Addressing privacy requirements in system design: the PriS method |
| |
Authors: | Christos Kalloniatis Evangelia Kavakli Stefanos Gritzalis |
| |
Affiliation: | (1) Cultural Informatics Laboratory, Department of Cultural Technology and Communication, University of the Aegean, Harilaou Trikoupi and Faonos Str., 81100 Mytilene, Greece;(2) Information and Communication Systems Security Laboratory, Department of Information and Communications Systems Engineering, University of the Aegean, 83200 Samos, Greece |
| |
Abstract: | A major challenge in the field of software engineering is to make users trust the software that they use in their every day
activities for professional or recreational reasons. Trusting software depends on various elements, one of which is the protection
of user privacy. Protecting privacy is about complying with user’s desires when it comes to handling personal information.
Users’ privacy can also be defined as the right to determine when, how and to what extend information about them is communicated
to others. Current research stresses the need for addressing privacy issues during the system design rather than during the
system implementation phase. To this end, this paper describes PriS, a security requirements engineering method, which incorporates
privacy requirements early in the system development process. PriS considers privacy requirements as organisational goals
that need to be satisfied and adopts the use of privacy-process patterns as a way to: (1) describe the effect of privacy requirements
on business processes; and (2) facilitate the identification of the system architecture that best supports the privacy-related
business processes. In this way, PriS provides a holistic approach from ‘high-level’ goals to ‘privacy-compliant’ IT systems.
The PriS way-of-working is formally defined thus, enabling the development of automated tools for assisting its application.
|
| |
Keywords: | Requirements engineering Privacy requirements Formal methods Privacy-process patterns Privacy enhancing technologies Goal-oriented approach System design |
本文献已被 SpringerLink 等数据库收录! |
|