Model Based Process to Support Security and Privacy Requirements Engineering

2012 ◽  
Vol 3 (3) ◽  
pp. 1-22 ◽  
Author(s):  
Shareeful Islam ◽  
Haralambos Mouratidis ◽  
Christos Kalloniatis ◽  
Aleksandar Hudic ◽  
Lorenz Zechner
Keyword(s):  
Requirements Engineering ◽  
Security And Privacy ◽  
Software Systems ◽  
Continuous Change ◽  
Privacy Requirements ◽  
Model Based ◽  
Systems Research ◽  
Implementation Techniques ◽  
Voting System ◽  
Eu Project

Software systems are becoming more complex, interconnected and liable to adopt continuous change and evolution. It’s necessary to develop appropriate methods and techniques to ensure security and privacy of such systems. Research efforts that aim to ensure security and privacy of software systems are distinguished through two main categories: (1) the development of requirements engineering methods, and (2) implementation techniques. Approaches that fall in the first category usually aim to address either security or privacy in an implicit way, with emphasis on the security aspects by developing methods to elicit and analyse security (and privacy) requirements. Works that fall in the latter categories focus specifically on the later stages of the development process irrespective of the organisational context in which the system will be incorporated. This work introduces a model-based process for security and privacy requirements engineering. In particular, the authors’ work includes activities which support to identify and analyse security and privacy requirements for the software system. Their purpose process combines concepts from two well-known requirements engineering methods, Secure Tropos and PriS. A real case study from the EU project E-vote, i.e., an Internet based voting system, is employed to demonstrate the applicability of the approach.

Designing Secure and Privacy-Aware Information Systems

2017 ◽  
Vol 8 (2) ◽  
pp. 1-25
Author(s):  
Christos Kalloniatis ◽  
Argyri Pattakou ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
Information Systems ◽  
Personal Information ◽  
Research Area ◽  
Security And Privacy ◽  
Software Systems ◽  
Economic Relationships ◽  
Analysis And Design ◽  
Privacy Requirements ◽  
Systems Analysis And Design ◽  
User Data

Pervasiveness of information systems is well underway, redefining our social and economic relationships. This technological revolution has generated enormous capabilities, but also enabled the creation of new vulnerabilities and threats. A major challenge in the field of information systems is therefore, to ensure the trustworthiness of the underlying technologies that make possible the generation, collection, storage, processing and transmission of user data at rates more intensive than ever before. Trust in information systems depends on different aspects, one of which is the security of user's data. Data security is referred as the protection of user's data from corruption and unauthorized access. Another important aspect of trust is the protection of user's privacy. Protecting privacy is about complying with user's desires when it comes to handling personal information. Without security to guarantee data protection, appropriate uses of that data cannot be realized. This implies that security and privacy issues are inherently intertwined and should be viewed synergistically. The aim of this paper is to elevate modern practices for ensuring security and privacy during software systems analysis and design. To this end, the basic security and privacy requirements that should be considered are introduced. Additionally, a number of well known methods in the research area of requirements engineering which focus on eliciting and modeling security and privacy requirements are described. Finally, a comparative analysis between these methods is presented.

2-SQUARE

2013 ◽  
Vol 1 (1) ◽  
pp. 41-53 ◽  
Author(s):  
Alan Lai ◽  
Cui Zhang ◽  
Senad Busovaca
Keyword(s):  
Software Engineering ◽  
Requirements Engineering ◽  
Security And Privacy ◽  
Engineering Process ◽  
Privacy Requirements ◽  
Requirements Engineering Process ◽  
Daunting Task ◽  
Process Guidance ◽  
Engineering Institute

This paper presents a highly flexible and expandable tool called 2-SQUARE in support of the SQUARE methodology for security and privacy requirements engineering developed by the Software Engineering Institute at Carnegie Mellon University. Security and privacy requirements engineering can be a daunting task even with the proper expertise. 2-SQUARE aims at making it straightforward to perform requirements engineering regardless of expertise by providing flexible workflows and process guidance. 2-SQUARE also facilitates communication between requirements engineers and stakeholders throughout the requirements engineering process.

Addressing Privacy in Traditional and Cloud-Based Systems

2017 ◽  
pp. 1900-1930
Author(s):  
Christos Kalloniatis ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
Credit Card ◽  
System Analysis ◽  
Systems Design ◽  
Personal Data ◽  
Research Area ◽  
Security And Privacy ◽  
Software Systems ◽  
Privacy Requirements ◽  
Credit Card Data ◽  
Privacy Violation

A major challenge in the field of software engineering is to make users trust the software that they use in their everyday activities for professional or recreational reasons. Amid the main criteria that formulate users' trust is the way that that their privacy is protected. Indeed, privacy violation is an issue of great importance for active online users that daily accomplish several transactions that may convey personal data, sensitive personal data, employee data, credit card data and so on. In addition, the appearance of cloud computing has elevated the number of personally identifiable information that users provide in order to gain access to various services, further raising user concerns as to how and to what extend information about them is communicated to others. The aim of this work is to elevate the modern practices for ensuring privacy during software systems design. To this end, the basic privacy requirements that should be considered during system analysis are introduced. Additionally, a number of well-known methods that have been introduced in the research area of requirements engineering which aim on eliciting and modeling privacy requirements during system design are introduced and critically analyzed. The work completes with a discussion of the additional security and privacy concepts that should be considered in the context of cloud-based information systems and how these affect current research.

