Addressing privacy requirements in system design: the PriS method

Authors:
Christos Kalloniatis;Evangelia Kavakli;Stefanos Gritzalis
Affiliations:
University of the Aegean, Cultural Informatics Laboratory, Department of Cultural Technology and Communication, Harilaou Trikoupi and Faonos Str., 81100, Mytilene, Greece;University of the Aegean, Cultural Informatics Laboratory, Department of Cultural Technology and Communication, Harilaou Trikoupi and Faonos Str., 81100, Mytilene, Greece;University of the Aegean, Information and Communication Systems Security Laboratory, Department of Information and Communications Systems Engineering, Harilaou Trikoupi and Faonos Str., 83200, Sam ...
Venue:
Requirements Engineering
Year:
2008

Citing 0
Cited 12

Requirements-based Access Control Analysis and Policy Specification (ReCAPS)

Information and Software Technology
A Personal Data Audit Method through Requirements Engineering

Computer Standards & Interfaces
Privacy requirements engineering for trustworthy e-government services

TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Minimal privacy authorization in web services collaboration

Computer Standards & Interfaces
A soft computing approach for privacy requirements engineering: The PriS framework

Applied Soft Computing
Survey Internet of things: Vision, applications and research challenges

Ad Hoc Networks
Context management for m-commerce applications: determinants, methodology and the role of marketing

Information Technology and Management
Model-driven privacy and security in multi-modal social media UIs

MSM'11 Proceedings of the 2011 international conference on Modeling and Mining Ubiquitous Social Media
Model Based Process to Support Security and Privacy Requirements Engineering

International Journal of Secure Software Engineering
Engineering adaptive privacy: on the role of privacy awareness requirements

Proceedings of the 2013 International Conference on Software Engineering
A framework to support selection of cloud providers based on security and privacy requirements

Journal of Systems and Software
Towards the design of secure and privacy-oriented information systems in the cloud: Identifying the major concepts

Computer Standards & Interfaces

Quantified Score

Hi-index	0.00

Visualization

Abstract

A major challenge in the field of software engineering is to make users trust the software that they use in their every day activities for professional or recreational reasons. Trusting software depends on various elements, one of which is the protection of user privacy. Protecting privacy is about complying with user’s desires when it comes to handling personal information. Users’ privacy can also be defined as the right to determine when, how and to what extend information about them is communicated to others. Current research stresses the need for addressing privacy issues during the system design rather than during the system implementation phase. To this end, this paper describes PriS, a security requirements engineering method, which incorporates privacy requirements early in the system development process. PriS considers privacy requirements as organisational goals that need to be satisfied and adopts the use of privacy-process patterns as a way to: (1) describe the effect of privacy requirements on business processes; and (2) facilitate the identification of the system architecture that best supports the privacy-related business processes. In this way, PriS provides a holistic approach from ‘high-level’ goals to ‘privacy-compliant’ IT systems. The PriS way-of-working is formally defined thus, enabling the development of automated tools for assisting its application.