Skip to main content
Springer Nature Link
Log in

A Holistic Approach for Privacy Requirements Analysis: An Industrial Case Study

  • Chapter
  • First Online:
Visual Privacy Management

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12030))

  • 333 Accesses

Abstract

Privacy is becoming more and more a prominent concern for most countries, particularly for those of them that are moving toward the implementation of e-government [18] where software systems dealing with personal information (i.e., citizens, customers, etc.) have to be compliant with national and international privacy laws [26].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    These groups are not mutually exclusive, i.e., a stakeholder may belong to all of them.

  2. 2.

    Partners refer to the full consortium of the VisiOn project.

  3. 3.

    Citizens and PAs roles can be generalized to a User stakeholder role.

  4. 4.

    To extend our knowledge about the stakeholders analysis (activity 2), and uncover any stakeholder that has not been identified so far.

  5. 5.

    Requirements realism will be discussed later in this section.

  6. 6.

    Next chapters provide more information about VisiOn components.

  7. 7.

    Conflicts_with relations are not shown in the table since we already resolve all the inconsistencies that use to exist among the requirements.

  8. 8.

    Occurred in Rome with the participation of all VisiOn partners.

  9. 9.

    Requirements consolidation is used to refer to the validation of the final list of VisiOn user requirements.

  10. 10.

    We depend on STS-ml to analyze the consistency of some of the functional requirements (e.g., security, trust, etc.).

References

  1. Acquisti, A., Friedman, A., Telang, R.: Is there a cost toprivacy breaches? An event study. In: 5th Workshop on the Economics of Information Security, pp. 1–20 (2006). https://doi.org/10.1.1.73.2942

  2. Agarwal, R., Tanniru, M.R.: Knowledge acquisition using structured interviewing: an empirical investigation. J. Manage. Inf. Syst. 7(1), 123–140 (1990). ISSN: 0742-1222. https://doi.org/10.1080/07421222.1990.11517884. http://www.tandfonline.com/doi/full/10.1080/07421222.1990.11517884

  3. Antón, A.I., Earp, J.B., Reese, A.: Analyzing website privacy requirements using a privacy goal taxonomy. In: Proceedings of the IEEE International Conference on Requirements Engineering, vol. 2002, pp. 23–31. IEEE (2002). ISBN: 0769514650. https://doi.org/10.1109/ICRE.2002.1048502

  4. Antn, A.I., Earp, J.B.: A requirements taxonomy for reducing Web site privacy vulnerabilities. Requir. Eng. 9(3), 169–185 (2004). ISSN: 0947-3602. https://doi.org/10.1007/s00766-003-0183-z. http://link.springer.com/10.1007/s00766-003-0183-z

  5. Aurum, A., Wohlin, C.: Requirements engineering: setting the context. In: Aurum, A., Wohlin, C. (eds.) Engineering and Managing Software Requirements, pp. 1–15. Springer, Heidelberg (2005). https://doi.org/10.1007/3-540-28244-0_1

    Chapter  MATH  Google Scholar 

  6. Ball, L.J., Ormerod, T.C.: Putting ethnography to work: the case for a cognitive ethnography of design. Int. J. Hum. Comput. Stud. 53(1), 147–168 (2000). ISSN: 10715819. https://doi.org/10.1006/ijhc.2000.0372. http://linkinghub.elsevier.com/retrieve/pii/S1071581900903720

  7. Beckers, K., Pape, S.: A serious game for eliciting social engineering security requirements. In: Proceedings of the 2016 IEEE 24th International Conference on Requirements Engineering, RE 2016. IEEE, pp. 16–25 (2016). ISBN: 9781509041213. https://doi.org/10.1109/RE.2016.39

  8. Belani, H., Pripuzic, K., Kobas, K.: Implementing web-surveys for software requirements elicitation. In: Proceedings of the 8th International Conference on Telecommunications, ConTEL 2005, pp. 465–469 (2005). ISBN: 953-184-081-4. https://doi.org/10.1109/CONTEL.2005.185931. http://ieeexplore.ieee.org/document/1458610/

  9. Beyer, H.R., Holtzblatt, K.: Apprenticing with the customer. Commun. ACM 38(5), 45–52 (1995). ISSN: 0001-0782. https://doi.org/10.1145/203356.203365. http://portal.acm.org/citation.cfm?doid=203356.203365

  10. Bovee, M., Srivastava, R.P., Mak, B.: A conceptual framework and belief-function approach to assessing overall information quality. Int. J. Intell. Syst. 18(1), 311–328 (2001). Paper presented at the Proceedings of the 6th International Conference on Information Quality

    MATH  Google Scholar 

  11. Carlshamre, P., et al.: An industrial survey of requirements interdependencies in software product release planning. In: Proceedings of the IEEE International Conference on Requirements Engineering, pp. 84–91. IEEE (2001). ISBN: 0-7695-1125-2. https://doi.org/10.1109/ISRE.2001.948547

  12. Cavoukian, A.: Privacy by design: origins, meaning, and prospects. In: Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards: Aspects and Standards, p. 170 (2011)

    Google Scholar 

  13. Chung, L., et al.: Non-functional requirements in software engineering. In: Conceptual Modeling: Foundations and Applications, p. 472 (1999)

    Google Scholar 

  14. European Commission: European Data Protection Supervisor (2016). http://ec.europa.eu/justice/data-protection/bodies/supervisor/index_en.htm

  15. IEEE Computer Society Software Engineering Standards Committee: Recommended practice for software requirements specifications. In: IEEE Std 830-1998. Institute of Electrical and Electronics Engineers (1998). ISBN: 0-7381-0332-2

    Google Scholar 

  16. Deng, M., et al.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 16(1), 1–27 (2011). EBSCO. http://web.b.ebscohost.com.library.capella.edu/ehost/pdfviewer/pdfviewer?sid=e7ebe3bc-59f7-43a0-ace9-60485dc3acd3@sessionmgr111&vid=1&hid=118

  17. Duncan, G.: Engineering privacy by design. Science (N.Y.) 317(5842), 1178–1179 (2007). ISSN: 0036–8075. https://doi.org/10.1126/science.1143464

  18. Ebrahim, Z., Irani, Z.: E-government adoption: architecture and barriers. Bus. Process Manage. J. 11(5), 589–611 (2005)

    Article  Google Scholar 

  19. Fernandes, J., et al.: iThink: a game-based approach towards improving collaboration and participation in requirement elicitation. Proc. Comput. Sci. 15, 66–77 (2012). ISSN: 1877-0509. https://doi.org/10.1016/j.procs.2012.10.059. arXiv http://arxiv.org/abs/11/09. ACM (ISBN: 978-1-4503-0816-8)

  20. Foddy, W.: Constructing Questions for Interviews and Surveys: Theory and Practice in Social Research. Cambridge University Press, Cambridge (1993). https://books.google.co.uk/books?hl=en&lr=&id=tok_OKwywQIC&oi=fnd&pg=PR7&dq=questionnaires+in+social+research&ots=Tybbm2R3LP&sig=Mqh2DafK5wKDOkcDuvOgIj3hl6s

  21. Garlan, D., Allen, R., Ockerbloom, J.: Architectural mismatchor why it’s hard to build systems out of existing parts. In: Proceedings of the 17th International Conference on Software Engineering, ICSE 1995, pp. 179–185. ACM (1995). ISBN: 0897917081. https://doi.org/10.1145/225014.225031. http://portal.acm.org/citation.cfm?doid=225014.225031

  22. Gellman, R.: Privacy, Consumers, and Costs - How The Lack of Privacy Costs Consumers and Why Business Studies of Privacy Costs are Biased and Incomplete. Ford Foundation, pp. 1–37 (March 2002)

    Google Scholar 

  23. Gharib, M., Giorgini, P.: Modeling and reasoning about information quality requirements. In: Fricker, S.A., Schneider, K. (eds.) REFSQ 2015. LNCS, vol. 9013, pp. 49–64. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16101-3_4

    Chapter  Google Scholar 

  24. Gharib, M., Giorgini, P., Mylopoulos, J.: Ontologies for Privacy Requirements Engineering: A Systematic Literature Review. arXiv preprint arXiv:1611.10097 (2016)

  25. Gharib, M., Giorgini, P., Mylopoulos, J.: Towards an ontology for privacy requirements via a systematic literature review. In: Mayr, H.C., Guizzardi, G., Ma, H., Pastor, O. (eds.) ER 2017. LNCS, vol. 10650, pp. 193–208. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69904-2_16

    Chapter  Google Scholar 

  26. Gharib, M., et al.: Privacy requirements: findings and lessons learned in developing a privacy platform. In: Proceedings of the 2016 IEEE 24th International Conference on Requirements Engineering, RE 2016, pp. 256–265. IEEE (2016). ISBN: 9781509041213. https://doi.org/10.1109/RE.2016.13

  27. Giorgini, P., Massacci, F., Zannone, N.: Security and trust requirements engineering. In: Aldini, A., Gorrieri, R., Martinelli, F. (eds.) FOSAD 2004–2005. LNCS, vol. 3655, pp. 237–272. Springer, Heidelberg (2005). https://doi.org/10.1007/11554578_8

    Chapter  Google Scholar 

  28. Giorgini, P., et al.: D2.2 Citizens and public administration privacy requirements V 2.0. Technical report, Universitá degli studi di Trento (2016)

    Google Scholar 

  29. Goguen, J.A., Linde, C.: Techniques for requirements elicitation. In: 1993 Proceedings of the IEEE International Symposium on Requirements Engineering, vol. 93, pp. 152–164 (1993). ISSN: 0740-7459. https://doi.org/10.1109/ISRE.1993.324822. http://ieeexplore.ieee.org/document/324822/

  30. Helfert, M., Herrmann, C.: Proactive data quality management for data warehouse systems - a metadata based data quality system. In: 4th International Workshop on Design and Management of Data Warehouses, DMDW 2002, vol. 2002, pp. 97–106 (2002). http://sunsite.informatik.rwth-aachen.de/Publications/CEUR-WS/Vol-58/herrmann.pdf

  31. Herrmann, A., Daneva, M.: Requirements prioritization based on benefit and cost prediction: an agenda for future research. In: Proceedings of the 16th IEEE International Conference on Requirements Engineering, pp. 125–134. IEEE (2008). ISBN: 0-7695-1980-6. https://doi.org/10.1109/RE.2008.48

  32. Hickey, A.N.N.M., Davis, A.M.: A unified model of requirements elicitation. J. Manage. Inf. Syst. 20, 65–84 (2014). https://doi.org/10.1080/07421222.2004.11045786

    Article  Google Scholar 

  33. Hickey, A.M., Davis, A.M.: Requirements elicitation and elicitation technique selection: a model for two knowledge-intensive software development processes unsolved problem software development software solutions. In: 2003 Proceedings of the 36th Annual Hawaii International Conference on System Sciences, pp. 2005–2010. IEEE (2002). ISBN: 0-7695-1874-5

    Google Scholar 

  34. Hinkle, D.N.: The change of personal constructs from the viewpoint of a theory of construct implications. Ph.D. thesis. Ohio State University Columbus, pp. 1–61 (2010)

    Google Scholar 

  35. Jackson, M.: The world and the machine. In: 1995 17th International Conference on Software Engineering, pp. 1–10. IEEE (1995). ISBN: 0-89791-708-1. https://doi.org/10.1145/225014.225041

  36. Jones, C.: Applied Software Measurement-Assuring Productivity and Quality. McGraw-Hill Inc., New York (1991). ISBN: 0-07-032813-7

    Google Scholar 

  37. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requir. Eng. 13(3), 241–255 (2008). ISSN: 0947-3602. https://doi.org/10.1007/s00766-008-0067-3

  38. Kang, W., Liang, Y.: A security ontology with MDA for software development. In: Proceedings of the 2013 International Conference on Cyber-enabled Distributed Computing and Knowledge Discovery, CyberC 2013, pp. 67–74. IEEE (2013). ISBN: 9780768551067. https://doi.org/10.1109/CyberC.2013.20

  39. Karlsson, J., Wohlin, C., Regnell, B.: An evaluation of methods for prioritizing software requirements. Inf. Softw. Technol. 39(14–15), 939–947 (1998). ISSN: 0950-5849. https://doi.org/10.1016/S0950-5849(97)00053-0. http://linkinghub.elsevier.com/retrieve/pii/S0950584997000530

  40. Kotonya, G., Sommerville, I., Kotonya, G.: Requirements Engineering: Processes and Techniques, 1st edn. Wiley, Hoboken (1998). ISBN: 0-471-97208-8, 978-0-471-97208-2

    Google Scholar 

  41. Labda, W., Mehandjiev, N., Sampaio, P.: Modeling of privacy-aware business processes in BPMN to protect personal data. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1399–1405. ACM (2014)

    Google Scholar 

  42. Lauesen, S.: Software Requirements: Styles and Techniques. Pearson Education, London (2002)

    Google Scholar 

  43. Layne, K., Lee, J.: Developing fully functional E-government: a four stage model. Gov. Inf. Q. 18(2), 122–136 (2001)

    Article  Google Scholar 

  44. Leffingwell, D., Widrig, D.: Managing Software Requirements: A Unified Approach. Addison-Wesley, Boston (2000)

    Google Scholar 

  45. Lim, S.L., Finkelstein, A.: StakeRare: using social networks and collaborative filtering for large-scale requirements elicitation. IEEE Trans. Softw. Eng. 38(3), 707–735 (2012)

