Prof. Dr. Maritta Heisel
Raum BB 919
Tel. : +49 203 379 3465
Fax : +49 379 4490
E-Mail : maritta.heisel[at]uni-duisburg-essen.de

Research
  • Compliance [Veröffentlichungen]
  • Formal Methods [Veröffentlichungen]
  • Methodology [Veröffentlichungen]
  • Patterns [Veröffentlichungen]
  • Privacy
    Veröffentlichungen:

    QuickSearch:   Number of matching entries: 0.

    YearTitleAuthorJournal/ProceedingsPublisher
    2017 Computer-Aided Identification and Validation of Intervenability Requirements Meis, R. & Heisel, M. Information    
    Abstract: Privacy as a software quality is becoming more important these days and should not be underestimated during the development of software that processes personal data. The privacy goal of intervenability, in contrast to unlinkability (including anonymity and pseudonymity), has so far received little attention in research. Intervenability aims for the empowerment of end-users by keeping their personal data and how it is processed by the software system under their control. Several surveys have pointed out that the lack of intervenability options is a central privacy concern of end-users. In this paper, we systematically assess the privacy goal of intervenability and set up a software requirements taxonomy that relates the identi?ed intervenability requirements with a taxonomy of transparency requirements. Furthermore, we provide a tool-supported method to identify intervenability requirements from the functional requirements of a software system. This tool-supported method provides the means to elicit and validate intervenability requirements in a computer-aided way. Our combined taxonomy of intervenability and transparency requirements gives a detailed view on the privacy goal of intervenability and its relation to transparency. We validated the completeness of our taxonomy by comparing it to the relevant literature that we derived based on a systematic literature review. The proposed method for the identi?cation of intervenability requirements shall support requirements engineers to elicit and document intervenability requirements in compliance with the EU General Data Protection Regulation.
    BibTeX:
    @article{Information2017,
      year = {2017},
      title = {Computer-Aided Identification and Validation of Intervenability Requirements},
      author = {Meis, Rene and Heisel, Maritta},
      journal = {Information},
      volume = {8},
      number = {30},
      url = {http://www.mdpi.com/2078-2489/8/1/30},
      doi = {10.3390/info8010030}
    }
    
    2017 Towards Systematic Privacy and Operability (PRIOP) Studies Meis, R. & Heisel, M. ICT Systems Security and Privacy Protection   Springer  
    Abstract: The assessment of privacy properties of software systems gains more and more importance nowadays. This is, on the one hand because of increasing privacy concerns of end-users due to numerous reported privacy breaches, and on the other hand due to stricter data protection regulations, e.g., the EU General Data Protection Regulation that prescribes an assessment of the privacy implications that a project possibly has. The lack of systematic methods to assist a comprehensive and detailed privacy analysis makes it hard for analysts to address the end-users’ and legal requirements. In this paper, we adopt the principles of the hazard and operability (HAZOP) studies, which have successfully been used for safety analyses, to privacy to provide a systematic method to identify the relevant privacy threats for a software to be developed. We propose a method called privacy and operability (PRIOP) studies that allows to systematically analyze the potential privacy issues that a software to be developed might raise, based on the software’s functionality at the requirements level.
    BibTeX:
    @inproceedings{SEC17,
      year = {2017},
      title = {Towards Systematic Privacy and Operability ({PRIOP}) Studies},
      booktitle = {ICT Systems Security and Privacy Protection},
      author = {Meis, Rene and Heisel, Maritta},
      publisher = {Springer},
      volume = {502},
      series = {IFIP AICT},
      pages = {427--441},
      url = {http://dx.doi.org/10.1007/978-3-319-58469-0_29},
      doi = {10.1007/978-3-319-58469-0_29}
    }
    
    2017 Pattern-based Representation of Privacy Enhancing Technologies as Early Aspects Meis, R. & Heisel, M. Trust, Privacy, and Security in Digital Business   Springer International Publishing  
    Abstract: Several regulations and standards emphasize that privacy
    shall already be considered from the very beginning in software development.
    A crucial point during the development of a privacy-friendly
    software is the selection and integration of measures that implement speci
    c privacy requirements or mitigate threats to these. These measures
    are called privacy enhancing technologies (PETs). PETs have a crosscutting
    nature. That is, a PET needs often to be integrated into several
    base functionalities of the software-to-be. For example, anonymization
    techniques need to be integrated into functionalities that shall reveal
    originally identi able information in an anonymized form to others. One
    possibility to handle cross-cutting concerns already on the requirements
    level is aspect-oriented requirements engineering. In this paper, we show
    how PETs can be represented as early aspects and how these can be
    integrated into a given requirements model in problem frames notation.
    Furthermore, we show how PETs can be represented as patterns to help
    requirements engineers to identify and select appropriate PETs that address
    the privacy requirements they have to satisfy. We use the PET
    Privacy-ABCs (Attribute-Based Credentials) to illustrate our approach.
    BibTeX:
    @inproceedings{TrustBus17,
      year = {2017},
      title = {Pattern-based Representation of Privacy Enhancing Technologies as Early Aspects},
      booktitle = {Trust, Privacy, and Security in Digital Business},
      author = {Meis, Rene and Heisel, Maritta},
      publisher = {Springer International Publishing},
      volume = {10442},
      series = {LNCS},
      pages = {49--65},
      url = {https://doi.org/10.1007/978-3-319-64483-7_4},
      doi = {10.1007/978-3-319-64483-7_4}
    }
    
    2016 Supporting Privacy Impact Assessments using Problem-based Privacy Analysis Meis, R. & Heisel, M. Software Technologies - 10th International Joint Conference, ICSOFT 2015, Revised Selected Papers   Springer  
    Abstract: Privacy-aware software development is gaining more and more importance for nearly all information systems that are developed nowadays. As a tool to force organizations and companies to consider privacy properly during the planning and the execution of their projects, some governments advise to perform privacy impact assessments (PIAs). During a PIA, a report has to be created that summarizes the consequence on privacy the project may have and how the organization or company addresses these consequences. As basis for a PIA, it has to be documented which personal data is collected, processed, stored, and shared with others in the context of the project. Obtaining this information is a difficult task that is not yet well supported by existing methods. In this paper, we present a method based on the problem-based privacy analysis (ProPAn) that helps to elicit the needed information for a PIA systematically from a given set of functional requirements. Our tool-supported method shall reduce the effort that has to be spent to elicit the information needed to conduct a PIA in a way that the information is as complete and consistent as possible.
    BibTeX:
    @inproceedings{CCIS16,
      year = {2016},
      title = {Supporting Privacy Impact Assessments using Problem-based Privacy Analysis},
      booktitle = {Software Technologies - 10th International Joint Conference, {ICSOFT} 2015, Revised Selected Papers},
      author = {Meis, Rene and Heisel, Maritta},
      publisher = {Springer},
      volume = {586},
      series = {Communications in Computer and Information Science},
      pages = {79--98},
      url = {http://dx.doi.org/10.1007/978-3-319-30142-6_5},
      doi = {10.1007/978-3-319-30142-6_5}
    }
    
    2016 Computer-Aided Identification and Validation of Privacy Requirements Meis, R. & Heisel, M. Information   MDPI  
    Abstract: Privacy is a software quality that is closely related to security. The main difference is that security properties aim at the protection of assets that are crucial for the considered system, and privacy aims at the protection of personal data that are processed by the system. The identification of privacy protection needs in complex systems is a hard and error prone task. Stakeholders whose personal data are processed might be overlooked, or the sensitivity and the need of protection of the personal data might be underestimated. The later personal data and the needs to protect them are identified during the development process, the more expensive it is to fix these issues, because the needed changes of the system-to-be often affect many functionalities. In this paper, we present a systematic method to identify the privacy needs of a software system based on a set of functional requirements by extending the problem-based privacy analysis (ProPAn) method. Our method is tool-supported and automated where possible to reduce the effort that has to be spent for the privacy analysis, which is especially important when considering complex systems. The contribution of this paper is a semi-automatic method to identify the relevant privacy requirements for a software-to-be based on its functional requirements. The considered privacy requirements address all dimensions of privacy that are relevant for software development. As our method is solely based on the functional requirements of the system to be, we enable users of our method to identify the privacy protection needs that have to be addressed by the software-to-be at an early stage of the development. As initial evaluation of our method, we show its applicability on a small electronic health system scenario.
    BibTeX:
    @article{Information16,
      year = {2016},
      title = {Computer-Aided Identification and Validation of Privacy Requirements},
      author = {Meis, Rene and Heisel, Maritta},
      journal = {Information},
      publisher = {MDPI},
      volume = {7},
      number = {28},
      url = {http://www.mdpi.com/2078-2489/7/2/28},
      doi = {10.3390/info7020028}
    }
    
