Skip to main content
SpringerLink
Log in

Towards an Ontology for Privacy Requirements via a Systematic Literature Review

  • Conference paper
  • First Online:
Conceptual Modeling (ER 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10650))

Included in the following conference series:

Abstract

Privacy has been frequently identified as a main concern for systems that deal with personal information. However, much of existing work on privacy requirements deals with them as a special case of security requirements, thereby overlooking key aspects of privacy. In this paper, we address this problem by proposing an ontology for privacy requirements. The ontology is mined from the literature through a systematic literature review whose main purpose is to identify key concepts/relationships for capturing privacy requirements. In addition, identified concepts/relations are further analyzed to identify redundancies and semantic overlaps.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Notes

  1. 1.

    A detailed version of the systematic literature review can be found at [12].

  2. 2.

    Secondary studies can be found in the related work section.

  3. 3.

    In the case of multiple synonyms, some were omitted.

  4. 4.

    The frequency of appearance for each concept/relation can be found in [12].

  5. 5.

    The percentage of the concepts/relations covered by each study can be found in [12].

References

  1. Gharib, M., Salnitri, M., Paja, E., Giorgini, P., Mouratidis, H., Pavlidis, M., Ruiz, J.F., Fernandez, S., Della Siria, A.: Privacy requirements: findings and lessons learned in developing a privacy platform. In: The 24th International Requirements Engineering Conference (RE), pp. 256–265. IEEE (2016)

    Google Scholar 

  2. Hong, J.I., Ng, J.D., Lederer, S., Landay, J.A.: Privacy risk models for designing privacy-sensitive ubiquitous computing systems. In: Proceedings of the 5th Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques, pp. 91–100. ACM (2004)

    Google Scholar 

  3. Labda, W., Mehandjiev, N., Sampaio, P.: Modeling of privacy-aware business processes in BPMN to protect personal data. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1399–1405. ACM (2014)

    Google Scholar 

  4. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requirements Eng. 13(3), 241–255 (2008)

    Article  Google Scholar 

  5. Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. J. Softw. Eng. Knowl. Eng. 17(2), 285–309 (2007)

    Article  Google Scholar 

  6. Zannone, N.: A requirements engineering methodology for trust, security, and privacy. Ph.D. thesis, University of Trento (2006)

    Google Scholar 

  7. Solove, D.J.: A taxonomy of privacy. Univ. Pa. Law Rev. 154, 477–564 (2006)

    Article  Google Scholar 

  8. Souag, A., Salinesi, C., Mazo, R., Comyn-Wattiau, I.: A security ontology for security requirements elicitation. In: Piessens, F., Caballero, J., Bielova, N. (eds.) ESSoS 2015. LNCS, vol. 8978, pp. 157–177. Springer, Cham (2015). doi:10.1007/978-3-319-15618-7_13

    Chapter  Google Scholar 

  9. Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: 11th International RE Conference, pp. 151–161. IEEE (2003)

    Google Scholar 

  10. Kitchenham, B.: Procedures for performing systematic reviews. UK Keele Univ. 33, 1–26 (2004)

    Google Scholar 

  11. Kitchenham, B., Charters, S.: Guidelines for performing systematic literature reviews in software engineering. Technical report, Keele University (2007)

    Google Scholar 

  12. Gharib, M., Giorgini, P., Mylopoulos, J.: Ontologies for privacy requirements engineering: a systematic literature review. arXiv preprint arXiv:1611.10097 (2016)

  13. Van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, pp. 148–157. IEEE Computer Society (2004)

    Google Scholar 

  14. Braghin, S., Coen-Porisini, A., Colombo, P., Sicari, S., Trombetta, A.: Introducing privacy in a hospital information system. In: Proceedings of the Fourth International Workshop on Software Engineering for Secure Systems, pp. 9–16. ACM (2008)

    Google Scholar 

  15. Singhal, A., Wijesekera, D.: Ontologies for modeling enterprise level security metrics. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, p. 58. ACM (2010)

    Google Scholar 

  16. Wang, J.A., Guo, M.: OVM: an ontology for vulnerability management. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research, p. 34. ACM (2009)

    Google Scholar 

  17. Velasco, J.L., Valencia-García, R., Fernández-Breis, J.T., Toval, A., et al.: Modelling reusable security requirements based on an ontology framework. J. Res. Pract. Inf. Technol. 41(2), 119 (2009)

    Google Scholar 

  18. Souag, A., Salinesi, C., Wattiau, I., Mouratidis, H.: Using security and domain ontologies for security requirements analysis. In: Computer Software and Applications Conference Workshops (COMPSACW), pp. 101–107. IEEE (2013)

    Google Scholar 

  19. Tsoumas, B., Gritzalis, D.: Towards an ontology-based security management. In: 20th International Conference on Advanced Information Networking and Applications (AINA), vol. 1, pp. 985–992. IEEE (2006)

    Google Scholar 

  20. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: 13th International Conference on Requirements Engineering, pp. 167–176. IEEE (2005)

    Google Scholar 

  21. Kang, W., Liang, Y.: A security ontology with MDA for software development. In: 2013 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), pp. 67–74. IEEE (2013)

    Google Scholar 

  22. Massacci, F., Mylopoulos, J., Paci, F., Tun, T.T., Yu, Y.: An extended ontology for security requirements. In: Salinesi, C., Pastor, O. (eds.) CAiSE 2011. LNBIP, vol. 83, pp. 622–636. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22056-2_64

    Chapter  Google Scholar 

  23. Elahi, G., Yu, E., Zannone, N.: A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations. In: Laender, A.H.F., Castano, S., Dayal, U., Casati, F., de Oliveira, J.P.M. (eds.) ER 2009. LNCS, vol. 5829, pp. 99–114. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04840-1_10

    Chapter  Google Scholar 

  24. Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10(1), 34–44 (2005)

    Article  Google Scholar 

  25. Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 183–194. ACM (2009)

    Google Scholar 

  26. Asnar, Y., Moretti, R., Sebastianis, M., Zannone, N.: Risk as dependability metrics for the evaluation of business solutions: a model-driven approach. In: Third Conference on Availability, Reliability and Security, ARES 2008, pp. 1240–1247. IEEE (2008)

    Google Scholar 

  27. den Braber, F., Dimitrakos, T., Gran, B.A., Lund, M.S., Stølen, K., Aagedal, J.: The CORAS methodology: model-based risk assessment using UML and up. UML Unified Process 332–357 (2003)

    Google Scholar 

  28. Elahi, G., Yu, E., Zannone, N.: A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requirements Eng. 15(1), 41–62 (2010)

    Article  Google Scholar 

  29. Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002). doi:10.1007/3-540-45800-X_32

    Chapter  MATH  Google Scholar 

  30. Matulevičius, R., Mayer, N., Mouratidis, H., Dubois, E., Heymans, P., Genon, N.: Adapting secure tropos for security risk management in the early phases of information systems development. In: Bellahsène, Z., Léonard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 541–555. Springer, Heidelberg (2008). doi:10.1007/978-3-540-69534-9_40

    Chapter  Google Scholar 

  31. Røstad, L.: An extended misuse case notation: including vulnerabilities and the insider threat. In: International Working Conference on Requirements Engineering: Foundation for Software Quality, pp. 33–34. Springer (2006). doi:10.1.1.106.8353

    Google Scholar 

  32. Mayer, N.: Model-based management of information system security risk. Ph.D. thesis, University of Namur (2009)

    Google Scholar 

  33. Dritsas, S., Gymnopoulos, L., Karyda, M., Balopoulos, T., Kokolakis, S., Lambrinoudakis, C., Katsikas, S.: A knowledge-based approach to security requirements for e-health applications. J. E-Commer. Tools Appl. 2, 1–24 (2006)

    Google Scholar 

  34. Lin, L., Nuseibeh, B., Ince, D., Jackson, M., Moffett, J.: Introducing abuse frames for analysing security requirements. In: 11th Requirements Engineering International Conference, pp. 371–372. IEEE (2003)

    Google Scholar 

  35. Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1(1), 11–33 (2004)

    Article  Google Scholar 

  36. Asnar, Y., Giorgini, P., Massacci, F., Zannone, N.: From trust to dependability through risk analysis. In: The Second International Conference on Availability, Reliability and Security, ARES 2007, pp. 19–26. IEEE (2007)

    Google Scholar 

  37. Asnar, Y., Giorgini, P., Mylopoulos, J.: Risk modelling and reasoning in goal models, DIT-06-008. Technical report, Universitá degli studi di Trento (2006)

    Google Scholar 

  38. Paja, E., Dalpiaz, F., Giorgini, P.: STS-tool: security requirements engineering for socio-technical systems. In: Heisel, M., Joosen, W., Lopez, J., Martinelli, F. (eds.) Engineering Secure Future Internet Services and Systems. LNCS, vol. 8431, pp. 65–96. Springer, Cham (2014). doi:10.1007/978-3-319-07452-8_3

    Chapter  Google Scholar 

  39. Van Blarkom, G., Borking, J., Olk, J.: Handbook of privacy and privacy-enhancing technologies. Privacy Incorporated Software Agent Consortium, The Hague (2003)

    Google Scholar 

  40. Gharib, M., Giorgini, P.: Analyzing trust requirements in socio-technical systems: a belief-based approach. In: Ralyté, J., España, S., Pastor, Ó. (eds.) PoEM 2015. LNBIP, vol. 235, pp. 254–270. Springer, Cham (2015). doi:10.1007/978-3-319-25897-3_17

    Chapter  Google Scholar 

  41. Runeson, P., Höst, M.: Guidelines for conducting and reporting case study research in software engineering. Empir. Softw. Eng. 14(2), 131–164 (2009)

    Article  Google Scholar 

  42. Souag, A., Salinesi, C., Comyn-Wattiau, I.: Ontologies for security requirements: a literature survey and classification. In: Bajec, M., Eder, J. (eds.) CAiSE 2012. LNBIP, vol. 112, pp. 61–69. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31069-0_5

    Chapter  Google Scholar 

  43. Blanco, C., Lasheras, J., Valencia-García, R., Fernández-Medina, E., Toval, A., Piattini, M.: A systematic review and comparison of security ontologies. In: 3rd Conference on Availability, Reliability and Security, pp. 813–820. IEEE (2008)

    Google Scholar 

  44. Fabian, B., Gürses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requirements Eng. 15(1), 7–40 (2010)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. DiMaI, University of Florence, Viale Morgagni 65, Florence, Italy

    Mohamad Gharib

  2. DISI, University of Trento, 38123, Povo, Trento, Italy

    Paolo Giorgini & John Mylopoulos

Authors
  1. Mohamad Gharib
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paolo Giorgini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. John Mylopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohamad Gharib .

Editor information

Editors and Affiliations

  1. University of Klagenfurt, Klagenfurt, Austria

    Heinrich C. Mayr

  2. Free University of Bozen-Bolzano, Bozen-Bolzano, Italy

    Giancarlo Guizzardi

  3. Victoria University of Wellington, Wellington, New Zealand

    Hui Ma

  4. Valencia University of Technology, Valencia, Spain

    Oscar Pastor

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Gharib, M., Giorgini, P., Mylopoulos, J. (2017). Towards an Ontology for Privacy Requirements via a Systematic Literature Review. In: Mayr, H., Guizzardi, G., Ma, H., Pastor, O. (eds) Conceptual Modeling. ER 2017. Lecture Notes in Computer Science(), vol 10650. Springer, Cham. https://doi.org/10.1007/978-3-319-69904-2_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69904-2_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69903-5

  • Online ISBN: 978-3-319-69904-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation