Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Processing Social Media Data for Crisis Management in Athena Kapitel lesen Erstes Kapitel lesen

2015 | OriginalPaper | Buchkapitel

Conflicts Between Security and Privacy Measures in Software Requirements Engineering

verfasst von : Daniel Ganji, Haralambos Mouratidis, Saeed Malekshahi Gheytassi, Miltos Petridis

Erschienen in: Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The digital world is expanding rapidly into all parts of the physical world and our environment is shaped by the technologies we use. Majority of these technologies are user-generated content through browsing, emails, blogging, social media, e-shopping, video sharing and many other activities. our research considers how technology and software architecture in particular could be designed to pave the way for greater security and privacy in digital proceedings and services. The research treat security and privacy as an intrinsic component of a system design. The proposed framework in this research cover a broad approach by examining security and privacy from the requirements phase under a unified framework which enables to richly bridge the gap between requirement and implementation stages.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Software Security Requirements Engineering: State of the Art
Nächstes Kapitel Securing the Blind User Visualization and Interaction in Touch Screen
Literatur
1.
Pearson, S.: Taking Account of Privacy when Designing Cloud Computing Services, pp. 44–52. IEEE (2009)
2.
Massey, A.K., Antón, A.I.: A requirements-based comparison of privacy taxonomies. In: 2008 Requirements Engineering and Law (2008)
3.
Schneier, B.: The importance of security engineering. IEEE Comput. Reliab. Soc. 88 (2012)
4.
Thomas McCarthy, J.: The Rights of Publicity and Privacy, 2nd edn. Thomson-West, New York (2005)
5.
Solove, D.J.: Understanding Privacy. Harvard University Press, Cambridge (2008)
6.
AICPA and CICA. Generally Accepted Privacy Principles. Technical Report August, American Institute of Certified Public Accountants, Inc. and Institute of Chartered Accountants (2009)
7.
Perrin, C.: Privacy is security (2007)
8.
ICO. Conducting privacy impact assessments code of practice. Technical report (2014)
9.
Schwartz, P.M.: Privacy, ethics, and analytics. IEEE Comput. Reliab. Soc. 11, 66–69 (2011)
10.
Plummer, D.: Top 10 Strategic Predictions: Gartner Predicts a Disruptive and Constructive Future for IT. Technical report (2011)
11.
Koponen, J., Mangiaracina, A.: No free lunch: personal data and privacy in eu competition law. The Comput. Internet Lawyer 31(6), 7 (2014)
12.
Fujitsu: Personal data in the cloud: A global survey of consumer attitudes. Technical report (2010)
13.
Federal Trade Commission. Protecting Consumer Privacy in an Era of Rapid Change: A proposed framework for businesses and policymakers. Technical report, December 2010
14.
Cavoukian, A.: Privacy by design the 7 foundational principles. Technical report (2009)
15.
Cavoukian, A.: Privacy by Design. Technical report (2011)
16.
Clarke, R.: Privacy Impact Assessments (1999)
17.
Oetzel, M.C., Spiekermann, S.: A systematic methodology for privacy impact assessments: a design science approach. Eur. J. Inf. Syst. 23(2), 126–150 (2014)CrossRef
18.
Trilateral Research & Consulting. Privacy impact assessment and risk management. Technical report, May 2013
19.
PISA Consortium. Handbook of Privacy and Privacy-Enhancing Technologies (2003)
20.
Shen, Y., Pearson, S.: Privacy enhancing technologies: a review. HP Laboratories 2739, 1–30 (2011)
21.
Goncalves, G., Poniszewska-Maranda, A.: Role engineering: from design to evolution of security schemes. J. Syst. Softw. 81(8), 1306–1326 (2008)CrossRef
22.
Firesmith, D.: Specifying reusable security requirements. J. Object Technol. 3(1), 61–75 (2004)CrossRef
23.
Van Lamsweerde, A.: Requirements Engineering: From System Goals to UML Models to Software Specifications. Wiley, Hoboken (2009)
24.
Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)CrossRef
25.
Pfleeger, S.L., Pfleeger, C.P.: Harmonizing privacy with security principles and practices. IBM J. Res. Devel. 53(2), 6:1–6:12 (2009)CrossRef
26.
Microsoft. Protecting Data and Privacy in the Cloud. Technical report (2014)
27.
Breaux, T.D., Anton, A.I.: Analyzing regulatory rules for privacy and security requirements. IEEE Trans. Softw. Eng. 34(1), 5–20 (2008)CrossRef
28.
Van Lamsweerde, A., Letier, E.: Handling obstacles in goal-oriented requirements engineering. IEEE Trans. Softw. Eng. 26(10), 978–1005 (2000)CrossRef
29.
Carrillo de Gea, J.M., Nicolas, J., Fernandez Aleman, J.L., Toval, A., Ebert, C., Vizcaino, A.: Requirements engineering tools. IEEE Softw. 28(4), 86–91 (2010)CrossRef
30.
Al-Fedaghi, S.: Engineering privacy revisited. Comput. Sci. 8(1), 107–120 (2012)CrossRef
31.
Dimitromanolaki, I., Loucopoulos, P.: Goal-based conflict management in scenario analysis. In: 11th International Workshop on Database and Expert Systems Applications, pp. 831–835. IEEE (2000)
32.
Easterbrook, S.M.: Resolving requirements conflicts with computer-supported negotiation. Requirements Engineering: Social and Technical Issues, pp. 41–65 (1994)
33.
Ali, R., Dalpiaz, F., Giorgini, P.: Reasoning with contextual requirements: detecting inconsistency and conflicts. Inf. Softw. Technol. 55(1), 35–57 (2013)CrossRef
34.
Van Lamsweerde, A., Darimont, R., Letier, E.: Managing conflicts in goal-directed requirements engineering. IEEE Trans. Softw. Eng. 24(11), 908–925 (1998)CrossRef
35.
Pham, M.T., Seow, K.T.: Multiagent conflict resolution planning. In: IEEE International Conference on Systems, Man, and Cybernetics, SMC 2013, pp. 297–302 (2013)
36.
Kalloniatis, C., Kavakli, E., Gritzalis, S.: Methods for designing privacy aware information systems: a review. In: 13th Panhellenic Conference on Informatics, pp. 185–194. IEEE (2009)
37.
Mylopoulos, J., Chung, L., Nixon, B.: Representing and using non-functional requirements: a process-oriented approach. IEEE Trans. Softw. Eng. 18(6), 483–497 (1992)CrossRef
38.
Yu, E.: Towards modelling and reasoning support for early-phase requirements engineering. In: 3rd IEEE International Symposium on Requirements Engineering, pp. 226–235 (1997)
39.
Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: an egent-oriented software development methodology. Auton. Agents Multi-Agent Syst. 8(3), 203–236 (2002)CrossRef
40.
Heaven, W., Finkelstein, A.: A UML profile to support requirements engineering with KAOS. IEEE Proc.-Softw. 151(1), 10–27 (2004)CrossRef
41.
Antón, A.I., Earp, J.B.: Strategies for developing policies and requirements for secure electronic commerce systems. E-Commer. Secur. Priv. 2, 29–46 (2000)
42.
He, Q., Antn, A.I.: A framework for modeling privacy requirements in role engineering. REFSQ 3, 137–146 (2003)
43.
Moffett, J.D., Nuseibeh, B.: A framework for security requirements engineering. In: International Workshop on Software Engineering for Secure Systems (2006)
44.
Bellotti, V., Sellen, A.: Design for privacy in ubiquitous computing environments. In: Third European Conference on Computer-Supported Cooperative, pp. 77–92 (1993)
45.
Jensen, C., Tullio, J., Potts, C., Mynatt, E.D.: A structured analysis framework for privacy (STRAP) (2005)
46.
Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requirements Eng. 13(3), 241–255 (2008)CrossRef
47.
Omoronyia, I., Pasquale, L., Salehie, M., Cavallaro, L., Doherty, G., Nuseibeh, B.: Caprice: a tool for engineering adaptive privacy. In: 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012), Essen, Germany (2012)
48.
Pasquale, L., Menghi, C., Salehie, M., Cavallaro, L., Omoronyia, I., Nuseibeh, B.: SecuriTAS: a tool for engineering adaptive security. In: ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, pp. 1—4. ACM (2012)
49.
Boehm, B., Grünbacher, P., Briggs, R.O.: EasyWinWin: a groupware-supported methodology for requirements negotiation. In: 23rd International Conference on Software Engineering, pp. 720–721 (2001)
50.
Lee, R.B.: Challenges in the design of security-aware processors. In: Proceedings of the Application-Specific Systems, Architectures, and Processors (ASAP03) (2003)
51.
Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: 11th IEEE International on Requirements Engineering Conference (2003)
52.
Compagna, L., El Khoury, P., Massacci, F., Thomas, R., Zannone, N.: How to capture, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach. In: 11th International Conference on Artificial Intelligence and Law, pp. 149–153. ACM (2007)
53.
Mouratidis, H., Islam, S., Kalloniatis, C., Gritzalis, S.: A framework to support selection of cloud providers based on security and privacy requirements. Elsevier 86, 2276–2293 (2013)
54.
Chomicki, J., Lobo, J., Naqvi, S.: Conflict resolution using logic programming. IEEE Trans. Knowl. Data Eng. 15(1), 244–249 (2003)CrossRef
Metadaten
Titel
Conflicts Between Security and Privacy Measures in Software Requirements Engineering
verfasst von
Daniel Ganji
Haralambos Mouratidis
Saeed Malekshahi Gheytassi
Miltos Petridis
Copyright-Jahr
2015
Buch
Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security

Print ISBN: 978-3-319-23275-1

Electronic ISBN: 978-3-319-23276-8

Copyright-Jahr: 2015

DOI
https://doi.org/10.1007/978-3-319-23276-8_29

Premium Partner

    Bildnachweise