Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

International Conference on Availability, Reliability, and Security

CD-ARES 2012: Multidisciplinary Research and Practice for Information Systems pp 93–107Cite as

  1. Home
  2. Multidisciplinary Research and Practice for Information Systems
  3. Conference paper
A Foundation for Requirements Analysis of Privacy Preserving Software

A Foundation for Requirements Analysis of Privacy Preserving Software

  • Kristian Beckers21 &
  • Maritta Heisel21 
  • Conference paper
  • 2102 Accesses

  • 10 Citations

Part of the Lecture Notes in Computer Science book series (LNISA,volume 7465)

Abstract

Privacy requirements are difficult to elicit for any given software engineering project that processes personal information. The problem is that these systems require personal data in order to achieve their functional requirements and privacy mechanisms that constrain the processing of personal information in such a way that the requirement still states a useful functionality.

We present privacy patterns that support the expression and analysis of different privacy goals: anonymity, pseudonymity, unlinkability and unobservability. These patterns have a textual representation that can be instantiated. In addition, for each pattern, a logical predicate exists that can be used to validate the instantiation. We also present a structured method for instantiating and validating the privacy patterns, and for choosing privacy mechanisms. Our patterns can also be used to identify incomplete privacy requirements. The approach is illustrated by the case study of a patient monitoring system.

Keywords

  • privacy
  • common criteria
  • compliance
  • requirements engineering

This research was partially supported by the EU project Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS, ICT-2009.1.4 Trustworthy ICT, Grant No. 256980).

Download conference paper PDF

References

  1. Westin, A.F.: Privacy and Freedom. Atheneum, New York (1967)

    Google Scholar 

  2. OECD: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Technical report, Organisation for Economic Co-operation and Development, OECD (1980)

    Google Scholar 

  3. EU: Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Technical report, European Community (EU) (1995)

    Google Scholar 

  4. Hansen, M., Schwartz, A., Cooper, A.: Privacy and Identity Management. IEEE Security & Privacy 6(2), 38–45 (2008)

    CrossRef  Google Scholar 

  5. Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: Anonymity, unlinkability, unobservability, pseudonymity, and identity management - version v0.34. Technical report, TU Dresden and ULD Kiel (2011)

    Google Scholar 

  6. ISO and IEC: Common Criteria for Information Technology Security Evaluation – Part 2 Security functional components. ISO/IEC 15408, International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) (2009)

    Google Scholar 

  7. Hatebur, D., Heisel, M.: A Foundation for Requirements Analysis of Dependable Software. In: Buth, B., Rabe, G., Seyfarth, T. (eds.) SAFECOMP 2009. LNCS, vol. 5775, pp. 311–325. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  8. Alebrahim, A., Hatebur, D., Heisel, M.: A method to derive software architectures from quality requirements. In: Thu, T.D., Leung, K. (eds.) Proceedings of the 18th Asia-Pacific Software Engineering Conference (APSEC), pp. 322–330. IEEE Computer Society (2011)

    Google Scholar 

  9. Jackson, M.: Problem Frames. Analyzing and structuring software development problems. Addison-Wesley (2001)

    Google Scholar 

  10. Hatebur, D., Heisel, M.: A UML Profile for Requirements Analysis of Dependable Software. In: Schoitsch, E. (ed.) SAFECOMP 2010. LNCS, vol. 6351, pp. 317–331. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  11. Côté, I., Hatebur, D., Heisel, M., Schmidt, H., Wentzlaff, I.: A systematic account of problem frames. In: Proceedings of the European Conference on Pattern Languages of Programs (EuroPLoP 2007), Universitätsverlag Konstanz (2008)

    Google Scholar 

  12. Jackson, M., Zave, P.: Deriving specifications from requirements: an example. In: Proceedings 17th Int. Conf. on Software Engineering, Seattle, USA, pp. 15–24. ACM Press (1995)

    Google Scholar 

  13. Sweeney, L.: Achieving k-anonymity privacy protection using generalization and suppression. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10, 571–588 (2002)

    CrossRef  MathSciNet  MATH  Google Scholar 

  14. Australian Government - Office of the Privacy Commissioner: Privacy Impact Assessment Guide. Australian Government (2010), http://www.privacy.gov.au/materials/types/download/9509/6590

  15. Clauß, S., Kesdogan, D., Kölsch, T.: Privacy enhancing identity management: protection against re-identification and profiling. In: Proceedings of the 2005 Workshop on Digital Identity Management, DIM 2005, pp. 84–93. ACM (2005)

    Google Scholar 

  16. Cormode, G., Srivastava, D.: Anonymized data: generation, models, usage. In: Proceedings of the 35th SIGMOD International Conference on Management of Data, SIGMOD 2009, pp. 1015–1018. ACM (2009)

    Google Scholar 

  17. Kapadia, A., Naldurg, P., Campbell, R.H.: Distributed enforcement of unlinkability policies: Looking beyond the chinese wall. In: Proceedings of the POLICY Workshop, pp. 141–150. IEEE Computer Society (2007)

    Google Scholar 

  18. Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 16, 3–32 (2011)

    CrossRef  Google Scholar 

  19. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the pris method. Requir. Eng. 13, 241–255 (2008)

    CrossRef  Google Scholar 

  20. Hafiz, M.: A collection of privacy design patterns. In: Proceedings of the 2006 Conference on Pattern Languages of Programs, PLoP 2006, pp. 7:1–7:13. ACM (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. paluno, The Ruhr Institute for Software Technology, University of Duisburg, Essen, Germany

    Kristian Beckers & Maritta Heisel

Authors
  1. Kristian Beckers
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maritta Heisel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of IT, Engineering and Environment, University of South Australia, Mawson Lakes Campus, 5001, Adelaide, SA, Australia

    Gerald Quirchmayr

  2. Department of Information Technologies, University of Economics, W. Churchill Sq. 4, 130 67, Prague 3, Czech Republic

    Josef Basl

  3. School of Information Science, Korean Bible University, 16 Danghyun 2-gil, Nowon-gu, 139-791, Seoul, Korea

    Ilsun You

  4. Information Technology and Decision Sciences, Old Dominion University, 2076 Constant Hall, 23529, Norfolk, VA, USA

    Lida Xu

  5. Institute of Software Technology and Interactive Systems, Vienna University of Technology and SBA Research, Favoritenstrsse 9-11, 1040, Vienna, Austria

    Edgar Weippl

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Beckers, K., Heisel, M. (2012). A Foundation for Requirements Analysis of Privacy Preserving Software. In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds) Multidisciplinary Research and Practice for Information Systems. CD-ARES 2012. Lecture Notes in Computer Science, vol 7465. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32498-7_8

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-32498-7_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32497-0

  • Online ISBN: 978-3-642-32498-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature