Addressing privacy requirements in system design: the PriS method

Lunheim R, Sindre GS (1994) Privacy and computing: a cultural perspective. Security and control of information technology. In: Sizer R (ed) A Society (A-43)/x. Elsevier, North Holland, pp 25–40

Fischer-Hübner S (2001) IT-security and privacy, design and use of privacy enhancing security mechanisms. Lect Notes Comp Sci, vol. 1958. Springer, Berlin

Cannon JC (2004) Privacy, what developers and IT professionals should know. Addison-Wesley, Reading

Koorn R, van Gils H, ter Hart J, Overbeek P, Tellegen R Privacy Enhancing Technologies, White paper for Decision Makers. Ministry of the Interior and Kingdom Relations, the Netherlands, December 2004

University of the Aegean, E-Vote: an Internet-based electronic voting system. University of the Aegean, Project Deliverable D 7.6, IST Programme 2000#29518, 21 October 2003, Samos

Kavakli E, Gritzalis S, Kalloniatis C (2007) Protecting privacy in system design: the electronic voting case. Transf Gov People Process Policy 1(4):307–332. doi: 10.1108/17506160710839150

Kavakli E, Kalloniatis C, Loucopoulos P, Gritzalis S (2006) “Incorporating Privacy Requirements into the System Design Process: The PriS Conceptual Framework”, Internet research, special issue on privacy and anonymity in the digital era: theory. Technol Pract 16(2):140–158

Kalloniats C, Kavakli E, Gritzalis S (2005) Dealing with privacy issues during the system design process, 5th IEEE International Symposium on Signal Processing and Information Technology, 18–21 December 2005, Athens, Greece

Loucopoulos P, Kavakli V (1999) Enterprise knowledge management and conceptual modelling. LNCS, vol. 1565. Springer, Berlin, pp 123–143

Loucopoulos P (2000) From information modelling to enterprise modelling. In: Information systems engineering: state of the art and research themes. Springer, Berlin, pp 67–78

Kalloniatis C, Kavakli E, Gritzalis S (2007) Using privacy process patterns for incorporating privacy requirements into the system design process, Workshop on Secure Software Engineering (SecSe 2007) in conjunction with the International Conference on Availability, Reliability and Security (ARES 2007), April 2007, Vienna, Austria

Kavakli V (2002) Goal oriented requirements engineering: a unifying framework. Req Eng J 6(4):237–251. Springer, London

META Group Report v1.1 (2005) Privacy Enhancing Technology. March 2005

Code of Fair Information Practices (The) (1973), US Department of Health, Education and Welfare

Chung L (1993) Dealing with Security Requirements during the development of Information Systems, CaiSE ‘93, The 5th International Conference of Advanced Information System Engineering. Paris, France, pp 234–251

Mylopoulos J, Chung L, Nixon B (1992) Representing and using non-functional requirements: a process oriented approach. IEEE Trans Softw Eng 18:483–497. doi: 10.1109/32.142871

Liu L, Yu E, Mylopoulos J (2003) Security and privacy requirements analysis within a social setting, 11th IEEE International Requirements Engineering Conference (RE’03), Monterey Bay, California, USA, pp 151–161

Mouratidis H, Giorgini P, Manson G (2003) An ontology for modelling security: the Tropos project, Proceedings of the KES 2003 Invited Session Ontology and Multi-Agent Systems Design (OMASD’03), UK, University of Oxford, Palade V, Howlett RJ, Jain L (eds) Lecture Notes in Artificial Intelligence 2773, Springer 2003, pp 1387–1394

Mouratidis H, Giorgini P, Manson G (2003) Integrating Security and Systems Engineering: towards the modelling of secure information systems, CAiSE ‘03, LNCS 2681. Springer, Berlin, pp 63–78

van Lamsweerde A, Letier E (2000) Handling obstacles in goal-oriented requirements engineering. IEEE Trans Softw Eng 26:978–1005. doi: 10.1109/32.879820

Liu L, Yu E, Mylopoulos J (2002) Analyzing security requirements as relationships among strategic actors, (SREIS’02), e-proceedings available at http://www.sreis.org/old/2002/finalpaper9.pdf , Raleigh, North Carolina

He Q, Antόn IA (2003) A Framework for modelling privacy requirements in role engineering, International Workshop on Requirements Engineering for Software Quality (REFSQ), 16–17 June 2003, Austria Klagenfurt/Velden, pp 115–124

Moffett DJ, Nuseibeh AB (2003) A framework for security requirements engineering. Report YCS 368, Department of Computer Science, University of York

