PEARs: Privacy Enhancing ARchitectures

  • Antonio Kung
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8450)

Abstract

This paper points out the importance of architecture in designing a privacy-by-design system. It provides an overview on how architectures are designed, analysed and evaluated, through quality attributes, tactics and architecture patterns. It then specifies a straw man architecture design methodology for privacy. The resulting PEAR (Privacy Enhancing ARchitecture) methodology is then illustrated through an Intelligent Transport systems (ITS) example application. The integration of the resulting methodology in a Privacy-by-Design process is then explained. Suggestions for future work that will lead to an agreed engineering practice are finally provided.

Keywords

Architecture Quality attributes Tactics Privacy Patterns PEAR PET Privacy-by-Design 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
  3. 3.
    Kung, A.: ICT and Privacy: Barriers. In: Annual Privacy Forum, Limassol, Cyprus, October 10-11( 2012)Google Scholar
  4. 4.
    Spiekermann, S., Cranor, L.: Privacy Engineering. IEEE Transactions on Software Engineering 35(1), 67–82 (2009)CrossRefGoogle Scholar
  5. 5.
    Gürses, S.F., Troncoso, C., Diaz, C.: Engineering Privacy-by-Design. Computers, Privacy & Data Protection (2011)Google Scholar
  6. 6.
    Kung, A., Freytag, J., Kargl, F.: Privacy-by-design in ITS applications. In: 2nd IEEE International Workshop on Data Security and Privacy in Wireless Networks, Lucca, Italy (June 20, 2011)Google Scholar
  7. 7.
    Wright, D., de Hert, P. (eds.): Privacy Impact Assessment. Series: Law, Governance and Technology Series, vol. 6. Springer (2012)Google Scholar
  8. 8.
    PIAF: Privacy Impact Assessment Framework, http://www.piafproject.eu
  9. 9.
  10. 10.
    EBIOS. Expression des Besoins et Identification des Objectifs de Sécurité, http://www.ssi.gouv.fr/IMG/pdf/EBIOS-1-GuideMethodologique-2010-01-25.pdf
  11. 11.
    OASIS. Organization for the Advancement of Structured Information, https://www.oasis-open.org/
  12. 12.
    OASIS Privacy Management Reference Model (PMRM) Technical Committee, https://www.oasis-open.org/committees/pmrm/charter.php
  13. 13.
    Troncoso, C., Danezis, G., Kosta, E., Balasch, J., Preneel, B.: PriPAYD: Privacy-Friendly Pay-As-You-Drive Insurance. IEEE Transactions on Dependable and Secure Computing 8(5), 742–755 (2011)CrossRefGoogle Scholar
  14. 14.
    Balasch, J., Rial, A., Troncoso, C., Geuens, C., Preneel, B., Verbauwhede, I.: PrETP: Privacy-Preserving Electronic Toll Pricing (extended version). In: 19th USENIX Security SymposiumGoogle Scholar
  15. 15.
    Rial, A., Danezis, G.: Privacy-Preserving Smart Metering. In: Proceedings of the 2011 ACM Workshop on Privacy in the Electronic Society, WPES 2011, USA (October 17, 2011)Google Scholar
  16. 16.
    ISO/IEC/IEEE 42010:2011, Systems and software engineering — Architecture descriptionGoogle Scholar
  17. 17.
    Software Architecture Review and Assessment (SARA) Report, version 1.0, http://kruchten.com/philippe/architecture/SARAv1.pdf (February 2002)
  18. 18.
    Software Architecture in Practice (3rd Edition), Len Bass, Paul Clementz, Rick Kazman. Addison-Wesley (2012)Google Scholar
  19. 19.
    Chung, E., Hong, J., et al.: Development and Evaluation of Emerging Design Patterns for Ubiquitous Computing. Patterns C1-C15, DIS2004 (2004)Google Scholar
  20. 20.
  21. 21.
  22. 22.
    Anciaux, N., Benzine, M., Bouganim, L., Jacquemin, K., Pucheral, P., Yin, S.: Restoring the Patient Control over her Medical History. In: Proc. of the 21th IEEE International Symposium on Computer-Based Medical Systems (CBMS), Jyväskylä, Finland, pp. 132–137 (June 2008)Google Scholar
  23. 23.
    Allard, T., Anciaux, N., Bouganim, L., Guo, Y., Le Folgoc, L., Nguyen, B., Pucheral, P., Ray, I., Ray, I., Yin, S.: Secure Personal Data Servers: A Vision Paper. In: Proc. of the 36th International Conference on Very Large Data Bases (VLDB), Singapore, PVLDB 3(1), 25–35 (September 2010)Google Scholar
  24. 24.
  25. 25.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: 28th International Conference on Very Large Data Bases, Hong Kong (August 2002)Google Scholar
  26. 26.
  27. 27.
    Kargl, F., Schaub, F., Dietzel, S.: Mandatory Enforcement of Privacy Policies Using Trusted Computing Principles. Intelligent Information Privacy Management Symposium, Stanford University (AAAI 2010 Spring Symposia) (March 2010)Google Scholar
  28. 28.
    V2X Privacy Verifiable Architecture. Deliverable D7. Preciosa FP7 Project, http://www.preciosa-project.org/ (November 2009)
  29. 29.
    Goldberg, R.: Architectural Principles for Virtual Computer Systems. PhD thesis, National Technical Information Service (February 1973)Google Scholar
  30. 30.
  31. 31.
  32. 32.
  33. 33.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Antonio Kung
    • 1
  1. 1.TrialogParisFrance

Personalised recommendations