A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design

Conference paper

Alkubaisy, D., Piras, L., Al-Obeidallah, M., Cox, K. and Mouratidis, H. 2022. A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design. Ali, R., Kaindl, H. and Maciaszek, L. (ed.) 16th International Conference on Evaluation of Novel Approaches to Software Engineering. Virtual 26 - 27 Apr 2021 Cham Springer. https://doi.org/10.1007/978-3-030-96648-5_4
TypeConference paper
TitleA framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design
AuthorsAlkubaisy, D., Piras, L., Al-Obeidallah, M., Cox, K. and Mouratidis, H.
Abstract

Requirements elicitation, analysis, and, above all, early detection of conflicts and resolution, are among the most important, strategic, complex and crucial activities for preventing software system failures, and reducing costs related to reengineering/fixing actions. This is especially important when critical Requirements Classes are involved, such as Privacy and Security Requirements. Recently, organisations have been heavily fined for lack of compliance with data protection regulations, such as the EU General Data Protection Regulation (GDPR). GDPR requires organisations to enforce privacy-by-design activities from the early stages and for the entire software engineering cycle. Accordingly, requirements engineers need methods and tools for systematically identifying privacy and security requirements, detecting and solving related conflicts. Existing techniques support requirements identification without detecting or mitigating conflicts. The framework and tool we propose in this paper, called ConfIs, fills this gap by supporting engineers and organisations in these complex activities, with its systematic and interactive process. We applied ConfIs to a realistic GDPR example from the DEFeND EU Project, and evaluated its supportiveness, with positive results, by involving privacy and security requirements experts (This research is an extension of the study conducted by Alkubaisy et al. [1] – which itself is a continuation of earlier studies [2, 3] and aims to aid the reader in comprehensively grasping the concepts laid out).

KeywordsSecurity requirements; Privacy requirements; Requirements conflicts; GDPR; Requirements modelling; Privacy by design
Sustainable Development Goals9 Industry, innovation and infrastructure
Middlesex University ThemeCreativity, Culture & Enterprise
LanguageEnglish
Conference16th International Conference on Evaluation of Novel Approaches to Software Engineering
Proceedings TitleEvaluation of Novel Approaches to Software Engineering: 16th International Conference, ENASE 2021, Virtual Event, April 26-27, 2021, Revised Selected Papers
SeriesCommunications in Computer and Information Science
EditorsAli, R., Kaindl, H. and Maciaszek, L.
ISSN1865-0929
Electronic1865-0937
ISBN
Paperback9783030966478
Electronic9783030966485
PublisherSpringer
Place of publicationCham
Publication dates
Print11 Feb 2022
Publication process dates
Accepted15 Sep 2021
Deposited02 May 2024
Output statusPublished
Accepted author manuscript
File Access Level
Open
Digital Object Identifier (DOI)https://doi.org/10.1007/978-3-030-96648-5_4
Web of Science identifierWOS:000771717200004
Permalink -

https://repository.mdx.ac.uk/item/8v3y6

Log in to edit

Download files

Accepted author manuscript
CCIS_ConfIs_Book_Chapter.pdf
File access level: Open

  • 5
    total views
  • 4
    total downloads
  • 5
    views this month
  • 4
    downloads this month

Export as

Related outputs

Gamification of E-Learning apps via acceptance requirements analysis
Calabrese, L., Piras, L., Al-Obeidallah, M., Egbikuadje, B. and Alkubaisy, D. 2024. Gamification of E-Learning apps via acceptance requirements analysis. 19th International Conference on Evaluation of Novel Approaches to Software Engineering. Angers, France 28 - 29 Apr 2024
FedREVAN: real-time detection of vulnerable Android source code through federated neural network with XAI
Senanayake, J., Kalutarage, H., Petrovski, A., Al-Kadri, M.O. and Piras, L. 2024. FedREVAN: real-time detection of vulnerable Android source code through federated neural network with XAI. ESORICS Workshop on Attacks and Software Protection (WASP). The Hague, The Netherlands 25 - 29 Sep 2023 Springer. pp. 426-441
Android code vulnerabilities early detection using AI-powered ACVED plugin
Senanayake, J., Kalutarage, H., Al-Kadri, M.O., Petrovski, A. and Piras, L. 2023. Android code vulnerabilities early detection using AI-powered ACVED plugin. Atluri, V. and Ferrara, A. (ed.) 37th Annual IFIP WG 11.3 Conference (DBSec 2023). Sophia-Antipolis, France 19 - 21 Jul 2023 Cham Springer. pp. 339–357 https://doi.org/10.1007/978-3-031-37586-6_20
Labelled vulnerability dataset on Android source code (LVDAndro) to develop AI-based code vulnerability detection models
Senanayake, J., Kalutarage, H., Al-Kadri, M.O., Piras, L. and Petrovski, A. 2023. Labelled vulnerability dataset on Android source code (LVDAndro) to develop AI-based code vulnerability detection models. International Conference on Security and Cryptography (SECRYPT) 2023. Rome, Italy 10 - 12 Jul 2023 Rome (IT) SciTePress. pp. 659-666 https://doi.org/10.5220/0012060400003555
Goal-modeling privacy-by-design patterns for supporting GDPR compliance
Al-Obeidallah, M., Piras, L., Iloanugo, O., Mouratidis, H., Alkubaisy, D and Dellagiacoma, D. 2023. Goal-modeling privacy-by-design patterns for supporting GDPR compliance. International Conference on Software Technologies (ICSOFT). Rome (Italy) 10 - 12 Jul 2023 Rome (IT) SciTePress. https://doi.org/10.5220/0012080700003538
Android source code vulnerability detection: a systematic literature review
Senanayake, J., Kalutarage, H., Al-Kadri, M.O., Petrovski, A. and Piras, L. 2023. Android source code vulnerability detection: a systematic literature review. ACM Computing Surveys. 55 (9). https://doi.org/10.1145/3556974
Supporting the individuation, analysis and gamification of software components for acceptance requirements fulfilment
Calabrese, F., Piras, L. and Giorgini, P. 2022. Supporting the individuation, analysis and gamification of software components for acceptance requirements fulfilment. Barn, B. and Sandkuhl, K (ed.) IFIP Working Conference on The Practice of Enterprise Modeling. London 23 - 25 Nov 2022 Springer. pp. 33-48 https://doi.org/10.1007/978-3-031-21488-2_3
Developing secured Android applications by mitigating code vulnerabilities with machine learning
Senanayake, J., Kalutarage, H., Al-Kadri, M., Petrovski, A. and Piras, L. 2022. Developing secured Android applications by mitigating code vulnerabilities with machine learning. ACM Asia Conference on Computer and Communications Security (ASIA CCS '22). Nagasaki, Japan 30 May - 03 Jun 2022 ACM. pp. 1255–1257 https://doi.org/10.1145/3488932.3527290
Confis: a tool for privacy and security analysis and conflict resolution for supporting GDPR compliance through privacy-by-design
Alkubaisy, D., Piras, L., Al-Obeidallah, M., Cox, K. and Mouratidis, H. 2021. Confis: a tool for privacy and security analysis and conflict resolution for supporting GDPR compliance through privacy-by-design. Ali, R., Kaindl, H. and Maciaszek, L. (ed.) 16th International Conference on Evaluation of Novel Approaches to Software Engineering. Virtual 26 - 27 Apr 2021 SciTePress. pp. 80-91 https://doi.org/10.5220/0010406100800091
Privacy, security, legal and technology acceptance requirements for a GDPR compliance platform
Tsohou, A., Magkos, M., Mouratidis, H., Chrysoloras, G., Piras, L., Pavlidis, M., Debussche, J., Rotoloni, M. and Gallego-Nicasio Crespo, B. 2020. Privacy, security, legal and technology acceptance requirements for a GDPR compliance platform. 2019 International Workshop on Security and Privacy Requirements Engineering. Luxembourg City, Luxembourg 26 - 27 Sep 2019 Springer. https://doi.org/10.1007/978-3-030-42048-2_14
DEFeND DSM: a data scope management service for model-based privacy by design GDPR compliance
Piras, L., Al-Obeidallah, M., Pavlidis, M., Mouratidis, H., Tsohou, A., Magkos, E., Praitano, A., Iodice, A. and Gallego-Nicasio Crespo, B. 2020. DEFeND DSM: a data scope management service for model-based privacy by design GDPR compliance. 17th International Conference on Trust and Privacy in Digital Business. Bratislava, Slovakia 14 - 17 Sep 2020 Springer. https://doi.org/10.1007/978-3-030-58986-8_13
Design thinking and acceptance requirements for designing gamified software
Piras, L., Dellagiacoma, D., Perini, A., Susi, A., Giorgini, P. and Mylopoulos, J. 2019. Design thinking and acceptance requirements for designing gamified software. 13th International Conference on Research Challenges in Information Science. Brussels, Belgium 29 - 31 May 2019 IEEE. pp. 1-12 https://doi.org/10.1109/rcis.2019.8876973
Goal-oriented requirements engineering: an extended systematic mapping study
Horkoff, J., Aydemir, F., Cardoso, E., Li, T., Mate, A., Paja, E., Salnitri, M., Piras, L., Mylopoulos, J. and Giorgini, P. 2019. Goal-oriented requirements engineering: an extended systematic mapping study. Requirements Engineering. 24 (2), pp. 133-160. https://doi.org/10.1007/s00766-017-0280-z
DEFeND architecture: a privacy by design platform for GDPR compliance
Piras, L., Al-Obeidallah, M., Praitano, A., Tsohou, A., Mouratidis, H., Gallego-Nicasio Crespo, B., Bernard, J., Fiorani, M., Magkos, E., Castillo Sanz, A., Pavlidis, M., D'Addario, R. and Zorzino, G. 2019. DEFeND architecture: a privacy by design platform for GDPR compliance. 16th International Conference on Trust, Privacy and Security in Digital Business. Linz, Austria 26 - 29 Aug 2019 Springer. https://doi.org/10.1007/978-3-030-27813-7_6
Goal models for acceptance requirements analysis and gamification design
Piras, L., Paja, E., Giorgini, P. and Mylopoulos, J. 2017. Goal models for acceptance requirements analysis and gamification design. Mayr, H.C., Guizzardi, G., Ma, H. and Pastor, O. (ed.) 36th International Conference on Conceptual Modeling. Valencia 2017 Cham Springer. pp. 223-230 https://doi.org/10.1007/978-3-319-69904-2_18
Gamification solutions for software acceptance: a comparative study of requirements engineering and organizational behavior techniques
Piras, L., Paja, E., Giorgini, P., Mylopoulos, J., Cuel, R. and Ponte, D. 2017. Gamification solutions for software acceptance: a comparative study of requirements engineering and organizational behavior techniques. 11th International Conference on Research Challenges in Information Science. Brighton, UK 10 - 12 May 2017 IEEE. pp. 255-265 https://doi.org/10.1109/rcis.2017.7956544
Acceptance requirements and their gamification solutions
Piras, L., Giorgini, P. and Mylopoulos, J. 2016. Acceptance requirements and their gamification solutions. IEEE 24th International Requirements Engineering Conference. Beijing, China 12 - 16 Sep 2016 IEEE. pp. 365-370 https://doi.org/10.1109/RE.2016.43
Using gamification to incentivize sustainable urban mobility
Kazhamiakin, Raman, Marconi, Annapaola, Perillo, Mirko, Pistore, Marco, Valetto, Giuseppe, Piras, Luca, Avesani, Francesco and Perri, Nicola 2015. Using gamification to incentivize sustainable urban mobility. IEEE International Smart Cities Conference. IEEE. https://doi.org/10.1109/ISC2.2015.7366196
A portable wireless-based architecture for solving minimum digital divide problems
Fenu, G. and Piras, L. 2008. A portable wireless-based architecture for solving minimum digital divide problems. 4th International Conference on Wireless and Mobile Communications. Athens, Greece 27 Jul - 01 Aug 2008 IEEE. pp. 130-136 https://doi.org/10.1109/icwmc.2008.21