Skip to main content

Research Repository

Advanced Search

A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design.

Alkubaisy, Duaa; Piras, Luca; Al-Obeidallah, Mohammed Ghazi; Cox, Karl; Mouratidis, Haralambos

Authors

Duaa Alkubaisy

Luca Piras

Mohammed Ghazi Al-Obeidallah

Karl Cox

Haralambos Mouratidis



Contributors

Raian Ali
Editor

Hermann Kaindl
Editor

Leszek A. Maciaszek
Editor

Abstract

Requirements elicitation, analysis, and, above all, early detection of conflicts and resolution, are among the most important, strategic, complex and crucial activities for preventing software system failures, and reducing costs related to reengineering/fixing actions. This is especially important when critical Requirements Classes are involved, such as Privacy and Security Requirements. Recently, organisations have been heavily fined for lack of compliance with data protection regulations, such as the EU General Data Protection Regulation (GDPR). GDPR requires organisations to enforce privacy-by-design activities from the early stages and for the entire software engineering cycle. Accordingly, requirements engineers need methods and tools for systematically identifying privacy and security requirements, detecting and solving related conflicts. Existing techniques support requirements identification without detecting or mitigating conflicts. The framework and tool we propose in this paper, called ConfIs, fills this gap by supporting engineers and organisations in these complex activities, with its systematic and interactive process. We applied ConfIs to a realistic GDPR example from the DEFeND EU Project, and evaluated its supportiveness, with positive results, by involving privacy and security requirements experts (This research is an extension of the study conducted by ALKUBAISY, D., PIRAS, L., AL-OBEIDALLAH, M.G., COX, K. and MOURATIDIS, H. 2021. ConfIs: a tool for privacy and security analysis and conflict resolution for supporting GDPR compliance through privacy-by-design [https://doi.org/10.5220/0010406100800091]).

Citation

ALKUBAISY, D., PIRAS, L., AL-OBEIDALLAH, M.G., COX, K. and MOURATIDIS, H. 2022. A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design. In Ali, R., Kaindl, H. and Maciaszek, L.A. (eds.). Evaluation of novel approaches to software engineering: revised selected papers from 16th International conference on Evaluation of novel approaches to software engineering 2021 (ENASE 2021), 26-27 April 2021, [virtual conference]. Communications in computer and information science, 1556. Cham: Springer [online], pages 67-87. Available from: https://doi.org/10.1007/978-3-030-96648-5_4

Presentation Conference Type Conference Paper (published)
Conference Name 16th International conference on Evaluation of novel approaches to software engineering 2021 (ENASE 2021)
Start Date Apr 26, 2021
End Date Apr 27, 2021
Acceptance Date Feb 5, 2021
Online Publication Date Feb 11, 2022
Publication Date Dec 31, 2022
Deposit Date Mar 14, 2022
Publicly Available Date Aug 12, 2022
Publisher Springer
Peer Reviewed Peer Reviewed
Pages 67-87
Series Title Communications in computer and information science
Series Number 1556
Series ISSN 1865-0929
Book Title Evaluation of novel approaches to software engineering: revised selected papers from 16th International conference on Evaluation of novel approaches to software engineering 2021 (ENASE 2021), 26-27 April 2021, [virtual conference]
ISBN 9783030966478
DOI https://doi.org/10.1007/978-3-030-96648-5_4
Keywords Security requirements; Privacy requirements; Requirements conflicts; GDPR; Requirements modelling; Privacy by design
Public URL https://rgu-repository.worktribe.com/output/1616183
Related Public URLs https://rgu-repository.worktribe.com/output/1254488

Files




You might also like



Downloadable Citations