org/10.1016/j.csi.2018.04.006

    Article  Google Scholar 

  14. Mesquida, A.-L., Mas, A.: A project management improvement program according to ISO/IEC 29110 and PMBOK (R). J. Softw.-Evol. Process 26, 846–854 (2014). https://doi.org/10.1002/smr.1665

    Article  Google Scholar 

  15. Narayanan, A., Shmatikov, V.: Myths and fallacies of “personally identifiable information.” Commun. ACM 53, 24–26 (2010). https://doi.org/10.1145/1743546.1743558

    Article  Google Scholar 

  16. Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzz. Knowl.-Based Syst. 10, 557–570 (2002). https://doi.org/10.1142/S0218488502001648

    Article  MathSciNet  MATH  Google Scholar 

  17. Xiao, X.: Privacy Preserving Data Publishing (2008)

    Google Scholar 

  18. Gkountouna, O., Angeli, S., Zigomitros, A., Terrovitis, M., Vassiliou, Y.: km-anonymity for continuous data using dynamic hierarchies. In: Domingo-Ferrer, J. (ed.) PSD 2014. LNCS, vol. 8744, pp. 156–169. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11257-2_13

    Chapter  Google Scholar 

  19. LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Mondrian multidimensional k-anonymity. In: 22nd International Conference on Data Engineering (ICDE’06), p. 25. IEEE, Atlanta (2006). https://doi.org/10.1109/ICDE.2006.101

  20. Li, X., Zhou, Z.: A generalization model for multi-record privacy preservation. J. Ambient. Intell. Humaniz. Comput. 11(7), 2899–2912 (2019). https://doi.org/10.1007/s12652-019-01430-y

    Article  Google Scholar 

  21. Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: L-diversity: privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1(1), 3 (2007). https://doi.org/10.1145/1217299.1217302

    Article  Google Scholar 

  22. Li, N., Li, T., Venkatasubramanian, S.: t-Closeness: privacy beyond k-anonymity and l-diversity. In: 2007 IEEE 23rd International Conference on Data Engineering, pp. 106–115. IEEE, Istanbul (2007). https://doi.org/10.1109/ICDE.2007.367856

  23. Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006). https://doi.org/10.1007/11787006_1

    Chapter  Google Scholar 

  24. Chen, S., Fu, A., Shen, J., Yu, S., Wang, H., Sun, H.: RNN-DP: a new differential privacy scheme base on recurrent neural network for dynamic trajectory privacy protection. J. Netw. Comput. Appl. 168, 102736 (2020). https://doi.org/10.1016/j.jnca.2020.102736

    Article  Google Scholar 

  25. Sánchez, D., Domingo-Ferrer, J., Martínez, S., Soria-Comas, J.: Utility-preserving differentially private data releases via individual ranking microaggregation. Inf. Fus. 30, 1–14 (2016). https://doi.org/10.1016/j.inffus.2015.11.002

    Article  Google Scholar 

  26. Friedman, A., Schuster, A.: Data mining with differential privacy. In: Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining - KDD ’10, p. 493. ACM Press, Washington, DC (2010). https://doi.org/10.1145/1835804.1835868

  27. Chen, R., Mohammed, N., Fung, B., Desai, B., Xiong, L.: Publishing set-valued data via differential privacy. Proc. VLDB Endow. 4(11), 1087–1098 (2011). https://doi.org/10.14778/3402707.3402744

    Article  Google Scholar 

  28. Garfinkel, S., Abowd, J.M., Martindale, C.: Understanding database reconstruction attacks on public data. Commun. ACM 62, 46–53 (2019). https://doi.org/10.1145/3287287

    Article  Google Scholar 

  29. Wirth, R.: CRISP-DM: towards a standard process model for data mining. In: Proceedings of the Fourth International Conference on the Practical Application of Knowledge Discovery and Data Mining, pp. 29–39 (2000)

    Google Scholar 

  30. Huber, S., Wiemer, H., Schneider, D., Ihlenfeldt, S.: DMME: data mining methodology for engineering applications – a holistic extension to the CRISP-DM model. Procedia CIRP. 79, 403–408 (2019). https://doi.org/10.1016/j.procir.2019.02.106

    Article  Google Scholar 

  31. Härting, R.-C., Sprengel, A.: Cost-benefit considerations for data analytics - an SME-oriented framework enhanced by a management perspective and the process of idea generation. Procedia Comput. Sci. 159, 1537–1546 (2019). https://doi.org/10.1016/j.procs.2019.09.324

    Article  Google Scholar 

  32. Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_14

    Chapter  Google Scholar 

  33. Rodríguez-Barroso, N., et al.: Federated learning and differential privacy: software tools analysis, the Sherpa.ai FL framework and methodological guidelines for preserving data privacy. Inf. Fus. 64, 270–292 (2020). https://doi.org/10.1016/j.inffus.2020.07.009

  34. Rubinstein, B.I.P., Aldà, F.: Pain-free random differential privacy with sensitivity sampling. arXiv:1706.02562 [cs, stat] (2017)

  35. Johnson, C.S., Badger, M.L., Waltermire, D.A., Snyder, J., Skorupka, C.: Guide to cyber threat information sharing. National Institute of Standards and Technology (2016). https://doi.org/10.6028/NIST.SP.800-150

Download references

Acknowledgements

This work has been partially supported by the Basque Government (SPRI) project called “Trustind - Creating Trust In The Industrial Digital Transformation” (KK-2020/00054) and by the “SPEAR” project (H2020).

Author information

Authors and Affiliations

  1. TECNALIA, Basque Research and Technology Alliance (BRTA), Bizkaia, Spain

    Xabier Larrucea & Izaskun Santamaria

Authors
  1. Xabier Larrucea
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Izaskun Santamaria
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xabier Larrucea .

Editor information

Editors and Affiliations

  1. Gazi University, Ankara, Turkey

    Murat Yilmaz

  2. Dublin City University, Dublin, Ireland

    Paul Clarke

  3. I.S.C.N. GesmbH, Graz, Austria

    Richard Messnarz

  4. IMC University of Applied Sciences Krems, Krems, Austria

    Michael Reiner

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Larrucea, X., Santamaria, I. (2021). Dealing with Privacy for Protecting Information. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds) Systems, Software and Services Process Improvement. EuroSPI 2021. Communications in Computer and Information Science, vol 1442. Springer, Cham. https://doi.org/10.1007/978-3-030-85521-5_34

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-85521-5_34

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-85520-8

  • Online ISBN: 978-3-030-85521-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation