Towards the development of privacy-aware systems

Information and Software Technology

Volumn 51, Issue 2, 2009, Pages 337-350

  Guarda, Paolo ^a   Zannone, Nicola ^a  

^a UNIVERSITY OF TRENTO   (Italy)

Author keywords

Privacy policy; Privacy Aware Access Control; Privacy related legal requirements; Requirements Engineering

Indexed keywords

ACCESS CONTROL;

AWARE SYSTEMS; CONFIDENTIAL INFORMATIONS; DATA PROTECTIONS; LEGAL PERSPECTIVES; LEGAL PRINCIPLES; PRIVACY POLICY; PRIVACY-AWARE ACCESS CONTROL; PRIVACY-RELATED LEGAL REQUIREMENTS;

DATA PROCESSING;

EID: 56349121964     PISSN: 09505849     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.infsof.2008.04.004     Document Type: Article

References (121)

1. Warren S.D., and Brandeis L.D. The right to privacy. Harvard Law Review 4 5 (1890) 193-220
2. L.A. Bygrave, Data protection law: approaching its rationale, logic, and limits, Information Law Series, 10, Kluwer Law International, The Hague, 2002.
3. Room S. Data Protection & Compliance in Context (2007), BCS
4. Kenny S., and Borking J. The value of privacy engineering. Journal of Information, Law and Technology 4 1 (2002)
5. A. Adams, The implications of users' multimedia privacy perceptions on communication and information privacy policies, in: Proceedings of Telecommunications Policy Research Conference, 1999.
6. Collmann J.R., and Cooper T. Breaching the security of the Kaiser Permanente internet patient portal: the organizational foundations of information security. Journal of the American Medical Informatics Association 14 2 (2007) 239-243
7. E. Silverman, Loss of Protected Patient Information Real Danger for Health Care Plans, Manage Care.
8. I. Araujo, Privacy mechanisms supporting the building of trust in e-commerce, in: Proceedings of International Workshop on Privacy Data Management, IEEE Press, 2005, p. 1193.
9. L. Cranor, M. Langheinrich, M. Marchiori, J. Reagle, The Platform for Privacy Preferences 1.0 (P3P1.0) Specification, W3C Recommendation (April 2002). Available from: .
10. Agrawal R., Kiernan J., Srikant R., and Xu Y. An XPath-based preference language for P3P. Proceedings of WWW'03 (2003), ACM Press 629-639
11. L. Cranor, M. Langheinrich, M. Marchiori, A P3P Preference Exchange Language 1.0 (APPEL1.0), W3C Working Draft, 2002. Available from: .
12. P. Ashley, S. Hada, G. Karjoth, C. Powers, M. Schunter, Enterprise Privacy Authorization Language (EPAL 1.1), Research Report 3485, IBM Research (2003). Available from: .
13. Barth A., Mitchell J.C., and Rosenstein J. Conflict and combination in privacy policy languages. Proceedings of WPES'04 (2004), ACM Press 45-46
14. Byun J.-W., Bertino E., and Li N. Purpose based access control of complex data for privacy protection. Proceedings of SACMAT'05 (2005), ACM Press 102-110
15. Hilty M., Basin D.A., and Pretschner A. On obligations. Proceedings of ESORICS'05. LNCS vol. 3679 (2005), Springer-Verlag 98-117
16. Smith H.J. Privacy policies and practices: inside the organizational maze. CACM 36 12 (1993) 104-122
17. Nuseibeh B., and Easterbrook S. Requirements engineering: a roadmap. Proceedings of ICSE'00 (2000), ACM Press 35-46
18. Dumortier J., and Goemans C. Legal challenges for privacy protection and identity management. Security and Privacy in Advanced Networking Technologies vol. 193 (2004), IOS press
19. R. Pardolesi (Ed.), Diritto alla riservatezza e circolazione dei dati personali, Giuffrè, 2003.
20. Carey P. Data Protection. A Practical Guide to UK and EU Law. 2nd ed. (2004), Oxford University Press
21. J.H. Saltzer, M.D. Schroeder, The protection of information in computer systems, Proceedings of the IEEE 63 (9) (1975) 1278-1308.
22. ISO/IEC, Code of practice for information security management, ISO/IEC 17799:2005, 2005.
23. R. Agrawal, J. Kiernan, R. Srikant, Y. Xu, Hippocratic databases, in: Proceedings of VLDB'02, 2002, pp. 143-154.
24. Bertino E., Byun J.-W., and Li N. Privacy-preserving database systems. FOSAD 2004/2005. LNCS vol. 3655 (2005), Springer-Verlag 178-206
25. Massacci F., Mylopoulos J., and Zannone N. Hierarchical hippocratic databases with minimal disclosure for virtual organizations. VLDBJ 15 4 (2006) 370-387
26. Karjoth G., Schunter M., and Waidner M. Platform for enterprise privacy practices: privacy-enabled management of customer data. Proceedings of PET'02. LNCS vol. 2482 (2002), Springer-Verlag 69-84
27. J. Gordijn, M. Petit, R. Wieringa, Understanding business strategies of networked value constellations using goal- and value modeling, in: Proceedings of RE'06, 2006, pp. 126-135.
28. J. Mylopoulos, Aligning information strategy with business strategy - a technical perspective, in: Proceedings of NGITS'93, 1993.
29. Massacci F., Mylopoulos J., and Zannone N. From hippocratic databases to Secure Tropos: a computer-aided re-engineering approach. IJSEKE 17 2 (2007) 265-284
30. R. Clarke, e-Consent: a critical element of trust in e-Business, in: Proceedings of the 15th Bled Electronic Commerce Conference, 2002.
31. Giorgini P., Massacci F., and Zannone N. Security and trust requirements engineering. FOSAD 2004/2005. LNCS vol. 3655 (2005), Springer-Verlag 237-272
32. Nagaratnam N., and Lea D. Practical delegation for secure distributed object environments. Distributed Systems Engineering 5 4 (1998) 168-178
33. Gomi H., Hatakeyama M., Hosono S., and Fujita S. A delegation framework for federated identity management. Proceedings of DIM'05 (2005), ACM Press 94-103
34. Bertino E., Samarati P., and Jajodia S. An extended authorization model for relational databases. TKDE 9 1 (1997) 85-101
35. Firozabadi B.S., and Sergot M.J. Revocation schemes for delegated authorities. Proceedings of POLICY'02 (2002), IEEE Press 210-213
36. Wijesekera D., Jajodia S., Parisi-Presicce F., and Hagström Å. Removing permissions in the flexible authorization framework. TODS 28 3 (2003) 209-229
37. Zhang L., Ahn G.-J., and Chu B.-T. A rule-based framework for role-based delegation and revocation. TISSEC 6 3 (2003) 404-441
38. Zheng P. Tradeoffs in certificate revocation schemes. ACM SIGCOMM Computer Communication Review 33 2 (2003) 103-112
39. Bibas S.A. A contractual approach to data privacy. Harvard Journal of Law & Public Policy 12 2 (1994) 591-622
40. Shorr S. Personal information contracts: how to protect privacy without violating the first amendment. Cornell Law Review 80 (1995) 1756-1793
41. Damianou N., Dulay N., Lupu E., and Sloman M. The Ponder policy specification language. Proceedings of POLICY'01. LNCS vol. 1995 (2001), Springer-Verlag 18-39
42. Bettini C., Jajodia S., Wang X.S., and Wijesekera D. Obligation monitoring in policy management. Proceedings of POLICY'02 (2002), IEEE Press 2-12
43. C. Bettini, S. Jajodia, X.S. Wang, D. Wijesekera, Provisions and obligations in policy management and security applications, in: Proceedings of VLDB'02, 2002, pp. 502-513.
44. OASIS, eXtensible Access Control Markup Language (XACML) Version 2.0, OASIS Standard, 2005. Available from: .
45. Hilpinen R. Deontic logic. The Blackwell Guide to Philosophical Logic (2001), Blackwell Publishers Ltd. 159-182
46. Searle J.R. Speech Acts: An Essay in the Philosophy of Language (1969), Cambridge University Press
47. Park J., and Sandhu R. The UCONABC usage control model. TISSEC 7 1 (2004) 128-174
48. Bertino E., Bettini C., Ferrari E., and Samarati P. A temporal access control mechanism for database systems. TKDE 8 1 (1996) 67-80
49. Bertino E., Bettini C., Ferrari E., and Samarati P. An access control model supporting periodicity constraints and temporal reasoning. TODS 23 3 (1998) 231-285
50. Bertino E., Bonatti P.A., and Ferrari E. TRBAC: a temporal role-based access control model. TISSEC 4 3 (2001) 191-233
51. Antón A.I., and Earp J.B. Strategies for developing policies and requirements for secure E-Commerce systems. E-Commerce Security and Privacy (2001), Kluwer Academic Publishers 29-46
52. Q. He, A.I. Antón, A framework for modeling privacy requirements in role engineering, in: Proceedings of REFSQ'03, 2003, pp. 137-146.
53. F. Massacci, N. Zannone, Privacy is linking permission to purpose, in: Proceedings of the 12th International Workshop on Security Protocols, vol. 3957, LNCS, Springer-Verlag, 2004, pp. 179-191.
54. Camenisch J., Shelat A., Sommer D., Fischer-Hübner S., Hansen M., Krasemann H., Lacoste G., Leenes R., and Tseng J. Privacy and identity management for everyone. Proceedings of DIM'05 (2005), ACM Press 20-27
55. S. Dritsas, D. Gritzalis, C. Lambrinoudakis, Protecting privacy and anonymity in pervasive computing: trends and perspectives, Telematics and Informatics 23 (2).
56. U. Jendricke, M. Kreutzer, A. Zugenmaier, Pervasive privacy with identity management, in: Proceedings of UbiComp'02, 2002.
57. Feigenbaum J., Freedman M.J., Sander T., and Shostack A. Privacy engineering for digital rights management systems. Proceedings of DRM'01 (2002), Springer-Verlag 76-105
58. Backes M., Karjoth G., Bagga W., and Schunter M. Efficient comparison of enterprise privacy policies. Proceedings of SAC'04 (2004), ACM Press 375-382
59. US Federal Trade Commission, Privacy Online: A Report to Congress (1998). Available from: .
60. Garante per la protezione dei dati personali, Privacy Policy (2003). Available from: .
61. Agrawal R., Kiernan J., Srikant R., and Xu Y. An implementation of P3P using database technology. Proceedings of the 9th International Conference on Extending Database Technology. LNCS vol. 2992 (2004), Springer-Verlag 845-847
62. G. Hogben, A technical analysis of problems with P3P 1.0 and possible solutions, in: Proceedings of W3C Workshop on the Future of P3P, 2002.
63. M. Schunter, E. Van Herreweghen, M. Waidner, Expressive privacy promises - how to improve the platform for privacy preferences (P3P), in: Proceedings of W3C Workshop on the Future of P3P, 2002.
64. Yu T., Li N., and Antón A.I. A formal semantics for P3P. Proceedings of SWS'04 (2004), ACM Press 1-8
65. L.F. Cranor, J.R. Reidenberg, Can user agents accurately represent privacy notices?, in: Proceedings of TPRC'02, 2002.
66. Li N., Yu T., and Antón A.I. A semantics based approach to privacy languages. Computer Systems Science and Engineering 21 5 (2006) 339-352
67. A. Tumer, A. Dogac, H. Toroslu, A Semantic based privacy framework for web services, in: Proceedings of ESSW'03, 2003.
68. Denning D.E., and Denning P.J. Certification of programs for secure information flow. CACM 20 7 (1977) 504-513
69. D. Downs, J. Rub, K. Kung, C. Jordan, Issues in discretionary access control, in: Proceedings of Symposium on Security and Privacy, IEEE Press, 1985, pp. 208-218.
70. Jajodia S., Samarati P., Sapino M.L., and Subrahmanian V.S. Flexible support for multiple access control policies. TODS 26 2 (2001) 214-260
71. Sandhu R.S., Coyne E.J., Feinstein H.L., and Youman C.E. Role-based access control models. IEEE Computer 29 2 (1996) 38-47
72. Karjoth G., and Schunter M. A privacy policy model for enterprises. Proceedings of CSFW'02 (2002), IEEE Press 271-281
73. Backes M., Pfitzmann B., and Schunter M. A toolkit for managing enterprise privacy policies. Proceedings of ESORICS'03. LNCS vol. 2808 (2003), Springer-Verlag 162-180
74. OASIS, Privacy policy profile of XACML v2.0, OASIS Standard (2005). Available from: .
75. Anderson A.H. A comparison of two privacy policy languages: EPAL and XACML. Proceedings of SWS'06 (2006), ACM Press 53-60
76. Mazzoleni P., Crispo B., Sivasubramanian S., and Bertino E. XACML policy integration algorithms. TISSEC 11 1 (2008) 1-29
77. Zave P. Classification of research efforts in requirements engineering. CSUR 29 4 (1997) 315-321
78. E. Kavakli, C. Kalloniatis, P. Loucopoulos, S. Gritzalis, Incorporating privacy requirements into the system design process: the pris conceptual framework, Internet Research 16 (2).
79. Chung L.K., Nixon B.A., Yu E.S.K., and Mylopoulos J. Non-Functional Requirements in Software Engineering (2000), Kluwer Publishing
80. Liu L., Yu E.S.K., and Mylopoulos J. Security and privacy requirements analysis within a social setting. Proceedings of RE'03 (2003), IEEE Press 151-161
81. Mylopoulos J., Chung L., Liao S., Wang H., and Yu E. Exploring Alternatives During Requirements Analysis. IEEE Software 18 1 (2001) 92-96
82. Kaindl H. A design process based on a model combining scenarios with goals and functions. IEEE Transactions on Systems, Man, and Cybernetics 30 5 (2000) 537-551
83. Antón A.I., and Potts C. The use of goals to surface requirements for evolving systems. Proceedings of ICSE'98 (1998), IEEE Press 157-166
84. Antón A.I., and Earp J.B. A requirements taxonomy for reducing Web site privacy vulnerabilities. REJ 9 3 (2004) 169-185
85. Antón A.I., Earp J.B., and Carter R.A. Precluding incongruous behavior by aligning software requirements with security and privacy policies. Information & Software Technology 45 14 (2003) 967-977
86. J. Moffett, Requirements and policies, in: Proceedings of POLICY'99, 1999.
87. US Department of Health, Education and Welfare, The Code of Fair Information Practices, 1973.
88. Carter R.A., Antón A.I., Williams L., and Dagnino A. Evolving beyond requirements creep: a risk-based evolutionary prototyping model. Proceedings of RE'01 (2001), IEEE Press 94-101
89. Anderson R. Security Engineering: A Guide to Building Dependable Distributed Systems (2001), Wiley
90. Stallings W. Cryptography and Network Security: Principles and Practice (1999), Prentice-Hall, Englewood Cliffs, NJ
91. Jürjens J. Secure Systems Development with UML (2004), Springer-Verlag
92. Basin D., Doser J., and Lodderstedt T. Model driven security: from UML models to access control infrastructures. TOSEM 15 1 (2006) 39-91
93. Doan T., Demurjian S., Ting T.C., and Ketterl A. MAC and UML for secure software design. Proceedings of FMSE'04 (2004), ACM Press 75-85
94. Ray I., Li N., France R., and Kim D.-K. Using UML to visualize role-based access control constraints. Proceedings of SACMAT'04 (2004), ACM Press 115-124
95. Neumann G., and Strembeck M. A scenario-driven role engineering process for functional RBAC roles. Proceedings of SACMAT'02 (2002), ACM Press 33-42
96. Jackson D. Alloy: a lightweight object modelling notation. TOSEM 11 2 (2002) 256-290
97. Coyne E.J. Role engineering. Proceedings of RBAC'95 (1995), ACM Press 15-16
98. A. Barth, J.C. Mitchell, Enterprise privacy promises and enforcement, in: Proceedings of the 2005 Workshop on Issues in the Theory of Security, ACM Press, 2005, pp. 58-66.
99. Karjoth G., Schunter M., and Herreweghen E.V. Translating privacy practices into privacy promises - how to promise what you can keep. Proceedings of POLICY'03 (2003), IEEE Press 135
100. LeFevre K., Agrawal R., Ercegovac V., Ramakrishnan R., Xu Y., and DeWitt D.J. Limiting disclosure in hippocratic databases. Proceedings of VLDB'04 (2004), Morgan Kaufmann 108-119
101. Crook R., Ince D., Lin L., and Nuseibeh B. Security requirements engineering: when anti-requirements hit the fan. Proceedings of RE'02 (2002), IEEE Press 203-205
102. Regan P.M. Legislating Privacy: Technology, Social Values, and Public Policy (1995), University of North Carolina Press
103. Solove D.J., Rotenberg M., and Schwartz P.M. Information Privacy Law. 2nd ed. (2006), Aspen Publishers
104. H. Gross, The Concept of Privacy, New York University Law Review 42.
105. Inness J.C. Privacy, Intimacy and Isolation (1992), Oxford University Press
106. Samuelson P. Privacy as intellectual property?. Stanford Law Review 52 5 (2000) 1125-1173
107. Murphy R.S. Property rights in personal information: an economic defense of privacy. Georgetown Law Journal 84 (1996) 2381-2417
108. Davies S.G. Re-engineering the right to privacy: how privacy has been transformed from a right to a commodity. Technology and Privacy: The New Landscape (1997), MIT Press 143-145
109. K.J. Strandburg, Privacy, rationality, and temptation: a theory of willpower norms, Rutgers Law Review 57 (4).
110. Kerr O. The fourth amendment and new technologies: constitutional myths and the case for caution. Michigan Law Review 102 (2004) 801-888
111. Sklansky D.A. The fourth amendment and common law. Columbia Law Review 100 (2000) 1739
112. In: Rotenberg M. (Ed). The Privacy Law Sourcebook (2000), EPIC
113. US Federal Trade Commission, The Fair Credit Reporting Act, Pub. L. No. 90-32, 15 U.S.C. §1681 et seq., 1970.
114. US Congress, The Fair and Accurate Credit Transactions Act, Pub. L. 108-159, 2003.
115. US Department of Justice, Privacy Act (1974). Available from: .
116. US Congress, Health Insurance Portability and Accountability Act, Pub. L. No. 104-191, 1996.
117. Smith R.E. The law of privacy in a nutshell. Privacy Journal (1993) 50-51
118. US Department of Commerce, Safe Harbor Privacy Principles, 2000. Available from: .
119. Carpenter D. Keeping secrets. Minnesota Law Review 86 6 (2002) 1097-1114
120. Rotenberg M. Privacy and secrecy after September 11. Minnesota Law Review 86 6 (2002) 1115-1136
121. Solove D.J. Privacy and power: computer databases and metaphors for information privacy. Stanford Law Review 53 (2001) 1393-1462