Defining, enforcing and checking privacy policies in data-intensive applications

Michele Guerriero, Damian Andrew Tamburri, Elisabetta Di Nitto

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

5 Citations (Scopus)
1 Downloads (Pure)

Abstract

The rise of Big Data is leading to an increasing demand for large-scale data-intensive applications (DIAs), which have to analyse massive amounts of personal data (e.g. customers' location, cars' speed, people heartbeat, etc.), some of which can be sensitive, meaning that its confidentiality has to be protected. In this context, DIA providers are responsible for enforcing privacy policies that account for the privacy preferences of data subjects as well as for general privacy regulations. This is the case, for instance, of data brokers, i.e. companies that continuously collect and analyse data in order to provide useful analytics to their clients. Unfortunately, the enforcement of privacy policies in modern DIAs tends to become cumbersome because (i) the number of policies can easily explode, depending on the number of data subjects, (ii) policy enforcement has to autonomously adapt to the application context, thus, requiring some non-trivial runtime reasoning, and (iii) designing and developing modern DIAs is complex per se. For the above reasons, we need specific design and runtime methods enabling so called privacy-by-design in a Big Data context. In this article we propose an approach for specifying, enforcing and checking privacy policies on DIAs designed according to the Google Dataflow model and we show that the enforcement approach behaves correctly in the considered cases and introduces a performance overhead that is acceptable given the requirements of a typical DIA.

Original languageEnglish
Title of host publicationProceedings - 2018 ACM/IEEE 13th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2018
Place of PublicationNew York
PublisherACM/IEEE
Pages172-182
Number of pages11
ISBN (Print)978-1-4503-5715-9
DOIs
Publication statusPublished - 28 May 2018
EventACM/IEEE 13th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2018, , co-located with International Conference on Software Engineering, ICSE 2018 - Gothenburg, Sweden
Duration: 28 May 201829 May 2018

Conference

ConferenceACM/IEEE 13th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2018, , co-located with International Conference on Software Engineering, ICSE 2018
CountrySweden
CityGothenburg
Period28/05/1829/05/18

Keywords

  • big data
  • context-aware privacy
  • data privacy
  • dataflow applications

Fingerprint

Dive into the research topics of 'Defining, enforcing and checking privacy policies in data-intensive applications'. Together they form a unique fingerprint.

Cite this