Experiences in the Development and Usage of a Privacy Requirements Framework

Proceedings - 2016 IEEE 24th International Requirements Engineering Conference, RE 2016

Volumn , Issue , 2016, Pages 293-302

  Oliver, Ian ^a  

^a LUCENT TECHNOLOGIES   (United States)

Author keywords

Ontologies; Privacy; Privacy Engineering; Requirements; Semantics

Indexed keywords

COMPLIANCE CONTROL; DATA PRIVACY; ONTOLOGY; REQUIREMENTS ENGINEERING; RISK ANALYSIS; RISK ASSESSMENT; SEMANTICS; SOFTWARE ENGINEERING;

DATA AND INFORMATION; ENGINEERING DOMAINS; IMPACT ASSESSMENTS; ONTOLOGICAL STRUCTURES; PRIVACY ENGINEERINGS; PRIVACY REQUIREMENTS; REQUIREMENTS; SOFTWARE DEVELOPMENT PROCESS;

SOFTWARE DESIGN;

EID: 85007227232     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/RE.2016.59     Document Type: Conference Paper

References (35)

1. H. Nissenbaum, "A contextual approach to privacy online," Daedalus, vol. 140, no. 4, pp. 32-48, Fall 2011.
2. D. J. Solove, "A taxonomy of privacy," University of Pennsylvania Law Review, vol. 154, no. 3, p. 477, January 2006, gWU Law School Public Law Research Paper No. 129.
3. -, "Conceptualizing Privacy," California Law Review, vol. 90, no. 4, pp. 1087-1155, 2002.
4. A. Kim, "Position paper building privacy into the semantic web: An ontology needed now," 2002.
5. EU, "Opinion 4/2007 on the concept of personal data. article 29 data protection working party," June 2007.
6. T. D. Breaux and A. I. Anton, "Analyzing regulatory rules for privacy and security requirements," IEEE Transactions on Software Engineering, vol. 34, no. 1, pp. 5-20, 2008.
7. J. Bhatia and T. D. Breaux, "Towards an information type lexicon for privacy policies," in Eighth IEEE International Workshop on Requirements Engineering and Law, RELAW 2015, Ottawa, ON, Canada, August 25, 2015. IEEE, 2015, pp. 19-24. [Online]. Available: http://dx.doi.org/10.1109/RELAW.2015.7330207
8. C. A. Brodie, C.-M. Karat, and J. Karat, "An empirical study of natural language parsing of privacy policy rules using the sparcle policy workbench," in SOUPS '06: Proceedings of the second symposium on Usable privacy and security. New York, NY, USA: ACM, 2006, pp. 8-19.
9. Y. Miche, I. Oliver, S. Holtmanns, A. Akusok, A. Lendasse, and K.-M. Björk, On Mutual Information over Non-Euclidean Spaces, Data Mining and Data Privacy Levels. Springer International Publishing, 2016, pp. 371-383.
10. T. D. Breaux, D. Smullen, and H. Hibshi, "Detecting repurposing and over-collection in multi-party privacy requirements specifications," in 23rd IEEE International Requirements Engineering Conference, RE 2015, Ottawa, ON, Canada, August 24-28, 2015, D. Zowghi, V. Gervasi, and D. Amyot, Eds. IEEE Computer Society, 2015, pp. 166-175. [Online]. Available: http://dx.doi.org/10.1109/RE.2015.7320419
11. I. Oliver, Privacy Engineering: A Data Flow and Ontological Approach. Create Space Independent Publishing, July 2014, 978-1497569713.
12. K. Belhajjame, J. Cheney, D. Corsar, D. Garijo, S. Soiland-Reyes, S. Zednik, and J. Zhao, "PROV-O: The PROV Ontology," W3C, Tech. Rep., 2012.
13. L. Ding, J. Bao, J. Michaelis, J. Zhao, and D. McGuinness, "Reflections on provenance ontology encodings," in Provenance and Annotation of Data and Processes, ser. Lecture Notes in Computer Science, D. McGuinness, J. Michaelis, and L. Moreau, Eds. Springer Berlin Heidelberg, 2010, vol. 6378, pp. 198-205.
14. Risk Taxonomy, The Open Group, 2009.
15. A. K. Massey and A. I. Antón, "A requirements-based comparison of privacy taxonomies," in Proceedings of the 2008 Requirements Engineering and Law, ser. RELAW '08. Washington, DC, USA: IEEE Computer Society, 2008, pp. 1-5.
16. S. L. Pfleeger, "Risky business: what we have yet to learn about risk management," Journal of Systems and Software, vol. 53, no. 3, pp. 265-273, 2000.
17. A. I. Antón and J. B. Earp, "A requirements taxonomy for reducing web site privacy vulnerabilities," Requirements Engineering, vol. 9, no. 3, pp. 169-185, 2004.
18. E. McCallister, T. Grance, and K. A. Scarfone, "SP 800-122. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)," NIST, Gaithersburg, MD, United States, Tech. Rep., 2010.
19. K. Emam, F. Dankar, R. Vaillancourt, T. Roffey, and M. Lysyk, "Evaluating the risk of re-identification of patients from hospital prescription records," The Canadian Journal of Hospital Pharmacy, vol. 62, no. 4, 2009.
20. F. Dankar, K. E. Emam, A. Neisa, and T. Roffey, "Estimating the reidentification risk of clinical data sets," BMC Medical Informatics and Decision Making, vol. 66, 9 July 2012.
21. R. J. Back and J. Wright, Refinement Calculus: A Systematic Introduction (Texts in Computer Science). Springer, April 1998.
22. D. Herrmann, Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI. CRC Press, 2007.
23. R. McDermott, R. Mikulak, and M. Beauregard, The Basics of FMEA, 2nd ed., 1996.
24. R. Banach, M. Poppleton, C. Jeske, and S. Stepney, "Engineering and theoretical underpinnings of retrenchment." Sci. Comput. Program., vol. 67, no. 2-3, pp. 301-329, 2007.
25. J. I. Hong, J. D. Ng, S. Lederer, and J. A. Landay, "Privacy risk models for designing privacy-sensitive ubiquitous computing systems," in Proceedings of the 5th Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques, ser. DIS '04. ACM, 2004, pp. 91-100.
26. "Nist privacy engineering objectives and risk model discussion draft," http://www.nist.gov/itl/csd/upload/nist privacy engr objectives r isk model discussion draft.pdf, April 2014.
27. I. Oliver and S. Holtmanns, "Aligning the conflicting needs of privacy, malware detection and network protection," in 2015 IEEE Trust Com/Big Data SE/ISPA, Helsinki, Finland, August 20-22, 2015, Volume 1. IEEE, 2015, pp. 547-554. [Online]. Available: http://dx.doi.org/10.1109/Trustcom.2015.418
28. I. Oliver, J. Howse, and G. Stapleton, "Protecting privacy: Towards a visual framework for handling end-user data," in 2013 IEEE Symposium on Visual Languages and Human Centric Computing, San Jose, CA, USA, September 15-19, 2013, C. Kelleher, M. M. Burnett, and S. Sauer, Eds. IEEE Computer Society, 2013, pp. 67-74. [Online]. Available: http://dx.doi.org/10.1109/VLHCC.2013.6645245
29. M. Howard and S. Lipner, The Security Development Lifecycle. Redmond, WA, USA: Microsoft Press, 2006.
30. P. Kruchten, R. L. Nord, I. Ozkaya, and J. Visser, "Technical debt in software development: from metaphor to theory report on the third international workshop on managing technical debt." ACM SIGSOFT Software Engineering Notes, vol. 37, no. 5, pp. 36-38, 2012.
31. F. Baader, D. Calvanese, D. L. McGuinness, D. Nardi, and P. F. Patel-Schneider, Eds., The description logic handbook: theory, implementation, and applications. New York, NY, USA: Cambridge University Press, 2003.
32. T. F. Michelle Finneran Dennedy, Jonathan Fox, The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value. Apress, 2014.
33. S. Gürses, C. Gonzalez Troncoso, and C. Diaz, "Engineering privacy by design," Computers, Privacy & Data Protection, 2011.
34. M. Deng, K. Wuyts, R. Scandariato, B. Preneel, and W. Joosen, "A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements," Requirements Engineering Journal, vol. 16, no. 1, pp. 3-32, 2011. [Online]. Available: https://lirias.kuleuven.be/handle/123456789/281181
35. K. Wuyts, R. Scandariato, and W. Joosen, "Empirical evaluation of a privacy-focused threat modeling methodology," The Journal of Systems and Software, vol. 96, pp. 122-138, October 2014. [Online]. Available: https://lirias.kuleuven.be/handle/123456789/460343