Author:
George O. M. Yee
Affiliation:
Computer Research Lab and Carleton University, Canada
Keyword(s):
Distributed, Software, Development, System, Privacy, Risks, Mitigation.
Related
Ontology
Subjects/Areas/Topics:
Data and Application Security and Privacy
;
Information and Systems Security
;
Information Assurance
;
Privacy
;
Risk Assessment
;
Secure Software Development Methodologies
;
Security in Distributed Systems
;
Security in Information Systems
;
Software Security
Abstract:
Distributed software systems are increasingly found in many aspects of our lives, as can be seen in social
media, international online banking, and international commerce (e.g. Internet shopping). This widespread
involvement of software in our lives has led to the need to protect privacy, as the use of the software often
requires us to input our personal or private information. A first step to protecting privacy is to identify the
risks to privacy found in the software system. Once the risks are known, measures can be put in place to
mitigate the risks. This is best done at the early stages of software development due to the heavy costs of
making changes after the software is deployed. This paper proposes a two-pronged approach, consisting of
privacy risk identification followed by risk mitigation, for adding privacy protection to distributed software.
The paper illustrates the approach with examples.