Evaluation of a security and privacy requirements methodology using the physics of notation

Vasiliki Diamantopoulou; Michalis Pavlidis; Haralambos Mouratidis

doi:10.1007/978-3-319-72817-9_14

Evaluation of a security and privacy requirements methodology using the physics of notation

Vasiliki Diamantopoulou, Michalis Pavlidis, Haralambos Mouratidis

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

Abstract

Security and Privacy Requirements Methodologies are considered an important part of the development process of systems, especially for the ones that contain and process a large amount of critical information and inevitably needs to remain secure and thus, ensuring privacy. These methodologies provide techniques, methods, and norms for tackling security and privacy issues in Information Systems. In this process, the utilisation of effective, clear and understandable modelling languages with sufficient notation is of utmost importance, since the produced models are used not only among IT experts or among security specialists, but also for communication among various stakeholders, in business environments or among novices in an academic environment. This paper evaluates the effectiveness of a Security and Privacy Requirements Engineering methodology, namely Secure Tropos on the nine principles of the Theory of Notation. Our qualitative analysis revealed a partial satisfaction of these principles.

Original language	English
Title of host publication	Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers
Editors	John Mylopoulos, Costas Lambrinoudakis, Christos Kalloniatis, Frederic Cuppens, Nora Cuppens, Annie Anton, Sokratis K. Katsikas, Stefanos Gritzalis
Place of Publication	Oslo, Norway
Publisher	Springer-Verlag
Pages	210-225
Number of pages	16
ISBN (Electronic)	9783319728179
ISBN (Print)	9783319728162
DOIs	https://doi.org/10.1007/978-3-319-72817-9_14
Publication status	Published - 22 Dec 2017
Event	3rd Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2017, 1st International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, Both workshops were co-located with 22nd European Symposium on Research in Computer Security, ESORICS 2017 - Oslo, Norway Duration: 14 Sep 2017 → 15 Sep 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10683 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Workshop

Workshop	3rd Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2017, 1st International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, Both workshops were co-located with 22nd European Symposium on Research in Computer Security, ESORICS 2017
Country/Territory	Norway
City	Oslo
Period	14/09/17 → 15/09/17

Bibliographical note

This is a post-peer-review, pre-copyedit version of an article published in Lecture Notes in Computer Science. The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-319-72817-9_14

Keywords

Evaluation
Physics of notation
Privacy requirements engineering
Security requirements engineering

Access to Document

10.1007/978-3-319-72817-9_14

SECPRE 2017 CRV.pdfAccepted author manuscript, 1.41 MBLicence: Unspecified

Cite this

Diamantopoulou, V., Pavlidis, M., & Mouratidis, H. (2017). Evaluation of a security and privacy requirements methodology using the physics of notation. In J. Mylopoulos, C. Lambrinoudakis, C. Kalloniatis, F. Cuppens, N. Cuppens, A. Anton, S. K. Katsikas, & S. Gritzalis (Eds.), Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers (pp. 210-225). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10683 LNCS). Springer-Verlag. https://doi.org/10.1007/978-3-319-72817-9_14

Diamantopoulou, Vasiliki ; Pavlidis, Michalis ; Mouratidis, Haralambos. / Evaluation of a security and privacy requirements methodology using the physics of notation. Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers. editor / John Mylopoulos ; Costas Lambrinoudakis ; Christos Kalloniatis ; Frederic Cuppens ; Nora Cuppens ; Annie Anton ; Sokratis K. Katsikas ; Stefanos Gritzalis. Oslo, Norway : Springer-Verlag, 2017. pp. 210-225 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{6c472d68ab8a456ea7d159deb13b9bf5,

title = "Evaluation of a security and privacy requirements methodology using the physics of notation",

abstract = "Security and Privacy Requirements Methodologies are considered an important part of the development process of systems, especially for the ones that contain and process a large amount of critical information and inevitably needs to remain secure and thus, ensuring privacy. These methodologies provide techniques, methods, and norms for tackling security and privacy issues in Information Systems. In this process, the utilisation of effective, clear and understandable modelling languages with sufficient notation is of utmost importance, since the produced models are used not only among IT experts or among security specialists, but also for communication among various stakeholders, in business environments or among novices in an academic environment. This paper evaluates the effectiveness of a Security and Privacy Requirements Engineering methodology, namely Secure Tropos on the nine principles of the Theory of Notation. Our qualitative analysis revealed a partial satisfaction of these principles.",

keywords = "Evaluation, Physics of notation, Privacy requirements engineering, Security requirements engineering",

author = "Vasiliki Diamantopoulou and Michalis Pavlidis and Haralambos Mouratidis",

note = "This is a post-peer-review, pre-copyedit version of an article published in Lecture Notes in Computer Science. The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-319-72817-9_14; 3rd Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2017, 1st International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, Both workshops were co-located with 22nd European Symposium on Research in Computer Security, ESORICS 2017 ; Conference date: 14-09-2017 Through 15-09-2017",

year = "2017",

month = dec,

day = "22",

doi = "10.1007/978-3-319-72817-9_14",

language = "English",

isbn = "9783319728162",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer-Verlag",

