Skip to main content
SpringerLink
Log in

Aligning the Concepts of Risk, Security and Privacy Towards the Design of Secure Intelligent Transport Systems

  • Conference paper
  • First Online:
Computer Security (CyberICPS 2020, SECPRE 2020, ADIoT 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12501))

Abstract

Intelligent Transport Systems (ITS) play a key role in our daily activities. ITS development over the last decades has been based on the rapid evolution of information technologies, which include processing capabilities, availability of hardware and communication technologies. Moreover, ITS use Information and Communication Technologies (ICT) to improve sustainability, efficiency, innovation and safety of transportation networks helping towards better management of transportation networks with the use of advanced technologies, which facilitate monitoring, and management of information. However, as the development of ITS services increases so does the users’ awareness regarding the degree of trust that they show on adopting this kind of services. The later has brought light to several security and privacy concerns that ITS analysts should consider when implementing various IT related services. This paper moves into this direction by identifying how risk analysis can interact with security and privacy requirements engineering world, in order to provide a holistic approach for reasoning about security and privacy in such complex environments like ITS systems. The key contribution of the paper is the conceptual alignment of three well-known methods (EBIOS, Secure Tropos and PriS) as the first step towards the design of a complete assurance framework that will assist analysts in designing safe and trustworthy ITS services.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ebios – expression des besoins et identification des objectifs de sécurité (2019). https://www.ssi.gouv.fr/guide/ebios-2010-expression-des-besoins-et-identification-des-objectifs-de-securite/

  2. Alberts, C., Dorofee, A., Stevens, J., Woody, C.: Introduction to the octave approach. Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst., Technical report (2003)

    Google Scholar 

  3. Després, J., et al.: An analysis of possible socio-economic effects of a cooperative, connected and automated mobility (CCAM) in Europe. EUR - Scientific and Technical Research Reports, Publications Office of the European Union (2018)

    Google Scholar 

  4. Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: an agent-oriented software development methodology. Auton. Agent. Multi-Agent Syst. 8(3), 203–236 (2004)

    Article  Google Scholar 

  5. Chung, L., Nixon, B.A.: Dealing with non-functional requirements: three experimental studies of a process-oriented approach. In: Proceedings of the 17th International Conference on Software Engineering, pp. 25–37. ACM (1995)

    Google Scholar 

  6. Colombo, P., Ferrari, E.: Towards a modeling and analysis framework for privacy-aware systems. In: Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Conference on Social Computing (SocialCom), pp. 81–90. IEEE (2012)

    Google Scholar 

  7. Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 16(1), 3–32 (2011)

    Article  Google Scholar 

  8. Diamantopoulou, V., Kalloniatis, C., Gritzalis, S., Mouratidis, H.: Supporting privacy by design using privacy process patterns. In: De Capitani di Vimercati, S., Martinelli, F. (eds.) SEC 2017. IAICT, vol. 502, pp. 491–505. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58469-0_33

    Chapter  Google Scholar 

  9. Diamantopoulou, V., Pavlidis, M., Mouratidis, H.: Evaluation of a security and privacy requirements methodology using the physics of notation. In: Katsikas, S.K., Cuppens, F., Cuppens, N., Lambrinoudakis, C., Kalloniatis, C., Mylopoulos, J., Antón, A., Gritzalis, S. (eds.) CyberICPS/SECPRE -2017. LNCS, vol. 10683, pp. 210–225. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72817-9_14

    Chapter  Google Scholar 

  10. European Commission: Communication from the commission to the european parliament, the council, the european economic and social committee, the committee of the regions, on the road to automated mobility: An eu strategy for mobility of the future (2018)

    Google Scholar 

  11. Faßbender, S., Heisel, M., Meis, R.: Functional requirements under security pressure. In: 2014 9th International Conference on Software Paradigm Trends (ICSOFT-PT), pp. 5–16. IEEE (2014)

    Google Scholar 

  12. Faßbender, S., Heisel, M., Meis, R.: Problem-based security requirements elicitation and refinement with PresSuRE. In: Holzinger, A., Cardoso, J., Cordeiro, J., Libourel, T., Maciaszek, L.A., van Sinderen, M. (eds.) ICSOFT 2014. CCIS, vol. 555, pp. 311–330. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-25579-8_18

    Chapter  Google Scholar 

  13. Fredriksen, R., Kristiansen, M., Gran, B.A., Stølen, K., Opperud, T.A., Dimitrakos, T.: The coras framework for a model-based risk management process. In: International Conference on Computer Safety, Reliability, and Security, pp. 94–105. Springer, Boston (2002)

    Google Scholar 

  14. Haley, C., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)

    Article  Google Scholar 

  15. Islam, S., Ouedraogo, M., Kalloniatis, C., Mouratidis, H., Gritzalis, S.: Assurance of security and privacy requirements for cloud deployment models. IEEE Trans. Cloud Comput. 6(2), 387–400 (2015)

    Article  Google Scholar 

  16. Kalloniatis, C.: Designing privacy-aware systems in the cloud. In: Fischer-Hübner, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2015. LNCS, vol. 9264, pp. 113–123. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22906-5_9

    Chapter  Google Scholar 

  17. Kalloniatis, C.: Incorporating privacy in the design of cloud-based systems: a conceptual meta-model. Inf. Comput. Secur. 25(5), 614–633 (2017)

    Article  Google Scholar 

  18. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Pris methodology: incorporating privacy requirements into the system design process. In: Mylopoulos, J., Spafford, G., (eds.) Proceedings of the SREIS 2005 13th IEEE International Requirements Engineering Conference-Symposium on Requirements Engineering for Information Security (2005)

    Google Scholar 

  19. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requir. Eng. 13(3), 241–255 (2008)

    Article  Google Scholar 

  20. Kalloniatis, C., Kavakli, E., Kontellis, E.: PRIS tool: A case tool for privacy-oriented requirements engineering. In: MCIS, p. 71 (2009)

    Google Scholar 

  21. Kleberger, P., Olovsson, T., Jonsson, E.: Security aspects of the in-vehicle network in the connected car. In: 2011 IEEE Intelligent Vehicles Symposium (IV), pp. 528–533. IEEE (2011)

    Google Scholar 

  22. Labuschagne, W.B.L., et al.: A comparative framework for evaluating information security risk management methods. Rand Afrikaans University, Standard Bank Academy for Information Technology (2004)

    Google Scholar 

  23. McKeefry, H.L.: Consumers get on board with connected cars (2016)

    Google Scholar 

  24. Mead, N.R., Stehney, T.: Security Quality Requirements Engineering (SQUARE) Methodology, vol. 30. ACM (2005)

    Google Scholar 

  25. Mouratidis, H.: A security oriented approach in the development of multiagent systems: applied to the management of the health and social care needs of older people in England. Ph.D. thesis, University of Sheffield (2004)

    Google Scholar 

  26. Mouratidis, H.: Secure software systems engineering: the secure tropos approach. JSW 6(3), 331–339 (2011)

    Article  Google Scholar 

  27. Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(02), 285–309 (2007)

    Article  Google Scholar 

  28. Mouratidis, H., Islam, S., Kalloniatis, C., Gritzalis, S.: A framework to support selection of cloud providers based on security and privacy requirements. J. Syst. Softw. 86(9), 2276–2293 (2013)

    Article  Google Scholar 

  29. général de la défense nationale Direction centrale de la sécurité des systèmes d’information, P.M.S.: The ebios method, expression of needs and identification of security objectives

    Google Scholar 

  30. Parliament, E.: Self-driving cars in the EU: from science fiction to reality (2019)

    Google Scholar 

  31. Petit, J., Shladover, S.E.: Potential cyberattacks on automated vehicles. IEEE Trans. Intell. Transp. Syst. 16(2), 546–556 (2015)

    Google Scholar 

  32. Sabouri, A., Rannenberg, K.: ABC4Trust: protecting privacy in identity management by bringing privacy-ABCs into real-life. In: Camenisch, J., Fischer-Hübner, S., Hansen, M. (eds.) Privacy and Identity 2014. IAICT, vol. 457, pp. 3–16. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18621-4_1

    Chapter  Google Scholar 

  33. Salini, P., Kanmani, S.: Application of model oriented security requirements engineering framework for secure e-voting. In: 2012 CSI Sixth International Conference on Software Engineering (CONSEG), pp. 1–6. IEEE (2012)

    Google Scholar 

  34. Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2009)

    Article  Google Scholar 

  35. Stolen, K., den Braber, F., Dimitrakos, T., Fredriksen, R., Gran, B.A., Houmb, S.H., Lund, M.S., Stamatiou, Y., Aagedal, J.: Model-based risk assessment-the CORAS approach. In: iTrust Workshop (2002)

    Google Scholar 

  36. Van Lamsweerde, A.: Goal-oriented requirements engineering: A guided tour. In: Fifth IEEE International Symposium on Requirements Engineering, 2001, Proceedings, pp. 249–262. IEEE (2001)

    Google Scholar 

  37. Yazar, Z.: A qualitative risk analysis and management tool-CRAMM. SANS InfoSec Read. Room White Paper 11, 12–32 (2002)

    Google Scholar 

  38. Yu, E.: Modelling strategic relationships for process reengineering. Soc. Model. Requir. Eng. 11, 2011 (2011)

    Google Scholar 

  39. Zhang, T., Antunes, H., Aggarwal, S.: Defending connected vehicles against malware: challenges and a solution framework. IEEE IoT J. 1(1), 10–21 (2014)

    Google Scholar 

Download references

Acknowledgment

This work is a part of the SAFERtec project. SAFERtec has received funding from the European Union’s Horizon 2020 research & innovation programme under grant agreement no 732319. Content reflects only the authors’ view and European Commission is not responsible for any use that may be made of the information it contains.

Author information

Authors and Affiliations

  1. Department of Digital Systems, University of Piraeus, 150 Androutsou Street, 18532, Piraeus, Greece

    Vasiliki Diamantopoulou, Christos Lyvas, Konstantinos Maliatsos, Athanasios Kanatas & Costas Lambrinoudakis

  2. Department of Cultural Technology and Communication, University of the Aegean, University Hill, 81100, Lesvos, Greece

    Christos Kalloniatis

  3. Airbus CyberSecurity, Metapole, 1 Boulevard Jean Moulin, Elancourt, 78996, France

    Matthieu Gay

Authors
  1. Vasiliki Diamantopoulou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christos Kalloniatis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christos Lyvas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Konstantinos Maliatsos
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Matthieu Gay
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Athanasios Kanatas
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Costas Lambrinoudakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vasiliki Diamantopoulou .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. Polytechnique Montréal, Montréal, QC, Canada

    Frédéric Cuppens

  3. Polytechnique Montréal, Montréal, QC, Canada

    Nora Cuppens

  4. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  5. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  6. Department of Computer Science, University of Toronto, Toronto, ON, Canada

    John Mylopoulos

  7. Georgia Institute of Technology, Atlanta, GA, USA

    Annie AntĂłn

  8. University of Piraeus, Piraeus, Greece

    Stefanos Gritzalis

  9. Technical University of Denmark, Lyngby, Denmark

    Weizhi Meng

  10. University of Nottingham, Nottingham, UK

    Steven Furnell

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Diamantopoulou, V. et al. (2020). Aligning the Concepts of Risk, Security and Privacy Towards the Design of Secure Intelligent Transport Systems. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE ADIoT 2020 2020 2020. Lecture Notes in Computer Science(), vol 12501. Springer, Cham. https://doi.org/10.1007/978-3-030-64330-0_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-64330-0_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-64329-4

  • Online ISBN: 978-3-030-64330-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation