Abstract
The digital world is expanding rapidly into all parts of the physical world and our environment is shaped by the technologies we use. Majority of these technologies are user-generated content through browsing, emails, blogging, social media, e-shopping, video sharing and many other activities. our research considers how technology and software architecture in particular could be designed to pave the way for greater security and privacy in digital proceedings and services. The research treat security and privacy as an intrinsic component of a system design. The proposed framework in this research cover a broad approach by examining security and privacy from the requirements phase under a unified framework which enables to richly bridge the gap between requirement and implementation stages.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Pearson, S.: Taking Account of Privacy when Designing Cloud Computing Services, pp. 44–52. IEEE (2009)
Massey, A.K., Antón, A.I.: A requirements-based comparison of privacy taxonomies. In: 2008 Requirements Engineering and Law (2008)
Schneier, B.: The importance of security engineering. IEEE Comput. Reliab. Soc. 88 (2012)
Thomas McCarthy, J.: The Rights of Publicity and Privacy, 2nd edn. Thomson-West, New York (2005)
Solove, D.J.: Understanding Privacy. Harvard University Press, Cambridge (2008)
AICPA and CICA. Generally Accepted Privacy Principles. Technical Report August, American Institute of Certified Public Accountants, Inc. and Institute of Chartered Accountants (2009)
Perrin, C.: Privacy is security (2007)
ICO. Conducting privacy impact assessments code of practice. Technical report (2014)
Schwartz, P.M.: Privacy, ethics, and analytics. IEEE Comput. Reliab. Soc. 11, 66–69 (2011)
Plummer, D.: Top 10 Strategic Predictions: Gartner Predicts a Disruptive and Constructive Future for IT. Technical report (2011)
Koponen, J., Mangiaracina, A.: No free lunch: personal data and privacy in eu competition law. The Comput. Internet Lawyer 31(6), 7 (2014)
Fujitsu: Personal data in the cloud: A global survey of consumer attitudes. Technical report (2010)
Federal Trade Commission. Protecting Consumer Privacy in an Era of Rapid Change: A proposed framework for businesses and policymakers. Technical report, December 2010
Cavoukian, A.: Privacy by design the 7 foundational principles. Technical report (2009)
Cavoukian, A.: Privacy by Design. Technical report (2011)
Clarke, R.: Privacy Impact Assessments (1999)
Oetzel, M.C., Spiekermann, S.: A systematic methodology for privacy impact assessments: a design science approach. Eur. J. Inf. Syst. 23(2), 126–150 (2014)
Trilateral Research & Consulting. Privacy impact assessment and risk management. Technical report, May 2013
PISA Consortium. Handbook of Privacy and Privacy-Enhancing Technologies (2003)
Shen, Y., Pearson, S.: Privacy enhancing technologies: a review. HP Laboratories 2739, 1–30 (2011)
Goncalves, G., Poniszewska-Maranda, A.: Role engineering: from design to evolution of security schemes. J. Syst. Softw. 81(8), 1306–1326 (2008)
Firesmith, D.: Specifying reusable security requirements. J. Object Technol. 3(1), 61–75 (2004)
Van Lamsweerde, A.: Requirements Engineering: From System Goals to UML Models to Software Specifications. Wiley, Hoboken (2009)
Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)
Pfleeger, S.L., Pfleeger, C.P.: Harmonizing privacy with security principles and practices. IBM J. Res. Devel. 53(2), 6:1–6:12 (2009)
Microsoft. Protecting Data and Privacy in the Cloud. Technical report (2014)
Breaux, T.D., Anton, A.I.: Analyzing regulatory rules for privacy and security requirements. IEEE Trans. Softw. Eng. 34(1), 5–20 (2008)
Van Lamsweerde, A., Letier, E.: Handling obstacles in goal-oriented requirements engineering. IEEE Trans. Softw. Eng. 26(10), 978–1005 (2000)
Carrillo de Gea, J.M., Nicolas, J., Fernandez Aleman, J.L., Toval, A., Ebert, C., Vizcaino, A.: Requirements engineering tools. IEEE Softw. 28(4), 86–91 (2010)
Al-Fedaghi, S.: Engineering privacy revisited. Comput. Sci. 8(1), 107–120 (2012)
Dimitromanolaki, I., Loucopoulos, P.: Goal-based conflict management in scenario analysis. In: 11th International Workshop on Database and Expert Systems Applications, pp. 831–835. IEEE (2000)
Easterbrook, S.M.: Resolving requirements conflicts with computer-supported negotiation. Requirements Engineering: Social and Technical Issues, pp. 41–65 (1994)
Ali, R., Dalpiaz, F., Giorgini, P.: Reasoning with contextual requirements: detecting inconsistency and conflicts. Inf. Softw. Technol. 55(1), 35–57 (2013)
Van Lamsweerde, A., Darimont, R., Letier, E.: Managing conflicts in goal-directed requirements engineering. IEEE Trans. Softw. Eng. 24(11), 908–925 (1998)
Pham, M.T., Seow, K.T.: Multiagent conflict resolution planning. In: IEEE International Conference on Systems, Man, and Cybernetics, SMC 2013, pp. 297–302 (2013)
Kalloniatis, C., Kavakli, E., Gritzalis, S.: Methods for designing privacy aware information systems: a review. In: 13th Panhellenic Conference on Informatics, pp. 185–194. IEEE (2009)
Mylopoulos, J., Chung, L., Nixon, B.: Representing and using non-functional requirements: a process-oriented approach. IEEE Trans. Softw. Eng. 18(6), 483–497 (1992)
Yu, E.: Towards modelling and reasoning support for early-phase requirements engineering. In: 3rd IEEE International Symposium on Requirements Engineering, pp. 226–235 (1997)
Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: an egent-oriented software development methodology. Auton. Agents Multi-Agent Syst. 8(3), 203–236 (2002)
Heaven, W., Finkelstein, A.: A UML profile to support requirements engineering with KAOS. IEEE Proc.-Softw. 151(1), 10–27 (2004)
Antón, A.I., Earp, J.B.: Strategies for developing policies and requirements for secure electronic commerce systems. E-Commer. Secur. Priv. 2, 29–46 (2000)
He, Q., Antn, A.I.: A framework for modeling privacy requirements in role engineering. REFSQ 3, 137–146 (2003)
Moffett, J.D., Nuseibeh, B.: A framework for security requirements engineering. In: International Workshop on Software Engineering for Secure Systems (2006)
Bellotti, V., Sellen, A.: Design for privacy in ubiquitous computing environments. In: Third European Conference on Computer-Supported Cooperative, pp. 77–92 (1993)
Jensen, C., Tullio, J., Potts, C., Mynatt, E.D.: A structured analysis framework for privacy (STRAP) (2005)
Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requirements Eng. 13(3), 241–255 (2008)
Omoronyia, I., Pasquale, L., Salehie, M., Cavallaro, L., Doherty, G., Nuseibeh, B.: Caprice: a tool for engineering adaptive privacy. In: 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012), Essen, Germany (2012)
Pasquale, L., Menghi, C., Salehie, M., Cavallaro, L., Omoronyia, I., Nuseibeh, B.: SecuriTAS: a tool for engineering adaptive security. In: ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, pp. 1—4. ACM (2012)
Boehm, B., Grünbacher, P., Briggs, R.O.: EasyWinWin: a groupware-supported methodology for requirements negotiation. In: 23rd International Conference on Software Engineering, pp. 720–721 (2001)
Lee, R.B.: Challenges in the design of security-aware processors. In: Proceedings of the Application-Specific Systems, Architectures, and Processors (ASAP03) (2003)
Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: 11th IEEE International on Requirements Engineering Conference (2003)
Compagna, L., El Khoury, P., Massacci, F., Thomas, R., Zannone, N.: How to capture, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach. In: 11th International Conference on Artificial Intelligence and Law, pp. 149–153. ACM (2007)
Mouratidis, H., Islam, S., Kalloniatis, C., Gritzalis, S.: A framework to support selection of cloud providers based on security and privacy requirements. Elsevier 86, 2276–2293 (2013)
Chomicki, J., Lobo, J., Naqvi, S.: Conflict resolution using logic programming. IEEE Trans. Knowl. Data Eng. 15(1), 244–249 (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Ganji, D., Mouratidis, H., Gheytassi, S.M., Petridis, M. (2015). Conflicts Between Security and Privacy Measures in Software Requirements Engineering. In: Jahankhani, H., Carlile, A., Akhgar, B., Taal, A., Hessami, A., Hosseinian-Far, A. (eds) Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security. ICGS3 2015. Communications in Computer and Information Science, vol 534. Springer, Cham. https://doi.org/10.1007/978-3-319-23276-8_29
Download citation
DOI: https://doi.org/10.1007/978-3-319-23276-8_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23275-1
Online ISBN: 978-3-319-23276-8
eBook Packages: Computer ScienceComputer Science (R0)