pages = "210--225",

editor = "John Mylopoulos and Costas Lambrinoudakis and Christos Kalloniatis and Frederic Cuppens and Nora Cuppens and Annie Anton and Katsikas, {Sokratis K.} and Stefanos Gritzalis",

booktitle = "Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers",

}

Diamantopoulou, V, Pavlidis, M & Mouratidis, H 2017, Evaluation of a security and privacy requirements methodology using the physics of notation. in J Mylopoulos, C Lambrinoudakis, C Kalloniatis, F Cuppens, N Cuppens, A Anton, SK Katsikas & S Gritzalis (eds), Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10683 LNCS, Springer-Verlag, Oslo, Norway, pp. 210-225, 3rd Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2017, 1st International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, Both workshops were co-located with 22nd European Symposium on Research in Computer Security, ESORICS 2017, Oslo, Norway, 14/09/17. https://doi.org/10.1007/978-3-319-72817-9_14

Evaluation of a security and privacy requirements methodology using the physics of notation. / Diamantopoulou, Vasiliki; Pavlidis, Michalis; Mouratidis, Haralambos.

Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers. ed. / John Mylopoulos; Costas Lambrinoudakis; Christos Kalloniatis; Frederic Cuppens; Nora Cuppens; Annie Anton; Sokratis K. Katsikas; Stefanos Gritzalis. Oslo, Norway : Springer-Verlag, 2017. p. 210-225 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10683 LNCS).

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

TY - GEN

T1 - Evaluation of a security and privacy requirements methodology using the physics of notation

AU - Diamantopoulou, Vasiliki

AU - Pavlidis, Michalis

AU - Mouratidis, Haralambos

N1 - This is a post-peer-review, pre-copyedit version of an article published in Lecture Notes in Computer Science. The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-319-72817-9_14

PY - 2017/12/22

Y1 - 2017/12/22

N2 - Security and Privacy Requirements Methodologies are considered an important part of the development process of systems, especially for the ones that contain and process a large amount of critical information and inevitably needs to remain secure and thus, ensuring privacy. These methodologies provide techniques, methods, and norms for tackling security and privacy issues in Information Systems. In this process, the utilisation of effective, clear and understandable modelling languages with sufficient notation is of utmost importance, since the produced models are used not only among IT experts or among security specialists, but also for communication among various stakeholders, in business environments or among novices in an academic environment. This paper evaluates the effectiveness of a Security and Privacy Requirements Engineering methodology, namely Secure Tropos on the nine principles of the Theory of Notation. Our qualitative analysis revealed a partial satisfaction of these principles.

AB - Security and Privacy Requirements Methodologies are considered an important part of the development process of systems, especially for the ones that contain and process a large amount of critical information and inevitably needs to remain secure and thus, ensuring privacy. These methodologies provide techniques, methods, and norms for tackling security and privacy issues in Information Systems. In this process, the utilisation of effective, clear and understandable modelling languages with sufficient notation is of utmost importance, since the produced models are used not only among IT experts or among security specialists, but also for communication among various stakeholders, in business environments or among novices in an academic environment. This paper evaluates the effectiveness of a Security and Privacy Requirements Engineering methodology, namely Secure Tropos on the nine principles of the Theory of Notation. Our qualitative analysis revealed a partial satisfaction of these principles.

KW - Evaluation

KW - Physics of notation

KW - Privacy requirements engineering

KW - Security requirements engineering

UR - http://www.scopus.com/inward/record.url?scp=85041538684&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-72817-9_14

DO - 10.1007/978-3-319-72817-9_14

M3 - Conference contribution with ISSN or ISBN

SN - 9783319728162

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 210

EP - 225

BT - Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers

A2 - Mylopoulos, John

A2 - Lambrinoudakis, Costas

A2 - Kalloniatis, Christos

A2 - Cuppens, Frederic

A2 - Cuppens, Nora

A2 - Anton, Annie

A2 - Katsikas, Sokratis K.

A2 - Gritzalis, Stefanos

PB - Springer-Verlag

CY - Oslo, Norway

T2 - 3rd Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2017, 1st International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, Both workshops were co-located with 22nd European Symposium on Research in Computer Security, ESORICS 2017

Y2 - 14 September 2017 through 15 September 2017

ER -

Diamantopoulou V, Pavlidis M, Mouratidis H. Evaluation of a security and privacy requirements methodology using the physics of notation. In Mylopoulos J, Lambrinoudakis C, Kalloniatis C, Cuppens F, Cuppens N, Anton A, Katsikas SK, Gritzalis S, editors, Computer Security - ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Revised Selected Papers. Oslo, Norway: Springer-Verlag. 2017. p. 210-225. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-72817-9_14

Evaluation of a security and privacy requirements methodology using the physics of notation

Abstract

Publication series

Workshop

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Michalis Pavlidis

Cite this

Evaluation of a security and privacy requirements methodology using the physics of notation

Abstract

Publication series

Workshop

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Profiles

Michalis Pavlidis

Cite this