Corpus ID: 220633101

Privacy Engineering Meets Software Engineering. On the Challenges of Engineering Privacy ByDesign

  title={Privacy Engineering Meets Software Engineering. On the Challenges of Engineering Privacy ByDesign},
  author={Blagovesta Kostova and Seda F. G{\"u}rses and C. Troncoso},
Current day software development relies heavily on the use of service architectures and on agile iterative development methods to design, implement, and deploy systems. These practices result in systems made up of multiple services that introduce new data flows and evolving designs that escape the control of a single designer. Academic privacy engineering literature typically abstracts away such conditions of software production in order to achieve generalizable results. Yet, through a… Expand
Cloud Native Privacy Engineering through DevPrivOps
A reference software development lifecycle called DevPrivOps is proposed to enhance established agile development methods with respect to privacy and shows that cloud native privacy engineering advances the state of the art of privacy by design and by default using latest technologies. Expand
Exploring Design and Governance Challenges in the Development of Privacy-Preserving Computation
Interviewing researchers, developers, industry leaders, policymakers, and designers involved in their deployment provided insight into several pertinent challenges facing the adoption of these privacy-preserving computation techniques, including how they might make a nebulous concept like privacy computationally tractable. Expand
Hard Choices in Artificial Intelligence
The vagueness in debates about the safety and ethical behavior of AI systems is examined, and it is shown how it cannot be resolved through mathematical formalism alone, instead requiring deliberation about the politics of development as well as the context of deployment. Expand


Applying Privacy by Design in Software Engineering - An European Perspective
The current state-of-the-art related to PbD in software engineering and the impact of the proposed European data protection legislation on this process are evaluated and a self-assessment method can be used to evaluate to what degree an organization has managed to adopt the P bD mindset in their software engineering projects. Expand
Engineering Privacy by Design
This paper argues that engineering systems according to the privacy by design principles requires the development of generalizable methodologies that build upon the principle of data minimization, and presents a summary of two case studies in which privacy is achieved by minimizing different types of data. Expand
PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology
This paper reviews existing best practices in the analysis and design stages of the system development lifecycle, introduces a systematic methodology for privacy engineering that merges and integrates them, leveraging their best features whilst addressing their weak points, and describes its alignment with current standardization efforts. Expand
Will They Use It or Not? Investigating Software Developers’ Intention to Follow Privacy Engineering Methodologies
Findings of the study show that the usefulness of the PEM to the developers’ existing work to be the strongest determinant that affects software Developers’ intention to follow PEMs. Expand
Why developers cannot embed privacy into software systems?: An empirical investigation
This study investigates 36 software developers in a software design task with instructions to embed privacy in order to identify the problems they face and derive recommendation guidelines to address the problems to enable the development of privacy preserving software systems. Expand
A Privacy-Aware V-Model for Software Development
This paper proposes the new W-model as a privacy-aware extension of the V-model frequently used in software engineering, and introduces a cost function that assists privacy engineers in selecting the most suitable countermeasure. Expand
Privacy by designers: software developers’ privacy mindset
It is shown how a theoretical model of the factors that influence developers’ privacy practices can be conceptualized and used as a guide for future research toward effective implementation of PbD. Expand
Addressing privacy requirements in system design: the PriS method
PriS is described, a security requirements engineering method, which incorporates privacy requirements early in the system development process and provides a holistic approach from ‘high-level’ goals to ‘privacy-compliant’ IT systems. Expand
Privacy Engineering: Shaping an Emerging Field of Research and Practice
The authors provide a definition of privacy engineering and describe encompassing activities and expand on these with findings from the First International Workshop on Privacy Engineering (IWPE), and conclude with future challenges. Expand
Privacy Design Strategies
These strategies help IT architects to support privacy by design early in the software development life cycle, during concept development and analysis and provide a useful classification of privacy design patterns and the underlying privacy enhancing technologies. Expand