research-article

Distilling privacy requirements for mobile applications

Authors:

Keerthi Thomas,

Arosha K. Bandara,

Blaine A. Price,

Bashar NuseibehAuthors Info & Claims

ICSE 2014: Proceedings of the 36th International Conference on Software Engineering

Pages 871 - 882

https://doi.org/10.1145/2568225.2568240

Published: 31 May 2014 Publication History

Abstract

As mobile computing applications have become commonplace, it is increasingly important for them to address end-users’ privacy requirements. Privacy requirements depend on a number of contextual socio-cultural factors to which mobility adds another level of contextual variation. However, traditional requirements elicitation methods do not sufficiently account for contextual factors and therefore cannot be used effectively to represent and analyse the privacy requirements of mobile end users. On the other hand, methods that do investigate contextual factors tend to produce data that does not lend itself to the process of requirements extraction. To address this problem we have developed a Privacy Requirements Distillation approach that employs a problem analysis framework to extract and refine privacy requirements for mobile applications from raw data gathered through empirical studies involving end users. Our approach introduces privacy facets that capture patterns of privacy concerns which are matched against the raw data. We demonstrate and evaluate our approach using qualitative data from an empirical study of a mobile social networking application.

References

[1]

A. Adams and M. A. Sasse. Privacy issues in ubiquitous multimedia environments Wake sleeping dogs, or let them lie. In Proceedings of INTERACT 99, Edinburgh, 1999, pp. 214–221J.

[2]

A. Adams. Users’ perception of privacy in multimedia communication. In CHI’99 extended abstracts on Human factors in computing systems, Pittsburgh, Pennsylvania, 1999, pp. 53–54.

Digital Library

[3]

A. Adams. Multimedia information changes the whole privacy ballgame. In Proceedings of 10th conference on Computers, freedom and privacy: challenging the assumptions, Toronto, Ontario, Canada, 2000, pp. 25–32.

Digital Library

[4]

I. Alexander. Misuse cases: use cases with hostile intent. Software, IEEE, 20 (1). 58-66.

Digital Library

[5]

M. Aoyama. Persona-and-scenario based requirements engineering for software embedded in digital consumer products. In Proceedings of 13th IEEE International Conference on Requirements Engineering, 2005., pp. 85-94.

Digital Library

[6]

J. Baxter and J. Eyles. Evaluating Qualitative Research in Social Geography: Establishing ‘Rigour’ in Interview Analysis. Transactions of the Institute of British Geographers, 22 (4). 505-525.

[7]

V. Bellotti and A. Sellen. Design for privacy in ubiquitous computing environments. In Proceedings of the third conference on European Conference on Computer-Supported Cooperative Work, Norwell, MA, USA, 1993, pp. 77–92.

Digital Library

[8]

M. Benisch, P. Kelley, N. Sadeh, and L. Cranor. Capturing location-privacy preferences: quantifying accuracy and userburden tradeoffs, Personal and Ubiquitous Computing, 2010. pp. 1-16.

Digital Library

[9]

H. R. Beyer and K. Holtzblatt, Apprenticing with the customer. Communications ACM, vol. 38, no. 5, pp. 45–52, 1995.

Digital Library

[10]

V. Braun and V. Clarke. Using thematic analysis in psychology. Qualitative Research in Psychology, 3 (2). 77- 101.

[11]

T. D. Breaux and A. I. Anton. Analyzing Regulatory Rules for Privacy and Security Requirements. IEEE Transactions on Software Engineering, vol. 34, no. 1, pp. 5–20, 2008.

Digital Library

[12]

T.D. Breaux and A.I. Anton. Mining rule semantics to understand legislative compliance. In Proceedings of the workshop on Privacy in the electronic society, (Alexandria, VA, USA, 2005), ACM, pp. 51 – 54

Digital Library

[13]

T.D. Breaux and A. Rao. Formal analysis of privacy requirements specifications for multi-tier applications. In 21st IEEE International Requirements Engineering Conference (RE), 2013, pp. 14-23.

[14]

J. Corbin and A. Strauss. Basics of Qualitative Research, Techniques and Procedures for Developing Grounded Theory, 3rd ed. Sage Publications, 2008.

[15]

M. Deng, K. Wuyts, R. Scandariato, B. Preneel and W. Joosen. A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering, 16 (1). 3-32.

Digital Library

[16]

A.K. Dey. Understanding and Using Context. Personal Ubiquitous Computing, 5 (1). 4-7.

Digital Library

[17]

S. Easterbrook, J. Singer, M-A. Storey and D. Damian. Selecting Empirical Methods for Software Engineering Research. In Guide to Advanced Empirical Software Engineering, Springer London, 2008, 285-311.

[18]

J. Fereday and E. Muir-Cochrane. Demonstrating rigor using thematic analysis: A hybrid approach of inductive and deductive coding and theme development. International Journal of Qualitative Methods, 5 (1). 80-92.

[19]

A. Finkelstein, J. Kramer, B. Nuseibeh, L. Finkelstein, and M. Goedicke. Viewpoints: A Framework for Integrating Multiple Perspectives in System Development. International Journal of Software Engineering and Knowledge Engineering, vol. 2, no. 1, pp. 31–58, 1992.

[20]

G.R. Gibbs. Analyzing Qualitative Data. SAGE Publications, London, England, 2007.

[21]

T. F. Gieryn. A space for place in sociology. Annual Review of Sociology, vol. 26, no. 1, pp. 463–396, 2000.

[22]

N. Golafshani. Understanding reliability and validity in qualitative research. The Qualitative Report, 8 (4). 597-607.

[23]

J. A. Goguen. The Dry and the Wet. In Proceedings of the IFIP TC8/WG8.1 Working Conference on Information System Concepts: Improving the Understanding, 1992, pp. 1–17.

Digital Library

[24]

J. A. Goguen and C. Linde. Techniques for requirements elicitation. In Requirements Engineering, 1993., Proceedings of IEEE International Symposium on, 1993, pp. 152–164.

[25]

K. Holtzblatt. Customer-centered design for mobile applications. Personal Ubiquitous Computing, vol. 9, no. 4, pp. 227–237, 2005.

Digital Library

[26]

G. Iachello and J. Hong. End-user privacy in humancomputer interaction. Foundations and Trends in Human-Computer Interaction, 1 (1). 1-137.

Digital Library

[27]

M. Jackson, Problem frames: analyzing and structuring software development problems. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2001.

Digital Library

[28]

M. Jirotka and J. A. Goguen. Requirements engineering: social and technical issues. Academic Press Professional, Inc., San Diego, CA, USA, 1994.

Digital Library

[29]

C. Kalloniatis, E. Kavakli and S. Gritzalis. Using Privacy Process Patterns for Incorporating Privacy Requirements into the System Design Process. In The Second International Conference on Availability, Reliability and Security, 2007, 1009-1017.

Digital Library

[30]

A. Khalil and K. Connelly. Context-aware telephony: privacy preferences and sharing patterns. In Proceedings of the 20th anniversary conference on Computer supported cooperative work, Banff, Alberta, Canada, 2006, pp. 469–478.

Digital Library

[31]

L. Lessig. The Architecture of Privacy. Vanderbilt Entertainment Law and Practice, vol. 1, no. 56, pp. 63–65, 1999.

[32]

P. Madsen, M. C. Mont, and R. Wilton. A Privacy Policy Framework – A position paper for the W3C Workshop of Privacy Policy Negotiation, vol. 2012. 2006.

[33]

C. Mancini, K. Thomas, Y. Rogers, B. A. Price, L. Jedrzejczyk, A. K. Bandara, A. N. Joinson, and B. Nuseibeh. From spaces to places: emerging contexts in mobile privacy. In Proceedings of the 11th international conference on Ubiquitous computing, Orlando, Florida, USA, 2009, pp. 1– 10.

Digital Library

[34]

C. Mancini, Y. Rogers, K. Thomas, A. N. Joinson, B. A. Price, A. K. Bandara, L. Jedrzejczyk, and B. Nuseibeh. In the Best Families: Tracking and Relationships. In Proceedings of the 29th International Conference on Human Factors in Computing Systems, ACM CHI 2011, 2011.

Digital Library

[35]

F. Massacci, J. Mylopoulos and N. Zannone. Security Requirements Engineering: The SI* Modeling Language and the Secure Tropos Methodology. In Advances in Intelligent Information Systems, Springer Berlin Heidelberg, 2010, 147- 174.

[36]

D. H. Nguyen, A. Kobsa, and G. R. Hayes. An empirical investigation of concerns of everyday tracking and recording technologies. In Proceedings of 10th International conference on Ubiquitous computing, New York, USA, 2008, pp. 182–191.

Digital Library

[37]

H. Nissenbaum, Privacy in Context: Technology, Policy and the Integrity of Social Life. Standford University Press, Standford, California, 2010.

Digital Library

[38]

I. Omoronyia, M. Salehie, R. Ali, H. Kaiya and B. Nuseibeh. Misuse case techniques for mobile privacy. In 1st International Workshop on Mobile Privacy Management (PriMo2011), 2011, Copenhagen, Denmark.

[39]

Parliament, British. ‘Data Protection Act of 1998’. 1998.

[40]

H.B. Reubenstein, and R.C. Waters. The Requirements Apprentice: automated assistance for requirements acquisition. In IEEE Transactions on Software Engineering, 17 (3). 226-240

Digital Library

[41]

N. Seyff, F. Graf, and N. Maiden. Using Mobile RE Tools to Give End-Users Their Own Voice. In 18th IEEE International Requirements Engineering Conference (RE), 2010, pp. 37–46.

Digital Library

[42]

G. Sindre and A.L. Opdahl. Eliciting security requirements with misuse cases. Requirements Engineering, 10 (1). 34-44.

Digital Library

[43]

D. J. Solove. Understanding Privacy. Harvard University Press, London, 2008.

[44]

A. Sutcliffe, S. Fickas, and M. M. Sohlberg. Personal and contextual requirements engineering. In Proceedings of 13th IEEE International Conference on Requirements Engineering, 2005, pp. 19–28.

Digital Library

[45]

A. Sutcliffe, S. Fickas, and M. Sohlberg. PC-RE: a method for personal and contextual requirements engineering with some experience. Requirements Engineering, vol. 11, no. 3, pp. 157–173, 2006.

Digital Library

[46]

D. R. Thomas. A general inductive approach for analyzing qualitative evaluation data. American Journal of Evaluation, 27 (2). 237-246.

[47]

J. Y. Tsai, P. Kelley, P. Drielsma, L. F. Cranor, J. Hong, and N. Sadeh. Who’s viewed you?: the impact of feedback in a mobile location-sharing application. In Proceedings of the 27th international conference on Human factors in computing systems, Boston, MA, USA, 2009, pp. 2003– 2012.

Digital Library

[48]

T. T. Tun, A. K. Bandara, B. A. Price, Y. Yu, C. Haley, I. Omoronyia, and B. Nuseibeh. Privacy arguments: analysing selective disclosure requirements for mobile applications. In 20th IEEE International Requirements Engineering Conference, Chicago, Illinois, 2012.

Digital Library

[49]

R. K. Yin. Case study research: Design and methods. Sage Publications, 2013.

[50]

E. Yu and L. M. Cysneiros. Designing for Privacy and Other Competing Requirements. In 2nd Symposium on Requirements Engineering for Information Security (SREIS’02), Raleigh, North Carolina, 2002.

[51]

Y. Yu, T. T, Tun, A. Tedeschi, V. N. L. Franqueira, and B. Nuseibeh. OpenArgue: Supporting argumentation to evolve secure software systems. In 19th IEEE International Requirements Engineering Conference (RE), 2011, pp. 351– 352.

Digital Library

[52]

C. Zins. Conceptual approaches for defining data, information, and knowledge. Journal of the American Society for Information Science and Technology, vol. 58, no. 4, pp. 479–493, 2007.

Digital Library

Cited By

Peixoto MGorschek TMendez DFucci DSilva C(2024)A natural language-based method to specify privacy requirements: an evaluation with practitionersRequirements Engineering10.1007/s00766-024-00428-zOnline publication date: 19-Jul-2024
https://doi.org/10.1007/s00766-024-00428-z
Ramtohul AKhedo K(2022)PISA: A proximity-based social networking (PBSN) protection modelSecurity Journal10.1057/s41284-022-00334-536:1(165-200)Online publication date: 28-Mar-2022
https://doi.org/10.1057/s41284-022-00334-5
Canedo ECalazans ABandeira ICosta PMasson E(2022)Guidelines adopted by agile teams in privacy requirements elicitation after the Brazilian general data protection law (LGPD) implementationRequirements Engineering10.1007/s00766-022-00391-727:4(545-567)Online publication date: 4-Nov-2022
https://doi.org/10.1007/s00766-022-00391-7
Show More Cited By

Index Terms

Distilling privacy requirements for mobile applications
1. Human-centered computing
  1. Human computer interaction (HCI)
2. Software and its engineering
  1. Software creation and management
    1. Designing software
      1. Requirements analysis

Recommendations

Specifying privacy requirements with goal-oriented modeling languages
SBES '18: Proceedings of the XXXII Brazilian Symposium on Software Engineering

Context: Privacy of personal data is a growing concern regarding users of software systems. In this sense, the literature reports that in order to avoid privacy breaches, there must be systematic approaches to specify privacy requirements from the early ...
The Case for Privacy Awareness Requirements

Privacy awareness is a core determinant of the success or failure of privacy infrastructures: if systems and users are not aware of potential privacy concerns, they cannot effectively discover, use or judge the effectiveness of privacy management ...
A Problem-Based Approach for Computer-Aided Privacy Threat Identification
APF 2012: Revised Selected Papers of the First Annual Privacy Forum on Privacy Technologies and Policy - Volume 8319

Recently, there has been an increase of reported privacy threats hitting large software systems. These threats can originate from stakeholders that are part of the system. Thus, it is crucial for software engineers to identify these privacy threats, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE 2014: Proceedings of the 36th International Conference on Software Engineering

May 2014

1139 pages

ISBN:9781450327565

DOI:10.1145/2568225

General Chair:
Pankaj Jalote
IIIT-Delhi, India
,
Program Chairs:
Lionel Briand
University of Luxembourg, Luxembourg
,
André van der Hoek
University of California, Irvine, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

In-Cooperation

TCSE: IEEE Computer Society's Tech. Council on Software Engin.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 May 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '14

Sponsor:

SIGSOFT

ICSE '14: 36th International Conference on Software Engineering

May 31 - June 7, 2014

Hyderabad, India

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

29
Total Citations
View Citations
702
Total Downloads

Downloads (Last 12 months)25
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Peixoto MGorschek TMendez DFucci DSilva C(2024)A natural language-based method to specify privacy requirements: an evaluation with practitionersRequirements Engineering10.1007/s00766-024-00428-zOnline publication date: 19-Jul-2024
https://doi.org/10.1007/s00766-024-00428-z
Ramtohul AKhedo K(2022)PISA: A proximity-based social networking (PBSN) protection modelSecurity Journal10.1057/s41284-022-00334-536:1(165-200)Online publication date: 28-Mar-2022
https://doi.org/10.1057/s41284-022-00334-5
Canedo ECalazans ABandeira ICosta PMasson E(2022)Guidelines adopted by agile teams in privacy requirements elicitation after the Brazilian general data protection law (LGPD) implementationRequirements Engineering10.1007/s00766-022-00391-727:4(545-567)Online publication date: 4-Nov-2022
https://doi.org/10.1007/s00766-022-00391-7
Peixoto MSilva CAraújo JGorschek TVasconcelos AVilela J(2022)Evaluating a privacy requirements specification method by using a mixed-method approach: results and lessons learnedRequirements Engineering10.1007/s00766-022-00388-228:2(229-255)Online publication date: 18-Sep-2022
https://doi.org/10.1007/s00766-022-00388-2
Canedo EBandeira ICalazans ACosta PCançado EBonifácio R(2022)Privacy requirements elicitation: a systematic literature review and perception analysis of IT practitionersRequirements Engineering10.1007/s00766-022-00382-828:2(177-194)Online publication date: 11-Jun-2022
https://doi.org/10.1007/s00766-022-00382-8
Tang YBrockman MPatil S(2021)Promoting Privacy Considerations in Real-World Projects in Capstone Courses with Ideation CardsACM Transactions on Computing Education10.1145/345803821:4(1-28)Online publication date: 15-Oct-2021
https://dl.acm.org/doi/10.1145/3458038
Peixoto MSilva CVilela JGorschek T(2021)Privacy Requirements Specification in Agile Software Development : RE’2021 Tutorial2021 IEEE 29th International Requirements Engineering Conference (RE)10.1109/RE51729.2021.00080(512-513)Online publication date: Sep-2021
https://doi.org/10.1109/RE51729.2021.00080
Canedo EToffano Seidel Calazans ACerqueira ATeixeira Costa PSeidel Masson E(2021)Agile Teams’ Perception in Privacy Requirements Elicitation: LGPD’s compliance in Brazil2021 IEEE 29th International Requirements Engineering Conference (RE)10.1109/RE51729.2021.00013(58-69)Online publication date: Sep-2021
https://doi.org/10.1109/RE51729.2021.00013
Murmann PKaregar F(2021)From Design Requirements to Effective Privacy Notifications: Empowering Users of Online Services to Make Informed DecisionsInternational Journal of Human–Computer Interaction10.1080/10447318.2021.191385937:19(1823-1848)Online publication date: 11-Jun-2021
https://doi.org/10.1080/10447318.2021.1913859
Kaufmann AKrause JHarutyunyan NBarcomb ARiehle D(2021)A validation of QDAcity-RE for domain modeling using qualitative data analysisRequirements Engineering10.1007/s00766-021-00360-627:1(31-51)Online publication date: 16-Aug-2021
https://dl.acm.org/doi/10.1007/s00766-021-00360-6
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents