This is a presentation of our work on privacy requirements for mobile applications, originally published at the International Conference on Software Engineering in 2014, and also presented at the BCS Best of RESG Research event in December 2014.
The full paper can be found at http://oro.open.ac.uk/39635/
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Privacy Distilation for Mobile Applications
1. Distilling Privacy Requirements
for Mobile Applications
Keerthi Thomas1, Arosha K. Bandara1, Blaine A. Price1,
Bashar Nuseibeh1,2
1 Centre for Research in Computing, The Open University, Milton Keynes, UK
2Lero, University of Limerick, Ireland
http://www.asap-project.info
First Presented @ ICSE 2014
http://oro.open.ac.uk/39635/
BCS Best of RESG Research 2014
2. Identification
Exposure
Breach of trust
Intrusion
PRIVACY
BCS Best of RESG Research 2014
Surveillance
Aggregation
Misinformation
Proximal access
Power imbalance Cross-contextual
information flow
Mobile
A right to appropriate flow of personal information
in a given context (Nissenbaum 2010)
3. Privacy needs of mobile users….
...things like buses and trains
I don’t feel so comfortable...,
because I don’t know...lots of people I
don’t know...if they for example read
some of the posts I have done...they
don’t know the people that they are
aimed at or the back story
Mobile
users
Interview
Data
= Privacy
Requirements?
BCS Best of RESG Research 2014
Software
Engineers
4. Problem Statement
• how to structure qualitative data & identify privacy threats?
• how to model information-flows critical to privacy?
• how to model mobile privacy requirements?
?
Interview data Privacy-aware
BCS Best of RESG Research 2014
Mobile system
...things like buses and trains I
don’t feel so comfortable...,
because I don’t know...lots of
people I don’t know...if they for
example read some of the posts I
have done...they don’t know the
people that they are aimed at or
the back story
5. A novel approach…
• Distillation employs analysis models and patterns to extract
and refine privacy requirements for mobile applications.
• Distillation is a synthesis of thematic analysis from social
sciences and Problem Frames from software engineering
BCS Best of RESG Research 2014
Privacy-aware
Mobile system
...things like buses and trains I
don’t feel so comfortable...,
because I don’t know...lots of
people I don’t know...if they for
example read some of the posts I
have done...they don’t know the
people that they are aimed at or
the back story
Interview data Distillation
6. assist in gathering
Informs new version
BCS Best of RESG Research 2014
implements
Distillation Approach
Qualitative
Data
System
Requirements
Privacy Threats
/ Concerns
Privacy
Requirements
Information
Flow Model
Privacy Facets
Framework
Mobile
Application
Structure
Qualitative
Data
1
Info. Flow
Modelling
2
Privacy
Problem
Analysis
3
uses
mitigates
uses
7. Qualitative Data
...things like buses and trains
I don’t feel so comfortable..., because
I don’t know...lots of people I don’t
know...if they for example read some
of the posts I have done...they don’t
know the people that they are aimed at
or the back story
Mancini et al. (2009). From spaces to places: emerging contexts in mobile privacy.
Proceedings of the 11th international conference on Ubiquitous computing, Orlando, Florida,
USA, ACM.
BCS Best of RESG Research 2014
8. assist in gathering
Informs new
version
BCS Best of RESG Research 2014
implements
Distillation Approach
Qualitative
Data
System
Requirements
Privacy Threats
/ Concerns
Privacy
Requirements
Information
Flow Model
Privacy Facets
Framework
Mobile
Application
Structure
Qualitative
Data
1
Info. Flow
Modelling
2
Privacy
Problem
Analysis
3
uses
mitigates
uses
9. Privacy Facets Framework
Privacy Facets
Framework
• Privacy Sensitive Context identification (PS-Context)
• Facet questions (Information, Info. Flow, Actors & Place)
• Privacy threat description and mapping
• Problem patterns - information flow modelling
• Privacy arguments1 (extensions)
BCS Best of RESG Research 2014
10. assist in gathering
Informs new version
BCS Best of RESG Research 2014
implements
Distillation Approach
Qualitative
Data
System
Requirements
Privacy Threats
/ Concerns
Privacy
Requirements
Information
Flow Model
Privacy Facets
Framework
Mobile
Application
Structure
Qualitative
Data
1
Info. Flow
Modelling
2
Privacy
Problem
Analysis
3
uses
mitigates
uses
11. Structuring of Qualitative Data
...things like buses and trains
I don’t feel so comfortable...,
because I don’t know...lots of people I
don’t know...if they for example read
some of the posts I have done...they
don’t know the people that they are
aimed at or the back story
BCS Best of RESG Research 2014
Privacy Facets
Framework
Negative
Emotions
shows
Privacy
Sensitive
Context
Code :
NEI
12. Structuring of Qualitative Data
...things like buses and trains
I don’t feel so comfortable...,
because I don’t know...lots of people I
don’t know...if they for example read
some of the posts I have done...they
don’t know the people that they are
aimed at or the back story
Code : User’s privacy
BCS Best of RESG Research 2014
Privacy Facets
Framework
Place Facet
Questions
Indicates
NEI
is impacted by
Place (location)
,
PLACE(LOC)
T9 – Proximal Access
Loss of reputation (H3), Loss of freedom (H6), Loss of anonymity (H7), Embarrassment (H9)
13. assist in gathering
Informs new version
BCS Best of RESG Research 2014
implements
Distillation Approach
Qualitative
Data
System
Requirements
Privacy Threats
/ Concerns
Privacy
Requirements
Information
Flow Model
Privacy Facets
Framework
Mobile
Application
Structure
Qualitative
Data
1
Info. Flow
Modelling
2
Privacy
Problem
Analysis
3
uses
mitigates
uses
14. Information-Flow Modelling
Information Requirement
Screen Display
BCS Best of RESG Research 2014
Msg.
