Empirical evaluation of a privacy-focused threat modeling methodology

Journal of Systems and Software

Volumn 96, Issue , 2014, Pages 122-138

  Wuyts, Kim ^a   Scandariato, Riccardo ^a   Joosen, Wouter ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

Empirical study; Privacy; Threats

Indexed keywords

DATA PRIVACY; HARDWARE; SOFTWARE ENGINEERING;

EMPIRICAL EVALUATIONS; EMPIRICAL STUDIES; PRIVACY THREATS; REALISTIC SCENARIO; SENSITIVE INFORMATIONS; SOFTWARE ARCHITECTS; SOFTWARE SYSTEMS; THREATS;

SOFTWARE ARCHITECTURE;

EID: 84906950333     PISSN: 01641212     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jss.2014.05.075     Document Type: Article

References (40)

1. I. Alexander Misuse cases: use cases with hostile intent IEEE Softw. 20 1 2003 58 66
2. K. Beckers, S. Faßbender, M. Heisel, and R. Meis A problem-based approach for computer aided privacy threat identification Privacy Forum 2012, Lecture Notes in Computer Science 2012 Springer
3. K. Beckers Comparing privacy requirements engineering approaches IEEE 2012 Seventh International Conference on Availability, Reliability and Security (ARES) 2012 574 581
4. V. Bellotti, and A. Sellen Design for privacy in ubiquitous computing environments Proceedings of the Third Conference on European Conference on Computer-Supported Cooperative Work 1993 77 92
5. T.D. Breaux Exercising due diligence in legal requirements acquisition: a tool-supported, frame-based approach IEEE International Requirements Engineering Conference (RE) 2009 225 230
6. J.C. Carver, L. Jaccheri, S. Morasca, and F. Shull A checklist for integrating student empirical studies with research and teaching goals Empir. Softw. Eng. 15 1 2010 35 59
7. Cavoukian, A., et al. Privacy by design: the 7 foundational principles, Information and Privacy Commissioner of Ontario, Canada. http://www. privacybydesign.ca/index.php/about-pbd/7-foundational-principles/.
8. A. Cavoukian Privacy by Design: Achieving the Gold Standard in Data Protection for the Smart Grid (2010). Tech. Rep. 2010 Information and Privacy Commissioner of Ontario
9. COBIT 5: A business framework for the governance and management of enterprise IT, http://www.isaca.org/COBIT.
10. M. Deng, K. Wuyts, R. Scandariato, B. Preneel, and W. Joosen A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements Requir. Eng. J. 16 1 2011 3 32
11. eRISE Challenge 2012 - experimental material, http://securitylab.disi. unitn.it/doku.php?id=erise-2012.
12. H.S. Fhom, and K.M. Bayarou Towards a holistic privacy engineering approach for smart grid systems IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2011 234 241
13. S. Hofbauer, K. Beckers, and G. Quirchmayr Conducting a privacy impact analysis for the analysis of communication records Perspect. Bus. Inf. Res. 2012 148 161
14. J.I. Hong, J.D. Ng, and S. Lederer Privacy risk models for designing privacy-sensitive ubiquitous computing systems Designing Interactive Systems (DIS2004) 2004 ACM Press 91 100
15. M. Howard, and S. Lipner The Security Development Lifecycle 2006 Microsoft Press Redmond, WA, USA
16. C. Jensen Designing for Privacy in Interactive Systems (Ph.D. thesis 2005 Georgia Institute of Technology
17. C. Kalloniatis, E. Kavakli, and S. Gritzalis Addressing privacy requirements in system design: the PriS method Requir. Eng. 13 3 2008 241 255
18. Kimai - open source time tracking, http://www.kimai.org/en/.
19. M. Langheinrich Privacy by design - principles of privacy-aware ubiquitous systems Proceedings of the 3rd International Conference on Ubiquitous Computing, UbiComp'01 2001 273 291 (Pubitemid 33347314)
20. LINDDUN evaluation - experimental material, https://sites.google.com/ site/linddunstudy/.
21. LINDDUN portal, https://distrinet.cs.kuleuven.be/software/linddun/.
22. LINDDUN threat tree catalog, http://people.cs.kuleuven.be/kim.wuyts/ LINDDUN/.
23. J. Luna, N. Suri, and I. Krontiris Privacy-by-design based on quantitative threat modeling 7th International Conference on Risks and Security of Internet and Systems (CRiSIS 2012) 2012
24. F. Massacci, and F. Paci How to select a security requirements method? A comparative study with students and practitioners Proceedings of the 17th Nordic conference on Secure IT Systems, NordSec'12 2012 Springer-Verlag 89 104
25. J. McDermott, and C. Fox Using abuse case models for security requirements analysis Proceedings of 15th Annual Computer Security Applications Conference, 1999 (ACSAC'99) 1999 55 64
26. P.H. Meland, I.A. Tøndel, and J. Jensen Idea: reusability of threat models - two approaches with an experimental evaluation International Conference on Engineering Secure Software and Systems (ESSoS) 2010 Springer-Verlag 114 122
27. S. Miyazaki, N. Mead, and J. Zhan Computer-aided privacy requirements elicitation technique IEEE Asia-Pacific Services Computing Conference, 2008. APSCC'08 2008 367 372
28. H. Mouratidis, S. Islam, C. Kalloniatis, and S. Gritzalis A framework to support selection of cloud providers based on security and privacy requirements J. Syst. Soft. 86 9 2013 2276 2293
29. J. Nielsen, and R. Molich Heuristic evaluation of user interfaces Proceedings of the SIGCHI Conference on Human Factors in Computing Systems: Empowering People, CHI'90 1990 249 256
30. B. Nuseibeh Weaving together requirements and architectures Computer 34 3 2001 115 119
31. I. Omoronyia, L. Cavallaro, M. Salehie, L. Pasquale, and B. Nuseibeh Engineering adaptive privacy: on the role of privacy awareness requirements Proceedings of the 2013 International Conference on Software Engineering, ICSE'13 2013 IEEE Press 632 641
32. A. Opdahl, and G. Sindre Experimental comparison of attack trees and misuse cases for security threat identification Inf. Softw. Technol. 51 5 2009 916 932
33. A. Patrick, and S. Kenny From privacy legislation to interface design: implementing information privacy in human-computer interactions Privacy Enhancing Technologies, vol. 2760 of Lecture Notes in Computer Science 2003 107 124
34. R. Scandariato, K. Wuyts, and W. Joosen A descriptive study of Microsoft's threat modeling technique Requir. Eng. 2013 11 18
35. G. Sindre, and A.L. Opdahl Templates for misuse case description Proceedings of the 7th International Workshop on Requirements Engineering, Foundation for Software Quality (REFSQ'2001) Switzerland 2001
36. G. Sindre, and A.L. Opdahl Eliciting security requirements with misuse cases Requir. Eng. 10 1 2005 34 44
37. S. Spiekermann, and L. Cranor Engineering privacy IEEE Trans. Softw. Eng. 35 1 2009 67 82
38. The code of fair information practices, Tech. rep., U.S. Dep't. of Health, Education and Welfare, Secretary's Advisory Committee on Automated Personal Data Systems, Records, computers, and the Rights of Citizens viii (1973).
39. W.F. Tichy Hints for reviewing empirical work in software engineering Empir. Softw. Eng. 5 4 2000 309 312
40. E. Yu, and L.M. Cysneiros Designing for privacy and other competing requirements Proceedings of the 2nd Symposium on Requirements Engineering for Information Security (SREIS) 2002 15 16