Empowering IoT Developers with Privacy-Preserving End-User Development Tools
Article No.: 90, Pages 1 - 47
Abstract
Internet of Things applications (IoT) have the potential to derive sensitive user data, necessitating adherence to privacy and data protection laws. However, developers often struggle with privacy issues, resulting in personal data misuse. Despite the proposed Privacy by Design (PbD) approach, criticism arises due to its ambiguity and lack of practical tools for educating software engineers. We introduce Canella, an integrated IoT development ecosystem with privacy-preserving components leveraging End-User Development (EUD) tools Blockly@rduino and Node-RED, to help developers build end-to-end IoT applications that prioritize privacy and comply with regulations. It helps developers integrate privacy during the development process and rapid prototyping phases, offering real-time feedback on privacy concerns. We start by conducting a focus group study to explore the applicability of designing and implementing PbD schemes within different development environments. Based on this, we implemented a proof-of-concept prototype of Canella and evaluated it in controlled lab studies with 18 software developers. The findings reveal that developers using Canella created more privacy-preserving applications, gained a deeper understanding of personal data management, and achieved better privacy compliance. Our results also highlight Canella's role in educating and promoting privacy awareness, enhancing productivity, streamlining privacy implementation, and significantly reducing cognitive load. Overall, developers found Canella and its privacy-preserving components useful, easy to use, and easy to learn, which could potentially improve IoT application privacy. Watch the demo video.
Supplemental Material
External - Video for Empowering IoT Developers with Privacy-Preserving End-User Development Tools
A demo video showing running Canella and how to integrate its privacy-preserving components into the data flow of an IoT application through a real-world scenario.The demo video demonstrates how Canella can help software developers incorporate privacy-preserving components into an IoT application's data flow in a real-world scenario.
Download from: https://youtu.be/7V0q3MyAzCQ?si=0Na9FwKchLOVJ2c-
References
[1]
2013. Opinion of the European Data Protection Supervisor on the Joint Communication of the Commission and of the High Representative of the European Union for Foreign Affairs and Security Policy on a 'Cyber Security Strategy of the European Union: an Open, Safe. (2013). www.edps.europa.eu
[2]
2017. Why is IoT talent so hard to find? | CIO Dive. https://www.ciodive.com/news/why-is-iot-talent-so-hard-to-find/449576/
[3]
2023. Blockly. https://developers.google.com/blockly
[4]
2023. Blockly@rduino: Create Code with Blocks. https://create.arduino.cc/projecthub/libreduc/blockly-rduino-create-code-with-blocks-b6d3e4
[5]
2023. Calculators | Heart Online. https://www.heartonline.org.au/resources/calculators/target-heart-rate-calculator
[6]
2023. Node-RED. https://nodered.org/
[7]
2023. Shapiro-Wilks Normality Test. https://variation.com/wp-content/distribution_analyzer_help/hs141.htm
[8]
Yasemin Acar, Sascha Fahl, and Michelle L. Mazurek. 2016. You are Not Your Developer, Either: A Research Agenda for Usable Security and Privacy Research Beyond End Users. In 2016 IEEE Cybersecurity Development (SecDev). 3--8. https://doi.org/10.1109/SecDev.2016.013
[9]
Yaqoob Al-Slais. 2020. Privacy Engineering Methodologies: A survey. In 2020 International Conference on Innovation and Intelligence for Informatics, Computing and Technologies (3ICT). 1--6. https://doi.org/10.1109/3ICT51146.2020.9311949
[10]
Nada Alhirabi, Stephanie Beaumont, Jose Tomas Llanos, Dulani Meedeniya, Omer Rana, and Charith Perera. 2023. PARROT: Interactive Privacy-Aware Internet of Things Application Design Tool. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 7, 1, Article 1 (mar 2023), 37 pages. https://doi.org/10.1145/3580880
[11]
Atheer Aljeraisy, Masoud Barati, Omer Rana, and Charith Perera. 2021. Privacy Laws and Privacy by Design Schemes for the Internet of Things: A Developer's Perspective. ACM Comput. Surv. 54, 5, Article 102 (may 2021), 38 pages. https://doi.org/10.1145/3450965
[12]
Atheer Aljeraisy, Masoud Barati, Omer Reana, and Charith Perera. 2020. Exploring the Relationships Between Privacy by Design Schemes And Privacy Laws: A Comparative Analysis. Technical Report June. Cardiff University. 40 pages.
[13]
Atheer Aljeraisy, Omer Rana, and Charith Perera. 2023. Canella: Privacy-Aware End-to-End Integrated IoT Development Ecosystem. In 2023 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops). 279--281. https://doi.org/10.1109/PerComWorkshops56833.2023.10150254
[14]
Sami Alkhatib, Jenny Waycott, George Buchanan, Marthie Grobler, and Shuo Wang. 2020. Privacy by Design in Aged Care Monitoring Devices? Well, Not Quite Yet!. In ACM International Conference Proceeding Series. 492--505. https://doi.org/10.1145/3441000.3441049
[15]
Australian Government. 1988. Australian Privacy Principles --- OAIC. https://www.oaic.gov.au/privacy/australian-privacy-principleshttps://www.oaic.gov.au/privacy/australian-privacy-principles/
[16]
Oshrat Ayalon, Eran Toch, Irit Hadar, and Michael Birnhack. 2017. How Developers Make Design Decisions about Users' Privacy: The Place of Professional Communities and Organizational Climate. In Companion of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing (Portland, Oregon, USA) (CSCW '17 Companion). Association for Computing Machinery, New York, NY, USA, 135--138. https://doi.org/10.1145/3022198.3026326
[17]
Rebecca Balebako and Lorrie Cranor. 2014. Improving App Privacy: Nudging App Developers to Protect User Privacy. In IEEE Security and Privacy, Vol. 12. IEEE, 55--58. https://doi.org/10.1109/MSP.2014.70
[18]
Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong, and Lorrie Faith Cranor. 2014. The Privacy and Security Behaviors of Smartphone App Developers. In Proceedings 2014 Workshop on Usable Security. Internet Society. October (2014). https://doi.org/10.14722/usec.2014.23006
[19]
Barbara Rita Barricelli, Fabio Cassano, Daniela Fogli, and Antonio Piccinno. 2019. End-user development, end-user programming and end-user software engineering: A systematic mapping study. Journal of Systems and Software 149 (2019), 101--137. https://doi.org/10.1016/j.jss.2018.11.041
[20]
Barbara Rita Barricelli, Daniela Fogli, and Angela Locoro. 2023. EUDability: A new construct at the intersection of End-User Development and Computational Thinking. Journal of Systems and Software 195 (2023), 111516. https://doi.org/10.1016/j.jss.2022.111516
[21]
Joel Brandt, Mira Dontcheva, Marcos Weskamp, and Scott R. Klemmer. 2010. Example-Centric Programming: Integrating Web Search into the Development Environment. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Atlanta, Georgia, USA) (CHI '10). Association for Computing Machinery, New York, NY, USA, 513--522. https://doi.org/10.1145/1753326.1753402
[22]
Virginia Braun and Victoria Clarke. 2006. Using thematic analysis in psychology. Qualitative Research in Psychology 3, 2 (2006), 77--101. https://doi.org/10.1191/1478088706qp063oa
[23]
Fei Bu, Nengmin Wang, Bin Jiang, and Huigang Liang. 2020. "Privacy by Design" implementation: Information system engineers' perspective. International Journal of Information Management 53 (2020), 102124. https://doi.org/10.1016/j.ijinfomgt.2020.102124
[24]
Fred H Cate. 2006. The Failure of Fair Information Practice Principles. Consumer Protection in the Age of the 'Information Economy' (2006), 341--377.
[25]
Ann Cavoukian. 2009. Privacy by design: The 7 foundational principles. Information and privacy commissioner of Ontario, Canada 5 (2009), 1--12. https://iapp.org/media/pdf/resource_center/pbd_implement_7found_principles.pdf
[26]
Ann Cavoukian. 2012. Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices. December (2012), 1--72. https://gpsbydesigncentre.com/wp-content/uploads/2021/08/Doc-5-Operationalizing-pbd-guide.pdf
[27]
CMS. 2022. GDPR Enforcement Tracker - list of GDPR fines. https://www.enforcementtracker.com/
[28]
Collaboration. 2015. Privacy patterns org. https://privacypatterns.org
[29]
Collaboration. 2016. privacypatterns.eu - collecting patterns for better privacy. https://privacypatterns.eu/#/?limit=6&offset=0https://privacypatterns.eu/
[30]
Data Protection Commissioners, Privacy, and Data Protection and Privacy Commissioners. 2010. Resolution on Privacy by Design. Icdppc (2010), 1--2.
