Aligning security and privacy to support the development of secure information systems

Journal of Universal Computer Science

Volumn 18, Issue 12, 2012, Pages 1608-1627

  Mouratidis, Haralambos ^a   Kalloniatis, Christos ^b   Islam, Shareeful ^a   Huget, Marc Philippe ^c   Gritzalis, Stefanos ^b  

^a UNIVERSITY OF EAST LONDON   (United Kingdom)

^b UNIVERSITY OF THE AEGEAN   (Greece)

^c Université de Savoie   (France)

Author keywords

Constraints; Goal modelling; Meta model; Privacy; Security

Indexed keywords

EID: 84866253432     PISSN: 0958695X     EISSN: 09486968     Source Type: Journal    
DOI: None     Document Type: Article

References (34)

1. [Antón, 00] A. Antón, and J. Earp, Strategies for developing policies and requirements for secure electronic commerce systems. 1st Workshop on security and privacy in e-commerce. ACM, 2000.
2. [Barros, 04] O. Barros, Business Process Patterns and Frameworks: Reusing Knowledge in Process Innovation, Technical Report 56, Universidad de Chile, 2004. [Cocoon, 02] Cocoon XML publishing framework, 2002, http://xml.apache.org/cocoon/
3. [Bellotti, 93] V. Bellotti, A. Sellen, Design for Privacy in Ubiquitous Computing Environments, In: Michelis, G., Simone, C., Schmidt, Kjeld (ed.), Proceedings of the Third European Conference on Computer Supported Cooperative Work - ECSCW 93 pp. 93108,1993.
4. [Breaux, 08] T. D. Breaux and A. I. Antón, Analyzing Regulator Rules for privacy and Security Requirements, IEEE transactions on software engineering, Vol. 34, No. 1, January-February 2008.
5. [Cannon, 04] J. Cannon, Privacy, What Developers and IT Professionals Should Know. Addison-Wesley, 2004.
6. [Chung, 93] L. Chung, Dealing with security requirements during the development of information systems. The 5th international conference of advanced information systems engineering, CAiSE'93, Paris, France, Springer Verlag LNCS 685, pp: 234-251,1993.
7. [Fischer-Hübner, 01] S. Fischer-Hübner, IT-Security and Privacy, Design and Use of Privacy Enhancing Security Mechanisms. Lecture Notes in Computer Science, Vol. 1958. Springer-Verlag, Berlin, 2001.
8. [Haley, 06] C.B. Haley, R. Laney, J.D. Moffett and B. Nuseibeh, Arguing Satisfaction of Security Requirements, in Integrating Security and Software Engineering: Advances and Future Visions, pp. 16-43, Idea Publishing Group, 2006.
9. [He, 03] Q. He, A.I. Antón, A framework for modelling privacy requirements in role engineering. In: Proceedings of the 9th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'03), Austria, 2003.
10. [Houmb, 10] S. H. Houmb, S. Islam, E. Knauss, J. Jürjens, and K. Schneider. Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec. Requirements Engineering Journal, 15(1):63-93, March 2010.
11. [ICTE-PAN, 05] ICTE-PAN: Methodologies and Tools for Building Intelligent Collaboration and Transaction Environments in Public Administration Networks, Project Deliverable D 3.1b, 2005, University of the Aegean, Greece.
12. [Islam, 10a] S. Islam, H. Mouratidis and S. Wagner, Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations, In Proc. of 16th International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ '10), Springer-Verlag, 2010. Essen, Germany.
13. [Islam, 10b] S. Islam and S. H. Houmb, Integrating Risk Management Activities into Requirements Engineering, In Proc. of the 4th IEEE Research International Conference on Research Challenges in IS (RCIS2010), Nice, France.
14. [Islam, 11] S. Islam, H. Mouratidis and J. Jürjens, A Framework to Support Alignment of Secure Software Engineering with Legal Regulations, Journal of Software and Systems Modeling (SoSyM), Theme Section on Non-Functional System Properties in Domain-Specific Modeling Languages (NFPinDSML), 2011, Springer-Verlag.
15. [Jensen, 05] C. Jensen, J. Tullio, C. Potts and E. Mynatt, STRAP: A Structured Analysis Framework for Privacy. GVU Technical Report, Georgia Institute of Technology, GIT-GVU05-02, 2005.
16. [Jürjens, 05] J. Jürjens. Secure Systems Development with UML. Springer, 2005.
17. [Kalloniatis, 08] C. Kalloniatis, E. Kavakli, and S. Gritzalis, Addressing privacy requirements in system design: The PriS method, Requirements Engineering, 13(3): 241-255, 2008.
18. [Kalloniatis, 09] C. Kalloniatis, E. Kavakli, S. Gritzalis, Methods for Designing Privacy Aware Information Systems: A review, Proceedings of the PCI 2009 13th Pan-Hellenic Conference on Informatics (with international participation), N. Alexandris, V. Chryssikopoulos, C. Douligeris, N. Kanellopoulos (Eds.), September 2009, Corfu: Greece, IEEE CPS Conference Publishing Services.
19. [Kavakli, 07] E. Kavakli, S. Gritzalis, and C. Kalloniatis, C. (2007), Protecting Privacy in System Design: The Electronic Voting Case, Transforming Government: People, Process and Policy, 1(4): 307-332.
20. [Koorn, 04] R. Koorn, H. van Gils, J. ter Hart, P. Overbeek, and R. Tellegen, Privacy Enhancing Technologies, White paper for Decision Makers. Ministry of the Interior and Kingdom Relations, the Netherlands, December 2004.
21. [Letier, 00] E. Letier and A. van Lamsweerde, Deriving operational software specifications from system goals. 10th ACM SIGSOFT International Symposium on the Foundations of Software Engineering pp: 119-128, 2000.
22. [Loucopoulos, 00] P. Loucopoulos, From Information Modelling to Enterprise Modelling. In: IS Engineering: State of the Art and Research Themes. Springer, 2000, 67-78.
23. [Loucopoulos, 99] P. Loucopoulos, V. Kavakli, Enterprise Knowledge Management and Conceptual Modelling. LNCS Vol. 1565. Springer,123-143,1999.
24. [Massey, 09] A. K. Massey, P. N. Otto, L. J. Hayward, and A. I. Antón, Evaluating existing security and privacy requirements for legal compliance, Requirements Engineering Journal, Special issues security requirements engineering, 2009.
25. [Mead, 06] N.R. Mead, Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method, Integrating Security and Software Engineering, pp. 44-69, Idea Publishing Group, 2006.
26. [Mellado, 07] D. Mellado, E. Medina, and M. Piattini, A common criterion based security requirements engineering process for the development of secure information system. Computer standards & interfaces, 29:244- 253, June 2007.
27. [Moffett, 95] D. Moffett and B. Nuseibeh, A framework for security requirements engineering. Department of computer science, University of York, YCS 368, 2003.
28. [Mouratidis, 06] H. Mouratidis and P. Giorgini, Integrating Security and Software Engineering: Advances and Future Visions, Idea Group Publishing, 2006.
29. [Mouratidis, 07a] H. Mouratidis and P. Giorgini, Secure Tropos: A Security-Oriented Extension Of The Tropos Methodology, International Journal of Software Engineering and Knowledge Engineering, 2007 © World Scientific Publishing Company.
30. [Mouratidis, 07b] H. Mouratidis and P. Giorgini, Security Attack Testing (SAT) - testing the security of information systems at design time. Inf. Syst. 32(8): 1166-1183, 2007.
31. [Siena, 09] A. Siena, J. Mylopoulos, A. Perini, and A. Susi. Designing Law-Compliant Software Requirement, LNCS, Volume 5829/2009, 28th International Conference on Conceptual Modeling (ER2009), Gramado, Brazil.
32. [Sindre, 05] G. Sindre and A. L. Opdahl, Eliciting Security Requirements with Misuse Cases, Requirements Engineering, 10(1):34-44, January 2005.
33. [Yu, 93] E. Yu. Modeling organisations for information systems requirements engineering. 1st IEEE International Symposium on Requirements Engineering pp: 34-41, 1993.
34. [Yu, 95] E. Yu, Modelling Strategic Relationships for Process Reengineering, Ph.D. thesis, Department of Computer Science, University of Toronto, Canada, 1995.