Models for privacy engineering

Sharing practices for privacy engineering based on models

This interest group focuses on the sharing of practices for privacy engineering based on the use of  models:

• To foster exchange of ideas and explanation. This is a universal practice, as pointed out by the national science teaching association, which has developed a practice program which leverages models as helpful tools for representing ideas and explanations. These tools include diagrams, drawings, physical replicas, mathematical representations, analogies, and computer simulations (https://ngss.nsta.org/Practices.aspx?id=2).
• To support engineering. INCOSE defines model-based systems engineering (MBSE) as the formalized application of modeling to support system requirements, design, analysis, verification and validation activities beginning in the conceptual design phase and continuing throughout development and later life cycle phases (https://www.omgwiki.org/MBSE/doku.php).

Models can be used

• as a common language for descriptive capabilities, so that system models include any information about the system and its context that may be necessary to address privacy concerns from different viewpoints (e.g. requirements specification, logical data structure, processing functions, architectural deployment, development process, assurance evidence, external threats, etc.).
• as an information sharing tool for prescriptive capabilities, so that the capabilities of available leading solutions are described in shared terms that allow documenting them, comparing them, choosing those most appropriate for a given situation.

Creating synergies to foster the development of an ecosystem of privacy models

While a lot of work is underway by different groups (e.g., privacy threat modelling, privacy patterns, privacy enhancing technologies), this interest group will serve to create synergies and collaboration, addressing the following needs:

(1) Enabling the combination of multiple viewpoints on privacy, integrating

• the consumer’s viewpoint (e.g. see ISO 31700-1 - https://www.iso.org/standard/84977.html, and https://www.youtube.com/watch?v=-SpMDfqIC1o),
• the technology realm (e.g., IoT, Artificial intelligence, digital twin),
• the application domains (e.g., health, energy, transport),
• solutions (e.g., privacy controls, privacy enhancing technologies), and
• the product lifecycle (e.g., from inception to end of use/end of support) and data lifecycle (e.g., from collection to deletion of data).

(2) Guidance on privacy practices,

• at the level of training and awareness creation (e.g., NIST privacy workforce program - https://www.nist.gov/privacy-framework/workforce-advancement/privacy-workforce-public-working-group, IAPP Privacy Engineering),
• at the level of privacy threat assessment (e.g., LINDDUN - https://www.linddun.org/, https://plot4.ai/), or
• at the level of trustworthiness and compliance (e.g. standards - https://ipen.trialog.com/wiki/ISO)

(3) Sharing information on available leading solutions for privacy engineering based on the use of models, i.e., solutions for privacy that correspond to the state of the art (leading) and that have sufficient maturity (available). This can leverage the use of catalogues of patterns for privacy engineering (patterns are abstractions of effectively proven solutions that can be systematically applied to address typical problems under commonly occurring contexts, see https://hillside.net/patterns/about-patterns)