Paper Info
Title
Privacy-enhanced system design modeling based on privacy features.
Abstract
To ensure that their stakeholders' privacy concerns are addressed systematically from the early development phases, organizations can perform a privacy enhancement of the system design. Such a privacy enhancement needs to account for three crucial types of input: First, risks to the rights of natural persons. Second, potential interrelations and dependencies among the privacy controls. Third, potential trade-offs regarding the costs of the controls. Despite numerous existing privacy enhancing technologies and catalogs of privacy controls, there has been no systematic methodology to support privacy enhancement based on these types of input. In this paper, we propose a methodology to support the coherent privacy enhancement of a system design model. We consider an extensive variety of privacy controls, including privacy-design strategies, patterns, and privacy enhancing technologies. Representing these controls as privacy features, we explicitly maintain their interrelations and dependencies in a feature model. In order to identify an adequate selection of controls, we leverage a model-based cost estimation approach that analyzes the associated costs and benefits. We further demonstrate how the selected features can be integrated into the system model, by applying reusable aspect models to encapsulate the required changes to the system design. We evaluated our methodology based on three practical case studies.
Year
DOI
Venue
2019
10.1145/3297280.3297431
SAC
Keywords
Field
DocType
GDPR, feature model, privacy by design, reusable aspect models
Leverage (finance),Privacy by Design,Computer science,Systems design,Cost estimate,Risk analysis (engineering),Cost–benefit analysis,Feature model,Privacy-enhancing technologies,System model
Conference
ISBN
Citations 
PageRank 
978-1-4503-5933-7
0
0.34
References 
Authors
0
3
Name
Order
Citations
PageRank
Amir Shayan Ahmadian1182.68
Daniel Strüber211621.50
Jan Jurjens316916.07