Skip to main content

Privacy by Design: From Technologies to Architectures

(Position Paper)

  • Conference paper
Privacy Technologies and Policy (APF 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8450))

Included in the following conference series:

Abstract

Existing work on privacy by design mostly focus on technologies rather than methodologies and on components rather than architectures. In this paper, we advocate the idea that privacy by design should also be addressed at the architectural level and be associated with suitable methodologies. Among other benefits, architectural descriptions enable a more systematic exploration of the design space. In addition, because privacy is intrinsically a complex notion that can be in tension with other requirements, we believe that formal methods should play a key role in this area. After presenting our position, we provide some hints on how our approach can turn into practice based on ongoing work on a privacy by design environment.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abadi, M., Fournet, C.: Mobile Values, New Names, and Secure Communication. In: Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 104–115 (2001)

    Google Scholar 

  2. Allen, R., Garlan, D.: Formalizing Architectural Connection. In: Proc. 16th Int’l Conf. Software Eng. pp. 71–80 (May 1994)

    Google Scholar 

  3. Backes, M., Dürmuth, M., Karjoth, G.: Unification in privacy policy evaluation - translating EPAL into Prolog. In: POLICY, pp. 185–188 (2004)

    Google Scholar 

  4. Balasch, J., Rial, A., Troncoso, C., Preneel, B., Verbauwhede, I., Geuens, C.: PrETP: Privacy-preserving electronic toll pricing. In: USENIX Security Symposium, pp. 63–78 (2010)

    Google Scholar 

  5. Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: IEEE Symposium on Security and Privacy, pp. 184–198 (2006)

    Google Scholar 

  6. Bass, L., Clements, P., Kazman, R.: Software architecture in practice, 3rd edn. SEI Series in Software Engineering. Addison-Wesley (2013)

    Google Scholar 

  7. Becker, M.Y., Malkis, A., Bussard, L.: A practical generic privacy language. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 125–139. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  8. Booch, G., Jacobson, I., Rumbaugh, J.: The Unified Modeling Language Reference Manual, 2nd edn. Addison Wesley Professional (2004)

    Google Scholar 

  9. Damiani, M.L., Bertino, E., Silvestri, C.: The probe framework for the personalized cloaking of private locations. Transactions on Data Privacy 3(2), 123–148 (2010)

    MathSciNet  Google Scholar 

  10. Delaune, S., Kremer, S., Ryan, M.D.: Verifying Privacy-type Properties of Electronic Voting Protocols. Journal of Computer Security 17(4), 435–487 (2009)

    Google Scholar 

  11. Deswarte, Y., Melchor, C.A.: Current and future privacy enhancing technologies for the internet. Annals of Telecommunications 61(3), 399–417 (2006)

    Article  Google Scholar 

  12. Gürses, S.F., Troncoso, C., Diaz, C.: Engineering privacy by design. In: Computers, Privacy & Data Protection (2011)

    Google Scholar 

  13. Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. Part II, LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)

    Google Scholar 

  14. Dwork, C.: A firm foundation for private data analysis. Commun. ACM 54(1), 86–95 (2011)

    Article  Google Scholar 

  15. E.C. European Commission. Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). inofficial consolidated version after LIBE Commitee vote provided by the rapporteur (October 22, 2013)

    Google Scholar 

  16. Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.: Reasoning About Knowledge. A Bradford Book (January 9, 2004); 1st MIT Press Paperback edition

    Google Scholar 

  17. Garcia, F.D., Jacobs, B.: Privacy-friendly energy-metering via homomorphic encryption. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol. 6710, pp. 226–238. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  18. Goldberg, I.: Privacy-enhancing technologies for the internet III: ten years later. In: Digital Privacy: Theory, Technologies, and Practices, pp. 84–89. TeX Users Group (December 2007)

    Google Scholar 

  19. Hafiz, M.: A Pattern Language for Developing Privacy Enhancing Technologies. Foftware Practice and Experience 43(7), 769–787 (2013)

