{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T08:55:50Z","timestamp":1780044950572,"version":"3.53.1"},"reference-count":34,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012,7]]},"abstract":"<jats:p>Software systems are becoming more complex, interconnected and liable to adopt continuous change and evolution. It\u2019s necessary to develop appropriate methods and techniques to ensure security and privacy of such systems. Research efforts that aim to ensure security and privacy of software systems are distinguished through two main categories: (1) the development of requirements engineering methods, and (2) implementation techniques. Approaches that fall in the first category usually aim to address either security or privacy in an implicit way, with emphasis on the security aspects by developing methods to elicit and analyse security (and privacy) requirements. Works that fall in the latter categories focus specifically on the later stages of the development process irrespective of the organisational context in which the system will be incorporated. This work introduces a model-based process for security and privacy requirements engineering. In particular, the authors\u2019 work includes activities which support to identify and analyse security and privacy requirements for the software system. Their purpose process combines concepts from two well-known requirements engineering methods, Secure Tropos and PriS. A real case study from the EU project E-vote, i.e., an Internet based voting system, is employed to demonstrate the applicability of the approach.<\/jats:p>","DOI":"10.4018\/jsse.2012070101","type":"journal-article","created":{"date-parts":[[2012,11,26]],"date-time":"2012-11-26T19:06:12Z","timestamp":1353956772000},"page":"1-22","source":"Crossref","is-referenced-by-count":27,"title":["Model Based Process to Support Security and Privacy Requirements Engineering"],"prefix":"10.4018","volume":"3","author":[{"given":"Shareeful","family":"Islam","sequence":"first","affiliation":[{"name":"University of East London, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Haralambos","family":"Mouratidis","sequence":"additional","affiliation":[{"name":"University of East London, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Christos","family":"Kalloniatis","sequence":"additional","affiliation":[{"name":"University of the Aegean, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Aleksandar","family":"Hudic","sequence":"additional","affiliation":[{"name":"SBA Research gGmbH, Austria"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Lorenz","family":"Zechner","sequence":"additional","affiliation":[{"name":"SBA Research gGmbH, Austria"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"2432","reference":[{"key":"jsse.2012070101-0","doi-asserted-by":"crossref","unstructured":"Bellotti, V., & Sellen, A. (1993). Design for privacy in ubiquitous computing environments. In Proceedings of the 3rd European Conference on Computer Supported Cooperative Work (pp. 93-108).","DOI":"10.1007\/978-94-011-2094-4_6"},{"issue":"1","key":"jsse.2012070101-1","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1109\/MS.1984.233702","article-title":"Verifying and validating software requirements and design specifications.","volume":"1","author":"B. W.Boehm","year":"1984","journal-title":"IEEE Software"},{"key":"jsse.2012070101-2","doi-asserted-by":"crossref","unstructured":"Chung, L. (1993). Dealing with security requirements during the development of information systems. In Proceeding of the 5th International Conference on Advanced Information Systems Engineering, Paris, France (pp. 234-251).","DOI":"10.1007\/3-540-56777-1_13"},{"key":"jsse.2012070101-3","unstructured":"Fischer-H\u00fcbner, S. (2001). IT-security and privacy, design and use of privacy enhancing security (LNCS 1958). Berlin, Germany: Springer-Verlag."},{"key":"jsse.2012070101-4","unstructured":"Green, H., & Yang, C. (1998). A little net privacy, please. Business Week. Retrieved November 17, 2011, from http:\/\/www.businessweek.com"},{"issue":"3","key":"jsse.2012070101-5","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1108\/09685220410542615","article-title":"Enhancing Web privacy and anonymity in the digital era.","volume":"12","author":"S.Gritzalis","year":"2004","journal-title":"Information Management & Computer Security"},{"key":"jsse.2012070101-6","unstructured":"Haley, C. B., Moffett, J. D., Laney, R., & Nuseibeh, B. (2003). A framework for security requirements engineering. In Proceedings of the International Workshop on Software Engineering for Secure Systems (pp. 35-42)."},{"key":"jsse.2012070101-7","unstructured":"He, Q., & Ant\u03ccn, I. A. (2003). A framework for modelling privacy requirements in role engineering. In Proceedings of the International Working Conference on Requirements Engineering for Software Quality (pp. 115-124)."},{"key":"jsse.2012070101-8","doi-asserted-by":"crossref","unstructured":"Hong, J. I., Ng, J., Lederer, S., & Landay, J. A. (2004). Privacy risk models for designing privacy-sensitive ubiquitous computing systems. In Proceedings of the 5th Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques (pp. 91-100).","DOI":"10.1145\/1013115.1013129"},{"issue":"1","key":"jsse.2012070101-9","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1007\/s00766-009-0093-9","article-title":"Eliciting security requirements and tracing them to design: An integration of common criteria, heuristics, and UMLsec.","volume":"15","author":"S. H.Houmb","year":"2010","journal-title":"Requirements Engineering Journal"},{"key":"jsse.2012070101-10","year":"1990","journal-title":"Std-729: IEEE standard glossary of software engineering terminology"},{"key":"jsse.2012070101-11","unstructured":"Islam, S. (2011). Software development risk management model \u2013 A goal-driven approach (Unpublished doctoral dissertation). Technische Universit\u00e4t M\u00fcnchen, Munich, Germany."},{"key":"jsse.2012070101-12","doi-asserted-by":"crossref","unstructured":"Islam, S., & Houmb, S. H. (2010). Integrating risk management activities into requirements engineering. In Proceeding of the 4th IEEE International Conference on Research Challenges in Information Science, Nice, France.","DOI":"10.1109\/RCIS.2010.5507389"},{"issue":"3","key":"jsse.2012070101-13","first-page":"369","article-title":"A framework to support alignment of secure software engineering with legal regulations. Journal of Software and Systems Modeling","volume":"10","author":"S.Islam","year":"2011","journal-title":"Theme Section on Non-Functional System Properties in Domain-Specific Modeling Languages"},{"key":"jsse.2012070101-14","unstructured":"Islam, S., Mouratidis, H., & Wagner, S. (2010). Towards a framework to elicit and manage security and privacy requirements from laws and regulations. In R. Wieringa & A. Persson (Eds.), Proceedings of the 16th International Working Conference on Requirements Engineering: Foundation for Software Quality (LNCS 6182, pp. 255-261)."},{"key":"jsse.2012070101-15","unstructured":"Jensen, C., Tullio, J., Potts, C., & Mynatt, D. E. (2005). STRAP: A structured analysis framework for privacy (Tech. Rep. No. GIT-GVU-05-92). Atlanta, GA: Georgia Institute of Technology."},{"issue":"3","key":"jsse.2012070101-16","doi-asserted-by":"crossref","first-page":"241","DOI":"10.1007\/s00766-008-0067-3","article-title":"Addressing privacy requirements in system design: The PriS method.","volume":"13","author":"C.Kalloniatis","year":"2008","journal-title":"Requirements Engineering Journal"},{"issue":"4","key":"jsse.2012070101-17","first-page":"307","article-title":"Protecting privacy in system design: The electronic voting case. Transforming Government: People","volume":"1","author":"E.Kavakli","year":"2007","journal-title":"Process and Policy"},{"key":"jsse.2012070101-18","author":"R.Koorn","year":"2004","journal-title":"Privacy enhancing technologies"},{"key":"jsse.2012070101-19","unstructured":"Liu, L., Yu, E., & Mylopoulos, J. (2002). Analyzing security requirements as relationships among strategic actors. In Proceedings of the 2nd Symposium on Requirements Engineering for Information Security."},{"key":"jsse.2012070101-20","doi-asserted-by":"crossref","unstructured":"Liu, L., Yu, E., & Mylopoulos, J. (2003). Security and privacy requirements analysis within a social setting. In Proceedings of the 11th IEEE International Requirements Engineering Conference, Monterey Bay, CA (pp. 151-161).","DOI":"10.1109\/ICRE.2003.1232746"},{"key":"jsse.2012070101-21","article-title":"From information modelling to enterprise modelling","author":"P.Loucopoulos","year":"2000","journal-title":"Information systems engineering: State of the art and research themes"},{"key":"jsse.2012070101-22","unstructured":"Loucopoulos, P., & Kavakli, V. (1999). Enterprise knowledge management and conceptual modeling. In G. Goos, J. Hartmanis, J. van Leeuwen, P. P. Chen, J. Akoka, H. Kangassalu, & B. Thalheim (Eds.), Conceptual Modeling: Current Issues and Future Directions (LNCS 1565, pp. 123-143)."},{"issue":"1","key":"jsse.2012070101-23","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1007\/s00766-009-0089-5","article-title":"Evaluating existing security and privacy requirements for legal compliance.","volume":"15","author":"A. K.Massey","year":"2010","journal-title":"Requirements Engineering Journal"},{"key":"jsse.2012070101-24","doi-asserted-by":"crossref","DOI":"10.4018\/978-1-61520-837-1","author":"H.Mouratidis","year":"2011","journal-title":"Software engineering for secure systems: Industrial and research perspectives"},{"key":"jsse.2012070101-25","author":"H.Mouratidis","year":"2006","journal-title":"Integrating security and software engineering: Advances and future visions"},{"key":"jsse.2012070101-26","doi-asserted-by":"crossref","unstructured":"Mouratidis, H., & Giorgini, P. (2006b). Secure Tropos: A security-oriented extension of the tropos methodology. International Journal of Software Engineering and Knowledge Engineering.","DOI":"10.1142\/S0218194007003240"},{"key":"jsse.2012070101-27","doi-asserted-by":"crossref","first-page":"483","DOI":"10.1109\/32.142871","article-title":"Representing and using non-functional requirements a process oriented approach.","volume":"18","author":"J.Mylopoulos","year":"1992","journal-title":"IEEE Transactions on Software Engineering"},{"issue":"2","key":"jsse.2012070101-28","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1016\/S0164-1212(01)00036-X","article-title":"Making inconsistency respectable in software development.","volume":"58","author":"B.Nuseibeh","year":"2001","journal-title":"Journal of Systems and Software"},{"key":"jsse.2012070101-29","doi-asserted-by":"crossref","unstructured":"Pavlidis, M., Islam, S., & Mouratidis, H. (2012). A CASE tool to support automated modelling and analysis of security requirements, based on Secure Tropos. In Proceedings of the 23rd International Conference on Advanced Information Systems Engineering (Vol. 107, pp. 95-109).","DOI":"10.1007\/978-3-642-29749-6_7"},{"issue":"2","key":"jsse.2012070101-30","doi-asserted-by":"crossref","first-page":"36","DOI":"10.4018\/jsse.2012040102","article-title":"Modelling security using trust based concepts.","volume":"3","author":"M.Pavlidis","year":"2012","journal-title":"International Journal of Secure Software Engineering"},{"key":"jsse.2012070101-31","year":"2001","journal-title":"Privacy: A weak link in the cyber-chain (E-Business Leaders Series)"},{"key":"jsse.2012070101-32","year":"2003","journal-title":"E-Vote: An Internet-based electronic voting system (Project Deliverable D 7.6)"},{"key":"jsse.2012070101-33","doi-asserted-by":"crossref","first-page":"978","DOI":"10.1109\/32.879820","article-title":"Handling obstacles in goal-oriented requirements engineering.","volume":"26","author":"A.Van Lamsweerde","year":"2000","journal-title":"IEEE Transactions on Software Engineering"}],"container-title":["International Journal of Secure Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=69391","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,7,6]],"date-time":"2019-07-06T03:58:16Z","timestamp":1562385496000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jsse.2012070101"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2012,7]]},"references-count":34,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.4018\/jsse.2012070101","relation":{},"ISSN":["1947-3036","1947-3044"],"issn-type":[{"value":"1947-3036","type":"print"},{"value":"1947-3044","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,7]]}}}