Addressing Privacy in Software Architecture

Abstract

Software architects perform a structural trade-off process to create an architecture that meets the needs of its stakeholders. To embed privacy in this process, it is necessary to formulate privacy as a quality attribute. We propose that the privacy quality attribute consists of three characteristics; the individual, data and unauthorized access. We also propose a set of six architectural tactic groups and a subselection of tactics to work towards an architectural perspective on privacy. The characteristics, tactic groups and tactic selection were formulated by combining a systematic literature review with a grounded theory approach. Afterwards, these artifacts were evaluated by experts in the field of software architecture, privacy, and cybersecurity, who have confirmed the completeness and correctness of our proposed artifacts.