    Article  Google Scholar 

  46. Lim, S.L., Quercia, D., Finkelstein, A.: StakeNet: using social networks to analyse the stakeholders of large-scale software projects. In: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering, vol. 1, pp. 295–304. ACM (2010)

    Google Scholar 

  47. Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: 11th International Conference on Requirements Engineering, pp. 151–161. IEEE (2003)

    Google Scholar 

  48. Loucopoulos, P., Karakostas, V.: System Requirements Engineering. McGraw-Hill Inc., New York (1995)

    Google Scholar 

  49. Martinez-Balleste, A., Perez-Martinez, P.A., Solanas, A.: The pursuit of citizens’ privacy: a privacy-aware smart city is possible. IEEE Commun. Mag. 51(6), 136–141 (2013)

    Article  Google Scholar 

  50. Mayer, N.: Model-based management of information system security risk. Ph.D. thesis. University of Namur (2009)

    Google Scholar 

  51. Mead, N.: Requirements Prioritization Introduction. Software Engineering Institute Web Publication, Carnegie Mellon University, Pittsburgh, USA (2006)

    Google Scholar 

  52. Mouratidis, H., Giorgini, P.: Secure Tropos: a security-oriented extension of the Tropos methodology. J. Softw. Eng. Knowl. Eng. 17(2), 285–309 (2007)

    Article  Google Scholar 

  53. Mylopoulos, J., Chung, L., Nixon, B.: Representing and using nonfunctional requirements: a process-oriented approach. IEEE Trans. Softw. Eng. 18, 483–497 (1992)

    Article  Google Scholar 

  54. Nuseibeh, B., Easterbrook, S.: Requirements engineering: a roadmap. In: Proceedings of the Conference on the Future of Software Engineering, pp. 35–46. ACM (2000)

    Google Scholar 

  55. Paja, E., Dalpiaz, F., Giorgini, P.: Modelling and reasoning about security requirements in socio-technical systems. Data Knowl. Eng. 98, 123–143 (2015)

    Article  Google Scholar 

  56. Patsakis, C., et al.: Interoperable privacy-aware e-participation within smart cities. Computer 48(1), 52–58 (2015)

    Article  Google Scholar 

  57. Pohl, K.: Requirements Engineering: An Overview. RWTH, Fachgruppe Informatik (1996)

    Google Scholar 

  58. Radics, P.J., Gracanin, D., Kafura, D.: Preprocess before you build: introducing a framework for privacy requirements engineering. In: 2013 International Conference on Social Computing (SocialCom), pp. 564–569. IEEE (2013)

    Google Scholar 

  59. Regnell, B., et al.: An industrial case study on distributed prioritisation in market-driven requirements engineering for packaged software. Requir. Eng. 6(1), 51–62 (2001)

    Article  MATH  Google Scholar 

  60. Principles Report: PReparing Industry to by supporting its Application in REsearch. Technical report, pp. 1–60 (2014)

    Google Scholar 

  61. Ribeiro, C., et al.: Gamifying requirement elicitation: practical implications and outcomes in improving stakeholders collaboration. Entertain. Comput. 5(4), 335–345 (2014)

    Article  Google Scholar 

  62. Robertson, S., Robertson, J.: Mastering the Requirements Process: Getting Requirements Right. Addison-Wesley, Boston (2012)

    Google Scholar 

  63. Ruhe, G., Eberlein, A., Pfahl, D.: Trade-off analysis for requirements selection. Int. J. Softw. Eng. Knowl. Eng. 13(04), 345–366 (2003)

    Article  Google Scholar 

  64. Runeson, P., Höst, M.: Guidelines for conducting and reporting case study research in software engineering. Empir. Softw. Eng. 14(2), 131–164 (2009)

    Article  Google Scholar 

  65. Sabo, J. et al.: Privacy Management Reference Model and Methodology. OASIS PMRM TC Standards Track Committee Specification (2013)

    Google Scholar 

  66. Salnitri, M., et al.: STS-Tool 3.0: maintaining security in socio-technical systems. In: CAiSE Forum, pp. 205–212 (2015)

    Google Scholar 

  67. Singhal, A., Wijesekera, D.: Ontologies for modeling enterprise level security metrics. In: Proceedings of the 6th Annual Workshop on Cyber Security and Information Intelligence Research, p. 58. ACM (2010)

