SlideShare a Scribd company logo

Privacy Requirements Engineering in Agile Software Development

R
RequirementsEngineeringLaboratory

Paper presented in the CBSoft 2018 - IX Brazilian Conference on Software, September 17-21, São Carlos - SP, Brazil

Education
1 of 24
Download to read offline
www.cin.ufpe.br/~ler Laboratório de Engenharia de Requisitos Universidade Federal de Pernambuco Privacy Requirements Engineering in Agile Software Development Mariana Peixoto and Carla Silva (Supervisor) {mmp2, ctlls}@cin.ufpe.br Degree: Doctoral Year of Entry: March/2016 Conclusion Expectation: March/2020 VIII Workshop on Thesis and Dissertations of CBSoft (WTDSoft 2018) 09/2018
Outline  Problem Characterization  Background  Contributions  Current Research Status  Description and Evaluation of Results  Related Work 2
Problem Characterization  Increase in software applications  Digital data reveal large quantities of personal information [Van Der Sype and Maalej, 2014].  People may not be aware of when and for what purpose their personal information has been or will be collected, analyzed or transmitted [Omoronyia et al., 2013].  The exposure of such information in an unregulated way can threaten user privacy [Omoronyia et al., 2013].  Privacy concerns have some impact on consumer behavior and the acceptability and adoption of new technologies [Spiekermann and Cranor 2009]. 3
Problem Characterization  it is necessary to approach the privacy issues from the requirements discovery, that is, in the Requirements Engineering (RE) when requirements elicitation and specification occurs [Tun et al. 2012; Kalloniatis et al. 2008; Ayed and Ghernaouti- Hélie 2011].  Many developers do not have sufficient knowledge and understanding about privacy [Hadar et al. 2018].  There is a gap between designers’ and stakeholders’ understandings of what privacy means [Gharib et al. 2017]. 4
Problem Characterization  The increasingly adoption of Agile Software Development (ASD)  Short iterations and active stakeholders  Flexibility to deal with requirements changes  It is necessary to address privacy issues also in ASD [Viitaniemi, 2017].  In ASD non-functional requirements are sometimes neglected 5
Background  Privacy is a concept that is not easily defined.  There is still no unified view on privacy requirements engineering yet [Backers 2012; Gharib et al. 2017].  Privacy is the right to determine when, how and what conditions it is permitted to disclose personal information and to transmit such information to third parties [Kalloniatis et al., 2008]. 6
Background  Traditional RE consists of a process with four high level activities:  Feasibility Study, Elicitation and Analysis, Specification and Validation.  ASD methods do not adopt the structured phases of the traditional RE process [Heikkilä et al. 2015].  Common practices regarding requirements (228 companies in 10 countries) [Wagner et al. 2018].  Requirements elicitation: interviews, facilitated meetings, prototyping, scenarios and observation;  Documentation: free-form textual, structured requirements lists, semi- formal use case models and free-form textual domain/business process models. 7
Background  Requirements Specification for Developers (RSD) [Medeiros et al. 2017] 8 Figure 1. Practices of RSD Approach. Medeiros (2017).
Background 9 Figure 2. Example of requirements specification using RSD approach. Medeiros (2017).
Contributions - Objective  Main objective: Provide a process to guide the elicitation and specification of privacy requirements in the context of Agile Software Development.  How to elicitate and specify privacy requirements in agile development?  Specific objectives  How to create a unified view of privacy for RE?  1. Define a set of privacy concepts;  2. Define a set of relationships among privacy concepts;  3. Define a set of capabilities to specify privacy. 10
Current Status  To achieve the objectives, the four phases for conducting studies proposed by Glass (1995), are used:  Informational Phase;  Analytical Phase;  Propositional Phase;  Evaluative Phase. 11
Current Status  Informational Phase:  Systematic Literature Review (SLR) on domain-specific modeling languages [Peixoto and Silva 2018a].  Collect an overview of the privacy domain (privacy concepts and relationships)  i) an overview of the existing languages that supports privacy concepts;  ii) the languages taxonomy and requirements analysis techniques;  iii) a catalog of privacy concepts extracted from the papers. 12
Current Status  Analytical Phase: Two Exploratory Studies (ES)  First Exploratory Study:  Survey with 8 privacy experts  Average age of respondents (38.63 years);  Educational level: Masters 1 (12.5%) - PhDs 7 (87.5%);  Experience with privacy: 5 (62.5%) theoretical experience; 1 (12.5 %) practical and theoretical experience; and 2 (25.0 %) practical experience;  Years of experience: 7 more than 3 years of experience with privacy and 1 less than 1 year. 13
Current Status  First Exploratory Study: 14 Figure 3. Privacy Conceptual Model.
Current Status  Second Exploratory Study:  14 privacy specification capabilities (C) framework [Peixoto and Silva 2018b]  (i) Conceptual model;  (ii) Information technology - Security techniques - Privacy framework [ISO29100, 2011];  (iii) General Data Protection Regulation [GDPR, 2018];  (iv) Guidelines proposed by Organisation for Economic Co- operation and Development [OECD, 2013]. 15
Current Status  Privacy specification capabilities (C) framework  C1 - Specify the purpose of tasks;  C2 - Specify different types of actors;  C3 - Specify relationships of actors;  C4 - Specify trust relationship;  C5 - Specify different types of personal information;  C6 - Specify privacy machanims/goals;  C7 - Specify users’ privacy preferences and contexts;  C8 - Specify privacy risks;  C9 - Specify privacy threats;  C10 - Specify privacy harms;  C11 - Specify privacy vulnerability;  C12 - Specify to connect risk, threat, harms and vulnerability;  C13 - Specify consent;  C14 - Specify privacy constraint. 16
Current Status  Propositional Phase:  Privacy Elicitation - Guided interviews to answer a series of structured questions that cover the concepts of the privacy conceptual model  Privacy Specification - RSD approach in a guided way to cover the privacy specification capabilities (C1 to C14) 17
Current Status  Evaluative Phase  Interviews with privacy and ASD experts  Illustrative scenarios  Controlled experiment 18
Description and Evaluation of Results  Interviews with Experts  Quantitative questions (5-point Likert scale)  Privacy Experts  How correct are the privacy specification capabilities (C1 to C14)?  How complete are the privacy specification capabilities (C1 to C14)?  Agile Experts  How suitable for ASD is the proposed approach for privacy elicitation and specification? 19
Description and Evaluation of Results  Illustrative Scenarios:  Real illustrative scenarios will be used to evaluate the quality of the generated specifications according to Complete, Consistent, Affordable and Bounded criteria [ISO-IEEE 29148 2011].  Controlled Experiment:  Complete, Consistent and Bounded, which are characteristics for a good requirements specification [ISO-IEEE 29148 2011]. 20
Description and Evaluation of Results  Controlled Experiment: 21 Criteria/ Metric Symbol Meaning Complete NMRPA Number (#) of missing requirements using the proposed approach (PA). NMROA # of missing requirements using the other approach (OA). Consistent NDRPA # of duplicate requirements specified with the PA. NDROA # of duplicate requirements specified with the OA. NARPA # of ambiguous requirements specified with the PA. NAROA # of ambiguous requirements specified with the OA. Bounded NWRPA # of wrong requirements specified with the PA. NWROA # of wrong requirements specified with the OA. Time TSPA Time spent (minutes) with the PA. TSOA Time spent (minutes) with the OA. Questions NQPA # of questions asked with the PA. NQOA # of questions asked with the OA. Table 2. Controlled experiment metrics.
Related Work  Gharib et al. (2017) proposed an ontology for privacy requirements as a mean to conceptualize privacy requirements in their social and organizational context.  Kalloniatis at al. (2009) provide an overview of requirements engineering approaches which focus on privacy requirements and have ways to accomplish requirements specification.  NFR (Non-Functional Requirement Framework), i* Framework, Tropos  Labda et al. (2014) and Pullonen et al. (2017) extend BPMN as a mean to incorporate visual constructs for modeling privacy requirements. 22
Related Work  Antón and Earp (2000) focus on the initial specification of security and privacy policy and their operationalization (goal and scenario-driven requirements engineering methods).  Viitaniemi (2017) proposes to deal with privacy in agile software development through the privacy by design paradigm which is the idea that for a system ensures the privacy of personal data, privacy should be considered from the beginning of the software project. 23
www.cin.ufpe.br/~ler Laboratório de Engenharia de Requisitos Universidade Federal de Pernambuco Privacy Requirements Engineering in Agile Software Development Mariana Peixoto and Carla Silva (Supervisor) {mmp2, ctlls}@cin.ufpe.br Degree: Doctoral Year of Entry: March/2016 Conclusion Expectation: March/2020 VIII Workshop on Thesis and Dissertations of CBSoft (WTDSoft 2018) 09/2018

Recommended

The Use of Development History in Software Refactoring Using a Multi-Objectiv...
The Use of Development History in Software Refactoring Using a Multi-Objectiv...The Use of Development History in Software Refactoring Using a Multi-Objectiv...
The Use of Development History in Software Refactoring Using a Multi-Objectiv...Ali Ouni
 
A Multi-Objective Refactoring Approach to Introduce Design Patterns and Fix A...
A Multi-Objective Refactoring Approach to Introduce Design Patterns and Fix A...A Multi-Objective Refactoring Approach to Introduce Design Patterns and Fix A...
A Multi-Objective Refactoring Approach to Introduce Design Patterns and Fix A...Ali Ouni
 
130817 latifa guerrouj - context-aware source code vocabulary normalization...
130817 latifa guerrouj - context-aware source code vocabulary normalization...130817 latifa guerrouj - context-aware source code vocabulary normalization...
130817 latifa guerrouj - context-aware source code vocabulary normalization...Ptidej Team
 
On the Distinction of Functional and Quality Requirements in Practice
On the Distinction of Functional and Quality Requirements in PracticeOn the Distinction of Functional and Quality Requirements in Practice
On the Distinction of Functional and Quality Requirements in PracticeDaniel Mendez
 
A framework for adoption of machine learning in industry for software defect ...
A framework for adoption of machine learning in industry for software defect ...A framework for adoption of machine learning in industry for software defect ...
A framework for adoption of machine learning in industry for software defect ...RAKESH RANA
 
06 styles and_greenfield_design
06 styles and_greenfield_design06 styles and_greenfield_design
06 styles and_greenfield_designMajong DevJfu
 
AI improves software testing by Kari Kakkonen at TQS
AI improves software testing by Kari Kakkonen at TQSAI improves software testing by Kari Kakkonen at TQS
AI improves software testing by Kari Kakkonen at TQSKari Kakkonen
 
Re2018 Semios for Requirements
Re2018 Semios for RequirementsRe2018 Semios for Requirements
Re2018 Semios for RequirementsClément Portet
 

