Description
The motivation for services to limit the collection and processing of personal data is
increasing. Privacy by design is a commonly recognised engineering concept to reach
privacy goals in the design stage of a software system. In the past, various tools and
methods have been developed to aim for the goal of privacy by design, and the design
of software architecture with privacy requirements have been supported by various
methods. Integrating privacy requirements into a software architecture and balancing
them with functional and non-functional requirements, however, remains a difficult task.
A concrete problem is that existing models, such as the 4+1 architectural view model, do
not sufficiently reflect the relevant properties. This gap harbours the risk of overlooking
privacy threats and complicates the comparison of different software architecture design
candidates with respect to their privacy threats. A solution, named the privacy view, is
presented to address the gap. It includes an enhanced data flow model that depicts data
control domains, and it allows the calculation of unlinkability and anonymity metrics to
simplify the comparison of two design candidates.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching