Privacy Oriented Software Development

Abstract

Threats to applications security are continuously evolving thanks to factors such as progress made by the attackers, release of new technologies, use of increasingly complex systems. In this scenario, it is necessary to implement both design and programming practices that guarantee the security of the code on one hand, and the privacy of the data, on the other. This paper proposes a software development approach, Privacy Oriented Software Development (POSD), that complements traditional development processes by integrating the activities needed for addressing security and privacy management in software systems. The approach is based on 5 key elements (Privacy by Design, Privacy Design Strategies, Privacy Pattern, Vulnerabilities, Context). It can be applied forward for developing new systems and backward for re-engineering an existing one. This paper presents the POSD approach in the backward mode together with an experimentation in the context of an industrial project. Results show that POSD is able to discover software vulnerabilities, identify the remediation patterns needed for addressing them in the source code and design the target architecture to be used for guiding privacy-oriented system reengineering.