Enhancing Privacy Risk Modeling in Practice: A Case Study of an e-Justice System
Conducting a proper privacy analysis of a complex system is challenging in practice. Some privacy analysis methods and guidelines do not provide clear steps, limiting their applicability. Others suffer from practicality due to a lack of support from reference materials and common knowledge bases. On...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10771777/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1846119658734747648 |
|---|---|
| author | Valerii Gakh Hayretdin Bahsi Thomas Hoffmann Artem Boyarchuk Oleksii Khramov |
| author_facet | Valerii Gakh Hayretdin Bahsi Thomas Hoffmann Artem Boyarchuk Oleksii Khramov |
| author_sort | Valerii Gakh |
| collection | DOAJ |
| description | Conducting a proper privacy analysis of a complex system is challenging in practice. Some privacy analysis methods and guidelines do not provide clear steps, limiting their applicability. Others suffer from practicality due to a lack of support from reference materials and common knowledge bases. On the other side, the minority of industrially recognized privacy analysis tools may sometimes appear insufficient for case-specific analyst needs. The privacy analysis tooling should be fine-tuned for more effective practical application. In this paper, we proposed enhancements to one of the known but underused privacy risk analysis methods - PRIAM- and demonstrated our results in a case study with an e-justice system. First, we identified the weaknesses of PRIAM, such as its ambiguity in its terminology, lack of descriptions of the risk modeling process, and lack of common-knowledge materials for modeling decisions. We compared how these problems are dealt with in PRIAM and an industrially recognized privacy analysis method, LINDDUN and its derivatives. Eventually, we developed practical guidelines for the risk modeling steps of PRIAM, which benefit from the LINDDUN method and its supporting materials. Then, we demonstrate the applicability of our proposed enhancements and guidelines by conducting a privacy risk modeling on an e-justice platform. As this platform covers various components, including a blockchain, we also elaborated on our findings from technical and legal perspectives. |
| format | Article |
| id | doaj-art-e018624c30f245fd93ae0737c8d54519 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-e018624c30f245fd93ae0737c8d545192024-12-17T00:00:30ZengIEEEIEEE Access2169-35362024-01-011218385118387410.1109/ACCESS.2024.350933210771777Enhancing Privacy Risk Modeling in Practice: A Case Study of an e-Justice SystemValerii Gakh0https://orcid.org/0009-0003-1236-6587Hayretdin Bahsi1https://orcid.org/0000-0001-8882-4095Thomas Hoffmann2https://orcid.org/0000-0003-4761-0722Artem Boyarchuk3https://orcid.org/0000-0001-7349-1371Oleksii Khramov4School of Information Technologies, Tallinn University of Technology, Tallinn, EstoniaSchool of Information Technologies, Tallinn University of Technology, Tallinn, EstoniaDepartment of Law, Tallinn University of Technology, Tallinn, EstoniaDepartment of Law, Tallinn University of Technology, Tallinn, EstoniaDepartment of Law, Tallinn University of Technology, Tallinn, EstoniaConducting a proper privacy analysis of a complex system is challenging in practice. Some privacy analysis methods and guidelines do not provide clear steps, limiting their applicability. Others suffer from practicality due to a lack of support from reference materials and common knowledge bases. On the other side, the minority of industrially recognized privacy analysis tools may sometimes appear insufficient for case-specific analyst needs. The privacy analysis tooling should be fine-tuned for more effective practical application. In this paper, we proposed enhancements to one of the known but underused privacy risk analysis methods - PRIAM- and demonstrated our results in a case study with an e-justice system. First, we identified the weaknesses of PRIAM, such as its ambiguity in its terminology, lack of descriptions of the risk modeling process, and lack of common-knowledge materials for modeling decisions. We compared how these problems are dealt with in PRIAM and an industrially recognized privacy analysis method, LINDDUN and its derivatives. Eventually, we developed practical guidelines for the risk modeling steps of PRIAM, which benefit from the LINDDUN method and its supporting materials. Then, we demonstrate the applicability of our proposed enhancements and guidelines by conducting a privacy risk modeling on an e-justice platform. As this platform covers various components, including a blockchain, we also elaborated on our findings from technical and legal perspectives.https://ieeexplore.ieee.org/document/10771777/Privacy risk assessmentPRIAMLINDDUNe-justice blockchain |
| spellingShingle | Valerii Gakh Hayretdin Bahsi Thomas Hoffmann Artem Boyarchuk Oleksii Khramov Enhancing Privacy Risk Modeling in Practice: A Case Study of an e-Justice System IEEE Access Privacy risk assessment PRIAM LINDDUN e-justice blockchain |
| title | Enhancing Privacy Risk Modeling in Practice: A Case Study of an e-Justice System |
| title_full | Enhancing Privacy Risk Modeling in Practice: A Case Study of an e-Justice System |
| title_fullStr | Enhancing Privacy Risk Modeling in Practice: A Case Study of an e-Justice System |
| title_full_unstemmed | Enhancing Privacy Risk Modeling in Practice: A Case Study of an e-Justice System |
| title_short | Enhancing Privacy Risk Modeling in Practice: A Case Study of an e-Justice System |
| title_sort | enhancing privacy risk modeling in practice a case study of an e justice system |
| topic | Privacy risk assessment PRIAM LINDDUN e-justice blockchain |
| url | https://ieeexplore.ieee.org/document/10771777/ |
| work_keys_str_mv | AT valeriigakh enhancingprivacyriskmodelinginpracticeacasestudyofanejusticesystem AT hayretdinbahsi enhancingprivacyriskmodelinginpracticeacasestudyofanejusticesystem AT thomashoffmann enhancingprivacyriskmodelinginpracticeacasestudyofanejusticesystem AT artemboyarchuk enhancingprivacyriskmodelinginpracticeacasestudyofanejusticesystem AT oleksiikhramov enhancingprivacyriskmodelinginpracticeacasestudyofanejusticesystem |