{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T03:46:43Z","timestamp":1760586403510,"version":"3.41.2"},"reference-count":39,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2006,3,1]],"date-time":"2006-03-01T00:00:00Z","timestamp":1141171200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006,3,1]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>To present a new methodology for incorporating privacy requirements into the system design process called PriS, and describe its applicability in the e\u2010VOTE system for presenting methodology's way\u2010of\u2010working.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>PriS is a requirement engineering methodology focused on privacy issues. It provides a set of concepts for modelling privacy requirements (anonymity, pseudonymity, unlinkability and unobservability) in the organisation domain and a systematic way\u2010of\u2010working for translating these requirements into system models. The conceptual model used in PriS is based on the Enterprise Knowledge Development (EKD) framework. PriS models privacy requirements as a special type of goal.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>Based on the analysis of a number of well\u2010known privacy\u2010enhancing technologies as well as of existing security requirement engineering methodologies, this paper pinpoints the gap between system design methodologies and technological solutions. To this end, PriS is suggested, with a view to providing a methodological framework for matching privacy\u2010related requirements with the proper implementation techniques.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>This paper proposes a new methodology for addressing privacy requirements during the design process. It guides developers to choose the most appropriate implementation techniques for realising the identified privacy issues. PriS methodology has a high degree of applicability on Internet systems that wish to provide services that ensure users privacy, such as anonymous browsing, untraceable transactions, etc.<\/jats:p><\/jats:sec>","DOI":"10.1108\/10662240610656483","type":"journal-article","created":{"date-parts":[[2006,7,3]],"date-time":"2006-07-03T23:47:38Z","timestamp":1151970458000},"page":"140-158","source":"Crossref","is-referenced-by-count":15,"title":["Incorporating privacy requirements into the system design process"],"prefix":"10.1108","volume":"16","author":[{"given":"Evangelia","family":"Kavakli","sequence":"first","affiliation":[]},{"given":"Christos","family":"Kalloniatis","sequence":"additional","affiliation":[]},{"given":"Pericles","family":"Loucopoulos","sequence":"additional","affiliation":[]},{"given":"Stefanos","family":"Gritzalis","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2022021419442968500_b1","unstructured":"Anonymizer (2005), available at: www.anonymizer.com."},{"key":"key2022021419442968500_b2","unstructured":"Ant\u00f3n, A.I. (1996), Goal\u2010Based Requirements Analysis, ICRE '96, IEEE, Colorado Springs CO, pp. 136\u2010144."},{"key":"key2022021419442968500_b3","unstructured":"Ant\u00f3n, A.I. and Earp, J.B. (2000), \u201cStrategies for developing policies and requirements for secure electronic commerce systems\u201d, paper presented at the 1st ACM Workshop on Security and Privacy in E\u2010Commerce (CCS 2000), 1\u20104 November."},{"key":"key2022021419442968500_b4","doi-asserted-by":"crossref","unstructured":"Bellotti, V. and Sellen, A. (1993), \u201cDesign for privacy in ubiquitous computing environments\u201d, in Michelis, G., Simone, C. and Schmidt, K. (Eds), Proceedings of the Third European Conference on Computer Supported Cooperative Work \u2013 ECSCW 93 Milan, 13\u201017 September, pp. 93\u2010108.","DOI":"10.1007\/978-94-011-2094-4_6"},{"key":"key2022021419442968500_b5","doi-asserted-by":"crossref","unstructured":"Bennett, K. and Grothoff, C. (2003), \u201cGAP\u2010practical anonymous networking\u201d, Proceedings of the Workshop on PET 2003 Privacy Enhancing Technologies, available at: http:\/\/citeseer.nj.nec.com\/bennett02gap.html.","DOI":"10.1007\/978-3-540-40956-4_10"},{"key":"key2022021419442968500_b6","unstructured":"Cannon, C.J. (2004), Privacy: What Developers and IT Professionals Should Know, Addison\u2010Wesley, Reading, MA, p. 9."},{"key":"key2022021419442968500_b7","doi-asserted-by":"crossref","unstructured":"Chaum, D. (1981), \u201cUntraceable electronic mail, return addresses, and digital pseudonyms\u201d, Communications of the ACM, Vol. 24 No. 2, pp. 84\u20108.","DOI":"10.1145\/358549.358563"},{"key":"key2022021419442968500_b8","doi-asserted-by":"crossref","unstructured":"Chaum, D. (1985), \u201cSecurity without identification: transactions systems to make big brother obsolete\u201d, Communications of the ACM, Vol. 28 No. 10, pp. 1030\u201044.","DOI":"10.1145\/4372.4373"},{"key":"key2022021419442968500_b9","doi-asserted-by":"crossref","unstructured":"Chaum, D. (1988), \u201cThe dining cryptographers problem: unconditional sender and recipient untraceability\u201d, Journal of Cryptology, Vol. 1 No. 1, pp. 65\u201075.","DOI":"10.1007\/BF00206326"},{"key":"key2022021419442968500_b10","unstructured":"Chung, L. (1993), \u201cDealing with security requirements during the development of information systems\u201d, CaiSE '93, The 5th Int. Conf. of Advanced Info. Systems Engineering, Paris, pp. 234\u2010251."},{"key":"key2022021419442968500_b11","unstructured":"(The) Code of Fair Information Practices (1973), US Department of Health, Education and Welfare, Washington, DC."},{"key":"key2022021419442968500_b12","doi-asserted-by":"crossref","unstructured":"Dingledine, R., Mathewson, N. and Syverson, P. (2004), \u201cTor: the second\u2010generator onion router\u201d, Proceedings of the 13th USENIX Security Symposium, San Diego, CA, pp. 303\u2010320.","DOI":"10.21236\/ADA465464"},{"key":"key2022021419442968500_b13","unstructured":"EU\u2010Information Society DG (2001), IST Programme 2000#29518 E\u2010VOTE: An Internet\u2010based Electronic Voting System, Project Deliverable D 7.6, University of the Aegean, Mytilene."},{"key":"key2022021419442968500_b15","doi-asserted-by":"crossref","unstructured":"Goldschlag, D., Syverson, P. and Reed, M. (1999), \u201cOnion Routing for anonymous and private internet connections\u201d, Communications of the ACM, Vol. 42 No. 2, pp. 39\u201041.","DOI":"10.1145\/293411.293443"},{"key":"key2022021419442968500_b16","doi-asserted-by":"crossref","unstructured":"Gritzalis, S. (2004), \u201cEnhancing web privacy and anonymity in the digital era\u201d, Information Management & Computer Security, Vol. 12 No. 3, pp. 255\u201088.","DOI":"10.1108\/09685220410542615"},{"key":"key2022021419442968500_b17","unstructured":"He, Q. and Ant\u00f3n, A.I. (2003), \u201cA framework for modelling privacy requirements in role engineering\u201d, Int'l Workshop on Requirements Engineering for Software Quality (REFSQ), 16\u201017 June, Klagenfurt\/Velden, pp.115\u2010124."},{"key":"key2022021419442968500_b18","doi-asserted-by":"crossref","unstructured":"Hong, J.I., Ng, J., Lederer, S. and Landay, J.A. (2004), Privacy Risk Models for Designing Privacy\u2010sensitive Ubiquitous Computing Systems, Designing Interactive Systems, Boston MA.","DOI":"10.1145\/1013115.1013129"},{"key":"key2022021419442968500_b19","unstructured":"Jensen, C., Tullio, J., Potts, C. and Mynatt, E.D. (2005), STRAP: A Structured Analysis Framework for Privacy, GVU Technical Report, Georgia Institute of Technology, Atlanta, GA."},{"key":"key2022021419442968500_b20","doi-asserted-by":"crossref","unstructured":"Kalloniatis, C., Kavakli, E. and Gritzalis, S. (2004), Security Requirements Engineering for e\u2010Government Applications, DEXA EGOV'04 Conference, LNCS Vol. 3183. Springer, Berlin, pp. 66\u201071.","DOI":"10.1007\/978-3-540-30078-6_11"},{"key":"key2022021419442968500_b21","doi-asserted-by":"crossref","unstructured":"Kavakli, E. (2004), \u201cModeling organizational goals: analysis of current methods\u201d, Proceedings of the 2004 ACM Symposium on Applied Computing, Nicosia, pp. 1339\u20101343.","DOI":"10.1145\/967900.968171"},{"key":"key2022021419442968500_b22","unstructured":"Liu, L., Yu, E. and Mylopoulos, J. (2002), \u201cAnalyzing security requirements as relationships among strategic actors, (SREIS'02)\u201d, e\u2010proceedings, Raleigh, NC, available at: www.sreis.org\/old\/2002\/finalpaper9.pdf."},{"key":"key2022021419442968500_b23","unstructured":"Liu, L., Yu, E. and Mylopoulos, J. (2003), \u201cSecurity and privacy requirements analysis within a social setting\u201d, 11th IEEE International Requirements Engineering Conference (RE'03), Monterey Bay, CA, pp. 151\u2010161."},{"key":"key2022021419442968500_b24","unstructured":"Loucopoulos, P. (2000), \u201cFrom information modelling to enterprise modelling\u201d, Information Systems Engineering: State of the Art and Research Themes, Springer\u2010Verlag, Berlin."},{"key":"key2022021419442968500_b25","doi-asserted-by":"crossref","unstructured":"Loucopoulos, P. and Kavakli, V. (1999), Enterprise Knowledge Management and Conceptual Modelling, Springer, Berlin, LNCS Vol. 1565.","DOI":"10.1007\/3-540-48854-5_11"},{"key":"key2022021419442968500_b26","unstructured":"Moffett, J.D. and Nuseibeh, B.A. (2003), A Framework for Security Requirements Engineering, Report YCS 368, Department of Computer Science, University of York, York."},{"key":"key2022021419442968500_b27","doi-asserted-by":"crossref","unstructured":"Mouratidis, H., Giorgini, P. and Manson, G. (2003a), Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems, CAiSE '03, LNCS 2681, Springer\u2010Verlag, Berlin, pp. 63\u201078.","DOI":"10.1007\/3-540-45017-3_7"},{"key":"key2022021419442968500_b28","doi-asserted-by":"crossref","unstructured":"Mouratidis, H., Giorgini, P. and Manson, G. (2003b), \u201cAn ontology for modelling security: the Tropos Project\u201d, in Palade, V., Howlett, R.J. and Jain, L. (Eds), Lecture Notes in Artificial Intelligence 2773, Springer\u2010Verlag, Berlin, pp. 1387\u201094.","DOI":"10.1007\/978-3-540-45224-9_187"},{"key":"key2022021419442968500_b29","doi-asserted-by":"crossref","unstructured":"Mylopoulos, J., Chung, L. and Nixon, B. (1992), \u201cRepresenting and using non\u2010functional requirements: a process oriented approach\u201d, IEEE Trans. Soft Eng., Vol. 18, pp. 483\u201097.","DOI":"10.1109\/32.142871"},{"key":"key2022021419442968500_b31","doi-asserted-by":"crossref","unstructured":"Pfitzmann, A. and Waidner, M. (1987), \u201cNetworks without user observability\u201d, Computers & Security, Vol. 6 No. 2, pp. 158\u201066.","DOI":"10.1016\/0167-4048(87)90087-3"},{"key":"key2022021419442968500_b33","doi-asserted-by":"crossref","unstructured":"Reed, M., Syverson, P. and Goldschlag, D. (1998), \u201cAnonymous connections and onion routing\u201d, IEEE Journal on Selected Areas in Communications, Vol. 16 No. 4, pp. 482\u201094.","DOI":"10.1109\/49.668972"},{"key":"key2022021419442968500_b35","doi-asserted-by":"crossref","unstructured":"Reiter, K.M. and Rubin, D.A. (1999), \u201cAnonymous web transactions with Crowds\u201d, Communications of the ACM, Vol. 42 No. 2, pp. 32\u20108.","DOI":"10.1145\/293411.293778"},{"key":"key2022021419442968500_b36","doi-asserted-by":"crossref","unstructured":"Shields, C. and Levine, N.B. (2000), \u201cA protocol for anonymous communication over the Internet\u201d, in Samarati, P. and Jajodia, S. (Eds), Proceedings of the 7th ACM Conference on Computer and Communications Security, ACM Press, New York NY, pp. 33\u201042.","DOI":"10.1145\/352600.352607"},{"key":"key2022021419442968500_b37","doi-asserted-by":"crossref","unstructured":"van Lamsweerde, A. and Letier, E. (2000), \u201cHandling obstacles in goal\u2010oriented requirements engineering\u201d, IEEE Transactions on Software Engineering, Vol. 26, pp. 978\u20101005.","DOI":"10.1109\/32.879820"},{"key":"key2022021419442968500_b38","doi-asserted-by":"crossref","unstructured":"Warren, S. and Brandeis, L. (1890), \u201cThe rights to privacy\u201d, Harvard Law Review, Vol. 5, pp. 193\u2010220.","DOI":"10.2307\/1321160"},{"key":"key2022021419442968500_b39","unstructured":"Westin, A. (1967), Privacy and Freedom, Atheneum, New York, NY."},{"key":"key2022021419442968500_frg1","doi-asserted-by":"crossref","unstructured":"Fischer\u2010H\u00fcbner, S. (2001), \u201cIT\u2010security and privacy design and use of privacy enhancing security mechanisms\u201d, Lecture Notes in Computer Science, Vol. 1958, Springer\u2010Verlag, Berlin.","DOI":"10.1007\/3-540-45150-1"},{"key":"key2022021419442968500_frg2","doi-asserted-by":"crossref","unstructured":"Pfitzmann, A. (1990), \u201cDiensteintegrierende, Kommunikationsmnetze mit teilnehmer\u00fcberpr\u00fcfbaren Datenschutz\u201d, Informatik\u2010Fachberichte 234, Springer\u2010Verlag, Berlin.","DOI":"10.1007\/978-3-642-75544-6"},{"key":"key2022021419442968500_frg3","unstructured":"Pfitzmann, B., Waidner, M. and Pfitzmann, A. (1990), \u201cRechsicherheit trotz Anonymit\u00e4t in offenen digitalen Systemen\u201d, Datenschutz und Datensicherheit (DuD) No. 6 pp. 243\u2010253 (Part 1), No. 7, pp. 305\u2010315 (Part 2)."},{"key":"key2022021419442968500_frg4","doi-asserted-by":"crossref","unstructured":"Reiter, K.M. and Rubin, D.A. (1998), \u201cCrowds: anonymity for web transactions\u201d, ACM Transactions of Information and System Security, Vol. 1 No. 1, pp. 66\u201092.","DOI":"10.1145\/290163.290168"}],"container-title":["Internet Research"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/10662240610656483","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/10662240610656483\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/10662240610656483\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T23:40:07Z","timestamp":1753400407000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/intr\/article\/16\/2\/140-158\/181232"}},"subtitle":["The PriS conceptual framework"],"editor":[{"given":"Stefanos","family":"Gritzalis","sequence":"first","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2006,3,1]]},"references-count":39,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2006,3,1]]}},"alternative-id":["10.1108\/10662240610656483"],"URL":"https:\/\/doi.org\/10.1108\/10662240610656483","relation":{},"ISSN":["1066-2243"],"issn-type":[{"type":"print","value":"1066-2243"}],"subject":[],"published":{"date-parts":[[2006,3,1]]}}}