SlideShare a Scribd company logo

Privacy Distilation for Mobile Applications

Arosha Bandara
Arosha Bandara

This is a presentation of our work on privacy requirements for mobile applications, originally published at the International Conference on Software Engineering in 2014, and also presented at the BCS Best of RESG Research event in December 2014. The full paper can be found at http://oro.open.ac.uk/39635/

Software
1 of 21
Download to read offline
Distilling Privacy Requirements for Mobile Applications Keerthi Thomas1, Arosha K. Bandara1, Blaine A. Price1, Bashar Nuseibeh1,2 1 Centre for Research in Computing, The Open University, Milton Keynes, UK 2Lero, University of Limerick, Ireland http://www.asap-project.info First Presented @ ICSE 2014 http://oro.open.ac.uk/39635/ BCS Best of RESG Research 2014
Identification Exposure Breach of trust Intrusion PRIVACY BCS Best of RESG Research 2014 Surveillance Aggregation Misinformation Proximal access Power imbalance Cross-contextual information flow Mobile A right to appropriate flow of personal information in a given context (Nissenbaum 2010)
Privacy needs of mobile users…. ...things like buses and trains I don’t feel so comfortable..., because I don’t know...lots of people I don’t know...if they for example read some of the posts I have done...they don’t know the people that they are aimed at or the back story Mobile users Interview Data = Privacy Requirements? BCS Best of RESG Research 2014 Software Engineers
Problem Statement • how to structure qualitative data & identify privacy threats? • how to model information-flows critical to privacy? • how to model mobile privacy requirements? ? Interview data Privacy-aware BCS Best of RESG Research 2014 Mobile system ...things like buses and trains I don’t feel so comfortable..., because I don’t know...lots of people I don’t know...if they for example read some of the posts I have done...they don’t know the people that they are aimed at or the back story
A novel approach… • Distillation employs analysis models and patterns to extract and refine privacy requirements for mobile applications. • Distillation is a synthesis of thematic analysis from social sciences and Problem Frames from software engineering BCS Best of RESG Research 2014 Privacy-aware Mobile system ...things like buses and trains I don’t feel so comfortable..., because I don’t know...lots of people I don’t know...if they for example read some of the posts I have done...they don’t know the people that they are aimed at or the back story Interview data Distillation
assist in gathering Informs new version BCS Best of RESG Research 2014 implements Distillation Approach Qualitative Data System Requirements Privacy Threats / Concerns Privacy Requirements Information Flow Model Privacy Facets Framework Mobile Application Structure Qualitative Data 1 Info. Flow Modelling 2 Privacy Problem Analysis 3 uses mitigates uses
Qualitative Data ...things like buses and trains I don’t feel so comfortable..., because I don’t know...lots of people I don’t know...if they for example read some of the posts I have done...they don’t know the people that they are aimed at or the back story Mancini et al. (2009). From spaces to places: emerging contexts in mobile privacy. Proceedings of the 11th international conference on Ubiquitous computing, Orlando, Florida, USA, ACM. BCS Best of RESG Research 2014
assist in gathering Informs new version BCS Best of RESG Research 2014 implements Distillation Approach Qualitative Data System Requirements Privacy Threats / Concerns Privacy Requirements Information Flow Model Privacy Facets Framework Mobile Application Structure Qualitative Data 1 Info. Flow Modelling 2 Privacy Problem Analysis 3 uses mitigates uses
Privacy Facets Framework Privacy Facets Framework • Privacy Sensitive Context identification (PS-Context) • Facet questions (Information, Info. Flow, Actors & Place) • Privacy threat description and mapping • Problem patterns - information flow modelling • Privacy arguments1 (extensions) BCS Best of RESG Research 2014
assist in gathering Informs new version BCS Best of RESG Research 2014 implements Distillation Approach Qualitative Data System Requirements Privacy Threats / Concerns Privacy Requirements Information Flow Model Privacy Facets Framework Mobile Application Structure Qualitative Data 1 Info. Flow Modelling 2 Privacy Problem Analysis 3 uses mitigates uses
Structuring of Qualitative Data ...things like buses and trains I don’t feel so comfortable..., because I don’t know...lots of people I don’t know...if they for example read some of the posts I have done...they don’t know the people that they are aimed at or the back story BCS Best of RESG Research 2014 Privacy Facets Framework Negative Emotions shows Privacy Sensitive Context Code : NEI
Structuring of Qualitative Data ...things like buses and trains I don’t feel so comfortable..., because I don’t know...lots of people I don’t know...if they for example read some of the posts I have done...they don’t know the people that they are aimed at or the back story Code : User’s privacy BCS Best of RESG Research 2014 Privacy Facets Framework Place Facet Questions Indicates NEI is impacted by Place (location) , PLACE(LOC) T9 – Proximal Access Loss of reputation (H3), Loss of freedom (H6), Loss of anonymity (H7), Embarrassment (H9)
assist in gathering Informs new version BCS Best of RESG Research 2014 implements Distillation Approach Qualitative Data System Requirements Privacy Threats / Concerns Privacy Requirements Information Flow Model Privacy Facets Framework Mobile Application Structure Qualitative Data 1 Info. Flow Modelling 2 Privacy Problem Analysis 3 uses mitigates uses
Information-Flow Modelling Information Requirement Screen Display BCS Best of RESG Research 2014 Msg. creating Status Msg. Msg. Display Create Status Message Display Status Message ~ Fb-Friends Machine User Machine Friends Privacy Facets Framework
assist in gathering Informs new version BCS Best of RESG Research 2014 implements Distillation Approach Qualitative Data System Requirements Privacy Threats / Concerns Privacy Requirements Information Flow Model Privacy Facets Framework Structure Qualitative Data 1 Info. Flow Modelling 2 Privacy Problem Analysis 3 uses mitigates uses Mobile Application
Privacy Problem Analysis Machine User Information Requirement Machine Screen Display BCS Best of RESG Research 2014 Privacy Facets Framework Msg. creating Status Msg. Msg. Display Create Status Message Display Status Message ~ Fb-Friends PC9: Proximal Access Concern 1 3 2 Passengers Pub.Trans.
Privacy Problem Analysis BCS Best of RESG Research 2014 Privacy Facets Framework argument: PN1 "<<User>> can only share Status Messages with friends" argument: PC9 “Status messages are visible to passengers co-located to <<User>> on <<Public Transport>>” rebuts PN1 argument: PR1 “Screen display filter is enabled when <<User>> is on <<Public Transport>>" mitigates PC9 depends on PR2,PR3 argument: PR2 “<<User>> on <<Public Transport>> is detected" argument: PR3 “<<User>> in close proximity to others passengers is detected"
assist in gathering Informs new version BCS Best of RESG Research 2014 implements Distillation Approach Qualitative Data System Requirements Privacy Threats / Concerns Privacy Requirements Information Flow Model Privacy Facets Framework Structure Qualitative Data 1 Info. Flow Modelling 2 Privacy Problem Analysis 3 uses mitigates uses Mobile Application
• Evaluation based on Case-study design and QDA (a) employing a transparent and systematic process (b) providing traceability by linking outputs to qualitative data (c) demonstrating applicability or usefulness of results BCS Best of RESG Research 2014 Evaluation Threats to validity Mitigation / future work Reliability of thematic codes Test for inter-rater reliability using Software engineers. Limitations on generalisability Apply Distillation on datasets from other empirical studies Validation of privacy requirements Apply Distillation in the context of a software development process
Contributions • Distillation approach – Structure qualitative data – model information flows – privacy problem analysis to derive privacy requirements • Privacy Facets Framework – PS-context identification – Privacy threat descriptions – Facet questions – Information-flow patterns – Privacy arguments (extension) BCS Best of RESG Research 2014 Privacy Facets Framework
Thank you! http://www.asap-project.info Distilling Privacy Requirements for Mobile Applications Keerthi Thomas1, Arosha K. Bandara1, Blaine A. Price1, Bashar Nuseibeh1,2 1 Centre for Research in Computing, The Open University, Milton Keynes, UK 2Lero, University of Limerick, Ireland http://oro.open.ac.uk/39635/ BCS Best of RESG Research 2014

Recommended

Privacy Dynamics: Learning Privacy Norms for Social Software
Privacy Dynamics: Learning Privacy Norms for Social SoftwarePrivacy Dynamics: Learning Privacy Norms for Social Software
Privacy Dynamics: Learning Privacy Norms for Social SoftwareArosha Bandara
 
IOT-2016 7-9 Septermber, 2016, Stuttgart, Germany
IOT-2016 7-9 Septermber, 2016, Stuttgart, GermanyIOT-2016 7-9 Septermber, 2016, Stuttgart, Germany
IOT-2016 7-9 Septermber, 2016, Stuttgart, GermanyCharith Perera
 
My STEM Journey - Arosha K. Bandara
My STEM Journey - Arosha K. BandaraMy STEM Journey - Arosha K. Bandara
My STEM Journey - Arosha K. BandaraArosha Bandara
 
Working at the Edge: Developing a Cross-disciplinary Research Agenda
Working at the Edge: Developing a Cross-disciplinary Research AgendaWorking at the Edge: Developing a Cross-disciplinary Research Agenda
Working at the Edge: Developing a Cross-disciplinary Research AgendaArosha Bandara
 
Dealing with the Internet of Insecure Things
Dealing with the Internet of Insecure ThingsDealing with the Internet of Insecure Things
Dealing with the Internet of Insecure ThingsArosha Bandara
 
People in the Machine: Human-centric Software Engineering for Smart Systems
People in the Machine: Human-centric Software Engineering for Smart SystemsPeople in the Machine: Human-centric Software Engineering for Smart Systems
People in the Machine: Human-centric Software Engineering for Smart SystemsArosha Bandara
 
SEF - Applying for a PhD
SEF - Applying for a PhDSEF - Applying for a PhD
SEF - Applying for a PhDArosha Bandara
 
Code Club Assembly Presentation
Code Club Assembly PresentationCode Club Assembly Presentation
Code Club Assembly PresentationArosha Bandara
 

Recommended

Privacy Dynamics: Learning Privacy Norms for Social Software
Privacy Dynamics: Learning Privacy Norms for Social SoftwarePrivacy Dynamics: Learning Privacy Norms for Social Software
Privacy Dynamics: Learning Privacy Norms for Social SoftwareArosha Bandara
 
IOT-2016 7-9 Septermber, 2016, Stuttgart, Germany
IOT-2016 7-9 Septermber, 2016, Stuttgart, GermanyIOT-2016 7-9 Septermber, 2016, Stuttgart, Germany
IOT-2016 7-9 Septermber, 2016, Stuttgart, GermanyCharith Perera
 
My STEM Journey - Arosha K. Bandara
My STEM Journey - Arosha K. BandaraMy STEM Journey - Arosha K. Bandara
My STEM Journey - Arosha K. BandaraArosha Bandara
 
Working at the Edge: Developing a Cross-disciplinary Research Agenda
Working at the Edge: Developing a Cross-disciplinary Research AgendaWorking at the Edge: Developing a Cross-disciplinary Research Agenda
Working at the Edge: Developing a Cross-disciplinary Research AgendaArosha Bandara
 
Dealing with the Internet of Insecure Things
Dealing with the Internet of Insecure ThingsDealing with the Internet of Insecure Things
Dealing with the Internet of Insecure ThingsArosha Bandara
 
People in the Machine: Human-centric Software Engineering for Smart Systems
People in the Machine: Human-centric Software Engineering for Smart SystemsPeople in the Machine: Human-centric Software Engineering for Smart Systems
People in the Machine: Human-centric Software Engineering for Smart SystemsArosha Bandara
 
SEF - Applying for a PhD
SEF - Applying for a PhDSEF - Applying for a PhD
SEF - Applying for a PhDArosha Bandara
 
Code Club Assembly Presentation
Code Club Assembly PresentationCode Club Assembly Presentation
Code Club Assembly PresentationArosha Bandara
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

More Related Content

Recently uploaded

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 

Recently uploaded (20)

