Abstract
This paper points out the importance of architecture in designing a privacy-by-design system. It provides an overview on how architectures are designed, analysed and evaluated, through quality attributes, tactics and architecture patterns. It then specifies a straw man architecture design methodology for privacy. The resulting PEAR (Privacy Enhancing ARchitecture) methodology is then illustrated through an Intelligent Transport systems (ITS) example application. The integration of the resulting methodology in a Privacy-by-Design process is then explained. Suggestions for future work that will lead to an agreed engineering practice are finally provided.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0011:FIN:EN:PDF
Privacy-by-Design, http://www.ipc.on.ca/english/Privacy/Introduction-to-PbD/
Kung, A.: ICT and Privacy: Barriers. In: Annual Privacy Forum, Limassol, Cyprus, October 10-11( 2012)
Spiekermann, S., Cranor, L.: Privacy Engineering. IEEE Transactions on Software Engineering 35(1), 67–82 (2009)
Gürses, S.F., Troncoso, C., Diaz, C.: Engineering Privacy-by-Design. Computers, Privacy & Data Protection (2011)
Kung, A., Freytag, J., Kargl, F.: Privacy-by-design in ITS applications. In: 2nd IEEE International Workshop on Data Security and Privacy in Wireless Networks, Lucca, Italy (June 20, 2011)
Wright, D., de Hert, P. (eds.): Privacy Impact Assessment. Series: Law, Governance and Technology Series, vol. 6. Springer (2012)
PIAF: Privacy Impact Assessment Framework, http://www.piafproject.eu
CNIL methodology for privacy risk management, http://www.cnil.fr/fileadmin/documents/en/CNIL-ManagingPrivacyRisks-Methodology.pdf
EBIOS. Expression des Besoins et Identification des Objectifs de Sécurité, http://www.ssi.gouv.fr/IMG/pdf/EBIOS-1-GuideMethodologique-2010-01-25.pdf
OASIS. Organization for the Advancement of Structured Information, https://www.oasis-open.org/
OASIS Privacy Management Reference Model (PMRM) Technical Committee, https://www.oasis-open.org/committees/pmrm/charter.php
Troncoso, C., Danezis, G., Kosta, E., Balasch, J., Preneel, B.: PriPAYD: Privacy-Friendly Pay-As-You-Drive Insurance. IEEE Transactions on Dependable and Secure Computing 8(5), 742–755 (2011)
Balasch, J., Rial, A., Troncoso, C., Geuens, C., Preneel, B., Verbauwhede, I.: PrETP: Privacy-Preserving Electronic Toll Pricing (extended version). In: 19th USENIX Security Symposium
Rial, A., Danezis, G.: Privacy-Preserving Smart Metering. In: Proceedings of the 2011 ACM Workshop on Privacy in the Electronic Society, WPES 2011, USA (October 17, 2011)
ISO/IEC/IEEE 42010:2011, Systems and software engineering — Architecture description
Software Architecture Review and Assessment (SARA) Report, version 1.0, http://kruchten.com/philippe/architecture/SARAv1.pdf (February 2002)
Software Architecture in Practice (3rd Edition), Len Bass, Paul Clementz, Rick Kazman. Addison-Wesley (2012)
Chung, E., Hong, J., et al.: Development and Evaluation of Emerging Design Patterns for Ubiquitous Computing. Patterns C1-C15, DIS2004 (2004)
Anciaux, N., Benzine, M., Bouganim, L., Jacquemin, K., Pucheral, P., Yin, S.: Restoring the Patient Control over her Medical History. In: Proc. of the 21th IEEE International Symposium on Computer-Based Medical Systems (CBMS), Jyväskylä, Finland, pp. 132–137 (June 2008)
Allard, T., Anciaux, N., Bouganim, L., Guo, Y., Le Folgoc, L., Nguyen, B., Pucheral, P., Ray, I., Ray, I., Yin, S.: Secure Personal Data Servers: A Vision Paper. In: Proc. of the 36th International Conference on Very Large Data Bases (VLDB), Singapore, PVLDB 3(1), 25–35 (September 2010)
http://privacypatterns.org/ , http://privacypatterns.org/patterns/Location-granularity
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: 28th International Conference on Very Large Data Bases, Hong Kong (August 2002)
PRECIOSA, http://www.preciosa-project.org/
Kargl, F., Schaub, F., Dietzel, S.: Mandatory Enforcement of Privacy Policies Using Trusted Computing Principles. Intelligent Information Privacy Management Symposium, Stanford University (AAAI 2010 Spring Symposia) (March 2010)
V2X Privacy Verifiable Architecture. Deliverable D7. Preciosa FP7 Project, http://www.preciosa-project.org/ (November 2009)
Goldberg, R.: Architectural Principles for Virtual Computer Systems. PhD thesis, National Technical Information Service (February 1973)
OVERSEE, https://www.oversee-project.com/
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:207:FULL:EN:PDF
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Kung, A. (2014). PEARs: Privacy Enhancing ARchitectures. In: Preneel, B., Ikonomou, D. (eds) Privacy Technologies and Policy. APF 2014. Lecture Notes in Computer Science, vol 8450. Springer, Cham. https://doi.org/10.1007/978-3-319-06749-0_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-06749-0_2
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-06748-3
Online ISBN: 978-3-319-06749-0
eBook Packages: Computer ScienceComputer Science (R0)