Identifying privacy risks in distributed data services: A model-driven approach
2018 IEEE 38th International Conference on Distributed Computing …, 2018•ieeexplore.ieee.org
Online services are becoming increasingly data-centric; they collect, process, analyze and
anonymously disclose growing amounts of personal data. It is crucial that such systems are
engineered in a privacy-aware manner in order to satisfy both the privacy requirements of
the user, and the legal privacy regulations that the system operates under. How can system
developers be better supported to create privacy-aware systems and help them to
understand and identify privacy risks? Model-Driven Engineering (MDE) offers a principled …
anonymously disclose growing amounts of personal data. It is crucial that such systems are
engineered in a privacy-aware manner in order to satisfy both the privacy requirements of
the user, and the legal privacy regulations that the system operates under. How can system
developers be better supported to create privacy-aware systems and help them to
understand and identify privacy risks? Model-Driven Engineering (MDE) offers a principled …
Online services are becoming increasingly data-centric; they collect, process, analyze and anonymously disclose growing amounts of personal data. It is crucial that such systems are engineered in a privacy-aware manner in order to satisfy both the privacy requirements of the user, and the legal privacy regulations that the system operates under. How can system developers be better supported to create privacy-aware systems and help them to understand and identify privacy risks? Model-Driven Engineering (MDE) offers a principled approach to engineer systems software. The capture of shared domain knowledge in models and corresponding tool support can increase the developers' understanding. In this paper, we argue for the application of MDE approaches to engineer privacy-aware systems. We present a general purpose privacy model and methodology that can be used to analyse and identify privacy risks in systems that comprise both access control and data pseudonymization enforcement technologies. We evaluate this method using a case-study based approach and show how the model can be applied to engineer privacy-aware systems and privacy policies that reduce the risk of unintended disclosure.
ieeexplore.ieee.org
Showing the best result for this search. See all results