A Conceptual Model for Privacy Policies with Consent and Revocation Requirements

Mont, Marco Casassa; Pearson, Siani; Creese, Sadie; Goldsmith, Michael; Papanikolaou, Nick

doi:10.1007/978-3-642-20769-3_21

Cited by 16 publications

(1 citation statement)

References 12 publications

(9 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A lot of research has focused on low-level approaches (Mont et al, 2011). Such works aim at producing machine-readable specifications, which can be directly used as input for software enforcement frameworks.…”

Section: Web Applications and Privacy: Key Problemsmentioning

confidence: 99%

PrivAPP

Basso¹

View full text Add to dashboard Cite

Web applications and web services are relevant technologies nowadays, supporting a wide range of services, such as e-commerce, e-banking, e-government, and others. Usually, to access these services, users, customers, and business partners need to provide personally identifiable information (PII), such as addresses, social security IDs, and credit card numbers.Furthermore, modern applications can automatically gather information related to users' activities, such as, for example, usage pattern or approximate location. Once this information is made available, it is no longer under the control of their owner regarding how it is actually handled, which raises privacy concerns. If on one hand companies and organizations want to be able to gather, data mine and share PII information, on the other hand they are interested in keeping such information private due to privacy laws and their credibility with respect to how able they are to protect the privacy of their users. This work presents a comprehensive approach to support the analysis, design, and development of web applications and services with privacy concerns. The approach is composed of a Privacy Conceptual Model (systematizes privacy concepts, showing privacy elements and their relations in an organized way), a Privacy Reference Architecture (abstract architecture which describes functionalities that must be addressed during the development of web applications to protect the privacy of the users) and a Privacy UML Profile (extension of the UML language to incorporate privacy concepts) and it allows stakeholders to better understand the privacy domain, as well as modeling and developing web applications consistently with the privacy policies enabling their enforcement. This way, PII can be managed in a more secure manner and protected from different sources of privacy violation. A case study was developed applying the approach to improve privacy protection for an online bookstore. The approach was evaluated considering two important key attributes: applicability and completeness. Results show that the approach adds value to the stakeholders and is an important contribution towards improving the process of designing web applications in the privacy domain.

show abstract

Section: Web Applications and Privacy: Key Problemsmentioning

confidence: 99%

PrivAPP

Basso¹

View full text Add to dashboard Cite

show abstract

PrivAPP: An integrated approach for the design of privacy‐aware applications

et al. 2017

View full text Add to dashboard Cite

Nowadays, personal information is collected, stored, and managed through web applications and services. Companies are interested in keeping such information private due to regulation laws and privacy concerns of customers. Furthermore, the reputation of a company can be dependent on privacy protection, ie, the more a company protects the privacy of its customers, the more credibility it gets.This paper proposes an integrated approach that relies on models and design tools to help in the analysis, design, and development of web applications and services with privacy concerns. Using the approach, these applications can be developed consistently with their privacy policies to enforce them, protecting personal information from different sources of privacy violation. The approach is composed of a conceptual model, a reference architecture, and a Unified Modified Language Profile, ie, an extension of the Unified Modified Language for including privacy protection. The idea is to systematize the privacy concepts in the scope of web applications and services, organizing the privacy domain knowledge and providing features and functionalities that must be addressed to protect the privacy of the users in the design and development of web applications. Validation has been performed by analyzing the ability of the approach to model privacy policies from real web applications and by applying it to a simple application example of an online bookstore. Results show that privacy protection can be implemented in a model-based approach, bringing values for the stakeholders and being an important contribution toward improving the process of designing web applications in the privacy domain.

show abstract

A UML Profile for Privacy Enforcement

Izquierdo

Salas

2018

Software Technologies: Applications and Foundations

View full text Add to dashboard Cite

A Conceptual Model for Privacy Policies with Consent and Revocation Requirements

Cited by 16 publications

References 12 publications

PrivAPP

PrivAPP

PrivAPP: An integrated approach for the design of privacy‐aware applications

A UML Profile for Privacy Enforcement

Contact Info

Product

Resources

About