Defining, enforcing and checking privacy policies in data-intensive applications

The rise of Big Data is leading to an increasing demand for large-scale data-intensive applications (DIAs), which have to analyse massive amounts of personal data (e.g. customers' location, cars' speed, people heartbeat, etc.), some of which can be sensitive, meaning that its confidentiali...

Full description

Saved in:
Bibliographic Details
Published in2018 IEEE ACM 13th International Symposium on Software Engineering for Adaptive and Self Managing Systems (SEAMS) pp. 172 - 182
Main Authors Guerriero, Michele, Tamburri, Damian Andrew, Di Nitto, Elisabetta
Format Conference Proceeding
LanguageEnglish
Published New York, NY, USA ACM 28.05.2018
SeriesACM Conferences
Subjects
Big Data
Companies
Context Aware Privacy
Context modeling
Data models
Data privacy
Dataflow Applications
Privacy
Runtime
Security and privacy > Human and societal aspects of security and privacy > Privacy protections
Security and privacy > Software and application security > Domain-specific security and privacy architectures
Software and its engineering
data privacy
context-aware privacy
big data
dataflow applications
Online AccessGet full text
ISBN9781450357159
1450357156
DOI10.1145/3194133.3194140

Cover

Abstract The rise of Big Data is leading to an increasing demand for large-scale data-intensive applications (DIAs), which have to analyse massive amounts of personal data (e.g. customers' location, cars' speed, people heartbeat, etc.), some of which can be sensitive, meaning that its confidentiality has to be protected. In this context, DIA providers are responsible for enforcing privacy policies that account for the privacy preferences of data subjects as well as for general privacy regulations. This is the case, for instance, of data brokers, i.e. companies that continuously collect and analyse data in order to provide useful analytics to their clients. Unfortunately, the enforcement of privacy policies in modern DIAs tends to become cumbersome because (i) the number of policies can easily explode, depending on the number of data subjects, (ii) policy enforcement has to autonomously adapt to the application context, thus, requiring some non-trivial runtime reasoning, and (iii) designing and developing modern DIAs is complex per se. For the above reasons, we need specific design and runtime methods enabling so called privacy-by-design in a Big Data context. In this article we propose an approach for specifying, enforcing and checking privacy policies on DIAs designed according to the Google Dataflow model and we show that the enforcement approach behaves correctly in the considered cases and introduces a performance overhead that is acceptable given the requirements of a typical DIA.
AbstractList The rise of Big Data is leading to an increasing demand for large-scale data-intensive applications (DIAs), which have to analyse massive amounts of personal data (e.g. customers' location, cars' speed, people heartbeat, etc.), some of which can be sensitive, meaning that its confidentiality has to be protected. In this context, DIA providers are responsible for enforcing privacy policies that account for the privacy preferences of data subjects as well as for general privacy regulations. This is the case, for instance, of data brokers, i.e. companies that continuously collect and analyse data in order to provide useful analytics to their clients. Unfortunately, the enforcement of privacy policies in modern DIAs tends to become cumbersome because (i) the number of policies can easily explode, depending on the number of data subjects, (ii) policy enforcement has to autonomously adapt to the application context, thus, requiring some non-trivial runtime reasoning, and (iii) designing and developing modern DIAs is complex per se. For the above reasons, we need specific design and runtime methods enabling so called privacy-by-design in a Big Data context. In this article we propose an approach for specifying, enforcing and checking privacy policies on DIAs designed according to the Google Dataflow model and we show that the enforcement approach behaves correctly in the considered cases and introduces a performance overhead that is acceptable given the requirements of a typical DIA.
Author Tamburri, Damian Andrew
Guerriero, Michele
Di Nitto, Elisabetta
Author_xml – sequence: 1
  givenname: Michele
  surname: Guerriero
  fullname: Guerriero, Michele
  email: michele.guerriero@polimi.it
  organization: Politecnico di Milano, Milano, Italy
– sequence: 2
  givenname: Damian Andrew
  surname: Tamburri
  fullname: Tamburri, Damian Andrew
  email: d.a.tamburri@tue.nl
  organization: TU/e, Eindhoven, N.etherlands
– sequence: 3
  givenname: Elisabetta
  surname: Di Nitto
  fullname: Di Nitto, Elisabetta
  email: elisabetta.dinitto@polimi.it
  organization: Politecnico di Milano, Milano, Italy
BookMark eNqNkDtPAzEQhI0ACQipKWhcUnDBjh93LlHCS4oEBdSWH2swSXyn8ylS_j0OSUVFNTv7aVaruUAnqU2A0BUlE0q5uGNUccrY5Fc5OUJjVTcFECZqKtTxH3-Gxjl_E0KmsuGUynP0NocQU0yftxhSaHtXRmySx-4L3HJnuj5ujNvirl1FFyHjmLA3g6liGiDluAFsuq4wM8Q25Ut0Gswqw_igI_Tx-PA-e64Wr08vs_tFZaa8HirvVfC1lNTV3nrmhJHgBRjuGse9EWXt1VSKUBMZTBCCWh-4dQQ8WAuejdD1_m4EAF2eXJt-qxuhBFO80MmeGrfWtm2XWVOid5XpQ2X6UJm2fYRQAjf_DLAfF3Vtdw
CODEN IEEPAD
ContentType Conference Proceeding
Copyright 2018 ACM
Copyright_xml – notice: 2018 ACM
DBID 6IE
6IL
CBEJK
RIE
RIL
DOI 10.1145/3194133.3194140
DatabaseName IEEE Electronic Library (IEL) Conference Proceedings
IEEE Xplore POP ALL
IEEE Xplore All Conference Proceedings
IEEE Xplore
IEEE Proceedings Order Plans (POP All) 1998-Present
DatabaseTitleList

Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Xplore
  url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISBN 9781450357159
1450357156
EndPage 182
ExternalDocumentID 8595394
Genre orig-research
GroupedDBID 6IE
6IF
6IL
6IN
AAJGR
ABLEC
ACM
ADPZR
ALMA_UNASSIGNED_HOLDINGS
APO
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CBEJK
GUFHI
IEGSK
LHSKQ
OCL
RIB
RIC
RIE
RIL
AAWTH
ID FETCH-LOGICAL-a247t-dd9fd7661c7dbd3c5a6ed5ea4c8c4da5c7dd9265f706faf551bdf4bc0edebbed3
IEDL.DBID RIE
ISBN 9781450357159
1450357156
IngestDate Wed Aug 27 02:59:32 EDT 2025
Fri Sep 13 11:04:38 EDT 2024
IsPeerReviewed false
IsScholarly true
Keywords data privacy
context-aware privacy
big data
dataflow applications
Language English
License Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Permissions@acm.org
LinkModel DirectLink
MeetingName ICSE '18: 40th International Conference on Software Engineering
MergedId FETCHMERGED-LOGICAL-a247t-dd9fd7661c7dbd3c5a6ed5ea4c8c4da5c7dd9265f706faf551bdf4bc0edebbed3
PageCount 11
ParticipantIDs acm_books_10_1145_3194133_3194140
acm_books_10_1145_3194133_3194140_brief
ieee_primary_8595394
PublicationCentury 2000
PublicationDate 20180528
2018-May
PublicationDateYYYYMMDD 2018-05-28
2018-05-01
PublicationDate_xml – month: 05
  year: 2018
  text: 20180528
  day: 28
PublicationDecade 2010
PublicationPlace New York, NY, USA
PublicationPlace_xml – name: New York, NY, USA
PublicationSeriesTitle ACM Conferences
PublicationTitle 2018 IEEE ACM 13th International Symposium on Software Engineering for Adaptive and Self Managing Systems (SEAMS)
PublicationTitleAbbrev SEAMS
PublicationYear 2018
Publisher ACM
Publisher_xml – name: ACM
SSID ssj0002684116
Score 2.138705
Snippet The rise of Big Data is leading to an increasing demand for large-scale data-intensive applications (DIAs), which have to analyse massive amounts of personal...
SourceID ieee
acm
SourceType Publisher
StartPage 172
SubjectTerms Big Data
Companies
Context Aware Privacy
Context modeling
Data models
Data privacy
Dataflow Applications
Privacy
Runtime
Security and privacy -- Human and societal aspects of security and privacy -- Privacy protections
Security and privacy -- Software and application security -- Domain-specific security and privacy architectures
Software and its engineering
Title Defining, enforcing and checking privacy policies in data-intensive applications
URI https://ieeexplore.ieee.org/document/8595394
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3dS8MwED-2Pfk0PybOLyIIvtita5OmfRQ_UGGyBwXfSnK5oIidzE7Qv96krfMDQZ96hNCUS5q7XO73O4D9LIpCTHUUJE4KuLQ8yIQOA0kmE2moiVeotPFVcn7DL2_FbQsOF1gYIqqSz2jgxeou30xx7kNlQ8_FFWe8DW2ZJjVWaxFP8awlo1HSsPeMuBi6xeV26HhQPX1wo63w8VsRlcqGnHVh_DF6nTryMJiXeoBvP4gZ__t5y9D7ROuxycIOrUCLilXofpRrYM3fuwaTE7JVOYhDdupBSOhEpgrDju8IfcTcveX-ReErq8iC3RGaXRTsRJUqWCS6s6MvF949uDk7vT4-D5qCCoGKuCwDYzJrpLPIKI02MQqVkBGkOKbIjRKu2WRRIqwME6usc6a0sVxjSIa0JhOvQ6eYFrQBTKfO8TCIKDybT6zSSEqS1nDOMSMSfdhz2s79SeE5r8HPIm9mJG9mpA8Hf_bJ9eyebB_WvLrzp5qBI280vfl78xYsObcmrdMSt6FTzua041yHUu9Wa-YdD_nAOA
linkProvider IEEE
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LS8NAEB7aetBT1SrW5wqCF9OmyW42OUq1VG3Fg4K3sI9ZLGIUTQX99e4maX0g6CnDsiRhZpOZnZ3vG4CDJAh8FcvAi6zkUW6olzDpexx1wmJfIi1QaePLaHhDz2_ZbQ2O5lgYRCyKz7DjxOIsXz-qqUuVdR0XV5jQOiwwSikr0VrzjIrjLen1ooq_p0dZ1y4v-48OO8XVpTfqQj18a6NSeJFBE8az55fFI_edaS476v0HNeN_X3AZ1j7xeuRq7olWoIbZKjRnDRtI9f224OoETdEQ4oicOhiSsiIRmSb9O1QuZ27vMnkV6o0UdMF2E03OMnIicuHNS93J8Zcj7zW4GZxe94de1VLBEwHluad1YjS3PllxLXWomIhQMxRUxYpqweywToKIGe5HRhgbTkltqFQ-apQSdbgOjewxww0gMrahh1ZKMcfnE4o44By50dYyKkFkbdi32k7dXuElLeHPLK0sklYWacPhn3NS-TxB04aWU3f6VHJwpJWmN38f3oPF4fV4lI7OLi-2YMkGOXFZpLgNjfx5ijs2kMjlbrF-PgBNhsOF
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2018+IEEE+ACM+13th+International+Symposium+on+Software+Engineering+for+Adaptive+and+Self+Managing+Systems+%28SEAMS%29&rft.atitle=Defining%2C+Enforcing+and+Checking+Privacy+Policies+In+Data-Intensive+Applications&rft.au=Guerriero%2C+Michele&rft.au=Tamburri%2C+Damian+Andrew&rft.au=Di+Nitto%2C+Elisabetta&rft.date=2018-05-01&rft.pub=ACM&rft.spage=172&rft.epage=182&rft_id=info:doi/10.1145%2F3194133.3194140&rft.externalDocID=8595394
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781450357159/lc.gif&client=summon&freeimage=true
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781450357159/mc.gif&client=summon&freeimage=true
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781450357159/sc.gif&client=summon&freeimage=true