Guiding the implementation of data privacy with microservices

IF 2.4 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS International Journal of Information Security Pub Date : 2024-08-23 DOI:10.1007/s10207-024-00907-y

Pedro Antunes, Nuno Guimarães

{"title":"Guiding the implementation of data privacy with microservices","authors":"Pedro Antunes, Nuno Guimarães","doi":"10.1007/s10207-024-00907-y","DOIUrl":null,"url":null,"abstract":"<p>Privacy by design is nowadays recognized as essential in bringing data privacy into software systems. However, developers still face many challenges in reconciling privacy and software requirements and implementing privacy protections in software systems. One emerging trend is the adoption of microservices architectures—they bring in some qualities that can benefit privacy by design. The main goal of this study is to adapt privacy by design to the qualities brought by microservices. The main focus is at the architectural level, where the main structural decisions are made. A systematic literature review is adopted to identify a set of privacy models that underscore significant differences in software systems’ protection using microservices. From the literature review, a decision framework is developed. The decision framework provides guidance and supports design decisions in implementing data privacy using microservices. The framework helps select and integrate different privacy models. An illustration of using the framework, which considers the design of an electronic voting system, is provided. This study contributes to closing the gap between regulation and implementation through design, where decisions related to data privacy are integrated with decisions on architecting systems using microservices.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"15 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00907-y","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Privacy by design is nowadays recognized as essential in bringing data privacy into software systems. However, developers still face many challenges in reconciling privacy and software requirements and implementing privacy protections in software systems. One emerging trend is the adoption of microservices architectures—they bring in some qualities that can benefit privacy by design. The main goal of this study is to adapt privacy by design to the qualities brought by microservices. The main focus is at the architectural level, where the main structural decisions are made. A systematic literature review is adopted to identify a set of privacy models that underscore significant differences in software systems’ protection using microservices. From the literature review, a decision framework is developed. The decision framework provides guidance and supports design decisions in implementing data privacy using microservices. The framework helps select and integrate different privacy models. An illustration of using the framework, which considers the design of an electronic voting system, is provided. This study contributes to closing the gap between regulation and implementation through design, where decisions related to data privacy are integrated with decisions on architecting systems using microservices.

Abstract Image

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

用微服务指导数据隐私的实施

通过设计保护隐私已被公认为是将数据隐私带入软件系统的关键。然而，开发人员在协调隐私和软件需求以及在软件系统中实施隐私保护方面仍面临许多挑战。一个新兴趋势是微服务架构的采用--它们带来了一些有利于隐私设计的特质。本研究的主要目标是让隐私设计适应微服务带来的特质。研究的重点是架构层面，因为主要的结构决策都是在架构层面做出的。通过系统的文献综述，确定了一系列隐私模型，这些模型强调了使用微服务保护软件系统的显著差异。根据文献综述，制定了一个决策框架。该决策框架为使用微服务实施数据隐私保护的设计决策提供指导和支持。该框架有助于选择和整合不同的隐私模型。本研究以电子投票系统的设计为例，说明了如何使用该框架。本研究有助于通过设计缩小法规与实施之间的差距，在设计中，数据隐私相关决策与使用微服务构建系统的决策相结合。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

International Journal of Information Security 工程技术-计算机：理论方法

CiteScore

6.30

自引率

3.10%

发文量

审稿时长

12 months

期刊介绍： The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation. Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.