Identifying Privacy Risks in Distributed Data Services: A Model-Driven Approach

Grace, Paul; Burns, Daniel; Neumann, Geoffrey; Pickering, J. Brian; Melas, P.; Surridge, Mike

doi:10.1109/icdcs.2018.00157

Cited by 2 publications

(4 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A refinement approach for the reuse of privacy risk analysis results Identifying privacy risks in distributed data services: A model-driven approach [69] iii. In the validation category, studies critically assess a proposed solution, whether by the authors themselves or other researchers, for example, through comparative analyses or other forms of rigorous scrutiny (e.g., experiments, simulation, prototyping, mathematical analysis), without actually evaluating it in practice.…”

Section: Resultsmentioning

confidence: 99%

“…Given this, we state that such methods can be considered comprehensive in eliciting privacy requirements. However, S39 [69] only covers two privacy properties. In addition, we assessed the methodologies in terms of privacy measures.…”

Section: Scope and Focusmentioning

confidence: 99%

“…Grace et al [69] presented a model-based methodology that leverages model-driven engineering (MDE) to identify and analyze privacy risks during the design phase of a system. To identify and analyze privacy risks, the methodology begins with constructing a DFD, which is later used to generate a Labelled Transition System (LTS) privacy model (with the elements state and transition) that represents the state of the user's privacy in a given system.…”

Section: S39mentioning

confidence: 99%

See 2 more Smart Citations

On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature Review

Wairimu,

Iwaya,

Fritsch

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Assessing privacy risks and incorporating privacy measures from the onset requires a comprehensive understanding of potential impacts on data subjects. Privacy Impact Assessments (PIAs) offer a systematic methodology for such purposes, which are closely related to Data Protection Impact Assessments (DPIAs), particularly outlined in Article 35 of the General Data Protection Regulation (GDPR). The core of a PIA is a Privacy Risk Assessment (PRA). PRAs can be integrated as part of full-fledged PIAs or independently developed to support PIA processes. Although these methodologies have been identified as essential enablers of privacy by design, their effectiveness has been criticized because of the lack of evidence of their rigorous and systematic evaluation. Hence, we conducted a Systematic Literature Review (SLR) to identify published PIA and PRA methodologies and assess how and to what extent they have been scientifically validated or evaluated. We found that these methodologies are rarely evaluated for their performance in practice, and most of them have only been validated in limited studies. Most validation evidence is found with PRA methodologies. Of the evaluated methodologies, PIAs were the most evaluated, where case studies were the predominant evaluation method. These evaluated methodologies can be easily transferred to an industrial setting or used by practitioners, as they provide evidence of their use in practice. In addition, the findings in this study can be used to inform researchers of the current state-of-the-art, and practitioners can understand the benefits and current limitations of the methodologies and adopt evidencebased practices.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Scope and Focusmentioning

confidence: 99%

Section: S39mentioning

confidence: 99%

See 1 more Smart Citation

On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature Review

Wairimu,

Iwaya,

Fritsch

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In this section we provide a formal model of user privacy that is generated based upon the input data-flow diagrams (we do not detail the transformation algorithm in this paper, see [9]). User privacy is modeled in terms of how actor actions on personal data change the user's state of privacy.…”

Section: Step 2: Automatically Generating An Lts Privacy Modelmentioning

confidence: 99%

Pseudonymization risk analysis in distributed systems

Neumann

Grace

Burns

et al. 2019

J Internet Serv Appl

Self Cite

View full text Add to dashboard Cite

In an era of big data, online services are becoming increasingly data-centric; they collect, process, analyze and anonymously disclose growing amounts of personal data in the form of pseudonymized data sets. It is crucial that such systems are engineered to both protect individual user (data subject) privacy and give back control of personal data to the user. In terms of pseudonymized data this means that unwanted individuals should not be able to deduce sensitive information about the user. However, the plethora of pseudonymization algorithms and tuneable parameters that currently exist make it difficult for a non expert developer (data controller) to understand and realise strong privacy guarantees. In this paper we propose a principled Model-Driven Engineering (MDE) framework to model data services in terms of their pseudonymization strategies and identify the risks to breaches of user privacy. A developer can explore alternative pseudonymization strategies to determine the effectiveness of their pseudonymization strategy in terms of quantifiable metrics: i) violations of privacy requirements for every user in the current data set; ii) the trade-off between conforming to these requirements and the usefulness of the data for its intended purposes. We demonstrate through an experimental evaluation that the information provided by the framework is useful, particularly in complex situations where privacy requirements are different for different users, and can inform decisions to optimize a chosen strategy in comparison to applying an off-the-shelf algorithm.

show abstract

Identifying Privacy Risks in Distributed Data Services: A Model-Driven Approach

Cited by 2 publications

References 11 publications

On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature Review

On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature Review

Pseudonymization risk analysis in distributed systems

Contact Info

Product

Resources

About