creating
Status Msg.
Msg.
Display
Create
Status
Message
Display Status
Message ~
Fb-Friends
Machine User
Machine
Friends
Privacy Facets
Framework
15. assist in gathering
Informs new version
BCS Best of RESG Research 2014
implements
Distillation Approach
Qualitative
Data
System
Requirements
Privacy Threats
/ Concerns
Privacy
Requirements
Information
Flow Model
Privacy Facets
Framework
Structure
Qualitative
Data
1
Info. Flow
Modelling
2
Privacy
Problem
Analysis
3
uses
mitigates
uses
Mobile
Application
16. Privacy Problem Analysis
Machine User
Information Requirement
Machine Screen Display
BCS Best of RESG Research 2014
Privacy Facets
Framework
Msg.
creating
Status Msg.
Msg.
Display
Create
Status
Message
Display Status
Message ~
Fb-Friends
PC9: Proximal
Access Concern
1
3 2
Passengers
Pub.Trans.
17. Privacy Problem Analysis
BCS Best of RESG Research 2014
Privacy Facets
Framework
argument: PN1 "<<User>> can only share
Status Messages with friends"
argument: PC9 “Status messages are visible to
passengers co-located to <<User>> on <<Public
Transport>>” rebuts PN1
argument: PR1 “Screen display filter is enabled
when <<User>> is on <<Public Transport>>" mitigates
PC9 depends on PR2,PR3
argument: PR2 “<<User>> on <<Public Transport>> is
detected"
argument: PR3 “<<User>> in close proximity to
others passengers is detected"
18. assist in gathering
Informs new version
BCS Best of RESG Research 2014
implements
Distillation Approach
Qualitative
Data
System
Requirements
Privacy Threats
/ Concerns
Privacy
Requirements
Information
Flow Model
Privacy Facets
Framework
Structure
Qualitative
Data
1
Info. Flow
Modelling
2
Privacy
Problem
Analysis
3
uses
mitigates
uses
Mobile
Application
19. • Evaluation based on Case-study design and QDA
(a) employing a transparent and systematic process
(b) providing traceability by linking outputs to qualitative data
(c) demonstrating applicability or usefulness of results
BCS Best of RESG Research 2014
Evaluation
Threats to validity Mitigation / future work
Reliability of thematic codes Test for inter-rater reliability
using Software engineers.
Limitations on generalisability Apply Distillation on datasets
from other empirical studies
Validation of privacy
requirements
Apply Distillation in the context
of a software development
process
20. Contributions
• Distillation approach
– Structure qualitative data
– model information flows
– privacy problem analysis to derive privacy requirements
• Privacy Facets Framework
– PS-context identification
– Privacy threat descriptions
– Facet questions
– Information-flow patterns
– Privacy arguments (extension)
BCS Best of RESG Research 2014
Privacy Facets
Framework
21. Thank you!
http://www.asap-project.info
Distilling Privacy Requirements for Mobile Applications
Keerthi Thomas1, Arosha K. Bandara1, Blaine A. Price1,
Bashar Nuseibeh1,2
1 Centre for Research in Computing, The Open University, Milton Keynes, UK
2Lero, University of Limerick, Ireland
http://oro.open.ac.uk/39635/
BCS Best of RESG Research 2014