Realizing Privacy-Aware Data Flow Diagrams In Java

Abstract

Privacy by Design is an approach to designing systems at every step of the way to respect people’s personal data. Alshareef et al. defined rules for taking a Data Flow Diagram, which can be a good tool for designing functional aspects of systems, and introduced transformation rules that add new nodes and edges that bring the non-functional aspect of privacy. The result of transforming a Data Flow Diagram is a Privacy-Aware Data Flow Diagram that would force the developer to design with privacy in mind. However, the Privacy-Aware Data Flow Diagram was only sketched up in theory and never put to the test, which is what this thesis changes. We did this by first designing an algorithm called Ray that generates code from a Data Flow Diagram. Then extending this functionality with another algorithm, called Holt, to support most of the ideas with the PA-DFD. These two algorithms, along with a new data structure we call Holt Privacy-Aware Data Flow Diagrams, are our contributions to one possible solution of realizing Privacy-Aware Data Flow Diagrams into runnable code. The code gets generated with the help of annotation processing in Java. We evaluate this solution at the end of the thesis with a runnable case study.