Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Protecting privacy in system design: the electronic voting case

Protecting privacy in system design: the electronic voting case Purpose – The purpose of the paper is to present Privacy Safeguard (PriS) a formal security requirements engineering methodology which, incorporates privacy requirements in the system design process and to demonstrate its applicability in an e‐voting case. Design/methodology/approach – PriS provides a methodological framework for addressing privacy‐related issues during system development. It provides a set of concepts for formally expressing privacy requirements (authentication, authorisation, identification, data protection, anonymity, pseudonymity, unlinkability and unobservability) and a systematic way‐of‐working for translating these requirements into system models. The main activities of the PriS way‐of‐working are: elicit privacy‐related goals, analyse the impact of privacy goals on processes, model affected processes using privacy process patterns and identify the technique(s) that best support/implement the above‐process patterns. Findings – Analysis of a number of well known privacy‐enhancing technologies, as well as of existing security requirement engineering methodologies, pinpoints the gap between system design methodologies and technological solutions. To this end, PriS provides an integrated approach for matching privacy‐related requirements to proper implementation techniques. Experimentation with the e‐voting case suggests that PriS has a high degree of applicability on internet systems that wish to provide services that ensure users privacy, such as anonymous browsing, untraceable transactions, etc. Originality/value – The paper proposes a new methodology for addressing privacy requirements during the design process. Instead of prescribing a single solution, PriS guides developers to choose the most appropriate implementation techniques for realizing the identified privacy issues. In addition, due to its formal definition it facilitates control of the accuracy and precision of the results and enables the development of automated tools for assisting its application. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Transforming Government: People, Process and Policy Emerald Publishing

Protecting privacy in system design: the electronic voting case

Loading next page...
 
/lp/emerald-publishing/protecting-privacy-in-system-design-the-electronic-voting-case-fvc6YJI22P
Publisher
Emerald Publishing
Copyright
Copyright © 2007 Emerald Group Publishing Limited. All rights reserved.
ISSN
1750-6166
DOI
10.1108/17506160710839150
Publisher site
See Article on Publisher Site

Abstract

Purpose – The purpose of the paper is to present Privacy Safeguard (PriS) a formal security requirements engineering methodology which, incorporates privacy requirements in the system design process and to demonstrate its applicability in an e‐voting case. Design/methodology/approach – PriS provides a methodological framework for addressing privacy‐related issues during system development. It provides a set of concepts for formally expressing privacy requirements (authentication, authorisation, identification, data protection, anonymity, pseudonymity, unlinkability and unobservability) and a systematic way‐of‐working for translating these requirements into system models. The main activities of the PriS way‐of‐working are: elicit privacy‐related goals, analyse the impact of privacy goals on processes, model affected processes using privacy process patterns and identify the technique(s) that best support/implement the above‐process patterns. Findings – Analysis of a number of well known privacy‐enhancing technologies, as well as of existing security requirement engineering methodologies, pinpoints the gap between system design methodologies and technological solutions. To this end, PriS provides an integrated approach for matching privacy‐related requirements to proper implementation techniques. Experimentation with the e‐voting case suggests that PriS has a high degree of applicability on internet systems that wish to provide services that ensure users privacy, such as anonymous browsing, untraceable transactions, etc. Originality/value – The paper proposes a new methodology for addressing privacy requirements during the design process. Instead of prescribing a single solution, PriS guides developers to choose the most appropriate implementation techniques for realizing the identified privacy issues. In addition, due to its formal definition it facilitates control of the accuracy and precision of the results and enables the development of automated tools for assisting its application.

Journal

Transforming Government: People, Process and PolicyEmerald Publishing

Published: Dec 1, 2007

Keywords: Privacy; Data security; Automation

References