nach oben

Arabian Journal for Science and Engineering

Erschienen in:

07.03.2021 | Research Article-Computer Engineering and Computer Science

P-STORE: Extension of STORE Methodology to Elicit Privacy Requirements

verfasst von: Md Tarique Jamal Ansari, Abdullah Baz, Hosam Alhakami, Wajdi Alhakami, Rajeev Kumar, Raees Ahmad Khan

Erschienen in: Arabian Journal for Science and Engineering | Ausgabe 9/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Implementing security and privacy requirements at every level of the software development cycle is imperative for ensuring optimum usability as well as the users’ satisfaction. Software development must consider and comply effectively with the risks involved in the privacy and protection of confidential data. This research study endeavors to integrate the standards of data protection along with the Security Threat Oriented Requirements Engineering (STORE) methodology in order to recognize the potential threats to privacy requirements. The proposed extension of the STORE methodology, called the P-STORE, is validated by a case study of the Healthcare Management Software (HMS) system project. Furthermore, we have used the integrated fuzzy AHP with fuzzy TOPSIS technique for the usability assessment of different privacy requirements engineering approaches including the P-STORE methodology. The study demonstrates that the P-STORE approach has the capability to elicit more efficient privacy requirements and that it allows the software engineer to arrange privacy requirements efficaciously.

Vorheriger Artikel Speckle Reducing Non-local Variational Framework Based on Maximum Mean Discrepancy

Nächster Artikel A Novel Three-parameter Weibull Distribution Parameter Estimation Using Chaos Simulated Annealing Particle Swarm Optimization in Civil Aircraft Risk Assessment

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Ari, A.A.A., Ngangmo, O.K., Titouna, C., Thiare, O., Mohamadou, A., & Gueroui, A.M.: Enabling privacy and security in cloud of things: architecture, applications, security & privacy challenges. Appl. Comput. Inf. (2019)

Ansari, M.T.J., & Pandey, D.: Risks, security, and privacy for HIV/AIDS data: Big Data perspective. In: Censorship, Surveillance, and Privacy: Concepts, Methodologies, Tools, and Applications, pp. 58–74. IGI Global (2019)

Zulkernine, M., & Ahamed, S. I.: Software security engineering: toward unifying software engineering and security engineering. In: Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues, pp. 215–233. IGI Global (2006)

Mead, N. R.: Security requirements engineering. Build Security In 2006-08, 10 (2008)

Mai, P.X.; Goknil, A.; Shar, L.K.; Pastore, F.; Briand, L.C.; Shaame, S.: Modeling security and privacy requirements: a use case-driven approach. Inf. Softw. Technol. 100, 165–182 (2018)CrossRef

Paja, E.; Dalpiaz, F.; Giorgini, P.: Modelling and reasoning about security requirements in socio-technical systems. Data Knowl. Eng. 98, 123–143 (2015)CrossRef

Baldassarre, M. T., Santa Barletta, V., Caivano, D., & Scalera, M.: Integrating security and privacy in software development. Softw. Qual. J. pp. 1–32 (2020)

Darr, E.: Health Services Management. Health Professions Press, Inc., Baltimore, MD. (1997)

Alotaibi, Y.K.; Federico, F.: The impact of health information technology on patient safety. Saudi Med. J. 38(12), 1173 (2017)CrossRef

10.

Earp, J.B.; Payton, F.C.: Dirty laundry: privacy issues for IT professionals. IT Prof. 2(2), 51–54 (2000)CrossRef

11.

Klar, R.: Selected impressions on the beginning of the electronic medical record and patient information. Methods Inf. Med. 43(05), 537–542 (2004)CrossRef

12.

Roukema, J.; Los, R.K.; Bleeker, S.E.; van Ginneken, A.M.; van der Lei, J.; Moll, H.A.: Paper versus computer: feasibility of an electronic medical record in general pediatrics. Pediatrics 117(1), 15–21 (2006)CrossRef

13.

Ayatollahi, H.; Bath, P.A.; Goodacre, S.: based versus computer-based records in the emergency department: staff preferences, expectations, and concerns. Health Inf. J. 15(3), 199–211 (2009)CrossRef

14.

ISO, E.: 27799: 2008 Health informatics. In: Information Security Management in Health Using ISO/IEC, 27002 (2008).

15.

Hash, J.; Bowen, P.; Johnson, A.; Smith, C.D.; Steinberg, D.I.: An introductory resource guide for implementing the health insurance portability and accountability act (HIPAA) security rule. US Department of Commerce, Technology Administration, National Institute of Standards and Technology (2005)CrossRef

16.

