Article Preview
Top1. Introduction
Recent advancement of software systems have changed the way that humans work, interact, learn and socialise. For instance, software platforms have been working without physically being at the same location as e-learning tools enable learning from distance and social networking services allow communication between people who might be thousand miles apart from each other. Large amount of sensitive and private information, i.e., customer bank account information and health care records, usually store on such geologically distributed systems. Users and stakeholders realise that without appropriate storage systems for such information, those systems cannot operate as required. Survey results (Green & Yang, 1998; Gritzalis, 2004; PricewaterhouseCoopers, 2001) have shown that users are concerned about their personal data privacy is at risk and they are worried about security vulnerabilities of software systems that might endanger their personal data.
Therefore, it has become increasingly important for software system developers to ensure that systems are developed with security and privacy in mind (Liu, Yu, & Mylopoulos, 2003; Massey, Otto, Hayward, & Antón, 2009; Haley, Moffett, Laney, & Nuseibeh, 2003). In fact recent research (Mouratidis & Giorgini, 2006; Islam, Mouratidis, & Jürjens, 2011) emphasise the need to consider security and privacy from the early stages of the development process. Several works in the literature (Fischer-Hübner, 2001; Islam, 2010a) focus on the development of methodologies, modelling languages and tools for the integration of security or privacy during the development lifecycle of software systems. These works either consider security and privacy as two independent concepts or they consider privacy as a subset of security. However latest research efforts (Gritzalis, 2004; Korrn, 2004; Kalloniatis, Kavakli, & Gritzalis, 2008) identify that privacy should be treated as a separate requirement criterion, since privacy itself is a multifaceted concept, but not independent from security and vice-versa. Thus, the need to analyse security and privacy separately but under a unified framework is of vital importance.
Our work fulfills this gap in the literature in such manner by proposing a structure approach to model and analyse security and privacy concepts under a unified framework. The work is based on the integration of two software engineering methodologies: one from the security requirements domain, and other from the privacy domain, i.e., Secure Tropos (Mouratidis & Giorgini, 2006b) and PriS (Kavakli, Gritzalis, & Kalloniatis, 2007; Kalloniatis, Kavakli, & Gritzalis, 2008) respectively. Secure Tropos focuses on the elicitation and analysis of security requirements while PriS focuses specifically on the incorporation of privacy requirements in the system design process. We decided to use these two approaches for the following reasons: Firstly, the applicability and usefulness of both these approaches has been widely presented in the literature (Islam, 2010; Islam, Mouratidis, & Jürjens, 2011; Kalloniatis, Kavakli, & Gritzalis, 2008); Secondly, both approaches share similar concepts, therefore a combination of these two results in a comprehensive analysis of security and privacy concepts; Thirdly, Secure Tropos is mainly focus on the requirements engineering and early design stages, while PriS is mainly focused on the later design and implementation stage. As such, the integration of these approaches results as a framework that covers the development process from early stages, such as the requirement gathering process, all the way to implementation.