Methods for designing privacy aware information systems: A review

PCI 2009 - 13th Panhellenic Conference on Informatics

Volumn , Issue , 2009, Pages 185-194

  Kalloniatis, Christos ^a   Kavakli, Evangelia ^a   Gritzalis, Stefanos ^a  

^a UNIVERSITY OF THE AEGEAN   (Greece)

Author keywords

[No Author keywords available]

Indexed keywords

COMPARATIVE ANALYSIS; ON CURRENTS; PERSONAL INFORMATION; PRIVACY REQUIREMENTS; RECREATIONAL ACTIVITIES; RESEARCH TRENDS; SYSTEMATIC FRAMEWORK; USER PRIVACY;

COMPUTER PERIPHERAL EQUIPMENT; INFORMATION SYSTEMS; INTERFACES (COMPUTER);

COMPUTER SOFTWARE;

EID: 70849084080     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/PCI.2009.45     Document Type: Conference Paper

References (39)

1. Business, Week (1998). "A Little Net Privacy, Please." Available at: www.businessweek.com last accessed: 17/12/2007.
2. PricewaterhouseCoopers (2001). "Privacy:a weak link in the cyber-chain." E-Business Leadres Series, PricewaterhouseCoopers, New York.
3. Kavakli E., Kalloniatis C., Gritzalis S., "Addressing Privacy: Matching User Requirements with Implementation Techniques", 7th Hellenic European Conference on Computer Mathematics and its Applications (HERCMA 2005), Athens, Greece, September 2005
4. Fischer-Hubner, S. (2001). IT-security and privacy- Design and use of privacy enhancing security mechanisms. 5th International Conference on Applications of Natural Language to Information Systems, Versailles, France, Lecture Notes in Computer Science 1958, pp: 35-106 June 2000.
5. Koorn, R., H. van Gils, J. Hart, P. Overbeek and R. Tellegen (2004). Privacy Enhancing Technologies-White paper for decision makers. Ministry of the Interior and Kingdom Relations, the Netherlands.
6. Pfitzmann, A. and M Hansen (2007). Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonumity and Identity Management-A Consolidated Proposal for Terminology v.029. TU Dresden ULD Kiel, 31 July 2007, Dresden.
7. Chung, L. (1993). Dealing with security requirements during the development of information systems. The 5th international conference of advanced information systems engineering, CAiSE'93, Paris, France, Springer Verlag LNCS 685, pp: 234-251.
8. Yu., E. (1993). Modeling organisations for information systems requirements engineering. 1st IEEEInternational Symposium on Requirements Engineering pp: 34-41.
9. Mouratidis., H., P. Giorgini and G. Manson (2003a). Integrating security and systems engineering: Towards the modelling of secure information systems. LNCS 2681. Springer-Verlag. Berlin Heidelberg 63-78.
10. Letier, E. and A. van Lamsweerde (2002b). Deriving operational software specifications from system goals. 10th ACM SIGSOFT International Symposium on the Foundations of Software Engineering pp: 119-128.
11. Antón, A. and J. Earp (2000). Strategies for developing policies and requirements for secure electronic commerce systems. 1st Workshop on security and privacy in e-commerce. ACM.
12. He, Q. and A. Antón (2003). A framework for modeling privacy requirements in role engineering. International workshop on requirements engineering for software quality (REFSQ). Klagenfurt/Verden, Austria.
13. Moffett, D. and B. Nuseibeh (2003). A framework for security requirements engineering. Department of computer science, University of York, YCS 368.
14. Bellotti, V. and A. Sellen (1993). Design for privacy in ubiquitous computing environments. Proceedings of the third european conference on computer supported cooperative work (ECSCW 93). G. In Michelis, Simone, C., Schmidt, K. 93-108.
15. Jensen, C., J. Tullio, C. Potts and E. Mynatt (2005). STRAP: A Structured Analysis Framework for Privacy. GVU Technical Report, Georgia Institute of Technology, GIT-GVU-05-02.
16. Christos Kalloniatis, Evangelia Kavakli, Stefanos Gritzalis (2008) "Addressing privacy requirements in system design: The PriS method", Requirements Eng.(2008) Vol 13, No 3, pp. 241-255, Springer.
17. Chung, L., B. Nixon, E. Yu. and J. Mylopoulos (2000). Non-Functional requirements in software engineering, Kluwer Academic Publishers.
18. Yu., E. (1997). Towards Modelling and reasoning support for early phase requirements engineering. 3rd IEEE International Symposium on Requirements Engineering pp: 226-235.
19. Liu, L., E. Yu. and J. Mylopoulos (2002). Analyzing security requirements as relationships among strategic actors. SREIS'02. Raleigh, North Carolina.
20. Yu., E. and Cysneiros L. (2002). Designing for privacy and other competing requirements. 2nd Symposium on Requirements Engineering for Information Security (SREIS'02)
21. Liu, L., E. Yu. and J. Mylopoulos (2003). Security and privacy requirements analysis within a social setting. IEEE,11th international requirements engineering conference (RE'03). Monterey Bay, California, USA.
22. Yu., E. and Cysneiros L. (2003). Designing for Privacy in a Multi-Agent World. Trust, Reputation and Security:Theories and Pactice, Springer Verlag LNCS 2631, pp: 209-223.
23. Perini, P., P. Bresciani, P. Giorgini, F. Giunchiglia and J. Mylopoulos (2001). Towards an agent-oriented approach to software engineering, Modena-Italy.
24. Mouratidis., H., P. Giorgini and G. Manson (2003b). An ontology for modelling security:The tropos project. Proceedings of the KES 2003 invited session ontology and multi-agent systems design (OMASD'03)-Lecture Notes in Artificial Intelligence 2773. V. Palade, R. Howlett and L Jain. United Kingdom, University of Oxford, Springer-Verlag 1387-1394.
25. Dardenne, A., A. van Lamsweerde and S. Fickas (1993). "Goal-directed requirements acquisition." Science of computer programming 20: 3-50.
26. an Lamsweerde, A., Darimont R. and Massonet P. (1995). Goal-directed elaboration of requirements for a meeting scheduler: Problems and lessons learnt. 2nd IEEE International Symposium on Requirements Engineering pp: 194-203.193
27. Dardenne, A. and A. van Lamsweerde (1996). Formal refinement patterns for goal-driven requierements elaboration. 4th ACM SIGSOFT International Symposium on the Foundations of Software Engineering pp: 179-190.
28. van Lamsweerde, A., Darimont R. and E. Letier (1998). "Managing conflicts in Goal-driven requirements engineering." IEEE Trans. Soft. Eng. 24(11): 908-925.
29. van Lamsweerde, A. and E. Letier (2000). "Handling obstacles in goal-oriented requirements engineering." IEEE Trans. Soft. Eng. 26: 978-1005.
30. Letier, E. and A. van Lamsweerde (2002a). Agentbased tactics for goal-oriented requirements elaboration. 24th International Conference on Software Engineering (ICSE'02) pp: 83-93.
31. Hong, J., J. Ng, S. Lederer and J. Landey (2004). Privacy risk models for designing privacy-sensitive ubiquitous computing systems. Symposium on Designing Interactive Systems archive - Proceedings of the 2004 conference on Designing interactive systems: processes, practices, methods, and techniques. Acm-Press. Cambridge, MA, USA 91-100.
32. Welfare, US Department of Health Education and (1973). Code of Fair Information practises (The).
33. Kavakli, E., S. Gritzalis and C. Kalloniatis (2007)."Protecting Privacy in System Design: The Electronic Voting Case." Transforming Government: People, Process and Policy 1(4): 307-332.
34. Sindre, G., Opdahl, A.L.,: Eliciting security requirements with misuse cases. Requirements Engineering, 10(1): 34-44 (2005).
35. Sindre, G., and Opdahl, A.L. Templates for Misuse Case Description. In Proceedings of the Seventh International Workshop on Requirements Engineering: Foundations for Software Quality - REFSQ'2001, pp. 125-136, Camille Ben Achour et al. (Eds.). Essener Informatik BeitrÃge, University of Essen, Germany, 2002.
36. Alexander, I., Use/Misuse Case Analysis Elicits Non-Functional Requirements, Computing & Control Engineering Journal, Vol. 14, 1, pp 40-45, February 2003.
37. John McDermott, Chris Fox, "Using Abuse Case Models for Security Requirements Analysis", 15th Annual Computer Security Applications Conference (ACSAC '99), p. 55, 1999
38. Amoroso, E.G., AT&T Bell Laboratories. "Fundamentals of Computer Security Technology." P.T. R. Prentice Hall, 1994. ISBN 0-13-108929-3.
39. Schneier, B., "Attack Trees." 21-29. Dr. Dobb's Journal of Software Tools 24, 12 (December 1999): 21-29.