A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design
Conference paper
Alkubaisy, D., Piras, L., Al-Obeidallah, M., Cox, K. and Mouratidis, H. 2022. A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design. Ali, R., Kaindl, H. and Maciaszek, L. (ed.) 16th International Conference on Evaluation of Novel Approaches to Software Engineering. Virtual 26 - 27 Apr 2021 Cham Springer. pp. 67-87 https://doi.org/10.1007/978-3-030-96648-5_4
Type | Conference paper |
---|---|
Title | A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design |
Authors | Alkubaisy, D., Piras, L., Al-Obeidallah, M., Cox, K. and Mouratidis, H. |
Abstract | Requirements elicitation, analysis, and, above all, early detection of conflicts and resolution, are among the most important, strategic, complex and crucial activities for preventing software system failures, and reducing costs related to reengineering/fixing actions. This is especially important when critical Requirements Classes are involved, such as Privacy and Security Requirements. Recently, organisations have been heavily fined for lack of compliance with data protection regulations, such as the EU General Data Protection Regulation (GDPR). GDPR requires organisations to enforce privacy-by-design activities from the early stages and for the entire software engineering cycle. Accordingly, requirements engineers need methods and tools for systematically identifying privacy and security requirements, detecting and solving related conflicts. Existing techniques support requirements identification without detecting or mitigating conflicts. The framework and tool we propose in this paper, called ConfIs, fills this gap by supporting engineers and organisations in these complex activities, with its systematic and interactive process. We applied ConfIs to a realistic GDPR example from the DEFeND EU Project, and evaluated its supportiveness, with positive results, by involving privacy and security requirements experts (This research is an extension of the study conducted by Alkubaisy et al. [1] – which itself is a continuation of earlier studies [2, 3] and aims to aid the reader in comprehensively grasping the concepts laid out). |
Keywords | Security requirements; Privacy requirements; Requirements conflicts; GDPR; Requirements modelling; Privacy by design |
Sustainable Development Goals | 9 Industry, innovation and infrastructure |
Middlesex University Theme | Creativity, Culture & Enterprise |
Conference | 16th International Conference on Evaluation of Novel Approaches to Software Engineering |
Page range | 67-87 |
Proceedings Title | Evaluation of Novel Approaches to Software Engineering: 16th International Conference, ENASE 2021, Virtual Event, April 26-27, 2021, Revised Selected Papers |
Series | Communications in Computer and Information Science (CCIS) |
Editors | Ali, R., Kaindl, H. and Maciaszek, L. |
ISSN | 1865-0929 |
Electronic | 1865-0937 |
ISBN | |
Paperback | 9783030966478 |
Electronic | 9783030966485 |
Publisher | Springer |
Place of publication | Cham |
Publication dates | |
Online | 11 Feb 2022 |
11 Feb 2022 | |
Publication process dates | |
Accepted | 15 Sep 2021 |
Deposited | 02 May 2024 |
Output status | Published |
Accepted author manuscript | File Access Level Open |
Copyright Statement | This version of the contribution has been accepted for publication, after peer review (when applicable) but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at: http://dx.doi.org/10.1007/978-3-030-96648-5_4 . Use of this Accepted Version is subject to the publisher’s Accepted Manuscript terms of use https://www.springernature.com/gp/open-research/policies/accepted-ma... |
Digital Object Identifier (DOI) | https://doi.org/10.1007/978-3-030-96648-5_4 |
Web of Science identifier | WOS:000771717200004 |
Web address (URL) of conference proceedings | https://doi.org/10.1007/978-3-030-96648-5 |
Language | English |
https://repository.mdx.ac.uk/item/8v3y6
Download files
38
total views21
total downloads3
views this month2
downloads this month