2012 20th IEEE International Requirements Engineering Conference (RE) (2012)
Chicago, IL, USA USA
Sept. 24, 2012 to Sept. 28, 2012
Thein Than Tun , The Open University, UK
Arosha K. Bandara , The Open University, UK
Blaine A. Price , The Open University, UK
Yijun Yu , The Open University, UK
Charles Haley , Frogfish Technologies, UK
Inah Omoronyia , Lero, Ireland
Bashar Nuseibeh , The Open University, UK
Privacy requirements for mobile applications offer a distinct set of challenges for requirements engineering. First, they are highly dynamic, changing over time and locations, and across the different roles of agents involved and the kinds of information that may be disclosed. Second, although some general privacy requirements can be elicited a priori, users often refine them at runtime as they interact with the system and its environment. Selectively disclosing information to appropriate agents is therefore a key privacy management challenge, requiring carefully formulated privacy requirements amenable to systematic reasoning. In this paper, we introduce privacy arguments as a means of analysing privacy requirements in general and selective disclosure requirements (that are both content- and context-sensitive) in particular. Privacy arguments allow individual users to express personal preferences, which are then used to reason about privacy for each user under different contexts. At runtime, these arguments provide a way to reason about requirements satisfaction and diagnosis. Our proposed approach is demonstrated and evaluated using the privacy requirements of BuddyTracker, a mobile application we developed as part of our overall research programme.
mobile applications, privacy arguments, privacy requirements
T. T. Tun et al., "Privacy arguments: Analysing selective disclosure requirements for mobile applications," 2012 20th IEEE International Requirements Engineering Conference (RE), Chicago, IL, USA USA, 2012, pp. 131-140.