Privacy by Design: From Technologies to Architectures - (Position Paper)

@article{Antignac2014PrivacyBD,
  title={Privacy by Design: From Technologies to Architectures - (Position Paper)},
  author={Thibaud Antignac and Daniel Le M{\'e}tayer},
  journal={ArXiv},
  year={2014},
  volume={abs/1410.0030}
}
Existing work on privacy by design mostly focus on technologies rather than methodologies and on components rather than architectures. In this paper, we advocate the idea that privacy by design should also be addressed at the architectural level and be associated with suitable methodologies. Among other benefits, architectural descriptions enable a more systematic exploration of the design space. In addition, because privacy is intrinsically a complex notion that can be in tension with other… Expand
Privacy by Design: On the Conformance Between Protocols and Architectures
TLDR
This paper addresses the question that whether a given protocol conforms to a privacy architecture and provides the answer based on formal methods and proposes a process algebra variant to define protocols and reason about privacy properties. Expand
Privacy Architectural Strategies: An Approach for Achieving Various Levels of Privacy Protection
TLDR
This work presents an engineering approach to Privacy by Design that uses the concept of architectural strategies to support the adoption of PETs in the early stages of the design process to achieve various levels of privacy protection. Expand
Energineering privacy by Design Reloaded
TLDR
This paper used two case studies, a system for anonymous e-petitions, and a privacypreserving Electronic Toll Pricing system (PrETP), to illustrate in a concrete manner how a design process guided by the principle of data minimization would lead to a reduction of privacy risks, avoid function-creep, and provide users with maximum control over sensitive information. Expand
Constructing Independently Verifiable Privacy-Compliant Type Systems for Message Passing Between Black-Box Components
TLDR
Algorithms that take as input an architecture and a set of privacy constraints, and output an extension of the original architecture that satisfies the privacy constraints are presented. Expand
Privacy Architectures: Reasoning about Data Minimisation and Integrity
TLDR
This work proposes an approach based on the specification of privacy architectures and focus on a key aspect of privacy, data minimisation, and its tension with integrity requirements. Expand
Privacy and Data Protection by Design - from policy to engineering
TLDR
The report sketches a method to map legal obligations to design strategies, which allow the system designer to select appropriate techniques for implementing the identified privacy requirements, and concludes with recommendations on how to overcome and mitigate these limits. Expand
PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology
TLDR
This paper reviews existing best practices in the analysis and design stages of the system development lifecycle, introduces a systematic methodology for privacy engineering that merges and integrates them, leveraging their best features whilst addressing their weak points, and describes its alignment with current standardization efforts. Expand
Whom to trust? Using technology to enforce privacy.
TLDR
Some of the main challenges in this area including the issues raised by the large-scale exploitation of data (“big data”) and the effective implementation of privacy by design and accountability are reviewed. Expand
Model-Based Privacy Analysis in Industrial Ecosystems
TLDR
This paper provides a model-based privacy analysis approach to analyze IT systems that provide IT services to service customers and presents an implementation of the approach based on the CARiSMA tool. Expand
Operationalizing Privacy by Design: An Indian illustration
This article identifies Privacy by Design [“PbD”] as a suitable regulatory approach to address the attack on personal data in the Fourth Industrial Revolution. It proposes Privacy Engineering [“PE”]Expand
...
1
2
3
...

References

SHOWING 1-10 OF 74 REFERENCES
Privacy by design: a formal framework for the analysis of architectural choices
TLDR
This paper proposes a framework to express the parameters to be taken into account and an inference system to derive properties such as the possibility for an actor to detect potential errors (or frauds) in the computation of a variable. Expand
Privacy Design Strategies
TLDR
These strategies help IT architects to support privacy by design early in the software development life cycle, during concept development and analysis and provide a useful classification of privacy design patterns and the underlying privacy enhancing technologies. Expand
PEARs: Privacy Enhancing ARchitectures
  • A. Kung
  • Engineering, Computer Science
  • APF
  • 2014
TLDR
This paper points out the importance of architecture in designing a privacy-by-design system and specifies a straw man architecture design methodology for privacy, illustrated through an Intelligent Transport systems (ITS) example application. Expand
Privacy by Design: A Matter of Choice
  • D. L. Métayer
  • Political Science, Computer Science
  • Data Protection in a Profiled World
  • 2010
TLDR
The goal of this chapter is to review this gap between a toolset of available technologies and the still unrealized promises of privacy by design. Expand
Engineering Privacy by Design
TLDR
This paper argues that engineering systems according to the privacy by design principles requires the development of generalizable methodologies that build upon the principle of data minimization, and presents a summary of two case studies in which privacy is achieved by minimizing different types of data. Expand
Engineering Privacy
TLDR
The paper uses a three-layer model of user privacy concerns to relate them to system operations and examine their effects on user behavior, and develops guidelines for building privacy-friendly systems. Expand
Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems
TLDR
Six principles for guiding system design are developed, based on a set of fair information practices common in most privacy legislation in use today: notice, choice and consent, proximity and locality, anonymity and pseudonymity, security, and access and recourse. Expand
A Formal Privacy Management Framework
  • D. L. Métayer
  • Computer Science
  • Formal Aspects in Security and Trust
  • 2008
TLDR
This paper focuses on the formal framework proposed in the project to deliver this consent through software agents to provide to the individuals effective ways to convey their consent to the disclosure of their personal data. Expand
Privacy in the Cloud: Bridging the Gap between Design and Implementation
TLDR
A number of privacy-oriented technical concepts that analysts need to consider when designing and modeling privacy-aware systems in a cloud environment are presented. Expand
Formal Methods for Privacy
TLDR
It is argued technology's dual role in privacy: new technologies raise new threats to privacy rights and new technologies can help preserve privacy, which raises new challenges and thus new research opportunities for the formal methods community. Expand
...
1
2
3
4
5
...