Abstract
Several regulations and standards emphasize that privacy shall already be considered from the very beginning in software development. A crucial point during the development of a privacy-friendly software is the selection and integration of measures that implement specific privacy requirements or mitigate threats to these. These measures are called privacy enhancing technologies (PETs). PETs have a cross-cutting nature. That is, a PET needs often to be integrated into several base functionalities of the software-to-be. For example, anonymization techniques need to be integrated into functionalities that shall reveal originally identifiable information in an anonymized form to others. One possibility to handle cross-cutting concerns already on the requirements level is aspect-oriented requirements engineering. In this paper, we show how PETs can be represented as early aspects and how these can be integrated into a given requirements model in problem frames notation. Furthermore, we show how PETs can be represented as patterns to help requirements engineers to identify and select appropriate PETs that address the privacy requirements they have to satisfy. We use the PET Privacy-ABCs (Attribute-Based Credentials) to illustrate our approach.
Notes
- 1.
https://www.torproject.org/ Accessed 21 Mar 2017.
- 2.
http://w3c.p3p.com Accessed 21 Mar 2017.
- 3.
References
European Commission: Regulation (EU) 2016/679 of the european parliament and of the council (general data protection regulation), April 2016
ISO/IEC: ISO/IEC 29100:2011 information technology - security techniques - privacy framework. Technical report (2011)
Jackson, M.: Problem Frames. Analyzing and Structuring Software Development Problems. Addison-Wesley, Boston (2001)
Faßbender, S., Heisel, M., Meis, R.: A problem-, quality-, and aspect-oriented requirements engineering method. In: Holzinger, A., Cardoso, J., Cordeiro, J., Libourel, T., Maciaszek, L.A., Sinderen, M. (eds.) ICSOFT 2014. CCIS, vol. 555, pp. 291–310. Springer, Cham (2015). doi:10.1007/978-3-319-25579-8_17
Harrison, N.B.: Advanced pattern writing - patterns for experienced pattern authors. In: Manolescu, D., Voelter, M., Noble, J. (eds.) Pattern Languages of Program Design 5. Addison-Wesley, Boston (2006)
Meis, R., Heisel, M.: Computer-aided identification and validation of privacy requirements. Information 7, 28 (2016)
Meis, R., Heisel, M.: Computer-aided identification and validation of intervenability requirements. Information 8, 30 (2017)
Camenisch, J., Krontiris, I., Lehmann, A., Neven, G., Paquin, C., Rannenberg, K., Zwingelberg, H.: D2.1 architecture for attribute-based credential technologies – version 1. Technical report, ABC4Trust (2011)
Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management, August 2010. v0.34
Bundestag, D.: Gesetz über Personalausweise und den elektronischen Identitätsnachweis sowie zur Änderung weiterer Vorschriften. Bundesgesetzblatt I(33) (2009)
Sweeney, L.: K-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10(5), 557–570 (2002)
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Hafiz, M.: A pattern language for developing privacy enhancing technologies. Softw.: Pract. Exp. 43(7), 769–787 (2013)
Lobato, L.L., Fernandez, E.B., Zorzo, S.D.: Patterns to support the development of privacy policies. In: Proceedings of the 1st International Workshop on Organizational Security Aspects (OSA) (2009)
Schumacher, M.: Security patterns and security standards - with selected security patterns for anonymity and privacy. In: European Conference on Pattern Languages of Programs (EuroPLoP) (2003)
Romanosky, S., Acquisti, A., Hong, J., Cranor, L.F., Friedman, B.: Privacy patterns for online interactions. In: Proceedings of the 2006 Conference on Pattern Languages of Programs. PLoP 2006, pp. 12:1–12:9. ACM, New York (2006)
Porekar, J., Jerman-Blazic, A., Klobucar, T.: Towards organizational privacy patterns. In: Second International Conference on the Digital Society, pp. 15–19, February 2008
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Meis, R., Heisel, M. (2017). Pattern-Based Representation of Privacy Enhancing Technologies as Early Aspects. In: Lopez, J., Fischer-Hübner, S., Lambrinoudakis, C. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2017. Lecture Notes in Computer Science(), vol 10442. Springer, Cham. https://doi.org/10.1007/978-3-319-64483-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-64483-7_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64482-0
Online ISBN: 978-3-319-64483-7
eBook Packages: Computer ScienceComputer Science (R0)