Confis: a tool for privacy and security analysis and conflict resolution for supporting GDPR compliance through privacy-by-design
Conference paper
Alkubaisy, D., Piras, L., Al-Obeidallah, M., Cox, K. and Mouratidis, H. 2021. Confis: a tool for privacy and security analysis and conflict resolution for supporting GDPR compliance through privacy-by-design. Ali, R., Kaindl, H. and Maciaszek, L. (ed.) 16th International Conference on Evaluation of Novel Approaches to Software Engineering. Virtual 26 - 27 Apr 2021 SCITEPRESS - Science and Technology Publications. pp. 80-91 https://doi.org/10.5220/0010406100800091
Type | Conference paper |
---|---|
Title | Confis: a tool for privacy and security analysis and conflict resolution for supporting GDPR compliance through privacy-by-design |
Authors | Alkubaisy, D., Piras, L., Al-Obeidallah, M., Cox, K. and Mouratidis, H. |
Abstract | Privacy and security requirements, and their potential conflicts, are increasingly having more and more importance. It is becoming a necessary part to be considered, starting from the very early stages of requirements engineering, and in the entire software engineering cycle, for the design of any software system. In the last few years, this has been even more emphasized and required by the law. A relevant example is the case of the General Data Protection Regulation (GDPR), which requires organizations, and their software engineers, to enforce and guarantee privacy-by-design to make their platforms compliant with the regulation. In this context, complex activities related to privacy and security requirements elicitation, analysis, mapping and identification of potential conflicts, and the individuation of their resolution, become crucial. In the literature, there is not available a comprehensive requirement engineering oriented tool for supporting the requirements analyst. In this p aper, we propose ConfIs, a tool for supporting the analyst in performing a process covering these phases in a systematic and interactive way. We present ConfIs and its process with a realistic example from DEFeND, an EU project aiming at supporting organizations in achieving GDPR compliance. In this context, we evaluated ConfIs by involving privacy/security requirements experts, which recognized our tool and method as supportive, concerning these complex activities. |
Keywords | Security Requirements; Privacy Requirements; Requirements Conflicts; General Data Protection Regulation (GDPR); Requirements Modelling; Privacy by Design |
Sustainable Development Goals | 9 Industry, innovation and infrastructure |
Middlesex University Theme | Creativity, Culture & Enterprise |
Conference | 16th International Conference on Evaluation of Novel Approaches to Software Engineering |
Page range | 80-91 |
Proceedings Title | Proceedings of the 16th International Conference on Evaluation of Novel Approaches to Software Engineering ENASE - Volume 1 |
Editors | Ali, R., Kaindl, H. and Maciaszek, L. |
ISSN | 2184-4895 |
ISBN | 9789897585081 |
Publisher | SCITEPRESS - Science and Technology Publications |
Publication dates | |
26 Apr 2021 | |
Publication process dates | |
Accepted | 05 Feb 2021 |
Deposited | 02 May 2024 |
Output status | Published |
Publisher's version | License All rights reserved File Access Level Open |
Copyright Statement | The published paper is reproduced in the Middlesex University Research Repository with permission. |
Digital Object Identifier (DOI) | https://doi.org/10.5220/0010406100800091 |
Web of Science identifier | WOS:000783843700007 |
Web address (URL) of conference proceedings | https://doi.org/10.5220/0000138800002927 |
Language | English |
https://repository.mdx.ac.uk/item/8v3y7
Download files
46
total views5
total downloads1
views this month2
downloads this month