Towards a framework to handle privacy since the early phases of the development: Strategies and open challenges

Although almost any software application processes personal data, effective development frameworks that properly handle privacy are still missing. This work makes a step to fill this void. This paper investigates requirements and development strategies of a privacy-preserving development framework that deals with privacy since the early phases of the development.

[1]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[2]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[3]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[4]  Daniel Amyot,et al.  Evaluation of Development Tools for Domain-Specific Modeling Languages , 2006, SAM.

[5]  Elena Ferrari,et al.  Towards a Modeling and Analysis Framework for Privacy-Aware Systems , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[6]  Rajeev Motwani,et al.  A Survey of Query Auditing Techniques for Data Privacy , 2008, Privacy-Preserving Data Mining.

[7]  Bran Selic,et al.  A Systematic Approach to Domain-Specific Language Design Using UML , 2007, 10th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC'07).

[8]  Nafees Qamar,et al.  Evaluating RBAC Supported Techniques and their Validation and Verification , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[9]  Sabrina Sicari,et al.  Privacy Aware Systems: From Models to Patterns , 2011 .

[10]  Martin Nally,et al.  Rational Software Architect: A tool for domain-specific modeling , 2006, IBM Syst. J..

[11]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[12]  Jean Bézivin,et al.  ATL: A model transformation tool , 2008, Sci. Comput. Program..

[13]  Bernhard Rumpe,et al.  Model-driven Development of Complex Software : A Research Roadmap , 2007 .

[14]  Limin Jia,et al.  Policy auditing over incomplete logs: theory, implementation and applications , 2011, CCS '11.

[15]  Mark Ryan,et al.  Synthesising verified access control systems through model checking , 2008, J. Comput. Secur..

[16]  Abdelwahab Hamou-Lhadj,et al.  A UML-Based Domain Specific Modeling Language for the Availability Management Framework , 2010, 2010 IEEE 12th International Symposium on High Assurance Systems Engineering.

[17]  Martin Gogolla,et al.  Specification and Validation of Authorisation Constraints Using UML and OCL , 2005, ESORICS.

[18]  Elena Ferrari,et al.  Privacy-Aware Knowledge Discovery: Novel Applications and New Techniques , 2010 .

[19]  Jerry den Hartog,et al.  Audit-based compliance control , 2007, International Journal of Information Security.

[20]  David A. Basin,et al.  A decade of model-driven security , 2011, SACMAT '11.