Ala'a Al-Momani
Laurens Sion
Frank Kargl
Benjamin Erb
ABSTRACT
Privacy patterns describe core aspects of privacy-enhancing solutions to recurring problems and can, therefore, be instrumental to the privacy-by-design paradigm. However, the privacy patterns domain is still evolving. While the main focus is currently put on compiling and structuring high-quality privacy patterns in catalogs, the support for developers to select suitable privacy patterns is still limited. Privacy patterns selection-support means, in essence, the quick and easy scoping of a collection of patterns to the most applicable ones based on a set of predefined criteria. To evaluate patterns against these criteria, a thorough understanding of the privacy patterns landscape is required. In this paper, (i) we show that there is currently a lack of extensive support for privacy patterns selection due to the insufficient understanding of pattern properties, (ii) we propose additional properties that need to be analyzed and can serve as a first step towards a robust selection criteria, (iii) we analyze and present the properties for 70 privacy patterns, and (iv) we discuss a potential approach of how such a selection-support method can be realized.
- [n. d.]. Privacy Patterns. https://privacypatterns.eu/ Last Checked: Sep. 2020.Google Scholar
- [n. d.]. Privacy Patterns. https://privacypatterns.org/patterns/ Last Checked: Sep. 2020.Google Scholar
- [n. d.]. Privacypatterns.org mirror. https://privacypatterns.cs.ru.nl/ Last Checked: July. 2020.Google Scholar
- Ala'a Al-Momani, Frank Kargl, Robert Schmidt, Antonio Kung, Christoph Bösch, et al. 2019. A Privacy-Aware V-Model for Software Development. In 2019 IEEE Security and Privacy Workshops (SPW). IEEE, 100--104.Google ScholarCross Ref
- Kaitlin R Boeckl and Naomi B Lefkovitz. 2020. NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0. (2020).Google Scholar
- Rahma Bouaziz and Slim Kammoun. 2015. A Decision Support Map for Security Patterns Application. In Computational Science and Its Applications - ICCSA 2015. Cham, 750--759.Google ScholarDigital Library
- Julio C Caiza, Jose M Del Alamo, and Danny S Guamán. 2020. A framework and roadmap for enhancing the application of privacy design patterns. In Proceedings of the 35th Annual ACM Symposium on Applied Computing. 1297--1304.Google ScholarDigital Library
- Michael Colesky and Julio C. Caiza. 2018. A System of Privacy Patterns for Informing Users: Creating a Pattern System. In European Conference on Pattern Languages of Programs (EuroPLoP '18). Article 16, 11 pages.Google Scholar
- Michael Colesky, Julio C Caiza, José M Del Alamo, Jaap-Henk Hoepman, and Yod-Samuel Martín. 2018. A system of privacy patterns for user control. In ACM SAC. 1150--1156.Google Scholar
- Michael Colesky, Jaap-Henk Hoepman, and Christiaan Hillen. 2016. A critical analysis of privacy design strategies. In Security and Privacy Workshops (SPW). IEEE, 33--40.Google ScholarCross Ref
- George Danezis. 2008. Talk: an introduction to u-prove privacy protection technology, and its role in the identity metasystem-what future for privacy technology.Google Scholar
- Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, and Wouter Joosen. 2011. A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering 16, 1 (2011), 3--32.Google ScholarDigital Library
- Olha Drozd. 2015. Privacy pattern catalogue: A tool for integrating privacy principles of ISO/IEC 29100 into the software development process. In IFIP International Summer School on Privacy and Identity Management. Springer, 129--140.Google Scholar
- Eduardo B Fernandez, Nobukazu Yoshioka, Hironori Washizaki, Jan Jurjens, Michael VanHilst, and Guenther Pernu. 2011. Using security patterns to develop secure systems. In Software Engineering for Secure Systems: Industrial and Research Perspectives. IGI Global, 16--31.Google Scholar
- Eduardo Fernandez-Buglioni. 2013. Security Patterns in Practice: Designing Secure Architectures Using Software Patterns (1st ed.). Wiley Publishing.Google ScholarDigital Library
- Erich Gamma. 1995. Design patterns: elements of reusable object-oriented software. Pearson Education India.Google Scholar
- Seda Gürses, Carmela Troncoso, and Claudia Diaz. 2015. Engineering privacy by design reloaded. In Amsterdam Privacy Conference. 1--21.Google Scholar
- Munawar Hafiz. 2006. A Collection of Privacy Design Patterns. In Proceedings of the 2006 Conference on Pattern Languages of Programs (PLoP '06). Article 7, 13 pages.Google ScholarDigital Library
- Munawar Hafiz. 2013. A pattern language for developing privacy enhancing technologies. Software: Practice and Experience 43, 7 (2013), 769--787.Google ScholarCross Ref
- Munawar Hafiz, Paul Adamczyk, and Ralph E Johnson. 2007. Organizing security patterns. IEEE software 24, 4 (2007), 52--60.Google ScholarDigital Library
- Jaap-Henk Hoepman. 2014. Privacy Design Strategies. In ICT Systems Security and Privacy Protection. 446--459.Google Scholar
- Jörn Kahrmann and Ina Schiering. 2014. Patterns in privacy-a pattern-based approach for assessments. In IFIP International Summer School on Privacy and Identity Management. Springer, 153--166.Google Scholar
- Christos Kalloniatis, Evangelia Kavakli, and Stefanos Gritzalis. 2007. Using privacy process patterns for incorporating privacy requirements into the system design process. In The Second International Conference on Availability, Reliability and Security (ARES'07). IEEE, 1009--1017.Google ScholarDigital Library
