research-article

Integrating Security and Privacy in HCD-Scrum

Authors:

Maria Teresa Baldassarre,

Vita Santa Barletta,

Danilo Caivano,

Antonio PiccinnoAuthors Info & Claims

CHItaly '21: Proceedings of the 14th Biannual Conference of the Italian SIGCHI Chapter

Article No.: 37, Pages 1 - 5

https://doi.org/10.1145/3464385.3464746

Published: 13 July 2021 Publication History

Abstract

Nowadays, software development must face the challenge of integrating security and privacy elements from the earliest stages of any software development process. A correct and complete implementation starting from the requirements definition allows to significantly increase the security level of each single phase/iteration and consequently of the final system. Therefore, it is necessary to support the team throughout the software lifecycle trying to provide operational guidelines of security by design and privacy by design. Taking these aspects into account, the paper presents a Human Centered Design (HCD) approach of security and privacy-oriented software development, integrated within the Scrum agile methodology, defined as HCD-Security Scrum. The goal is to support developer decisions at all stages of software development in integrating security and privacy requirements through the formalization of key elements defined in a knowledge base, i.e., the Privacy Knowledge Base.

References

[1]

Julian Jang-Jaccard, Surya Nepal. 2014. A survey of emerging threats in cybersecurity. Volume 80, Issue 5, August 2014, pp. 973-993, https://doi.org/10.1016/j.jcss.2014.02.005

[2]

Kalle Rindell and Jukka Ruohonen and Johannes Holvitie and Sami Hyrynsalmi and Ville Leppänen. 2021. Security in agile software development: A practitioner survey. Information and Software Technology, Volume 131, https://doi.org/10.1016/j.infsof.2020.106488

[3]

Vita Santa Barletta, Danilo Caivano, Antonella Nannavecchia, Michele Scalera, 2020. Intrusion Detection for in-Vehicle Communication Networks: An Unsupervised Kohonen SOM Approach. Future Internet 12, no. 7: 119. https://doi.org/10.3390/fi12070119

[4]

Pierpaolo Di Bitonto, Maria Laterza, Teresa Roselli, Veronica Rossano. 2010. An Evaluation Method for Multi-Agent Systems. In: Jędrzejowicz P., Nguyen N.T., Howlet R.J., Jain L.C. (eds) Agent and Multi-Agent Systems: Technologies and Applications. KES-AMSTA 2010. Lecture Notes in Computer Science, vol 6070. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13480-7_5

[5]

Agostino Marengo, Alessandro Pagano, Lucia Ladisa. 2017. Towards a mobile augmented reality prototype for corporate training. Proceedings of the European Conference on e-Learning, ECEL -October, pp. 362-366

[6]

Carmelo Ardito, Maria Francesca Costabile, Marilena De Marsico, Rosa Lanzilotti, Stefano Levialdi, Paola Plantamura, Teresa Roselli, Veronica Rossano, Manuela Tersigni. 2004. Towards Guidelines for Usability of e-Learning Applications. In: Stary C., Stephanidis C. (eds) User-Centered Interaction Paradigms for Universal Access in the Information Society. UI4ALL 2004. Lecture Notes in Computer Science, vol 3196. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30111-0_16

[7]

Maria Teresa Baldassarre, Vita Santa Barletta, Danilo Caivano, Michele Scalera, 2019. Privacy Oriented Software Development. Communications in Computer and Information Science, 1010, pp. 18-32, https://doi.org/10.1007/978-3-030-29238-6_2

[8]

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

[9]

Vita Santa Barletta, Danilo Caivano, Giovanni Dimauro, Antonella Nannavecchia, Michele Scalera. 2020. Managing a Smart City Integrated Model through Smart Program Management. Appl. Sci. 2020, 10, 714. https://doi.org/10.3390/app10020714

[10]

The Open Web Application Security Project, 2019. OWASP Top 10–2017. The Ten Most Critical Web Application Security Risks. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_2017_Project. Accessed 28 January 2021.

[11]

Maria Teresa Baldassarre, Vita Santa Barletta, Danilo Caivano, and Antonio Piccinno. 2020. A Visual Tool for Supporting Decision-Making in Privacy Oriented Software Development. In Proceedings of the International Conference on Advanced Visual Interfaces (AVI '20). Association for Computing Machinery, New York, NY, USA, Article 45, 1–5. https://doi.org/10.1145/3399715.3399818

Digital Library

[12]

Ken Schwaber, Mike Beedle. 2011. Agile Software Development with Scrum. Prentice Hall PTR, Upper Saddle River, NJ, 2011, USA.

[13]

Carmelo Ardito, Maria Teresa Baldassarre, Danilo Caivano, Rosa Lanzilotti. 2016. Integration of Human-Centred Design and Agile Software Development Practices: Experience Report from a SME. In: Cockton G., Lárusdóttir M., Gregory P., Cajander Å. (eds) Integrating User-Centred Design in Agile Development. Human–Computer Interaction Series. Springer, Cham. https://doi.org/10.1007/978-3-319-32165-3_5

[14]

Ann Cavoukian. 2012. Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices. pp. 1–72.

[15]

Michele Scalera, Enrica Gentile, Paola Plantamura, Giovanni Dimauro. 2020. A Systematic Mapping Study in Cloud for Educational Innovation. Appl. Sci. 10, no. 13: 4531. https://doi.org/10.3390/app10134531

[16]

Viitaniemi, Mikael. 2017. Privacy by Design in Agile Software Development. https://trepo.tuni.fi/handle/123456789/25321

[17]

Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, Wouter Joosen. 2011. A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering, 16(1), 3-32. https://doi.org/10.1007/s00766-010-0115-7

Digital Library

[18]

Kristian Beckers, Stephan Faßbender, Maritta Heisel, Rene Meis. 2014. A Problem-Based Approach for Computer-Aided Privacy Threat Identification. In: Preneel B., Ikonomou D. (eds) Privacy Technologies and Policy. APF 2012. Lecture Notes in Computer Science, vol 8319. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54069-1_1

Digital Library

[19]

Christos Kalloniatis, Evangelia Kavakli, Stefanos Gritzalis, 2008. Addressing privacy requirements in system design: the PriS method. Requirements Engineering 13, 241–255 (2008). https://doi.org/10.1007/s00766-008-0067-3

Digital Library

[20]

Inah Omoronyia, Luca Cavallaro, Mazeiar Salehie, Liliana Pasquale, Bashar Nuseibeh. 2013. Engineering adaptive privacy: On the role of privacy awareness requirements. 35th International Conference on Software Engineering (ICSE), San Francisco, CA, USA, 2013, pp. 632-641, https://doi.org/10.1109/ICSE.2013.6606609

[21]

Pardo-Calvache, César Jesús, García-Rubio, Félix Oscar, Piattini- Velthuis, Mario, Pino-Correa, Francisco José, Baldassarre, María Teresa. (2014). A reference ontology for harmonizing processreference models. Revista Facultad de Ingeniería Universidad de Antioquia, (73), pp. 29-42. http://aprendeenlinea.udea.edu.co/revistas/index.php/ingenieria/article/download/14120/17609

[22]

Paolo Buono, Maria Francesca Costabile, Rosa Lanzilotti. 2014. A circular visualization of people's activities in distributed teams. Journal of Visual Languages and Computing, 25 (6), pp. 903-911.

Digital Library

[23]

J. David Patón-Romero, Maria Teresa Baldassarre, Mario Piattini, Ignazio García Rodríguez de Guzmán. 2017. A Governance and Management Framework for Green IT. Sustainability 2017, 9, 1761. https://doi.org/10.3390/su9101761

[24]

Maria Teresa Baldassarre, Vita Santa Barletta, Danilo Caivano, Michele Scalera. 2020. Integrating security and privacy in software development. Software Quality Journal. https://doi.org/10.1007/s11219-020-09501-6

Digital Library

[25]

Ann Cavoukian. 2010. Privacy by design: the definitive workshop. A foreword by Ann Cavoukian, Ph.D. IDIS 3, 247–251 (2010). https://doi.org/10.1007/s12394-010-0062-y

[26]

Jaap-Henk Hoepman. 2014. Privacy Design Strategies. In IFIP, ICT Systems Security and Privacy Protection (pp 446-459). Springer Berlin Heidelberg.

[27]

Privacy Patterns, https://privacypatterns.org. Resource document. UC Berkeley, School of Information. Accessed 10 January 2021

[28]

Michael Colesky, jaap-Henk Hoepman, Christiaan Hillen. 2016. A critical analysis of privacy design strategies. IEEE Security and Privacy Workshops (SPW), San Jose, CA, pp. 33–40. https://doi.org/10.1109/SPW.2016.23

[29]

Maria Teresa Baldassarre, Danilo Caivano, Giuseppe Visaggio. 2003. Software renewal projects estimation using dynamic calibration. International Conference on Software Maintenance, ICSM 2003. Proceedings., 2003, pp. 105-115.

[30]

Center for Internet Security. (2019). CIS benchmarks. Resource document. CIS. https://www.cisecurity.org/cis- benchmarks. Accessed 10 January 2021

[31]

Maria Francesca Costabile, Daniela Fogli, Rosa Lanzilotti, Piero Mussio, Antonio Piccinno, A. 2006. Supporting Work Practice Through End-User Development Environments. Journal of Organizational and End User Computing, 18(4), 43-65.

Cited By

Kitsiou ASideri MPantelelis MSimou SMavroeidi AVgena KTzortzaki EKalloniatis C(2024)Specification of Self-Adaptive Privacy-Related Requirements within Cloud Computing Environments (CCE)Sensors10.3390/s2410322724:10(3227)Online publication date: 19-May-2024
https://doi.org/10.3390/s24103227
Pantelelis MKalloniatis C(2024)Create, Read, Update, Delete: Implications on Security and Privacy Principles regarding GDPRProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670898(1-7)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670898
Selva-Mora AQuesada-López C(2024)Security Practices in Agile Software Development: A Mapping StudyProceedings of the 7th ACM/IEEE International Workshop on Software-intensive Business10.1145/3643690.3648241(56-63)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.1145/3643690.3648241
Show More Cited By

Recommendations

A Visual Tool for Supporting Decision-Making in Privacy Oriented Software Development
AVI '20: Proceedings of the 2020 International Conference on Advanced Visual Interfaces

Nowadays, the dimension and complexity of software development projects increase the possibility of cyber-attacks, information exfiltration and data breaches. In this context, developers play a primary role in addressing privacy requirements and, ...
Privacy Knowledge Base for Supporting Decision-Making in Software Development
Sense, Feel, Design
Abstract
Integrating security and privacy requirements at every stage of the software development cycle is critical to guarantee the confidentiality, integrity and availability of the system and consequently of the data. Developers need to be supported in ...
SCRUM and productivity in software projects: a systematic literature review
EASE'10: Proceedings of the 14th international conference on Evaluation and Assessment in Software Engineering

Background: Agile methods have increasingly attracted interest in the Software Industry. SCRUM is currently one of the most studied agile method, because of both its novelty and the assumption that SCRUM is able to improve project productivity. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

CHItaly '21: Proceedings of the 14th Biannual Conference of the Italian SIGCHI Chapter

July 2021

237 pages

ISBN:9781450389778

DOI:10.1145/3464385

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 July 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

CHItaly '21

CHItaly '21: 14th Biannual Conference of the Italian SIGCHI Chapter

July 11 - 13, 2021

Bolzano, Italy

Acceptance Rates

Overall Acceptance Rate 109 of 242 submissions, 45%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
203
Total Downloads

Downloads (Last 12 months)66
Downloads (Last 6 weeks)6

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kitsiou ASideri MPantelelis MSimou SMavroeidi AVgena KTzortzaki EKalloniatis C(2024)Specification of Self-Adaptive Privacy-Related Requirements within Cloud Computing Environments (CCE)Sensors10.3390/s2410322724:10(3227)Online publication date: 19-May-2024
https://doi.org/10.3390/s24103227
Pantelelis MKalloniatis C(2024)Create, Read, Update, Delete: Implications on Security and Privacy Principles regarding GDPRProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670898(1-7)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670898
Selva-Mora AQuesada-López C(2024)Security Practices in Agile Software Development: A Mapping StudyProceedings of the 7th ACM/IEEE International Workshop on Software-intensive Business10.1145/3643690.3648241(56-63)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.1145/3643690.3648241
Atzori MCalò ECaruccio LCirillo SPolese GSolimando G(2024)Evaluating password strength based on information spread on social networks: A combined approach relying on data reconstruction and generative modelsOnline Social Networks and Media10.1016/j.osnem.2024.10027842(100278)Online publication date: Aug-2024
https://doi.org/10.1016/j.osnem.2024.100278
Saporito ATabari PDe Rosa MFuccella VCostagliola G(2024)Exploring the Privacy Horizons: A Survey on HCI & HRIComputational Science and Its Applications – ICCSA 2024 Workshops10.1007/978-3-031-65318-6_8(113-125)Online publication date: 26-Jul-2024
https://doi.org/10.1007/978-3-031-65318-6_8
de Chaves SBarreto Vavassori Benitti FHong JLanperne MPark JCerny TShahriar H(2023)Privacy by Design in Software Engineering: An update of a Systematic Mapping StudyProceedings of the 38th ACM/SIGAPP Symposium on Applied Computing10.1145/3555776.3577626(1362-1369)Online publication date: 27-Mar-2023
https://dl.acm.org/doi/10.1145/3555776.3577626
Barletta VCatalano CDe Vincentiis MPal AScalera M(2023)Artificial Intelligence for Automotive Security: How to Support Developers in Automotive Solutions2023 IEEE International Conference on Metrology for eXtended Reality, Artificial Intelligence and Neural Engineering (MetroXRAINE)10.1109/MetroXRAINE58569.2023.10405720(954-959)Online publication date: 25-Oct-2023
https://doi.org/10.1109/MetroXRAINE58569.2023.10405720
Caivano DCatalano CDe Vincentiis MLako APagano A(2023)MaREA: Multi-class Random Forest for Automotive Intrusion DetectionProduct-Focused Software Process Improvement10.1007/978-3-031-49269-3_3(23-34)Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1007/978-3-031-49269-3_3
Tøndel ICruzes DJaatun MSindre G(2022)Influencing the security prioritisation of an agile software development projectComputers and Security10.1016/j.cose.2022.102744118:COnline publication date: 1-Jul-2022
https://dl.acm.org/doi/10.1016/j.cose.2022.102744
Baldassarre MBarletta VCaivano DPiccinno AScalera M(2021)Privacy Knowledge Base for Supporting Decision-Making in Software DevelopmentSense, Feel, Design10.1007/978-3-030-98388-8_14(147-157)Online publication date: 30-Aug-2021
https://dl.acm.org/doi/10.1007/978-3-030-98388-8_14

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents