Toward a pattern language for privacy enhancing design techniques

Despite that privacy requirements are becoming mandatory in many circumstances, and privacy-enhancing technologies are more and more readily available, system designers are facing a lack of guidance to choose the most appropriate solutions to protect the privacy of the system users in each situation. This paper introduces a pattern language —that is, a structured collection of interrelated, reusable solutions— for privacy-enhancing design. We present the structural model of our patterns (techniques) and introduce their use within usual analysis and design activities, with a special emphasis on the relation between patterns and the privacy requirements they fulfil.

[1]  Nick Doty,et al.  Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences , 2013 .

[2]  M. Hafiz A collection of privacy design patterns , 2006, PLoP '06.

[3]  Ralph E. Johnson,et al.  Organizing Security Patterns , 2007, IEEE Software.

[4]  Benjamin Gerber,et al.  Conceptualizing privacy , 2010, CSOC.

[5]  James A. Landay,et al.  Approximate Information Flows: Socially-Based Modeling of Privacy in Ubiquitous Computing , 2002, UbiComp.

[6]  Eduardo B. Fernández,et al.  Security Patterns for Voice over IP Networks , 2007, 2007 International Multi-Conference on Computing in the Global Information Technology (ICCGI'07).

[7]  Hironori Washizaki,et al.  A survey on security patterns , 2008 .

[8]  Stefanos Gritzalis,et al.  Addressing privacy requirements in system design: the PriS method , 2008, Requirements Engineering.

[9]  Paul M. Schwartz,et al.  Privacy, Information, and Technology , 2006 .

[10]  Munawar Hafiz,et al.  A pattern language for developing privacy enhancing technologies , 2013, Softw. Pract. Exp..

[11]  Yod Samuel Martín García,et al.  Engineering privacy requirements valuable lessons from another realm , 2014 .

[12]  A. Cavoukian Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices , 2012 .

[13]  Robert C. Seacord,et al.  Secure Design Patterns , 2009 .

[14]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[15]  Stefanos Gritzalis,et al.  Methods for Designing Privacy Aware Information Systems: A Review , 2009, 2009 13th Panhellenic Conference on Informatics.

[16]  John Mylopoulos,et al.  Non-Functional Requirements in Software Engineering , 2000, International Series in Software Engineering.

[17]  Jaap-Henk Hoepman,et al.  PDF hosted at the Radboud Repository of the Radboud University Nijmegen , 2022 .

[18]  Seda Gürses,et al.  PETs and their users: a critical review of the potentials and limitations of the privacy as confidentiality paradigm , 2010 .

[19]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[20]  Betty H. C. Cheng,et al.  Using Security Patterns to Model and Analyze Security Requirements , 2012 .

[21]  Eduardo B. Fernandez,et al.  Security patterns in practice : designing secure architectures using software patterns , 2013 .

[22]  Martin Fowler,et al.  Patterns of Enterprise Application Architecture , 2002 .

[23]  Kristian Beckers,et al.  Comparing Privacy Requirements Engineering Approaches , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.