Privacy as an Architectural Quality: A Definition and an Architectural View

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-07-01 DOI:10.1109/EuroSPW59978.2023.00019

Immanuel Kunz, Shuqian Xu

{"title":"Privacy as an Architectural Quality: A Definition and an Architectural View","authors":"Immanuel Kunz, Shuqian Xu","doi":"10.1109/EuroSPW59978.2023.00019","DOIUrl":null,"url":null,"abstract":"Software architects describe architectures from different perspectives to compare, document, and explain them to other stakeholders. Numerous views have been proposed in the past in the form of architectural models and modelling languages. However, these views do not sufficiently reflect privacy properties, making it difficult for architects to evaluate and compare design candidates.In this paper, we first define privacy as an architectural quality, and then propose a privacy-by-design architectural view which uses an extended data flow diagram to support the documentation, evaluation, and comparison of architecture designs. The view uses control domains, showing which entities actually control personal data in the design, and metrics that can quantify privacy aspects. We also present a method to create the view automatically from source code. This approach can be useful in the maintenance phase of the software lifecycle, as well as in agile development where source code and architecture are changed iteratively. The results can be integrated into the Attribute-Driven Design method, and can also be used to document design decisions, e.g., for future design support or a certification audit.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EuroSPW59978.2023.00019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Software architects describe architectures from different perspectives to compare, document, and explain them to other stakeholders. Numerous views have been proposed in the past in the form of architectural models and modelling languages. However, these views do not sufficiently reflect privacy properties, making it difficult for architects to evaluate and compare design candidates.In this paper, we first define privacy as an architectural quality, and then propose a privacy-by-design architectural view which uses an extended data flow diagram to support the documentation, evaluation, and comparison of architecture designs. The view uses control domains, showing which entities actually control personal data in the design, and metrics that can quantify privacy aspects. We also present a method to create the view automatically from source code. This approach can be useful in the maintenance phase of the software lifecycle, as well as in agile development where source code and architecture are changed iteratively. The results can be integrated into the Attribute-Driven Design method, and can also be used to document design decisions, e.g., for future design support or a certification audit.

查看原文本刊更多论文

隐私作为一种架构质量:定义和架构观点

软件架构师从不同的角度描述体系结构，以比较、记录并向其他涉众解释它们。过去已经以架构模型和建模语言的形式提出了许多视图。然而，这些视图不能充分反映隐私属性，使得架构师很难评估和比较候选设计。在本文中，我们首先将隐私定义为一种架构质量，然后提出了一种基于设计的隐私架构视图，该视图使用扩展的数据流程图来支持架构设计的文档、评估和比较。视图使用控制域，显示哪些实体实际控制设计中的个人数据，以及可以量化隐私方面的指标。我们还提供了一个从源代码自动创建视图的方法。这种方法在软件生命周期的维护阶段，以及在迭代地更改源代码和体系结构的敏捷开发中非常有用。结果可以集成到属性驱动设计方法中，也可以用于记录设计决策，例如，用于将来的设计支持或认证审核。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

自引率

0.00%

发文量