基于命名实体识别的隐私需求工程方法

2021 IEEE 29th International Requirements Engineering Conference Workshops (REW) Pub Date : 2021-09-01 DOI:10.1109/REW53955.2021.00072

Guntur Budi Herwanto, G. Quirchmayr, A. Tjoa

{"title":"基于命名实体识别的隐私需求工程方法","authors":"Guntur Budi Herwanto, G. Quirchmayr, A. Tjoa","doi":"10.1109/REW53955.2021.00072","DOIUrl":null,"url":null,"abstract":"The presence of experts, such as a data protection officer (DPO) and a privacy engineer is essential in Privacy Requirements Engineering. This task is carried out in various forms including threat modeling and privacy impact assessment. The knowledge required for performing privacy threat modeling can be a serious challenge for a novice privacy engineer. We aim to bridge this gap by developing an automated approach via machine learning that is able to detect privacy-related entities in the user stories. The relevant entities include (1) the Data Subject, (2) the Processing, and (3) the Personal Data entities. We use a state-of-the-art Named Entity Recognition (NER) model along with contextual embedding techniques. We argue that an automated approach can assist agile teams in performing privacy requirements engineering techniques such as threat modeling, which requires a holistic understanding of how personally identifiable information is used in a system. In comparison to other domain-specific NER models, our approach achieves a reasonably good performance in terms of precision and recall.","PeriodicalId":393646,"journal":{"name":"2021 IEEE 29th International Requirements Engineering Conference Workshops (REW)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"A Named Entity Recognition Based Approach for Privacy Requirements Engineering\",\"authors\":\"Guntur Budi Herwanto, G. Quirchmayr, A. Tjoa\",\"doi\":\"10.1109/REW53955.2021.00072\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The presence of experts, such as a data protection officer (DPO) and a privacy engineer is essential in Privacy Requirements Engineering. This task is carried out in various forms including threat modeling and privacy impact assessment. The knowledge required for performing privacy threat modeling can be a serious challenge for a novice privacy engineer. We aim to bridge this gap by developing an automated approach via machine learning that is able to detect privacy-related entities in the user stories. The relevant entities include (1) the Data Subject, (2) the Processing, and (3) the Personal Data entities. We use a state-of-the-art Named Entity Recognition (NER) model along with contextual embedding techniques. We argue that an automated approach can assist agile teams in performing privacy requirements engineering techniques such as threat modeling, which requires a holistic understanding of how personally identifiable information is used in a system. In comparison to other domain-specific NER models, our approach achieves a reasonably good performance in terms of precision and recall.\",\"PeriodicalId\":393646,\"journal\":{\"name\":\"2021 IEEE 29th International Requirements Engineering Conference Workshops (REW)\",\"volume\":\"39 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE 29th International Requirements Engineering Conference Workshops (REW)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/REW53955.2021.00072\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 29th International Requirements Engineering Conference Workshops (REW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/REW53955.2021.00072","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

在隐私需求工程中，数据保护官(DPO)和隐私工程师等专家的存在是必不可少的。这项任务以各种形式进行，包括威胁建模和隐私影响评估。对于新手隐私工程师来说，执行隐私威胁建模所需的知识可能是一个严重的挑战。我们的目标是通过机器学习开发一种能够检测用户故事中与隐私相关实体的自动化方法来弥合这一差距。相关实体包括(1)数据主体、(2)处理主体和(3)个人数据实体。我们使用最先进的命名实体识别(NER)模型以及上下文嵌入技术。我们认为，自动化方法可以帮助敏捷团队执行隐私需求工程技术，如威胁建模，这需要对个人身份信息如何在系统中使用有全面的了解。与其他特定领域的NER模型相比，我们的方法在精度和召回率方面取得了相当好的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Named Entity Recognition Based Approach for Privacy Requirements Engineering

The presence of experts, such as a data protection officer (DPO) and a privacy engineer is essential in Privacy Requirements Engineering. This task is carried out in various forms including threat modeling and privacy impact assessment. The knowledge required for performing privacy threat modeling can be a serious challenge for a novice privacy engineer. We aim to bridge this gap by developing an automated approach via machine learning that is able to detect privacy-related entities in the user stories. The relevant entities include (1) the Data Subject, (2) the Processing, and (3) the Personal Data entities. We use a state-of-the-art Named Entity Recognition (NER) model along with contextual embedding techniques. We argue that an automated approach can assist agile teams in performing privacy requirements engineering techniques such as threat modeling, which requires a holistic understanding of how personally identifiable information is used in a system. In comparison to other domain-specific NER models, our approach achieves a reasonably good performance in terms of precision and recall.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 IEEE 29th International Requirements Engineering Conference Workshops (REW)

自引率

0.00%

发文量