[31]
Luca Compagna, Paul Khoury, Alžběta Solarczyk Krausová, Fabio Massacci, and Nicola Zannone. 2009. How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns. Artificial Intelligence and Law 17 (03 2009), 1--30. https://doi.org/10.1007/s10506-008-9067-3
[32]
George Danezis, Josep Domingo-Ferrer, Marit Hansen, Jaap-Henk Hoepman, Daniel Le Metayer, Rodica Tirtea, and Stefan Schiffner. 2015. Privacy and Data Protection by Design - from policy to engineering. https://doi.org/10.2824/38623 arXiv:1501.03726
[33]
George Danezis, Josep Domingo-Ferrer, Marit Hansen, Jaap-Henk Hoepman, Daniel Métayer, Rodica Tirtea, and Stefan Schiffner. 2014. Privacy and Data Protection by Design - from Policy to Engineering. https://doi.org/10.2824/38623
[34]
Daniel E. O'leary. 1995. Some Privacy Issues in Knowledge Discovery: The OECD Personal Privacy Guidelines. IEEE Expert-Intelligent Systems and their Applications 10, 2 (1995), 48--59. https://doi.org/10.1109/64.395352
[35]
Fred D. Davis. 1989. Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly: Management Information Systems 13, 3 (1989), 319--339. https://doi.org/10.2307/249008
[36]
Paloma Diaz, Ignacio Aedo, Daniel Sanz, and Alessio Malizia. 2008. A model-driven approach for the visual specification of Role-Based Access Control policies in web systems. In 2008 IEEE Symposium on Visual Languages and Human-Centric Computing. 203--210. https://doi.org/10.1109/VLHCC.2008.4639087
[37]
Alan Dix and Geoffrey Ellis. 1998. Starting Simple: Adding Value to Static Visualisation through Simple Interaction. In Proceedings of the Working Conference on Advanced Visual Interfaces (L'Aquila, Italy) (AVI '98). Association for Computing Machinery, New York, NY, USA, 124--134. https://doi.org/10.1145/948496.948514
[38]
David W. Eccles and Güler Arsal. 2017. The think aloud method: what is it and how do I use it? Qualitative Research in Sport, Exercise and Health 9, 4 (2017), 514--531. https://doi.org/10.1080/2159676X.2017.1331501 arXiv:https://doi.org/10.1080/2159676X.2017.1331501
[39]
EDPB. 2021. Binding decision 1/2021 on the dispute arisen on the draft decision of the Irish Supervisory Authority regarding WhatsApp Ireland under Article 65(1)(a) GDPR. 89 pages. https://edpb.europa.eu/our-work-tools/our-documents/binding-decision-board-art-65/binding-decision-12021-dispute-arisen_en
[40]
Katalin Ferencz and Jozsef Domokos. 2020. Using Node-RED platform in an industrial environment. Jubileumi Kandó Konferencia February (2020), 13.
[41]
Gina Fisk, Calvin Ardi, Neale Pickett, John Heidemann, Mike Fisk, and Christos Papadopoulos. 2015. Privacy principles for sharing cyber security data. Proceedings - 2015 IEEE Security and Privacy Workshops, SPW 2015 (2015), 193--197. https://doi.org/10.1109/SPW.2015.23
[42]
FL. 2009. ARTICLE 29 Data Protection Working Party Working Party on Police and Justice The Future of Privacy Joint contribution to the Consultation of the European Commission on the legal framework for the fundamental right to protection of personal data. Technical Report.
[43]
Abdur Rahim Mohammad Forkan, Geoff Kimm, Ahsan Morshed, Prem Prakash Jayaraman, Abhik Banerjee, and Weidong Huang. 2019. AqVision: A Tool for Air Quality Data Visualisation and Pollution-Free Route Tracking for Smart City. In 2019 23rd International Conference in Information Visualization - Part II. 47--51. https://doi.org/10.1109/IV-2.2019.00018
[44]
Communication From, THE Commission, T O The, THE Council, THE European Economic, THE Committee, and O F The. 2014. Towards a thriving data-driven economy. European Commission COM(2014), 442 (2014).
