Land of the lost: privacy patterns' forgotten properties: enhancing selection-support for privacy patterns
Authors: 
Ala'a Al-Momani, Kim Wuyts, 
Laurens Sion, 
Frank Kargl, Wouter Joosen, 
Benjamin Erb, Christoph BöschAuthors Info & Claims
Pages 1217 - 1225
Abstract
Privacy patterns describe core aspects of privacy-enhancing solutions to recurring problems and can, therefore, be instrumental to the privacy-by-design paradigm. However, the privacy patterns domain is still evolving. While the main focus is currently put on compiling and structuring high-quality privacy patterns in catalogs, the support for developers to select suitable privacy patterns is still limited. Privacy patterns selection-support means, in essence, the quick and easy scoping of a collection of patterns to the most applicable ones based on a set of predefined criteria. To evaluate patterns against these criteria, a thorough understanding of the privacy patterns landscape is required. In this paper, (i) we show that there is currently a lack of extensive support for privacy patterns selection due to the insufficient understanding of pattern properties, (ii) we propose additional properties that need to be analyzed and can serve as a first step towards a robust selection criteria, (iii) we analyze and present the properties for 70 privacy patterns, and (iv) we discuss a potential approach of how such a selection-support method can be realized.
References
[1]
[n. d.]. Privacy Patterns. https://privacypatterns.eu/ Last Checked: Sep. 2020.
[2]
[n. d.]. Privacy Patterns. https://privacypatterns.org/patterns/ Last Checked: Sep. 2020.
[3]
[n. d.]. Privacypatterns.org mirror. https://privacypatterns.cs.ru.nl/ Last Checked: July. 2020.
[4]
Ala'a Al-Momani, Frank Kargl, Robert Schmidt, Antonio Kung, Christoph Bösch, et al. 2019. A Privacy-Aware V-Model for Software Development. In 2019 IEEE Security and Privacy Workshops (SPW). IEEE, 100--104.
[5]
Kaitlin R Boeckl and Naomi B Lefkovitz. 2020. NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0. (2020).
[6]
Rahma Bouaziz and Slim Kammoun. 2015. A Decision Support Map for Security Patterns Application. In Computational Science and Its Applications - ICCSA 2015. Cham, 750--759.
[7]
Julio C Caiza, Jose M Del Alamo, and Danny S Guamán. 2020. A framework and roadmap for enhancing the application of privacy design patterns. In Proceedings of the 35th Annual ACM Symposium on Applied Computing. 1297--1304.
[8]
Michael Colesky and Julio C. Caiza. 2018. A System of Privacy Patterns for Informing Users: Creating a Pattern System. In European Conference on Pattern Languages of Programs (EuroPLoP '18). Article 16, 11 pages.
[9]
Michael Colesky, Julio C Caiza, José M Del Alamo, Jaap-Henk Hoepman, and Yod-Samuel Martín. 2018. A system of privacy patterns for user control. In ACM SAC. 1150--1156.
[10]
Michael Colesky, Jaap-Henk Hoepman, and Christiaan Hillen. 2016. A critical analysis of privacy design strategies. In Security and Privacy Workshops (SPW). IEEE, 33--40.
[11]
George Danezis. 2008. Talk: an introduction to u-prove privacy protection technology, and its role in the identity metasystem-what future for privacy technology.
[12]
Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, and Wouter Joosen. 2011. A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering 16, 1 (2011), 3--32.
[13]
Olha Drozd. 2015. Privacy pattern catalogue: A tool for integrating privacy principles of ISO/IEC 29100 into the software development process. In IFIP International Summer School on Privacy and Identity Management. Springer, 129--140.
[14]
Eduardo B Fernandez, Nobukazu Yoshioka, Hironori Washizaki, Jan Jurjens, Michael VanHilst, and Guenther Pernu. 2011. Using security patterns to develop secure systems. In Software Engineering for Secure Systems: Industrial and Research Perspectives. IGI Global, 16--31.
