Seda Gurses - Academia.edu (original) (raw)

Papers by Seda Gurses

This paper presents a conceptual framework for security engineering, with a strong focus on secur... more This paper presents a conceptual framework for security engineering, with a strong focus on security requirements elicitation and analysis. This conceptual framework establishes a clear-cut vocabulary and makes explicit the interrelations between the different concepts and notions used in security engineering. Further, we apply our conceptual framework to compare and evaluate current security requirements engineering approaches, such as the Common Criteria, Secure Tropos, SREP, MSRA, as well as methods based on UML and problem frames. We review these methods and assess them according to different criteria, such as the general approach and scope of the method, its validation, and quality assurance capabilities. Finally, we discuss how these methods are related to the conceptual framework and to one another.

Conference of the Centre for Advanced Studies on Collaborative Research, 2005

Confidentiality, the protection of unauthorized disclosure of information, plays an important rol... more Confidentiality, the protection of unauthorized disclosure of information, plays an important role in information security of software systems. Security researchers have developed numerous approaches on how to implement confidentiality, typically based on cryptographic algorithms and tight access control. However, less work has been done on defining systematic methods on how to elicit and define confidentiality requirements in the first

IEEE Security & Privacy, 2016

Lecture Notes in Computer Science, 2007

Mobility, Data Mining and Privacy, 2008

Chapter 2 Characterising the Next Generation of Mobile Applications Through a Privacy-Aware Geogr... more Chapter 2 Characterising the Next Generation of Mobile Applications Through a Privacy-Aware Geographic Knowledge Discovery Process M. Wachowicz, A. Ligtenberg, C. Renso, and S. Gurses 2.1 Introduction The proliferation of mobile technologies for 'always-on'at 'any-time'and ...

Requirements Engineering, 2013

Chaos: An Interdisciplinary Journal of Nonlinear Science, 2005

... Michelle Teran and Manu Luksch Page 2. Gürses, Luksch and Teran: Trialogue Surveillance &... more ... Michelle Teran and Manu Luksch Page 2. Gürses, Luksch and Teran: Trialogue Surveillance & Society 7(2) 166 ... One project was Friluftskino: Experiments in Open Air Surveillance Cinema and another, Parasitic Video Network, both of which she talks about in the trialogue. ...

Corr, Jun 5, 2006

RFID tags are held to become ubiquitous in logistics in the near future, and item-level tagging w... more RFID tags are held to become ubiquitous in logistics in the near future, and item-level tagging will pave the way for Ubiquitous Computing, for example in application fields like smart homes. Our paper addresses the value and the production cost of information that can be gathered by observing these tags over time and different locations. We argue that RFID technology will induce a thriving market for such information, resulting in easy data access for analysts to infer business intelligence and individual profiles of unusually high detail. Understanding these information markets is important for many reasons: They represent new business opportunities, and market players need to be aware of their roles in these markets. Policy makers need to confirm that the market structure will not negatively affect overall welfare. Finally, though we are not addressing the complex issue of privacy, we are convinced that market forces will have a significant impact on the effectiveness of deployed security enhancements to RFID technology. In this paper we take a few first steps into a relatively new field of economic research and conclude with a list of research problems that promise deeper insights into the matter.

Discussion Papers of Diw Berlin, 2007

Security is one of the fundamental problems in wireless sensor and ad hoc networks. Properties sp... more Security is one of the fundamental problems in wireless sensor and ad hoc networks. Properties specific to such networks make it hard to apply traditional security solutions and require the design and analysis of new security mechanisms.

The objective of this paper is to systematically develop privacy heuristics for Online Social Net... more The objective of this paper is to systematically develop privacy heuristics for Online Social Network Services (SNS). In order to achieve this, we provide an analytical framework in which we characterize privacy breaches that have occurred in SNS and distinguish different stakeholders' perspectives. Although SNS have been criticized for numerous grave privacy breaches, they have also proven to be an interesting space in which privacy design is implemented and critically taken up by users. Community involvement in the discovery of privacy breaches as well as in articulating privacy demands points to possibilities in user-driven privacy design. In our analysis we take a multilateral security analysis approach and identify conflicts in privacy interests and list points of intervention and negotiation. In our future research, we plan to validate the usefulness as well as the usability of these heuristics and to develop a framework for privacy design in SNS.

Data Protection in a Profiled World, 2010

Tausende RFID-markierte Artikel gleichzeitig und vollautomatisch überwachen – ein Traum, der Händ... more Tausende RFID-markierte Artikel gleichzeitig und vollautomatisch überwachen – ein Traum, der Händlerherzen höher schlagen lässt. Die Technik taugt aber auch, um zusammen mit markierten Objekten deren Besitzer auszuspionieren. So gewonnene Erkenntnisse eröffnen ganz neue Geschäftsmöglichkeiten.