[45]
Hemant Ghayvat, Subhas Mukhopadhyay, Xiang Gui, and Nagender Suryadevara. 2015. WSN- and IOT-based smart homes and their extension to smart buildings. Sensors (Switzerland) 15, 5 (2015), 10350--10379. https://doi.org/10.3390/s150510350
[46]
Jayavardhana Gubbi, Rajkumar Buyya, Slaven Marusic, and Marimuthu Palaniswami. 2013. Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems 29, 7 (2013), 1645--1660. https://doi.org/10.1016/j.future.2013.01.010 Including Special sections: Cyber-enabled Distributed Computing for Ubiquitous Cloud and Network Services & Cloud Computing and Scientific Applications --- Big Data, Scalable Analytics, and Beyond.
[47]
Seda F. Gürses, Carmela Troncoso, and Claudia Díaz. 2011. Engineering Privacy by Design. In Conference on Privacy & Data Protection, Vol. 14. 25 pages. Issue 3.
[48]
Irit Hadar, Tomer Hasson, Oshrat Ayalon, Eran Toch, Michael Birnhack, Sofia Sherman, and Arod Balissa. 2018. Privacy by designers: software developers' privacy mindset. Empirical Software Engineering 23, 1 (2018), 259--289. https://doi.org/10.1007/s10664-017-9517-1
[49]
Sandra G. Hart and Lowell E. Staveland. 1988. Development of NASA-TLX (Task Load Index): Results of Empirical and Theoretical Research. In Human Mental Workload, Peter A. Hancock and Najmedin Meshkati (Eds.). Advances in Psychology, Vol. 52. North-Holland, 139--183. https://doi.org/10.1016/S0166-4115(08)62386-9
[50]
Jaap-henk Hoepman. 2014. IFIP AICT 428 - Privacy Design Strategies. (2014), 446--459. https://link.springer.com/content/pdf/10.1007/978-3-642-55415-5{_}38.pdf
[51]
Martin Host, Björn Regnell, and Claes Wohlin. 2000. Using students as subjects - a comparative study of students and professionals in lead-time impact assessment. Empirical Software Engineering 5, 3 (2000), 201--214. https://doi.org/10.1023/A:1026586415054
[52]
International Organization for Standardization. 2012. ISO/IEC 27032:2012 Information technology --- Security techniques --- Guidelines for cybersecurity. https://www.iso.org/standard/44375.html
[53]
Shubham Jain and Janne Lindqvist. 2014. Should I Protect You? Understanding Developers' Behavior to Privacy-Preserving APIs. https://doi.org/10.14722/usec.2014.23045
[54]
Lukasz Jedrzejczyk, Blaine A. Price, Arosha K. Bandara, and Bashar Nuseibeh. 2010. On the Impact of Real-Time Feedback on Users' Behaviour in Mobile Location-Sharing Applications. In Proceedings of the Sixth Symposium on Usable Privacy and Security (Redmond, Washington, USA) (SOUPS '10). Association for Computing Machinery, New York, NY, USA, Article 14, 12 pages. https://doi.org/10.1145/1837110.1837129
[55]
Israel Jerusalem. 2010. Resolution on Privacy by Design. In In Proceedings of the 32nd International Conference of Data Protection and Privacy Commissioners.
[56]
Hyun Kang. 2021. Sample size determination and power analysis using the G* Power software. Journal of educational evaluation for health professions 18 (2021).
[57]
Himmet Karadal and A. Abubakar. 2021. Internet of things skills and needs satisfaction: do generational cohorts' variations matter? Online Information Review ahead-of-print (02 2021). https://doi.org/10.1108/OIR-04-2020-0144
[58]
Charat Khamsaeng and Sophon Mongkolluksamee. 2020. Providing an End-to-End Privacy Preservation over LoRa WanPlatforms. In 2020 - 5th International Conference on Information Technology (InCIT). 56--60. https://doi.org/10.1109/InCIT50588.2020.9310934
[59]
Barbara Kitchenham, Tore Dybå, and M. Jorgensen. 2004. Evidence-based software engineering. 273- 281. https://doi.org/10.1109/ICSE.2004.1317449
[60]
Amy J. Ko and Brad A. Myers. 2004. Designing the Whyline: A Debugging Interface for Asking Questions about Program Behavior. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Vienna, Austria) (CHI '04). Association for Computing Machinery, New York, NY, USA, 151--158. https://doi.org/10.1145/985692.985712
[61]
California State Legislature. 2018. Bill Text - AB-375 Privacy: personal information: businesses. https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375
[62]
Tianshi Li, Yuvraj Agarwal, and Jason I. Hong. 2018. Coconut: An IDE Plugin for Developing Privacy-Friendly Apps. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 2, 4, Article 178 (dec 2018), 35 pages. https://doi.org/10.1145/3287056
[63]
Tianshi Li, Elizabeth Louie, Laura Dabbish, and Jason I. Hong. 2021. How Developers Talk About Personal Data and What It Means for User Privacy: A Case Study of a Developer Forum on Reddit. Proc. ACM Hum.-Comput. Interact. 4, CSCW3, Article 220 (jan 2021), 28 pages. https://doi.org/10.1145/3432919
[64]
Tianshi Li, Elijah B. Neundorfer, Yuvraj Agarwal, and Jason I. Hong. 2021. Honeysuckle: Annotation-Guided Code Generation of In-App Privacy Notices. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 5, 3, Article 112 (sep 2021), 27 pages. https://doi.org/10.1145/3478097
[65]
Huichen Lin and Neil W. Bergmann. 2016. IoT privacy and security challenges for smart home environments. Information (Switzerland) 7, 3 (2016). https://doi.org/10.3390/info7030044
[66]
Tom Lodge and Andy Crabtree. 2019. Privacy Engineering for Domestic IoT: Enabling Due Diligence. Sensors 19, 20 (2019). https://doi.org/10.3390/s19204380
[67]
Kai Uwe Loser and Martin Degeling. 2014. Security and Privacy as Hygiene Factors of Developer Behavior in Small and Agile Teams. In 11th IFIP International Conference on Human Choice and Computers (HCC), Vol. 431. 255--265. https://doi.org/10.1007/978-3-662-44208-1_21
[68]
Roberto Martinez-Maldonado, Andrew Clayphan, Kalina Yacef, and Judy Kay. 2015. MTFeedback: Providing Notifications to Enhance Teacher Awareness of Small Group Work in the Classroom. IEEE Transactions on Learning Technologies 8, 2 (2015), 187--200. https://doi.org/10.1109/TLT.2014.2365027
[69]
Diego Martín, Ramón Alcarria, Tomás Robles, and Augusto Morales. 2013. A Systematic Approach for Service Prosumerization in IoT Scenarios. In 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing. 494--499. https://doi.org/10.1109/IMIS.2013.89
[70]
Ben Mathews and Delphine Collin-Vézina. 2016. Data for life: Wearable technology and the design of self-care. Journal of Public Health Policy 37, 3 (2016), 304--314. https://doi.org/10.1057/jphp.2016.21
[71]
Patrick E McKnight and Julius Najab. 2010. Mann-Whitney U Test. The Corsini encyclopedia of psychology (2010), 1--1.