Recommended

The Use of Development History in Software Refactoring Using a Multi-Objectiv...
The Use of Development History in Software Refactoring Using a Multi-Objectiv...The Use of Development History in Software Refactoring Using a Multi-Objectiv...
The Use of Development History in Software Refactoring Using a Multi-Objectiv...Ali Ouni
 
A Multi-Objective Refactoring Approach to Introduce Design Patterns and Fix A...
A Multi-Objective Refactoring Approach to Introduce Design Patterns and Fix A...A Multi-Objective Refactoring Approach to Introduce Design Patterns and Fix A...
A Multi-Objective Refactoring Approach to Introduce Design Patterns and Fix A...Ali Ouni
 
130817 latifa guerrouj - context-aware source code vocabulary normalization...
130817 latifa guerrouj - context-aware source code vocabulary normalization...130817 latifa guerrouj - context-aware source code vocabulary normalization...
130817 latifa guerrouj - context-aware source code vocabulary normalization...Ptidej Team
 
On the Distinction of Functional and Quality Requirements in Practice
On the Distinction of Functional and Quality Requirements in PracticeOn the Distinction of Functional and Quality Requirements in Practice
On the Distinction of Functional and Quality Requirements in PracticeDaniel Mendez
 
A framework for adoption of machine learning in industry for software defect ...
A framework for adoption of machine learning in industry for software defect ...A framework for adoption of machine learning in industry for software defect ...
A framework for adoption of machine learning in industry for software defect ...RAKESH RANA
 
06 styles and_greenfield_design
06 styles and_greenfield_design06 styles and_greenfield_design
06 styles and_greenfield_designMajong DevJfu
 
AI improves software testing by Kari Kakkonen at TQS
AI improves software testing by Kari Kakkonen at TQSAI improves software testing by Kari Kakkonen at TQS
AI improves software testing by Kari Kakkonen at TQSKari Kakkonen
 
Re2018 Semios for Requirements
Re2018 Semios for RequirementsRe2018 Semios for Requirements
Re2018 Semios for RequirementsClément Portet
 
ThesisPresentation
ThesisPresentationThesisPresentation
ThesisPresentationMaria Jose Villanueva
 
Why is TDD so hard for Data Engineering and Analytics Projects?
Why is TDD so hard for Data Engineering and Analytics Projects?Why is TDD so hard for Data Engineering and Analytics Projects?
Why is TDD so hard for Data Engineering and Analytics Projects?Phil Watt
 
Opinion Mining for Software Engineering
Opinion Mining for Software EngineeringOpinion Mining for Software Engineering
Opinion Mining for Software EngineeringAlexander Serebrenik
 
Icpc13.ppt
Icpc13.pptIcpc13.ppt
Icpc13.pptPtidej Team
 
Industry-Academia Communication In Empirical Software Engineering
Industry-Academia Communication In Empirical Software EngineeringIndustry-Academia Communication In Empirical Software Engineering
Industry-Academia Communication In Empirical Software EngineeringPer Runeson
 
Urgent assignment help
Urgent assignment helpUrgent assignment help
Urgent assignment helpasmits kharel
 
Why is Test Driven Development for Analytics or Data Projects so Hard?
Why is Test Driven Development for Analytics or Data Projects so Hard?Why is Test Driven Development for Analytics or Data Projects so Hard?
Why is Test Driven Development for Analytics or Data Projects so Hard?Phil Watt
 
SOFTWARE TESTING: ISSUES AND CHALLENGES OF ARTIFICIAL INTELLIGENCE & MACHINE ...
SOFTWARE TESTING: ISSUES AND CHALLENGES OF ARTIFICIAL INTELLIGENCE & MACHINE ...SOFTWARE TESTING: ISSUES AND CHALLENGES OF ARTIFICIAL INTELLIGENCE & MACHINE ...
SOFTWARE TESTING: ISSUES AND CHALLENGES OF ARTIFICIAL INTELLIGENCE & MACHINE ...ijaia
 
Mindtrek 2015 - Tampere Finland
Mindtrek 2015 - Tampere Finland Mindtrek 2015 - Tampere Finland
Mindtrek 2015 - Tampere Finland Panos Fitsilis
 
Cpre foundation level examination format sgreb
Cpre foundation level examination format sgrebCpre foundation level examination format sgreb
Cpre foundation level examination format sgrebsgreb
 
Surveys in Software Engineering
Surveys in Software EngineeringSurveys in Software Engineering
Surveys in Software EngineeringDaniel Mendez
 
Thesis+of+zohreh+sharafi.ppt
Thesis+of+zohreh+sharafi.pptThesis+of+zohreh+sharafi.ppt
Thesis+of+zohreh+sharafi.pptPtidej Team
 
July 2013 Talk, What Industry Needs from Architecture Description Languages
July 2013 Talk, What Industry Needs from Architecture Description LanguagesJuly 2013 Talk, What Industry Needs from Architecture Description Languages
July 2013 Talk, What Industry Needs from Architecture Description Languagesgrossd18
 
Theory Building in RE - The NaPiRE Initiative
Theory Building in RE - The NaPiRE InitiativeTheory Building in RE - The NaPiRE Initiative
Theory Building in RE - The NaPiRE InitiativeDaniel Mendez
 
Understanding Android Fragmentation with Topic Analysis of Vendor-Specific Bugs
Understanding Android Fragmentation with Topic Analysis of Vendor-Specific BugsUnderstanding Android Fragmentation with Topic Analysis of Vendor-Specific Bugs
Understanding Android Fragmentation with Topic Analysis of Vendor-Specific BugsChenlei Zhang
 
An Exploratory Study on Technology Transfer in Software Engineering
An Exploratory Study on Technology Transfer in Software EngineeringAn Exploratory Study on Technology Transfer in Software Engineering
An Exploratory Study on Technology Transfer in Software EngineeringDaniel Mendez
 
Exploratory testing STEW 2016
Exploratory testing STEW 2016Exploratory testing STEW 2016
Exploratory testing STEW 2016Per Runeson
 
MetaScience: Holistic Approach for Research Modeling and Analysis
MetaScience: Holistic Approach for Research Modeling and AnalysisMetaScience: Holistic Approach for Research Modeling and Analysis
MetaScience: Holistic Approach for Research Modeling and AnalysisJordi Cabot
 
Design Thinking for Requirements Engineering
Design Thinking for Requirements EngineeringDesign Thinking for Requirements Engineering
Design Thinking for Requirements EngineeringDaniel Mendez
 
Pitfalls and Countermeasures in Software Quality Measurements and Evaluations
Pitfalls and Countermeasures in Software Quality Measurements and EvaluationsPitfalls and Countermeasures in Software Quality Measurements and Evaluations
Pitfalls and Countermeasures in Software Quality Measurements and EvaluationsHironori Washizaki
 
Requirement Elicitation Model (REM) in the Context of Global Software Develop...
Requirement Elicitation Model (REM) in the Context of Global Software Develop...Requirement Elicitation Model (REM) in the Context of Global Software Develop...
Requirement Elicitation Model (REM) in the Context of Global Software Develop...IJAAS Team
 
Research paperV1
Research paperV1Research paperV1
Research paperV1expertexh
 

More Related Content

What's hot

Why is TDD so hard for Data Engineering and Analytics Projects?
Why is TDD so hard for Data Engineering and Analytics Projects?Why is TDD so hard for Data Engineering and Analytics Projects?
Why is TDD so hard for Data Engineering and Analytics Projects?Phil Watt
 
Opinion Mining for Software Engineering
Opinion Mining for Software EngineeringOpinion Mining for Software Engineering
Opinion Mining for Software EngineeringAlexander Serebrenik
 
Industry-Academia Communication In Empirical Software Engineering
Industry-Academia Communication In Empirical Software EngineeringIndustry-Academia Communication In Empirical Software Engineering
Industry-Academia Communication In Empirical Software EngineeringPer Runeson
 
Urgent assignment help
Urgent assignment helpUrgent assignment help
Urgent assignment helpasmits kharel
 
Why is Test Driven Development for Analytics or Data Projects so Hard?
Why is Test Driven Development for Analytics or Data Projects so Hard?Why is Test Driven Development for Analytics or Data Projects so Hard?
Why is Test Driven Development for Analytics or Data Projects so Hard?Phil Watt
 
SOFTWARE TESTING: ISSUES AND CHALLENGES OF ARTIFICIAL INTELLIGENCE & MACHINE ...
SOFTWARE TESTING: ISSUES AND CHALLENGES OF ARTIFICIAL INTELLIGENCE & MACHINE ...SOFTWARE TESTING: ISSUES AND CHALLENGES OF ARTIFICIAL INTELLIGENCE & MACHINE ...
SOFTWARE TESTING: ISSUES AND CHALLENGES OF ARTIFICIAL INTELLIGENCE & MACHINE ...ijaia
 
Mindtrek 2015 - Tampere Finland
Mindtrek 2015 - Tampere Finland Mindtrek 2015 - Tampere Finland
Mindtrek 2015 - Tampere Finland Panos Fitsilis
 
Cpre foundation level examination format sgreb
Cpre foundation level examination format sgrebCpre foundation level examination format sgreb
Cpre foundation level examination format sgrebsgreb
 
Surveys in Software Engineering
Surveys in Software EngineeringSurveys in Software Engineering
Surveys in Software EngineeringDaniel Mendez
 
Thesis+of+zohreh+sharafi.ppt
Thesis+of+zohreh+sharafi.pptThesis+of+zohreh+sharafi.ppt
Thesis+of+zohreh+sharafi.pptPtidej Team
 
July 2013 Talk, What Industry Needs from Architecture Description Languages
July 2013 Talk, What Industry Needs from Architecture Description LanguagesJuly 2013 Talk, What Industry Needs from Architecture Description Languages
July 2013 Talk, What Industry Needs from Architecture Description Languagesgrossd18
 
Theory Building in RE - The NaPiRE Initiative
Theory Building in RE - The NaPiRE InitiativeTheory Building in RE - The NaPiRE Initiative
Theory Building in RE - The NaPiRE InitiativeDaniel Mendez
 
Understanding Android Fragmentation with Topic Analysis of Vendor-Specific Bugs
Understanding Android Fragmentation with Topic Analysis of Vendor-Specific BugsUnderstanding Android Fragmentation with Topic Analysis of Vendor-Specific Bugs
Understanding Android Fragmentation with Topic Analysis of Vendor-Specific BugsChenlei Zhang
 
An Exploratory Study on Technology Transfer in Software Engineering
An Exploratory Study on Technology Transfer in Software EngineeringAn Exploratory Study on Technology Transfer in Software Engineering
An Exploratory Study on Technology Transfer in Software EngineeringDaniel Mendez
 
Exploratory testing STEW 2016
Exploratory testing STEW 2016Exploratory testing STEW 2016
Exploratory testing STEW 2016Per Runeson
 
MetaScience: Holistic Approach for Research Modeling and Analysis
MetaScience: Holistic Approach for Research Modeling and AnalysisMetaScience: Holistic Approach for Research Modeling and Analysis
MetaScience: Holistic Approach for Research Modeling and AnalysisJordi Cabot
 
Design Thinking for Requirements Engineering
Design Thinking for Requirements EngineeringDesign Thinking for Requirements Engineering
Design Thinking for Requirements EngineeringDaniel Mendez
 
Pitfalls and Countermeasures in Software Quality Measurements and Evaluations
Pitfalls and Countermeasures in Software Quality Measurements and EvaluationsPitfalls and Countermeasures in Software Quality Measurements and Evaluations
Pitfalls and Countermeasures in Software Quality Measurements and EvaluationsHironori Washizaki
 

What's hot (20)

ThesisPresentation
ThesisPresentationThesisPresentation
ThesisPresentation
 
Why is TDD so hard for Data Engineering and Analytics Projects?
Why is TDD so hard for Data Engineering and Analytics Projects?Why is TDD so hard for Data Engineering and Analytics Projects?
Why is TDD so hard for Data Engineering and Analytics Projects?
 
Opinion Mining for Software Engineering
Opinion Mining for Software EngineeringOpinion Mining for Software Engineering
Opinion Mining for Software Engineering
 
Icpc13.ppt
Icpc13.pptIcpc13.ppt
Icpc13.ppt
 
Industry-Academia Communication In Empirical Software Engineering
Industry-Academia Communication In Empirical Software EngineeringIndustry-Academia Communication In Empirical Software Engineering
Industry-Academia Communication In Empirical Software Engineering
 
Urgent assignment help
Urgent assignment helpUrgent assignment help
Urgent assignment help
 
Why is Test Driven Development for Analytics or Data Projects so Hard?
Why is Test Driven Development for Analytics or Data Projects so Hard?Why is Test Driven Development for Analytics or Data Projects so Hard?
Why is Test Driven Development for Analytics or Data Projects so Hard?
 
SOFTWARE TESTING: ISSUES AND CHALLENGES OF ARTIFICIAL INTELLIGENCE & MACHINE ...
SOFTWARE TESTING: ISSUES AND CHALLENGES OF ARTIFICIAL INTELLIGENCE & MACHINE ...SOFTWARE TESTING: ISSUES AND CHALLENGES OF ARTIFICIAL INTELLIGENCE & MACHINE ...
SOFTWARE TESTING: ISSUES AND CHALLENGES OF ARTIFICIAL INTELLIGENCE & MACHINE ...
 
Mindtrek 2015 - Tampere Finland
Mindtrek 2015 - Tampere Finland Mindtrek 2015 - Tampere Finland
Mindtrek 2015 - Tampere Finland
 
Cpre foundation level examination format sgreb
Cpre foundation level examination format sgrebCpre foundation level examination format sgreb
Cpre foundation level examination format sgreb
 
Surveys in Software Engineering
Surveys in Software EngineeringSurveys in Software Engineering
Surveys in Software Engineering
 
Thesis+of+zohreh+sharafi.ppt
Thesis+of+zohreh+sharafi.pptThesis+of+zohreh+sharafi.ppt
Thesis+of+zohreh+sharafi.ppt
 
July 2013 Talk, What Industry Needs from Architecture Description Languages
July 2013 Talk, What Industry Needs from Architecture Description LanguagesJuly 2013 Talk, What Industry Needs from Architecture Description Languages
July 2013 Talk, What Industry Needs from Architecture Description Languages
 
Theory Building in RE - The NaPiRE Initiative
Theory Building in RE - The NaPiRE InitiativeTheory Building in RE - The NaPiRE Initiative
Theory Building in RE - The NaPiRE Initiative
 
Understanding Android Fragmentation with Topic Analysis of Vendor-Specific Bugs
Understanding Android Fragmentation with Topic Analysis of Vendor-Specific BugsUnderstanding Android Fragmentation with Topic Analysis of Vendor-Specific Bugs
Understanding Android Fragmentation with Topic Analysis of Vendor-Specific Bugs
 
An Exploratory Study on Technology Transfer in Software Engineering
An Exploratory Study on Technology Transfer in Software EngineeringAn Exploratory Study on Technology Transfer in Software Engineering
An Exploratory Study on Technology Transfer in Software Engineering
 
Exploratory testing STEW 2016
Exploratory testing STEW 2016Exploratory testing STEW 2016
Exploratory testing STEW 2016
 
MetaScience: Holistic Approach for Research Modeling and Analysis
MetaScience: Holistic Approach for Research Modeling and AnalysisMetaScience: Holistic Approach for Research Modeling and Analysis
MetaScience: Holistic Approach for Research Modeling and Analysis
 
Design Thinking for Requirements Engineering
Design Thinking for Requirements EngineeringDesign Thinking for Requirements Engineering
Design Thinking for Requirements Engineering
 
Pitfalls and Countermeasures in Software Quality Measurements and Evaluations
Pitfalls and Countermeasures in Software Quality Measurements and EvaluationsPitfalls and Countermeasures in Software Quality Measurements and Evaluations
Pitfalls and Countermeasures in Software Quality Measurements and Evaluations
 

Similar to Privacy Requirements Engineering in Agile Software Development

Requirement Elicitation Model (REM) in the Context of Global Software Develop...
Requirement Elicitation Model (REM) in the Context of Global Software Develop...Requirement Elicitation Model (REM) in the Context of Global Software Develop...
Requirement Elicitation Model (REM) in the Context of Global Software Develop...IJAAS Team
 
Research paperV1
Research paperV1Research paperV1
Research paperV1expertexh
 
Plataforma web y metodología para el desarrollo de sistemas sensibles al cont...
Plataforma web y metodología para el desarrollo de sistemas sensibles al cont...Plataforma web y metodología para el desarrollo de sistemas sensibles al cont...
Plataforma web y metodología para el desarrollo de sistemas sensibles al cont...damarcant
 
Poster ECIS 2016
Poster ECIS 2016Poster ECIS 2016
Poster ECIS 2016Rui Silva
 
Communication, culture, competency, and stakeholder that contribute to requi...
Communication, culture, competency, and stakeholder that contribute to requi...Communication, culture, competency, and stakeholder that contribute to requi...
Communication, culture, competency, and stakeholder that contribute to requi...IJECEIAES
 
Final Paper_Manik
Final Paper_ManikFinal Paper_Manik
Final Paper_ManikManik Verma
 
Bin saleem
Bin saleemBin saleem
Bin saleemanesah
 
Mba viva slides (scm009432) (1)
Mba viva slides (scm009432) (1)Mba viva slides (scm009432) (1)
Mba viva slides (scm009432) (1)David Goh
 
Copyright © 2018 Javed Iqbal et al. This is an open-access a.docx
Copyright © 2018 Javed Iqbal et al. This is an open-access a.docxCopyright © 2018 Javed Iqbal et al. This is an open-access a.docx
Copyright © 2018 Javed Iqbal et al. This is an open-access a.docxbobbywlane695641
 
Selecting Experts Using Data Quality Concepts
Selecting Experts Using Data Quality ConceptsSelecting Experts Using Data Quality Concepts
Selecting Experts Using Data Quality Conceptsijdms
 
Importance of Process Mining for Big Data Requirements Engineering
Importance of Process Mining for Big Data Requirements EngineeringImportance of Process Mining for Big Data Requirements Engineering
Importance of Process Mining for Big Data Requirements EngineeringAIRCC Publishing Corporation
 
IMPORTANCE OF PROCESS MINING FOR BIG DATA REQUIREMENTS ENGINEERING
IMPORTANCE OF PROCESS MINING FOR BIG DATA REQUIREMENTS ENGINEERINGIMPORTANCE OF PROCESS MINING FOR BIG DATA REQUIREMENTS ENGINEERING
IMPORTANCE OF PROCESS MINING FOR BIG DATA REQUIREMENTS ENGINEERINGijcsit
 
Importance of Process Mining for Big Data Requirements Engineering
Importance of Process Mining for Big Data Requirements EngineeringImportance of Process Mining for Big Data Requirements Engineering
Importance of Process Mining for Big Data Requirements EngineeringAIRCC Publishing Corporation
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)ijceronline
 
Gary Broils, D.B.A. - Dissertation Defense: Virtual Teaming and Collaboration...
Gary Broils, D.B.A. - Dissertation Defense: Virtual Teaming and Collaboration...Gary Broils, D.B.A. - Dissertation Defense: Virtual Teaming and Collaboration...
Gary Broils, D.B.A. - Dissertation Defense: Virtual Teaming and Collaboration...Gary Broils, DBA, PMP
 
INVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDY
INVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDYINVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDY
INVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDYijseajournal
 
INVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDY
INVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDYINVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDY
INVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDYijseajournal
 
AMCIS_20_ERF_manuscript_id_1980.pptx
AMCIS_20_ERF_manuscript_id_1980.pptxAMCIS_20_ERF_manuscript_id_1980.pptx
AMCIS_20_ERF_manuscript_id_1980.pptxAprinaldiAffandi1
 

Similar to Privacy Requirements Engineering in Agile Software Development (20)

Requirement Elicitation Model (REM) in the Context of Global Software Develop...
Requirement Elicitation Model (REM) in the Context of Global Software Develop...Requirement Elicitation Model (REM) in the Context of Global Software Develop...
Requirement Elicitation Model (REM) in the Context of Global Software Develop...
 
Research paperV1
Research paperV1Research paperV1
Research paperV1
 
Plataforma web y metodología para el desarrollo de sistemas sensibles al cont...
Plataforma web y metodología para el desarrollo de sistemas sensibles al cont...Plataforma web y metodología para el desarrollo de sistemas sensibles al cont...
Plataforma web y metodología para el desarrollo de sistemas sensibles al cont...
 
Poster ECIS 2016
Poster ECIS 2016Poster ECIS 2016
Poster ECIS 2016
 
Communication, culture, competency, and stakeholder that contribute to requi...
Communication, culture, competency, and stakeholder that contribute to requi...Communication, culture, competency, and stakeholder that contribute to requi...
Communication, culture, competency, and stakeholder that contribute to requi...
 
Final Paper_Manik
Final Paper_ManikFinal Paper_Manik
Final Paper_Manik
 
Privacy Data Protection for Engineers - PDP4E
Privacy Data Protection for Engineers - PDP4EPrivacy Data Protection for Engineers - PDP4E
Privacy Data Protection for Engineers - PDP4E
 
Bin saleem
Bin saleemBin saleem
Bin saleem
 
Mba viva slides (scm009432) (1)
Mba viva slides (scm009432) (1)Mba viva slides (scm009432) (1)
Mba viva slides (scm009432) (1)
 
Copyright © 2018 Javed Iqbal et al. This is an open-access a.docx
Copyright © 2018 Javed Iqbal et al. This is an open-access a.docxCopyright © 2018 Javed Iqbal et al. This is an open-access a.docx
Copyright © 2018 Javed Iqbal et al. This is an open-access a.docx
 
Selecting Experts Using Data Quality Concepts
Selecting Experts Using Data Quality ConceptsSelecting Experts Using Data Quality Concepts
Selecting Experts Using Data Quality Concepts
 
Importance of Process Mining for Big Data Requirements Engineering
Importance of Process Mining for Big Data Requirements EngineeringImportance of Process Mining for Big Data Requirements Engineering
Importance of Process Mining for Big Data Requirements Engineering
 
IMPORTANCE OF PROCESS MINING FOR BIG DATA REQUIREMENTS ENGINEERING
IMPORTANCE OF PROCESS MINING FOR BIG DATA REQUIREMENTS ENGINEERINGIMPORTANCE OF PROCESS MINING FOR BIG DATA REQUIREMENTS ENGINEERING
IMPORTANCE OF PROCESS MINING FOR BIG DATA REQUIREMENTS ENGINEERING
 
Importance of Process Mining for Big Data Requirements Engineering
Importance of Process Mining for Big Data Requirements EngineeringImportance of Process Mining for Big Data Requirements Engineering
Importance of Process Mining for Big Data Requirements Engineering
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
CV - Gunjan Sharma
CV - Gunjan SharmaCV - Gunjan Sharma
CV - Gunjan Sharma
 
Gary Broils, D.B.A. - Dissertation Defense: Virtual Teaming and Collaboration...
Gary Broils, D.B.A. - Dissertation Defense: Virtual Teaming and Collaboration...Gary Broils, D.B.A. - Dissertation Defense: Virtual Teaming and Collaboration...
Gary Broils, D.B.A. - Dissertation Defense: Virtual Teaming and Collaboration...
 
INVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDY
INVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDYINVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDY
INVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDY
 
INVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDY
INVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDYINVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDY
INVESTIGATE,IDENTIFY AND ESTIMATE THE TECHNICAL DEBT: A SYSTEMATIC MAPPING STUDY
 
AMCIS_20_ERF_manuscript_id_1980.pptx
AMCIS_20_ERF_manuscript_id_1980.pptxAMCIS_20_ERF_manuscript_id_1980.pptx
AMCIS_20_ERF_manuscript_id_1980.pptx
 

Recently uploaded

Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 

Recently uploaded (20)

Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 

Privacy Requirements Engineering in Agile Software Development

  • 1. www.cin.ufpe.br/~ler Laboratório de Engenharia de Requisitos Universidade Federal de Pernambuco Privacy Requirements Engineering in Agile Software Development Mariana Peixoto and Carla Silva (Supervisor) {mmp2, ctlls}@cin.ufpe.br Degree: Doctoral Year of Entry: March/2016 Conclusion Expectation: March/2020 VIII Workshop on Thesis and Dissertations of CBSoft (WTDSoft 2018) 09/2018
  • 2. Outline  Problem Characterization  Background  Contributions  Current Research Status  Description and Evaluation of Results  Related Work 2
  • 3. Problem Characterization  Increase in software applications  Digital data reveal large quantities of personal information [Van Der Sype and Maalej, 2014].  People may not be aware of when and for what purpose their personal information has been or will be collected, analyzed or transmitted [Omoronyia et al., 2013].  The exposure of such information in an unregulated way can threaten user privacy [Omoronyia et al., 2013].  Privacy concerns have some impact on consumer behavior and the acceptability and adoption of new technologies [Spiekermann and Cranor 2009]. 3
  • 4. Problem Characterization  it is necessary to approach the privacy issues from the requirements discovery, that is, in the Requirements Engineering (RE) when requirements elicitation and specification occurs [Tun et al. 2012; Kalloniatis et al. 2008; Ayed and Ghernaouti- Hélie 2011].  Many developers do not have sufficient knowledge and understanding about privacy [Hadar et al. 2018].  There is a gap between designers’ and stakeholders’ understandings of what privacy means [Gharib et al. 2017]. 4
  • 5. Problem Characterization  The increasingly adoption of Agile Software Development (ASD)  Short iterations and active stakeholders  Flexibility to deal with requirements changes  It is necessary to address privacy issues also in ASD [Viitaniemi, 2017].  In ASD non-functional requirements are sometimes neglected 5
  • 6. Background  Privacy is a concept that is not easily defined.  There is still no unified view on privacy requirements engineering yet [Backers 2012; Gharib et al. 2017].  Privacy is the right to determine when, how and what conditions it is permitted to disclose personal information and to transmit such information to third parties [Kalloniatis et al., 2008]. 6
  • 7. Background  Traditional RE consists of a process with four high level activities:  Feasibility Study, Elicitation and Analysis, Specification and Validation.  ASD methods do not adopt the structured phases of the traditional RE process [Heikkilä et al. 2015].  Common practices regarding requirements (228 companies in 10 countries) [Wagner et al. 2018].  Requirements elicitation: interviews, facilitated meetings, prototyping, scenarios and observation;  Documentation: free-form textual, structured requirements lists, semi- formal use case models and free-form textual domain/business process models. 7
  • 8. Background  Requirements Specification for Developers (RSD) [Medeiros et al. 2017] 8 Figure 1. Practices of RSD Approach. Medeiros (2017).
  • 9. Background 9 Figure 2. Example of requirements specification using RSD approach. Medeiros (2017).
  • 10. Contributions - Objective  Main objective: Provide a process to guide the elicitation and specification of privacy requirements in the context of Agile Software Development.  How to elicitate and specify privacy requirements in agile development?  Specific objectives  How to create a unified view of privacy for RE?  1. Define a set of privacy concepts;  2. Define a set of relationships among privacy concepts;  3. Define a set of capabilities to specify privacy. 10
  • 11. Current Status  To achieve the objectives, the four phases for conducting studies proposed by Glass (1995), are used:  Informational Phase;  Analytical Phase;  Propositional Phase;  Evaluative Phase. 11
  • 12. Current Status  Informational Phase:  Systematic Literature Review (SLR) on domain-specific modeling languages [Peixoto and Silva 2018a].  Collect an overview of the privacy domain (privacy concepts and relationships)  i) an overview of the existing languages that supports privacy concepts;  ii) the languages taxonomy and requirements analysis techniques;  iii) a catalog of privacy concepts extracted from the papers. 12
  • 13. Current Status  Analytical Phase: Two Exploratory Studies (ES)  First Exploratory Study:  Survey with 8 privacy experts  Average age of respondents (38.63 years);  Educational level: Masters 1 (12.5%) - PhDs 7 (87.5%);  Experience with privacy: 5 (62.5%) theoretical experience; 1 (12.5 %) practical and theoretical experience; and 2 (25.0 %) practical experience;  Years of experience: 7 more than 3 years of experience with privacy and 1 less than 1 year. 13
  • 14. Current Status  First Exploratory Study: 14 Figure 3. Privacy Conceptual Model.
  • 15. Current Status  Second Exploratory Study:  14 privacy specification capabilities (C) framework [Peixoto and Silva 2018b]  (i) Conceptual model;  (ii) Information technology - Security techniques - Privacy framework [ISO29100, 2011];  (iii) General Data Protection Regulation [GDPR, 2018];  (iv) Guidelines proposed by Organisation for Economic Co- operation and Development [OECD, 2013]. 15
  • 16. Current Status  Privacy specification capabilities (C) framework  C1 - Specify the purpose of tasks;  C2 - Specify different types of actors;  C3 - Specify relationships of actors;  C4 - Specify trust relationship;  C5 - Specify different types of personal information;  C6 - Specify privacy machanims/goals;  C7 - Specify users’ privacy preferences and contexts;  C8 - Specify privacy risks;  C9 - Specify privacy threats;  C10 - Specify privacy harms;  C11 - Specify privacy vulnerability;  C12 - Specify to connect risk, threat, harms and vulnerability;  C13 - Specify consent;  C14 - Specify privacy constraint. 16
  • 17. Current Status  Propositional Phase:  Privacy Elicitation - Guided interviews to answer a series of structured questions that cover the concepts of the privacy conceptual model  Privacy Specification - RSD approach in a guided way to cover the privacy specification capabilities (C1 to C14) 17
  • 18. Current Status  Evaluative Phase  Interviews with privacy and ASD experts  Illustrative scenarios  Controlled experiment 18
  • 19. Description and Evaluation of Results  Interviews with Experts  Quantitative questions (5-point Likert scale)  Privacy Experts  How correct are the privacy specification capabilities (C1 to C14)?  How complete are the privacy specification capabilities (C1 to C14)?  Agile Experts  How suitable for ASD is the proposed approach for privacy elicitation and specification? 19
  • 20. Description and Evaluation of Results  Illustrative Scenarios:  Real illustrative scenarios will be used to evaluate the quality of the generated specifications according to Complete, Consistent, Affordable and Bounded criteria [ISO-IEEE 29148 2011].  Controlled Experiment:  Complete, Consistent and Bounded, which are characteristics for a good requirements specification [ISO-IEEE 29148 2011]. 20
  • 21. Description and Evaluation of Results  Controlled Experiment: 21 Criteria/ Metric Symbol Meaning Complete NMRPA Number (#) of missing requirements using the proposed approach (PA). NMROA # of missing requirements using the other approach (OA). Consistent NDRPA # of duplicate requirements specified with the PA. NDROA # of duplicate requirements specified with the OA. NARPA # of ambiguous requirements specified with the PA. NAROA # of ambiguous requirements specified with the OA. Bounded NWRPA # of wrong requirements specified with the PA. NWROA # of wrong requirements specified with the OA. Time TSPA Time spent (minutes) with the PA. TSOA Time spent (minutes) with the OA. Questions NQPA # of questions asked with the PA. NQOA # of questions asked with the OA. Table 2. Controlled experiment metrics.
  • 22. Related Work  Gharib et al. (2017) proposed an ontology for privacy requirements as a mean to conceptualize privacy requirements in their social and organizational context.  Kalloniatis at al. (2009) provide an overview of requirements engineering approaches which focus on privacy requirements and have ways to accomplish requirements specification.  NFR (Non-Functional Requirement Framework), i* Framework, Tropos  Labda et al. (2014) and Pullonen et al. (2017) extend BPMN as a mean to incorporate visual constructs for modeling privacy requirements. 22
  • 23. Related Work  Antón and Earp (2000) focus on the initial specification of security and privacy policy and their operationalization (goal and scenario-driven requirements engineering methods).  Viitaniemi (2017) proposes to deal with privacy in agile software development through the privacy by design paradigm which is the idea that for a system ensures the privacy of personal data, privacy should be considered from the beginning of the software project. 23
  • 24. www.cin.ufpe.br/~ler Laboratório de Engenharia de Requisitos Universidade Federal de Pernambuco Privacy Requirements Engineering in Agile Software Development Mariana Peixoto and Carla Silva (Supervisor) {mmp2, ctlls}@cin.ufpe.br Degree: Doctoral Year of Entry: March/2016 Conclusion Expectation: March/2020 VIII Workshop on Thesis and Dissertations of CBSoft (WTDSoft 2018) 09/2018