Privacy by Design: From Technologies to Architectures - (Position Paper)

Existing work on privacy by design mostly focus on technologies rather than methodologies and on components rather than architectures. In this paper, we advocate the idea that privacy by design should also be addressed at the architectural level and be associated with suitable methodologies. Among other benefits, architectural descriptions enable a more systematic exploration of the design space. In addition, because privacy is intrinsically a complex notion that can be in tension with other requirements, we believe that formal methods should play a key role in this area. After presenting our position, we provide some hints on how our approach can turn into practice based on ongoing work on a privacy by design environment.

[1]  Stefanos Gritzalis,et al.  Privacy in the Cloud: Bridging the Gap between Design and Implementation , 2013, CAiSE Workshops.

[2]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[3]  Ronald Fagin,et al.  Reasoning about knowledge , 1995 .

[4]  Ninghui Li,et al.  A formal semantics for P3P , 2004, SWS '04.

[5]  W. Marsden I and J , 2012 .

[6]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[7]  Jaap-Henk Hoepman,et al.  PDF hosted at the Radboud Repository of the Radboud University Nijmegen , 2022 .

[8]  Florian Kerschbaum,et al.  Privacy-Preserving Computation - (Position Paper) , 2012, APF.

[9]  Ian Goldberg,et al.  Privacy Enhancing Technologies for the Internet III : Ten Years Later ∗ , 1997 .

[10]  Paola Inverardi,et al.  Formal Specification and Analysis of Software Architectures Using the Chemical Abstract Machine Model , 1995, IEEE Trans. Software Eng..

[11]  Dilsun Kirli Kaynar,et al.  Formal Verification of Differential Privacy for Interactive Systems , 2011, ArXiv.

[12]  Joseph Y. Halpern,et al.  Dealing with logical omniscience , 2007, TARK '07.

[13]  Paul Clements,et al.  Software architecture in practice , 1999, SEI series in software engineering.

[14]  Florian Kerschbaum,et al.  Plug-In Privacy for Smart Metering Billing , 2010, PETS.

[15]  Carmela Troncoso,et al.  PrETP: Privacy-Preserving Electronic Toll Pricing , 2010, USENIX Security Symposium.

[16]  Theo Dimitrakos,et al.  Formal Aspects in Security and Trust, Fourth International Workshop, FAST 2006, Hamilton, Ontario, Canada, August 26-27, 2006, Revised Selected Papers , 2007, Formal Aspects in Security and Trust.

[17]  Laurent Bussard,et al.  A Practical Generic Privacy Language , 2010, ICISS.

[18]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[19]  Ilya Mironov,et al.  Differentially private recommender systems: building privacy into the net , 2009, KDD.

[20]  Ninghui Li,et al.  A semantics based approach to privacy languages , 2006, Comput. Syst. Sci. Eng..

[21]  G. Danezis,et al.  Privacy Technologies for Smart Grids - A Survey of Options , 2012 .

[22]  Bart Jacobs,et al.  Privacy-Friendly Electronic Traffic Pricing via Commits , 2008, Formal Aspects in Security and Trust.

[23]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[24]  Jan Zibuschka,et al.  Legal considerations on privacy-enhancing Location Based Services using PRIME technology , 2008, Comput. Law Secur. Rev..

[25]  Joseph Y. Halpern,et al.  Dealing with logical omniscience: Expressiveness and pragmatics , 2007, Artif. Intell..

[26]  Daniel Le Métayer,et al.  Software architecture styles as graph grammars , 1996, SIGSOFT '96.

[27]  Yves Poullet,et al.  About the E-Privacy Directive: Towards a Third Generation of Data Protection Legislation? , 2010, Data Protection in a Profiled World.

[28]  Lorrie Faith Cranor,et al.  Engineering Privacy , 2009, IEEE Transactions on Software Engineering.

[29]  George Danezis,et al.  Privacy-preserving smart metering , 2011, WPES '11.

[30]  Alexander L. Wolf,et al.  Acm Sigsoft Software Engineering Notes Vol 17 No 4 Foundations for the Study of Software Architecture , 2022 .

[31]  Ivar Jacobson,et al.  Unified Modeling Language Reference Manual, The (2nd Edition) , 2004 .

[32]  Michael Carl Tschantz,et al.  Formal Methods for Privacy , 2009, FM.

[33]  Siani Pearson,et al.  A Decision Support System for Design for Privacy , 2010, PrimeLife.

[34]  Kunal Talwar,et al.  Mechanism Design via Differential Privacy , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[35]  Daniel Le Métayer Privacy by design: a formal framework for the analysis of architectural choices , 2013, CODASPY '13.

[36]  Martin Törngren,et al.  Tool Integration Beyond Wasserman , 2011, CAiSE 2011.

[37]  Bart Jacobs,et al.  Privacy-Friendly Energy-Metering via Homomorphic Encryption , 2010, STM.

[38]  David Garlan,et al.  Formalizing Architectural Connection , 1994, ICSE.

[39]  Sandro Etalle,et al.  Formal Aspects of Security and Trust , 2011, Lecture Notes in Computer Science.

[40]  Frank Kargl,et al.  POPCORN: privacy-preserving charging for emobility , 2013, CyCAR '13.

[41]  Daniel Le Métayer,et al.  A Formal Privacy Management Framework , 2009, Formal Aspects in Security and Trust.

[42]  Ian Goldberg,et al.  Privacy-Enhancing Technologies for the Internet, II: Five Years Later , 2002, Privacy Enhancing Technologies.

[43]  Yves Deswarte,et al.  Current and future privacy enhancing technologies for the internet , 2006, Ann. des Télécommunications.

[44]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[45]  Athman Bouguettaya,et al.  Privacy on the Web: Facts, Challenges, and Solutions , 2003, IEEE Secur. Priv..

[46]  Riccardo Pucella,et al.  Deductive Algorithmic Knowledge , 2004, AI&M.

[47]  Daniel A. Spielman,et al.  Spectral Graph Theory and its Applications , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[48]  Reihaneh Safavi-Naini,et al.  Towards defining semantic foundations for purpose-based privacy policies , 2011, CODASPY '11.

[49]  Daniel Le Métayer Privacy by Design: A Matter of Choice , 2010, Data Protection in a Profiled World.

[50]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[51]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[52]  Rafael Accorsi,et al.  Security and Trust Management , 2013, Lecture Notes in Computer Science.

[53]  Carmela Troncoso,et al.  Engineering Privacy by Design , 2011 .

[54]  Marc Langheinrich,et al.  Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems , 2001, UbiComp.

[55]  Antonio Kung PEARs: Privacy Enhancing ARchitectures , 2014, APF.

[56]  Michael Backes,et al.  Unification in privacy policy evaluation - translating EPAL into Prolog , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[57]  Ninghui Li,et al.  Provably Private Data Anonymization: Or, k-Anonymity Meets Differential Privacy , 2011, ArXiv.

[58]  Elisa Bertino,et al.  The PROBE Framework for the Personalized Cloaking of Private Locations , 2010, Trans. Data Priv..

[59]  Paul Clements,et al.  The Golden Age of Software Architecture: A Comprehensive Survey. Technical Report CMU-ISRI-06-101 , 2006 .

[60]  Insup Lee,et al.  Privacy APIs: access control techniques to analyze and verify legal privacy policies , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[61]  Sanjam Garg,et al.  Unified Architecture for Large-Scale Attested Metering , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[62]  Ana Cavalcanti,et al.  FM 2009: Formal Methods, Second World Congress, Eindhoven, The Netherlands, November 2-6, 2009. Proceedings , 2009, FM.

[63]  Munawar Hafiz,et al.  A pattern language for developing privacy enhancing technologies , 2013, Softw. Pract. Exp..

[64]  Deirdre K. Mulligan,et al.  Bridging the Gap Between Privacy and Design , 2012 .

[65]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[66]  Andrew J. Blumberg,et al.  VPriv: Protecting Privacy in Location-Based Vehicular Services , 2009, USENIX Security Symposium.