Abstract
Intelligent Transport Systems (ITS) play a key role in our daily activities. ITS development over the last decades has been based on the rapid evolution of information technologies, which include processing capabilities, availability of hardware and communication technologies. Moreover, ITS use Information and Communication Technologies (ICT) to improve sustainability, efficiency, innovation and safety of transportation networks helping towards better management of transportation networks with the use of advanced technologies, which facilitate monitoring, and management of information. However, as the development of ITS services increases so does the users’ awareness regarding the degree of trust that they show on adopting this kind of services. The later has brought light to several security and privacy concerns that ITS analysts should consider when implementing various IT related services. This paper moves into this direction by identifying how risk analysis can interact with security and privacy requirements engineering world, in order to provide a holistic approach for reasoning about security and privacy in such complex environments like ITS systems. The key contribution of the paper is the conceptual alignment of three well-known methods (EBIOS, Secure Tropos and PriS) as the first step towards the design of a complete assurance framework that will assist analysts in designing safe and trustworthy ITS services.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ebios – expression des besoins et identification des objectifs de sécurité (2019). https://www.ssi.gouv.fr/guide/ebios-2010-expression-des-besoins-et-identification-des-objectifs-de-securite/
Alberts, C., Dorofee, A., Stevens, J., Woody, C.: Introduction to the octave approach. Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst., Technical report (2003)
Després, J., et al.: An analysis of possible socio-economic effects of a cooperative, connected and automated mobility (CCAM) in Europe. EUR - Scientific and Technical Research Reports, Publications Office of the European Union (2018)
Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: an agent-oriented software development methodology. Auton. Agent. Multi-Agent Syst. 8(3), 203–236 (2004)
Chung, L., Nixon, B.A.: Dealing with non-functional requirements: three experimental studies of a process-oriented approach. In: Proceedings of the 17th International Conference on Software Engineering, pp. 25–37. ACM (1995)
Colombo, P., Ferrari, E.: Towards a modeling and analysis framework for privacy-aware systems. In: Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Conference on Social Computing (SocialCom), pp. 81–90. IEEE (2012)
Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 16(1), 3–32 (2011)
Diamantopoulou, V., Kalloniatis, C., Gritzalis, S., Mouratidis, H.: Supporting privacy by design using privacy process patterns. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IAICT, vol. 502, pp. 491–505. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58469-0_33
Diamantopoulou, V., Pavlidis, M., Mouratidis, H.: Evaluation of a security and privacy requirements methodology using the physics of notation. In: Katsikas, S.K., Cuppens, F., Cuppens, N., Lambrinoudakis, C., Kalloniatis, C., Mylopoulos, J., Antón, A., Gritzalis, S. (eds.) CyberICPS/SECPRE -2017. LNCS, vol. 10683, pp. 210–225. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72817-9_14
European Commission: Communication from the commission to the european parliament, the council, the european economic and social committee, the committee of the regions, on the road to automated mobility: An eu strategy for mobility of the future (2018)
Faßbender, S., Heisel, M., Meis, R.: Functional requirements under security pressure. In: 2014 9th International Conference on Software Paradigm Trends (ICSOFT-PT), pp. 5–16. IEEE (2014)
Faßbender, S., Heisel, M., Meis, R.: Problem-based security requirements elicitation and refinement with PresSuRE. In: Holzinger, A., Cardoso, J., Cordeiro, J., Libourel, T., Maciaszek, L.A., van Sinderen, M. (eds.) ICSOFT 2014. CCIS, vol. 555, pp. 311–330. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25579-8_18
Fredriksen, R., Kristiansen, M., Gran, B.A., Stølen, K., Opperud, T.A., Dimitrakos, T.: The coras framework for a model-based risk management process. In: International Conference on Computer Safety, Reliability, and Security, pp. 94–105. Springer, Boston (2002)
Haley, C., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)
Islam, S., Ouedraogo, M., Kalloniatis, C., Mouratidis, H., Gritzalis, S.: Assurance of security and privacy requirements for cloud deployment models. IEEE Trans. Cloud Comput. 6(2), 387–400 (2015)
Kalloniatis, C.: Designing privacy-aware systems in the cloud. In: Fischer-Hübner, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2015. LNCS, vol. 9264, pp. 113–123. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22906-5_9
Kalloniatis, C.: Incorporating privacy in the design of cloud-based systems: a conceptual meta-model. Inf. Comput. Secur. 25(5), 614–633 (2017)
Kalloniatis, C., Kavakli, E., Gritzalis, S.: Pris methodology: incorporating privacy requirements into the system design process. In: Mylopoulos, J., Spafford, G., (eds.) Proceedings of the SREIS 2005 13th IEEE International Requirements Engineering Conference-Symposium on Requirements Engineering for Information Security (2005)
Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requir. Eng. 13(3), 241–255 (2008)
Kalloniatis, C., Kavakli, E., Kontellis, E.: PRIS tool: A case tool for privacy-oriented requirements engineering. In: MCIS, p. 71 (2009)
Kleberger, P., Olovsson, T., Jonsson, E.: Security aspects of the in-vehicle network in the connected car. In: 2011 IEEE Intelligent Vehicles Symposium (IV), pp. 528–533. IEEE (2011)
Labuschagne, W.B.L., et al.: A comparative framework for evaluating information security risk management methods. Rand Afrikaans University, Standard Bank Academy for Information Technology (2004)
McKeefry, H.L.: Consumers get on board with connected cars (2016)
Mead, N.R., Stehney, T.: Security Quality Requirements Engineering (SQUARE) Methodology, vol. 30. ACM (2005)
Mouratidis, H.: A security oriented approach in the development of multiagent systems: applied to the management of the health and social care needs of older people in England. Ph.D. thesis, University of Sheffield (2004)
Mouratidis, H.: Secure software systems engineering: the secure tropos approach. JSW 6(3), 331–339 (2011)
Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(02), 285–309 (2007)
Mouratidis, H., Islam, S., Kalloniatis, C., Gritzalis, S.: A framework to support selection of cloud providers based on security and privacy requirements. J. Syst. Softw. 86(9), 2276–2293 (2013)
général de la défense nationale Direction centrale de la sécurité des systèmes d’information, P.M.S.: The ebios method, expression of needs and identification of security objectives
Parliament, E.: Self-driving cars in the EU: from science fiction to reality (2019)
Petit, J., Shladover, S.E.: Potential cyberattacks on automated vehicles. IEEE Trans. Intell. Transp. Syst. 16(2), 546–556 (2015)
Sabouri, A., Rannenberg, K.: ABC4Trust: protecting privacy in identity management by bringing privacy-ABCs into real-life. In: Camenisch, J., Fischer-Hübner, S., Hansen, M. (eds.) Privacy and Identity 2014. IAICT, vol. 457, pp. 3–16. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18621-4_1
Salini, P., Kanmani, S.: Application of model oriented security requirements engineering framework for secure e-voting. In: 2012 CSI Sixth International Conference on Software Engineering (CONSEG), pp. 1–6. IEEE (2012)
Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2009)
Stolen, K., den Braber, F., Dimitrakos, T., Fredriksen, R., Gran, B.A., Houmb, S.H., Lund, M.S., Stamatiou, Y., Aagedal, J.: Model-based risk assessment-the CORAS approach. In: iTrust Workshop (2002)
Van Lamsweerde, A.: Goal-oriented requirements engineering: A guided tour. In: Fifth IEEE International Symposium on Requirements Engineering, 2001, Proceedings, pp. 249–262. IEEE (2001)
Yazar, Z.: A qualitative risk analysis and management tool-CRAMM. SANS InfoSec Read. Room White Paper 11, 12–32 (2002)
Yu, E.: Modelling strategic relationships for process reengineering. Soc. Model. Requir. Eng. 11, 2011 (2011)
Zhang, T., Antunes, H., Aggarwal, S.: Defending connected vehicles against malware: challenges and a solution framework. IEEE IoT J. 1(1), 10–21 (2014)
Acknowledgment
This work is a part of the SAFERtec project. SAFERtec has received funding from the European Union’s Horizon 2020 research & innovation programme under grant agreement no 732319. Content reflects only the authors’ view and European Commission is not responsible for any use that may be made of the information it contains.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Diamantopoulou, V. et al. (2020). Aligning the Concepts of Risk, Security and Privacy Towards the Design of Secure Intelligent Transport Systems. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE ADIoT 2020 2020 2020. Lecture Notes in Computer Science(), vol 12501. Springer, Cham. https://doi.org/10.1007/978-3-030-64330-0_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-64330-0_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-64329-4
Online ISBN: 978-3-030-64330-0
eBook Packages: Computer ScienceComputer Science (R0)