Semantics-based Privacy by Design for Internet of Things Applications
2025-05-03
0
0
3.07MB
19 页
10玖币
侵权投诉
Semantics-based Privacy by Design for Internet of Things Applications
Lamya Alkharijia, Suparna Deb, Omer Ranaa, Charith Pereraa
aCardiff University, Cardiff CF10 3AT, United Kingdom
bUniversity of Surrey, Guildford GU2 7XH, United Kingdom
Abstract
As Internet of Things (IoT) technologies become more widespread in everyday life, privacy issues are becoming more
prominent. The aim of this research is to develop a personal assistant that can answer software engineers’ questions
about Privacy by Design (PbD) practices during the design phase of IoT system development. Semantic web tech-
nologies are used to model the knowledge underlying PbD measurements, their intersections with privacy patterns, IoT
system requirements and the privacy patterns that should be applied across IoT systems. This is achieved through the
development of the PARROT ontology, developed through a set of representative IoT use cases relevant for software
developers. This was supported by gathering Competency Questions (CQs) through a series of workshops, resulting in
81 curated CQs. These CQs were then recorded as SPARQL queries, and the developed ontology was evaluated using
the Common Pitfalls model with the help of the Prot´eg´e HermiT Reasoner and the Ontology Pitfall Scanner (OOPS!), as
well as evaluation by external experts. The ontology was assessed within a user study that identified that the PARROT
ontology can answer up to 58% of privacy-related questions from software engineers.
Keywords: Privacy, Privacy by Design, Internet of Things, Semantic Web, Ontology, Context Awareness
1. Introduction
There have recently been significant increases in the de-
ployment of Internet of Things (IoT) systems, extending
into domains as varied as smart homes, personal health,
wearables and public space monitoring, many of which en-
tail the collection and manipulation of large quantities of
user data [1] [2]. Protecting privacy of an individual within
such systems has become a growing concern that requires
urgent attention. In recent years, there has been increas-
ing interest in the development and enforcement of pri-
vacy laws and practices by various authorities. One main
issue for many software engineers is that these rules are of-
ten complex and abstract in nature, and thus require field
experts to translate them into more implementable for-
mats. While this is feasible for large companies, in small-
to-medium enterprises (SMEs), such bespoke approaches
can become an unbearable burden, and consequently are
often neglected.
Privacy by Design (PbD) is a concept that suggests
considering data protection during the system design phase,
leading to a more practical solution to satisfy a data sub-
ject’s2privacy [3]. In this context, several PbD measure-
ments (or schemes) at different levels of abstraction, in-
cluding principles, guidelines, strategies and privacy pat-
terns, have been proposed by various organisations and
researchers, as reviewed in [4]. However, the software
1Corresponding author at: AlkharijiLa@cardiff.ac.uk. Sponsored
by Imam Muhammad bin Saud University
2An individual using the IoT system whose data are collected
developer must still determine which PbD practices are
best suited to the system under development, which nev-
ertheless adds significant effort to the development pro-
cess. This paper introduces a solution that enables soft-
ware engineers to query the components of the system un-
der development with respect to the privacy measurements
required.
Semantic web technologies enable structured annota-
tion, integration and retrieval of massive quantities of data
[5]. In this paper, we introduce the PARROT ontology,
which models IoT system needs and binds them to the rel-
evant PbD measurements. The contributions of this paper
are as follows:
1. An analysis of PbD needs in IoT systems, obtained from
actual software engineers in the form of Competency
Questions (CQs)3within real IoT use cases and their
corresponding privacy patterns. This should enable re-
searchers, privacy professionals, and standards organi-
sations to achieve better design for privacy protection.
2. The introduction of the PARROT ontology, which en-
capsulates existing PbD measurements and their inter-
relationships as a means of offering easily explainable
PbD guidance. In addition, the PARROT ontology cap-
tures the knowledge required to answer software engi-
neers’ questions on privacy when designing IoT systems.
3Question expressed in natural language by stakeholders that de-
fines the scope of the ontology
Preprint submitted to Journal of L
A
T
E
X Templates October 5, 2022
arXiv:2210.01778v1 [cs.CR] 4 Oct 2022
3. An assessment of the PARROT ontology quality across
three different aspects, and a demonstration of the use
of the PARROT ontology within a user-based study.
The remainder of this paper is structured as the fol-
lowing: Section 2 presents a motivating scenario to pro-
vide a context for this paper. Section 3 presents related
work covering existing privacy regulations and ontologies.
Section 4 explains the methodology we followed in the re-
search. Section 5 shows how we gathered requirements
for the PARROT ontology. Section 6 provides an analy-
sis of the information we gathered. Section 7 explores the
PARROT ontology specifications and description. In Sec-
tion 8 we validated the PARROT ontology using CQs. In
Sections 9 and 10, we evaluate the implementation of the
PARROT ontology. In Section 11 we discuss the results of
the evaluation, concluding the paper in Section 12.
2. Motivating Scenario
To illustrate the use of the tool under development,
a case study featuring ”Nora”, a software developer who
seeks to implement GDPR rule of PbD in the system she
is developing is considered.
2.1. Scenario
Nora is developing an IoT system, but she needs to
think about user privacy. She searches about the required
PbD practices in order to understand them and then de-
termines which ones she needs to apply. She finds many
resources and documents that describe ways to protect the
privacy of users, but she is confused by the large number
of available documents and their variations. For example,
Cavoukian’s principle, “Proactive, not Reactive; Preventa-
tive not Remedial” that she finds easy to understand, but
these are vague in application. Looking at another doc-
ument, Hoepman’s strategies, she is unsure whether she
needs to apply all of the strategies. On looking at the first
strategy, “Minimise”, she approaches her system with the
intent of minimising data. This becomes somewhat confus-
ing where she seeks further explanations of this strategy,
discovering the privacy patterns document which she finds
applicable. However, it offers so many patterns that she is
not sure which ones best explain the “Minimise” strategy.
She goes back to her system having struggles to find the
appropriate practices to deploy.
Nora thus decides to use a personalized assistant tool.
She draws the system she is designing in the tool’s inter-
face, and once she submits the DFD diagram, the tool re-
turns it with annotations and comments about the privacy
patterns required for each node in the diagram. She ex-
plores these comments, which help her ascertain what she
needs to do to implement the appropriate patterns. Seek-
ing further explanation, she uses a chatbot to ask questions
about the meaning of these privacy patterns.
2.2. Comments and Discussion
Nora can thus finish her task more easily, having gained
sufficient awareness of the privacy measurements required
in her system. The chatbot function gives her the ability
to ask questions about why a particular privacy pattern is
advised and the relevance of each privacy pattern to the
other measurements involved. This personalisation of the
privacy assistant tool thus helps Nora to use the most ap-
propriate privacy measurements across her system design.
3. Related Work
3.1. Privacy Regulations and Standards
As user privacy has become a prominent concern, it
has been further protected by various legislative bodies in
many countries. In Europe and the UK, the General Data
Protection Regulation4(GDPR) [6] is applied, whereas in
the United States, different federal laws and regulations
have been implemented by various state governments, such
as Californian Consumer Privacy Act5(CCPA) and the
Stop Hacks and Improve Electronic Data Security Act6
(SHIELD). In Australia, the Australian Privacy Princi-
ples (APPs) are used as a privacy protection framework7.
Aljeraisy et al. [7] offer a more comprehensive analysis of
privacy protection laws across different countries.
Meeting the requirements of all of these various laws
can present a challenge to software engineers, particularly
because of the unfamiliar language used in describing these
requirements. This leads to a need to transform these
laws into software requirements, a process referred to as
Privacy by Design (PbD) [8] [3]. There have been mul-
tiple PbD measurements deployed by different parties at
various levels, such as the seven privacy principles pub-
lished by Cavoukian [9] and the eight privacy strategies
created by Hoepman [10]. Moreover, Perera et al. [11]
published 30 privacy guidelines specifically related to IoT
systems, though the technical report [12] reviews 10 PbD
measurements published by different organisations and re-
searchers along with their relationships to each other as a
way of broadening scope. These PbD measurements are
the ground source of information that we are using in this
research, where we recommend consistent ones to the sys-
tem design nodes provided.
3.2. Privacy Information Needs
A limited number of studies have explored the aware-
ness of PbD regimes among software engineers. Perera
et al. [13] undertook an observational study to show how
the creation of assistive structured privacy guidelines could
be helpful in allowing software engineers to improve data
4gdpr-info.eu
5oag.ca.gov/privacy/ccpa
6privacyshield.gov
7oaic.gov.au/privacy/australian-privacy-principles
2
subject privacy within their systems. They found that, ir-
respective of engineers’ level of expertise, such guidelines
led to similar levels of incorporation of privacy practices
in the resulting designs. In addition, the study made clear
that providing software engineers with a privacy guideline
list affects design success, with a success rate of 75.12%.
Providing personalised assistants for software engineers
is likely to have an impact on compliance with PbD prac-
tices, which drive improvement of data subject privacy.
This is particularly true, based on automated assistant
systems’ proven ability to support clients efficiently [14].
The current work has incorporated as many PbD mea-
surements as possible to embrace the idea of “explainable
privacy”. This has been done because, among the vari-
ous different types of PbD measurements, privacy patterns
are the most suitable for implementation by software en-
gineers, yet other scheme levels, being more abstract, offer
better descriptions of the aims behind each practice. The
next section thus develops the concept that the knowl-
edge underlying PbD can be translated into a machine-
interpretable format in order to facilitate automation of
PbD recommendations for IoT systems.
3.3. Ontologies Representing Domain Knowledge
Ontologies, as a technology in the semantic web, of-
fer reasonable means of representing a knowledge base.
An ontology can thus represent a very wide range of con-
cepts, along with their relationships and interactions, in a
machine-readable format. For example, Dragoni et al. [15]
considered the adoption of advanced technology into an in-
dividual’s lifestyle as a way to develop recommendations
for personalised healthy practices by applying an ontology-
centric decision support system called PerKApp. The pro-
posed ontology provided expert knowledge and the infor-
mation required to assist the user in developing healthy
practices. It also incorporated semantic rules to act as
expert support for the user’s healthy practices, identify-
ing any violations in such practices, and notifying the user
by means of motivational messages as required. That sys-
tem was tested within the Key to Health project and thus
found to be applicable in real-world scenarios.
In another example, Malone et al. [16] applied se-
mantic technologies to achieve data reproducibility in the
bioinformatics field. Their motivation was their belief that
data analysis results vary depending on the software used
for such analysis. To make data results more easily repro-
ducible, researchers thus need to know the details of the
software used to analyse the data. In ordered to build the
required Software Ontology (SWO), they followed Agile
methodology principles, as well as involving various types
of participants as ontology users. The resulting SWO on-
tology was later merged with the EDAM [17] ontology,
which was designed to handle bioinformatics operations,
data types and identifiers, topics, and formats, and the
resultant joint ontology was used in various biomedical
applications, including the BioMedBridges software reg-
istry [18], eagle-I [19], and the Gene Expression Atlas Data
project [20]. These examples illustrate ontologies as an
effective technology to supply assistive systems. Hence,
in this research, we are developing the PARROT ontol-
ogy that fulfills our purpose. Many methodologies exist
to guide ontology developers in creating associated ana-
lytical studies to compare options [21] [22] [23]. For this
work, however, the NeON [24] and Chaware et al. [25]
methodologies were adopted.
3.4. Ontologies for Privacy by Design
Multiple ontologies have been developed to support
increased rigour in the privacy field. Harshvardhan et
al. [26] attempted to address the complexity of under-
standing privacy policies by transforming such policies into
machine-readable data. They proposed an ontology design
pattern (ODP) that contains all details in a given privacy
policy document, such as those on collection, usage, stor-
age, and sharing of personal data, along with the relevant
processes and legal basis in the GDPR. This ODP would
thus have benefits above and beyond those of the GDPRov
[27] and GDPRtEXT [26] ontologies, which cover the vo-
cabulary, concepts, and terms within the GDPR. They
designed an ODP to answer a set of competency ques-
tions related to personal data; further competency ques-
tions about how personal data may be changed, deleted,
and obtained were not incorporated at that stage. The
authors thus acknowledged that the ODP required wider
patterns to include all information in a privacy policy doc-
ument in order to develop it into an ontology that could
allow the full manipulation and understanding of the use
of personal data. They modeled the information of privacy
policies, whereas in our ontology we modeled PbD knowl-
edge which are the structures to be followed in the design
phase of software development.
Gharib et al. [28] applied the PbD concept, rather
than focusing only on security requirements, as a solu-
tion to privacy breaches. However, they suggested that
the vagueness of this privacy concept confuses designers
and stakeholders, preventing them from making the right
design decisions. To address this, they suggested that on-
tologies offer a more robust means of conceptualising pri-
vacy concepts and their interrelations, and to develop a
relevant ontology, they systematically reviewed the liter-
ature to identify key concepts and relationships underly-
ing general privacy requirements. From this review, they
identified 38 key concepts and relationships, which they
grouped across four categories, creating 17 organisational
factors, nine risks, five treatments, and seven privacy fac-
tors. Although their concern is PbD requirements, their
objective varies from the PARROT ontology that they aim
to provide the software developer with generic privacy key
concepts where we provide explainable PbD measurements
that are matching and should be applied in the correspond-
ing IoT system.
3
4. Methodology
The progress of the current research was organised into
four phases as shown in figure 1. These were information
gathering, analysis, development, and evaluation. The
first step was to gather the information required for mod-
elling in the PARROT ontology via six representative IoT
use cases with different system components and data types.
This step involved two sources of questions, those asked by
researchers and by software engineers in a series of work-
shops. This resulted in the development of 170 compe-
tency questions (CQs) that were input to the filtration
step. All resulting valid questions were then used to create
an ontology requirements specification document (ORSD),
which listed 81 CQs. For the final step in this phase, the
answers to the retained CQs were determined and then
formulated as a set of privacy patterns. At that point, the
ORSD and the formulated knowledge were thus generated
for the next phase. Section 5 discusses further details of
the gathering phase.
In the analyse phase, the knowledge from the gather-
ing phase was grouped, categorised, and tagged. The CQs
were initially grouped depending on the use cases from
which they were inferred; they were then categorised, de-
pending on the issues raised, into five types and 20 sub-
types. In addition, relevant answers were assigned to all
CQs in the form of privacy patterns, using Hoepman’s [10]
eight tags, as ascertained from previous research [4]. The
necessary analysis to achieve this is discussed in further de-
tail in section 6. The analysed data sets were then moved
to the next phase.
In the develop phase, the PARROT ontology was cre-
ated using a top-down approach. As a starting point, four
existing ontologies, SKOS, GDPRtEXT, SSN, and SOS
were reused, with classes created to model the knowledge
that was to be included in the PARROT ontology. The
PbD measurements and their connections were thus mod-
elled together, based on previous work [4], along with the
data set analysed in the previous phase. Further details of
this development are offered in section 7.
Finally, the PARROT ontology was evaluated in three
steps: (1) the CQs were validated in ORSD via SPARQL
queries; (2) the technology of the PARROT ontology was
evaluated against the 41 pitfalls, as proposed by Villal´on
[29], with this examination completed using three meth-
ods: 1. Application of the Prot´eg´e HermiT Reasoner; 2.
Evaluation with the Ontology Pitfall Scanner (OOPS!);
and 3. Lexical Semantic Expert Evaluation; (3) the con-
tent of the PARROT ontology was then evaluated using
the Wizard of Oz technique via a user study. The over-
all evaluation is thus discussed in sections 8, 9, and 10.
Across all four phases, the work was guided by the NeOn
methodology [24], a well known method of ontology devel-
opment, as integrated with the methodology designed by
Chaware et al. [25], which provided supplementary prac-
tical steps for ontological data gathering and development
for the first three phases.
5. Gathering PARROT Information Needs
To model the PARROT ontology, it was first necessary
to identify the information required. A list of CQs that
might be asked by a software developer seeking to apply
privacy practices in a system was thus developed, with
CQs extracted from six real different IoT use cases. The
use cases cover a range of different contexts and purposes
named: (1) Health care system, (2) Real-time tracking
system, (3) Fitness watch, (4) Park monitoring system,
(5) Smart home system, and (6) Drone delivery system.
We listed the use cases descriptions and diagrams and the
CQs in [30]. The overall process of this created a data
flow diagram (DFD) with an IoT system as input that
then provides the software developer with a related list
of privacy patterns matching the DFD components. The
list of CQs was finalised in two stages: the initial set was
drawn from the researchers’ knowledge of IoT systems and
Privacy Practices and as extracted from the IoT use cases
noted above; then, further CQs were solicited from soft-
ware engineers who were given various IoT use cases in a
series of focused workshops. The answers to all CQs were
then developed as a list of associated privacy patterns.
5.1. Researcher-generated CQs
The Health Care use case was selected as an example
of a system that collects sensitive information about data
subjects. Healthcare applications are a growing IoT ap-
plication domain, and they also are complex applications
that often include multiple sensors and inputs, thus gener-
ating significant data volumes. As a result, they are ideal
candidates for measurements aiming to preserve privacy,
thus offering a good initial example for this work. The
development of CQs was then undertaken in several steps:
(1) A DFD for the selected use case was created; (2) A
list of applicable privacy patterns was initiated; (3) The
privacy patterns were manually allocated across the DFD;
(4) CQs were then determined based on all nodes in the
DFD. The following explains each step in detail:
5.1.1. Health Care use case
Health Care System is an IoT application that anal-
yses patient health data in order to issue relevant alerts
and notifications. For simplicity and ease of understand-
ing, the case study was generated from the perspective
of a researcher in a healthcare company that has many
patients with diabetes, which requires both ongoing treat-
ment and regular health monitoring. As seen in figure 2, it
is thus necessary to gather and analyse data from a Con-
tinuous Glucose Monitor (CGM) sensor device worn by
patients. This sensor measures glucose levels constantly,
taking readings at consistent intervals across several days.
A researcher can thus use an application that can detect a
set blood glucose level or ongoing change in such levels as
a trigger. This application must analyse the gathered data
and produce a notification to both the patient and the re-
quired professionals as well as any researcher. This would
4
摘要:
展开>>
收起<<
Semantics-basedPrivacybyDesignforInternetofThingsApplicationsLamyaAlkharijia,SuparnaDeb,OmerRanaa,CharithPereraaaCardi University,Cardi CF103AT,UnitedKingdombUniversityofSurrey,GuildfordGU27XH,UnitedKingdomAbstractAsInternetofThings(IoT)technologiesbecomemorewidespreadineverydaylife,privacyissuesare...
声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!
相关推荐
-
【词汇变形总汇】2025高考词汇变形总汇 - 教师版VIP免费
2024-12-06 3 -
【超简37页】新课标高考英语考纲3500词汇VIP免费
2024-12-06 4 -
《高考英语3500词详解》(WORD版)VIP免费
2024-12-06 19 -
《高考英语3500词详解》VIP免费
2024-12-06 15 -
高中英语-[教师版]80天通关高考3500词汇VIP免费
2024-12-06 17 -
高中人教选修7课文逐句翻译VIP免费
2024-12-06 8 -
高中人教选修7课文原文及翻译VIP免费
2024-12-06 20 -
高中人教必修4课文逐句翻译VIP免费
2024-12-06 8 -
高中人教必修4课文原文及翻译VIP免费
2024-12-06 23 -
高考英语核心高频688词汇VIP免费
2024-12-06 11
分类:图书资源
价格:10玖币
属性:19 页
大小:3.07MB
格式:PDF
时间:2025-05-03
作者详情
相关内容
-
主题班会:责任与我同行(1)
分类:中学教育
时间:2025-06-01
标签:无
格式:PPT
价格:10 玖币
-
主题班会:责任——我们共同的需要ppt
分类:中学教育
时间:2025-06-01
标签:无
格式:PPT
价格:10 玖币
-
主题班会:预防爱滋病
分类:中学教育
时间:2025-06-01
标签:无
格式:PPT
价格:10 玖币
-
主题班会:远离毒品,珍爱生命ppt1
分类:中学教育
时间:2025-06-01
标签:无
格式:PPT
价格:10 玖币
-
韶关市2024届高三综合测试(一)英语答案
分类:中学教育
时间:2025-06-05
标签:无
格式:PDF
价格:10 玖币
渝公网安备50010702506394
