Reviewing and Evaluating Techniques for Modeling and Analyzing Security Requirements

Abu-Sheikh, Khalil

January 2007

The software engineering community recognized the importance of addressing security requirements with other functional requirements from the beginning of the software development life cycle. Therefore, there are some techniques that have been developed to achieve this goal. Thus, we conducted a theoretical study that focuses on reviewing and evaluating some of the techniques that are used to model and analyze security requirements. Thus, the Abuse Cases, Misuse Cases, Data Sensitivity and Threat Analyses, Strategic Modeling, and Attack Trees techniques are investigated in detail to understand and highlight the similarities and differences between them. We found that using these techniques, in general, help requirements engineer to specify more detailed security requirements. Also, all of these techniques cover the concepts of security but in different levels. In addition, the existence of different techniques provides a variety of levels for modeling and analyzing security requirements. This helps requirements engineer to decide which technique to use in order to address security issues for the system under investigation. Finally, we found that using only one of these techniques will not be suitable enough to satisfy the security requirements of the system under investigation. Consequently, we consider that it would be beneficial to combine the Abuse Cases or Misuse Cases techniques with the Attack Trees technique or to combine the Strategic Modeling and Attack Trees techniques together in order to model and analyze security requirements of the system under investigation. The concentration on using the Attack Trees technique is due to the reusability of the produced attack trees, also this technique helps in covering a wide range of attacks, thus covering security concepts as well as security requirements in a proper way.

Security Requirements

Abuse Cases

Misuse Cases

Data Sensitivity and Threat Analyses

Strategic Modeling

Attack Trees.

Software Engineering

Programvaruteknik

Informatics Approaches to Understand Data Sensitivity Perspectives of Patients with Behavioral Health Conditions

January 2020

abstract: Sensitive data sharing presents many challenges in case of unauthorized disclosures, including stigma and discrimination for patients with behavioral health conditions (BHCs). Sensitive information (e.g. mental health) warrants consent-based sharing to achieve integrated care. As many patients with BHCs receive cross-organizational behavioral and physical health care, data sharing can improve care quality, patient-provider experiences, outcomes, and reduce costs. Granularity in data sharing further allows for privacy satisfaction. Though the subjectivity in information patients consider sensitive and related sharing preferences are rarely investigated. Research, federal policies, and recommendations demand a better understanding of patient perspectives of data sensitivity and sharing. The goal of this research is to enhance the understanding of data sensitivity and related sharing preferences of patients with BHCs. The hypotheses are that 1) there is a diversity in medical record sensitivity and sharing preferences of patients with BHCs concerning the type of information, information recipients, and purpose of sharing; and 2) there is a mismatch between the existing sensitive data categories and the desires of patients with BHCs. A systematic literature review on methods assessing sensitivity perspectives showed a lack of methodologies for characterizing patient perceptions of sensitivity and assessing the variations in perceptions from clinical interpretations. Novel informatics approaches were proposed and applied using patients’ medical records to assess data sensitivity, sharing perspectives and comparing those with healthcare providers’ views. Findings showed variations in perceived sensitivity and sharing preferences. Patients’ sensitivity perspectives often varied from standard clinical interpretations. Comparison of patients’ and providers’ views on data sensitivity found differences in sensitivity perceptions of patients. Patients’ experiences (family history as genetic data), stigma towards category definitions or labels (drug “abuse”), and self-perceptions of information applicability (alcohol dependency) were influential factors in patients’ sensitivity determination. This clinical informatics research innovation introduces new methods using medical records to study data sensitivity and sharing. The outcomes of this research can guide the development of effective data sharing consent processes, education materials to inform patients and providers, granular technologies segmenting electronic health data, and policies and recommendations on sensitive data sharing. / Dissertation/Thesis / Doctoral Dissertation Biomedical Informatics 2020

Information science

Mental health

Health care management

Behavioral Health

Consumer Health Informatics

Data Sensitivity

Data Sharing

Patient Preferences

Patient-centered Technology

Exploring the sensitivity of Biometric Data: A Comparative Analysis of Theoretical and Human Perspectives

Jose, Dayona

January 2024

Biometric technology, leveraging distinctive physiological or behavioral traits for identification, has transformed authentication methods. This thesis explores biometric data sensitivity from theoretical and human perspectives. Theoretical analysis examines factors like uniqueness, permanence, and potential misuse, while empirical research surveys societal attitudes towards biometric sensitivity. Discrepancies between theoretical constructs and real-world perceptions underscore the complexity of this issue. Privacy, security, and trust emerge as central concerns, emphasizing the need for comprehensive approaches in biometric technology development and policy-making. The discussion interprets survey findings, highlighting implications for stakeholders. Future research could explore cultural influences on biometric perceptions, conduct longitudinal studies, and investigate innovative solutions to privacy and security concerns. Collaboration between academia, industry, and policymakers is crucial for advancing biometric technology ethically and responsibly in an increasingly digital world.

biometric data sensitivity

theoretical perspectives

human perceptions

privacy concerns

security considerations

empirical research

societal attitudes

future directions

types of biometrics

uniqueness

permanence

potential for misuse

invasiveness of collection process

compatibility with other systems

accuracy and reliability

storage and security measures.

Engineering and Technology

Teknik och teknologier