research-article

A collection of privacy design patterns

Author:

Munawar HafizAuthors Info & Claims

PLoP '06: Proceedings of the 2006 conference on Pattern languages of programs

Article No.: 7, Pages 1 - 13

https://doi.org/10.1145/1415472.1415481

Published: 21 October 2006 Publication History

Abstract

The growth in computing power has enabled the storage and analysis of large volumes of data. Monitoring the Internet access profiles of millions of users has become feasible and also economically lucrative. The interesting thing here is that it is not only the crooks who are interested in privacy intrusion, but government agencies also have vested interest in profiling the population mass. This paper describes 4 design patterns that can aide the decision making process for the designers of privacy protecting systems. These design patterns are applicable to the design of anonymity systems for various types of online communication, online data sharing, location monitoring, voting and electronic cash management.

References

[1]

Anonymizer.com. Online privacy services.

[2]

Bell Labs Technology Demonstration. The Lucent personalized Web assistant.

[3]

A. Beresford and F. Stajano. Mix zones: User privacy in location-aware services. In PerCom Workshops, pages 127--131, 2004.

Digital Library

[4]

A. R. Beresford and F. Stajano. Location privacy in pervasive computing. IEEE Pervasive Computing, 2(1):46--55, 2003.

Digital Library

[5]

D. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2):84--88, 1981.

Digital Library

[6]

D. Chaum. E-voting: Secret-ballot receipts: True voter-verifable elections. IEEE Security and Privacy, 2(1):38--47, Jan./Feb. 2004.

Digital Library

[7]

Computer Cryptology. APAS Anonymous remailer use, 2 Dec 2001. http://www.faqs.org/faqs/privacy/anon-server/faq/use/part3/.

[8]

L. Cotrell. Mixmaster & remailer attacks, 1995. http://riot.eu.org/anon/doc/remailer-essay.html.

[9]

G. Danezis, R. Dingledine, and N. Mathewson. Mixminion: Design of a type III anonymous remailer protocol. In Proceedings of the 2003 Symposium on Security and Privacy, pages 2--15, Los Alamitos, CA, May 11--14 2003. IEEE Computer Society.

Digital Library

[10]

W. Diff e and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644--654, 1976.

[11]

EFF. Johan Helsingius gets injunction in Scientology case: Privacy protection of anonymous messages still unclear, 23 Sept 1996. Press Release. http://www.eff.org/Privacy/Anonymity/960923_penet_injunction.announce.

[12]

M. J. Freedman and R. Morris. Tarzan: A peer-to-peer anonymizing network layer. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), Washington, DC, November 2002.

Digital Library

[13]

I. Goldberg. Privacy-enhancing technologies for the Internet, II: Five Years Later. In International Workshop on Privacy Enhancing Technologies (PET), LNCS, volume 2, 2002.

[14]

I. Goldberg, D. Wagner, and E. Brewer. Privacy-enhancing technologies for the Internet. In Proc. of 42nd IEEE Spring COMPCON. IEEE Computer Society Press, Feb. 1997.

Digital Library

[15]

D. M. Goldschlag, M. G. Reed, and P. F. Syverson. Hiding routing information. In R. Anderson, editor, Information hiding: first international workshop, Cambridge, U.K., May 30-June 1, 1996: proceedings, volume 1174 of ser-LNCS, pages 137--150, pub-SV:adr, 1996. pub-SV.

Digital Library

[16]

C. Gülcü and G. Tsudik. Mixing e-mail with BABEL. In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS '96), San Diego, California, Feb. 1996. Internet Society.

Digital Library

[17]

J. Helsingius. Johan Helsingius closes his Internet remailer, 30 Aug 1996. http://www.cyberpass.net/security/penet.press-release.html.

[18]

J. J. Helsingius. The anon.penet.fi anonymous server. help fle, 1995.

[19]

iProxy.net. iProxy anonymizer service. http://iproxy.net/.

[20]

A. Meyerson and R. Williams. General k-anonymization is hard. Technical Report CMU-CS-03-113, CMU, 2003.

[21]

C. A. Neff. A verifable secret shuff e and its application to e-voting. In P. Samarati, editor, Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS 2001), pages 116--125. ACM Press, November 2001.

Digital Library

[22]

R. Newman. The Church of Scientology vs. Grady Ward, 24 Jul 1996. http://www.xs4all.nl/~kspaink/cos/rnewman/grady/home.html.

[23]

R. Newman. The Church of Scientology vs. anon.penet.fi - Julf Helsingius voluntarily closes his remailer after Finnish court orders him to turn over a user name to Scientology, 23 Mar 1997. http://www.xs4all.nl/~kspaink/cos/rnewman/anon/penet.html.

[24]

A. Pftzmann and M. Waidner. Networks without user observability - Design options. In F. Pichler, editor, Advances in cryptology: Proceedings of a Workshop on the Theory and Application of Cryptographic Techniques (EUROCRYPT '85), volume 219 of LNCS, pages 245--253, Linz, Austria, Apr. 1985. Springer.

Digital Library

[25]

D. G. Post. The first Internet war - The state of nature and the first Internet war: Scientology, its critics, anarchy, and law in Cyberspace. Reason Magazine, April 1996.

[26]

M. K. Reiter and A. D. Rubin. Crowds: Anonymity for Web transactions. ACM Transactions on Information and System Security, 1(1):66--92, 1998.

Digital Library

[27]

M. Rennhard and B. Plattner. Introducing MorphMix: Peer-to-peer based anonymous Internet usage with collusion detection. In WPES '02: Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, pages 91--102, New York, NY, USA, 2002. ACM Press.

Digital Library

[28]

M. Sadicoff, M. M. Larrando-Petrie, and E. B. Fernandez. Privacy aware network-client pattern. In Proceedings of the 12th Conference on Patterns Language of Programming (PLoP'05), 2005. http://hillside.net/plop/2005/proceedings/PLoP2005_msadicoff0_0.pdf.

[29]

M. Schumacher. Security patterns and security standards - with selected security patterns for anonymity and privacy. In Proceedings of the European Conference on Patterns Language of Programming (EuroPLoP'02), 2002. http://citeseer.ist.psu.edu/schumacher03security.html.

[30]

T. Schummer. The public privacy - patterns for filtering personal information in collaborative systems. In CHI, 2004.

[31]

C. Shields and B. N. Levine. A protocol for anonymous communication over the Internet. In CCS '00: Proceedings of the 7th ACM conference on Computer and communications security, pages 33--42, New York, NY, USA, 2000. ACM Press.

Digital Library

[32]

L. Sweeney. k-Anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(5):557--570, 2002.

Digital Library

[33]

P. F. Syverson, D. M. Goldschlag, and M. G. Reed. Anonymous connections and onion routing. In IEEE Symposium on Security and Privacy, pages 44--54, Oakland, California, 4--7 May 1997.

Digital Library

[34]

US Department of Homeland Health Services Office for Civil Rights. Summary of the HIPAA privacy rule, May 2003.

[35]

A. Ward, A. Jones, and A. Hopper. A new location technique for the active office, 1997.

[36]

Wikipedia. Privacy --- Wikipedia, the free encyclopedia, 2006.

Cited By

Monteiro MCorreia FQueiroz PRamos RTrigo DGonçalves G(2024)Patterns of Data AnonymizationProceedings of the 29th European Conference on Pattern Languages of Programs, People, and Practices10.1145/3698322.3698337(1-9)Online publication date: 3-Jul-2024
https://dl.acm.org/doi/10.1145/3698322.3698337
Antunes PGuimarães N(2024)Guiding the implementation of data privacy with microservicesInternational Journal of Information Security10.1007/s10207-024-00907-y23:6(3591-3608)Online publication date: 23-Aug-2024
https://doi.org/10.1007/s10207-024-00907-y
Pins DWalther MKrüger JStevens GKrauss VAmirkhani S(2024)Digitaler VerbraucherschutzVerbraucherinformatik10.1007/978-3-662-68706-2_4(135-201)Online publication date: 25-Mar-2024
https://doi.org/10.1007/978-3-662-68706-2_4
Show More Cited By

Index Terms

A collection of privacy design patterns
1. Social and professional topics
  1. Computing / technology policy
2. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language features
        Patterns
  2. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles
        Client-server architectures
      2. Software architectures

Recommendations

Organizing Design Patterns for Privacy: A Taxonomy of Types of Relationships
EuroPLoP '17: Proceedings of the 22nd European Conference on Pattern Languages of Programs

There has recently been an upsurge of legislative, technical and organizational frameworks in the field of privacy which recommend, and even mandate the need to consider privacy issues in the design of information systems. Privacy design patterns have ...
Privacy transparency patterns
EuroPLoP '15: Proceedings of the 20th European Conference on Pattern Languages of Programs

This paper describes two privacy patterns for creating privacy transparency: the Personal Data Table pattern and the Privacy Policy Icons pattern, as well as a full overview of privacy transparency patterns. It is a first step in creating a full set of ...
Freedom of Privacy: Anonymous Data Collection with Respondent-Defined Privacy Protection

The massive amount of sensitive survey data about individuals that agencies collect and share through the Internet is causing a great deal of privacy concerns. These concerns may discourage individuals from revealing their sensitive information. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

PLoP '06: Proceedings of the 2006 conference on Pattern languages of programs

October 2006

397 pages

ISBN:9781605583723

DOI:10.1145/1415472

General Chair:
Joseph Yoder
The Refactory, Inc.
,
Program Chair:
Ralph Johnson
University of Illinois

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 October 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

PLOP06

Sponsor:

SIGPLAN

PLOP06: Pattern Languages of Programs 2006

October 21 - 23, 2006

Oregon, Portland, USA

Acceptance Rates

Overall Acceptance Rate 28 of 36 submissions, 78%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

52
Total Citations
View Citations
1,007
Total Downloads

Downloads (Last 12 months)33
Downloads (Last 6 weeks)10

Reflects downloads up to 16 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Monteiro MCorreia FQueiroz PRamos RTrigo DGonçalves G(2024)Patterns of Data AnonymizationProceedings of the 29th European Conference on Pattern Languages of Programs, People, and Practices10.1145/3698322.3698337(1-9)Online publication date: 3-Jul-2024
https://dl.acm.org/doi/10.1145/3698322.3698337
Antunes PGuimarães N(2024)Guiding the implementation of data privacy with microservicesInternational Journal of Information Security10.1007/s10207-024-00907-y23:6(3591-3608)Online publication date: 23-Aug-2024
https://doi.org/10.1007/s10207-024-00907-y
Pins DWalther MKrüger JStevens GKrauss VAmirkhani S(2024)Digitaler VerbraucherschutzVerbraucherinformatik10.1007/978-3-662-68706-2_4(135-201)Online publication date: 25-Mar-2024
https://doi.org/10.1007/978-3-662-68706-2_4
Iwaya LBabar MRashid A(2023)Privacy Engineering in the Wild: Understanding the Practitioners’ Mindset, Organizational Aspects, and Current PracticesIEEE Transactions on Software Engineering10.1109/TSE.2023.329023749:9(4324-4348)Online publication date: Sep-2023
https://doi.org/10.1109/TSE.2023.3290237
Chia SXu XDing MSmith DPaik HZhu L(2023)A Selection Model of Privacy Patterns2023 IEEE 20th International Conference on Software Architecture (ICSA)10.1109/ICSA56044.2023.00009(1-11)Online publication date: Mar-2023
https://doi.org/10.1109/ICSA56044.2023.00009
Al-Momani ABösch CWuyts KSion LJoosen WKargl FHong JBures MPark JCerny T(2022)Mitigation lost in translationProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507107(1236-1247)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3507107
Chia SXu XPaik HZhu L(2022)Analysis of Privacy Patterns from An Architectural Perspective2022 IEEE 19th International Conference on Software Architecture Companion (ICSA-C)10.1109/ICSA-C54293.2022.00056(60-67)Online publication date: Mar-2022
https://doi.org/10.1109/ICSA-C54293.2022.00056
Dickhaut ELi MJanson ALeimeister J(2022)The role of design patterns in the development and legal assessment of lawful technologiesElectronic Markets10.1007/s12525-022-00597-132:4(2311-2331)Online publication date: 20-Oct-2022
https://doi.org/10.1007/s12525-022-00597-1
Papoutsakis MFysarakis KSpanoudakis GIoannidis SKoloutsou K(2021)Towards a Collection of Security and Privacy PatternsApplied Sciences10.3390/app1104139611:4(1396)Online publication date: 4-Feb-2021
https://doi.org/10.3390/app11041396
Chia SXu XPaik HZhu LHung CHong JBechini ASong E(2021)Analysing and extending privacy patterns with architectural contextProceedings of the 36th Annual ACM Symposium on Applied Computing10.1145/3412841.3442014(1390-1398)Online publication date: 22-Mar-2021
https://dl.acm.org/doi/10.1145/3412841.3442014
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents