Addressing privacy requirements in system design: The PriS method

Requirements Engineering

Volumn 13, Issue 3, 2008, Pages 241-255

  Kalloniatis, Christos ^a   Kavakli, Evangelia ^a   Gritzalis, Stefanos ^a  

^a UNIVERSITY OF THE AEGEAN   (Greece)

Author keywords

Formal methods; Goal oriented approach; Privacy enhancing technologies; Privacy requirements; Privacy process patterns; Requirements engineering; System design

Indexed keywords

COMPUTER NETWORKS; DECENTRALIZED CONTROL; SOFTWARE ENGINEERING;

FORMAL METHODS; GOAL-ORIENTED APPROACH; PRIVACY ENHANCING TECHNOLOGIES; PRIVACY REQUIREMENTS; PRIVACY-PROCESS PATTERNS; REQUIREMENTS ENGINEERING; SYSTEM DESIGN;

PROCESS ENGINEERING;

EID: 50949085110     PISSN: 09473602     EISSN: 1432010X     Source Type: Journal    
DOI: 10.1007/s00766-008-0067-3     Document Type: Article

References (49)

1. Lunheim R, Sindre GS (1994) Privacy and computing: A cultural perspective. Security and control of information technology. In: Sizer R (ed) A Society (A-43)/x. Elsevier, North Holland, pp 25-40
2. Fischer-Hübner S (2001) IT-security and privacy, design and use of privacy enhancing security mechanisms. Lect Notes Comp Sci, vol. 1958. Springer, Berlin
3. Cannon JC (2004) Privacy, what developers and IT professionals should know. Addison-Wesley, Reading
4. Koorn R, van Gils H, ter Hart J, Overbeek P, Tellegen R Privacy Enhancing Technologies, White paper for Decision Makers. Ministry of the Interior and Kingdom Relations, the Netherlands, December 2004
5. University of the Aegean, E-Vote: An Internet-based electronic voting system. University of the Aegean, Project Deliverable D 7.6, IST Programme 2000#29518, 21 October 2003, Samos
6. Kavakli E, Gritzalis S, Kalloniatis C (2007) Protecting privacy in system design: The electronic voting case. Transf Gov People Process Policy 1(4):307-332. doi: 10.1108/17506160710839150
7. Kavakli E, Kalloniatis C, Loucopoulos P, Gritzalis S (2006) "Incorporating Privacy Requirements into the System Design Process: The PriS Conceptual Framework", Internet research, special issue on privacy and anonymity in the digital era: Theory. Technol Pract 16(2):140-158
8. Kalloniats C, Kavakli E, Gritzalis S (2005) Dealing with privacy issues during the system design process, 5th IEEE International Symposium on Signal Processing and Information Technology, 18-21 December 2005, Athens, Greece
9. Loucopoulos P, Kavakli V (1999) Enterprise knowledge management and conceptual modelling. LNCS, vol. 1565. Springer, Berlin, pp 123-143
10. Loucopoulos P (2000) From information modelling to enterprise modelling. In: Information systems engSneering: state of the art and research themes. Springer, Berlin, pp 67-78
11. Kalloniatis C, Kavakli E, Gritzalis S (2007) Using privacy process patterns for incorporating privacy requirements into the system design process, Workshop on Secure Software Engineering (SecSe 2007) in conjunction with the International Conference on Availability, Reliability and Security (ARES 2007), April 2007, Vienna, Austria
12. Kavakli V (2002) Goal oriented requirements engineering: A unifying framework. Req Eng J 6(4):237-251. Springer, London
13. META Group Report v1.1 (2005) Privacy Enhancing Technology. March 2005
14. Code of Fair Information Practices (The) (1973), US Department of Health, Education and Welfare
15. Chung L (1993) Dealing with Security Requirements during the development of Information Systems, CaiSE '93, The 5th International Conference of Advanced Information System Engineering. Paris, France, pp 234-251
16. Mylopoulos J, Chung L, Nixon B (1992) Representing and using non-functional requirements: A process oriented approach. IEEE Trans Softw Eng 18:483-497. doi: 10.1109/32.142871
17. Liu L, Yu E, Mylopoulos J (2003) Security and privacy requirements analysis within a social setting, 11th IEEE International Requirements Engineering Conference (RE'03), Monterey Bay, California, USA, pp 151-161
18. Mouratidis H, Giorgini P, Manson G (2003) An ontology for modelling security: The Tropos project, Proceedings of the KES 2003 Invited Session Ontology and Multi-Agent Systems Design (OMASD'03), UK, University of Oxford, Palade V, Howlett RJ, Jain L (eds) Lecture Notes in Artificial Intelligence 2773, Springer 2003, pp 1387-1394
19. Mouratidis H, Giorgini P, Manson G (2003) Integrating Security and Systems Engineering: Towards the modelling of secure information systems, CAiSE '03, LNCS 2681. Springer, Berlin, pp 63-78
20. van Lamsweerde A, Letier E (2000) Handling obstacles in goal-oriented requirements engineering. IEEE Trans Softw Eng 26:978-1005. doi: 10.1109/ 32.879820
21. Liu L, Yu E, Mylopoulos J (2002) Analyzing security requirements as relationships among strategic actors, (SREIS'02), e-proceedings available at http://www.sreis.org/old/2002/finalpaper9.pdf, Raleigh, North Carolina
22. He Q, Antón IA (2003) A Framework for modelling privacy requirements in role engineering, International Workshop on Requirements Engineering for Software Quality (REFSQ), 16-17 June 2003, Austria Klagenfurt/Velden, pp 115-124
23. Moffett DJ, Nuseibeh AB (2003) A framework for security requirements engineering. Report YCS 368, Department of Computer Science, University of York
24. Antón IA (1996) Goal-based requirements analysis, ICRE '96 IEEE Colorado Springs, Colorado, USA, pp 136-144
25. Antón IA, Earp BJ (2000) Strategies for developing policies and requirements for secure electronic commerce systems. 1st ACM Workshop on Security and Privacy in E-Commerce (CCS 2000), 1-4 November 2000, unnumbered pages
26. Bellotti V, Sellen A (1993) Design for privacy in ubiquitous computing environments. In: Michelis G, Simone C, Schmidt K (eds) Proceedings of the Third European Conference on Computer Supported Cooperative Work - ECSCW 93, pp 93-108
27. Hong JI, Ng J, Lederer S, Landay JA (2004) Privacy risk models for designing privacy-sensitive ubiquitous computing systems, Designing Interactive Systems, Boston MA
28. Jensen C, Tullio J, Potts C, Mynatt DE (2005) STRAP: A structured analysis framework for privacy, GVU Technical Report
29. Anonymizer, available at www.anonymizer.com
30. Reiter KM, Rubin DA (1998) Crowds: Anonymity for web transactions. ACM Trans Inf Syst Secur 1(1):66-92. doi: 10.1145/290163.290168
31. Reiter KM, Rubin DA (1999) Anonymous web transactions with crowds. Commun ACM 42(2):32-38. doi: 10.1145/293411.293778
32. Reed M, Syverson P, Goldschlag D (1998) Anonymous connections and Onion Routing. IEEE J Sel Areas Comm 16(4):482-494. doi: 10.1109/49.668972
33. Goldschlag D, Syverson P, Reed M (1999) Onion Routing for anonymous and private Internet connections. Commun ACM 42(2):39-41. doi: 10.1145/ 293411.293443
34. Chaum D (1985) Security without identification: Transactions systems to make Big Brother Obsolete. Commun ACM 28(10):1030-1044. doi: 10.1145/ 4372.4373
35. Chaum D (1988) The dining cryptographers problem: Unconditional sender and recipient untraceability. J Cryptol 1(1):65-75. doi: 10.1007/ BF00206326
36. Chaum D (1981) untraceable electronic mail, return addresses, and digital pseudonyms. Commun ACM 24(2):84-88. doi: 10.1145/358549.358563
37. Pfitzmann A, Waidner M (1987) Networks without user Observability. Comput Secur 6(2):158-166
38. Shields C, Levine NB (2000) A protocol for anonymous communication over the Internet. In: Samarati P, Jajodia S (eds) Proceedings of the 7th ACM Conference on Computer and Communications Security. ACM Press, New York, 33-42
39. Bennett K, Grothoff C (2003) GAP-Practical Anonymous networking. Proceeding of the Workshop on PET2003 Privacy Enhancing Technologies. Available at http://www.citeseer.nj.nec.com/bennett02gap.html
40. Dingledine R, Mathewson N, Syverson PT (2004) The second-generator Onion Router. Proceedings of the 13th USENIX Security Symposium, San Diego, CA, USA
41. Amoroso EG AT&T Bell Laboratories (1994) Fundamentals of computer security technology. P.T. R. Prentice Hall, ISBN 0-13-108929-3
42. Schneier B (1999) Attack trees 21-29. Dr Dobb's J Softw Tools 24 12(12):21-29
43. John MCF (1999) Using abuse case models for security requirements analysis, 15th Annual Computer Security Applications Conference (ACSAC '99), pp 55
44. Sindre G, Opdahl AL (2005) Eliciting security requirements with misuse cases. Requir Eng 10(1):34-44. doi: 10.1007/s00766-004-0194-4
45. Sindre G, Opdahl AL (2002) Templates for misuse case description. In: Proceedings of the Seventh International Workshop on Requirements Engineering: Foundations for Software Quality - REFSQ'2001, Camille BA, et al (eds) Essener Informatik BeitrÃge, University of Essen, Germany, pp 125-136
46. Alexander I (2003) Use/misuse case analysis elicits non-functional requirements. Comput Contr Eng J 14(1):40-45. doi: 10.1049/cce:20030108
47. Firesmith D (2003) Security use cases. J Object Technol 2(1):53-64
48. Lin L, Nuseibeh B, Ince D, Jackson M, Moffett JD (2003) Introducing abuse frames for analysing security requirements. Requirements Engineering 2003, 11th IEEE International Conference on Requirements Engineering (RE 2003), 8-12 September 2003, Monterey Bay, CA, USA. IEEE Computer Society 2003, pp 371-372
49. European Parliament and the Council: Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and of the free movement of such data. October 1995