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 

Featured

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Privacy Distilation for Mobile Applications

  • 1. Distilling Privacy Requirements for Mobile Applications Keerthi Thomas1, Arosha K. Bandara1, Blaine A. Price1, Bashar Nuseibeh1,2 1 Centre for Research in Computing, The Open University, Milton Keynes, UK 2Lero, University of Limerick, Ireland http://www.asap-project.info First Presented @ ICSE 2014 http://oro.open.ac.uk/39635/ BCS Best of RESG Research 2014
  • 2. Identification Exposure Breach of trust Intrusion PRIVACY BCS Best of RESG Research 2014 Surveillance Aggregation Misinformation Proximal access Power imbalance Cross-contextual information flow Mobile A right to appropriate flow of personal information in a given context (Nissenbaum 2010)
  • 3. Privacy needs of mobile users…. ...things like buses and trains I don’t feel so comfortable..., because I don’t know...lots of people I don’t know...if they for example read some of the posts I have done...they don’t know the people that they are aimed at or the back story Mobile users Interview Data = Privacy Requirements? BCS Best of RESG Research 2014 Software Engineers
  • 4. Problem Statement • how to structure qualitative data & identify privacy threats? • how to model information-flows critical to privacy? • how to model mobile privacy requirements? ? Interview data Privacy-aware BCS Best of RESG Research 2014 Mobile system ...things like buses and trains I don’t feel so comfortable..., because I don’t know...lots of people I don’t know...if they for example read some of the posts I have done...they don’t know the people that they are aimed at or the back story
  • 5. A novel approach… • Distillation employs analysis models and patterns to extract and refine privacy requirements for mobile applications. • Distillation is a synthesis of thematic analysis from social sciences and Problem Frames from software engineering BCS Best of RESG Research 2014 Privacy-aware Mobile system ...things like buses and trains I don’t feel so comfortable..., because I don’t know...lots of people I don’t know...if they for example read some of the posts I have done...they don’t know the people that they are aimed at or the back story Interview data Distillation
  • 6. assist in gathering Informs new version BCS Best of RESG Research 2014 implements Distillation Approach Qualitative Data System Requirements Privacy Threats / Concerns Privacy Requirements Information Flow Model Privacy Facets Framework Mobile Application Structure Qualitative Data 1 Info. Flow Modelling 2 Privacy Problem Analysis 3 uses mitigates uses
  • 7. Qualitative Data ...things like buses and trains I don’t feel so comfortable..., because I don’t know...lots of people I don’t know...if they for example read some of the posts I have done...they don’t know the people that they are aimed at or the back story Mancini et al. (2009). From spaces to places: emerging contexts in mobile privacy. Proceedings of the 11th international conference on Ubiquitous computing, Orlando, Florida, USA, ACM. BCS Best of RESG Research 2014
  • 8. assist in gathering Informs new version BCS Best of RESG Research 2014 implements Distillation Approach Qualitative Data System Requirements Privacy Threats / Concerns Privacy Requirements Information Flow Model Privacy Facets Framework Mobile Application Structure Qualitative Data 1 Info. Flow Modelling 2 Privacy Problem Analysis 3 uses mitigates uses
  • 9. Privacy Facets Framework Privacy Facets Framework • Privacy Sensitive Context identification (PS-Context) • Facet questions (Information, Info. Flow, Actors & Place) • Privacy threat description and mapping • Problem patterns - information flow modelling • Privacy arguments1 (extensions) BCS Best of RESG Research 2014
  • 10. assist in gathering Informs new version BCS Best of RESG Research 2014 implements Distillation Approach Qualitative Data System Requirements Privacy Threats / Concerns Privacy Requirements Information Flow Model Privacy Facets Framework Mobile Application Structure Qualitative Data 1 Info. Flow Modelling 2 Privacy Problem Analysis 3 uses mitigates uses
  • 11. Structuring of Qualitative Data ...things like buses and trains I don’t feel so comfortable..., because I don’t know...lots of people I don’t know...if they for example read some of the posts I have done...they don’t know the people that they are aimed at or the back story BCS Best of RESG Research 2014 Privacy Facets Framework Negative Emotions shows Privacy Sensitive Context Code : NEI
  • 12. Structuring of Qualitative Data ...things like buses and trains I don’t feel so comfortable..., because I don’t know...lots of people I don’t know...if they for example read some of the posts I have done...they don’t know the people that they are aimed at or the back story Code : User’s privacy BCS Best of RESG Research 2014 Privacy Facets Framework Place Facet Questions Indicates NEI is impacted by Place (location) , PLACE(LOC) T9 – Proximal Access Loss of reputation (H3), Loss of freedom (H6), Loss of anonymity (H7), Embarrassment (H9)
  • 13. assist in gathering Informs new version BCS Best of RESG Research 2014 implements Distillation Approach Qualitative Data System Requirements Privacy Threats / Concerns Privacy Requirements Information Flow Model Privacy Facets Framework Mobile Application Structure Qualitative Data 1 Info. Flow Modelling 2 Privacy Problem Analysis 3 uses mitigates uses
  • 14. Information-Flow Modelling Information Requirement Screen Display BCS Best of RESG Research 2014 Msg. creating Status Msg. Msg. Display Create Status Message Display Status Message ~ Fb-Friends Machine User Machine Friends Privacy Facets Framework
  • 15. assist in gathering Informs new version BCS Best of RESG Research 2014 implements Distillation Approach Qualitative Data System Requirements Privacy Threats / Concerns Privacy Requirements Information Flow Model Privacy Facets Framework Structure Qualitative Data 1 Info. Flow Modelling 2 Privacy Problem Analysis 3 uses mitigates uses Mobile Application
  • 16. Privacy Problem Analysis Machine User Information Requirement Machine Screen Display BCS Best of RESG Research 2014 Privacy Facets Framework Msg. creating Status Msg. Msg. Display Create Status Message Display Status Message ~ Fb-Friends PC9: Proximal Access Concern 1 3 2 Passengers Pub.Trans.
  • 17. Privacy Problem Analysis BCS Best of RESG Research 2014 Privacy Facets Framework argument: PN1 "<<User>> can only share Status Messages with friends" argument: PC9 “Status messages are visible to passengers co-located to <<User>> on <<Public Transport>>” rebuts PN1 argument: PR1 “Screen display filter is enabled when <<User>> is on <<Public Transport>>" mitigates PC9 depends on PR2,PR3 argument: PR2 “<<User>> on <<Public Transport>> is detected" argument: PR3 “<<User>> in close proximity to others passengers is detected"
  • 18. assist in gathering Informs new version BCS Best of RESG Research 2014 implements Distillation Approach Qualitative Data System Requirements Privacy Threats / Concerns Privacy Requirements Information Flow Model Privacy Facets Framework Structure Qualitative Data 1 Info. Flow Modelling 2 Privacy Problem Analysis 3 uses mitigates uses Mobile Application
  • 19. • Evaluation based on Case-study design and QDA (a) employing a transparent and systematic process (b) providing traceability by linking outputs to qualitative data (c) demonstrating applicability or usefulness of results BCS Best of RESG Research 2014 Evaluation Threats to validity Mitigation / future work Reliability of thematic codes Test for inter-rater reliability using Software engineers. Limitations on generalisability Apply Distillation on datasets from other empirical studies Validation of privacy requirements Apply Distillation in the context of a software development process
  • 20. Contributions • Distillation approach – Structure qualitative data – model information flows – privacy problem analysis to derive privacy requirements • Privacy Facets Framework – PS-context identification – Privacy threat descriptions – Facet questions – Information-flow patterns – Privacy arguments (extension) BCS Best of RESG Research 2014 Privacy Facets Framework
  • 21. Thank you! http://www.asap-project.info Distilling Privacy Requirements for Mobile Applications Keerthi Thomas1, Arosha K. Bandara1, Blaine A. Price1, Bashar Nuseibeh1,2 1 Centre for Research in Computing, The Open University, Milton Keynes, UK 2Lero, University of Limerick, Ireland http://oro.open.ac.uk/39635/ BCS Best of RESG Research 2014