Incorporating privacy patterns into semi-automatic business process derivation

Proceedings - International Conference on Research Challenges in Information Science

Volumn 2016-August, Issue , 2016, Pages

  Argyropoulos, Nikolaos ^a   Kalloniatis, Christos ^a,b   Mouratidis, Haralambos ^a   Fish, Andrew ^a  

^a UNIVERSITY OF BRIGHTON   (United Kingdom)

^b UNIVERSITY OF THE AEGEAN   (Greece)

Author keywords

[No Author keywords available]

Indexed keywords

AIR NAVIGATION; INFORMATION SCIENCE;

BUSINESS PROCESS; CURRENT SITUATION; HIGH-LEVEL GOALS; OPERATIONAL LEVEL; OVERARCHING SYSTEMS; PRIVACY ENHANCING TECHNOLOGIES; PRIVACY REQUIREMENTS; USER REQUIREMENTS;

DATA PRIVACY;

EID: 84987615841     PISSN: 21511349     EISSN: 21511357     Source Type: Conference Proceeding    
DOI: 10.1109/RCIS.2016.7549305     Document Type: Conference Paper

References (25)

1. L. Rainie, S. Kiesler, R. Kang and M. Madden, Anonymity, Privacy and Security Online, Carnegie Mellon University, available at: http: //www. pewinternet. org/2013/09/05/anonymity-privacy-andsecurity-online/, accessed: 03 February 2016.
2. TRUSTe, US Consumer Confidence Privacy Report, available at: http: //www. Truste. com/us-consumer-confidence-index-2014/, accessed: 03 February 2016.
3. C. Kalloniatis, Designing Privacy-Aware Systems in the Cloud, In Trust, Privacy and Security in Digital Business, pp. 113-123, Springer, 2015.
4. C. Kalloniatis, E. Kavakli and S. Gritzalis, Addressing privacy requirements in system design: The PriS method, Requirements Engineering, 13 (3), 241-255, 2008.
5. H. Mouratidis and P. Giorgini, Secure tropos: A security-oriented extension of the tropos methodology, International Journal of Software Engineering and Knowledge Engineering, 17 (02), 285-309, 2007.
6. N. Argyropoulos, H. Mouratidis and A. Fish, Towards the Derivation of Secure Business Process Designs, Advances in Conceptual Modelling, pp. 248-258, Springer, 2015.
7. N. Argyropoulos, L. M. Alcañiz, H. Mouratidis, A. Fish, D. G. Rosado, I. G. R. de Guzmán and E. Fernández-Medina, Eliciting Security Requirements for Business Processes of Legacy Systems, The Practice of Enterprise Modelling, pp. 91-107, Springer, 2015.
8. S. H. Houmb, S. Islam, E. Knauss, J. Jürjens and K. Schneider, Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec, Requirements Engineering Journal, 15, 63-93, 2010.
9. G. Sindre and A. L. Opdahl, Eliciting security requirements with misuse cases, Requirements Engineering Journal, 10, 34-44, 2005.
10. S. Romanosky, A. Acquisti, J. Hong, L. F. Cranor and Friedman B., Privacy patterns for online interactions, Proceedings of the 2006 conference on Pattern languages of programs (PloP 06), Portland, Oregon, pp. 12: 1-12: 9. ACM New York, NY, USA, 2006.
11. M. Hafiz, A Pattern Language for Developing Privacy Enhancing Technologies, Software Practice and Experience. 43, 769-787, 2013.
12. S. Islam, H. Mouratidis and S. Wagner, Toward a framework to elicit and manage security and privacy requirements from laws and regulation, Proceeding of Requirements Engineering: Foundation for Software Quality (REFSQ), Essen, Germany, pp. 255-261. Springer-Verlag, Berlin, Heidelberg, 2010.
13. A. K. Massey, P. N. Otto, L. J. Hayward and A. I. Antón, Evaluating existing security and privacy requirements for legal compliance, Requirements Engineering Journal, 15, 119-137, 2010.
14. M. Mulazzani, S. Schrittwieser, M. Leithner, M. Huber and E. Weippl, Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space, Proceedings of the 20th USENIX conference on Security, San Fransisco, CA, pp. 5-5. USENIX Association Berkeley, CA, USA, 2011.
15. C. Gong, J. Liu, Q. Zhang, H. Chen and Z. Gong, The Characteristics of Cloud Computing, Proceedings of the 2010 39th International Conference on Parallel Processing Workshop, San Diego, CA, pp. 275-279. IEEE Computer Society, Washington, DC, USA, 2010.
16. S. Pearson and A. Benameur, Privacy, Security and Trust Issues Arising from Cloud Computing, Proceedings of the 2nd IEEE International Conference on Cloud Computing Technology and Science, Indianapolis, Indiana, USA, pp. 693-702, IEEE Computer Society, UK, 2010.
17. S. Islam, H. Mouratidis and E. Weippl, A Goal-driven Risk Management Approach to Support Security and Privacy Analysis of Cloud-based System, Security Engineering for Cloud Computing: Approaches and Tools, IGI global publication, 2012.
18. M. zur Muehlen and M. Indulska, Modeling languages for business processes and business rules: A representational analysis, Information Systems, 35 (4), 379-390, 2010.
19. Object Management Group, Business Process Model and Notation (BPMN) Version 2. 0, Technical Report, 2011.
20. M. Salnitri, F. Dalpiaz and P. Giorgini, Modeling and verifying security policies in business processes, Enterprise, Business-Process and Information Systems Modeling, pp. 200-214. Springer, 2014.
21. A. Rodrguez, E. Fernández-Medina and M. Piattini, A BPMN extension for the modeling of security requirements in business processes, IEICE Transactions on Information and Systems, E90-D (4), 745-752, 2007.
22. M. Salnitri, E. Paja and P. Giorgini, P., From Socio-Technical Requirements to Technical Security Design: An STS-based Framework, Technical Report, University of Trento, 2015.
23. H. A. López, F. Massacci and N. Zannone, Goal-equivalent secure business process re-engineering, Service-Oriented Computing-ICSOC 2007 Workshops, pp. 212-223, Springer, 2009.
24. G, Frankova, M. Séguran, F. Gilcher, S. Trabelsi, J. Dörflinger and M. Aiello, Deriving business processes with service level agreements from early requirements, Journal of Systems and Software, 84 (8), 1351-1363, 2011.
25. EU-Information Society DG, E-VOTE: An Internet-Based Electronic Voting System, IST Programme 2000#29518, Project Deliverable D 7. 6, University of the Aegean, Greece, 2000.