Nada Alhirabi

Lamya Alkhariji, Nada Alhirabi, Mansour Naser Alraja et al.

Privacy by Design (PbD) is the most common approach followed by software developers who aim to reduce risks within their application designs, yet it remains commonplace for developers to retain little conceptual understanding of what is meant by privacy. A vision is to develop an intelligent privacy assistant to whom developers can easily ask questions in order to learn how to incorporate different privacy-preserving ideas into their IoT application designs. This paper lays the foundations toward developing such a privacy assistant by synthesising existing PbD knowledge so as to elicit requirements. It is believed that such a privacy assistant should not just prescribe a list of privacy-preserving ideas that developers should incorporate into their design. Instead, it should explain how each prescribed idea helps to protect privacy in a given application design context-this approach is defined as 'Explainable Privacy'. A total of 74 privacy patterns were analysed and reviewed using ten different PbD schemes to understand how each privacy pattern is built and how each helps to ensure privacy. Due to page limitations, we have presented a detailed analysis in [3]. In addition, different real-world Internet of Things (IoT) use-cases, including a healthcare application, were used to demonstrate how each privacy pattern could be applied to a given application design. By doing so, several knowledge engineering requirements were identified that need to be considered when developing a privacy assistant. It was also found that, when compared to other IoT application domains, privacy patterns can significantly benefit healthcare applications. In conclusion, this paper identifies the research challenges that must be addressed if one wishes to construct an intelligent privacy assistant that can truly augment software developers' capabilities at the design phase.

Nada Alhirabi, Omer Rana, Charith Perera

The design and development process for the Internet of Things (IoT) applications is more complicated than that for desktop, mobile, or web applications. First, IoT applications require both software and hardware to work together across different nodes with different capabilities under different conditions. Secondly, IoT application development involves different software engineers such as desktop, web, embedded and mobile to cooperate. In addition, the development process required different software\hardware stacks to integrated together. Due to above complexities, more often non-functional requirements (such as security and privacy) tend to get ignored in IoT application development process. In this paper, we have reviewed techniques, methods and tools that are being developed to support incorporating security and privacy requirements into traditional application designs. By doing so, we aim to explore how those techniques could be applicable to the IoT domain. In this paper, we primarily focused on two different aspects: (1) design notations, models, and languages that facilitate capturing non-functional requirements (i.e., security and privacy), and (2) proactive and reactive interaction techniques that can be used to support and augment the IoT application design process. Our goal is not only to analyse past research work but also to discuss their applicability towards the IoT.