Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
The Universal Ontology: A Vision for Conceptual Modeling and the Semantic Web (Invited Paper) Kapitel lesen Erstes Kapitel lesen

2017 | OriginalPaper | Buchkapitel

Towards an Ontology for Privacy Requirements via a Systematic Literature Review

verfasst von : Mohamad Gharib, Paolo Giorgini, John Mylopoulos

Erschienen in: Conceptual Modeling

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Privacy has been frequently identified as a main concern for systems that deal with personal information. However, much of existing work on privacy requirements deals with them as a special case of security requirements, thereby overlooking key aspects of privacy. In this paper, we address this problem by proposing an ontology for privacy requirements. The ontology is mined from the literature through a systematic literature review whose main purpose is to identify key concepts/relationships for capturing privacy requirements. In addition, identified concepts/relations are further analyzed to identify redundancies and semantic overlaps.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Conceptual Modeling: Enhancement Through Semiotics
Nächstes Kapitel What Happens to Intentional Concepts in Requirements Engineering if Intentional States Cannot Be Known?
Fußnoten
1
A detailed version of the systematic literature review can be found at [12].
 
2
Secondary studies can be found in the related work section.
 
3
In the case of multiple synonyms, some were omitted.
 
4
The frequency of appearance for each concept/relation can be found in [12].
 
5
The percentage of the concepts/relations covered by each study can be found in [12].
 
Literatur
1.
Gharib, M., Salnitri, M., Paja, E., Giorgini, P., Mouratidis, H., Pavlidis, M., Ruiz, J.F., Fernandez, S., Della Siria, A.: Privacy requirements: findings and lessons learned in developing a privacy platform. In: The 24th International Requirements Engineering Conference (RE), pp. 256–265. IEEE (2016)
2.
Hong, J.I., Ng, J.D., Lederer, S., Landay, J.A.: Privacy risk models for designing privacy-sensitive ubiquitous computing systems. In: Proceedings of the 5th Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques, pp. 91–100. ACM (2004)
3.
Labda, W., Mehandjiev, N., Sampaio, P.: Modeling of privacy-aware business processes in BPMN to protect personal data. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1399–1405. ACM (2014)
4.
Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requirements Eng. 13(3), 241–255 (2008)CrossRef
5.
Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. J. Softw. Eng. Knowl. Eng. 17(2), 285–309 (2007)CrossRef
6.
Zannone, N.: A requirements engineering methodology for trust, security, and privacy. Ph.D. thesis, University of Trento (2006)
7.
Solove, D.J.: A taxonomy of privacy. Univ. Pa. Law Rev. 154, 477–564 (2006)CrossRef
8.
Souag, A., Salinesi, C., Mazo, R., Comyn-Wattiau, I.: A security ontology for security requirements elicitation. In: Piessens, F., Caballero, J., Bielova, N. (eds.) ESSoS 2015. LNCS, vol. 8978, pp. 157–177. Springer, Cham (2015). doi:10.​1007/​978-3-319-15618-7_​13CrossRef
9.
Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: 11th International RE Conference, pp. 151–161. IEEE (2003)
10.
Kitchenham, B.: Procedures for performing systematic reviews. UK Keele Univ. 33, 1–26 (2004)
11.
Kitchenham, B., Charters, S.: Guidelines for performing systematic literature reviews in software engineering. Technical report, Keele University (2007)
12.
Gharib, M., Giorgini, P., Mylopoulos, J.: Ontologies for privacy requirements engineering: a systematic literature review. arXiv preprint arXiv:​1611.​10097 (2016)
13.
Van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, pp. 148–157. IEEE Computer Society (2004)
14.
Braghin, S., Coen-Porisini, A., Colombo, P., Sicari, S., Trombetta, A.: Introducing privacy in a hospital information system. In: Proceedings of the Fourth International Workshop on Software Engineering for Secure Systems, pp. 9–16. ACM (2008)
15.
Singhal, A., Wijesekera, D.: Ontologies for modeling enterprise level security metrics. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, p. 58. ACM (2010)
16.
Wang, J.A., Guo, M.: OVM: an ontology for vulnerability management. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research, p. 34. ACM (2009)
17.
Velasco, J.L., Valencia-García, R., Fernández-Breis, J.T., Toval, A., et al.: Modelling reusable security requirements based on an ontology framework. J. Res. Pract. Inf. Technol. 41(2), 119 (2009)
18.
Souag, A., Salinesi, C., Wattiau, I., Mouratidis, H.: Using security and domain ontologies for security requirements analysis. In: Computer Software and Applications Conference Workshops (COMPSACW), pp. 101–107. IEEE (2013)
19.
Tsoumas, B., Gritzalis, D.: Towards an ontology-based security management. In: 20th International Conference on Advanced Information Networking and Applications (AINA), vol. 1, pp. 985–992. IEEE (2006)
20.
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: 13th International Conference on Requirements Engineering, pp. 167–176. IEEE (2005)
21.
Kang, W., Liang, Y.: A security ontology with MDA for software development. In: 2013 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), pp. 67–74. IEEE (2013)
22.
Massacci, F., Mylopoulos, J., Paci, F., Tun, T.T., Yu, Y.: An extended ontology for security requirements. In: Salinesi, C., Pastor, O. (eds.) CAiSE 2011. LNBIP, vol. 83, pp. 622–636. Springer, Heidelberg (2011). doi:10.​1007/​978-3-642-22056-2_​64CrossRef
23.
Elahi, G., Yu, E., Zannone, N.: A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations. In: Laender, A.H.F., Castano, S., Dayal, U., Casati, F., de Oliveira, J.P.M. (eds.) ER 2009. LNCS, vol. 5829, pp. 99–114. Springer, Heidelberg (2009). doi:10.​1007/​978-3-642-04840-1_​10CrossRef
24.
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10(1), 34–44 (2005)CrossRef
25.
Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 183–194. ACM (2009)
26.
Asnar, Y., Moretti, R., Sebastianis, M., Zannone, N.: Risk as dependability metrics for the evaluation of business solutions: a model-driven approach. In: Third Conference on Availability, Reliability and Security, ARES 2008, pp. 1240–1247. IEEE (2008)
27.
den Braber, F., Dimitrakos, T., Gran, B.A., Lund, M.S., Stølen, K., Aagedal, J.: The CORAS methodology: model-based risk assessment using UML and up. UML Unified Process 332–357 (2003)
28.
Elahi, G., Yu, E., Zannone, N.: A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requirements Eng. 15(1), 41–62 (2010)CrossRef
29.
30.
Matulevičius, R., Mayer, N., Mouratidis, H., Dubois, E., Heymans, P., Genon, N.: Adapting secure tropos for security risk management in the early phases of information systems development. In: Bellahsène, Z., Léonard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 541–555. Springer, Heidelberg (2008). doi:10.​1007/​978-3-540-69534-9_​40CrossRef
31.
Røstad, L.: An extended misuse case notation: including vulnerabilities and the insider threat. In: International Working Conference on Requirements Engineering: Foundation for Software Quality, pp. 33–34. Springer (2006). doi:10.1.1.106.8353
32.
Mayer, N.: Model-based management of information system security risk. Ph.D. thesis, University of Namur (2009)
33.
Dritsas, S., Gymnopoulos, L., Karyda, M., Balopoulos, T., Kokolakis, S., Lambrinoudakis, C., Katsikas, S.: A knowledge-based approach to security requirements for e-health applications. J. E-Commer. Tools Appl. 2, 1–24 (2006)
34.
Lin, L., Nuseibeh, B., Ince, D., Jackson, M., Moffett, J.: Introducing abuse frames for analysing security requirements. In: 11th Requirements Engineering International Conference, pp. 371–372. IEEE (2003)
35.
Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1(1), 11–33 (2004)CrossRef
36.
Asnar, Y., Giorgini, P., Massacci, F., Zannone, N.: From trust to dependability through risk analysis. In: The Second International Conference on Availability, Reliability and Security, ARES 2007, pp. 19–26. IEEE (2007)
37.
Asnar, Y., Giorgini, P., Mylopoulos, J.: Risk modelling and reasoning in goal models, DIT-06-008. Technical report, Universitá degli studi di Trento (2006)
38.
Paja, E., Dalpiaz, F., Giorgini, P.: STS-tool: security requirements engineering for socio-technical systems. In: Heisel, M., Joosen, W., Lopez, J., Martinelli, F. (eds.) Engineering Secure Future Internet Services and Systems. LNCS, vol. 8431, pp. 65–96. Springer, Cham (2014). doi:10.​1007/​978-3-319-07452-8_​3CrossRef
39.
Van Blarkom, G., Borking, J., Olk, J.: Handbook of privacy and privacy-enhancing technologies. Privacy Incorporated Software Agent Consortium, The Hague (2003)
40.
Gharib, M., Giorgini, P.: Analyzing trust requirements in socio-technical systems: a belief-based approach. In: Ralyté, J., España, S., Pastor, Ó. (eds.) PoEM 2015. LNBIP, vol. 235, pp. 254–270. Springer, Cham (2015). doi:10.​1007/​978-3-319-25897-3_​17CrossRef
41.
Runeson, P., Höst, M.: Guidelines for conducting and reporting case study research in software engineering. Empir. Softw. Eng. 14(2), 131–164 (2009)CrossRef
42.
Souag, A., Salinesi, C., Comyn-Wattiau, I.: Ontologies for security requirements: a literature survey and classification. In: Bajec, M., Eder, J. (eds.) CAiSE 2012. LNBIP, vol. 112, pp. 61–69. Springer, Heidelberg (2012). doi:10.​1007/​978-3-642-31069-0_​5CrossRef
43.
Blanco, C., Lasheras, J., Valencia-García, R., Fernández-Medina, E., Toval, A., Piattini, M.: A systematic review and comparison of security ontologies. In: 3rd Conference on Availability, Reliability and Security, pp. 813–820. IEEE (2008)
44.
Fabian, B., Gürses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requirements Eng. 15(1), 7–40 (2010)CrossRef
Metadaten
Titel
Towards an Ontology for Privacy Requirements via a Systematic Literature Review
verfasst von
Mohamad Gharib
Paolo Giorgini
John Mylopoulos
Copyright-Jahr
2017
Buch
Conceptual Modeling

Print ISBN: 978-3-319-69903-5

Electronic ISBN: 978-3-319-69904-2

Copyright-Jahr: 2017

DOI
https://doi.org/10.1007/978-3-319-69904-2_16