[15]
Eduardo Fernandez-Buglioni. 2013. Security Patterns in Practice: Designing Secure Architectures Using Software Patterns (1st ed.). Wiley Publishing.
[16]
Erich Gamma. 1995. Design patterns: elements of reusable object-oriented software. Pearson Education India.
[17]
Seda Gürses, Carmela Troncoso, and Claudia Diaz. 2015. Engineering privacy by design reloaded. In Amsterdam Privacy Conference. 1--21.
[18]
Munawar Hafiz. 2006. A Collection of Privacy Design Patterns. In Proceedings of the 2006 Conference on Pattern Languages of Programs (PLoP '06). Article 7, 13 pages.
[19]
Munawar Hafiz. 2013. A pattern language for developing privacy enhancing technologies. Software: Practice and Experience 43, 7 (2013), 769--787.
[20]
Munawar Hafiz, Paul Adamczyk, and Ralph E Johnson. 2007. Organizing security patterns. IEEE software 24, 4 (2007), 52--60.
[21]
Jaap-Henk Hoepman. 2014. Privacy Design Strategies. In ICT Systems Security and Privacy Protection. 446--459.
[22]
Jörn Kahrmann and Ina Schiering. 2014. Patterns in privacy-a pattern-based approach for assessments. In IFIP International Summer School on Privacy and Identity Management. Springer, 153--166.
[23]
Christos Kalloniatis, Evangelia Kavakli, and Stefanos Gritzalis. 2007. Using privacy process patterns for incorporating privacy requirements into the system design process. In The Second International Conference on Availability, Reliability and Security (ARES'07). IEEE, 1009--1017.
[24]
Christos Kalloniatis, Evangelia Kavakli, and Stefanos Gritzalis. 2008. Addressing privacy requirements in system design: the PriS method. Requirements Engineering 13, 3 (2008), 241--255.
[25]
Tong Li, Jennifer Horkoff, and John Mylopoulos. 2014. Integrating security patterns with security requirements analysis using contextual goal models. In IFIP Working Conference on The Practice of Enterprise Modeling. Springer, 208--223.
[26]
Lin Liu, Eric Yu, and John Mylopoulos. 2003. Security and privacy requirements analysis within a social setting. In Proceedings. 11th IEEE International Requirements Engineering Conference, 2003. IEEE, 151--161.
[27]
Rene Meis and Maritta Heisel. 2017. Pattern-based representation of privacy enhancing technologies as early aspects. In International Conference on Trust and Privacy in Digital Business. Springer, 49--65.
[28]
Anas Motii, Brahim Hamid, Agnes Lanusse, and Jean-Michel Bruel. 2015. Guiding the selection of security patterns based on security requirements and pattern classification. In 20th European Conference on Pattern Languages of Programs. 1--17.
[29]
Anas Motii, Brahim Hamid, Agnes Lanusse, and Jean-Michel Bruel. 2016. Guiding the selection of security patterns for real-time systems. In 2016 21st International Conference on Engineering of Complex Computer Systems (ICECCS). IEEE, 155--164.
[30]
Sebastian Pape and Kai Rannenberg. 2019. Applying privacy patterns to the internet of things'(iot) architecture. Mobile Networks and Applications 24, 3 (2019), 925--933.
[31]
Siani Pearson and Yun Shen. 2010. Context-aware privacy design pattern selection. In International Conference on Trust, Privacy and Security in Digital Business. Springer, 69--80.
[32]
Andreas Pfitzmann and Marit Hansen. 2010. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. (2010).
[33]
Sasha Romanosky, Alessandro Acquisti, Jason Hong, Lorrie Faith Cranor, and Batya Friedman. 2006. Privacy Patterns for Online Interactions. In Proceedings of the 2006 Conference on Pattern Languages of Programs (PLoP '06). Article 12, 9 pages.
