Threats to applications security are continuously evolving thanks to factors such as progress made by the attackers, release of new technologies, use of increasingly complex systems. In this scenario, it is necessary to implement both design and programming practices that guarantee the security of the code on one hand, and the privacy of the data, on the other. This paper proposes a software development approach, Privacy Oriented Software Development (POSD), that complements traditional development processes by integrating the activities needed for addressing security and privacy management in software systems. The approach is based on 5 key elements (Privacy by Design, Privacy Design Strategies, Privacy Pattern, Vulnerabilities, Context). It can be applied forward for developing new systems and backward for re-engineering an existing one. This paper presents the POSD approach in the backward mode together with an experimentation in the context of an industrial project. Results show that POSD is able to discover software vulnerabilities, identify the remediation patterns needed for addressing them in the source code and design the target architecture to be used for guiding privacy-oriented system reengineering.

Privacy Oriented Software Development

Baldassarre M. T.;Barletta V. S.
;
Caivano D.;Scalera M.
2019-01-01

Abstract

Threats to applications security are continuously evolving thanks to factors such as progress made by the attackers, release of new technologies, use of increasingly complex systems. In this scenario, it is necessary to implement both design and programming practices that guarantee the security of the code on one hand, and the privacy of the data, on the other. This paper proposes a software development approach, Privacy Oriented Software Development (POSD), that complements traditional development processes by integrating the activities needed for addressing security and privacy management in software systems. The approach is based on 5 key elements (Privacy by Design, Privacy Design Strategies, Privacy Pattern, Vulnerabilities, Context). It can be applied forward for developing new systems and backward for re-engineering an existing one. This paper presents the POSD approach in the backward mode together with an experimentation in the context of an industrial project. Results show that POSD is able to discover software vulnerabilities, identify the remediation patterns needed for addressing them in the source code and design the target architecture to be used for guiding privacy-oriented system reengineering.
2019
978-3-030-29237-9
978-3-030-29238-6
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11586/301652
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 20
  • ???jsp.display-item.citation.isi??? ND
social impact