Abstract
Mobile and web applications that manage users’ personal information require developers to align their software design with privacy requirements commonly described in privacy policies. These policies are often the sole means to enforce accountability on that data protection. We propose the RSL-IL4Privacy, a domain-specific language for specifying privacy policies that can be simultaneously manipulated by computers and authored and analyzed by humans. In addition, RSL-IL4Privacy can be used as an intermediate language to support model-to-model transformations from and into other related languages. RSL-IL4Privacy provides policy authors with means to define a privacy policy as a set of declarative statements with explicit relationships to services, data recipients, private data types and enforcement mechanisms. The RSL-IL4Privacy is defined with different technologies for supporting distinct levels of formality, namely support for multiple modes of presenting privacy requirements, including tabular, graphical and textual representations, to increase integration with a wider variety of authoring and analyzing practices. We apply this language to support the analysis and comparison of policies from Facebook, LinkedIn, Twitter, Dropbox and IMDb. We discuss with further detail the application of this approach to the Twitter policy by presenting several examples with multiple representations. Finally, we discuss how RSL-IL4Privacy can improve the quality of privacy policies and also identifies threats to validity.
Similar content being viewed by others
Notes
Sparx System Enterprise Architect, http://www.sparxsystems.com.
Xtext framework, https://eclipse.org/Xtext.
References
Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (2016). https://www.eugdpr.org/. Accessed 14 Nov 2018
United States Department of Health and Human Service (2006) HIPAA administrative simplification: enforcement. Fed Regist/Rules Regul 71(32):2006. https://www.federalregister.gov/documents/2009/10/30/E9-26203/hipaa-administrative-simplification-enforcement. Accessed 14 Nov 2018
Government of Canadá (2018) Personal information protection and electronic documents act (PIPEDA). last updated in 2018. http://laws-lois.justice.gc.ca/eng/acts/P-8.6/FullText.html
Pohl K (2010) Requirements engineering: fundamentals, principles and techniques. Springer, New York
Kovitz B (1998) Practical software requirements: manual of content and style, Manning 1998
Deng M, Wuyts K, Scandariato R, Preneel B, Joosen W (2011) A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir Eng 16(1):3–32
The STRIDE Threat Model. msdn.microsoft.com/en-us/library/ee823878(v = cs.20).aspx
Caramujo J, Silva AR (2015) Analyzing privacy policies based on a privacy-aware profile: the Facebook and LinkedIn case studies. In: IEEE 17th conference on business informatics (CBI), July 2015
Silva AR, Caramujo J, Monfared S, Calado P, Breaux T (2016) Improving the specification and analysis of privacy policies: the RSLingo4Privacy approach. In: International conference on enterprise information systems, SCITEPRESS
Bettini L (2013) Implementing domain-specific languages with Xtext and Xtend. Packt Publishing Ltd, Birmingham
Breaux TD, Hibshi H, Rao A (2014) Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements. Requir Eng 19(3):281–307
Van Deursen A, Klint P, Visser J (2000) Domain-specific languages: an annotated bibliography. ACM SIGPLAN Notices 35(6):26–36
da Silva AR (2015) Model-driven engineering: a survey supported by a unified conceptual model. Comput Lang Syst Struct 43:139–155
Meyer J-J (1993) Deontic logic: a concise overview, deontic logic in computer science: normative system specification. Wiley, Hoboken
Horkoff J, Aydemir FB, Cardoso E, Li T, Maté A, Paja E, Salnitri M, Piras L, Mylopoulos J, Giorgini P (2017) Goal-oriented requirements engineering: an extended systematic mapping study, requirements engineering. Springer, New York, pp 1–28
Ribeiro A, Silva AR (2017) RSLingo4Privacy studio: a tool to improve the specification and analysis of privacy policies. In: International conference on enterprise information systems, SCITEPRESS
Baader F (2003) The description logic handbook: theory, implementantion and applications. Cambridge University Press, Cambridge
Han W, Lei C (2012) A survey on policy languages in network and security management. Comput Netw 56(1):477–489
Anthonysamy P, Rashid A, Chitchyan R (2017) Privacy requirements: present and future. In: Proceedings of the 39th international conference on software engineering, IEEE Press
Kapitsaki G, Venieris I (2008) PCP: privacy-aware context profile towards context-aware application development. In: 10th international conference on information integration and web-based applications & services. pp 104–110
L. Kagal, T. Finin and A. Joshi, “A policy language for a pervasive computing environment”, 4th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 63—74, June 2003
Karat J, Karat CM, Brodie C, Feng J (2005) Designing natural language and structured entry methods for privacy policy authoring. In: Human–Computer Interaction—INTERACT. Springer, pp 671-684
W3C, The platform for privacy preferences (P3P) project: http://www.w3.org/P3P/. Accessed 14 Nov 2018
eXtensible Access Control Markup Language (XACML) Version 3.0. 22 January 2013. OASIS Standard
Enterprise Policy Authorization Language 1.2 (EPAL) Specification, W3C. https://www.w3.org/Submission/2003/SUBM-EPAL-20031110. Accessed 14 Nov 2018
P3P Preference Exchange Language 1.0 (APPEL) Specification, W3C, http://www.w3.org/TR/P3P-preferences. Accessed 14 Nov 2018
Cranor LF (2003) P3P: making privacy policies more useful. IEEE Secur Priv 6:50–55
Backes M, Pfitzmann B, Schunter M (2003) A toolkit for managing enterprise privacy policies, In: European symposium on research in computer security. Springer
Brodie CA, Karat C-M, Karat J (2006) An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench. In: Proceedings of the second symposium on Usable privacy and security. ACM
W3C, P3P 1.0 Implementations. http://www.w3.org/P3P/implementations. Accessed 14 Nov 2018
Uszok A, Bradshaw J, Jeffers R, Suri N, Hayes P, Breedy M, Bunch L, Johnson M, Kulkarni S, Lott J (2003) KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement. In: 4th IEEE international workshop on policies for distributed systems and networks, pp 93–96
Paja E, Dalpiaz F, Giorgini P (2015) Modeling and reasoning about security requirements in socio-technical systems. Data Knowl Eng 98:123–143
W3C (2011) Notation3 (N3): a readable RDF syntax. https://www.w3.org/TeamSubmission/n3/. Accessed 14 Nov 2018
Shah AB (2005) An integrated development environment for policies. Master Thesis. University of Baltimore
Dalpiaz F, Paja E, Giorgini P (2016) Security requirements engineering: designing secure socio-technical systems. MIT Press, Cambridge
Wishart R, Corapi D, Marinovic S, Sloman M (2010) Collaborative privacy policy authoring in a social networking context. In: Proceedings of the policy symposium. IEEE, pp 1–8
Winkler S, Zeadally S (2016) Privacy policy analysis of popular web platforms. IEEETechnology and Society Magazine 35(2):75–85
Gharib M, Giorgini P, Mylopoulos J (2017) Towards an ontology for privacy requirements via a systematic literature review. In: International conference on conceptual modeling. Springer
Mouratidis H, Giorgini P (2007) Secure tropos: a security-oriented extension of the tropos methodology. Int J Software Eng Knowl Eng 17(02):285–309
Moore B, Ellesson E, Strassner J, Westerinen A (2001) Policy core information 1.0 specification, RFC 3060. http://www.ietf.org/rfc/rfc3060. Accessed 14 Nov 2018
Nadas A, Levendovszky T, Jackson EK, Madari I, Sztipanovits J (2014) A model-integrated authoring environment for privacy policies. Sci Comput Program. 89(Part B):105–125
Breaux T, Anton A (2008) Analyzing regulatory rules for privacy and security requirements. IEEE Trans Softw Eng 34:5–20
Young J (2011) Commitment analysis to operationalize software requirements from privacy policies”. Requir Eng 16:33–46
Nissenbaum H (2004) Privacy as contextual integrity. Wash L Rev 79:119
Solove DJ (2006) A taxonomy of privacy. Univ Pa Law Rev 154:477
Massey A, Otto P, Hayward L, Anton A (2010) Evaluating existing security and privacy requirements for legal compliance. In: Proceedings of the RE
Anton AI, Bertino E, Li N, Yu T (2007) A roadmap for comprehensive online privacy policy management. Commun ACM 50:109–116
Barth A, Datta A, Mitchell JC, Nissenbaum H (2006) Privacy and contextual integrity: framework and applications. In: Proceedings 2006 IEEE symposium on security and privacy
Cleland-Huang J, Czauderna A, Gibiec M, Emenecker J (2010) A machine learning approach for tracing regulatory codes to product specific requirements. In: ICSE
Gervasi V, Zowghi D (2005) Reasoning about inconsistencies in natural language requirements. ACM Trans Softw Eng Methodol 14:277–330
Guha A, Fredrikson M, Livshits B, Swamy N (2011) Verified security for browser extensions. In: 2011 IEEE symposium on security and privacy
Johnson ML, Egelman S, Bellovin SM (2012) Facebook and privacy: it’s complicated. In: SOUPS
Gurses S, Rizk R, Gunther O (2008) Privacy design in online social networks: learning from privacy breaches and community feedback. In: ICIS 2008 proceedings. ACM
Bonneau J, Preibusch S (2010) The privacy jungle: on the market for data protection in social networks. In: Economics of information security and privacy. Springer
Acquisti A, Gross R (2006) Imagined communities: awareness, information sharing, and privacy on the facebook. In: Privacy enhancing technologies. Springer
Drgon M, Magnuson G, Sabo J (eds) (2016) Privacy management reference model and methodology (PMRM) version 1.0. OASIS. http://docs.oasis-open.org/pmrm/PMRM/v1.0/cs02/PMRM-v1.0-cs02.html. Accessed 14 Nov 2018
Diamantopoulou V, Pavlidis M, Mouratidis H (2017) Privacy level agreements for public administration information systems. In: CAiSE 2017 forum and doctoral consortium papers
Kalloniatis C, Kavakli E, Gritzalis S (2008) Addressing privacy requirements in system design: the PriS method. Requir Eng 13(3):241–255
Nurse JR, Atamli A, Martin A (2016) Towards a usable framework for modelling security and privacy risks in the smart home. In: International conference on human aspects of information security, privacy, and trust. Springer, pp 255–267
Bhatia J, Breaux T, Schaub F (2016) Privacy goal mining through hybridized task re-composition. ACM Trans Soft Eng Method 25:22
Gonçalves L, Silva AR (2018) Towards a catalogue of reusable security requirements, vulnerabilities and threats. In: Designing digitalization (ISD2018 Proceedings). ISBN:978-91-7753-876-9. http://aisel.aisnet.org/isd2014/proceedings2018/HCI/5. Accessed 14 Nov 2018
Acknowledgements
This work was partially supported by national funds under FCT projects UID/CEC/50021/2013, EXCL/EEI-ESS/0257/2012, CMUP-EPB/TIC/0053/2013 and the project TT-MDD-Mindbury/2014.
Author information
Authors and Affiliations
Corresponding author
Appendix: Complete RSL-IL4Privacy metamodel
Appendix: Complete RSL-IL4Privacy metamodel
Rights and permissions
About this article
Cite this article
Caramujo, J., Rodrigues da Silva, A., Monfared, S. et al. RSL-IL4Privacy: a domain-specific language for the rigorous specification of privacy policies. Requirements Eng 24, 1–26 (2019). https://doi.org/10.1007/s00766-018-0305-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00766-018-0305-2