Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Privacy-enhanced system design modeling based on privacy features

: Ahmadian, A.S.; Strüber, D.; Jürjens, J.


Association for Computing Machinery -ACM-; Association for Computing Machinery -ACM-, Special Interest Group on Applied Computing -SIGAPP-:
SAC 2019, 34th ACM/SIGAPP Symposium on Applied Computing. Proceedings : Limassol, Cyprus, April 08 - 12, 2019
New York: ACM, 2019
ISBN: 978-1-4503-5933-7
Symposium on Applied Computing (SAC) <34, 2019, Limassol/Cyprus>
Conference Paper
Fraunhofer ISST ()

To ensure that their stakeholders' privacy concerns are addressed systematically from the early development phases, organizations can perform a privacy enhancement of the system design. Such a privacy enhancement needs to account for three crucial types of input: First, risks to the rights of natural persons. Second, potential interrelations and dependencies among the privacy controls. Third, potential trade-offs regarding the costs of the controls. Despite numerous existing privacy enhancing technologies and catalogs of privacy controls, there has been no systematic methodology to support privacy enhancement based on these types of input.
In this paper, we propose a methodology to support the coherent privacy enhancement of a system design model. We consider an extensive variety of privacy controls, including privacy-design strategies, patterns, and privacy enhancing technologies. Representing these controls as privacy features, we explicitly maintain their interrelations and dependencies in a feature model. In order to identify an adequate selection of controls, we leverage a model-based cost estimation approach that analyzes the associated costs and benefits. We further demonstrate how the selected features can be integrated into the system model, by applying reusable aspect models to encapsulate the required changes to the system design. We evaluated our methodology based on three practical case studies.