Skip to main content
SpringerLink
Log in

Privacy Enabled Software Architecture

  • Conference paper
  • First Online:
Business Modeling and Software Design (BMSD 2021)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 422))

Included in the following conference series:

Abstract

Establishment of privacy legislation regulations like the General Data Protection Regulation (GDPR) makes privacy to become one of the very important quality requirements towards software systems. Software companies need to develop strict strategies to comply with such regulations. However, currently privacy is frequently studied together with security, nevertheless these two characteristics may have different scenarios and hence – different approaches towards satisfying them. This paper studies privacy requirements of service-based software systems with respect to privacy regulations (specifically – GDPR) and methods at architectural level to meet them. Based on this, we present an architectural approach to ensure privacy, especially in the case, when the software have not been developed with privacy in mind, as such regulations did not exist. Main aspect of this approach are some additional components to system architecture, which may also be developed as services. Our approach may be easily applied to already implemented legacy software systems. Its application is straightforward as very small changes in system implementation should be done. A short illustrative case study is also included at the end of the paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    All web sources in the References section were last visited in April 2021.

References

  1. Bachmann, F., Bass, L., Nord, R.: Modifiability tactics. Technical Report. Carnegie-Mellon University Pittsburgh. Software Engineering Institute (2007)

    Google Scholar 

  2. Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice, 3rd edn. Addison-Wesley Professional (2013)

    Google Scholar 

  3. Bowman, C., Gesher, A., Grant, J. K., Slate, D., Lerner, E.: The Architecture of Privacy: On Engineering Technologies that Can Deliver Trustworthy Safeguards. “O’Reilly Media, Inc.” (2015)

    Google Scholar 

  4. Cardoso, R., Issarny, V.: Architecting pervasive computing systems for privacy: a survey. In: Sixth Working IEEE/IFIP Conference on Software Architecture: WICSA 2007, 2007, Mumbai, Maharashtra, India, pp. 26 (2007)

    Google Scholar 

  5. Chen, D., Zhao, H.: Data security and privacy protection issues in cloud computing. In 2012 International Conference on Computer Science and Electronics Engineering, vol. 1, pp. 647–651. IEEE (2012)

    Google Scholar 

  6. Hoepman, J.H.: Privacy design strategies. In: IFIP International Information Security Conference, pp. 446–459. Springer, Heidelberg, June 2014. https://doi.org/10.1007/978-3-642-55415-5_38

  7. Hong, J.I., Landay, J.A.: An architecture for privacy-sensitive ubiquitous computing. In: Proceedings of the 2nd International Conference on Mobile Systems, Applications, and Services, pp. 177–189 (2004)

    Google Scholar 

  8. Kumaraguru, P., Cranor, L., Lobo, J., Calo, S.: A survey of privacy policy languages. In: Workshop on Usable IT Security Management (USM 07): Proceedings of the 3rd Symposium on Usable Privacy and Security. ACM (2007)

    Google Scholar 

  9. Lord, N.: What is the Principle of Least Privilege (POLP)? A Best Practice for Information Security and Compliance (2020). https://digitalguardian.com/blog/what-principle-least-privilege-polp-best-practice-information-security-and-compliance

  10. Miraftabzadeh, S.A., Rad, P., Choo, K.K.R., Jamshidi, M.: A privacy-aware architecture at the edge for autonomous real-time identity reidentification in crowds. IEEE Internet Things J. 5(4), 2936–2946 (2017)

    Article  Google Scholar 

  11. Mocrii, D., Chen, Y., Musilek, P.: IoT-based smart homes: a review of system architecture, software, communications, privacy and security. Internet Things 1, 81–98 (2018)

    Article  Google Scholar 

  12. Noeparast, E., Ravanmehr, R.: A Novel Event-Oriented architecture for logging and auditing in distributed systems. Adv. Netw. Commun. 1, 36–44 (2012)

    Article  Google Scholar 

  13. Onik, M.M.H., Kim, C.S., Lee, N.Y., Yang, J.: Privacy-aware blockchain for personal data sharing and tracking. Open Comput. Sci. 9(1), 80–91 (2019)

    Article  Google Scholar 

  14. Perera, C., Barhamgi, M., Bandara, A.K., Ajmal, M., Price, B., Nuseibeh, B.: Designing privacy-aware internet of things applications. Inf. Sci. 512, 238–257 (2020)

    Article  Google Scholar 

  15. Scott, J., Kazman, R.: Realizing and refining architectural tactics: Availability. Carnegie-Mellon Univ. Pittsburgh Pa Software Engineering Inst. (2009)

    Google Scholar 

  16. Semantha, F., Azam, S., Yeo, K., Shanmugam, B.: A Systematic literature review on privacy by design in the healthcare sector. Electronics 9(3), 452 (2020). https://doi.org/10.3390/electronics9030452

    Article  Google Scholar 

  17. Simmhan, Y., et al.: An analysis of security and privacy issues in smart grid software architectures on clouds. In IEEE 4th International Conference on Cloud Computing, pp. 582–589 (2011)

    Google Scholar 

  18. Wahlstrom, K., Ul-haq, A., Burmeister, O.: Privacy by design: a holochain exploration. Australas. J. Inf. Syst. 24 (2020). https://doi.org/10.3127/ajis.v24i0.2801

  19. Wang, J., Amos, B., Das, A., Pillai, P., Sadeh, N., Satyanarayanan, M.: A scalable and privacy-aware IoT service for live video analytics. In: Proceedings of the 8th ACM on Multimedia Systems Conference, pp. 38–49, June 2017

    Google Scholar 

  20. Wang, J., Amos, B., Das, A., Pillai, P., Sadeh, N., Satyanarayanan, M.: Enabling live video analytics with a scalable and privacy-aware framework. ACM Trans. Multimed. Comput. Commun. Appl. (TOMM) 14(3s), 1–24 (2018)

    Google Scholar 

  21. Wong, R.Y., Mulligan, D.K.: Bringing design to the privacy table: Broadening “design” in “privacy by design” through the lens of HCI. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, pp. 1–17 (2019)

    Google Scholar 

  22. Principle of least privilege (POLP). Definition. https://searchsecurity.techtarget.com/definition/principle-of-least-privilege-POLP

  23. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995. OJ CL 281, 0031–0050 (1995)

    Google Scholar 

  24. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. https://eur-lex.europa.eu/eli/reg/2016/679/oj

Download references

Acknowledgements

The research presented in this paper is partially supported by The National Science Program “Information and Communication Technologies for Unified Digital Market in Science, Education and Security” financed by the Ministry of Education and Science, Bulgaria and the Sofia University “St. Kliment Ohridski” Research Science Fund project No. 80-10-74/25.03.2021 (“Data intensive software architectures”).

Authors of the paper are also grateful to the anonymous reviewers for their valuable comments and remarks, which increased the quality of the paper.

Author information

Authors and Affiliations

  1. Faculty of Mathematics and Informatics, Sofia University “St. Kliment Ohridski”, J. Bouchier Blvd., 1164, Sofia, Bulgaria

    Emilia Stefanova & Aleksandar Dimov

Authors
  1. Emilia Stefanova
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aleksandar Dimov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aleksandar Dimov .

Editor information

Editors and Affiliations

  1. University of Library Studies and Information Technologies, Sofia, Bulgaria

    Boris Shishkov

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Stefanova, E., Dimov, A. (2021). Privacy Enabled Software Architecture. In: Shishkov, B. (eds) Business Modeling and Software Design. BMSD 2021. Lecture Notes in Business Information Processing, vol 422. Springer, Cham. https://doi.org/10.1007/978-3-030-79976-2_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-79976-2_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-79975-5

  • Online ISBN: 978-3-030-79976-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation