Nothing Special   »   [go: up one dir, main page]

skip to main content
10.1145/3412841.3441996acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
research-article

Land of the lost: privacy patterns' forgotten properties: enhancing selection-support for privacy patterns

Published: 22 April 2021 Publication History

Abstract

Privacy patterns describe core aspects of privacy-enhancing solutions to recurring problems and can, therefore, be instrumental to the privacy-by-design paradigm. However, the privacy patterns domain is still evolving. While the main focus is currently put on compiling and structuring high-quality privacy patterns in catalogs, the support for developers to select suitable privacy patterns is still limited. Privacy patterns selection-support means, in essence, the quick and easy scoping of a collection of patterns to the most applicable ones based on a set of predefined criteria. To evaluate patterns against these criteria, a thorough understanding of the privacy patterns landscape is required. In this paper, (i) we show that there is currently a lack of extensive support for privacy patterns selection due to the insufficient understanding of pattern properties, (ii) we propose additional properties that need to be analyzed and can serve as a first step towards a robust selection criteria, (iii) we analyze and present the properties for 70 privacy patterns, and (iv) we discuss a potential approach of how such a selection-support method can be realized.

References

[1]
[n. d.]. Privacy Patterns. https://privacypatterns.eu/ Last Checked: Sep. 2020.
[2]
[n. d.]. Privacy Patterns. https://privacypatterns.org/patterns/ Last Checked: Sep. 2020.
[3]
[n. d.]. Privacypatterns.org mirror. https://privacypatterns.cs.ru.nl/ Last Checked: July. 2020.
[4]
Ala'a Al-Momani, Frank Kargl, Robert Schmidt, Antonio Kung, Christoph Bösch, et al. 2019. A Privacy-Aware V-Model for Software Development. In 2019 IEEE Security and Privacy Workshops (SPW). IEEE, 100--104.
[5]
Kaitlin R Boeckl and Naomi B Lefkovitz. 2020. NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0. (2020).
[6]
Rahma Bouaziz and Slim Kammoun. 2015. A Decision Support Map for Security Patterns Application. In Computational Science and Its Applications - ICCSA 2015. Cham, 750--759.
[7]
Julio C Caiza, Jose M Del Alamo, and Danny S Guamán. 2020. A framework and roadmap for enhancing the application of privacy design patterns. In Proceedings of the 35th Annual ACM Symposium on Applied Computing. 1297--1304.
[8]
Michael Colesky and Julio C. Caiza. 2018. A System of Privacy Patterns for Informing Users: Creating a Pattern System. In European Conference on Pattern Languages of Programs (EuroPLoP '18). Article 16, 11 pages.
[9]
Michael Colesky, Julio C Caiza, José M Del Alamo, Jaap-Henk Hoepman, and Yod-Samuel Martín. 2018. A system of privacy patterns for user control. In ACM SAC. 1150--1156.
[10]
Michael Colesky, Jaap-Henk Hoepman, and Christiaan Hillen. 2016. A critical analysis of privacy design strategies. In Security and Privacy Workshops (SPW). IEEE, 33--40.
[11]
George Danezis. 2008. Talk: an introduction to u-prove privacy protection technology, and its role in the identity metasystem-what future for privacy technology.
[12]
Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, and Wouter Joosen. 2011. A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering 16, 1 (2011), 3--32.
[13]
Olha Drozd. 2015. Privacy pattern catalogue: A tool for integrating privacy principles of ISO/IEC 29100 into the software development process. In IFIP International Summer School on Privacy and Identity Management. Springer, 129--140.
[14]
Eduardo B Fernandez, Nobukazu Yoshioka, Hironori Washizaki, Jan Jurjens, Michael VanHilst, and Guenther Pernu. 2011. Using security patterns to develop secure systems. In Software Engineering for Secure Systems: Industrial and Research Perspectives. IGI Global, 16--31.
[15]
Eduardo Fernandez-Buglioni. 2013. Security Patterns in Practice: Designing Secure Architectures Using Software Patterns (1st ed.). Wiley Publishing.
[16]
Erich Gamma. 1995. Design patterns: elements of reusable object-oriented software. Pearson Education India.
[17]
Seda Gürses, Carmela Troncoso, and Claudia Diaz. 2015. Engineering privacy by design reloaded. In Amsterdam Privacy Conference. 1--21.
[18]
Munawar Hafiz. 2006. A Collection of Privacy Design Patterns. In Proceedings of the 2006 Conference on Pattern Languages of Programs (PLoP '06). Article 7, 13 pages.
[19]
Munawar Hafiz. 2013. A pattern language for developing privacy enhancing technologies. Software: Practice and Experience 43, 7 (2013), 769--787.
[20]
Munawar Hafiz, Paul Adamczyk, and Ralph E Johnson. 2007. Organizing security patterns. IEEE software 24, 4 (2007), 52--60.
[21]
Jaap-Henk Hoepman. 2014. Privacy Design Strategies. In ICT Systems Security and Privacy Protection. 446--459.
[22]
Jörn Kahrmann and Ina Schiering. 2014. Patterns in privacy-a pattern-based approach for assessments. In IFIP International Summer School on Privacy and Identity Management. Springer, 153--166.
[23]
Christos Kalloniatis, Evangelia Kavakli, and Stefanos Gritzalis. 2007. Using privacy process patterns for incorporating privacy requirements into the system design process. In The Second International Conference on Availability, Reliability and Security (ARES'07). IEEE, 1009--1017.
[24]
Christos Kalloniatis, Evangelia Kavakli, and Stefanos Gritzalis. 2008. Addressing privacy requirements in system design: the PriS method. Requirements Engineering 13, 3 (2008), 241--255.
[25]
Tong Li, Jennifer Horkoff, and John Mylopoulos. 2014. Integrating security patterns with security requirements analysis using contextual goal models. In IFIP Working Conference on The Practice of Enterprise Modeling. Springer, 208--223.
[26]
Lin Liu, Eric Yu, and John Mylopoulos. 2003. Security and privacy requirements analysis within a social setting. In Proceedings. 11th IEEE International Requirements Engineering Conference, 2003. IEEE, 151--161.
[27]
Rene Meis and Maritta Heisel. 2017. Pattern-based representation of privacy enhancing technologies as early aspects. In International Conference on Trust and Privacy in Digital Business. Springer, 49--65.
[28]
Anas Motii, Brahim Hamid, Agnes Lanusse, and Jean-Michel Bruel. 2015. Guiding the selection of security patterns based on security requirements and pattern classification. In 20th European Conference on Pattern Languages of Programs. 1--17.
[29]
Anas Motii, Brahim Hamid, Agnes Lanusse, and Jean-Michel Bruel. 2016. Guiding the selection of security patterns for real-time systems. In 2016 21st International Conference on Engineering of Complex Computer Systems (ICECCS). IEEE, 155--164.
[30]
Sebastian Pape and Kai Rannenberg. 2019. Applying privacy patterns to the internet of things'(iot) architecture. Mobile Networks and Applications 24, 3 (2019), 925--933.
[31]
Siani Pearson and Yun Shen. 2010. Context-aware privacy design pattern selection. In International Conference on Trust, Privacy and Security in Digital Business. Springer, 69--80.
[32]
Andreas Pfitzmann and Marit Hansen. 2010. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. (2010).
[33]
Sasha Romanosky, Alessandro Acquisti, Jason Hong, Lorrie Faith Cranor, and Batya Friedman. 2006. Privacy Patterns for Online Interactions. In Proceedings of the 2006 Conference on Pattern Languages of Programs (PLoP '06). Article 12, 9 pages.
[34]
Riccardo Scandariato, Koen Yskout, Thomas Heyman, and Wouter Joosen. 2008. Architecting software with security patterns. Technical Report. Department of Computer Science, K.U. Leuven; Leuven, Belgium.
[35]
Markus Schumacher. 2003. Security engineering with patterns: origins, theoretical models, and new applications. Vol. 2754. Springer Science & Business Media.
[36]
Chritopher Steel and Ramesh Nagappan. 2006. Core Security Patterns: Best Practices and Strategies for J2EE", Web Services, and Identity Management. Pearson Education India.
[37]
T. Suphakul and T. Senivongse. 2017. Development of privacy design patterns based on privacy principles and UML. In 2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD). 369--375.
[38]
Clark Thomborson. 2016. Privacy patterns. In 2016 14th Annual Conference on Privacy, Security and Trust (PST). IEEE, 656--663.
[39]
Axel Van Lamsweerde. 2001. Goal-oriented requirements engineering: A guided tour. In Proceedings fifth ieee international symposium on requirements engineering. IEEE, 249--262.
[40]
Hironori Washizaki, Eduardo B Fernandez, Katsuhisa Maruyama, Atsuto Kubo, and Nobukazu Yoshioka. 2009. Improving the classification of security patterns. In 2009 20th International Workshop on Database and Expert Systems Application. IEEE, 165--170.
[41]
Michael Weiss and Haralambos Mouratidis. 2008. Selecting security patterns that fulfill security requirements. In 2008 16th IEEE International Requirements Engineering Conference. IEEE, 169--172.
[42]
Kim Wuyts, Laurens Sion, and Wouter Joosen. 2020. LINDDUN GO: A Lightweight Approach to Privacy Threat Modeling. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE.
[43]
Koen Yskout, Riccardo Scandariato, and Wouter Joosen. 2015. Do security patterns really help designers?. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, Vol. 1. IEEE, 292--302.

Cited By

View all

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
SAC '21: Proceedings of the 36th Annual ACM Symposium on Applied Computing
March 2021
2075 pages
ISBN:9781450381048
DOI:10.1145/3412841
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 April 2021

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. privacy engineering
  2. privacy patterns
  3. software design

Qualifiers

  • Research-article

Conference

SAC '21
Sponsor:
SAC '21: The 36th ACM/SIGAPP Symposium on Applied Computing
March 22 - 26, 2021
Virtual Event, Republic of Korea

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25
The 40th ACM/SIGAPP Symposium on Applied Computing
March 31 - April 4, 2025
Catania , Italy

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 121
    Total Downloads
  • Downloads (Last 12 months)13
  • Downloads (Last 6 weeks)1
Reflects downloads up to 30 Dec 2024

Other Metrics

Citations

Cited By

View all

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media