Fassett, W.E.: Patient safety and quality improvement act of 2005. Ann. Pharmacother. 40(5), 917–924 (2006)CrossRef

17.

David Blumenthal, M.D.: Launching hitech. N. Engl. J. Med. 362(5), 382 (2010)CrossRef

18.

Austin, L.M.: Reviewing PIPEDA: control, privacy and the limits of fair information practices. Can. Bus. LJ 44, 21 (2006)

19.

Voigt, P., & Von dem Bussche, A.: The EU General Data Protection Regulation (GDPR). A Practical Guide, 1st Ed., Springer International Publishing, Cham (2017)

20.

Taylor, E.: UK schools, CCTV and the Data Protection Act 1998. J. Educ. Policy 26(1), 1–15 (2011)CrossRef

21.

Rao, S.: Information Technology Act: Consumers' Perspective. Econ. Political Wkly. pp. 3501–3503 (2001)

22.

Team, I. P.: EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide. IT Governance Ltd (2017)

23.

Tikkinen-Piri, C.; Rohunen, A.; Markkula, J.: EU general data protection regulation: changes and implications for personal data collecting companies. Comput. Law Secur. Rev. 34(1), 134–153 (2018)CrossRef

24.

Moses, L. B.: Recurring dilemmas: The law's race to keep up with technological change. U. Ill. JL Tech. &Pol'y, 239 (2007)

25.

Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J. H., Metayer, D. L., Tirtea, R., & Schiffner, S.: Privacy and data protection by design-from policy to engineering. arXiv preprint (2015)

26.

Ansari, M.T.J., Pandey, D., & Alenezi, M.: Store: security threat oriented requirements engineering methodology. J. King Saud Univ. Comput. Inf. Sci. (2018)

27.

Jensen, C.; Tullio, J.; Potts, C.; Mynatt, E.D.: STRAP: A Structured Analysis Framework for Privacy. Georgia Institute of Technology (2005)

28.

Mead, N.R.; Miyazaki, S.; Zhan, J.: Integrating privacy requirements considerations into security requirements engineering method and tool. Int. J. Inf. Priv. Secur. Integr. 1(1), 106–126 (2011)

29.

Deng, M.; Wuyts, K.; Scandariato, R.; Preneel, B.; Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 16(1), 3–32 (2011)CrossRef

30.

Spiekermann, S.; Cranor, L.F.: Engineering privacy. IEEE Trans. Softw. Eng. 35(1), 67–82 (2008)CrossRef

31.

Kalloniatis, C.; Kavakli, E.; Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requir. Eng. 13(3), 241–255 (2008)CrossRef

32.

He, Q., & Antón, A. I.: A framework for modeling privacy requirements in role engineering. In: Proceediings of REFSQ, Vol. 3, pp. 137–146 (2003)

33.

Meis, R.: Problem-Based Privacy Analysis (ProPAn): A Computer-aided Privacy Requirements Engineering Method. Universitaet Duisburg-Essen, Germany (2018)

34.

Liu, L., Yu, E., & Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: Proceedings. 11th IEEE International Requirements Engineering Conference, 2003, pp. 151–161. IEEE (2003)

35.

Beckers, K., Fabender, S., Heisel, M., & Meis, R. A problem-based approach for computer-aided privacy threat identification. In: Annual Privacy Forum, pp. 1–16. Springer, Berlin, Heidelberg (2012)

36.

Dalpiaz, F., Van der Schalk, I., &Lucassen, G.: Pinpointing ambiguity and incompleteness in requirements engineering via information visualization and NLP. In: International Working Conference on Requirements Engineering: Foundation for Software Quality, pp. 119–135. Springer, Cham (2018)

37.

Fernández, D.M.; Wagner, S.: Naming the pain in requirements engineering: A design for a global family of surveys and first results from Germany. Inf. Softw. Technol. 57, 616–643 (2015)CrossRef

38.

Sharp, H., Finkelstein, A., & Galal, G.: Stakeholder identification in the requirements engineering process. In: Proceedings of Tenth International Workshop on Database and Expert Systems Applications. DEXA 99, pp. 387–391. IEEE (1999)

39.

Fabian, B.; Gürses, S.; Heisel, M.; Santen, T.; Schmidt, H.: A comparison of security requirements engineering methods. Requir. Eng. 15(1), 7–40 (2010)CrossRef

40.

Glinz, M.; Wieringa, R.J.: Guest editors’ introduction: Stakeholders in requirements engineering. IEEE Softw. 24(2), 18–20 (2007)CrossRef

41.

Almorsy, M., Grundy, J., & Ibrahim, A. S.: Collaboration-based cloud computing security management framework. In: 2011 IEEE 4th International Conference on Cloud Computing, pp. 364–371. IEEE (2011)

42.

