Towards Detecting and Mitigating Conflicts for Privacy and Security Requirements

requirement engineering live in a world were contradiction is the norm. Hence, development of software engineering is usually an adjustable and upgrading cyclical process. We found in the literature that some requirements conflict with other requirements. We will focus in this study on identification and resolution of conflicts between security and privacy requirements. Although, most the recent studies focus on identifying conflicts without proposing a solution to resolve it. This paper presents an approach to identifying and resolving conflicting privacy and security requirements as patterns. By using patterns to describe the problem we can propose a solution for each conflict.

[1]  Paolo Giorgini,et al.  Managing Security Requirements Conflicts in Socio-Technical Systems , 2013, ER.

[2]  Djamal Ziani,et al.  Software Requirements Conflict Identification: Review and Recommendations , 2016 .

[3]  Alexander Egyed,et al.  A Comparison Study in Software Requirements Negotiation , 1998 .

[4]  Haralambos Mouratidis,et al.  Software Engineering for Secure Systems: Industrial and Research Perspectives , 2010 .

[5]  Jan Philipp Albrecht,et al.  How the GDPR Will Change the World , 2016 .

[6]  Yuval Ishai,et al.  Using Fully Homomorphic Hybrid Encryption to Minimize Non-interative Zero-Knowledge Proofs , 2015, Journal of Cryptology.

[7]  Stefanos Gritzalis,et al.  Designing Privacy Aware Information Systems , 2011 .

[8]  Oliver Berthold,et al.  Dummy Traffic against Long Term Intersection Attacks , 2002, Privacy Enhancing Technologies.

[9]  Didar Zowghi,et al.  Conflict characterization and Analysis of Non Functional Requirements: An experimental approach , 2013, 2013 IEEE 12th International Conference on Intelligent Software Methodologies, Tools and Techniques (SoMeT).

[10]  Jan Jürjens,et al.  Detecting Conflicts Between Data-Minimization and Security Requirements in Business Process Models , 2018, ECMFA.

[11]  P. Smokowski,et al.  Conflict Resolution , 1989, International Conference on Principles and Practice of Constraint Programming.

[12]  Charlie C. Chen,et al.  Relationships among interpersonal conflict, requirements uncertainty, and software project performance , 2011 .

[13]  Stefanos Gritzalis,et al.  Addressing privacy requirements in system design: the PriS method , 2008, Requirements Engineering.

[14]  Arvind Kumar,et al.  Steganography- A Data Hiding Technique , 2010 .

[15]  Stefanos Gritzalis,et al.  Supporting the design of privacy-aware business processes via privacy process patterns , 2017, 2017 11th International Conference on Research Challenges in Information Science (RCIS).

[16]  John Mylopoulos,et al.  Designing Security Requirements Models Through Planning , 2006, CAiSE.

[17]  Luise Röpke,et al.  The Development of Renewable Energies and Supply Security: A Trade-Off Analysis , 2013 .

[18]  John Mylopoulos,et al.  Non-Functional Requirements in Software Engineering , 2000, International Series in Software Engineering.

[19]  Loet Leydesdorff,et al.  Redundancy in Systems which Entertain a Model of Themselves: Interaction Information and the Self-organization of Anticipation , 2010, Entropy.

[20]  Didar Zowghi,et al.  An ontological framework to manage the relative conflicts between security and usability requirements , 2010, 2010 Third International Workshop on Managing Requirements Knowledge.

[21]  Eike Kiltz,et al.  Message Authentication, Revisited , 2012, EUROCRYPT.

[22]  Duaa Alkubaisy,et al.  A framework managing conflicts between security and privacy requirements , 2017, 2017 11th International Conference on Research Challenges in Information Science (RCIS).