Incorporating privacy requirements into the system design process: The PriS conceptual framework

Internet Research

Volumn 16, Issue 2, 2006, Pages 140-158

  Kavakli, Evangelia ^a   Kalloniatis, Christos ^a   Loucopoulos, Pericles ^b   Gritzalis, Stefanos ^a  

^a UNIVERSITY OF THE AEGEAN   (Greece)

^b UNIVERSITY OF MANCHESTER   (United Kingdom)

Author keywords

Privacy; Systems software

Indexed keywords

EID: 33646358507     PISSN: 10662243     EISSN: None     Source Type: Journal    
DOI: 10.1108/10662240610656483     Document Type: Article

References (39)

1. Anonymizer (2005), available at: www.anonymizer.com.
2. Antón, A.I. (1996), Goal-Based Requirements Analysis, ICRE '96, IEEE, Colorado Springs CO, pp. 136-144.
3. Antón, A.I. and Earp, J.B. (2000), "Strategies for developing policies and requirements for secure electronic commerce systems", paper presented at the 1st ACM Workshop on Security and Privacy in E-Commerce (CCS 2000), 1-4 November.
4. Bellotti, V. and Sellen, A. (1993), "Design for privacy in ubiquitous computing environments", in Michelis, G., Simone, C. and Schmidt, K. (Eds), Proceedings of the Third European Conference on Computer Supported Cooperative Work - ECSCW 93 Milan, 13-17 September, pp. 93-108.
5. Bennett, K. and Grothoff, C. (2003), "GAP-practical anonymous networking", Proceedings of the Workshop on PET 2003 Privacy Enhancing Technologies, available at: http://citeseer.nj.nec.com/bennett02gap.html.
6. Cannon, C.J. (2004), Privacy: What Developers and IT Professionals Should Know, Addison-Wesley, Reading, MA, p. 9.
7. Chaum, D. (1981), "Untraceable electronic mail, return addresses, and digital pseudonyms", Communications of the ACM, Vol. 24 No. 2, pp. 84-8.
8. Chaum, D. (1985), "Security without identification: transactions systems to make big brother obsolete", Communications of the ACM, Vol. 28 No. 10, pp. 1030-44.
9. Chaum, D. (1988), "The dining cryptographers problem: unconditional sender and recipient untraceability", Journal of Cryptology, Vol. 1 No. 1, pp. 65-75.
10. Chung, L. (1993), "Dealing with security requirements during the development of information systems", CaiSE '93, The 5th Int. Conf. of Advanced Info. Systems Engineering, Paris, pp. 234-251.
11. (The) Code of Fair Information Practices (1973), US Department of Health, Education and Welfare, Washington, DC.
12. Dingledine, R., Mathewson, N. and Syverson, P. (2004), "Tor: the second-generator onion router", Proceedings of the 13th USENIX Security Symposium, San Diego, CA, pp. 303-320.
13. EU-Information Society DG (2001), IST Programme 200029518 E-VOTE: An Internet-based Electronic Voting System, Project Deliverable D 7.6, University of the Aegean, Mytilene.
14. Goldschlag, D., Syverson, P. and Reed, M. (1999), "Onion Routing for anonymous and private internet connections", Communications of the ACM, Vol. 42 No. 2, pp. 39-41.
15. Gritzalis, S. (2004), "Enhancing web privacy and anonymity in the digital era", Information Management & Computer Security, Vol. 12 No. 3, pp. 255-88.
16. He, Q. and Antón, A.I. (2003), "A framework for modelling privacy requirements in role engineering", Int'l Workshop on Requirements Engineering for Software Quality (REFSQ), 16-17 June, Klagenfurt/Velden, pp.115-124.
17. Hong, J.I., Ng, J., Lederer, S. and Landay, J.A. (2004), Privacy Risk Models for Designing Privacy-sensitive Ubiquitous Computing Systems, Designing Interactive Systems, Boston MA.
18. Jensen, C., Tullio, J., Potts, C. and Mynatt, E.D. (2005), STRAP: A Structured Analysis Framework for Privacy, GVU Technical Report, Georgia Institute of Technology, Atlanta, GA.
19. Kalloniatis, C., Kavakli, E. and Gritzalis, S. (2004), Security Requirements Engineering for e-Government Applications, DEXA EGOV'04 Conference, LNCS Vol. 3183. Springer, Berlin, pp. 66-71.
20. Kavakli, E. (2004), "Modeling organizational goals: analysis of current methods", Proceedings of the 2004 ACM Symposium on Applied Computing, Nicosia, pp. 1339-1343.
21. Liu, L., Yu, E. and Mylopoulos, J. (2002), "Analyzing security requirements as relationships among strategic actors, (SREIS'02)", e-proceedings, Raleigh, NC, available at: www.sreis.org/old/2002/finalpaper9. pdf.
22. Liu, L., Yu, E. and Mylopoulos, J. (2003), "Security and privacy requirements analysis within a social setting", 11th IEEE International Requirements Engineering Conference (RE'03), Monterey Bay, CA, pp. 151-161.
23. Loucopoulos, P. (2000), "From information modelling to enterprise modelling", Information Systems Engineering: State of the Art and Research Themes, Springer-Verlag, Berlin.
24. Loucopoulos, P. and Kavakli, V. (1999), Enterprise Knowledge Management and Conceptual Modelling, Springer, Berlin, LNCS Vol. 1565.
25. Moffett, J.D. and Nuseibeh, B.A. (2003), A Framework for Security Requirements Engineering, Report YCS 368, Department of Computer Science, University of York, York.
26. Mouratidis, H., Giorgini, P. and Manson, G. (2003a), Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems, CAiSE '03, LNCS 2681, Springer-Verlag, Berlin, pp. 63-78.
27. Mouratidis, H., Giorgini, P. and Manson, G. (2003b), "An ontology for modelling security: the Tropos Project", in Palade, V., Howlett, R.J. and Jain, L. (Eds), Lecture Notes in Artificial Intelligence 2773, Springer-Verlag, Berlin, pp. 1387-94.
28. Mylopoulos, J., Chung, L. and Nixon, B. (1992), "Representing and using non-functional requirements: a process oriented approach", IEEE Trans. Soft Eng., Vol. 18, pp. 483-97.
29. Pfitzmann, A. and Waidner, M. (1987), "Networks without user observability", Computers & Security, Vol. 6 No. 2, pp. 158-66.
30. Reed, M., Syverson, P. and Goldschlag, D. (1998), "Anonymous connections and onion routing", IEEE Journal on Selected Areas in Communications, Vol. 16 No. 4, pp. 482-94.
31. Reiter, K.M. and Rubin, D.A. (1999), "Anonymous web transactions with Crowds", Communications of the ACM, Vol. 42 No. 2, pp. 32-8.
32. Shields, C. and Levine, N.B. (2000), "A protocol for anonymous communication over the Internet", in Samarati, P. and Jajodia, S. (Eds), Proceedings of the 7th ACM Conference on Computer and Communications Security, ACM Press, New York NY, pp. 33-42.
33. van Lamsweerde, A. and Letier, E. (2000), "Handling obstacles in goal-oriented requirements engineering", IEEE Transactions on Software Engineering, Vol. 26, pp. 978-1005.
34. Warren, S. and Brandeis, L. (1890), "The rights to privacy", Harvard Law Review, Vol. 5, pp. 193-220.
35. Westin, A. (1967), Privacy and Freedom, Atheneum, New York, NY.
36. Fischer-Hübner, S. (2001), "IT-security and privacy design and use of privacy enhancing security mechanisms", Lecture Notes in Computer Science, Vol. 1958, Springer-Verlag, Berlin.
37. Pfitzmann, A. (1990), "Diensteintegrierende, Kommunikationsmnetze mit teilnehmerüberprüfbaren Datenschutz", Informatik-Fachberichte 234, Springer-Verlag, Berlin.
38. Pfitzmann, B., Waidner, M. and Pfitzmann, A. (1990), "Rechsicherheit trotz Anonymität in offenen digitalen Systemen", Datenschutz und Datensicherheit (DuD) No. 6 pp. 243-253 (Part 1), No. 7, pp. 305-315 (Part 2).
39. Reiter, K.M. and Rubin, D.A. (1998), "Crowds: anonymity for web transactions", ACM Transactions of Information and System Security, Vol. 1 No. 1, pp. 66-92.