Year
2024
Degree Name
Doctor of Philosophy
Department
School of Computing and Information Technology
Abstract
In an era where digital and physical trails of user activities are tracked by software applications, protecting user privacy has become increasingly challenging. The growing user awareness regarding privacy, coupled with the introduction of data protection regulations, has urged for the need to protect personal data and empower users with control over their own data based on their individual rights. This has raised new challenges for software engineers, either in developing software applications that comply with relevant data protection regulations or in ensuring that existing software applications comply with these regulations.
This thesis aims to develop a range of support for software engineers in developing privacy-aware software applications. We propose approaches and frameworks that address three key areas: privacy requirement engineering, privacy vulnerability identification and privacy policy generation. Firstly, we develop a taxonomy of privacy requirements for software applications based on well-established data protection regulations and privacy frameworks. In addition, we proposed artificial intelligence (AI) learning-based methods for automatically mapping privacy requirements in our taxonomy with issue reports in software projects. Secondly, we develop a taxonomy of common privacy threats, and propose eleven new common privacy weaknesses, which can be added into the Common Weakness Enumeration (CWE). Finally, we propose and implement a framework that supports software developers in generating privacy policies. This framework not only generates a privacy policy that aligns with the functionalities actually implemented in software applications but also ensures compliance with the General Data Protection Regulation.
Recommended Citation
Sangaroonsilp, Pattaraporn, Supporting the Development and Management of Privacy-Aware Software Applications, Doctor of Philosophy thesis, School of Computing and Information Technology, University of Wollongong, 2024. https://ro.uow.edu.au/theses1/1846
FoR codes (2008)
0806 INFORMATION SYSTEMS
Unless otherwise indicated, the views expressed in this thesis are those of the author and do not necessarily represent the views of the University of Wollongong.