Skip to main content
SpringerLink
Log in

Conflicts Between Security and Privacy Measures in Software Requirements Engineering

  • Conference paper
  • First Online:
Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security (ICGS3 2015)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 534))

Included in the following conference series:

  • International Conference on Global Security, Safety, and Sustainability

Abstract

The digital world is expanding rapidly into all parts of the physical world and our environment is shaped by the technologies we use. Majority of these technologies are user-generated content through browsing, emails, blogging, social media, e-shopping, video sharing and many other activities. our research considers how technology and software architecture in particular could be designed to pave the way for greater security and privacy in digital proceedings and services. The research treat security and privacy as an intrinsic component of a system design. The proposed framework in this research cover a broad approach by examining security and privacy from the requirements phase under a unified framework which enables to richly bridge the gap between requirement and implementation stages.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Pearson, S.: Taking Account of Privacy when Designing Cloud Computing Services, pp. 44–52. IEEE (2009)

    Google Scholar 

  2. Massey, A.K., Antón, A.I.: A requirements-based comparison of privacy taxonomies. In: 2008 Requirements Engineering and Law (2008)

    Google Scholar 

  3. Schneier, B.: The importance of security engineering. IEEE Comput. Reliab. Soc. 88 (2012)

    Google Scholar 

  4. Thomas McCarthy, J.: The Rights of Publicity and Privacy, 2nd edn. Thomson-West, New York (2005)

    Google Scholar 

  5. Solove, D.J.: Understanding Privacy. Harvard University Press, Cambridge (2008)

    Google Scholar 

  6. AICPA and CICA. Generally Accepted Privacy Principles. Technical Report August, American Institute of Certified Public Accountants, Inc. and Institute of Chartered Accountants (2009)

    Google Scholar 

  7. Perrin, C.: Privacy is security (2007)

    Google Scholar 

  8. ICO. Conducting privacy impact assessments code of practice. Technical report (2014)

    Google Scholar 

  9. Schwartz, P.M.: Privacy, ethics, and analytics. IEEE Comput. Reliab. Soc. 11, 66–69 (2011)

    Google Scholar 

  10. Plummer, D.: Top 10 Strategic Predictions: Gartner Predicts a Disruptive and Constructive Future for IT. Technical report (2011)

    Google Scholar 

  11. Koponen, J., Mangiaracina, A.: No free lunch: personal data and privacy in eu competition law. The Comput. Internet Lawyer 31(6), 7 (2014)

    Google Scholar 

  12. Fujitsu: Personal data in the cloud: A global survey of consumer attitudes. Technical report (2010)

    Google Scholar 

  13. Federal Trade Commission. Protecting Consumer Privacy in an Era of Rapid Change: A proposed framework for businesses and policymakers. Technical report, December 2010

    Google Scholar 

  14. Cavoukian, A.: Privacy by design the 7 foundational principles. Technical report (2009)

    Google Scholar 

  15. Cavoukian, A.: Privacy by Design. Technical report (2011)

    Google Scholar 

  16. Clarke, R.: Privacy Impact Assessments (1999)

    Google Scholar 

  17. Oetzel, M.C., Spiekermann, S.: A systematic methodology for privacy impact assessments: a design science approach. Eur. J. Inf. Syst. 23(2), 126–150 (2014)

    Article  Google Scholar 

  18. Trilateral Research & Consulting. Privacy impact assessment and risk management. Technical report, May 2013

    Google Scholar 

  19. PISA Consortium. Handbook of Privacy and Privacy-Enhancing Technologies (2003)

    Google Scholar 

  20. Shen, Y., Pearson, S.: Privacy enhancing technologies: a review. HP Laboratories 2739, 1–30 (2011)

    Google Scholar 

  21. Goncalves, G., Poniszewska-Maranda, A.: Role engineering: from design to evolution of security schemes. J. Syst. Softw. 81(8), 1306–1326 (2008)

    Article  Google Scholar 

  22. Firesmith, D.: Specifying reusable security requirements. J. Object Technol. 3(1), 61–75 (2004)

    Article  Google Scholar 

  23. Van Lamsweerde, A.: Requirements Engineering: From System Goals to UML Models to Software Specifications. Wiley, Hoboken (2009)

    Google Scholar 

  24. Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)

    Article  Google Scholar 

  25. Pfleeger, S.L., Pfleeger, C.P.: Harmonizing privacy with security principles and practices. IBM J. Res. Devel. 53(2), 6:1–6:12 (2009)

    Article  Google Scholar 

  26. Microsoft. Protecting Data and Privacy in the Cloud. Technical report (2014)

    Google Scholar 

  27. Breaux, T.D., Anton, A.I.: Analyzing regulatory rules for privacy and security requirements. IEEE Trans. Softw. Eng. 34(1), 5–20 (2008)

    Article  Google Scholar 

  28. Van Lamsweerde, A., Letier, E.: Handling obstacles in goal-oriented requirements engineering. IEEE Trans. Softw. Eng. 26(10), 978–1005 (2000)

    Article  Google Scholar 

  29. Carrillo de Gea, J.M., Nicolas, J., Fernandez Aleman, J.L., Toval, A., Ebert, C., Vizcaino, A.: Requirements engineering tools. IEEE Softw. 28(4), 86–91 (2010)

    Article  Google Scholar 

  30. Al-Fedaghi, S.: Engineering privacy revisited. Comput. Sci. 8(1), 107–120 (2012)

    Article  Google Scholar 

  31. Dimitromanolaki, I., Loucopoulos, P.: Goal-based conflict management in scenario analysis. In: 11th International Workshop on Database and Expert Systems Applications, pp. 831–835. IEEE (2000)

    Google Scholar 

  32. Easterbrook, S.M.: Resolving requirements conflicts with computer-supported negotiation. Requirements Engineering: Social and Technical Issues, pp. 41–65 (1994)

    Google Scholar 

  33. Ali, R., Dalpiaz, F., Giorgini, P.: Reasoning with contextual requirements: detecting inconsistency and conflicts. Inf. Softw. Technol. 55(1), 35–57 (2013)

    Article  Google Scholar 

  34. Van Lamsweerde, A., Darimont, R., Letier, E.: Managing conflicts in goal-directed requirements engineering. IEEE Trans. Softw. Eng. 24(11), 908–925 (1998)

    Article  Google Scholar 

  35. Pham, M.T., Seow, K.T.: Multiagent conflict resolution planning. In: IEEE International Conference on Systems, Man, and Cybernetics, SMC 2013, pp. 297–302 (2013)

    Google Scholar 

  36. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Methods for designing privacy aware information systems: a review. In: 13th Panhellenic Conference on Informatics, pp. 185–194. IEEE (2009)

    Google Scholar 

  37. Mylopoulos, J., Chung, L., Nixon, B.: Representing and using non-functional requirements: a process-oriented approach. IEEE Trans. Softw. Eng. 18(6), 483–497 (1992)

    Article  Google Scholar 

  38. Yu, E.: Towards modelling and reasoning support for early-phase requirements engineering. In: 3rd IEEE International Symposium on Requirements Engineering, pp. 226–235 (1997)

    Google Scholar 

  39. Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: an egent-oriented software development methodology. Auton. Agents Multi-Agent Syst. 8(3), 203–236 (2002)

    Article  Google Scholar 

  40. Heaven, W., Finkelstein, A.: A UML profile to support requirements engineering with KAOS. IEEE Proc.-Softw. 151(1), 10–27 (2004)

    Article  Google Scholar 

  41. Antón, A.I., Earp, J.B.: Strategies for developing policies and requirements for secure electronic commerce systems. E-Commer. Secur. Priv. 2, 29–46 (2000)

    Google Scholar 

  42. He, Q., Antn, A.I.: A framework for modeling privacy requirements in role engineering. REFSQ 3, 137–146 (2003)

    Google Scholar 

  43. Moffett, J.D., Nuseibeh, B.: A framework for security requirements engineering. In: International Workshop on Software Engineering for Secure Systems (2006)

    Google Scholar 

  44. Bellotti, V., Sellen, A.: Design for privacy in ubiquitous computing environments. In: Third European Conference on Computer-Supported Cooperative, pp. 77–92 (1993)

    Google Scholar 

  45. Jensen, C., Tullio, J., Potts, C., Mynatt, E.D.: A structured analysis framework for privacy (STRAP) (2005)

    Google Scholar 

  46. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requirements Eng. 13(3), 241–255 (2008)

    Article  Google Scholar 

  47. Omoronyia, I., Pasquale, L., Salehie, M., Cavallaro, L., Doherty, G., Nuseibeh, B.: Caprice: a tool for engineering adaptive privacy. In: 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012), Essen, Germany (2012)

    Google Scholar 

  48. Pasquale, L., Menghi, C., Salehie, M., Cavallaro, L., Omoronyia, I., Nuseibeh, B.: SecuriTAS: a tool for engineering adaptive security. In: ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, pp. 1—4. ACM (2012)

    Google Scholar 

  49. Boehm, B., Grünbacher, P., Briggs, R.O.: EasyWinWin: a groupware-supported methodology for requirements negotiation. In: 23rd International Conference on Software Engineering, pp. 720–721 (2001)

    Google Scholar 

  50. Lee, R.B.: Challenges in the design of security-aware processors. In: Proceedings of the Application-Specific Systems, Architectures, and Processors (ASAP03) (2003)

    Google Scholar 

  51. Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: 11th IEEE International on Requirements Engineering Conference (2003)

    Google Scholar 

  52. Compagna, L., El Khoury, P., Massacci, F., Thomas, R., Zannone, N.: How to capture, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach. In: 11th International Conference on Artificial Intelligence and Law, pp. 149–153. ACM (2007)

    Google Scholar 

  53. Mouratidis, H., Islam, S., Kalloniatis, C., Gritzalis, S.: A framework to support selection of cloud providers based on security and privacy requirements. Elsevier 86, 2276–2293 (2013)

    Google Scholar 

  54. Chomicki, J., Lobo, J., Naqvi, S.: Conflict resolution using logic programming. IEEE Trans. Knowl. Data Eng. 15(1), 244–249 (2003)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Brighton, Brighton, UK

    Daniel Ganji, Haralambos Mouratidis, Saeed Malekshahi Gheytassi & Miltos Petridis

Authors
  1. Daniel Ganji
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Haralambos Mouratidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Saeed Malekshahi Gheytassi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Miltos Petridis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniel Ganji .

Editor information

Editors and Affiliations

  1. GSM London, London, United Kingdom

    Hamid Jahankhani

  2. SC Strategy Limited, London, United Kingdom

    Alex Carlile

  3. Sheffield Hallam University, Sheffield, United Kingdom

    Babak Akhgar

  4. Deutsche Bank, New York, USA

    Amie Taal

  5. City University, London, United Kingdom

    Ali G. Hessami

  6. Leeds Beckett University, Leeds, United Kingdom

    Amin Hosseinian-Far

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Ganji, D., Mouratidis, H., Gheytassi, S.M., Petridis, M. (2015). Conflicts Between Security and Privacy Measures in Software Requirements Engineering. In: Jahankhani, H., Carlile, A., Akhgar, B., Taal, A., Hessami, A., Hosseinian-Far, A. (eds) Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security. ICGS3 2015. Communications in Computer and Information Science, vol 534. Springer, Cham. https://doi.org/10.1007/978-3-319-23276-8_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23276-8_29

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23275-1

  • Online ISBN: 978-3-319-23276-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation