Semantics-based Privacy by Design for Internet of Things Applications

As Internet of Things (IoT) technologies become more widespread in everyday life, privacy issues are becoming more prominent. The aim of this research is to develop a personal assistant that can answer software engineers' questions about Privacy by Design (PbD) practices during the design phase of IoT system development. Semantic web technologies are used to model the knowledge underlying PbD measurements, their intersections with privacy patterns, IoT system requirements and the privacy patterns that should be applied across IoT systems. This is achieved through the development of the PARROT ontology, developed through a set of representative IoT use cases relevant for software developers. This was supported by gathering Competency Questions (CQs) through a series of workshops, resulting in 81 curated CQs. These CQs were then recorded as SPARQL queries, and the developed ontology was evaluated using the Common Pitfalls model with the help of the Prot\'eg\'e HermiT Reasoner and the Ontology Pitfall Scanner (OOPS!), as well as evaluation by external experts. The ontology was assessed within a user study that identified that the PARROT ontology can answer up to 58\% of privacy-related questions from software engineers

Examining the interplay between privacy by design (PbD) schemes and privacy patterns

Privacy is a vague concept. This vagueness makes it difficult to understand what it means. Software engineering is an area such ambiguity creates a significant problem. For example, if the software developers do not understand privacy properly, they are not going to develop the software in a privacy-protected manner. To address this issue, as a community, over the last two decades, many researchers have proposed a few different Privacy by Design (PbD) schemes. Typically, PbD schemes comprise a set of instructions. These instructions are also referred to as guidelines, principles, strategies. Another way to address this problem of ambiguity is privacy patterns. Inspired by design patterns in software engineering domain, researchers and privacy experts have developed privacy patterns. Each Privacy pattern is designed to improve privacy in particular application design by eliminating certain privacy risks in a certain way. For our analysis, we identified ten (10) different PhD schemes. We analyse them against 74 different privacy patterns (\url{privacypatterns.eu}, \url{privacypatterns.org}). In this report, we examine the interplay between Privacy by Design (PbD) schemes and privacy patterns. This document contains the raw outcome of our analysis. Please refer to our research paper to read about insights we generated through this analysis

Semantics-based privacy by design for Internet of Things applications

As Internet of Things (IoT) technologies become more widespread in everyday life, privacy issues are becoming more prominent. The aim of this research is to develop a personal assistant that can answer software engineers’ questions about Privacy by Design (PbD) practices during the design phase of IoT system development. Semantic web technologies are used to model the knowledge underlying PbD measurements, their intersections with privacy patterns, IoT system requirements and the privacy patterns that should be applied across IoT systems. This is achieved through the development of the PARROT ontology, developed through a set of representative IoT use cases relevant for software developers. This was supported by gathering Competency Questions (CQs) through a series of workshops, resulting in 81 curated CQs. These CQs were then recorded as SPARQL queries, and the developed ontology was evaluated using the Common Pitfalls model with the help of the Protégé HermiT Reasoner and the Ontology Pitfall Scanner (OOPS!), as well as evaluation by external experts. The ontology was assessed within a user study that identified that the PARROT ontology can answer up to 58% of privacy-related questions from software engineers

PARROT Ontology Technical Report

As the Internet of Things (IoT) technologies are becoming widespread in our lives, privacy issues are significantly raising to the surface. The aim of this research is to develop a personal assistant that is able to answer software engineers questions about privacy practices during the design phase. Thus, there is a demanding need to develop a method that assists software developers to understand and apply the Privacy by Design (PbD) practices into their systems. We used semantic web technologies to model the knowledge of PbD schemes, their intersections with Privacy Patterns, IoT system needs, and the Privacy Patterns that should be applied in these IoT systems. In this paper, we are introducing the PARROT ontology that combines these pieces of knowledge. To assemble the PARROT ontology’s requirements, we first associated many real-world IoT use cases with a set of well-known Privacy Patterns that should be applied by the software developers. Then, we gathered Competency Questions (CQs) about these IoT use cases from researchers and software developers throw a series of workshops we conducted, and we curated with 81 CQs to be modeled. We proved the validation of the PARROT ontology and evaluated it with the Common Pitfalls with the help of Protégé & HermiT Reasoner, Ontology Pitfall Scanner (OOPS!), and external experts. We demonstrated the use of the PARROT ontology by user based study and found that the PARROT ontology is able to answer up to 58% of software engineers' questions

Ontology enabled chatbot for applying privacy by design in IoT systems

Our aim is to create a personal assistant, a chatbot, that can answer queries from software developers regarding Privacy by Design (PbD) methods and applications throughout the design phase of IoT system development. We used semantic web technologies to model the PARROT Ontology that includes knowledge underlying PbD measurements, their intersections with privacy patterns, IoT system needs, and the privacy patterns that should be applied across IoT systems. To determine the PARROT ontology's requirements, a collection of real-world IoT use cases were aided by a series of workshops to gather Competency Questions (CQs) from researchers and software engineers, resulting in 81 selected CQs. In a user study, the PARROT ontology was able to answer up to 58% of software developers' privacy-related issues. The technical report \citeorca149337 contains further analysis and results from data collecting and intermediate synthesis steps

Synthesising privacy by design knowledge toward explainable Internet of Things application designing in healthcare

Privacy by Design (PbD) is the most common approach followed by software developers who aim to reduce risks within their application designs, yet it remains commonplace for developers to retain little conceptual understanding of what is meant by privacy. A vision is to develop an intelligent privacy assistant to whom developers can easily ask questions to learn how to incorporate different privacy-preserving ideas into their IoT application designs. This article lays the foundations toward developing such a privacy assistant by synthesising existing PbD knowledge to elicit requirements. It is believed that such a privacy assistant should not just prescribe a list of privacy-preserving ideas that developers should incorporate into their design. Instead, it should explain how each prescribed idea helps to protect privacy in a given application design context—this approach is defined as “Explainable Privacy.” A total of 74 privacy patterns were analysed and reviewed using ten different PbD schemes to understand how each privacy pattern is built and how each helps to ensure privacy. Due to page limitations, we have presented a detailed analysis in Reference [3]. In addition, different real-world Internet of Things (IoT) use-cases, including a healthcare application, were used to demonstrate how each privacy pattern could be applied to a given application design. By doing so, several knowledge engineering requirements were identified that need to be considered when developing a privacy assistant. It was also found that, when compared to other IoT application domains, privacy patterns can significantly benefit healthcare applications. In conclusion, this article identifies the research challenges that must be addressed if one wishes to construct an intelligent privacy assistant that can truly augment software developers’ capabilities at the design phase