Eliciting confidentiality requirements in practice
Abstract
Confidentiality, the protection of unauthorized disclosure of information, plays an important role in information security of software systems. Security researchers have developed numerous approaches on how to implement confidentiality, typically based on cryptographic algorithms and tight access control. However, less work has been done on defining systematic methods on how to elicit and define confidentiality requirements in the first place. Moreover, most of these approaches are illustrated with simulated examples that do not capture the richness of real world experience. This paper reports on our experiences eliciting confidentiality requirements in a real world project in the health care area. The method applied originates from the M.Sc. thesis of one of the authors and is still considered work in progress. Still, valuable insight into issues of confidentiality requirements engineering can be gained from this case study and we expect that its publication will become a basis for discussion and the definition of a further research agenda in this area.
Sign up today - FREE
Mendeley saves you time finding and organizing research. Learn more
- All your research in one place
- Add and import papers easily
- Access it anywhere, anytime