[72]
Julio Melo, Melquiades Fidelis, Sidney Alves, Ulisses Freitas, and Rummenigge Dantas. 2020. A comprheensive review of Visual Programming Tools for Arduino. 2020 Latin American Robotics Symposium, 2020 Brazilian Symposium on Robotics and 2020 Workshop on Robotics in Education, LARS-SBR-WRE 2020 (2020). https://doi.org/10.1109/LARS/SBR/WRE51543.2020.9307023
[73]
OAIC. 2018. Australian entities and the EU General Data Protection Regulation (GDPR) --- OAIC. https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/australian-entities-and-the-european-union-general-data-protection-regulationhttps://www.oaic.gov.au/privacy/guidance-and-advice/australian-entities-and-the-eu-general-data-protection-regulation/
[74]
Marie Oetzel and Sarah Spiekermann. 2014. A systematic methodology for privacy impact assessments: A design science approach. European Journal of Information Systems 23 (03 2014). https://doi.org/10.1057/ejis.2013.18
[75]
Office of the Privacy Commissioner. 2020. Privacy Act 2020. https://www.privacy.org.nz/privacy-act-2020/privacy-principles/https://www.privacy.org.nz/privacy-act-2020/privacy-act-2020/
[76]
Office of the Privacy Commissioner Canada. 2019. PIPEDA legislation and related regulations - Office of the Privacy Commissioner of Canada. https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/r_o_p/
[77]
OPC. 2023. Office of the Privacy Commissioner of Canada - Office of the Privacy Commissioner of Canada. https://priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-compliance-help/pipeda-interpretation-bulletins/interpretations_10_sensible/https://www.priv.gc.ca/en/
[78]
Paul Otto and Annie Antón. 2007. Addressing Legal Requirements in Requirements Engineering. 5--14. https://doi.org/10.1109/RE.2007.65
[79]
European Parliament and Council of the European Union. 2016. 2016. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). https://eur-lex.europa.eu/eli/reg/2016/679/oj
[80]
Erik Pasternak, Rachel Fenichel, and Andrew N. Marshall. 2017. Tips for creating a block language with blockly. Proceedings - 2017 IEEE Blocks and Beyond Workshop, B and B 2017 2017-Novem (2017), 21--24. https://doi.org/10.1109/BLOCKS.2017.8120404
[81]
Fabio Paternò and Carmen Santoro. 2019. End-user development for personalizing applications, things, and robots. International Journal of Human-Computer Studies 131 (2019), 120--130. https://doi.org/10.1016/j.ijhcs.2019.06.002 50 years of the International Journal of Human-Computer Studies. Reflections on the past, present and future of human-centred technologies.
[82]
Charith Perera, Mahmoud Barhamgi, Arosha K. Bandara, Muhammad Ajmal, Blaine Price, and Bashar Nuseibeh. 2020. Designing privacy-aware internet of things applications. Information Sciences 512 (2020), 238--257. https://doi.org/10.1016/j.ins.2019.09.061
[83]
Charith Perera, Chi Harold Liu, and Srimal Jayawardena. 2015. The Emerging Internet of Things Marketplace From an Industrial Perspective: A Survey. IEEE Transactions on Emerging Topics in Computing 3, 4 (2015), 585--598. https://doi.org/10.1109/TETC.2015.2390034
[84]
Charith Perera, Ciaran McCormick, Arosha K. Bandara, Blaine A. Price, and Bashar Nuseibeh. 2016. Privacy-by-design framework for assessing internet of things applications and platforms. ACM International Conference Proceeding Series 07-09-Nove (2016), 83--92. https://doi.org/10.1145/2991561.2991566
[85]
Charith Perera, Arkady Zaslavsky, Peter Christen, and Dimitrios Georgakopoulos. 2014. Context aware computing for the internet of things: A survey. IEEE Communications Surveys and Tutorials 16, 1 (2014), 414--454. https://doi.org/10.1109/SURV.2013.042313.00197 arXiv:1305.0982
[86]
Ravendra Pratap Rana, Vishal Sharma, and Varsha Agarwal. 2023. An Efficient Technique for Energy Consumption and Network Lifetime by Distributed Data Gathering Method from IoT Nodes. 01--07 pages. https://doi.org/10.1109/indiscon58499.2023.10270115
[87]
Rodrigo Roman, Jianying Zhou, and Javier Lopez. 2013. On the features and challenges of security and privacy in distributed internet of things. Computer Networks 57, 10 (2013), 2266--2279.
[88]
Martin Rost and Kirsten Bock. 2011. Privacy by Design and the New Protection Goals. DuD, January November 2009 (2011), 1--9. https://www.european-privacy-seal.eu/AppFile/GetFile/ca6cdc46-d4dd-477d-9172-48ed5f54a99c
[89]
Iflaah Salman, Ayse Tosun Misirli, and Natalia Juristo. 2015. Are Students Representatives of Professionals in Software Engineering Experiments?. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, Vol. 1. 666--676. https://doi.org/10.1109/ICSE.2015.82
[90]
Panagiotis Sarigiannidis, Eirini Karapistoli, and Anastasios A. Economides. 2015. VisIoT: A threat visualisation tool for IoT systems security. In 2015 IEEE International Conference on Communication Workshop (ICCW). 2633--2638. https://doi.org/10.1109/ICCW.2015.7247576
[91]
Anthony Savidis, Yannis Valsamakis, and Dimitris Linaritis. 2022. Blockly Toolbox for Visual Programming of Smart IoT Automations. In Ambient Intelligence - Software and Applications - 12th International Symposium on Ambient Intelligence, Paulo Novais, Joao Carneiro, and Pablo Chamoso (Eds.). Springer International Publishing, Cham, 93--103.
[92]
Awanthika Senarath and Nalin A. G. Arachchilage. 2018. Why Developers Cannot Embed Privacy into Software Systems? An Empirical Investigation. In Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018 (Christchurch, New Zealand) (EASE'18). Association for Computing Machinery, New York, NY, USA, 211--216. https://doi.org/10.1145/3210459.3210484
[93]
Awanthika Senarath and Nalin Asanka Gamagedara Arachchilage. 2019. A data minimization model for embedding privacy into software systems. Computers and Security 87 (2019). https://doi.org/10.1016/j.cose.2019.101605
[94]
Awanthika Senarath, Marthie Grobler, and Nalin Asanka Gamagedara Arachchilage. 2019. Will They Use It or Not? Investigating Software Developers' Intention to Follow Privacy Engineering Methodologies. ACM Trans. Priv. Secur. 22, 4, Article 23 (nov 2019), 30 pages. https://doi.org/10.1145/3364224
[95]
Stuart S. Shapiro. 2010. Privacy by Design: Moving from Art to Practice. Commun. ACM 53, 6 (jun 2010), 27--29. https://doi.org/10.1145/1743546.1743559
[96]
Swapneel Sheth, Gail Kaiser, and Walid Maalej. 2014. Us and Them: A Study of Privacy Requirements across North America, Asia, and Europe. In Proceedings of the 36th International Conference on Software Engineering (Hyderabad, India) (ICSE 2014). Association for Computing Machinery, New York, NY, USA, 859--870. https://doi.org/10.1145/2568225.2568244
[97]
Laurens Sion, Kim Wuyts, Koen Yskout, Dimitri Van Landuyt, and Wouter Joosen. 2018. Interaction-Based Privacy Threat Elicitation. In 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). 79--86. https://doi.org/10.1109/EuroSPW.2018.00017
[98]
Spanish Data Protection Agency. 2019. A Guide to Privacy by Design. Number october. https://www.aepd.es/sites/default/files/2019-12/guia-privacidad-desde-diseno_en.pdf
[99]
Sarah Spiekermann and Lorrie Faith Cranor. 2009. Engineering Privacy. IEEE Transactions on Software Engineering 35, 1 (2009), 67--82. https://doi.org/10.1109/TSE.2008.88
[100]
Gaurav Srivastava, Kunal Bhuwalka, Swarup Kumar Sahoo, Saksham Chitkara, Kevin Ku, Matt Fredrikson, Jason Hong, and Yuvraj Agarwal. 2017. PrivacyProxy: Leveraging Crowdsourcing and In Situ Traffic Analysis to Detect and Mitigate Information Leakage. (2017). arXiv:1708.06384 http://arxiv.org/abs/1708.06384
[101]
Luke Stark, Jen King, Xinru Page, Airi Lampinen, Jessica Vitak, Pamela Wisniewski, Tara Whalen, and Nathaniel Good. 2016. Bridging the Gap between Privacy by Design and Privacy in Practice. In Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems (San Jose, California, USA) (CHI EA '16). Association for Computing Machinery, New York, NY, USA, 3415--3422. https://doi.org/10.1145/2851581.2856503
[102]
State of California Department of Justice. 2018. California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General. https://oag.ca.gov/privacy/ccpa
[103]
Susan Steffee. 2017. IOT HELP WANTED: A lack of Internet of Things knowledge-and skills-leaves businesses struggling to recruit talent. Internal Auditor 74, 5 (Oct. 2017), 11+. link.gale.com/apps/doc/A512185039/AONE?u=googlescholar&sid=bookmark-AONE&xid=464fa250
[104]
Mohammad Tahaei, Alisa Frik, and Kami Vaniea. 2021. Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, And Challenges. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (Yokohama, Japan) (CHI '21). Association for Computing Machinery, New York, NY, USA, Article 693, 15 pages. https://doi.org/10.1145/3411764.3445768
[105]
Alexander G. Tamilias, Theodoros J. Themelis, Theodoros Karvounidis, Zacharenia Garofalaki, and Dimitrios Kallergis. 2017. B@SE: Blocks for @rduino in the Students' educational process. IEEE Global Engineering Education Conference, EDUCON April (2017), 910--915. https://doi.org/10.1109/EDUCON.2017.7942956
