Bandara, Arosha K.
Universite Claude Bernard Lyon
Open University, United Kingdom
University of Derby
MetadataShow full item record
AbstractInternet of Things (IoT) applications typically collect and analyse personal data that can be used to derive sensitive information about individuals. However, thus far, privacy concerns have not been explicitly considered in software engineering processes when designing IoT applications. With the advent of behaviour driven security mechanisms, failing to address privacy concerns in the design of IoT applications can also have security implications. In this paper, we explore how a Privacy-by-Design (PbD) framework, formulated as a set of guidelines, can help software engineers integrate data privacy considerations into the design of IoT applications. We studied the utility of this PbD framework by studying how software engineers use it to design IoT applications. We also explore the challenges in using the set of guidelines to influence the IoT applications design process. In addition to highlighting the benefits of having a PbD framework to make privacy features explicit during the design of IoT applications, our studies also surfaced a number of challenges associated with the approach. A key finding of our research is that the PbD framework significantly increases both novice and expert software engineers’ ability to design privacy into IoT applications.
CitationPerera, C., Barhamgi, M., Bandara, A.K., Ajmal, M., Price, B. and Nuseibeh, B., (2020). 'Designing privacy-aware internet of things applications'. Information Sciences, 512, pp. 238-257.
JournalElsevier Information Sciences