Object-oriented software engineering
Object-oriented software engineering
Four dark corners of requirements engineering
ACM Transactions on Software Engineering and Methodology (TOSEM)
Properties of protection goals and their integration into a user interface
Computer Networks: The International Journal of Computer and Telecommunications Networking - electronic commerce
The Role of Policy and Stakeholder Privacy Values in Requirements Engineering
RE '01 Proceedings of the Fifth IEEE International Symposium on Requirements Engineering
A security policy model for clinical information systems
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Introducing Abuse Frames for Analysing Security Requirements
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Integrating security and systems engineering: towards the modelling of secure information systems
CAiSE'03 Proceedings of the 15th international conference on Advanced information systems engineering
Engineering Medical Information Systems: Architecture, Data and Usability & Security
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Mining and analysing security goal models in health information systems
SEHC '09 Proceedings of the 2009 ICSE Workshop on Software Engineering in Health Care
A Foundation for Requirements Analysis of Dependable Software
SAFECOMP '09 Proceedings of the 28th International Conference on Computer Safety, Reliability, and Security
Threat and Risk-Driven Security Requirements Engineering
International Journal of Mobile Computing and Multimedia Communications
Hi-index | 0.00 |
Confidentiality, the protection of unauthorized disclosure of information, plays an important role in information security of software systems. Security researchers have developed numerous approaches on how to implement confidentiality, typically based on cryptographic algorithms and tight access control. However, less work has been done on defining systematic methods on how to elicit and define confidentiality requirements in the first place. Moreover, most of these approaches are illustrated with simulated examples that do not capture the richness of real world experience. This paper reports on our experiences eliciting confidentiality requirements in a real world project in the health care area. The method applied originates from the M.Sc. thesis of one of the authors and is still considered work in progress. Still, valuable insight into issues of confidentiality requirements engineering can be gained from this case study and we expect that its publication will become a basis for discussion and the definition of a further research agenda in this area.