    2016 Understanding the Privacy Goal Intervenability Meis, R. & Heisel, M. Trust, Privacy, and Security in Digital Business   Springer  
    Abstract: Privacy is gaining more and more attention in society and hence, gains more importance as a software quality that has to be considered during software development. A privacy goal that has not yet been deeply studied is the empowerment of end-users to have control over how their personal data is processed by information systems. This privacy goal is called intervenability. Several surveys have shown that one of end-users’ main privacy concerns is the lack of intervenability options in information systems. In this paper, we refine the privacy goal intervenability into a software requirements taxonomy and relate it to a taxonomy of transparency requirements because transparency can be regarded as a prerequisite for intervenability. The combined taxonomy of intervenability and transparency requirements shall guide requirements engineers to identify the intervenability requirements relevant for the system they consider. We validated the completeness of our taxonomy by comparing it to the relevant literature that we derived based on a systematic literature review.
    BibTeX:
    @inproceedings{TrustBus16,
      year = {2016},
      title = {Understanding the Privacy Goal Intervenability},
      booktitle = {Trust, Privacy, and Security in Digital Business},
      author = {Meis, Rene and Heisel, Maritta},
      publisher = {Springer},
      volume = {9830},
      series = {LNCS},
      pages = {79--94},
      url = {https://link.springer.com/chapter/10.1007%2F978-3-319-44341-6_6},
      doi = {10.1007/978-3-319-44341-6_6}
    }
    
    2015 Systematic Identification of Information Flows from Requirements to support Privacy Impact Assessments Meis, R. & Heisel, M. ICSOFT-PT 2015 - Proc. of the 10th Int. Conf. on Software Paradigm Trends   SciTePress  
    Abstract: Several countries prescribe or advise government departments and
    organizations to perform a privacy impact assessment (PIA) if these
    prepare new projects or change existing ones that involve personal
    information. A PIA shall summarize what personal information is
    collected, processed, stored, and distributed in the context of the
    project. But there is only little support for undertaking a PIA and
    to create a PIA report, most countries only provide vague guidelines
    and simple templates. We present in this paper an extension of the
    problem-based privacy analysis (ProPAn) method that derives
    information needed to conduct a PIA from a requirements model in
    problem frame notation. We provide a formally specified method with
    well-defined steps and tool support to reduce the effort to be spent
    for eliciting the needed information and to ensure that the needed
    information is as complete and coherent as possible to form an
    adequate basis for the creation of a PIA report.
    BibTeX:
    @inproceedings{ICSOFT15,
      year = {2015},
      title = {Systematic Identification of Information Flows from Requirements to support Privacy Impact Assessments},
      booktitle = {{ICSOFT-PT} 2015 - Proc. of the 10th Int. Conf. on Software Paradigm Trends},
      author = {Meis, Rene and Heisel, Maritta},
      publisher = {SciTePress},
      pages = {43-52},
      url = {http://dx.doi.org/10.5220/0005518500430052},
      doi = {10.5220/0005518500430052}
    }
    
    2015 A Taxonomy of Requirements for the Privacy Goal Transparency Meis, R., Heisel, M. & Wirtz, R. Trust, Privacy, and Security in Digital Business   Springer  
    Abstract: Privacy is a growing concern during software
    development. Transparency--in the sense of increasing user's
    privacy-awareness--is a privacy goal that is not as deeply studied
    in the literature as the properties anonymity and unlinkability. To
    be compliant with legislation and standards, requirements engineers
    have to identify the requirements on transparency that are relevant
    for the software to be developed. To assist the identification
    process, we provide a taxonomy of transparency requirements derived
    from legislation and standards. This taxonomy is validated using
    related research which was identified using a systematic literature
    review. Our proposed taxonomy can be used by requirements engineers
    as basis to systematically identify the relevant transparency
    requirements leading to a more complete and coherent set of
    requirements.
    BibTeX:
    @inproceedings{TrustBus2015,
      year = {2015},
      title = {A Taxonomy of Requirements for the Privacy Goal Transparency},
      booktitle = {Trust, Privacy, and Security in Digital Business},
      author = {Meis, Rene and Heisel, Maritta and Wirtz, Roman},
      publisher = {Springer},
      series = {LNCS 9264},
      pages = {195-209},
      url = {http://dx.doi.org/10.5220/0005518500430052},
      doi = {10.5220/0005518500430052}
    }
    
    2014 A Problem-based Approach for Computer Aided Privacy Threat Identification Beckers, K., Faßbender, S., Heisel, M. & Meis, R. Privacy Technologies and Policy   Springer  
    Abstract: Recently, there has been an increase of reported privacy threats hitting
    large software systems. These threats can originate from stakeholders that are
    part of the system. Thus, it is crucial for software engineers to identify these
    privacy threats, refine these into privacy requirements, and design solutions that
    mitigate the threats.

    In this paper, we introduce our methodology named Problem-Based Privacy Analysis (ProPAn). The ProPAn method is an approach for identifying privacy threats during the requirements
    analysis of software systems using problem frame models. Our approach does not rely
    entirely on the privacy analyst to detect privacy threats, but allows a computer aided privacy
    threat identification that is derived from the relations between stakeholders, technology, and personal information in the system-to-be.

    To capture the environment of the system, e.g., stakeholders and other IT systems,
    we use problem frames, a requirements engineering approach founded on the modeling
    of a machine (system-to-be) in its environment (e.g. stakeholders, other software). We define a UML profile for privacy requirements and a reasoning technique that
    identifies stakeholders, whose personal information are stored or transmitted in the system-to-be and stakeholders from whom we have to protect this personal information. We illustrate our approach using an eHealth scenario provided by the industrial partners of the EU project NESSoS.

    BibTeX:
    @inproceedings{APF2012,
      year = {2014},
      title = {A Problem-based Approach for Computer Aided Privacy Threat Identification},
      booktitle = {Privacy Technologies and Policy},
      author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Heisel, Maritta and Meis, Rene},
      publisher = {Springer},
      volume = {8319},
      series = {LNCS},
      pages = {1-16},
      url = {http://dx.doi.org/10.1007/978-3-642-54069-1_1},
      doi = {10.1007/978-3-642-54069-1_1}
    }
    
    2014 Privacy-Aware Cloud Deployment Scenario Selection Beckers, K., Faßbender, S., Gritzalis, S., Heisel, M., Kalloniatis, C. & Meis, R. Trust, Privacy, and Security in Digital Business   Springer  
    Abstract: Nowadays, IT-resources are often out-sourced to clouds to reduce
    administration and hardware costs of the own IT
    infrastructure. There are different deployment scenarios for clouds
    that heavily differ in the costs for deployment and maintenance, but
    also in the number of stakeholders involved in the cloud and the
    control over the data in the cloud. These additional stakeholders
    can introduce new privacy threats into a system. Hence, there is a
    trade-off between the reduction of costs and addressing privacy
    concerns introduced by clouds. Our contribution is a structured
    method that assists decision makers in selecting an appropriate
    cloud deployment scenario. Our method is based on the privacy
    requirements of the system-to-be. These are analyzed on basis of the
    functional requirements using the problem-based privacy threat
    analysis (ProPAn). The concept of clouds is integrated into the
    requirements model, which is used by ProPAn to automatically generate
    privacy threat graphs.
    BibTeX:
    @inproceedings{TrustBus2014,
      year = {2014},
      title = {Privacy-Aware Cloud Deployment Scenario Selection},
      booktitle = {Trust, Privacy, and Security in Digital Business},
      author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Gritzalis, Stefanos and Heisel, Maritta and Kalloniatis, Christos and Meis, Rene},
      publisher = {Springer},
      series = {LNCS 8647},
      pages = {94-105},
      url = {http://dx.doi.org/10.1007/978-3-319-09770-1_9},
      doi = {10.1007/978-3-319-09770-1_9}
    }
    
    2012 A Foundation for Requirements Analysis of Privacy Preserving Software Beckers, K. & Heisel, M. Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2012)   Springer  
    Abstract: Privacy requirements are difficult to elicit for any given software engineering
    project that processes personal information. The problem is that these
    systems require personal data in order to achieve their functional requirements
    and privacy mechanisms that constrain the processing of personal information in
    such a way that the requirement still states a useful functionality.
    We present privacy patterns that support the expression and analysis of different
    privacy goals: anonymity, pseudonymity, unlinkability and unobservability.
    These patterns have a textual representation that can be instantiated. In addition,
    for each pattern, a logical predicate exists that can be used to validate the instantiation.
    We also present a structured method for instantiating and validating the
    privacy patterns, and for choosing privacy mechanisms. Our patterns can also be
    used to identify incomplete privacy requirements. The approach is illustrated by
    the case study of a patient monitoring system.
    BibTeX:
    @inproceedings{Beckers2012-ares3,
      year = {2012},
      title = {A Foundation for Requirements Analysis of Privacy Preserving Software},
      booktitle = {Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2012)},
      author = {Beckers, Kristian and Heisel, Maritta},
      publisher = {Springer},
      series = {LNCS 7465},
      pages = {1-16},
      url = {http://www.springerlink.com/}
    }
    

    Created by JabRef on 13/03/2018.

  • Requirements Engineering [Veröffentlichungen]
  • Safety [Veröffentlichungen]
  • Security [Veröffentlichungen]
  • Software Architecture [Veröffentlichungen]
  • Software Quality [Veröffentlichungen]
  • Test [Veröffentlichungen]