This paper presents a conceptual framework for security engineering, with a strong focus on secur... more This paper presents a conceptual framework for security engineering, with a strong focus on security requirements elicitation and analysis. This conceptual framework establishes a clear-cut vocabulary and makes explicit the interrelations between the different concepts and notions used in security engineering. Further, we apply our conceptual framework to compare and evaluate current security requirements engineering approaches, such as the Common Criteria, Secure Tropos, SREP, MSRA, as well as methods based on UML and problem frames. We review these methods and assess them according to different criteria, such as the general approach and scope of the method, its validation, and quality assurance capabilities. Finally, we discuss how these methods are related to the conceptual framework and to one another.

Conference of the Centre for Advanced Studies on Collaborative Research, 2005

Confidentiality, the protection of unauthorized disclosure of information, plays an important rol... more Confidentiality, the protection of unauthorized disclosure of information, plays an important role in information security of software systems. Security researchers have developed numerous approaches on how to implement confidentiality, typically based on cryptographic algorithms and tight access control. However, less work has been done on defining systematic methods on how to elicit and define confidentiality requirements in the first

IEEE Security & Privacy, 2016

Lecture Notes in Computer Science, 2007

Mobility, Data Mining and Privacy, 2008

Chapter 2 Characterising the Next Generation of Mobile Applications Through a Privacy-Aware Geogr... more Chapter 2 Characterising the Next Generation of Mobile Applications Through a Privacy-Aware Geographic Knowledge Discovery Process M. Wachowicz, A. Ligtenberg, C. Renso, and S. Gurses 2.1 Introduction The proliferation of mobile technologies for 'always-on'at 'any-time'and ...

Requirements Engineering, 2013

Chaos: An Interdisciplinary Journal of Nonlinear Science, 2005

... Michelle Teran and Manu Luksch Page 2. Gürses, Luksch and Teran: Trialogue Surveillance &... more ... Michelle Teran and Manu Luksch Page 2. Gürses, Luksch and Teran: Trialogue Surveillance & Society 7(2) 166 ... One project was Friluftskino: Experiments in Open Air Surveillance Cinema and another, Parasitic Video Network, both of which she talks about in the trialogue. ...

Corr, Jun 5, 2006

RFID tags are held to become ubiquitous in logistics in the near future, and item-level tagging w... more RFID tags are held to become ubiquitous in logistics in the near future, and item-level tagging will pave the way for Ubiquitous Computing, for example in application fields like smart homes. Our paper addresses the value and the production cost of information that can be gathered by observing these tags over time and different locations. We argue that RFID technology will induce a thriving market for such information, resulting in easy data access for analysts to infer business intelligence and individual profiles of unusually high detail. Understanding these information markets is important for many reasons: They represent new business opportunities, and market players need to be aware of their roles in these markets. Policy makers need to confirm that the market structure will not negatively affect overall welfare. Finally, though we are not addressing the complex issue of privacy, we are convinced that market forces will have a significant impact on the effectiveness of deployed security enhancements to RFID technology. In this paper we take a few first steps into a relatively new field of economic research and conclude with a list of research problems that promise deeper insights into the matter.

Discussion Papers of Diw Berlin, 2007

Security is one of the fundamental problems in wireless sensor and ad hoc networks. Properties sp... more Security is one of the fundamental problems in wireless sensor and ad hoc networks. Properties specific to such networks make it hard to apply traditional security solutions and require the design and analysis of new security mechanisms.

The objective of this paper is to systematically develop privacy heuristics for Online Social Net... more The objective of this paper is to systematically develop privacy heuristics for Online Social Network Services (SNS). In order to achieve this, we provide an analytical framework in which we characterize privacy breaches that have occurred in SNS and distinguish different stakeholders' perspectives. Although SNS have been criticized for numerous grave privacy breaches, they have also proven to be an interesting space in which privacy design is implemented and critically taken up by users. Community involvement in the discovery of privacy breaches as well as in articulating privacy demands points to possibilities in user-driven privacy design. In our analysis we take a multilateral security analysis approach and identify conflicts in privacy interests and list points of intervention and negotiation. In our future research, we plan to validate the usefulness as well as the usability of these heuristics and to develop a framework for privacy design in SNS.

Data Protection in a Profiled World, 2010

Tausende RFID-markierte Artikel gleichzeitig und vollautomatisch überwachen – ein Traum, der Händ... more Tausende RFID-markierte Artikel gleichzeitig und vollautomatisch überwachen – ein Traum, der Händlerherzen höher schlagen lässt. Die Technik taugt aber auch, um zusammen mit markierten Objekten deren Besitzer auszuspionieren. So gewonnene Erkenntnisse eröffnen ganz neue Geschäftsmöglichkeiten.