A. Shostack, Threat Modeling: Designing for Security, 2014.

K. Wuyts, R. Scandariato, and W. Joosen, Empirical evaluation of a privacy-focused threat modeling methodology, Journal of Systems and Software, vol.96, pp.122-138, 2014.
DOI : 10.1016/j.jss.2014.05.075

E. Falkenberg, R. V. Pols, and T. V. Weide, Understanding process structure diagrams, Information Systems, vol.16, issue.4, pp.417-428, 1991.
DOI : 10.1016/0306-4379(91)90032-5

T. Antignac, R. Scandariato, and G. Schneider, A privacyaware conceptual model for handling personal data, International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (ISoLA), ser. LNCS, pp.942-957, 2016.
DOI : 10.1007/978-3-319-47166-2_65

A. Cavoukian, Privacy by Design, 2009.
DOI : 10.4018/978-1-61350-501-4.ch007

A. Cavoukian and A. Stoianov, Privacy by Design Solutions for Biometric One-to-Many Identification Systems, 2014.

K. Zeng, A. Cavoukian, and N. D. Kaisha, Modelling cloud computing architecture without compromising privacy: A privacy by design approach. Information and Privacy Commissioner of Ontario, 2010.

O. Committee, Privacy by design documentation for software engineers (pbd-se), Tech. Rep, 2014.

I. Committee, Privacy framework (iso 29100), Tech. Rep, 2011.

J. Hoepman, Privacy Design Strategies, ICT Systems Security and Privacy Protection, pp.446-459, 2014.
DOI : 10.1007/978-3-642-55415-5_38

URL : https://hal.archives-ouvertes.fr/hal-01370395

M. Hafiz, A collection of privacy design patterns, Proceedings of the 2006 conference on Pattern languages of programs, PLoP '06, p.7, 2006.
DOI : 10.1145/1415472.1415481

URL : http://hillside.net/plop/2006/Papers/Library/PLoP2006_mhafiz0_0.pdf

K. Wuyts, R. Scandariato, B. D. Decker, and W. Joosen, Linking Privacy Solutions to Developer Goals, 2009 International Conference on Availability, Reliability and Security, 2009.
DOI : 10.1109/ARES.2009.51

URL : https://lirias.kuleuven.be/bitstream/123456789/215294/1/secSe09_wuyts.pdf

M. Tschantz and J. Wing, Formal methods for privacy Formal Methods, ser. Lecture Notes in Computer Science, FM 2009, pp.1-15, 2009.
DOI : 10.1007/978-3-642-05089-3_1

S. Spiekermann and L. F. Cranor, Engineering Privacy, IEEE Transactions on Software Engineering, vol.35, issue.1, pp.67-82, 2009.
DOI : 10.1109/TSE.2008.88

S. Gürses, C. Troncoso, and C. Diaz, Engineering privacy by design, Computers, Privacy & Data Protection, vol.14, 2011.

C. Kalloniatis, E. Kavakli, and S. Gritzalis, Addressing privacy requirements in system design: the PriS method, Requirements Engineering, vol.2, issue.1, pp.241-255, 2011.
DOI : 10.5381/jot.2003.2.1.c6

K. Beckers, Comparing Privacy Requirements Engineering Approaches, 2012 Seventh International Conference on Availability, Reliability and Security, pp.574-581, 2012.
DOI : 10.1109/ARES.2012.29

B. Gedik and L. Liu, Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms, IEEE Transactions on Mobile Computing, vol.7, issue.1, pp.1-18, 2008.
DOI : 10.1109/TMC.2007.1062

URL : http://dsonline.computer.org/portal/cms_docs_dsonline/dsonline/2008/01/featured.pdf

J. I. Hong and J. A. Landay, An architecture for privacy-sensitive ubiquitous computing, Proceedings of the 2nd international conference on Mobile systems, applications, and services , MobiSYS '04, pp.177-189, 2004.
DOI : 10.1145/990064.990087

URL : http://repository.cmu.edu/cgi/viewcontent.cgi?article=1074&context=hcii

K. Plossl, T. Nowey, and C. Mletzko, Towards a security architecture for vehicular ad hoc networks, First International Conference on Availability, Reliability and Security (ARES'06), p.8, 2006.
DOI : 10.1109/ARES.2006.136

S. Jahid, S. Nilizadeh, P. Mittal, N. Borisov, and A. Kapadia, DECENT: A decentralized architecture for enforcing privacy in online social networks, 2012 IEEE International Conference on Pervasive Computing and Communications Workshops, pp.326-332, 2012.
DOI : 10.1109/PerComW.2012.6197504

URL : http://hatswitch.org/~nikita/papers/decent-sesoc12.pdf

D. J. Solove, A taxonomy of privacy University of Pennsylvania law review, pp.477-564, 2006.

H. Takabi, J. B. Joshi, and G. Ahn, Security and Privacy Challenges in Cloud Computing Environments, IEEE Security & Privacy Magazine, vol.8, issue.6, pp.24-31, 2010.
DOI : 10.1109/MSP.2010.186

S. Pearson and A. Benameur, Privacy, Security and Trust Issues Arising from Cloud Computing, 2010 IEEE Second International Conference on Cloud Computing Technology and Science, pp.693-702, 2010.
DOI : 10.1109/CloudCom.2010.66

D. Verdon and G. Mcgraw, Risk analysis in software design, IEEE Security and Privacy Magazine, vol.2, issue.4, pp.79-84, 2004.
DOI : 10.1109/MSP.2004.55

D. Committee, Basics of risk analysis and risk management for hipaa, Tech. Rep, 2005.

N. Committee, Guide for conducting risk assessments (nist 800-30), Tech. Rep, 2012.