Modeling Method for Assessing Privacy Technologies

Abstract

In this chapter we propose a modeling framework for assessing privacy technologies. The main contribution of the framework is that it allows us to model aspects of privacy and related system concerns (such as security and scalability) in a more comprehensive manner than the dataflow diagrams traditionally used for privacy analysis. The feature interaction perspective taken in the chapter allows us to reason about conflicts between a service user’s model of how the service works and its actual implementation. In our modeling framework such conflicts can be modeled in terms of goal conflicts and service deployment. Goal conflicts allow us to reflect conflicting points of view on system concerns (primarily privacy and security) among the different stakeholders, which are part of the system and its context. Deployment refers to the assignment of functionality to system components, which allows us to reason about dataflows between components, as well as potential conflicts of interest. As a demonstration of the framework, we illustrate how it can be applied to the analysis of single sign-on solutions such as .Net Passport.