Abstract
User-related contextual factors affect the degree of privacy protection that is necessary for a given context. Such factors include: sensitivity of data, location of data, sector, contractual restrictions, cultural expectations, user trust (in organisations, etc.), trustworthiness of partners, security deployed in the infrastructure, etc. The relationship between these factors and privacy control measures that should be deployed can be complex. In this paper we propose a decision based support system that assesses context and deduces a list of recommendations and controls. One or more design patterns will be suggested, that can be used in conjunction to satisfy contextual requirements. This is a broad solution that can be used for privacy, security and other types of requirement.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Information Commissioneres Office: The Privacy Dividend; the business case for investing in proactive privacy protection (2010)
Alexander, C., Ishikawa, S., Silverstein, M., Jacobson, M., Fiksdahl-King, I., Angel, S.: A Pattern Language: Towns, Buildings, Construction. Oxford University Press, Oxford (1977)
Miller, G.A.: WordNet: A Lexical Database for English. Communications of the ACM 38(11), 39–41
Pretschner, A., Schtz, F., Schaefer, C., Walter, T.: Policy Evolution in Distributed Usage Control. Electron. Notes Theor. Comput. Sci. 244 (2009)
IBM: The Enterprise Privacy Authorization Language (EPAL), EPAL specification, v1.2 (2004), http://www.zurich.ibm.com/security/enterprise-privacy/epal/
Casassa Mont, M.: Dealing with Privacy Obligations, Important Aspects and Technical Approaches. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 120–131. Springer, Heidelberg (2004)
Phls, H.G.: Verifiable and Revocable Expression of Consent to Processing of Aggregated Personal Data. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 279–293. Springer, Heidelberg (2008)
Ashley, P., Hada, S., Karjoth, G., Schunter, M.: E-P3P privacy policies and privacy authorization. In: WPES ’02, pp. 103–109 (2002)
Microsoft Corporation: Privacy Guidelines for Developing Software Products and Services, Version 2.1a (2007), http://www.microsoft.com/Downloads/details.aspx?FamilyID=c48cf80f-6e87-48f5-83ec-a18d1ad2fc1f&displaylang=en
Cannon, J.C.: Privacy: What Developers and IT Professionals Should Know. Addison Wesley, Reading (2004)
Patrick, A., Kenny, S.: From Privacy Legislation to Interface Design: Implementing Information Privacy in Human-Computer Interactions. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 107–124. Springer, Heidelberg (2003)
Belloti, V., Sellen, A.: Design for Privacy in Ubiquitous Computing Environments. In: Proc. 3rd European Conference on Computer-Supported Cooperative Work, pp. 77–92 (1993)
Information Commissioneres Office: PIA handbook (2007), http://www.ico.gov.uk/
Office of the Privacy Commissioner of Canada: Fact sheet: Privacy impact assessments (2007), http://www.privcom.gc.ca/
Information Commissioners Office: Privacy by Design. Report (2008), http://www.ico.gov.uk
Jutla, D.N., Bodorik, P.: Sociotechnical architecture for online privacy. IEEE Security and Privacy 3(2), 29–39 (2005)
Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Transactions on Software Engineering, 1–42 (2008)
Arista: Cloud Networking: Design Patterns for Cloud Centric Application Environments (2009), http://www.aristanetworks.com/en/CloudCentricDesignPatterns.pdf
Hafiz, M.: A collection of privacy design patterns. In: Proc. 2006 Conference on Pattern Languages of Programs, pp. 1–13. ACM, NY (2006)
Russel, S., Norvig, P.: Artificial Intelligence A Modern Approach, 2nd edn. Prentice Hall, Englewood Cliffs (2003)
Dicodess: Open Source Model-Driven DSS Generator, http://dicodess.sourceforge.net
XpertRule: Knowledge Builder, http://www.xpertrule.com/pages/info_kb.htm
Lumenaut: Decision Tree Package, http://www.lumenaut.com/decisiontree.htm
OC1 Oblique Classifier 1, http://www.cbcb.umd.edu/~salzberg/announce-oc1.html
Halkidis, S.T., Tsantalis, N., Chatzigeorgiou, A., Stephanides, G.: Architectural Risk Analysis of Software Systems Based on Security Patterns. IEEE TDSCÂ 5(3) (2008)
Kokolakis, S., Rizomiliotis, P., Benameur, A., Kumar Sinha, S.: Security and Dependability Solutions for Web Services and Workflows: A Patterns Approach, Security and dependability for Ambient Intelligence, May 2009. Springer, Heidelberg (2009)
Benameur, A., Fenet, S., Saidane, A., Khumar Sinha, S.: A Pattern-Based General Security Framework: An eBusiness Case Study. In: HPCC, Seoul, Korea (2009)
Delessy, N.A., d Fernandez, E. B.: A Pattern-Driven Security Process for SOA Applications. In: ARES, pp. 416–421 (2008)
Lobato, L.L., d Fernandez, E.B., Zorzo, S.D.: Patterns to Support the Development of Privacy Policies. In: ARES, pp. 744–774 (2009)
EnCoRe - Ensuring Consent and Revocation, http://www.encore-project.info/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pearson, S., Shen, Y. (2010). Context-Aware Privacy Design Pattern Selection. In: Katsikas, S., Lopez, J., Soriano, M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2010. Lecture Notes in Computer Science, vol 6264. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15152-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-15152-1_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15151-4
Online ISBN: 978-3-642-15152-1
eBook Packages: Computer ScienceComputer Science (R0)