Duaa Alkubaisy
A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design.
Alkubaisy, Duaa; Piras, Luca; Al-Obeidallah, Mohammed Ghazi; Cox, Karl; Mouratidis, Haralambos
Authors
Luca Piras
Mohammed Ghazi Al-Obeidallah
Karl Cox
Haralambos Mouratidis
Contributors
Raian Ali
Editor
Hermann Kaindl
Editor
Leszek A. Maciaszek
Editor
Abstract
Requirements elicitation, analysis, and, above all, early detection of conflicts and resolution, are among the most important, strategic, complex and crucial activities for preventing software system failures, and reducing costs related to reengineering/fixing actions. This is especially important when critical Requirements Classes are involved, such as Privacy and Security Requirements. Recently, organisations have been heavily fined for lack of compliance with data protection regulations, such as the EU General Data Protection Regulation (GDPR). GDPR requires organisations to enforce privacy-by-design activities from the early stages and for the entire software engineering cycle. Accordingly, requirements engineers need methods and tools for systematically identifying privacy and security requirements, detecting and solving related conflicts. Existing techniques support requirements identification without detecting or mitigating conflicts. The framework and tool we propose in this paper, called ConfIs, fills this gap by supporting engineers and organisations in these complex activities, with its systematic and interactive process. We applied ConfIs to a realistic GDPR example from the DEFeND EU Project, and evaluated its supportiveness, with positive results, by involving privacy and security requirements experts (This research is an extension of the study conducted by ALKUBAISY, D., PIRAS, L., AL-OBEIDALLAH, M.G., COX, K. and MOURATIDIS, H. 2021. ConfIs: a tool for privacy and security analysis and conflict resolution for supporting GDPR compliance through privacy-by-design [https://doi.org/10.5220/0010406100800091]).
Citation
ALKUBAISY, D., PIRAS, L., AL-OBEIDALLAH, M.G., COX, K. and MOURATIDIS, H. 2022. A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design. In Ali, R., Kaindl, H. and Maciaszek, L.A. (eds.). Evaluation of novel approaches to software engineering: revised selected papers from 16th International conference on Evaluation of novel approaches to software engineering 2021 (ENASE 2021), 26-27 April 2021, [virtual conference]. Communications in computer and information science, 1556. Cham: Springer [online], pages 67-87. Available from: https://doi.org/10.1007/978-3-030-96648-5_4
Conference Name | 16th International conference on Evaluation of novel approaches to software engineering 2021 (ENASE 2021) |
---|---|
Conference Location | [virtual conference] |
Start Date | Apr 26, 2021 |
End Date | Apr 27, 2021 |
Acceptance Date | Feb 5, 2021 |
Online Publication Date | Feb 11, 2022 |
Publication Date | Dec 31, 2022 |
Deposit Date | Mar 14, 2022 |
Publicly Available Date | Aug 12, 2022 |
Publisher | Springer |
Pages | 67-87 |
Series Title | Communications in computer and information science |
Series Number | 1556 |
Series ISSN | 1865-0929 |
Book Title | Evaluation of novel approaches to software engineering: revised selected papers from 16th International conference on Evaluation of novel approaches to software engineering 2021 (ENASE 2021), 26-27 April 2021, [virtual conference] |
ISBN | 9783030966478 |
DOI | https://doi.org/10.1007/978-3-030-96648-5_4 |
Keywords | Security requirements; Privacy requirements; Requirements conflicts; GDPR; Requirements modelling; Privacy by design |
Public URL | https://rgu-repository.worktribe.com/output/1616183 |
Related Public URLs | https://rgu-repository.worktribe.com/output/1254488 |
Files
ALKUBAISY 2022 A framework for privacy
(1 Mb)
PDF
Copyright Statement
This version of the contribution has been accepted for publication, after peer review (when applicable) but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is subject to the publisher's Accepted Manuscript terms of use [https://www.springernature.com/gp/open-research/policies/accepted-manuscript-terms].
You might also like
Privacy, security, legal and technology acceptance requirements for a GDPR compliance platform.
(2020)
Conference Proceeding
Design thinking and acceptance requirements for designing gamified software.
(2019)
Conference Proceeding