Antόn IA (1996) Goal-based requirements analysis, ICRE ‘96 IEEE Colorado Springs, Colorado, USA, pp 136–144

Antόn IA, Earp BJ (2000) Strategies for developing policies and requirements for secure electronic commerce systems. 1st ACM Workshop on Security and Privacy in E-Commerce (CCS 2000), 1–4 November 2000, unnumbered pages

Bellotti V, Sellen A (1993) Design for privacy in ubiquitous computing environments. In: Michelis G, Simone C, Schmidt K (eds) Proceedings of the Third European Conference on Computer Supported Cooperative Work—ECSCW 93, pp 93–108

Hong JI, Ng J, Lederer S, Landay JA (2004) Privacy risk models for designing privacy-sensitive ubiquitous computing systems, Designing Interactive Systems, Boston MA

Jensen C, Tullio J, Potts C, Mynatt DE (2005) STRAP: a structured analysis framework for privacy, GVU Technical Report

Anonymizer, available at www.anonymizer.com

Reiter KM, Rubin DA (1998) Crowds: anonymity for web transactions. ACM Trans Inf Syst Secur 1(1):66–92. doi: 10.1145/290163.290168

Reiter KM, Rubin DA (1999) Anonymous web transactions with crowds. Commun ACM 42(2):32–38. doi: 10.1145/293411.293778

Reed M, Syverson P, Goldschlag D (1998) Anonymous connections and Onion Routing. IEEE J Sel Areas Comm 16(4):482–494. doi: 10.1109/49.668972

Goldschlag D, Syverson P, Reed M (1999) Onion Routing for anonymous and private Internet connections. Commun ACM 42(2):39–41. doi: 10.1145/293411.293443

Chaum D (1985) Security without identification: transactions systems to make Big Brother Obsolete. Commun ACM 28(10):1030–1044. doi: 10.1145/4372.4373

Chaum D (1988) The dining cryptographers problem: unconditional sender and recipient untraceability. J Cryptol 1(1):65–75. doi: 10.1007/BF00206326

Chaum D (1981) untraceable electronic mail, return addresses, and digital pseudonyms. Commun ACM 24(2):84–88. doi: 10.1145/358549.358563

Pfitzmann A, Waidner M (1987) Networks without user Observability. Comput Secur 6(2):158–166

Shields C, Levine NB (2000) A protocol for anonymous communication over the Internet. In: Samarati P, Jajodia S (eds) Proceedings of the 7th ACM Conference on Computer and Communications Security. ACM Press, New York, 33–42

Bennett K, Grothoff C (2003) GAP-Practical Anonymous networking. Proceeding of the Workshop on PET2003 Privacy Enhancing Technologies. Available at http://www.citeseer.nj.nec.com/bennett02gap.html

Dingledine R, Mathewson N, Syverson PT (2004) The second-generator Onion Router. Proceedings of the 13th USENIX Security Symposium, San Diego, CA, USA

Amoroso EG AT&T Bell Laboratories (1994) Fundamentals of computer security technology. P.T. R. Prentice Hall, ISBN 0-13-108929-3

Schneier B (1999) Attack trees 21–29. Dr Dobb’s J Softw Tools 24 12(12):21–29

John MCF (1999) Using abuse case models for security requirements analysis, 15th Annual Computer Security Applications Conference (ACSAC ‘99), pp 55

Sindre G, Opdahl AL (2005) Eliciting security requirements with misuse cases. Requir Eng 10(1):34–44. doi: 10.1007/s00766-004-0194-4

Sindre G, Opdahl AL (2002) Templates for misuse case description. In: Proceedings of the Seventh International Workshop on Requirements Engineering: Foundations for Software Quality—REFSQ’2001, Camille BA, et al (eds) Essener Informatik BeitrÃge, University of Essen, Germany, pp 125–136

Alexander I (2003) Use/misuse case analysis elicits non-functional requirements. Comput Contr Eng J 14(1):40–45. doi: 10.1049/cce:20030108

Firesmith D (2003) Security use cases. J Object Technol 2(1):53–64

Lin L, Nuseibeh B, Ince D, Jackson M, Moffett JD (2003) Introducing abuse frames for analysing security requirements. Requirements Engineering 2003, 11th IEEE International Conference on Requirements Engineering (RE 2003), 8–12 September 2003, Monterey Bay, CA, USA. IEEE Computer Society 2003, pp 371–372

European Parliament and the Council: Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and of the free movement of such data. October 1995