Threat modeling at run time: the case for reflective and adaptive threat management (NIER track)

Landuyt, Dimitri Van; Pasquale, Liliana; Sion, Laurens; Joosen, Wouter

doi:10.1109/seams51251.2021.00034

Cited by 6 publications

(1 citation statement)

References 52 publications

(54 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DFDs are a concise and expressive modeling tool that is well-suited for the context of privacy threat analysis. However, the significant time and resources required to manually create DFDs pose a challenge for their practical use [7], [12], [47]. To address this, we have incorporated automation using NLP into our PRE approach.…”

Section: Data Flow Analysis Based On User Storiesmentioning

confidence: 99%

Leveraging NLP Techniques for Privacy Requirements Engineering in User Stories

Herwanto,

Quirchmayr,

Tjoa

2024

IEEE Access

View full text Add to dashboard Cite

Privacy requirements engineering acts as a role to systematically elicit privacy requirements from system requirements and legal requirements such as the GDPR. Many methodologies have been proposed, but the majority of them are focused on the waterfall approach, making adopting privacy engineering in agile software development difficult. The other major issue is that the process currently is to a high degree manual. This paper focuses on closing these gaps through the development of a machine learning-based approach for identifying privacy requirements in an agile software development environment, employing natural language processing (NLP) techniques. Our method aims to allow agile teams to focus on functional requirements while NLP tools assist them in generating privacy requirements. The main input for our method is a collection of user stories, which are typically used to identify functional requirements in agile software development. The NLP approach is then used to automate some humanintensive tasks such as identifying personal data and creating data flow diagrams from user stories. The data flow diagram forms the basis for the automatic creation of privacy requirements. Our evaluation shows that our NLP method achieves a fairly good performance in terms of F-Measure. We are also demonstrate the feasibility of our NLP approach in CamperPlus project. Lastly, we are developing a tool to integrate our NLP approach into the privacy requirements engineering pipeline, allowing for manual editing of results so that agile teams can maintain control over the automated approach.INDEX TERMS privacy requirements engineering, natural language processing, agile software development, user stories

show abstract

Section: Data Flow Analysis Based On User Storiesmentioning

confidence: 99%