Spiekermann, S.: The challenges of privacy by design. Commun. ACM 55(7), 38–40 (2012)CrossRef

43.

Mead, N.R.; Stehney, T.: Security quality requirements engineering (SQUARE) methodology. ACM SIGSOFT Softw. Eng. Notes 30(4), 1–7 (2005)CrossRef

44.

Snyder, W.; Swiderski, F.: Threat modeling. Microsoft Press 35, 36–37 (2004)

45.

Xu, D.; Nygard, K.E.: Threat-driven modeling and verification of secure software using aspect-oriented Petri nets. IEEE Trans. Softw. Eng. 32(4), 265–278 (2006)CrossRef

46.

Kelly, J.C.; Sherif, J.S.; Hops, J.: An analysis of defect densities found during software inspections. J. Syst. Softw. 17(2), 111–117 (1992)CrossRef

47.

Porter, A.A.; Votta, L.G.; Basili, V.R.: Comparing detection methods for software requirements inspections: a replicated experiment. IEEE Trans. Softw. Eng. 21(6), 563–575 (1995)CrossRef

48.

Finkelstein, A., & Fuks, H.: Multiparty specification. In: Proceedings of the 5th International Workshop on Software Specification and Design, pp. 185–195 (1989)

49.

Cysneiros, L. M.: Requirements engineering in the health care domain. In: Proceedings IEEE Joint International Conference on Requirements Engineering, pp. 350–356. IEEE (2002)

50.

Saaty, T.L.: Decision making with the analytic hierarchy process. Int. J. Serv. Sci. 1(1), 83–98 (2008)

51.

Hwang, C. L., & Yoon, K.: Methods for multiple attribute decision making. In: Multiple attribute decision making, pp. 58–191. Springer, Berlin, Heidelberg (1981)

52.

Sharawat, K., & Dubey, S. K.: An approach to vendor selection on usability basis by AHP and fuzzy topsis method. In: Soft Computing: Theories and Applications, pp. 595–604. Springer, Singapore (2018)

53.

Masudin, I., & Saputro, T. E.: Evaluation of B2C website based on the usability factors by using fuzzy AHP & hierarchical fuzzy TOPSIS. In: IOP Conference Series: Materials Science and Engineering, Vol. 114, No. 1, p. 012091. IOP Publishing (2016)

54.

Nagpal, R.; Mehrotra, D.; Bhatia, P.K.; Sharma, A.: Rank university websites using fuzzy AHP and fuzzy TOPSIS approach on usability. Int. J. Inf. Eng. Electron. Bus. 7(1), 29 (2015)

55.

Atalay, K.D.; Eraslan, E.: Multi-criteria usability evaluation of electronic devices in a fuzzy environment. Hum. Factors Ergon. Manuf. Serv. Ind. 24(3), 336–347 (2014)CrossRef

56.

Cranor, L., & Garfinkel, S.: Security and usability. Retrieved 10 May 2020, from https://www.oreilly.com/library/view/security-and-usability/0596008279/ch04.html

Titel: P-STORE: Extension of STORE Methodology to Elicit Privacy Requirements
verfasst von: Md Tarique Jamal Ansari
Abdullah Baz
Hosam Alhakami
Wajdi Alhakami
Rajeev Kumar
Raees Ahmad Khan
Publikationsdatum: 07.03.2021
Verlag: Springer Berlin Heidelberg
Erschienen in: Arabian Journal for Science and Engineering / Ausgabe 9/2021
Print ISSN: 2193-567X
Elektronische ISSN: 2191-4281
DOI: https://doi.org/10.1007/s13369-021-05476-z

Premium Partner

Marktübersichten

Die im Laufe eines Jahres in der „adhäsion“ veröffentlichten Marktübersichten helfen Anwendern verschiedenster Branchen, sich einen gezielten Überblick über Lieferantenangebote zu verschaffen.

Zur Marktübersicht

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 9/2021

Teaching–Learning-Based Optimization Algorithm for Path Planning and Task Allocation in Multi-robot Plant Inspection System

Multidimensional Unified Processing Systems for Industrial Machines and its Controlling Mechanism

Enhancement Method for Color Retinal Fundus Images Based on Structural Details and Illumination Improvements

Structure, Electronic, Magnetic, and Elastic Properties of Cd0.75TM0.25O (TM = Mn, Fe, Co, and Ni) Compounds

A Novel Algorithm to Enrich Geographical Information Systems with Hybrid Data for Better Informed Decisions

Random Projection-Based Feature Transformation Using Metaheuristic Optimization Algorithm

Premium Partner

Marktübersichten