Linking Privacy Solutions to Developer Goals

Privacy is gaining importance since more and more data becomes digitalized. There is also a growing interest from the security community because of the existing synergy between security and privacy. Unfortunately, the privacy development life cycle is less advanced than the security one. A clear classification into different objectives is not available yet. This paper attempts to scope the privacy landscape for software engineering by proposing an operational definition for privacy and by describing a privacy taxonomy. The taxonomy is rooted in the definition and presents a classification of privacy objectives, which correspond to the developer's goals. Each objective can be achieved by one or more strategies. As a validation for the taxonomy, existing privacy solutions are matched to each strategy.

[1]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[2]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[3]  Cliff C. Zou PCB : Physically Changeable Bit for Preserving Privacy in Low-End RFID Tags , 2006 .

[4]  Bruce Schneier,et al.  The Electronic Privacy Papers: Documents on the Battle for Privacy in the Age of Surveillance , 1997 .

[5]  Joachim Biskup,et al.  Lying versus refusal for known potential secrets , 2001, Data Knowl. Eng..

[6]  Tine Verhanneman,et al.  Uniform and Modular Context-Based Access Control for Software Applications (Uniforme en modulaire contextgebaseerde toegangscontrole voor software toepassingen) , 2007 .

[7]  J. Borges,et al.  A TAXONOMY OF PRIVACY , 2006 .

[8]  Paul Clements,et al.  Software architecture in practice , 1999, SEI series in software engineering.

[9]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[10]  Tomaz Klobucar,et al.  Towards Organizational Privacy Patterns , 2008, Second International Conference on the Digital Society.

[11]  Arthur D. Fisk,et al.  Privacy and technology: folk definitions and perspectives , 2008, CHI Extended Abstracts.

[12]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[13]  Wouter Joosen,et al.  A system of security patterns , 2006 .

[14]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[15]  Annie I. Antón,et al.  Analyzing Website privacy requirements using a privacy goal taxonomy , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.