A soft computing approach for privacy requirements engineering: The PriS framework
Introduction
Privacy as a social and legal issue, traditionally, has been the concern of social scientists, philosophers and lawyers [1]. However, the extended use of various software applications in the context of basic e-services sets additional technology-related requirements for protecting the electronic privacy of individuals.
Nowadays, protecting privacy is focused on reducing the information collected and stored to a minimum, and deleting the information as soon as it has served its purpose. Most of today's e-services are relying on stored data, identifying the customer, his preferences and previous record of transactions. However, combining such data will in many cases constitute an invasion of privacy.
Privacy-related issues are many and varied, as privacy itself is a multifaceted concept. Privacy comes in many forms, relating to what one wishes to keep private. Review of current research, highlights the path for user privacy protection in terms of eight privacy requirements namely identification, authentication, authorization, data protection, anonymity, pseudonymity, unlinkability and unobservability [2], [3], [4]. The first three requirements are mainly security requirements but they are included due to their key role in the privacy protection. By addressing these requirements one aims to minimize or eliminate the collection of user identifiable data.
Research efforts aiming to the protection of user privacy fall in two main categories: security-oriented requirement engineering methodologies and privacy enhancing technologies. The former focus on methods and techniques for considering security issues (including privacy) during the early stages of system development and the latter describe technological solutions for assuring user privacy during system implementation. The main limitation of security requirement engineering methodologies is that they do not link the identified requirements with implementation solutions. Understanding the relationship between user needs and the capabilities of the supporting software systems is of critical importance. Privacy enhancing technologies, on the other hand, focus on the software implementation alone, irrespective of the organizational context in which the system will be incorporated. This lack of knowledge makes it difficult to determine which software solution best fits the organizational needs. A review on a number of well-known privacy requirements engineering methods can be found in Ref. [5].
To this end, PriS, a new security requirements engineering methodology, has been introduced aiming to incorporate privacy requirements early in the system development process. PriS models privacy requirements in terms of business goals and uses the concept of privacy process patterns for describing the impact of privacy goals onto the business processes and the associated software systems supporting these processes.
The conceptual model of PriS uses a goal hierarchy structure. Every privacy requirement is either applied or not on every goal. The representation of a privacy requirement that constraints a goal is achieved by the use of a variable which can take two values, zero and one. If one of the privacy requirements is applied on a specific goal the respective privacy variable will be assigned with the value of one otherwise will remain zero which was also its initial value. Thus, on every privacy-related goal seven privacy variables are applied and representing which privacy requirements constraint the goal and which not (since pseudonymity can be considered as part of anonymity, they are both addressed in one pattern). Following this way of working PriS ends up suggesting a number of implementation techniques based on the privacy requirements constraining the respective goals. While PriS successfully guides the developers through the implementation phase by suggesting a number of implementation techniques it fails to address the degree of participation of every privacy requirement for achieving the generic goal of privacy.
The contributions of this paper are the following: We present the PriS conceptual framework for privacy management in requirements engineering, along with a formal representation of PriS; we extend also the presented framework using a soft computing approach that enables the expression of preferences from independent participants in the system design process and their combined management using fuzzy metrics; the presented approach has also the advantage that it is not limited by the number of factors considered while evaluating a metric nor by the number of preferences considered.
The rest of this paper is structured as follows: Section 2 describes the PriS conceptual framework and way of working. Formal PriS is presented in Section 3. Section 4 presents the fuzzy extension of PriS. Finally, Section 5 concludes with pointers to future work.
Section snippets
PriS conceptual framework
PriS [6] is a security requirements engineering method, which incorporates privacy requirements early in the system development process. PriS considers privacy requirements as organizational goals that need to be satisfied and adopts the use of privacy process patterns as a way to: (a) describe the effect of privacy requirements on business processes; and (b) facilitate the identification of the system architecture that best supports the privacy-related business processes.
PriS provides a set of
Formal PriS
The following sections formally describe the four activities mentioned in Section 2.1.
Preliminary concepts on sets and fuzzy set theory
In this section, we present in brief the basic concepts and notations of set theory and fuzzy set theory. We use upper-case notation to denote sets for example A denotes a set. In order to denote that x is an element of a set A we use the notation x ∈ A. For every crisp set X there exists a characteristic membership function f that maps elements of X to the set {0,1}. For example, f(x) = 0 means that x does not belong to A where f(x) = 1 means that x is a member of A.
If every member of set A is also
Conclusions
A number of Privacy Enhancing Technologies (PETs) have been developed for realizing privacy. The purpose of PETs is to protect the privacy of individuals, while still enabling them to interact with other parties in a modern society, using electronic communications. Examples of PETs include the Anonymizer [17], Crowds [18], [19], Onion Routing [20], [21], Dc-Nets [22], [23], Mix-Nets [24], [25], Hordes [26], GAP [27], and Tor [28]. Nevertheless, PET's are usually addressed either directly at the
Acknowledgements
We would like to thank the anonymous reviewers for their insightful comments on previous versions of this paper.
References (29)
- et al.
Networks without user observability
Computers and Security
(1987) - et al.
Privacy and computing: a cultural perspective. Security and control of information technology
IT-security and privacy
(2001)Privacy
What Developers and IT Professionals Should Know
(2004)- et al.
Privacy enhancing technologies
- et al.
Methods for designing privacy aware information systems: a review
- et al.
Addressing privacy requirements in system design: the PriS method
Requirements Engineering
(2008) - et al.(1999)
From Information Modelling to Enterprise Modelling. Information Systems Engineering: State of the Art and Research Themes
(2000)- et al.
Protecting privacy in system design: the electronic voting case
Transforming Government People Process and Policy
(2007)
Fuzzy Sets and Fuzzy Logic
A comparison between probabilistic and Dempster–Shafer theory approaches to model uncertainty analysis in the performance assessment of radioactive waste repositories
Risk Analysis
Bayesian methodology for model uncertainty using model performance data
Risk Analysis
Review of books: a mathematical theory of evidence
The AI Magazine
Cited by (12)
Evidential cognitive maps
2012, Knowledge-Based SystemsCitation Excerpt :The DS theory of evidence, which was first proposed by Dempster [28] and then developed by Shafer [31], is regarded as a generalization of the Bayesian theory of probability. Due to its ability to handle uncertainty or imprecision embedded in the evidence, the DS theory has been increasingly applied in recent years [44–47,41,48–52], and applied to multiple attribute decision analysis problems [53–57]. In a cognitive map, experts’ opinions are reflected by the estimate of the degree of causation between nodes in the referred concept set, namely weight estimate.
Development and investigation of efficient artificial bee colony algorithm for numerical function optimization
2012, Applied Soft Computing JournalCitation Excerpt :Namely, PS-ABC owns an extremely fast convergence speed like I-ABC and very good search performance. Recently, the use of advanced soft computing techniques [29–43] is increasingly required in multitudinous applications for processing huge amounts of uncertain data. Soft computing, which is a consortium of powerful tools including Neural Networks, Fuzzy Systems, Evolutionary Computing, Swarm Intelligence and Probabilistic Reasoning, deals with imprecision, uncertainty, partial truth, and approximation to achieve tractability, robustness and low solution cost.
Applying Privacy by Design to Connected Healthcare Ecosystems
2023, Soft Computing Techniques in Connected Healthcare SystemsTowards User-Centered Privacy Adaptation Management: Insights from Privacy Research and a System-of-Systems Architecture
2023, Proceedings - 2023 IEEE 25th Conference on Business Informatics, CBI 2023Can social gamification and privacy co-exist? Identifying the major concerns
2021, ACM International Conference Proceeding SeriesPrivacy, security, legal and technology acceptance elicited and consolidated requirements for a GDPR compliance platform
2020, Information and Computer Security