Duaa Alkubaisy
A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design.
Alkubaisy, Duaa; Piras, Luca; Al-Obeidallah, Mohammed Ghazi; Cox, Karl; Mouratidis, Haralambos
Authors
Luca Piras
Mohammed Ghazi Al-Obeidallah
Karl Cox
Haralambos Mouratidis
Contributors
Raian Ali
Editor
Hermann Kaindl
Editor
Leszek A. Maciaszek
Editor
Abstract
Requirements elicitation, analysis, and, above all, early detection of conflicts and resolution, are among the most important, strategic, complex and crucial activities for preventing software system failures, and reducing costs related to reengineering/fixing actions. This is especially important when critical Requirements Classes are involved, such as Privacy and Security Requirements. Recently, organisations have been heavily fined for lack of compliance with data protection regulations, such as the EU General Data Protection Regulation (GDPR). GDPR requires organisations to enforce privacy-by-design activities from the early stages and for the entire software engineering cycle. Accordingly, requirements engineers need methods and tools for systematically identifying privacy and security requirements, detecting and solving related conflicts. Existing techniques support requirements identification without detecting or mitigating conflicts. The framework and tool we propose in this paper, called ConfIs, fills this gap by supporting engineers and organisations in these complex activities, with its systematic and interactive process. We applied ConfIs to a realistic GDPR example from the DEFeND EU Project, and evaluated its supportiveness, with positive results, by involving privacy and security requirements experts (This research is an extension of the study conducted by ALKUBAISY, D., PIRAS, L., AL-OBEIDALLAH, M.G., COX, K. and MOURATIDIS, H. 2021. ConfIs: a tool for privacy and security analysis and conflict resolution for supporting GDPR compliance through privacy-by-design [https://doi.org/10.5220/0010406100800091]).
Citation
ALKUBAISY, D., PIRAS, L., AL-OBEIDALLAH, M.G., COX, K. and MOURATIDIS, H. 2022. A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design. In Ali, R., Kaindl, H. and Maciaszek, L.A. (eds.). Evaluation of novel approaches to software engineering: revised selected papers from 16th International conference on Evaluation of novel approaches to software engineering 2021 (ENASE 2021), 26-27 April 2021, [virtual conference]. Communications in computer and information science, 1556. Cham: Springer [online], pages 67-87. Available from: https://doi.org/10.1007/978-3-030-96648-5_4
Presentation Conference Type | Conference Paper (published) |
---|---|
Conference Name | 16th International conference on Evaluation of novel approaches to software engineering 2021 (ENASE 2021) |
Start Date | Apr 26, 2021 |
End Date | Apr 27, 2021 |
Acceptance Date | Feb 5, 2021 |
Online Publication Date | Feb 11, 2022 |
Publication Date | Dec 31, 2022 |
Deposit Date | Mar 14, 2022 |
Publicly Available Date | Aug 12, 2022 |
Publisher | Springer |
Peer Reviewed | Peer Reviewed |
Pages | 67-87 |
Series Title | Communications in computer and information science |
Series Number | 1556 |
Series ISSN | 1865-0929 |
Book Title | Evaluation of novel approaches to software engineering: revised selected papers from 16th International conference on Evaluation of novel approaches to software engineering 2021 (ENASE 2021), 26-27 April 2021, [virtual conference] |
ISBN | 9783030966478 |
DOI | https://doi.org/10.1007/978-3-030-96648-5_4 |
Keywords | Security requirements; Privacy requirements; Requirements conflicts; GDPR; Requirements modelling; Privacy by design |
Public URL | https://rgu-repository.worktribe.com/output/1616183 |
Related Public URLs | https://rgu-repository.worktribe.com/output/1254488 |
Files
ALKUBAISY 2022 A framework for privacy
(1 Mb)
PDF
Copyright Statement
This version of the contribution has been accepted for publication, after peer review (when applicable) but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is subject to the publisher's Accepted Manuscript terms of use [https://www.springernature.com/gp/open-research/policies/accepted-manuscript-terms].
You might also like
FedREVAN: real-time detection of vulnerable android source code through federated neural network with XAI.
(2024)
Presentation / Conference Contribution
Developing secured android applications by mitigating code vulnerabilities with machine learning.
(2022)
Presentation / Conference Contribution
ConfIs: a tool for privacy and security analysis and conflict resolution for supporting GDPR compliance through privacy-by-design.
(2021)
Presentation / Conference Contribution
Applying acceptance requirements to requirements modeling tools via gamification: a case study on privacy and security.
(2020)
Presentation / Conference Contribution
DEFeND DSM: a data scope management service for model-based privacy by design GDPR compliance.
(2020)
Presentation / Conference Contribution
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search