Addressing Privacy in Traditional and Cloud-Based Systems

2015 ◽  
pp. 1631-1659
Author(s):  
Christos Kalloniatis ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
Credit Card ◽  
System Analysis ◽  
Systems Design ◽  
Personal Data ◽  
Research Area ◽  
Security And Privacy ◽  
Software Systems ◽  
Privacy Requirements ◽  
Credit Card Data ◽  
Privacy Violation

A major challenge in the field of software engineering is to make users trust the software that they use in their everyday activities for professional or recreational reasons. Amid the main criteria that formulate users' trust is the way that that their privacy is protected. Indeed, privacy violation is an issue of great importance for active online users that daily accomplish several transactions that may convey personal data, sensitive personal data, employee data, credit card data and so on. In addition, the appearance of cloud computing has elevated the number of personally identifiable information that users provide in order to gain access to various services, further raising user concerns as to how and to what extend information about them is communicated to others. The aim of this work is to elevate the modern practices for ensuring privacy during software systems design. To this end, the basic privacy requirements that should be considered during system analysis are introduced. Additionally, a number of well-known methods that have been introduced in the research area of requirements engineering which aim on eliciting and modeling privacy requirements during system design are introduced and critically analyzed. The work completes with a discussion of the additional security and privacy concepts that should be considered in the context of cloud-based information systems and how these affect current research.

Designing Secure and Privacy-Aware Information Systems

2019 ◽  
pp. 390-418
Author(s):  
Christos Kalloniatis ◽  
Argyri Pattakou ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
Information Systems ◽  
Personal Information ◽  
Research Area ◽  
Security And Privacy ◽  
Software Systems ◽  
Economic Relationships ◽  
Analysis And Design ◽  
Privacy Requirements ◽  
Systems Analysis And Design ◽  
User Data

Pervasiveness of information systems is well underway, redefining our social and economic relationships. This technological revolution has generated enormous capabilities, but also enabled the creation of new vulnerabilities and threats. A major challenge in the field of information systems is therefore, to ensure the trustworthiness of the underlying technologies that make possible the generation, collection, storage, processing and transmission of user data at rates more intensive than ever before. Trust in information systems depends on different aspects, one of which is the security of user's data. Data security is referred as the protection of user's data from corruption and unauthorized access. Another important aspect of trust is the protection of user's privacy. Protecting privacy is about complying with user's desires when it comes to handling personal information. Without security to guarantee data protection, appropriate uses of that data cannot be realized. This implies that security and privacy issues are inherently intertwined and should be viewed synergistically. The aim of this paper is to elevate modern practices for ensuring security and privacy during software systems analysis and design. To this end, the basic security and privacy requirements that should be considered are introduced. Additionally, a number of well known methods in the research area of requirements engineering which focus on eliciting and modeling security and privacy requirements are described. Finally, a comparative analysis between these methods is presented.

scholarly journals Applying the physics of notation to the evaluation of a security and privacy requirements engineering methodology

2018 ◽  
Vol 26 (4) ◽  
pp. 382-400 ◽  
Author(s):  
Vasiliki Diamantopoulou ◽  
Haralambos Mouratidis
Keyword(s):  
Requirements Engineering ◽  
Design Methodology ◽  
Development Process ◽  
Systems Development ◽  
Security And Privacy ◽  
Content Type ◽  
Privacy Requirements ◽  
Modelling Languages ◽  
Business Environments ◽  
Privacy Issues

Purpose The purpose of this study is the analysis of a security and privacy requirements engineering methodology. Such methodologies are considered an important part of systems’ development process when they contain and process a large amount of critical information, and thus need to remain secure and ensure privacy. Design/methodology/approach These methodologies provide techniques, methods and norms for tackling security and privacy issues in information systems. In this process, the utilisation of effective, clear and understandable modelling languages with sufficient notation is of utmost importance, as the produced models are used not only among IT experts or among security specialists but also for communication among various stakeholders, in business environments or among novices in an academic environment. Findings The qualitative analysis revealed a partial satisfaction of these principles. Originality/value This paper evaluates the effectiveness of a security and privacy requirements engineering methodology, namely, Secure Tropos, on the nine principles of the theory of notation.

Security and Privacy Requirements Engineering

2019 ◽  
pp. 1711-1729 ◽  
Author(s):  
Nancy R. Mead ◽  
Saeed Abu-Nimeh
Keyword(s):  
Risk Assessment ◽  
Requirements Engineering ◽  
Security Requirements ◽  
Security And Privacy ◽  
Future Research ◽  
Security Risk ◽  
Security Risks ◽  
Privacy Requirements ◽  
Assessment Techniques ◽  
Security Risk Assessment

Security requirements engineering identifies security risks in software in the early stages of the development cycle. In this chapter, the authors present the SQUARE security requirements method. They integrate privacy requirements into SQUARE to identify privacy risks in addition to security risks. They then present a privacy elicitation technique and subsequently combine security risk assessment techniques with privacy risk assessment techniques. The authors discuss prototype tools that have been developed to support SQUARE for security and privacy as well as recent workshops that have focused on additional results in the security and privacy requirements area. Finally, the authors suggest future research and case studies needed to further contribute to early lifecycle activities that will address security and privacy-related issues.

Sign in / Sign up

Export Citation Format

Share Document