Advanced Cloud Privacy Threat Modeling

Privacy-preservation for sensitive data has become a challenging issue in cloud computing. Threat modeling as a part of requirements engineering in secure software development provides a structured approach for identifying attacks and proposing countermeasures against the exploitation of vulnerabilities in a system . This paper describes an extension of Cloud Privacy Threat Modeling (CPTM) methodology for privacy threat modeling in relation to processing sensitive data in cloud computing environments. It describes the modeling methodology that involved applying Method Engineering to specify characteristics of a cloud privacy threat modeling methodology, different steps in the proposed methodology and corresponding products. We believe that the extended methodology facilitates the application of a privacy-preserving cloud software development approach from requirements engineering to design

Legal Compatibility as a Characteristic of Sociotechnical Systems

Legal compatibility as a characteristic of sociotechnical systems aims at the greatest possible compliance with higher-order legal goals for minimizing social risks of technical systems and extends legality, which refers to the prevention of lawlessness. The paper analyzes the criteria for legal compatibility by reviewing specifications of legally compatible systems and shows goals and resulting requirements to foster legal compatibility. These comprise the following areas: avoiding personal reference in data, ensuring information security, enabling freedom of decision, increasing transparency, ensuring traceability, and increasing usability, whereby traceability and the avoidance of personal reference pursue conflicting goals. The presentation of the goals including their dependencies, relationships, and conflicts in form of standardized requirements explains legal compatibility and summarizes the requirements necessary for the development of legally compatible Systems

BOF4WSS : a business-oriented framework for enhancing web services security for e-business

When considering Web services' (WS) use for online business-to-business (B2B) collaboration between companies, security is a complicated and very topical issue. This is especially true with regard to reaching a level of security beyond the technological layer, that is supported and trusted by all businesses involved. With appreciation of this fact, our research draws from established development methodologies to develop a new, business-oriented framework (BOF4WSS) to guide e-businesses in defining, and achieving agreed security levels across these collaborating enterprises. The approach envisioned is such that it can be used by businesses-in a joint manner-to manage the comprehensive concern that security in the WS environment has become

Designing Tablet Banking Apps for High-Net-Worth Individuals: Specifying Customer Requirements with Prototyping

Private banks with high-net-worth customers see a great potential in mobile information technology to provide more transparency in the advisory process. Previous literature has mainly focused on gathering requirements with regard to mobile banking applications targeted for retail customers or with regard to advisory services in physical proximity. This paper focuses on an mFAS which is designed for the private banking customer segment and facilitates location-independent customer relationships on a tablet. Furthermore, we specify previously established requirements with the Requirements Abstraction Model. In this study, we evaluated the requirements with a focus group involving seven domain experts. The results of this workshop suggest that most of the specified requirements meet the recommended practice for requirements specification. However, the experts only partly agreed that the presented requirements meet the completeness criterion, which guides future research endeavors

Exploring automated GDPR-compliance in requirements engineering : a systematic mapping study

The General Data Protection Regulation (GDPR), adopted in 2018, profoundly impacts information processing organizations as they must comply with this regulation. In this research, we consider GDPR-compliance as a high-level goal in software development that should be addressed at the outset of software development, meaning during requirements engineering (RE). In this work, we hypothesize that natural language processing (NLP) can offer a viable means to automate this process. We conducted a systematic mapping study to explore the existing literature on the intersection of GDPR, NLP, and RE. As a result, we identified 448 relevant studies, of which the majority (420) were related to NLP and RE. Research on the intersection of GDPR and NLP yielded nine studies, while 20 studies were related to GDPR and RE. Even though only one study was identified on the convergence of GDPR, NLP, and RE, the mapping results indicate opportunities for bridging the gap between these fields. In particular, we identified possibilities for introducing NLP techniques to automate manual RE tasks in the crossing of GDPR and RE, in addition to possibilities of using NLP-based machine learning techniques to achieve GDPR-compliance in RE

Requirements Engineering

Requirements Engineering (RE) aims to ensure that systems meet the needs of their stakeholders including users, sponsors, and customers. Often consid- ered as one of the earliest activities in software engineering, it has developed into a set of activities that touch almost every step of the software development process. In this chapter, we reflect on how the need for RE was first recognised and how its foundational concepts were developed. We present the seminal papers on four main activities of the RE process, namely (i) elicitation, (ii) modelling & analysis, (iii) as- surance, and (iv) management & evolution. We also discuss some current research challenges in the area, including security requirements engineering as well as RE for mobile and ubiquitous computing. Finally, we identify some open challenges and research gaps that require further exploration