[106]
Ying Tang, Morgan L. Brockman, and Sameer Patil. 2021. Promoting Privacy Considerations in Real-World Projects in Capstone Courses with Ideation Cards. ACM Trans. Comput. Educ. 21, 4, Article 34 (oct 2021), 28 pages. https://doi.org/10.1145/3458038
[107]
Diogo Torres, Joao Pedro Dias, Andre Restivo, and Hugo Sereno Ferreira. 2020. Real-time Feedback in Node-RED for IoT Development: An Empirical Study. Proceedings of the 2020 IEEE/ACM 24th International Symposium on Distributed Simulation and Real Time Applications, DS-RT 2020 (2020). https://doi.org/10.1109/DS-RT50469.2020.9213544
[108]
Miguel Ehecatl Trujillo, Gabriel García-Mireles, Erick Orlando Matla Cruz, and Mario Piattini. 2019. A Systematic Mapping Study on Privacy by Design in Software Engineering. CLEI Electronic Journal 22 (04 2019). https://doi.org/10.19153/cleiej.22.L4
[109]
Soe Ye Yint Tun, Samaneh Madanian, and Farhaan Mirza. 2021. Internet of things (IoT) applications for elderly care: a reflective review. Aging Clinical and Experimental Research 33, 4 (2021), 855--867. https://doi.org/10.1007/s40520-020-01545-9
[110]
Jeroen van Rest, Daniel Boonstra, Maarten Everts, Martin van Rijn, and Ron van Paassen. 2014. Designing Privacy-by-Design. In Privacy Technologies and Policy, Bart Preneel and Demosthenes Ikonomou (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 55--72.
[111]
Chamila Wijayarathna, Marthie Grobler, and Nalin Arachchilage. 2019. Software developers need help too! Developing a methodology to analyse cognitive dimension-based feedback on usability. Behaviour & Information Technology 40 (12 2019), 1--22. https://doi.org/10.1080/0144929X.2019.1705393
[112]
David Wright and Charles Raab. 2014. Privacy principles, risks and harms. International Review of Law, Computers and Technology 28, 3 (2014), 277--298. https://doi.org/10.1080/13600869.2014.913874
Index Terms
- Empowering IoT Developers with Privacy-Preserving End-User Development Tools
Recommendations
Privacy-Patterns for IoT Application Developers
UbiComp/ISWC '22 Adjunct: Adjunct Proceedings of the 2022 ACM International Joint Conference on Pervasive and Ubiquitous Computing and the 2022 ACM International Symposium on Wearable ComputersDesigning Internet of things (IoT) applications (apps) is challenging due to the heterogeneous nature of the systems on which these apps are deployed. Personal data, often classified as sensitive, may be collected and analysed by IoT apps, where data ...
PARROT: Interactive Privacy-Aware Internet of Things Application Design Tool
Internet of Things (IoT) applications typically collect and analyse personal data that is categorised as sensitive or special category of personal data. These data are subject to a higher degree of protection under data privacy laws. Regardless of legal ...
Privacy Laws and Privacy by Design Schemes for the Internet of Things: A Developer’s Perspective
Internet of Things applications have the potential to derive sensitive information about individuals. Therefore, developers must exercise due diligence to make sure that data are managed according to the privacy regulations and data protection laws. ...
Comments
Information & Contributors
Information
Published In
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 September 2024
Accepted: 05 June 2009
Revised: 12 March 2009
Received: 20 February 2007
Published in IMWUT Volume 8, Issue 3
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 178Total Downloads
- Downloads (Last 12 months)178
- Downloads (Last 6 weeks)20
Reflects downloads up to 13 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in