Enforcing Context-Awareness and Privacy-by-Design in the Specification of Information Systems

  • Boris Shishkov
  • Marijn Janssen
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 309)


Networked physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators, and connectivity, allow for run-time acquisition of user data. This in turn can enable information systems which capture the “current” user state and act accordingly. The use of this data would result in context-aware applications that get fueled by user data (and environmental data) to adapt their behavior. Yet the use of data is often restricted by privacy regulations and norms; for example, the location of a person cannot be shared without given consent. In this paper we propose a design approach that allows for weaving context-awareness and privacy-by-design into the specification of information systems. This is to be done since the very early stages of the software development, while the enterprise needs are captured (and understood) and the software features are specified on that basis. In addition to taking into account context-awareness and privacy-sensitivity these two aspects will be balanced, especially if they are conflicting. The presented approach extends the “Software Derived from Business Components” (SDBC) approach. We partially demonstrate our proposed way of modeling, by means of a case example featuring land border security. Our proposed way of modeling would allow developers to smoothly reflect context and privacy features in the application design, supported by methodological guidelines that span over the enterprise modeling and software specification. Those features are captured as technology-independent societal demands and are in the end reflected in technology-specific (software) solutions. Traceability between the two is possible as well as re-use of modeling constructs.


Enterprise modeling Software specification Context-awareness Privacy 


  1. 1.
    AWARENESS. Freeband AWARENESS Project (2008).
  2. 2.
    Ayed, D., Delanote, D., Berbers, Y.: MDD approach for the development of context-aware applications. In: Kokinov, B., Richardson, D.C., Roth-Berghofer, T.R., Vieu, L. (eds.) CONTEXT 2007. LNCS (LNAI), vol. 4635, pp. 15–28. Springer, Heidelberg (2007). CrossRefGoogle Scholar
  3. 3.
    Bunge, M.A.: Treatise on Basic Philosophy. A World of Systems, vol. 4. D. Reidel Publishing Company, Dordrecht (1979)CrossRefzbMATHGoogle Scholar
  4. 4.
    Burghardt, T., Buchmann, E., Böhm, K.: Why do privacy-enhancement mechanisms fail, after all? A survey of both, the user and the provider perspective. In: Workshop W2Trust, in Conjunction with IFIPTM (2008)Google Scholar
  5. 5.
    Cockburn, A.: Writing Effective Use Cases. Addison-Wesley, Boston (2000)Google Scholar
  6. 6.
    Dey, A.K.: Understanding and using context. Pers. Ubiquit. Comput. 5(1), 4–7 (2001)CrossRefGoogle Scholar
  7. 7.
    Dietz, J.L.G.: Enterprise Ontology, Theory and Methodology, 1st edn. Springer, Heidelberg (2006). CrossRefGoogle Scholar
  8. 8.
    Dietz, J.L.G.: Generic recurrent patterns in business processes. In: van der Aalst, W.M.P., Weske, M. (eds.) BPM 2003. LNCS, vol. 2678, pp. 200–215. Springer, Heidelberg (2003). CrossRefGoogle Scholar
  9. 9.
    Friedman, B., Hendry, D., Borning, A.: A survey of value sensitive design methods. Int. J. Found. Trends. Hum. Comput. Interact. 11, 63–125 (2017)Google Scholar
  10. 10.
    FRONTEX: The website on the European Agency, FRONTEX (2018).
  11. 11.
    Henricksen, K., Indulska, J.: Developing context-aware pervasive computing applications: models and approach. Perv. Mob. Comput. 2, 37–64 (2006)CrossRefGoogle Scholar
  12. 12.
    Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004)CrossRefGoogle Scholar
  13. 13.
    Huberman, B.A., Franklin, M., Hogg, T.: Enhancing privacy and trust in electronic communities. In: 1st International ACM Conference on Electronic Commerce, EC 1999. ACM (1999)Google Scholar
  14. 14.
    Hustinx, P.: Privacy by design: delivering the promises. Identity Inf. Soc. 3(2), 253–255 (2010)CrossRefGoogle Scholar
  15. 15.
    IoTDI 2nd International Conference on Internet-of-Things Design and Implementation. ACM/IEEE (2017)Google Scholar
  16. 16.
    Janssen, M., Van den Hoven, J.: Big and open linked data (BOLD) in government: a challenge to transparency and privacy? Gov. Inf. Q. 32(4), 363–368 (2015)CrossRefGoogle Scholar
  17. 17.
    Johnston, A., Wilson, S.: Privacy compliance risks for Facebook. IEEE Technol. Soc. Mag. 31(2), 59–64 (2012)CrossRefGoogle Scholar
  18. 18.
    Könings, B., Schaub, F., Weber, M.: Privacy and trust in ambient intelligent environments. In: Ultes, S., Nothdurft, F., Heinroth, T., Minker, W. (eds.) Next Generation Intelligent Environments, pp. 133–164. Springer, Cham (2016). CrossRefGoogle Scholar
  19. 19.
    Kruchten, P.: The Rational Unified Process, An Introduction. Addison-Wesley, Boston (2003)Google Scholar
  20. 20.
    LBS. LandBorderSurveillance, the EBF, LandBorderSurveillance Project (2012).
  21. 21.
    Liu, K.: Semiotics in Information Systems Engineering. Cambridge University Press, Cambridge (2000)CrossRefzbMATHGoogle Scholar
  22. 22.
    MDA. The OMG Model Driven Architecture (2018).
  23. 23.
    Offermann, P., Blom, S., Schönherr, M., Bub, U.: Artifact types in information systems design science – a literature review. In: Winter, R., Zhao, J.L., Aier, S. (eds.) Global Perspectives on Design Science Research. DESRIST 2010. LNCS, vol. 6105, pp. 77–92. Springer, Heidelberg (2010). Google Scholar
  24. 24.
    Pearson, S.: Taking account of privacy when designing cloud computing services. In: International Workshop on Software Engineering Challenges of Cloud Computing, ICSE 2009 (2009)Google Scholar
  25. 25.
    Seničar, V., Jerman-Blažič, B., Klobučar, T.: Privacy-enhancing technologies approaches and development. Comput. Stand. Interfaces 25(2), 147–158 (2003)CrossRefGoogle Scholar
  26. 26.
    Shishkov, B.: Enterprise Information Systems, A Modeling Approach, 1st edn. IICREST, Sofia (2017)Google Scholar
  27. 27.
    Shishkov, B.: Software specification based on re-usable business components (Ph.D thesis), 1st edition, TU Delft. Delft (2005)Google Scholar
  28. 28.
    Shishkov, B., Janssen, M., Yin, Y.: Towards context-aware and privacy-sensitive systems. In: 7th International Symposium on Business Modeling and Software Design, BMSD 2017. SCITEPRESS (2017)Google Scholar
  29. 29.
    Shishkov, B., Mitrakos, D.: Towards context-aware border security control. In: 6th International Symposium on Business Modeling and Software Design, BMSD 2016. SCITEPRESS (2016)Google Scholar
  30. 30.
    Shishkov, B., van Sinderen, M.: From user context states to context-aware applications. In: Filipe, J., Cordeiro, J., Cardoso, J. (eds.) ICEIS 2007. LNBIP, vol. 12, pp. 225–239. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  31. 31.
    Shishkov, B., Van Sinderen, M.J., Tekinderdogan, B.: Model-driven specification of software services. In: IEEE International Conference on e-Business Engineering, ICEBE 2007. IEEE (2007)Google Scholar
  32. 32.
    Shishkov, B., Van Sinderen, M.J., Quartel, D.: SOA-driven business-software alignment. In: IEEE International Conference on e-Business Engineering, ICEBE 2006. IEEE (2006)Google Scholar
  33. 33.
    Shishkov, B., Dietz, J.L.G.: Deriving use cases from business processes, the advantages of DEMO. In: 5th International Conference on Enterprise Information Systems, ICEIS 2003. SCITEPRESS (2003)Google Scholar
  34. 34.
    Seigneur, J.-M., Jensen, C.D.: Trading privacy for trust. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 93–107. Springer, Heidelberg (2004). CrossRefGoogle Scholar
  35. 35.
    Simons, C., Wirtz, G.: Modeling context in mobile distributed systems with the UML. Vis. Lang. Comput. 18(4), 420–439 (2007)Google Scholar
  36. 36.
    UML. The Unified Modeling Language (2017).
  37. 37.
    Vieira, V., Tedesco, P., Salgado, A.C.: Designing context-sensitive systems: an integrated approach. Expert Syst. Appl. 38(2), 1119–1138 (2011)CrossRefGoogle Scholar
  38. 38.
    Vom Brocke, J., Zelt, S., Schmiedel, T.: On the role of context in business process management. Inf. Manag. 36(3), 486–495 (2016)CrossRefGoogle Scholar
  39. 39.
    Weber, R.H.: The digital future - a challenge for privacy? Comput. Law Secur. Rev. 31(2), 234–242 (2015)CrossRefGoogle Scholar
  40. 40.
    Zhu, N., Zhang, M., Feng, D., He, J.: Access control for privacy protection for dynamic and correlated databases. In: International IEEE SmartCity Conference, SmartCity 2015. IEEE (2015)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Institute of Mathematics and Informatics, Bulgarian Academy of SciencesSofiaBulgaria
  2. 2.Faculty of Technology, Policy, and ManagementDelft University of TechnologyDelftThe Netherlands
  3. 3.Institute IICRESTSofiaBulgaria

Personalised recommendations