Enhancing Privacy Risk Modeling in Practice: A Case Study of an e-Justice System

Valerii Gakh, Hayretdin Bahsi, Thomas Hoffmann, Artem Boyarchuk, Oleksii Khramov

Research output: Contribution to journalArticlepeer-review

Abstract

Conducting a proper privacy analysis of a complex system is challenging in practice. Some privacy analysis methods and guidelines do not provide clear steps, limiting their applicability. Others suffer from practicality due to a lack of support from reference materials and common knowledge bases. On the other side, the minority of industrially recognized privacy analysis tools may sometimes appear insufficient for case-specific analyst needs. The privacy analysis tooling should be fine-tuned for more effective practical application. In this paper, we proposed enhancements to one of the known but underused privacy risk analysis methods - PRIAM- and demonstrated our results in a case study with an e-justice system. First, we identified the weaknesses of PRIAM, such as its ambiguity in its terminology, lack of descriptions of the risk modeling process, and lack of common-knowledge materials for modeling decisions. We compared how these problems are dealt with in PRIAM and an industrially recognized privacy analysis method, LINDDUN and its derivatives. Eventually, we developed practical guidelines for the risk modeling steps of PRIAM, which benefit from the LINDDUN method and its supporting materials. Then, we demonstrate the applicability of our proposed enhancements and guidelines by conducting a privacy risk modeling on an e-justice platform. As this platform covers various components, including a blockchain, we also elaborated on our findings from technical and legal perspectives.

Original languageEnglish (US)
Pages (from-to)183851-183874
Number of pages24
JournalIEEE Access
Volume12
DOIs
StatePublished - 2024
Externally publishedYes

Keywords

  • e-justice blockchain
  • LINDDUN
  • PRIAM
  • Privacy risk assessment

ASJC Scopus subject areas

  • General Computer Science
  • General Materials Science
  • General Engineering

Fingerprint

Dive into the research topics of 'Enhancing Privacy Risk Modeling in Practice: A Case Study of an e-Justice System'. Together they form a unique fingerprint.

Cite this