Analysis of multilateral software confidentiality requirements




Onabajo, Adeniyi

Journal Title

Journal ISSN

Volume Title



Ensuring privacy and confidentiality concerns of data owners is an important aspect of a secured information system. This is particularly important for integrated systems, which allow data exchange across organizations. Governments, regulatory bodies and organizations provide legislations, regulations and guidelines for information privacy and security to ensure proper data handling. These are usually specified in natural language formats, contain default requirements and exceptions, and are often ambiguous. In addition, interacting concerns, which are often multilayered and from different stakeholders, e.g., jurisdictions, need to be considered in software development. Similar to other security concerns, analysis of confidentiality concerns should be integrated into the early phase of software development in order to facilitate early identification of defects - incompleteness and inconsistencies, in the requirements. This dissertation presents research conducted to develop a method to detect these defects using goal models which support defaults and exceptions. The goal models are derived from annotations of the natural language sources. A prototype tool is also developed to support the method. The evaluations conducted indicate the method and tool provide benefits, including distinguishing requirement interferences and conflicts, exception handling, and navigation between annotated documents and the goal models. Although current limitations of the method include a manual user driven annotation step, the method provides features that assist in early analysis of confidentiality requirements from natural language sources.



confidentiality, natural language requirements, goal-based analysis, default requirements, defeasible reasoning