A Literature Study on Privacy Patterns Research

@article{Lenhard2017ALS,
  title={A Literature Study on Privacy Patterns Research},
  author={J{\"o}rg Lenhard and Lothar Fritsch and Sebastian Herold},
  journal={2017 43rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA)},
  year={2017},
  pages={194-201}
}
Context: Facing the implementation of the EU General Data Protection Regulation in May 2018, many commercial software providers will soon need to adapt their products to new privacy-related constraints. Privacy patterns defined for different aspects of the software engineering process promise to be a useful concept for this task. In this situation, it seems valuable to characterize the state of the research related to privacy patterns.Objective: To identify, characterize and classify the… 

Figures and Tables from this paper

A Systematic Mapping Study on Privacy by Design in Software Engineering

The findings suggest that PbD in software engineering is still an immature field and that there is a need for privacyaware approaches for software engineering and their validation in industrial settings.

An exploratory experiment on privacy patterns: limitations and possibilities

An exploratory experiment is carried out to analyze the improvement that 12 privacy patterns (for anonymity) bring to the completeness of the design product and an in-depth analysis is made based on the learnings obtained during the experiment realization.

Analysing and extending privacy patterns with architectural context

This paper provides a new structural and interaction view of the patterns by relating privacy regulation contexts and analyses the patterns in architectural contexts and map available privacy-preserving techniques for implementing each privacy pattern.

Reusable Elements for the Systematic Design of Privacy-Friendly Information Systems: A Mapping Study

The most advanced research areas in privacy engineering are described and some of the gaps found are discussed, suggesting areas where researchers and funding institutions can focus their efforts.

A System of Privacy Patterns for Informing Users: Creating a Pattern System

A subset of privacy design patterns is improved, constructing a pattern system that adds implementability and interconnection, while improving consistency and organization, which results in a system of patterns for informing users.

A framework and roadmap for enhancing the application of privacy design patterns

This work firstly study the aspects influencing the application of patterns based on previous experiences reported in the close and more mature domain of security patterns, and proposes a framework for enhancing theApplication of patterns.

Rethinking the Proposition of Privacy Engineering

The assumptions that underpin privacy engineering are examined, linking them to shortcomings and open questions, and possible research avenues that may give rise to alternative frameworks are explored.

Enterprise Architecture Patterns for GDPR Compliance

This work focuses on the requirements brought by the GDPR and in providing enterprise architecture patterns to achieve GDPR compliance by proposing a library of patterns, which has 22 patterns handling one or more use cases, modeled in ArchiMate for a clearer understanding of the solutions.

Towards a Collection of Security and Privacy Patterns

This work presents a survey and taxonomy of SP patterns towards the creation of a usable pattern collection, to enable decomposition of higher-level properties to more specific ones, matching them to relevant patterns, while also creating a comprehensive overview of security- and privacy-related properties and sub-properties that are of interest in IoT/IIoT environments.

Metamodel for Security and Privacy Knowledge in 1 Cloud Service Development 1 2

This study proposes the Cloud Security and Privacy Metamodel (CSPM), which uses a consistent approach to classify and support existing security and privacy patterns.

References

SHOWING 1-10 OF 80 REFERENCES

A Critical Analysis of Privacy Design Strategies

This paper helps bridge the gap between data protection requirements set out in law, and system development practice, and suggests an additional level of abstraction between strategies and privacy patterns: 'tactics'.

A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements

This paper presents a comprehensive framework to model privacy threats in software-based systems and provides an extensive catalog of privacy-specific threat tree patterns that can be used to detail the threat analysis outlined above.

Towards Organizational Privacy Patterns

This paper presents a first set of privacy organizational patterns, which are abstractions of real world situations and problems that businesses run into and capture the problem, the context of the generic problem and the proven solutions to the problem.

Incorporating privacy patterns into semi-automatic business process derivation

The main advantage of the proposed approach is its ability to map privacy from the strategic to the operational level through a semi-automatic process while offering designers adequate guidance to its operationalisation via the use of process patterns.

A Decision Support System for Design for Privacy

It is argued that it would be useful to move beyond current best practice – where a set of searchable privacy guidelines may be provided to developers – to automated support to software developers in early phases of software development.

Designing Privacy-by-Design

The extended definition of Privacy by Design is given and, taking Solove's model for privacy invasions as structuring principle, a tool and method to use that tool to generate trust in systems by citizens is described.

Commitment analysis to operationalize software requirements from privacy policies

This paper presents a methodology for obtaining requirements from privacy policies based on the theory of commitments, privileges, and rights, which was developed through a grounded theory approach.

Addressing privacy requirements in system design: the PriS method

PriS is described, a security requirements engineering method, which incorporates privacy requirements early in the system development process and provides a holistic approach from ‘high-level’ goals to ‘privacy-compliant’ IT systems.

Privacy and Data Protection by Design - from policy to engineering

The report sketches a method to map legal obligations to design strategies, which allow the system designer to select appropriate techniques for implementing the identified privacy requirements, and concludes with recommendations on how to overcome and mitigate these limits.

A Systematic Mapping Study on Patient Data Privacy and Security for Software System Development

The main focus of this paper is to survey the various proposed solutions in the literature to incorporate patient data privacy and security into software systems.
...