Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Engineering privacy by design: Lessons from the design and implementation of an identity wallet platform
Capgemini Germany, Frankfurt am Main, Germany.
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).ORCID iD: 0000-0001-6459-8409
Goethe University Frankfurt, Frankfurt am Main, Germany.
Goethe University Frankfurt, Frankfurt am Main, Germany.
2019 (English)In: Proceedings of the ACM Symposium on Applied Computing, Association for Computing Machinery , 2019, p. 1475-1483Conference paper, Published paper (Refereed)
Abstract [en]

Applying PbD principles to the design of a system is challenging. We provided our experience and lessons learnt from applying the LINDDUN as a privacy assessment framework in the design of the architecture for a cloud-based identity wallet platform. In this effort, we identified a need to improve LINDDUN in a number of cases, for which we proposed and documented concrete enhancements. We transform LINDDUN from a linear to an iterative process that requires adaptation, introduce the concept of “Constraints” and add a new step in the mitigation of threats. Further, we consider the mitigation strategies of LINDDUN too narrow, and propose other, more practicable ones. Finally, we not only identify further PETs for mitigating privacy threats, but also acknowledge the fact that some threats cannot be effectively mitigated with PETs alone. Thus, we introduce additional mitigation mechanisms besides PETs, introducing especially development guidelines and organizational measures. We demonstrate our enhancements with concrete examples, which could serve also other engineering projects following the PbD paradigm.

Place, publisher, year, edition, pages
Association for Computing Machinery , 2019. p. 1475-1483
Keywords [en]
Data flow diagram, Identity wallet, LINDDUN, Mitigation of risks, PbD, Privacy by design, Privacy risks, Privacy threat modelling, Concretes, Data flow analysis, Data flow graphs, Mathematical transformations, Data flow diagrams, Privacy threats, Risk assessment
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-72516DOI: 10.1145/3297280.3297429Scopus ID: 2-s2.0-85065644021ISBN: 978-1-4503-5933-7 (electronic)OAI: oai:DiVA.org:kau-72516DiVA, id: diva2:1324219
Conference
34th Annual ACM Symposium on Applied Computing, SAC 2019, 8 April 2019 through 12 April 2019
Available from: 2019-06-13 Created: 2019-06-13 Last updated: 2019-10-24Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records BETA

Pulls, Tobias

Search in DiVA

By author/editor
Pulls, Tobias
By organisation
Department of Mathematics and Computer Science (from 2013)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 43 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf