Identifying privacy risks in distributed data services: A model-driven approach

Paul Grace; Daniel Burns; Geoffrey Neumann; Brian Pickering; Panos Melas; Mike Surridge

doi:10.1109/ICDCS.2018.00157

Identifying privacy risks in distributed data services: A model-driven approach

Paul Grace, Daniel Burns, Geoffrey Neumann, Brian Pickering, Panos Melas, Mike Surridge

College of Engineering and Physical Sciences

Research output: Chapter in Book/Published conference output › Conference publication

Abstract

Online services are becoming increasingly data-centric; they collect, process, analyze and anonymously disclose growing amounts of personal data. It is crucial that such systems are engineered in a privacy-aware manner in order to satisfy both the privacy requirements of the user, and the legal privacy regulations that the system operates under. How can system developers be better supported to create privacy-aware systems and help them to understand and identify privacy risks? Model-Driven Engineering (MDE) offers a principled approach to engineer systems software. The capture of shared domain knowledge in models and corresponding tool support can increase the developers' understanding. In this paper, we argue for the application of MDE approaches to engineer privacy-aware systems. We present a general purpose privacy model and methodology that can be used to analyse and identify privacy risks in systems that comprise both access control and data pseudonymization enforcement technologies. We evaluate this method using a case-study based approach and show how the model can be applied to engineer privacy-aware systems and privacy policies that reduce the risk of unintended disclosure.

Original language	English
Title of host publication	Proceedings - 2018 IEEE 38th International Conference on Distributed Computing Systems, ICDCS 2018
Publisher	IEEE
Pages	1513-1518
Number of pages	6
ISBN (Electronic)	9781538668719
ISBN (Print)	978-1-5386-6872-6
DOIs	https://doi.org/10.1109/ICDCS.2018.00157
Publication status	Published - 23 Jul 2018
Event	38th IEEE International Conference on Distributed Computing Systems, ICDCS 2018 - Vienna, Austria Duration: 2 Jul 2018 → 5 Jul 2018

Publication series

Name	Proceedings - International Conference on Distributed Computing Systems
Volume	2018-July

Conference

Conference	38th IEEE International Conference on Distributed Computing Systems, ICDCS 2018
Country/Territory	Austria
City	Vienna
Period	2/07/18 → 5/07/18

Bibliographical note

© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Keywords

Cloud
Model-driven engineering
Privacy
Risk

Access to Document

10.1109/ICDCS.2018.00157

icdcs_iti_2018
© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Accepted author manuscript, 753 KB

Cite this

Grace, P., Burns, D., Neumann, G., Pickering, B., Melas, P., & Surridge, M. (2018). Identifying privacy risks in distributed data services: A model-driven approach. In Proceedings - 2018 IEEE 38th International Conference on Distributed Computing Systems, ICDCS 2018 (pp. 1513-1518). (Proceedings - International Conference on Distributed Computing Systems; Vol. 2018-July). IEEE. https://doi.org/10.1109/ICDCS.2018.00157

@inproceedings{9c5748d54b4f41a18bd6e022b4a20580,

title = "Identifying privacy risks in distributed data services: A model-driven approach",

abstract = "Online services are becoming increasingly data-centric; they collect, process, analyze and anonymously disclose growing amounts of personal data. It is crucial that such systems are engineered in a privacy-aware manner in order to satisfy both the privacy requirements of the user, and the legal privacy regulations that the system operates under. How can system developers be better supported to create privacy-aware systems and help them to understand and identify privacy risks? Model-Driven Engineering (MDE) offers a principled approach to engineer systems software. The capture of shared domain knowledge in models and corresponding tool support can increase the developers' understanding. In this paper, we argue for the application of MDE approaches to engineer privacy-aware systems. We present a general purpose privacy model and methodology that can be used to analyse and identify privacy risks in systems that comprise both access control and data pseudonymization enforcement technologies. We evaluate this method using a case-study based approach and show how the model can be applied to engineer privacy-aware systems and privacy policies that reduce the risk of unintended disclosure.",

keywords = "Cloud, Model-driven engineering, Privacy, Risk",

author = "Paul Grace and Daniel Burns and Geoffrey Neumann and Brian Pickering and Panos Melas and Mike Surridge",

note = "{\textcopyright} 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. ; 38th IEEE International Conference on Distributed Computing Systems, ICDCS 2018 ; Conference date: 02-07-2018 Through 05-07-2018",

year = "2018",

month = jul,

day = "23",

doi = "10.1109/ICDCS.2018.00157",

language = "English",

isbn = "978-1-5386-6872-6",

series = "Proceedings - International Conference on Distributed Computing Systems",

publisher = "IEEE",

pages = "1513--1518",

booktitle = "Proceedings - 2018 IEEE 38th International Conference on Distributed Computing Systems, ICDCS 2018",

address = "United States",

}

Grace, P, Burns, D, Neumann, G, Pickering, B, Melas, P & Surridge, M 2018, Identifying privacy risks in distributed data services: A model-driven approach. in Proceedings - 2018 IEEE 38th International Conference on Distributed Computing Systems, ICDCS 2018. Proceedings - International Conference on Distributed Computing Systems, vol. 2018-July, IEEE, pp. 1513-1518, 38th IEEE International Conference on Distributed Computing Systems, ICDCS 2018, Vienna, Austria, 2/07/18. https://doi.org/10.1109/ICDCS.2018.00157

Identifying privacy risks in distributed data services: A model-driven approach. / Grace, Paul; Burns, Daniel; Neumann, Geoffrey et al.
Proceedings - 2018 IEEE 38th International Conference on Distributed Computing Systems, ICDCS 2018. IEEE, 2018. p. 1513-1518 (Proceedings - International Conference on Distributed Computing Systems; Vol. 2018-July).

Research output: Chapter in Book/Published conference output › Conference publication

TY - GEN

T1 - Identifying privacy risks in distributed data services

T2 - 38th IEEE International Conference on Distributed Computing Systems, ICDCS 2018

AU - Grace, Paul

AU - Burns, Daniel

AU - Neumann, Geoffrey

AU - Pickering, Brian

AU - Melas, Panos

AU - Surridge, Mike

N1 - © 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

PY - 2018/7/23

Y1 - 2018/7/23

N2 - Online services are becoming increasingly data-centric; they collect, process, analyze and anonymously disclose growing amounts of personal data. It is crucial that such systems are engineered in a privacy-aware manner in order to satisfy both the privacy requirements of the user, and the legal privacy regulations that the system operates under. How can system developers be better supported to create privacy-aware systems and help them to understand and identify privacy risks? Model-Driven Engineering (MDE) offers a principled approach to engineer systems software. The capture of shared domain knowledge in models and corresponding tool support can increase the developers' understanding. In this paper, we argue for the application of MDE approaches to engineer privacy-aware systems. We present a general purpose privacy model and methodology that can be used to analyse and identify privacy risks in systems that comprise both access control and data pseudonymization enforcement technologies. We evaluate this method using a case-study based approach and show how the model can be applied to engineer privacy-aware systems and privacy policies that reduce the risk of unintended disclosure.

AB - Online services are becoming increasingly data-centric; they collect, process, analyze and anonymously disclose growing amounts of personal data. It is crucial that such systems are engineered in a privacy-aware manner in order to satisfy both the privacy requirements of the user, and the legal privacy regulations that the system operates under. How can system developers be better supported to create privacy-aware systems and help them to understand and identify privacy risks? Model-Driven Engineering (MDE) offers a principled approach to engineer systems software. The capture of shared domain knowledge in models and corresponding tool support can increase the developers' understanding. In this paper, we argue for the application of MDE approaches to engineer privacy-aware systems. We present a general purpose privacy model and methodology that can be used to analyse and identify privacy risks in systems that comprise both access control and data pseudonymization enforcement technologies. We evaluate this method using a case-study based approach and show how the model can be applied to engineer privacy-aware systems and privacy policies that reduce the risk of unintended disclosure.

KW - Cloud

KW - Model-driven engineering

KW - Privacy

KW - Risk

UR - http://www.scopus.com/inward/record.url?scp=85050979111&partnerID=8YFLogxK

UR - https://ieeexplore.ieee.org/document/8416420

U2 - 10.1109/ICDCS.2018.00157

DO - 10.1109/ICDCS.2018.00157

M3 - Conference publication

AN - SCOPUS:85050979111

SN - 978-1-5386-6872-6

T3 - Proceedings - International Conference on Distributed Computing Systems

SP - 1513

EP - 1518

BT - Proceedings - 2018 IEEE 38th International Conference on Distributed Computing Systems, ICDCS 2018

PB - IEEE

Y2 - 2 July 2018 through 5 July 2018

ER -

Grace P, Burns D, Neumann G, Pickering B, Melas P, Surridge M. Identifying privacy risks in distributed data services: A model-driven approach. In Proceedings - 2018 IEEE 38th International Conference on Distributed Computing Systems, ICDCS 2018. IEEE. 2018. p. 1513-1518. (Proceedings - International Conference on Distributed Computing Systems). doi: 10.1109/ICDCS.2018.00157

Identifying privacy risks in distributed data services: A model-driven approach

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this