pith. sign in

arxiv: 2409.11313 · v2 · pith:GSAEIQ5Qnew · submitted 2024-09-17 · 💻 cs.SE

Protecting Privacy in Software Logs: What Should Be Anonymized?

classification 💻 cs.SE
keywords privacylogssoftwareindustryinformationperspectivessensitiveanalysis
0
0 comments X
read the original abstract

Software logs, generated during the runtime of software systems, are essential for various development and analysis activities, such as anomaly detection and failure diagnosis. However, the presence of sensitive information in these logs poses significant privacy concerns, particularly regarding Personally Identifiable Information (PII) and quasi-identifiers that could lead to re-identification risks. While general data privacy has been extensively studied, the specific domain of privacy in software logs remains underexplored, with inconsistent definitions of sensitivity and a lack of standardized guidelines for anonymization. To mitigate this gap, this study offers a comprehensive analysis of privacy in software logs from multiple perspectives. We start by performing an analysis of 25 publicly available log datasets to identify potentially sensitive attributes. Based on the result of this step, we focus on three perspectives: privacy regulations, research literature, and industry practices. We first analyze key data privacy regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), to understand the legal requirements concerning sensitive information in logs. Second, we conduct a systematic literature review to identify common privacy attributes and practices in log anonymization, revealing gaps in existing approaches. Finally, we survey 45 industry professionals to capture practical insights on log anonymization practices. Our findings shed light on various perspectives of log privacy and reveal industry challenges, such as technical and efficiency issues while highlighting the need for standardized guidelines. By combining insights from regulatory, academic, and industry perspectives, our study aims to provide a clearer framework for identifying and protecting sensitive information in software logs.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 2 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. CyberMaskQA: A Privacy-Aware Benchmark for Evaluating Large Language Models in Cybersecurity Question Answering

    cs.CR 2026-05 unverdicted novelty 7.0

    CyberMaskQA is a new privacy-aware QA benchmark for cybersecurity that annotates private entities in realistic organizational scenarios with causal dependencies to jointly evaluate reasoning accuracy and masking performance.

  2. Toward an Architectural Blueprint to Observe Sustainability in and by Software Systems

    cs.SE 2026-04 unverdicted novelty 4.0

    An architectural blueprint with deployment code is proposed to enable observability of sustainability in software systems, including energy measurement, and is exemplified in two use cases.