Eliciting confidentiality requirements in practice

Authors:
Seda Gürses;Jens H. Jahnke;Christina Obry;Adeniyi Onabajo;Thomas Santen;Morgan Price
Affiliations:
Department of Information Systems, Humboldt University, Berlin, Germany;Department of Computer Science, University of Victoria, Victoria, BC, Canada;Department of Computer Science, University of Victoria, Victoria, BC, Canada;Department of Computer Science, University of Victoria, Victoria, BC, Canada;Softwaretechnik, TU Berlin, Berlin, Germany;Department of Family Practice, University of British Columbia, Vancouver, BC, Canada
Venue:
CASCON '05 Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research
Year:
2005

Citing 8
Cited 4

Object-oriented software engineering

Object-oriented software engineering
Four dark corners of requirements engineering

ACM Transactions on Software Engineering and Methodology (TOSEM)
Properties of protection goals and their integration into a user interface

Computer Networks: The International Journal of Computer and Telecommunications Networking - electronic commerce
The Role of Policy and Stakeholder Privacy Values in Requirements Engineering

RE '01 Proceedings of the Fifth IEEE International Symposium on Requirements Engineering
A security policy model for clinical information systems

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Introducing Abuse Frames for Analysing Security Requirements

RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Security and Privacy Requirements Analysis within a Social Setting

RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Integrating security and systems engineering: towards the modelling of secure information systems

CAiSE'03 Proceedings of the 15th international conference on Advanced information systems engineering

Engineering Medical Information Systems: Architecture, Data and Usability & Security

ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Mining and analysing security goal models in health information systems

SEHC '09 Proceedings of the 2009 ICSE Workshop on Software Engineering in Health Care
A Foundation for Requirements Analysis of Dependable Software

SAFECOMP '09 Proceedings of the 28th International Conference on Computer Safety, Reliability, and Security
Threat and Risk-Driven Security Requirements Engineering

International Journal of Mobile Computing and Multimedia Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Confidentiality, the protection of unauthorized disclosure of information, plays an important role in information security of software systems. Security researchers have developed numerous approaches on how to implement confidentiality, typically based on cryptographic algorithms and tight access control. However, less work has been done on defining systematic methods on how to elicit and define confidentiality requirements in the first place. Moreover, most of these approaches are illustrated with simulated examples that do not capture the richness of real world experience. This paper reports on our experiences eliciting confidentiality requirements in a real world project in the health care area. The method applied originates from the M.Sc. thesis of one of the authors and is still considered work in progress. Still, valuable insight into issues of confidentiality requirements engineering can be gained from this case study and we expect that its publication will become a basis for discussion and the definition of a further research agenda in this area.