    Google Scholar 

  68. Solove, D.J.: A taxonomy of privacy. Univ. Pa. Law Rev. 154(3), 477 (2006). ISSN: 0041-9907. https://doi.org/10.2307/40041279. arXiv arXiv:1011.1669v3. http://www.jstor.org/stable/10.2307/40041279?origin=crossref

  69. Solove, D.J.: Conceptualizing privacy. Calif. Law Rev. 90, 1087–1155 (2002)

    Article  Google Scholar 

  70. Sommerville, I.: Software Engineering, 8th edn. Pearson Education Ltd., London (2007)

    MATH  Google Scholar 

  71. Sommerville, I., Sawyer, P.: Requirements Engineering: A Good Practice Guide. Wiley, Hoboken (1997)

    MATH  Google Scholar 

  72. Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2009)

    Article  Google Scholar 

  73. British Standard BS7799-1: Information security management Part 1: Code of practice for information security management (1999)

    Google Scholar 

  74. Bahill, A.T., Henderson, S.J.: Requirements development, verification, and validation exhibited in famous failures. Syst. Eng. 8(1), 1–14 (2005)

    Article  Google Scholar 

  75. Trochim, W., Donnelly, J.P.: The Research Methods Knowledge Base. Cengage Learning, Boston (2006). ISBN: 9781592602919

    Google Scholar 

  76. Tsoumas, B., Gritzalis, D.: Towards an ontology-based security management. In: 20th International Conference on Advanced Information Networking and Applications (AINA), vol. 1, pp. 985–992. IEEE (2006)

    Google Scholar 

  77. Van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, pp. 148–157. IEEE Computer Society (2004)

    Google Scholar 

  78. Wang, G., Valerdi, R., Fortune, J.: Reuse in systems engineering. IEEE Syst. J. 4(3), 376–384 (2010)

    Article  Google Scholar 

  79. Wohlin, C., et al.: Experimentation in Software Engineering. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29044-2

    Book  Google Scholar 

  80. Wuyts, K., et al.: Linking privacy solutions to developer goals. In: 2009 International Conference on Availability, Reliability and Security, ARES 2009, pp. 847–852. IEEE (2009)

    Google Scholar 

  81. Yu, E., Cysneiros, L.: Designing for privacy and other competing requirements. In: 2nd Symposium on Requirements Engineering for Information Security, SREIS 2002, Raleigh, North Carolina, pp. 15–16. Citeseer (2002)

    Google Scholar 

  82. Zannone, N.: A requirements engineering methodology for trust, security, and privacy. Ph.D. thesis. University of Trento (2006)

    Google Scholar 

  83. Zowghi, D., Coulin, C.: Requirements elicitation: a survey of techniques, approaches, and tools. In: Aurum, A., Wohlin, C. (eds.) Engineering and Managing Software Requirements, pp. 19–46. Springer, Heidelberg (2005). https://doi.org/10.1007/3-540-28244-0_2

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Florence, Firenze, Italy

    Mohamad Gharib

  2. University of Trento, Trento, Italy

    Paolo Giorgini & Elda Paja

  3. Politecnico di Milano, Milan, Italy

    Mattia Salnitri

  4. University of Brighton, Brighton, UK

    Haralambos Mouratidis & Michalis Pavlidis

  5. ATOS, Madrid, Spain

    Jose Fran. Ruiz

Authors
  1. Mohamad Gharib
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paolo Giorgini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mattia Salnitri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Elda Paja
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Haralambos Mouratidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Michalis Pavlidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Jose Fran. Ruiz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohamad Gharib .

Editor information

Editors and Affiliations

  1. Politecnico di Milano, Milan, Italy

    Mattia Salnitri

  2. Institute for Software Technology IST, University of Koblenz-Landau, Koblenz, Germany

    Jan Jürjens

  3. University of Brighton, Brighton, UK

    Haralambos Mouratidis

  4. Axians Italia, Rome, Italy

    Loredana Mancini

  5. Department of Information Engineering and Computer Science, University of Trento, Trento, Italy

    Paolo Giorgini

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Gharib, M. et al. (2020). A Holistic Approach for Privacy Requirements Analysis: An Industrial Case Study. In: Salnitri, M., Jürjens, J., Mouratidis, H., Mancini, L., Giorgini, P. (eds) Visual Privacy Management. Lecture Notes in Computer Science(), vol 12030. Springer, Cham. https://doi.org/10.1007/978-3-030-59944-7_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-59944-7_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-59943-0

  • Online ISBN: 978-3-030-59944-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics