More Web Proxy on the site http://driver.im/

research-article

A framework to support software developers in implementing privacy features

Author:

Anthony MazeliAuthors Info & Claims

ICSE '22: Proceedings of the ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings

Pages 245 - 247

https://doi.org/10.1145/3510454.3517054

Published: 19 October 2022 Publication History

Abstract

Software developers are inundated with responsibility to incorporate privacy artifacts into software design from the onset in line with best practices. However, little is understood about the struggles developers face implementing privacy into software design. This PhD will undertake: (1) a Systematic Literature Review (SLR) to understand developers interpretation or lack thereof of privacy regulations while incorporating privacy into software systems; (2) two task-based studies to analyze software developers' privacy compliance to ascertain whether or not they are able to comply with regulatory standards in implementing privacy into software design; (3) analyze mental models adopted by developers when trying to ameliorate their struggles, and (4) then design and evaluate a framework that helps developers make informed privacy decisions.

References

[1]

Abdulrahman Alhazmi and Nalin AG Arachchilage. 2021. A Serious Game Design Framework for Software Developers to Put GDPR into Practice. In The 16th International Conference on Availability, Reliability and Security. 1--6.

Digital Library

[2]

Abdulrahman Alhazmi and Nalin Asanka Gamagedara Arachchilage. 2021. I'm all ears! Listening to software developers on putting GDPR principles into software development practice. Personal and Ubiquitous Computing (2021), 1--14.

[3]

Ingolf Becker, Simon Parkin, and M Angela Sasse. 2017. Finding security champions in blends of organisational culture. Proc. USEC 11 (2017).

[4]

Andrew Begel and Beth Simon. 2008. Novice software developers, all over again. In Proceedings of the fourth international workshop on computing education research. 3--14.

Digital Library

[5]

Ann Cavoukian et al. 2009. Privacy by design: The 7 foundational principles. Information and privacy commissioner of Ontario, Canada 5 (2009), 12.

[6]

Souti Chattopadhyay, Nicholas Nelson, Audrey Au, Natalia Morales, Christopher Sanchez, Rahul Pandita, and Anita Sarma. 2020. A tale from the trenches: cognitive biases and software development. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. 654--665.

Digital Library

[7]

Partha Das Chowdhury, Joseph Hallett, Nikhil Patnaik, Mohammad Tahaei, and Awais Rashid. 2021. Developers Are Neither Enemies Nor Users: They Are Collaborators. In 2021 IEEE Cybersecurity Development (SecDev). 22--26.

[8]

Duy Dang-Pham, Siddhi Pittayachawan, and Vince Bruno. 2017. Applications of social network analysis in behavioural information security research: Concepts and empirical analysis. Computers & Security 68 (2017), 1--15.

Digital Library

[9]

Yuanyuan Feng, Yaxing Yao, and Norman Sadeh. 2021. A Design Space for Privacy Choices: Towards Meaningful Privacy Control in the Internet of Things. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1--16.

Digital Library

[10]

Colin M. Gray, Yubo Kou, Bryan Battles, Joseph Hoggatt, and Austin L. Toombs. 2014. Using psycho-physiological measures to assess task difficulty in software development. In Proceedings of the 36th ICSE. ACM. 402--413.

[11]

Irit Hadar, Tomer Hasson, Oshrat Ayalon, Eran Toch, Michael Birnhack, Sofia Sherman, and Arod Balissa. 2018. Privacy by designers: software developers' privacy mindset. Empirical Software Engineering 23, 1 (2018), 259--289.

Digital Library

[12]

Andrew J Ko, Robert DeLine, and Gina Venolia. 2007. Information needs in collocated software development teams. In 29th International Conference on Software Engineering (ICSE'07). IEEE, 344--353.

Digital Library

[13]

André N Meyer, Laura E Barton, Gail C Murphy, Thomas Zimmermann, and Thomas Fritz. 2017. The work life of developers: Activities, switches and perceived productivity. IEEE Transactions on Software Engineering 43, 12 (2017), 1178--1193.

Digital Library

[14]

André N Meyer, Thomas Fritz, Gail C Murphy, and Thomas Zimmermann. 2014. Software developers' perceptions of productivity. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. 19--29.

Digital Library

[15]

State of California Department of Justice. 2018. California Consumer Privacy Act (CCPA). https://oag.ca.gov/privacy/ccpa Last accessed November 2021.

[16]

The European parliament and the council of the European union. 2018. General Data Protection Regulation (GDPR). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679 Last accessed November 2021.

[17]

Hiep Cong Pham, Linda Brennan, Lukas Parker, Nhat Tram Phan-Le, Irfan Ulhaq, Mathews Zanda Nkhoma, and Minh Nhat Nguyen. 2019. Enhancing cyber security behavior: an internal social marketing approach. Information & Computer Security (2019).

[18]

Iskander Sanchez-Rola, Matteo Dell'Amico, Platon Kotzias, Davide Balzarotti, Leyla Bilge, Pierre-Antoine Vervier, and Igor Santos. 2019. Can i opt out yet? gdpr and the global illusion of cookie control. In Proceedings of the 2019 ACM Asia conference on computer and communications security. 340--351.

Digital Library

[19]

Mohammad Tahaei, Alisa Frik, and Kami Vaniea. 2021. Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1--15.

Digital Library

[20]

Mohammad Tahaei and Kami Vaniea. 2019. A Survey on Developer-Centred Security. In 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 129--138.

[21]

Ari Ezra Waldman. 2018. Designing without privacy. Houston Law Review 55, 659 (2018).

[22]

Xueling Zhang, Xiaoyin Wang, Rocky Slavin, Travis Breaux, and Jianwei Niu. 2020. How does misconfiguration of analytic services compromise mobile privacy?. In 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE). IEEE, 1572--1583.

Digital Library

Cited By

Diepenbrock AFleck JSachweh S(2023)An Analysis of Stack Exchange Questions: Identifying Challenges in Software Design and Development with a Focus on Data Privacy and Data ProtectionProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605465(1-7)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605465

Index Terms

A framework to support software developers in implementing privacy features
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections
    2. Usability in security and privacy
2. Software and its engineering
  1. Software creation and management
    1. Designing software
      1. Software design engineering
      2. Software implementation planning
        Software design techniques

Recommendations

Why developers cannot embed privacy into software systems?: An empirical investigation
EASE '18: Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018

Pervasive use of software applications continue to challenge user privacy when users interact with software systems. Even though privacy practices such as Privacy by Design (PbD), have clear instructions for software developers to embed privacy into ...
A Serious Game Design Framework for Software Developers to Put GDPR into Practice
ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

The growth of the internet has significantly increased data breaches (i.e. privacy breaches) in software systems. It could be argued that software developers failed to implement privacy into software systems with the appropriate privacy guidelines or ...
Multicriteria decision‐making–based framework for implementing DevOps practices: A fuzzy best–worst approach
Abstract
Increasingly, software organizations are implementing DevOps culture to benefit from it in terms of continuous testing, delivery, improvement, and so forth. Implementing DevOps is difficult due to a lack of understanding about the practices and ...

In Phase 1, the search string was applied to find relevant articles on six digital libraries. Inclusion and exclusion criteria were applied to research articles retrieved from various databases as a part of Phase 2. Afterward, the relevance of the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE '22: Proceedings of the ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings

May 2022

394 pages

ISBN:9781450392235

DOI:10.1145/3510454

General Chair:
Matthew B Dwyer
University of Virginia

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

In-Cooperation

IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 October 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Engineering and Physical Sciences Research Council

Conference

ICSE '22

Sponsor:

SIGSOFT

ICSE '22: 44th International Conference on Software Engineering

May 21 - 29, 2022

Pennsylvania, Pittsburgh

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
151
Total Downloads

Downloads (Last 12 months)50
Downloads (Last 6 weeks)3

Reflects downloads up to 31 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Diepenbrock AFleck JSachweh S(2023)An Analysis of Stack Exchange Questions: Identifying Challenges in Software Design and Development with a Focus on Data Privacy and Data ProtectionProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605465(1-7)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605465

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents