Pattern-based representation of privacy enhancing technologies as early aspects

Abstract

Several regulations and standards emphasize that privacy shall already be considered from the very beginning in software development. A crucial point during the development of a privacy-friendly software is the selection and integration of measures that implement specific privacy requirements or mitigate threats to these. These measures are called privacy enhancing technologies (PETs). PETs have a cross-cutting nature. That is, a PET needs often to be integrated into several base functionalities of the software-to-be. For example, anonymization techniques need to be integrated into functionalities that shall reveal originally identifiable information in an anonymized form to others. One possibility to handle cross-cutting concerns already on the requirements level is aspect-oriented requirements engineering. In this paper, we show how PETs can be represented as early aspects and how these can be integrated into a given requirements model in problem frames notation. Furthermore, we show how PETs can be represented as patterns to help requirements engineers to identify and select appropriate PETs that address the privacy requirements they have to satisfy. We use the PET Privacy-ABCs (Attribute-Based Credentials) to illustrate our approach.