[34]
Riccardo Scandariato, Koen Yskout, Thomas Heyman, and Wouter Joosen. 2008. Architecting software with security patterns. Technical Report. Department of Computer Science, K.U. Leuven; Leuven, Belgium.
[35]
Markus Schumacher. 2003. Security engineering with patterns: origins, theoretical models, and new applications. Vol. 2754. Springer Science & Business Media.
[36]
Chritopher Steel and Ramesh Nagappan. 2006. Core Security Patterns: Best Practices and Strategies for J2EE", Web Services, and Identity Management. Pearson Education India.
[37]
T. Suphakul and T. Senivongse. 2017. Development of privacy design patterns based on privacy principles and UML. In 2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD). 369--375.
[38]
Clark Thomborson. 2016. Privacy patterns. In 2016 14th Annual Conference on Privacy, Security and Trust (PST). IEEE, 656--663.
[39]
Axel Van Lamsweerde. 2001. Goal-oriented requirements engineering: A guided tour. In Proceedings fifth ieee international symposium on requirements engineering. IEEE, 249--262.
[40]
Hironori Washizaki, Eduardo B Fernandez, Katsuhisa Maruyama, Atsuto Kubo, and Nobukazu Yoshioka. 2009. Improving the classification of security patterns. In 2009 20th International Workshop on Database and Expert Systems Application. IEEE, 165--170.
[41]
Michael Weiss and Haralambos Mouratidis. 2008. Selecting security patterns that fulfill security requirements. In 2008 16th IEEE International Requirements Engineering Conference. IEEE, 169--172.
[42]
Kim Wuyts, Laurens Sion, and Wouter Joosen. 2020. LINDDUN GO: A Lightweight Approach to Privacy Threat Modeling. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE.
[43]
Koen Yskout, Riccardo Scandariato, and Wouter Joosen. 2015. Do security patterns really help designers?. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, Vol. 1. IEEE, 292--302.
Index Terms
- Land of the lost: privacy patterns' forgotten properties: enhancing selection-support for privacy patterns
Recommendations
A framework and roadmap for enhancing the application of privacy design patterns
SAC '20: Proceedings of the 35th Annual ACM Symposium on Applied ComputingPrivacy patterns have become a cornerstone of the Privacy by Design paradigm realization by being used in different methodologies, strategies, tools, and many other privacy engineering proposals reported in the state-of-the-art. While these proposals ...
A System of Privacy Patterns for Informing Users: Creating a Pattern System
EuroPLoP '18: Proceedings of the 23rd European Conference on Pattern Languages of ProgramsThe General Data Protection Regulation mandates data protection in the European Union. This includes data protection by design and having privacy-preserving defaults. This legislation has been in force since May 2018, promising severe consequences for ...
An exploratory experiment on privacy patterns: limitations and possibilities
SAC '21: Proceedings of the 36th Annual ACM Symposium on Applied ComputingSeveral1 privacy engineering methods and techniques have built on privacy patterns for materializing the Privacy by Design paradigm. Also, reports by data protection and cybersecurity authorities have recommended them. However, the benefits that their ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
March 2021
2075 pages
ISBN:9781450381048
DOI:10.1145/3412841
- Conference Chairs:
- Chih-Cheng Hung,
- Jiman Hong,
- Program Chairs:
- Alessio Bechini,
- Eunjee Song
Copyright © 2021 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 April 2021
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
SAC '21
Sponsor:
SAC '21: The 36th ACM/SIGAPP Symposium on Applied Computing
March 22 - 26, 2021
Virtual Event, Republic of Korea
Acceptance Rates
Overall Acceptance Rate 1,650 of 6,669 submissions, 25%
Upcoming Conference
SAC '25
- Sponsor:
- sigapp
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 121Total Downloads
- Downloads (Last 12 months)13
- Downloads (Last 6 weeks)1
Reflects downloads up to 26 Dec 2024
Other Metrics
Citations
Cited By
View allView Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in