Skip to main content
Erschienen in: Journal on Data Semantics 4/2020

07.01.2021 | Original Article

An Ontology for Privacy Requirements via a Systematic Literature Review

verfasst von: Mohamad Gharib, Paolo Giorgini, John Mylopoulos

Erschienen in: Journal on Data Semantics | Ausgabe 4/2020

Einloggen

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Privacy has emerged as a key concern for business and social computing as security breaches have compromised personal data for millions. Despite this, much of existing work on privacy requirements deal with them as a special case of security requirements, thereby missing essential traits of such requirements. In this context, wrong design decisions may be made due to an insufficient understanding of privacy. The main contribution of this paper is an ontology for privacy requirements that subsumes whatever proposals exist in the literature. The ontology was obtained through a systematic literature review concerning the literature on privacy, conducted in two phases, and followed by a consolidation phase where similar concepts were combined. The proposed ontology has been developed to be used by software engineers when dealing with privacy requirements, and since it is based on a systematic literature review, it is more comprehensive in coverage than all ontologies included in our systematic review. This constitutes a preliminary validity check for the comprehensiveness of our proposal, which needs to be complemented in the future with empirical validation through controlled studies.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
Secondary studies can be found in “Related Work” section
 
2
A detailed version of the first SLR can be found at [36]
 
3
detailed information on the papers identified and selected in each of the steps of the SLR2 can be found at https://​bit.​ly/​39xuT7T
 
4
These concepts and relationships and their frequency of appearance in the selected studies can be found in [36]
 
5
The list of the selected studies in SLR2 is given in “Appendix: SLR2 selected studies”
 
6
These groups are not mutually exclusive, i.e., a study may belong to all of them
 
7
We treat “information owner” and “data subject” as synonyms
 
11
The implementation, validation, and evaluation of the ontology are out of the scope of this paper, but a detailed description concerning them can be found in [38]
 
Literatur
1.
Zurück zum Zitat Acquisti A, Friedman A, Telang R (2006) Is there a cost to privacy breaches? An events study. In: Fifth Workshop on the Economics of Information Security, pp 1–20 Acquisti A, Friedman A, Telang R (2006) Is there a cost to privacy breaches? An events study. In: Fifth Workshop on the Economics of Information Security, pp 1–20
2.
Zurück zum Zitat Agostinelli S, Maggi FM, Marrella A, Sapio F (2019) Achieving GDPR compliance of BPMN process models. Lect Notes Bus Inf Process 350:10–22CrossRef Agostinelli S, Maggi FM, Marrella A, Sapio F (2019) Achieving GDPR compliance of BPMN process models. Lect Notes Bus Inf Process 350:10–22CrossRef
3.
Zurück zum Zitat Ahmadian AS, Strüber D, Riediger V, Jürjens J (2017) Model-based privacy analysis in industrial ecosystems. In: Lecture notes in computer science , vol. 10376 LNCS. Springer, pp. 215–231 Ahmadian AS, Strüber D, Riediger V, Jürjens J (2017) Model-based privacy analysis in industrial ecosystems. In: Lecture notes in computer science , vol. 10376 LNCS. Springer, pp. 215–231
4.
Zurück zum Zitat Aljohani M, Blustein J, Hawkey K (2018) Toward applying online privacy patterns based on the design problem: a systematic review. In: Lecture notes in computer science , vol. 10918 LNCS. Springer, pp. 608–627 Aljohani M, Blustein J, Hawkey K (2018) Toward applying online privacy patterns based on the design problem: a systematic review. In: Lecture notes in computer science , vol. 10918 LNCS. Springer, pp. 608–627
5.
Zurück zum Zitat Aljohani M, Hawkey K, Blustein J (2016) Proposed privacy patterns for privacy preserving healthcare systems in accord with nova scotia’s personal health information act. Lecture Not Comput Sci 9750:91–102CrossRef Aljohani M, Hawkey K, Blustein J (2016) Proposed privacy patterns for privacy preserving healthcare systems in accord with nova scotia’s personal health information act. Lecture Not Comput Sci 9750:91–102CrossRef
6.
Zurück zum Zitat Alshammari M, Simpson A (2018) A UML profile for privacy-aware data lifecycle models. In: Lecture notes in computer science, vol. 10683 LNCS. Springer, pp. 189–209 Alshammari M, Simpson A (2018) A UML profile for privacy-aware data lifecycle models. In: Lecture notes in computer science, vol. 10683 LNCS. Springer, pp. 189–209
7.
Zurück zum Zitat Arruda MF, Bulcão-Neto RF (2019) Toward a lightweight ontology for privacy protection in IoT. Proc ACM Symp Appl Comput Part F 1477:880–888 Arruda MF, Bulcão-Neto RF (2019) Toward a lightweight ontology for privacy protection in IoT. Proc ACM Symp Appl Comput Part F 1477:880–888
8.
Zurück zum Zitat Asnar Y, Giorgini P, Massacci F, Zannone N (2007) From trust to dependability through risk analysis. In: Proceedings-second international conference on availability, reliability and security, ARES. IEEE, pp. 19–26 Asnar Y, Giorgini P, Massacci F, Zannone N (2007) From trust to dependability through risk analysis. In: Proceedings-second international conference on availability, reliability and security, ARES. IEEE, pp. 19–26
9.
Zurück zum Zitat Asnar Y, Giorgini P, Mylopoulos J (2006) Risk modelling and reasoning in goal models. Universitá degli studi di Trento, Technical Report Asnar Y, Giorgini P, Mylopoulos J (2006) Risk modelling and reasoning in goal models. Universitá degli studi di Trento, Technical Report
10.
Zurück zum Zitat Asnar Y, Moretti R, Sebastianis M, Zannone N (2008) Risk as dependability metrics for the evaluation of business solutions: a model-driven approach. In: International conference on availability, security, and reliability, proceedings, IEEE, pp. 1240–1247 Asnar Y, Moretti R, Sebastianis M, Zannone N (2008) Risk as dependability metrics for the evaluation of business solutions: a model-driven approach. In: International conference on availability, security, and reliability, proceedings, IEEE, pp. 1240–1247
11.
Zurück zum Zitat Avienis A, Laprie JC, Randell B, Landwehr C (2004) Basic concepts and taxonomy of dependable and secure computing. IEEE Trans Depend Secure Comput 1(1):11–33CrossRef Avienis A, Laprie JC, Randell B, Landwehr C (2004) Basic concepts and taxonomy of dependable and secure computing. IEEE Trans Depend Secure Comput 1(1):11–33CrossRef
12.
Zurück zum Zitat Barth A, Datta A, Mitchell JC, Nissenbaum H (2006) Privacy and contextual integrity: framework and applications. In: Proceedings-IEEE symposium on security and privacy, pp. 184–198 Barth A, Datta A, Mitchell JC, Nissenbaum H (2006) Privacy and contextual integrity: framework and applications. In: Proceedings-IEEE symposium on security and privacy, pp. 184–198
13.
Zurück zum Zitat Belaazi M, Rahmouni HB, Bouhoula A (2016) An ontology regulating privacy oriented access controls. In: Lecture notes in computer science , vol. 9572. Springer, pp. 17–35 Belaazi M, Rahmouni HB, Bouhoula A (2016) An ontology regulating privacy oriented access controls. In: Lecture notes in computer science , vol. 9572. Springer, pp. 17–35
14.
Zurück zum Zitat Blanco C, Lasheras J, Fernandez-Medina E, Valencia-Garcia R, Toval A (2011) Basis for an integrated security ontology according to a systematic review of existing proposals. Comput Standards Interfaces 33(4):372–388CrossRef Blanco C, Lasheras J, Fernandez-Medina E, Valencia-Garcia R, Toval A (2011) Basis for an integrated security ontology according to a systematic review of existing proposals. Comput Standards Interfaces 33(4):372–388CrossRef
15.
Zurück zum Zitat Braber FD, Dimitrakos T, Stølen K, Gran B, Aagedal JØ, Lund (2003) The CORAS methodology: model-based risk assessment using UML and UP. UML and the Unified Process, pp. 332–357 Braber FD, Dimitrakos T, Stølen K, Gran B, Aagedal JØ, Lund (2003) The CORAS methodology: model-based risk assessment using UML and UP. UML and the Unified Process, pp. 332–357
16.
Zurück zum Zitat Braghin S, Coen-Porisini A, Colombo P, Sicari S, Trombetta A (2008) Introducing privacy in a hospital information system. In: Proceedings of the fourth international workshop on Software engineering for secure systems-SESS ’08, ACM, pp. 9–16 Braghin S, Coen-Porisini A, Colombo P, Sicari S, Trombetta A (2008) Introducing privacy in a hospital information system. In: Proceedings of the fourth international workshop on Software engineering for secure systems-SESS ’08, ACM, pp. 9–16
17.
Zurück zum Zitat Campbell K, Gordon LA, Loeb MPM, Zhou L (2003) The economic cost of publicly announced information security breaches: empirical evidence from the stock market. J Comput Secur 11(3):431–448CrossRef Campbell K, Gordon LA, Loeb MPM, Zhou L (2003) The economic cost of publicly announced information security breaches: empirical evidence from the stock market. J Comput Secur 11(3):431–448CrossRef
18.
Zurück zum Zitat Cavusoglu H, Mishra B, Raghunathan S (2004) The effect of internet security breach announcements on market value: capital market reactions for breached firms and internet security developers. Int J Electron Commer 9(1):69–104CrossRef Cavusoglu H, Mishra B, Raghunathan S (2004) The effect of internet security breach announcements on market value: capital market reactions for breached firms and internet security developers. Int J Electron Commer 9(1):69–104CrossRef
19.
Zurück zum Zitat Chen S, Williams MA (2010) Privacy: an ontological problem. In: PACIS 2010-14th Pacific Asia conference on information systems, pp. 1402–1413 Chen S, Williams MA (2010) Privacy: an ontological problem. In: PACIS 2010-14th Pacific Asia conference on information systems, pp. 1402–1413
20.
Zurück zum Zitat Colesky M, Hoepman JH, Hillen CA, Analysis Critical, of Privacy Design Strategies. In Proceedings -, (2016) IEEE symposium on security and privacy workshops. SPW 2016(2016):33–40 Colesky M, Hoepman JH, Hillen CA, Analysis Critical, of Privacy Design Strategies. In Proceedings -, (2016) IEEE symposium on security and privacy workshops. SPW 2016(2016):33–40
21.
Zurück zum Zitat Deng M, Wuyts K, Scandariato R, Preneel B, Joosen W (2011) A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir Eng 16:3–32CrossRef Deng M, Wuyts K, Scandariato R, Preneel B, Joosen W (2011) A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir Eng 16:3–32CrossRef
22.
Zurück zum Zitat Deng M, Wuyts K, Scandariato R, Wouter BP (2011) A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir Eng 16(1):1–27CrossRef Deng M, Wuyts K, Scandariato R, Wouter BP (2011) A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir Eng 16(1):1–27CrossRef
23.
Zurück zum Zitat Diamantopoulou V, Kalloniatis C, Gritzalis S, Mouratidis H (2017) Supporting privacy by design using privacy process patterns. In: IFIP advances in information and communication technology, vol. 502, Springer, New York LLC, pp. 491–505 Diamantopoulou V, Kalloniatis C, Gritzalis S, Mouratidis H (2017) Supporting privacy by design using privacy process patterns. In: IFIP advances in information and communication technology, vol. 502, Springer, New York LLC, pp. 491–505
24.
Zurück zum Zitat Dritsas S, Gymnopoulos L, Karyda M, Balopoulos T, Kokolakis S, Lambrinoudakis C, Katsikas S (2006) A knowledge-based approach to security requirements for e-health applications. Electron J E-Commerce Tools Appl, pp 1–24 Dritsas S, Gymnopoulos L, Karyda M, Balopoulos T, Kokolakis S, Lambrinoudakis C, Katsikas S (2006) A knowledge-based approach to security requirements for e-health applications. Electron J E-Commerce Tools Appl, pp 1–24
25.
Zurück zum Zitat Dzung DV, Ohnishi A (2009) Ontology-based reasoning in requirements elicitation. In: International conference on software engineering and formal methods, IEEE, pp 263–272 Dzung DV, Ohnishi A (2009) Ontology-based reasoning in requirements elicitation. In: International conference on software engineering and formal methods, IEEE, pp 263–272
26.
Zurück zum Zitat Elahi G, Yu E, Zannone N (2009) A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations. In: Lecture notes in computer science, vol. 5829 LNCS. Springer, pp 99–114 Elahi G, Yu E, Zannone N (2009) A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations. In: Lecture notes in computer science, vol. 5829 LNCS. Springer, pp 99–114
27.
Zurück zum Zitat Elahi G, Yu E, Zannone N (2010) A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requir Eng 15(1):41–62CrossRef Elahi G, Yu E, Zannone N (2010) A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requir Eng 15(1):41–62CrossRef
28.
Zurück zum Zitat Fabian B, Gürses S, Heisel M, Santen T, Schmidt H (2010) A comparison of security requirements engineering methods. Requir Eng 15:7–40CrossRef Fabian B, Gürses S, Heisel M, Santen T, Schmidt H (2010) A comparison of security requirements engineering methods. Requir Eng 15:7–40CrossRef
29.
Zurück zum Zitat Fenz S, Ekelhart A (2009) Formalizing information security knowledge. In: Proceedings of the 4th international symposium on information, computer, and communications security, ACM, p 183 Fenz S, Ekelhart A (2009) Formalizing information security knowledge. In: Proceedings of the 4th international symposium on information, computer, and communications security, ACM, p 183
30.
Zurück zum Zitat Fernández-Alemán JL, Señor IC, Lozoya PÁO, Toval A (2013) Security and privacy in electronic health records: a systematic literature review. J Biomed Inform 46(3):541–562CrossRef Fernández-Alemán JL, Señor IC, Lozoya PÁO, Toval A (2013) Security and privacy in electronic health records: a systematic literature review. J Biomed Inform 46(3):541–562CrossRef
31.
Zurück zum Zitat Fteimi N, Lehner F (2008) A systematic review and comparison of security ontologies.pdf. In: 3rd conference on availability, reliability and security, ARES ’08 , IEEE, pp 813–820 Fteimi N, Lehner F (2008) A systematic review and comparison of security ontologies.pdf. In: 3rd conference on availability, reliability and security, ARES ’08 , IEEE, pp 813–820
32.
Zurück zum Zitat Gellman R (2002) Privacy, consumers, and costs-how the lack of privacy costs consumers and why business studies of privacy costs are biased and incomplete. Ford Found, pp 1–37 Gellman R (2002) Privacy, consumers, and costs-how the lack of privacy costs consumers and why business studies of privacy costs are biased and incomplete. Ford Found, pp 1–37
33.
Zurück zum Zitat Gerl A, Bennani N, Kosch H, Brunie L (2018) LPL, towards a GDPR-compliant privacy language: Formal definition and usage. In: Lecture notes in computer science, vol. 10940 LNCS. Springer, pp 41–80 Gerl A, Bennani N, Kosch H, Brunie L (2018) LPL, towards a GDPR-compliant privacy language: Formal definition and usage. In: Lecture notes in computer science, vol. 10940 LNCS. Springer, pp 41–80
34.
Zurück zum Zitat Gharib M, Giorgini P (2015) Analyzing trust requirements in socio-technical systems: a belief-based approach. In: Lecture notes in business information processing , vol. 235, Springer, pp 254–270 Gharib M, Giorgini P (2015) Analyzing trust requirements in socio-technical systems: a belief-based approach. In: Lecture notes in business information processing , vol. 235, Springer, pp 254–270
35.
Zurück zum Zitat Gharib M, Giorgini P (2015) Modeling and reasoning about information quality requirements. In: Requirements engineering: foundation for software quality, vol. 9013, Springer, pp 49–64 Gharib M, Giorgini P (2015) Modeling and reasoning about information quality requirements. In: Requirements engineering: foundation for software quality, vol. 9013, Springer, pp 49–64
36.
Zurück zum Zitat Gharib M, Giorgini P, Mylopoulos J (2016) Ontologies for privacy requirements engineering: a systematic literature review. arXiv preprintarXiv:1611.10097 Gharib M, Giorgini P, Mylopoulos J (2016) Ontologies for privacy requirements engineering: a systematic literature review. arXiv preprintarXiv:​1611.​10097
37.
Zurück zum Zitat Gharib M, Giorgini P, Mylopoulos J (nov 2017) Towards an ontology for privacy requirements via a systematic literature review. In: International conference on conceptual modeling, vol. 10650 LNCS. Springer, pp 193–208 Gharib M, Giorgini P, Mylopoulos J (nov 2017) Towards an ontology for privacy requirements via a systematic literature review. In: International conference on conceptual modeling, vol. 10650 LNCS. Springer, pp 193–208
38.
Zurück zum Zitat Gharib M, Mylopoulos J, Giorgini P (2020) COPri: a core ontology for privacy requirements engineering. In: Lecture notes in business information processing, vol. 385 LNBIP, Springer, pp 472–489 Gharib M, Mylopoulos J, Giorgini P (2020) COPri: a core ontology for privacy requirements engineering. In: Lecture notes in business information processing, vol. 385 LNBIP, Springer, pp 472–489
39.
Zurück zum Zitat Gharib M, Salnitri M, Paja E, Giorgini P, Mouratidis H, Pavlidis M, Ruiz JF, Fernandez S, Siria AD (2016) Privacy requirements: findings and lessons learned in developing a privacy platform. In: The 24th international requirements engineering conference, IEEE, pp 256–265 Gharib M, Salnitri M, Paja E, Giorgini P, Mouratidis H, Pavlidis M, Ruiz JF, Fernandez S, Siria AD (2016) Privacy requirements: findings and lessons learned in developing a privacy platform. In: The 24th international requirements engineering conference, IEEE, pp 256–265
40.
Zurück zum Zitat Ghorbel A, Ghorbel M, Jmaiel M (2017) A hybrid approach for private data protection in the cloud. In: Lecture notes in computer science, vol. 10232 LNCS, Springer Verlag, pp 23–37 Ghorbel A, Ghorbel M, Jmaiel M (2017) A hybrid approach for private data protection in the cloud. In: Lecture notes in computer science, vol. 10232 LNCS, Springer Verlag, pp 23–37
41.
Zurück zum Zitat Giorgini P, Massacci F, Mylopoulos J, Zannone N (2005) Modeling security requirements through ownership, permission and delegation. In: 13th IEEE international conference on requirements engineering (RE’05) Giorgini P, Massacci F, Mylopoulos J, Zannone N (2005) Modeling security requirements through ownership, permission and delegation. In: 13th IEEE international conference on requirements engineering (RE’05)
42.
Zurück zum Zitat Gol Mohammadi N, Leicht J, Ulfat-Bunyadi N, Heisel M (2019) Privacy policy specification framework for addressing end-users’ privacy requirements. In: International conference on trust and privacy in digital business, pp 46–62 Gol Mohammadi N, Leicht J, Ulfat-Bunyadi N, Heisel M (2019) Privacy policy specification framework for addressing end-users’ privacy requirements. In: International conference on trust and privacy in digital business, pp 46–62
43.
Zurück zum Zitat Guessoum Z, Ziane M, Faci N (2014) Monitoring and organizational-level adaptation of multi-agent systems. In: Proceedings of the third international joint conference on autonomous agents and multiagent systems-vol 2. IEEE Computer Society, pp 514–521 Guessoum Z, Ziane M, Faci N (2014) Monitoring and organizational-level adaptation of multi-agent systems. In: Proceedings of the third international joint conference on autonomous agents and multiagent systems-vol 2. IEEE Computer Society, pp 514–521
44.
Zurück zum Zitat Haley C, Laney R, Moffett J, Nuseibeh B (2008) Security requirements engineering: a framework for representation and analysis. IEEE Trans Softw Eng 34(1):133–153CrossRef Haley C, Laney R, Moffett J, Nuseibeh B (2008) Security requirements engineering: a framework for representation and analysis. IEEE Trans Softw Eng 34(1):133–153CrossRef
45.
Zurück zum Zitat Hong JI, Ng JD, Lederer S, Landay JA (2004) Privacy risk models for designing privacy-sensitive ubiquitous computing systems. In: Proceedings of the 2004 conference on designing interactive systems processes, practices, methods, and techniques, ACM, p 91 Hong JI, Ng JD, Lederer S, Landay JA (2004) Privacy risk models for designing privacy-sensitive ubiquitous computing systems. In: Proceedings of the 2004 conference on designing interactive systems processes, practices, methods, and techniques, ACM, p 91
46.
Zurück zum Zitat Iankoulova I, Daneva M (2012) Cloud computing security requirements: a systematic review. In: 2012 Sixth international conference on research challenges in information science (RCIS), IEEE, pp 1–7 Iankoulova I, Daneva M (2012) Cloud computing security requirements: a systematic review. In: 2012 Sixth international conference on research challenges in information science (RCIS), IEEE, pp 1–7
47.
Zurück zum Zitat Islam S, Ouedraogo M, Kalloniatis C, Mouratidis H, Gritzalis S (2018) Assurance of security and privacy requirements for cloud deployment models. Technical Report 2 Islam S, Ouedraogo M, Kalloniatis C, Mouratidis H, Gritzalis S (2018) Assurance of security and privacy requirements for cloud deployment models. Technical Report 2
48.
Zurück zum Zitat ISO. ISO/IEC 15408-2. Information technology, security techniques. Evaluation criteria for IT security. Security functional components. Technical report, 2009 ISO. ISO/IEC 15408-2. Information technology, security techniques. Evaluation criteria for IT security. Security functional components. Technical report, 2009
49.
Zurück zum Zitat Jain P, Gyanchandani M, Khare N (2016) Big data privacy: a technological perspective and review. J Big Data 3:1CrossRef Jain P, Gyanchandani M, Khare N (2016) Big data privacy: a technological perspective and review. J Big Data 3:1CrossRef
50.
Zurück zum Zitat Jeff Smith H, Dinev T, Xu H (2011) Information privacy research: an interdisciplinary review. MIS Quart Manag Inf Syst 35(4):989–1015CrossRef Jeff Smith H, Dinev T, Xu H (2011) Information privacy research: an interdisciplinary review. MIS Quart Manag Inf Syst 35(4):989–1015CrossRef
51.
Zurück zum Zitat Joshi KP, Gupta A, Mittal S, Pearce C, Joshi A, Finin T (2016) Semantic approach to automating management of big data privacy policies. Technical report Joshi KP, Gupta A, Mittal S, Pearce C, Joshi A, Finin T (2016) Semantic approach to automating management of big data privacy policies. Technical report
52.
Zurück zum Zitat Jürjens J (2002) UMLsec: extending UML for secure systems development. In: UML The unified modeling language. Springer, pp 412–425 Jürjens J (2002) UMLsec: extending UML for secure systems development. In: UML The unified modeling language. Springer, pp 412–425
53.
Zurück zum Zitat Kalloniatis C (2017) Incorporating privacy in the design of cloud-based systems: a conceptual meta-model. Inf Comput Secur 25(5):614–633CrossRef Kalloniatis C (2017) Incorporating privacy in the design of cloud-based systems: a conceptual meta-model. Inf Comput Secur 25(5):614–633CrossRef
54.
Zurück zum Zitat Kalloniatis C, Kavakli E, Gritzalis S (2008) Addressing privacy requirements in system design: the PriS method. Requir Eng 13(3):241–255CrossRef Kalloniatis C, Kavakli E, Gritzalis S (2008) Addressing privacy requirements in system design: the PriS method. Requir Eng 13(3):241–255CrossRef
55.
Zurück zum Zitat Kang W, Liang Y (2013) A security ontology with MDA for software development. In: Proceedings-2013 international conference on cyber-enabled distributed computing and knowledge discovery, CyberC 2013, IEEE, pp 67–74 Kang W, Liang Y (2013) A security ontology with MDA for software development. In: Proceedings-2013 international conference on cyber-enabled distributed computing and knowledge discovery, CyberC 2013, IEEE, pp 67–74
56.
Zurück zum Zitat Kitchenham B (2004) Procedures for performing systematic reviews. Keele, UK, Keele University 33, TR/SE-0401 , 28 Kitchenham B (2004) Procedures for performing systematic reviews. Keele, UK, Keele University 33, TR/SE-0401 , 28
57.
Zurück zum Zitat Kitchenham B, Charters S (2007) Guidelines for performing Systematic Literature reviews in Software Engineering Version 2.3. Technical Report, Keele University Kitchenham B, Charters S (2007) Guidelines for performing Systematic Literature reviews in Software Engineering Version 2.3. Technical Report, Keele University
58.
Zurück zum Zitat Kung A, Kargl F, Suppan S, Cuellar J, Pöhls HC, Kapovits A, McDonnell NN, Martin YS (2017) A Privacy Engineering Framework for the internet of things. In: Data protection and privacy visibilities and infrastructures. Springer, pp 163–202 Kung A, Kargl F, Suppan S, Cuellar J, Pöhls HC, Kapovits A, McDonnell NN, Martin YS (2017) A Privacy Engineering Framework for the internet of things. In: Data protection and privacy visibilities and infrastructures. Springer, pp 163–202
59.
Zurück zum Zitat Labda W, Mehandjiev N, Sampaio P (2014) Modeling of privacy-aware business processes in BPMN to protect personal data. In: Proceedings of the 29th annual ACM symposium on applied computing, ACM, pp 1399–1405 Labda W, Mehandjiev N, Sampaio P (2014) Modeling of privacy-aware business processes in BPMN to protect personal data. In: Proceedings of the 29th annual ACM symposium on applied computing, ACM, pp 1399–1405
60.
Zurück zum Zitat Lenhard J, Fritsch L, Herold S (2017) A literature study on privacy patterns research. In: Proceedings-43rd Euromicro conference on software engineering and advanced applications, SEAA, pp 194–201 Lenhard J, Fritsch L, Herold S (2017) A literature study on privacy patterns research. In: Proceedings-43rd Euromicro conference on software engineering and advanced applications, SEAA, pp 194–201
61.
Zurück zum Zitat Li C, Palanisamy B (2019) Privacy in internet of things: from principles to technologies. Technical Report, p 1 Li C, Palanisamy B (2019) Privacy in internet of things: from principles to technologies. Technical Report, p 1
62.
Zurück zum Zitat Li Y (2011) Empirical studies on online information privacy concerns: literature review and an integrative framework. Commun Assoc Inf Syst 28(1):453–496 Li Y (2011) Empirical studies on online information privacy concerns: literature review and an integrative framework. Commun Assoc Inf Syst 28(1):453–496
63.
Zurück zum Zitat Lin L, Nuseibeh B, Ince D, Jackson M, Moffett J (2003) Introducing abuse frames for analysing security requirements. In: 11th requirements engineering international conference, IEEE, pp 371–372 Lin L, Nuseibeh B, Ince D, Jackson M, Moffett J (2003) Introducing abuse frames for analysing security requirements. In: 11th requirements engineering international conference, IEEE, pp 371–372
64.
Zurück zum Zitat Liu L, Yu E, Mylopoulos J (2003) Security and privacy requirements analysis within a social setting. In: 11th International requirements engineering conference, IEEE, pp 151–161 Liu L, Yu E, Mylopoulos J (2003) Security and privacy requirements analysis within a social setting. In: 11th International requirements engineering conference, IEEE, pp 151–161
65.
Zurück zum Zitat Loukil F, Ghedira-Guegan C, Boukadi K, Benharkat AN (2018) LIoPY: a legal compliant ontology to preserve privacy for the internet of things. Proc Int Comput Softw Appl Conf 2:701–706 Loukil F, Ghedira-Guegan C, Boukadi K, Benharkat AN (2018) LIoPY: a legal compliant ontology to preserve privacy for the internet of things. Proc Int Comput Softw Appl Conf 2:701–706
66.
67.
Zurück zum Zitat Massacci F, Mylopoulos J, Paci F, Tun TT, Yu Y (2011) An extended ontology for security requirements. In: Advanced information systems engineering workshops, Springer, pp 622–636 Massacci F, Mylopoulos J, Paci F, Tun TT, Yu Y (2011) An extended ontology for security requirements. In: Advanced information systems engineering workshops, Springer, pp 622–636
68.
Zurück zum Zitat Massacci F, Mylopoulos J, Zannone N (2007) Computer-aided support for secure tropos. Automat Softw Eng 14(3):341–364CrossRef Massacci F, Mylopoulos J, Zannone N (2007) Computer-aided support for secure tropos. Automat Softw Eng 14(3):341–364CrossRef
69.
Zurück zum Zitat Massacci F, Zannone N (2008) Detecting conflicts between functional and security requirements with secure tropos: John Rusnak and the allied irish bank. In: Social modeling for requirements engineering. MIT Press, Cambridge Massacci F, Zannone N (2008) Detecting conflicts between functional and security requirements with secure tropos: John Rusnak and the allied irish bank. In: Social modeling for requirements engineering. MIT Press, Cambridge
70.
Zurück zum Zitat Matulevičius R, Mayer N, Mouratidis H, Dubois E, Heymans P, Genon N (2008) Adapting Secure Tropos for security risk management in the early phases of information systems development. In: Advanced information systems engineering, Springer, pp 541–555 Matulevičius R, Mayer N, Mouratidis H, Dubois E, Heymans P, Genon N (2008) Adapting Secure Tropos for security risk management in the early phases of information systems development. In: Advanced information systems engineering, Springer, pp 541–555
71.
Zurück zum Zitat Mayer N (2009) Model-based management of information system security risk. PhD thesis, University of Namur Mayer N (2009) Model-based management of information system security risk. PhD thesis, University of Namur
72.
Zurück zum Zitat Mellado D, Blanco C, Sánchez LE, Fernández-Medina E (2010) A systematic review of security requirements engineering. Comput Stand Interfaces 32(4):153–165CrossRef Mellado D, Blanco C, Sánchez LE, Fernández-Medina E (2010) A systematic review of security requirements engineering. Comput Stand Interfaces 32(4):153–165CrossRef
73.
Zurück zum Zitat Morales-Trujillo ME, Garcia-Mireles GA (2018) Extending ISO/IEC 29110 basic profile with privacy-by-design approach: A case study in the health care sector. In: Proceedings-2018 international conference on the quality of information and communications technology, QUATIC 2018 , pp 56–64 Morales-Trujillo ME, Garcia-Mireles GA (2018) Extending ISO/IEC 29110 basic profile with privacy-by-design approach: A case study in the health care sector. In: Proceedings-2018 international conference on the quality of information and communications technology, QUATIC 2018 , pp 56–64
74.
Zurück zum Zitat Mouratidis H, Giorgini P (2007) Secure tropos: a security-oriented extension of the Tropos methodology. J Softw Eng Knowl Eng 17(2):285–309CrossRef Mouratidis H, Giorgini P (2007) Secure tropos: a security-oriented extension of the Tropos methodology. J Softw Eng Knowl Eng 17(2):285–309CrossRef
75.
Zurück zum Zitat Mustafa U, Pflugel E, Philip N (2019) A novel privacy framework for secure M-health applications: the case of the GDPR. In: Proceedings of 12th international conference on global security, safety and sustainability, pp 1–9 Mustafa U, Pflugel E, Philip N (2019) A novel privacy framework for secure M-health applications: the case of the GDPR. In: Proceedings of 12th international conference on global security, safety and sustainability, pp 1–9
76.
Zurück zum Zitat Oliver I (2016) Experiences in the Development and Usage of a Privacy Requirements Framework. In: Proceedings IEEE 24th international requirements engineering conference, RE , pp 293–302 Oliver I (2016) Experiences in the Development and Usage of a Privacy Requirements Framework. In: Proceedings IEEE 24th international requirements engineering conference, RE , pp 293–302
77.
Zurück zum Zitat Paja E, Dalpiaz F, Giorgini P (2014) STS-tool: security requirements engineering for socio-technical systems. In: Engineering secure future internet services and systems. Springer, pp 65–96 Paja E, Dalpiaz F, Giorgini P (2014) STS-tool: security requirements engineering for socio-technical systems. In: Engineering secure future internet services and systems. Springer, pp 65–96
78.
Zurück zum Zitat Palmirani M, Martoni M, Rossi A, Bartolini C, Robaldo L (2018) Legal ontology for modelling GDPR concepts and norms. Front Artif Intel Appl 313:91–100 Palmirani M, Martoni M, Rossi A, Bartolini C, Robaldo L (2018) Legal ontology for modelling GDPR concepts and norms. Front Artif Intel Appl 313:91–100
79.
Zurück zum Zitat Palmirani M, Martoni M, Rossi A, Bartolini C, Robaldo L (2018) PrOnto: privacy ontology for legal reasoning. In: Electronic government and the information systems perspective, pp 139–152 Palmirani M, Martoni M, Rossi A, Bartolini C, Robaldo L (2018) PrOnto: privacy ontology for legal reasoning. In: Electronic government and the information systems perspective, pp 139–152
80.
Zurück zum Zitat European Parliament Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 (April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Official Journal of the European Communities, vol 59, pp 1–88 European Parliament Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 (April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Official Journal of the European Communities, vol 59, pp 1–88
81.
Zurück zum Zitat Peixoto MM, Silva C (2018) Specifying privacy requirements with goal-oriented modeling languages. In: ACM international conference proceeding series. pp 112–121 Peixoto MM, Silva C (2018) Specifying privacy requirements with goal-oriented modeling languages. In: ACM international conference proceeding series. pp 112–121
82.
Zurück zum Zitat Pfitzmann A, Hansen M (2010) A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. Technical University Dresden, pp 1–98 Pfitzmann A, Hansen M (2010) A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. Technical University Dresden, pp 1–98
83.
Zurück zum Zitat Polst S, Kelbert P, Feth D (2019) Company privacy dashboards: employee needs and requirements. In: Lecture notes in computer science, vol 11594 LNCS, Springer, pp 429–440 Polst S, Kelbert P, Feth D (2019) Company privacy dashboards: employee needs and requirements. In: Lecture notes in computer science, vol 11594 LNCS, Springer, pp 429–440
84.
Zurück zum Zitat Poveda-villalón M, Suárez-figueroa MC, Gómez-pérez A (2010) A double classification of common pitfalls in ontologies. Development, pp 1–12 Poveda-villalón M, Suárez-figueroa MC, Gómez-pérez A (2010) A double classification of common pitfalls in ontologies. Development, pp 1–12
85.
Zurück zum Zitat Radics PJ, Gračanin D, Kafura D (2013) PREprocess before you build: introducing a framework for privacy requirements engineering. In: Proceedings-SocialCom/PASSAT/BigData/EconCom/BioMedCom, IEEE, pp 564–569 Radics PJ, Gračanin D, Kafura D (2013) PREprocess before you build: introducing a framework for privacy requirements engineering. In: Proceedings-SocialCom/PASSAT/BigData/EconCom/BioMedCom, IEEE, pp 564–569
86.
Zurück zum Zitat Robol M, Paja E, Salnitri M, Giorgini P (2018) Modeling and reasoning about privacy-consent requirements. In: Lecture notes in business information processing, vol. 335, Springer, pp 238–254 Robol M, Paja E, Salnitri M, Giorgini P (2018) Modeling and reasoning about privacy-consent requirements. In: Lecture notes in business information processing, vol. 335, Springer, pp 238–254
87.
Zurück zum Zitat Rostad L (2006) An extended misuse case notation: Including vulnerabilities and the insider threat. In: The twelfth working conference on requirements engineering: foundation for software quality, Springer, pp 67–77 Rostad L (2006) An extended misuse case notation: Including vulnerabilities and the insider threat. In: The twelfth working conference on requirements engineering: foundation for software quality, Springer, pp 67–77
88.
Zurück zum Zitat Runeson P, Höst M (2009) Guidelines for conducting and reporting case study research in software engineering. Empir Softw Eng 14(2):131–164CrossRef Runeson P, Höst M (2009) Guidelines for conducting and reporting case study research in software engineering. Empir Softw Eng 14(2):131–164CrossRef
89.
Zurück zum Zitat Schaub F (2018) Context-adaptive privacy mechanisms. In: Handbook of mobile data privacy. Springer, pp 337–372 Schaub F (2018) Context-adaptive privacy mechanisms. In: Handbook of mobile data privacy. Springer, pp 337–372
90.
Zurück zum Zitat Schwartz PM, Solove DJ (2011) The PII problem: privacy and a new concept of personally identifiable information. N York Univ Law Rev 86(6):1814–1894 Schwartz PM, Solove DJ (2011) The PII problem: privacy and a new concept of personally identifiable information. N York Univ Law Rev 86(6):1814–1894
91.
Zurück zum Zitat Sindre G, Opdahl AL (2005) Eliciting security requirements with misuse cases. Requir Eng 10(1):34–44CrossRef Sindre G, Opdahl AL (2005) Eliciting security requirements with misuse cases. Requir Eng 10(1):34–44CrossRef
92.
Zurück zum Zitat Singhal A, Wijesekera D (2010) Ontologies for modeling enterprise level security metrics. In: Proceedings of the sixth annual workshop on cyber security and information intelligence research, ACM, p 58 Singhal A, Wijesekera D (2010) Ontologies for modeling enterprise level security metrics. In: Proceedings of the sixth annual workshop on cyber security and information intelligence research, ACM, p 58
93.
Zurück zum Zitat Sokolovska A, Kocarev L (2018) Integrating technical and legal concepts of privacy. IEEE Access 6:26543–26557CrossRef Sokolovska A, Kocarev L (2018) Integrating technical and legal concepts of privacy. IEEE Access 6:26543–26557CrossRef
94.
Zurück zum Zitat Solove DJ (2002) Conceptualizing privacy. California Law Review, pp 1087–1155 Solove DJ (2002) Conceptualizing privacy. California Law Review, pp 1087–1155
95.
Zurück zum Zitat Solove DJ (2006) A taxonomy of privacy. Univ Pennsyl Law Rev 154(3):477CrossRef Solove DJ (2006) A taxonomy of privacy. Univ Pennsyl Law Rev 154(3):477CrossRef
96.
Zurück zum Zitat Souag A, Salinesi C, Comyn-Wattiau I (2012) Ontologies for security requirements: a literature survey and classification. In: Advanced information systems engineering workshops, Springer, pp 61–69 Souag A, Salinesi C, Comyn-Wattiau I (2012) Ontologies for security requirements: a literature survey and classification. In: Advanced information systems engineering workshops, Springer, pp 61–69
97.
Zurück zum Zitat Souag A, Salinesi C, Mazo R, Comyn-Wattiau I (2015) A security ontology for security requirements elicitation. In: Engineering secure software and systems. Springer, pp 157–177 Souag A, Salinesi C, Mazo R, Comyn-Wattiau I (2015) A security ontology for security requirements elicitation. In: Engineering secure software and systems. Springer, pp 157–177
98.
Zurück zum Zitat Souag A, Salinesi C, Wattiau I, Mouratidis H (2013) Using security and domain ontologies for security requirements analysis. In: Computer software and applications conference workshops (COMPSACW), IEEE, pp 101–107 Souag A, Salinesi C, Wattiau I, Mouratidis H (2013) Using security and domain ontologies for security requirements analysis. In: Computer software and applications conference workshops (COMPSACW), IEEE, pp 101–107
99.
Zurück zum Zitat Spiekermann S, Cranor LF (2009) Engineering privacy. IEEE Trans Softw Eng 35(1):67–82CrossRef Spiekermann S, Cranor LF (2009) Engineering privacy. IEEE Trans Softw Eng 35(1):67–82CrossRef
100.
Zurück zum Zitat Theoharidou M, Tsalis N, Gritzalis D (2016) Smart home solutions: privacy issues. Health Care and Well-Being, Handbook of Smart Homes, pp 67–81 Theoharidou M, Tsalis N, Gritzalis D (2016) Smart home solutions: privacy issues. Health Care and Well-Being, Handbook of Smart Homes, pp 67–81
101.
Zurück zum Zitat Thinakaran K, Dhillon JS, Gunasekaran SS, Chen LF (2017) A conceptual privacy framework for privacy- aware IoT health applications. In: 6th international conference on computing and informatics, no. October, pp 175–183 Thinakaran K, Dhillon JS, Gunasekaran SS, Chen LF (2017) A conceptual privacy framework for privacy- aware IoT health applications. In: 6th international conference on computing and informatics, no. October, pp 175–183
102.
Zurück zum Zitat Tsoumas B, Gritzalis D (2006) Towards an ontology-based security management. In: 20th international conference on advanced information networking and applications (AINA) , vol. 1, IEEE, pp 985–992 Tsoumas B, Gritzalis D (2006) Towards an ontology-based security management. In: 20th international conference on advanced information networking and applications (AINA) , vol. 1, IEEE, pp 985–992
103.
Zurück zum Zitat Uschold M, Gruninger M (1996) Ontologies: principles, methods and applications. Knowl Eng Rev 11(02):93–136CrossRef Uschold M, Gruninger M (1996) Ontologies: principles, methods and applications. Knowl Eng Rev 11(02):93–136CrossRef
104.
Zurück zum Zitat Van Blarkom GW, Borking JJ, Olk JGE (2003) Handbook of privacy and privacy-enhancing technologies. Privacy Incorporated Software Agent (PISA) Consortium, The Hague Van Blarkom GW, Borking JJ, Olk JGE (2003) Handbook of privacy and privacy-enhancing technologies. Privacy Incorporated Software Agent (PISA) Consortium, The Hague
105.
Zurück zum Zitat Van Lamsweerde A (2004) Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th international conference on software engineering, IEEE Computer Society, pp 148–157 Van Lamsweerde A (2004) Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th international conference on software engineering, IEEE Computer Society, pp 148–157
106.
Zurück zum Zitat Velasco JL, Valencia-Garc’ia R, Fernández-Breis JT, Toval A, Others, (2009) Modelling reusable security requirements based on an ontology framework. J Res Pract Inf Technol 41:119 Velasco JL, Valencia-Garc’ia R, Fernández-Breis JT, Toval A, Others, (2009) Modelling reusable security requirements based on an ontology framework. J Res Pract Inf Technol 41:119
107.
Zurück zum Zitat Wagner I, Boiten E (2018) Privacy risk assessment: from art to science, by metrics. Lect Notes Comput Sci 11025:225–241CrossRef Wagner I, Boiten E (2018) Privacy risk assessment: from art to science, by metrics. Lect Notes Comput Sci 11025:225–241CrossRef
108.
Zurück zum Zitat Wang JA, Guo M (2009) OVM: an ontology for vulnerability management. In: Proceedings of the 5th annual workshop on cyber security and information intelligence research, ACM, p 34 Wang JA, Guo M (2009) OVM: an ontology for vulnerability management. In: Proceedings of the 5th annual workshop on cyber security and information intelligence research, ACM, p 34
109.
Zurück zum Zitat Zannone N (2006) A requirements engineering methodology for trust, security, and privacy. PhD thesis, University of Trento Zannone N (2006) A requirements engineering methodology for trust, security, and privacy. PhD thesis, University of Trento
Metadaten
Titel
An Ontology for Privacy Requirements via a Systematic Literature Review
verfasst von
Mohamad Gharib
Paolo Giorgini
John Mylopoulos
Publikationsdatum
07.01.2021
Verlag
Springer Berlin Heidelberg
Erschienen in
Journal on Data Semantics / Ausgabe 4/2020
Print ISSN: 1861-2032
Elektronische ISSN: 1861-2040
DOI
https://doi.org/10.1007/s13740-020-00116-5