共同创建安全与隐私设计系统

2016 11th International Conference on Availability, Reliability and Security (ARES) Pub Date : 2016-08-01 DOI:10.1109/ARES.2016.74

Sauro Vicini, Francesco Alberti, Nicolás Notario, A. Crespo, J. Troncoso-Pastoriza, A. Sanna

{"title":"共同创建安全与隐私设计系统","authors":"Sauro Vicini, Francesco Alberti, Nicolás Notario, A. Crespo, J. Troncoso-Pastoriza, A. Sanna","doi":"10.1109/ARES.2016.74","DOIUrl":null,"url":null,"abstract":"The elicitation and the analysis of security and privacy requirements are generally intended as being mainly performed by field experts. In this paper we show how it is possible to integrate practical Co-Creation processes into Security-and-Privacy-by-Design methodologies. In addition, we present some guidelines showing how it is possible to translate the high-level requirements obtained from the end-user engaging into verifiable low-level requirements and technological requirements. The paper demonstrates as well the feasibility of our approach by applying it in two realistic scenarios where the outsourcing of personal and sensitive data requires high-level of security and privacy.","PeriodicalId":216417,"journal":{"name":"2016 11th International Conference on Availability, Reliability and Security (ARES)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Co-creating Security-and-Privacy-by-Design Systems\",\"authors\":\"Sauro Vicini, Francesco Alberti, Nicolás Notario, A. Crespo, J. Troncoso-Pastoriza, A. Sanna\",\"doi\":\"10.1109/ARES.2016.74\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The elicitation and the analysis of security and privacy requirements are generally intended as being mainly performed by field experts. In this paper we show how it is possible to integrate practical Co-Creation processes into Security-and-Privacy-by-Design methodologies. In addition, we present some guidelines showing how it is possible to translate the high-level requirements obtained from the end-user engaging into verifiable low-level requirements and technological requirements. The paper demonstrates as well the feasibility of our approach by applying it in two realistic scenarios where the outsourcing of personal and sensitive data requires high-level of security and privacy.\",\"PeriodicalId\":216417,\"journal\":{\"name\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 11th International Conference on Availability, Reliability and Security (ARES)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2016.74\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 11th International Conference on Availability, Reliability and Security (ARES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2016.74","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

安全和隐私需求的引出和分析通常主要由现场专家进行。在本文中，我们展示了如何将实际的共同创建过程集成到设计安全和隐私方法中。此外，我们提出了一些指导方针，展示了如何将从终端用户获得的高级需求转化为可验证的低级需求和技术需求。本文还通过将我们的方法应用于两种实际情况来证明我们的方法的可行性，其中个人和敏感数据的外包需要高度的安全性和隐私性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Co-creating Security-and-Privacy-by-Design Systems

The elicitation and the analysis of security and privacy requirements are generally intended as being mainly performed by field experts. In this paper we show how it is possible to integrate practical Co-Creation processes into Security-and-Privacy-by-Design methodologies. In addition, we present some guidelines showing how it is possible to translate the high-level requirements obtained from the end-user engaging into verifiable low-level requirements and technological requirements. The paper demonstrates as well the feasibility of our approach by applying it in two realistic scenarios where the outsourcing of personal and sensitive data requires high-level of security and privacy.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 11th International Conference on Availability, Reliability and Security (ARES)

自引率

0.00%

发文量