Combining Security and Privacy in Requirements Engineering

Security requirements engineering identifies security risks in software in the early stages of the development cycle. In this chapter, the authors present a security requirements approach dubbed SQUARE. They integrate privacy requirements into SQUARE to identify privacy risks in addition to security risks. They present a privacy elicitation technique and then combine security risk assessment techniques with privacy risk assessment techniques.

[1]  Tanveer J. Siddiqui,et al.  Robust Image Data Hiding Technique for Copyright Protection , 2013, Int. J. Inf. Secur. Priv..

[2]  Anne Adams,et al.  Privacy in Multimedia Communications: Protecting Users, Not Just Data , 2001, BCS HCI/IHM.

[3]  Y. Haimes Risk Modeling, Assessment, and Management: Haimes/Risk Modeling, Assessment 2e , 2005 .

[4]  Hamid R. Nemati International Journal of Information Security and Privacy , 2007 .

[5]  Annie I. Antón,et al.  Prioritizing Legal Requirements , 2009, 2009 Second International Workshop on Requirements Engineering and Law.

[6]  Seiya Miyazaki,et al.  Computer-Aided Privacy Requirements Elicitation Technique , 2008, 2008 IEEE Asia-Pacific Services Computing Conference.

[7]  Nancy R. Mead,et al.  Combining Privacy and Security Risk Assessment in Security Quality Requirements Engineering , 2010, AAAI Spring Symposium: Intelligent Information Privacy Management.

[8]  Pierre Cotte,et al.  Smart Card Applications and Systems: Market Trend and Impact on Other Technological Development , 2004 .

[9]  Adam A. Porter,et al.  Comparing Detection Methods for Software Requirements Inspections: A Replicated Experiment , 1995, IEEE Trans. Software Eng..

[10]  Maria Grazia Fugini,et al.  Information Security Policies and Actions in Modern Integrated Systems , 2004 .

[11]  Jason Edwin Stamp,et al.  A classification scheme for risk assessment methods. , 2004 .

[12]  Fabio Casati,et al.  Engineering Privacy Requirements in Business Intelligence Applications , 2008, Secure Data Management.

[13]  Despina Polemi,et al.  Building Innovative Secure and Interoperable e-government Services , 2008 .

[14]  Seiya Miyazaki,et al.  Integrating Privacy Requirements into Security Requirements Engineering , 2009, SEKE.

[15]  Joachim Karlsson,et al.  Software requirements prioritizing , 1996, Proceedings of the Second International Conference on Requirements Engineering.

[16]  Panos Periorellis Securing Web Services: Practical Usage of Standards and Specifications , 2007 .

[17]  Nancy R. Mead,et al.  Privacy Risk Assessment in Privacy Requirements Engineering , 2009, 2009 Second International Workshop on Requirements Engineering and Law.

[18]  Pamela Zave Classification of research efforts in requirements engineering , 1997, ACM Comput. Surv..

[19]  Shari Lawrence Pfleeger,et al.  Harmonizing privacy with security principles and practices , 2009, IBM J. Res. Dev..