Refine
Document Type
- Conference Proceeding (2)
- Article (1)
Language
- English (3)
Has Fulltext
- no (3)
Keywords
- Common Criteria (1)
- Data privacy (1)
- GDPR (1)
- Internet (1)
- Mobile computing (1)
- Multicast communication (1)
- Privacy by Design (1)
- Requirements Engineering (1)
- Security by Design (1)
Institute
We propose and apply a requirements engineering approach that focuses on security and privacy properties and takes into account various stakeholder interests. The proposed methodology facilitates the integration of security and privacy by design into the requirements engineering process. Thus, specific, detailed security and privacy requirements can be implemented from the very beginning of a software project. The method is applied to an exemplary application scenario in the logistics industry. The approach includes the application of threat and risk rating methodologies, a technique to derive technical requirements from legal texts, as well as a matching process to avoid duplication and accumulate all essential requirements.
We identify 74 generic, reusable technical requirements based on the GDPR that can be applied to software products which process personal data. The requirements can be traced to corresponding articles and recitals of the GDPR and fulfill the key principles of lawfulness and transparency. Therefore, we present an approach to requirements engineering with regard to developing legally compliant software that satisfies the principles of privacy by design, privacy by default as well as security by design.
When mobile devices at the network edge want to communicate with each other, they too often depend on the availability of faraway resources. For direct communication, feasible user-friendly service discovery is essential. DNS Service Discovery over Multicast DNS (DNS-SD/mDNS) is widely used for configurationless service discovery in local networks, due inno small part to the fact that it is based on the well establishedDNS, and efficient in small networks. In our research, we enhance DNS-SD/mDNS providing versatility, user control, efficiency, and privacy, while maintaining the deployment simplicity and backward compatibility. These enhancements are necessary to make it a solid, flexible foundationfor device communication in the edge of the Internet. In this paper, we focus on providing multi-link capabilities and scalable scopes for DNS-SD while being mindful of both user-friendliness and efficiency. We propose DNS-SD over StatelessDNS (DNS-SD/sDNS), a solution that allows configurationless service discovery in arbitrary self-named scopes - largely independentof the physical network layout - by leveraging ourStateless DNS technique and the Raft consensus algorithm.