Next Article in Journal
Measuring Knowledge Management Performance in Organizations: An Integrative Framework of Balanced Scorecard and Fuzzy Evaluation
Next Article in Special Issue
Implementation Support of Security Design Patterns Using Test Templates
Previous Article in Journal
Feature Engineering for Recognizing Adverse Drug Reactions from Twitter Posts
Previous Article in Special Issue
Using Proven Reference Monitor Patterns for Security Evaluation
Article Menu

Export Article

Open AccessArticle
Information 2016, 7(2), 28; doi:10.3390/info7020028

Computer-Aided Identification and Validation of Privacy Requirements

paluno—The Ruhr Institute for Software Technology, University of Duisburg-Essen, Duisburg 47057, Germany
*
Author to whom correspondence should be addressed.
Academic Editor: Eduardo B. Fernandez
Received: 15 February 2016 / Revised: 12 May 2016 / Accepted: 21 May 2016 / Published: 26 May 2016
(This article belongs to the Special Issue Evaluating the Security of Complex Systems)
View Full-Text   |   Download PDF [2262 KB, uploaded 27 May 2016]   |  

Abstract

Privacy is a software quality that is closely related to security. The main difference is that security properties aim at the protection of assets that are crucial for the considered system, and privacy aims at the protection of personal data that are processed by the system. The identification of privacy protection needs in complex systems is a hard and error prone task. Stakeholders whose personal data are processed might be overlooked, or the sensitivity and the need of protection of the personal data might be underestimated. The later personal data and the needs to protect them are identified during the development process, the more expensive it is to fix these issues, because the needed changes of the system-to-be often affect many functionalities. In this paper, we present a systematic method to identify the privacy needs of a software system based on a set of functional requirements by extending the problem-based privacy analysis (ProPAn) method. Our method is tool-supported and automated where possible to reduce the effort that has to be spent for the privacy analysis, which is especially important when considering complex systems. The contribution of this paper is a semi-automatic method to identify the relevant privacy requirements for a software-to-be based on its functional requirements. The considered privacy requirements address all dimensions of privacy that are relevant for software development. As our method is solely based on the functional requirements of the system to be, we enable users of our method to identify the privacy protection needs that have to be addressed by the software-to-be at an early stage of the development. As initial evaluation of our method, we show its applicability on a small electronic health system scenario. View Full-Text
Keywords: privacy; privacy requirements; privacy analysis; requirements engineering; computer-aided software engineering privacy; privacy requirements; privacy analysis; requirements engineering; computer-aided software engineering
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. (CC BY 4.0).

Scifeed alert for new publications

Never miss any articles matching your research from any publisher
  • Get alerts for new papers matching your research
  • Find out the new papers from selected authors
  • Updated daily for 49'000+ journals and 6000+ publishers
  • Define your Scifeed now

SciFeed Share & Cite This Article

MDPI and ACS Style

Meis, R.; Heisel, M. Computer-Aided Identification and Validation of Privacy Requirements. Information 2016, 7, 28.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Information EISSN 2078-2489 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top