Privacy Aware Engineering: A Case Study

Privacy is a complex social process that will persist in one form or another as a fundamental feature of software engineering. For successful privacy aware engineering, it is critical to guarantee the alignment and compliance among privacy artifacts emerging during software development process. In this paper, we propose a privacy compliance engineering flow in which we investigate the involved necessary privacy artifacts and discuss their alignment, refinement, and compliance verification. Within an exemplary case study, we identify the privacy artifacts introduced in the refinement process and analyze their compliance verification.

[1]  Mukesh K. Mohania,et al.  Towards Automated Privacy Compliance in the Information Life Cycle , 2009, Advances in Web Semantics I.

[2]  Steve Kenny,et al.  The Value of Privacy Engineering , 2002, J. Inf. Law Technol..

[3]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[4]  Stefanos Gritzalis,et al.  Addressing privacy requirements in system design: the PriS method , 2008, Requirements Engineering.

[5]  Nicola Zannone,et al.  Towards the development of privacy-aware systems , 2009, Inf. Softw. Technol..

[6]  Annie I. Antón,et al.  Requirements-based Access Control Analysis and Policy Specification (ReCAPS) , 2009, Inf. Softw. Technol..

[7]  Olly Gotel,et al.  An analysis of the requirements traceability problem , 1994, Proceedings of IEEE International Conference on Requirements Engineering.

[8]  Simone Fischer Hübner IT-Security and Privacy : Design and Use of Privacy-Enhancing Security Mechanisms , 2001 .

[9]  Annie I. Antón,et al.  Analyzing Website privacy requirements using a privacy goal taxonomy , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.

[10]  M.N. Kreeger,et al.  Engineering secure software by modelling privacy and security requirements , 2005, Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology.

[11]  Grit Denker,et al.  Using Rules to Define the Semantics of Privacy Policies , 2005, Rule Languages for Interoperability.

[12]  James A. Landay,et al.  Privacy risk models for designing privacy-sensitive ubiquitous computing systems , 2004, DIS '04.

[13]  Bashar Nuseibeh,et al.  The effect of trust assumptions on the elaboration of security requirements , 2004, Proceedings. 12th IEEE International Requirements Engineering Conference, 2004..

[14]  Joan Feigenbaum,et al.  Privacy Engineering for Digital Rights Management Systems , 2001, Digital Rights Management Workshop.

[15]  Jon G. Hall,et al.  Introducing Regulatory Compliance Requirements Engineering , 2006, ISSE.

[16]  Elisa Bertino,et al.  Privacy Protection , 2022 .

[17]  Elisa Bertino,et al.  A roadmap for comprehensive online privacy policy management , 2007, CACM.

[18]  Bashar Nuseibeh,et al.  On modelling access policies: relating roles to their organisational context , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[19]  Annie I. Antón,et al.  Analyzing Regulatory Rules for Privacy and Security Requirements , 2008, IEEE Transactions on Software Engineering.

[20]  Annie I. Antón,et al.  The Use of Goals to Extract Privacy and Security Requirements from Policy Statements , 2003 .

[21]  S. Fischer-Hübner IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms , 2001 .

[22]  Lorrie Faith Cranor,et al.  Engineering Privacy , 2009, IEEE Transactions on Software Engineering.