Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Privacy Oriented Software Development

  • Conference paper
  • First Online:
Quality of Information and Communications Technology (QUATIC 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1010))

Abstract

Threats to applications security are continuously evolving thanks to factors such as progress made by the attackers, release of new technologies, use of increasingly complex systems. In this scenario, it is necessary to implement both design and programming practices that guarantee the security of the code on one hand, and the privacy of the data, on the other. This paper proposes a software development approach, Privacy Oriented Software Development (POSD), that complements traditional development processes by integrating the activities needed for addressing security and privacy management in software systems. The approach is based on 5 key elements (Privacy by Design, Privacy Design Strategies, Privacy Pattern, Vulnerabilities, Context). It can be applied forward for developing new systems and backward for re-engineering an existing one. This paper presents the POSD approach in the backward mode together with an experimentation in the context of an industrial project. Results show that POSD is able to discover software vulnerabilities, identify the remediation patterns needed for addressing them in the source code and design the target architecture to be used for guiding privacy-oriented system reengineering.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Halkidis, S.T., Tsantalis, N., Chatzigeorgiou, A., Stephanides, G.: Architectural risk analysis of software systems based on security patterns. IEEE Trans. Dependable Secure Comput. 5(3), 129–142 (2008)

    Article  Google Scholar 

  2. Caivano, D., Fernandez-Ropero, M., Pérez-Castillo, R., Piattini, M., Scalera, M.: Artifact-based vs. human-perceived understandability and modifiability of refactored business processes: An experiment. J. Syst. Softw. 144, 143–164 (2018)

    Article  Google Scholar 

  3. Cavoukian, A.: Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices, pp. 1–72 (2012)

    Google Scholar 

  4. Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IFIPAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_38

    Chapter  Google Scholar 

  5. Privacy Patterns. UC Berkeley, School of Information. https://privacypatterns.org

  6. OWASP, OWASP Top 10 – 2017. The Ten Most Critical Web Application Security Risks. https://owasp.org. Accessed 23 Apr 2019

  7. Hatzivasilis, G., Papaefstathiou, I., Manifavas, C.: Software security, privacy, and dependability: metrics and measurement. IEEE Softw. 33(4), 46–54 (2016)

    Article  Google Scholar 

  8. Black, P.E., Badger, L., Guttman, B., Fong, E.: Dramatically Reducing Software Vulnerabilities (2016). https://doi.org/10.6028/NIST.IR.8151

  9. IBM: X-Force Threat Intelligence Index 2019. IBM Security. Accessed 24 Apr 2019

    Google Scholar 

  10. Baldassarre, M.T., Barletta, V.S., Caivano, D., Raguseo, D., Scalera, M.: Teaching cyber security: the hack-space integrated model. In: Proceedings of the Third Italian Conference on Cyber Security, vol-2315, CEUR Workshop Proceedings (2019)

    Google Scholar 

  11. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC

    Google Scholar 

  12. Kissel, R.L., Stine, K.M., Scholl, M.A., Rossman, H., Fahlsing, J., Gulick, J.: Security Considerations in the System Development Life Cycle. Special Publication (NIST SP) (2008)

    Google Scholar 

  13. Jaatun, M.G., Cruzes, D.S., Bernsmed, K., Tøndel, I.A., Røstad, L.: Software security maturity in public organisations. In: Lopez, J., Mitchell, C.J. (eds.) ISC 2015. LNCS, vol. 9290, pp. 120–138. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23318-5_7

    Chapter  Google Scholar 

  14. Navarro-Machuca, J., Chen, L.: Embedding model-based security policies in software development. In: 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), New York, NY, pp. 116–122 (2016)

    Google Scholar 

  15. Hilbrich, M., Frank, M.: Enforcing security and privacy via a cooperation of security experts and software engineers: a model-based vision. In: 2017 IEEE 7th International Symposium on Cloud and Service Computing (SC2), Kanazawa, pp. 237–240 (2017)

    Google Scholar 

  16. Yanbing, L., Xingyu, L., Yi, J., Yunpeng, X.: SDSA: a framework of a software-defined security architecture. China Commun. 13(2), 178–188 (2016)

    Article  Google Scholar 

  17. Tung, Y., Lo, S., Shih, J., Lin, H.: An integrated security testing framework for secure software development life cycle. In: 2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS), Kanazawa, pp. 1–4 (2016)

    Google Scholar 

  18. Farhan, A.R.S., Mostafa, G.M.M.: A methodology for enhancing software security during development processes. In: 2018 21st NCC, Riyadh, pp. 1–6 (2018)

    Google Scholar 

  19. Colesky, M., Hoepman, J., Hillen, C.: A critical analysis of privacy design strategies. In: 2016 IEEE Security and Privacy Workshops (SPW), San Jose, CA, pp. 33–40 (2016)

    Google Scholar 

  20. Thomborson, C.: Privacy patterns. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST), Auckland, pp. 656–663 (2016)

    Google Scholar 

  21. Suphakul, T., Senivongse, T.: Development of privacy design patterns based on privacy principles and UML. In: 2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), Kanazawa, pp. 369–375 (2017)

    Google Scholar 

  22. Diamantopoulou, V., Argyropoulos, N., Kalloniatis, C., Gritzalis, S.: Supporting the design of privacy-aware business processes via privacy process patterns. In: 11th International Conference on Research Challenges in Information Science, Brighton, pp. 187–198 (2017)

    Google Scholar 

  23. van Blarkom, G.W., Borking, J.J., Olk, J.G.E.: Handbook of Privacy and Privacy-Enhancing Technologies. The Case of Intelligent Software Agents. College bescherming persoonsgegevens (2003). ISBN 90-74087-33-7

    Google Scholar 

  24. Cavoukian, A.: International council on global privacy and security, by design. In: IEEE Potentials, September–October 2016, vol. 35, no. 5, pp. 43–46 (2016)

    Google Scholar 

  25. Hansen, M., Jensen, M., Rost, M.: Protection goals for privacy engineering. In: 2015 IEEE Security and Privacy Workshops, San Jose, CA, pp. 159–166 (2015)

    Google Scholar 

  26. García, A.C., et al.: PRIPARE, Privacy and Security by Design Methodology Handook v1.00 (2015). http://pripareproject.eu. Accessed 24 Apr 2019

  27. Notario, N., et al.: PRIPARE: integrating privacy best practices into a privacy engineering methodology. In: IEEE Security and Privacy Workshops, San Jose, CA, pp. 151–158 (2015)

    Google Scholar 

  28. Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2009)

    Article  Google Scholar 

  29. Kallpniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requirements Eng. 13(3), 241–255 (2008)

    Article  Google Scholar 

  30. Morales-Trujillo, M.E., Matla-Cruz, E.O., García-Mireles, G.A., Piattini, M.: Privacy by design in software engineering: a systematic mapping study. Paper presented at Avances en Ingenieria de Software a Nivel Iberoamericano, CIbSE, pp. 107–120 (2018)

    Google Scholar 

  31. Colesky, M., Hoepman, J., Hillen, C.: A critical analysis of privacy design strategies. In: IWPE (2016)

    Google Scholar 

  32. Ortiz, R., Moral-Rubio, S., Garzás, J., Fernández-Medina, E.: Towards a pattern-based security methodologiy to build secure information systems. In: Proceedings of the 8th International Workshop on Security in Information Systems WOSIS 2011, pp. 59–69 (2011)

    Google Scholar 

  33. Moral-García, S., Ortiz, R., Moral-Rubio, S., Vela, B., Garzás, J., Fernández-Medina, E.: A new pattern template to support the design of security architectures. In: PATTERNS 2010: The 2nd International Conferences on Pervasive Patterns and Applications, pp. 66–71 (2010)

    Google Scholar 

  34. Center for Internet Security, CIS Benchmarks. https://www.cisecurity.org/cis-benchmarks/. Accessed 26 Apr 2019

  35. Micro Focus: Fortify Static Code Analyze (SCA) (2018). https://www.microfocus.com

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Bari Aldo Moro, Via Orabona 4, 70125, Bari, Italy

    Maria Teresa Baldassarre, Vita Santa Barletta, Danilo Caivano & Michele Scalera

Authors
  1. Maria Teresa Baldassarre
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vita Santa Barletta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Danilo Caivano
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Michele Scalera
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vita Santa Barletta .

Editor information

Editors and Affiliations

  1. Department of Information Technologies and Systems, University of Castilla-La Mancha, Ciudad Real, Spain

    Mario Piattini

  2. Departamento de Engenharia Informatica, University of Coimbra, Coimbra, Portugal

    Paulo Rupino da Cunha

  3. Department of Information Technologies and Systems, University of Castilla-La Mancha, Ciudad Real, Spain

    Ignacio García Rodríguez de Guzmán

  4. Department of Information Technologies and Systems, University of Castilla-La Mancha, Ciudad Real, Spain

    Ricardo Pérez-Castillo

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Baldassarre, M.T., Barletta, V.S., Caivano, D., Scalera, M. (2019). Privacy Oriented Software Development. In: Piattini, M., Rupino da Cunha, P., García Rodríguez de Guzmán, I., Pérez-Castillo, R. (eds) Quality of Information and Communications Technology. QUATIC 2019. Communications in Computer and Information Science, vol 1010. Springer, Cham. https://doi.org/10.1007/978-3-030-29238-6_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29238-6_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29237-9

  • Online ISBN: 978-3-030-29238-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation