Abstract

Data protection has become a top priority, with blooming legal frameworks like the EU's General Data Protection Regulation (GDPR) and others. Software architects need readily available information on existing alternative design decisions and their trade-offs regarding other quality attributes. Architectural tactic catalogs have been proposed to package architectural knowledge on design for specific quality attributes, but non for confidentiality per se and not as part of the traditional security C-I-A triad (Confidentiality, Integrity, Availability). This article surveys published confidentiality tactics; presents a stimulus-based scenario template; builds a new taxonomy that organizes existing and newly proposed confidentiality tactics; and aggregates expert knowledge about their trade-offs with other quality attributes. The taxonomy applicability is illustrated with the (actual) design rationale of an already published Internet of Things (IoT) system. Finally, the taxonomy usefulness for architectural decision-making is shown with an experimental study by 12 practitioners with varying degrees of experience. Although using the tactics catalog significantly improved recall and F1-Score for all subjects, this was especially true for seniors, suggesting that it enabled them to explore a broader solution space than just using previous knowledge. This new enriched taxonomy (1) extends the reach of architectural tactics to deal with confidentiality requirements and (2) provides guidance on their trade-offs regarding other quality attributes. This systematization increases the usefulness of architectural tactics as design techniques and facilitates their wider adoption by practicing architects for architectural decision-making.