    Article  Google Scholar 

  20. Halpern, J.Y., Pucella, R.: Dealing with logical omniscience: Expressiveness and pragmatics. Artif. Intell. 175(1), 220–235 (2011)

    Article  MATH  MathSciNet  Google Scholar 

  21. Hoepman, J.-H.: Privacy Design Strategies. CoRR (2013)

    Google Scholar 

  22. Höfer, C., Petit, J., Schmidt, R., Kargl, F.: POPCORN: Privacy-preserving charging for e-mobility. In: Proceedings of the 2013 ACM Workshop on Security, Privacy & Dependability for Cyber Vehicles (CyCAR 2013), pp. 37–48. ACM, New York (2013)

    Google Scholar 

  23. Inverardi, P., Wolf, A.: Formal specification and analysis of software architectures using the chemical abstract machine model. IEEE Transactions on Software Engineering, Special Issue on Software Architectures  21(4), 373–386 (1995)

    Article  Google Scholar 

  24. Jafari, M., Fong, P.W.L., Safavi-Naini, R., Barker, K., Sheppard, N.P.: Towards defining semantic foundations for purpose-based privacy policies. In: CODASPY, pp. 213–224 (2011)

    Google Scholar 

  25. Jawurek, M., Johns, M., Kerschbaum, F.: Plug-In Privacy for Smart Metering Billing. In: Fischer-Hübner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol. 6794, pp. 192–210. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  26. Jawurek, M., Kerschbaum, F., Danezis, G.: Privacy Technologies for Smart Grids - A Survey of Options. MSR-TR-2012-119 (November 2012)

    Google Scholar 

  27. de Jonge, W., Jacobs, B.: Privacy-friendly electronic traffic pricing via commits. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 143–161. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  28. Kerschbaum, F.: Privacy-preserving computation. In: Preneel, B., Ikonomou, D. (eds.) APF 2012. LNCS, vol. 8319, pp. 41–54. Springer, Heidelberg (2014)

    Google Scholar 

  29. Kosta, E., Zibuschka, J., Scherner, T., Dumortier, J.: Legal considerations on privacy-enhancing location based services using PRIME technology. Computer Law and Security Report 4, 139–146 (2008)

    Article  Google Scholar 

  30. Krumm, J.: A survey of computational location privacy. Pers. Ubiquit. Comput. 13, 391–399 (2008)

    Article  Google Scholar 

  31. Kung, A.: PEARs: Privacy enhancing aRchitectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 18–30. Springer, Heidelberg (2014)

    Google Scholar 

  32. Langheinrich, M.: Privacy by design - principles of privacy-aware ubiquitous systems. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, pp. 273–291. Springer, Heidelberg (2001)

    Google Scholar 

  33. LeMay, M., Gross, G., Gunter, C.A., Garg, S.: Unified architecture for large-scale attested metering. In: HICSS, pp. 115–124 (2007)

    Google Scholar 

  34. Le Métayer, D.: Software Architecture Styles As Graph Grammars. ACM SIGSOFT Software Eng. Notes (November 1996)

    Google Scholar 

  35. Le Métayer, D.: A formal privacy management framework. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 162–176. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  36. Le Métayer, D.: Privacy by design: A matter of choice. In: Data Protection in a Profiled World, pp. 323–334. Springer (2010)

    Google Scholar 

  37. Le Métayer, D.: Privacy by design: a formal framework for the analysis of architectural choices. In: CODASPY 2013, pp. 95–104 (2013)

    Google Scholar 

  38. Li, N., Yu, T., Antón, A.I.: A semantics based approach to privacy languages. Comput. Syst. Sci. Eng. 21(5) (2006)

    Google Scholar 

  39. Li, N., Qardaji, W.H., Su, D.: Provably private data anonymization: Or, k-anonymity meets differential privacy. CoRR, abs/1101.2604 (2011)

    Google Scholar 

  40. Machanavajjhala, A., Gehrke, J., Kifer, D., Venkitasubramaniam, M.: l-diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1(1), Article 3 (March 2007)

    Google Scholar 

  41. McSherry, F.: Privacy integrated queries: an extensible platform for privacy-preserving data analysis. Commun. ACM 53(9), 89–97 (2010)

    Article  Google Scholar 

  42. McSherry, F., Mironov, I.: Differentially private recommender systems: building privacy into the net. In: Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD 2009), pp. 627–636. ACM, New York (2009)

    Chapter  Google Scholar 

  43. McSherry, F., Talwar, K.: Mechanism design via differential privacy. In: FOCS, pp. 94–103 (2007)

    Google Scholar 

  44. Manousakis, V., Kalloniatis, C., Kavakli, E., Gritzalis, S.: Privacy in the Cloud: Bridging the Gap between Design and Implementation. In: Franch, X., Soffer, P. (eds.) CAiSE Workshops 2013. LNBIP, vol. 148, pp. 455–465. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  45. May, M.J., Gunter, C.A., Lee, I.: Privacy APIs: Access control techniques to analyze and verify legal privacy policies. In: CSFW, pp. 85–97 (2006)

    Google Scholar 

  46. Mulligan, D.K., King, J.: Bridging the Gap between Privacy and Design. University of Pennsylvania Journal of Constitutional Law 4(14) (2012)

    Google Scholar 

  47. Pearson, S., Benameur, A.: A Decision Support System for Design for Privacy. Privacy and Identity, IFIP AICT 352, 283–296 (2011)

    Article  Google Scholar 

  48. Perry, D.E., Wolf, A.L.: Foundations for the study of software architecture. ACM SIGSOFT Software Eng. Notes (October 1992)

    Google Scholar 

  49. Popa, R.A., Balakrishnan, H., Blumberg, A.J.: Vpriv: Protecting privacy in location-based vehicular services. In: USENIX Security Symposium, pp. 335–350 (2009)

    Google Scholar 

  50. Poullet, Y.: About the e-privacy directive, towards a third generation of data protection legislations. In: Data Protection in a Profile World, pp. 3–29. Springer (2010)

    Google Scholar 

  51. Pucella, R.: Deductive Algorithmic Knowledge. Journal of Logic and Computation 16(2), 287–309 (2006)

    Article  MATH  MathSciNet  Google Scholar 

  52. Rezgui, A., Bouguettaya, A., Eltoweissy, M.Y.: Privacy on the web: facts, challenges, and solutions. In: IEEE Security and Privacy, pp. 40–49 (2003)

    Google Scholar 

  53. Rial, A., Danezis, G.: Privacy-preserving smart metering. In: Proceedings of the 2011 ACM Workshop on Privacy in the Electronic Society, WPES 2011. ACM (2011)

    Google Scholar 

  54. Shaw, M., Clements, P.: The Golden Age of Software Architecture: A Comprehensive Survey. In: Research Report CMU-ISRI-06-101. Carnegie Mellon University (2006)

    Google Scholar 

  55. Spiekermann, S., Cranor, L.F.: Engineering Privacy. IEEE Transactions on Software Engineering 35(1) (2009)

    Google Scholar 

  56. Sweeney, L.: k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10(5), 557–570 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  57. Tschantz, M.C., Kaynar, D.K., Datta, A.: Formal verification of differential privacy for interactive systems. CoRR, abs/1101.2819 (2011)

    Google Scholar 

  58. Tschantz, M.C., Wing, J.M.: Formal methods for privacy. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 1–15. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  59. Yu, T., Li, N., Antón, A.I.: A formal semantics for P3P. In: In Proceedings of the 2004 Workshop on Secure Web Service (SWS 2004), pp. 1–8 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Antignac, T., Le Métayer, D. (2014). Privacy by Design: From Technologies to Architectures. In: Preneel, B., Ikonomou, D. (eds) Privacy Technologies and Policy. APF 2014. Lecture Notes in Computer Science, vol 8450. Springer, Cham. https://doi.org/10.1007/978-3-319-06749-0_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-06749-0_1

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-06748-3

  • Online ISBN: 978-3-319-06749-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics