The University of Southampton
University of Southampton Institutional Repository

Identifying privacy risks in distributed data services: A model-driven approach

Identifying privacy risks in distributed data services: A model-driven approach
Identifying privacy risks in distributed data services: A model-driven approach
Abstract: Online services are becoming increasingly data-centric; they collect, process, analyze and anonymously disclose growing amounts of personal data. It is crucial that such systems are engineered in a privacy-aware manner in order to satisfy both the privacy requirements of the user, and the legal privacy regulations that the system operates under. How can system developers be better supported to create privacy-aware systems and help them to understand and identify privacy risks? Model-Driven Engineering (MDE) offers a principled approach to engineer systems software. The capture of shared domain knowledge in models and corresponding tool support can increase the developers' understanding. In this paper, we argue for the application of MDE approaches to engineer privacy-aware systems. We present a general purpose privacy model and methodology that can be used to analyse and identify privacy risks in systems that comprise both access control and data pseudonymization enforcement technologies. We evaluate this method using a case-study based approach and show how the model can be applied to engineer privacy-aware systems and privacy
policies that reduce the risk of unintended disclosure.
2575-8411
1513 - 1518
IEEE
Grace, Paul
b48ef8f2-b116-48ce-b774-4d43808cc02f
Burns, Daniel
40b9dc88-a54a-4365-b747-4456d9203146
Neumann, Geoffrey
9dfe6611-52bb-4ba6-ad83-b92c7acb4bb3
Pickering, Brian
225088d0-729e-4f17-afe2-1ad1193ccae6
Melas, Panagiotis
bf7a965b-691f-4380-96d1-f2f8eb319c89
Surridge, Michael
3bd360fa-1962-4992-bb16-12fc4dd7d9a9
Grace, Paul
b48ef8f2-b116-48ce-b774-4d43808cc02f
Burns, Daniel
40b9dc88-a54a-4365-b747-4456d9203146
Neumann, Geoffrey
9dfe6611-52bb-4ba6-ad83-b92c7acb4bb3
Pickering, Brian
225088d0-729e-4f17-afe2-1ad1193ccae6
Melas, Panagiotis
bf7a965b-691f-4380-96d1-f2f8eb319c89
Surridge, Michael
3bd360fa-1962-4992-bb16-12fc4dd7d9a9

Grace, Paul, Burns, Daniel, Neumann, Geoffrey, Pickering, Brian, Melas, Panagiotis and Surridge, Michael (2018) Identifying privacy risks in distributed data services: A model-driven approach. In 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS). IEEE. 1513 - 1518 . (doi:10.1109/ICDCS.2018.00157).

Record type: Conference or Workshop Item (Paper)

Abstract

Abstract: Online services are becoming increasingly data-centric; they collect, process, analyze and anonymously disclose growing amounts of personal data. It is crucial that such systems are engineered in a privacy-aware manner in order to satisfy both the privacy requirements of the user, and the legal privacy regulations that the system operates under. How can system developers be better supported to create privacy-aware systems and help them to understand and identify privacy risks? Model-Driven Engineering (MDE) offers a principled approach to engineer systems software. The capture of shared domain knowledge in models and corresponding tool support can increase the developers' understanding. In this paper, we argue for the application of MDE approaches to engineer privacy-aware systems. We present a general purpose privacy model and methodology that can be used to analyse and identify privacy risks in systems that comprise both access control and data pseudonymization enforcement technologies. We evaluate this method using a case-study based approach and show how the model can be applied to engineer privacy-aware systems and privacy
policies that reduce the risk of unintended disclosure.

Text
icdcs_iti_2018 - Accepted Manuscript
Download (770kB)

More information

Submitted date: 15 March 2018
Accepted/In Press date: 19 April 2018
e-pub ahead of print date: 23 July 2018
Published date: 23 July 2018
Venue - Dates: IEEE International Conference on Distributed Computing Systems, , Vienna, Austria, 2018-07-01 - 2018-07-04

Identifiers

Local EPrints ID: 419998
URI: http://eprints.soton.ac.uk/id/eprint/419998
ISSN: 2575-8411
PURE UUID: d6ea4218-2435-4407-af25-f61721365318
ORCID for Paul Grace: ORCID iD orcid.org/0000-0003-2363-0630
ORCID for Daniel Burns: ORCID iD orcid.org/0000-0001-6976-1068
ORCID for Brian Pickering: ORCID iD orcid.org/0000-0002-6815-2938

Catalogue record

Date deposited: 25 Apr 2018 16:30
Last modified: 02 Jul 2021 01:54

Export record

Altmetrics

Contributors

Author: Paul Grace ORCID iD
Author: Daniel Burns ORCID iD
Author: Geoffrey Neumann
Author: Brian Pickering ORCID iD
Author: Panagiotis Melas
Author: Michael Surridge

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×