Identifying privacy risks in distributed data services: A model-driven approach

Paul Grace, Daniel Burns, Geoffrey Neumann, Brian Pickering, Panos Melas, Mike Surridge

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Online services are becoming increasingly data-centric; they collect, process, analyze and anonymously disclose growing amounts of personal data. It is crucial that such systems are engineered in a privacy-aware manner in order to satisfy both the privacy requirements of the user, and the legal privacy regulations that the system operates under. How can system developers be better supported to create privacy-aware systems and help them to understand and identify privacy risks? Model-Driven Engineering (MDE) offers a principled approach to engineer systems software. The capture of shared domain knowledge in models and corresponding tool support can increase the developers' understanding. In this paper, we argue for the application of MDE approaches to engineer privacy-aware systems. We present a general purpose privacy model and methodology that can be used to analyse and identify privacy risks in systems that comprise both access control and data pseudonymization enforcement technologies. We evaluate this method using a case-study based approach and show how the model can be applied to engineer privacy-aware systems and privacy policies that reduce the risk of unintended disclosure.

Original languageEnglish
Title of host publicationProceedings - 2018 IEEE 38th International Conference on Distributed Computing Systems, ICDCS 2018
PublisherIEEE
Pages1513-1518
Number of pages6
ISBN (Electronic)9781538668719
ISBN (Print)978-1-5386-6872-6
DOIs
Publication statusPublished - 23 Jul 2018
Event38th IEEE International Conference on Distributed Computing Systems, ICDCS 2018 - Vienna, Austria
Duration: 2 Jul 20185 Jul 2018

Publication series

NameProceedings - International Conference on Distributed Computing Systems
Volume2018-July

Conference

Conference38th IEEE International Conference on Distributed Computing Systems, ICDCS 2018
CountryAustria
CityVienna
Period2/07/185/07/18

    Fingerprint

Bibliographical note

© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Keywords

  • Cloud
  • Model-driven engineering
  • Privacy
  • Risk

Cite this

Grace, P., Burns, D., Neumann, G., Pickering, B., Melas, P., & Surridge, M. (2018). Identifying privacy risks in distributed data services: A model-driven approach. In Proceedings - 2018 IEEE 38th International Conference on Distributed Computing Systems, ICDCS 2018 (pp. 1513-1518). (Proceedings - International Conference on Distributed Computing Systems; Vol. 2018-July). IEEE. https://doi.org/10.1109/ICDCS.2018.00157