- Christos Kalloniatis, Evangelia Kavakli, and Stefanos Gritzalis. 2008. Addressing privacy requirements in system design: the PriS method. Requirements Engineering 13, 3 (2008), 241--255.Google ScholarDigital Library
- Tong Li, Jennifer Horkoff, and John Mylopoulos. 2014. Integrating security patterns with security requirements analysis using contextual goal models. In IFIP Working Conference on The Practice of Enterprise Modeling. Springer, 208--223.Google ScholarCross Ref
- Lin Liu, Eric Yu, and John Mylopoulos. 2003. Security and privacy requirements analysis within a social setting. In Proceedings. 11th IEEE International Requirements Engineering Conference, 2003. IEEE, 151--161.Google ScholarDigital Library
- Rene Meis and Maritta Heisel. 2017. Pattern-based representation of privacy enhancing technologies as early aspects. In International Conference on Trust and Privacy in Digital Business. Springer, 49--65.Google ScholarCross Ref
- Anas Motii, Brahim Hamid, Agnes Lanusse, and Jean-Michel Bruel. 2015. Guiding the selection of security patterns based on security requirements and pattern classification. In 20th European Conference on Pattern Languages of Programs. 1--17.Google ScholarDigital Library
- Anas Motii, Brahim Hamid, Agnes Lanusse, and Jean-Michel Bruel. 2016. Guiding the selection of security patterns for real-time systems. In 2016 21st International Conference on Engineering of Complex Computer Systems (ICECCS). IEEE, 155--164.Google ScholarCross Ref
- Sebastian Pape and Kai Rannenberg. 2019. Applying privacy patterns to the internet of things'(iot) architecture. Mobile Networks and Applications 24, 3 (2019), 925--933.Google ScholarDigital Library
- Siani Pearson and Yun Shen. 2010. Context-aware privacy design pattern selection. In International Conference on Trust, Privacy and Security in Digital Business. Springer, 69--80.Google ScholarCross Ref
- Andreas Pfitzmann and Marit Hansen. 2010. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. (2010).Google Scholar
- Sasha Romanosky, Alessandro Acquisti, Jason Hong, Lorrie Faith Cranor, and Batya Friedman. 2006. Privacy Patterns for Online Interactions. In Proceedings of the 2006 Conference on Pattern Languages of Programs (PLoP '06). Article 12, 9 pages.Google ScholarDigital Library
- Riccardo Scandariato, Koen Yskout, Thomas Heyman, and Wouter Joosen. 2008. Architecting software with security patterns. Technical Report. Department of Computer Science, K.U. Leuven; Leuven, Belgium.Google Scholar
- Markus Schumacher. 2003. Security engineering with patterns: origins, theoretical models, and new applications. Vol. 2754. Springer Science & Business Media.Google Scholar
- Chritopher Steel and Ramesh Nagappan. 2006. Core Security Patterns: Best Practices and Strategies for J2EE", Web Services, and Identity Management. Pearson Education India.Google Scholar
- T. Suphakul and T. Senivongse. 2017. Development of privacy design patterns based on privacy principles and UML. In 2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD). 369--375.Google Scholar
- Clark Thomborson. 2016. Privacy patterns. In 2016 14th Annual Conference on Privacy, Security and Trust (PST). IEEE, 656--663.Google ScholarCross Ref
- Axel Van Lamsweerde. 2001. Goal-oriented requirements engineering: A guided tour. In Proceedings fifth ieee international symposium on requirements engineering. IEEE, 249--262.Google Scholar
- Hironori Washizaki, Eduardo B Fernandez, Katsuhisa Maruyama, Atsuto Kubo, and Nobukazu Yoshioka. 2009. Improving the classification of security patterns. In 2009 20th International Workshop on Database and Expert Systems Application. IEEE, 165--170.Google ScholarDigital Library
- Michael Weiss and Haralambos Mouratidis. 2008. Selecting security patterns that fulfill security requirements. In 2008 16th IEEE International Requirements Engineering Conference. IEEE, 169--172.Google ScholarDigital Library
- Kim Wuyts, Laurens Sion, and Wouter Joosen. 2020. LINDDUN GO: A Lightweight Approach to Privacy Threat Modeling. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE.Google ScholarCross Ref
- Koen Yskout, Riccardo Scandariato, and Wouter Joosen. 2015. Do security patterns really help designers?. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, Vol. 1. IEEE, 292--302.Google ScholarCross Ref
Index Terms
- Land of the lost: privacy patterns' forgotten properties: enhancing selection-support for privacy patterns
Recommendations
A framework and roadmap for enhancing the application of privacy design patterns
SAC '20: Proceedings of the 35th Annual ACM Symposium on Applied ComputingPrivacy patterns have become a cornerstone of the Privacy by Design paradigm realization by being used in different methodologies, strategies, tools, and many other privacy engineering proposals reported in the state-of-the-art. While these proposals ...
An exploratory experiment on privacy patterns: limitations and possibilities
SAC '21: Proceedings of the 36th Annual ACM Symposium on Applied ComputingSeveral1 privacy engineering methods and techniques have built on privacy patterns for materializing the Privacy by Design paradigm. Also, reports by data protection and cybersecurity authorities have recommended them. However, the benefits that their ...
Privacy patterns for online interactions
PLoP '06: Proceedings of the 2006 conference on Pattern languages of programsA proper security architecture is an essential part of implementing robust and reliable networked applications. Security patterns have shown how reoccurring problems can be best solved with proven solutions. However, while they are critical for ensuring ...
Comments