Abstract
[Context and otivation] The well-established Data Flow Diagrams (DFDs) have proven their value in the field of security and privacy for the realization of processes in models. However, the time and resources required to model the system with DFD, could slow down security and privacy threat analysis. [Question/problem] Despite the fact that information required for drawing DFD is available in the textual requirement such as user stories, the current approach to modeling the system using DFD is still done by form/questionnaires or manually drawing the diagram. [Principal ideas/results] This study proposes a natural language processing (NLP) model that generates DFD automatically from well-formed user stories. We also detect the presence of personal data in user stories by employing Named Entity Recognition, which allows the personal data to be highlighted in DFD. Our preliminary results show that our model can automatically generate a DFD that highlights the presence of personal data. Finally, the DFD could be expanded to a Privacy-Aware DFD, which incorporates privacy checks into the DFD. [Contribution] This is the first attempt at automatically transforming user stories into DFD using an NLP approach. The automatic approach may alleviate the burden placed on privacy analysts during the initial stages of threat modeling or eliciting privacy requirements.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Alshareef, H., Stucki, S., Schneider, G.: Transforming Data Flow Diagrams for Privacy Compliance (Long Version). arXiv preprint arXiv:2011.12028 (2020)
Ambler, S.W.: The Object Primer: Agile Model-Driven Development with UML 2.0. Cambridge University Press, New York (2004)
Antignac, T., Scandariato, R., Schneider, G.: Privacy compliance via model transformations. In: 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 120–126. IEEE (2018)
Bernsmed, K., Cruzes, D.S., Jaatun, M.G., Iovan, M.: Adopting threat modelling in agile software development projects. J. Syst. Softw. 183, 111090 (2022). https://doi.org/10.1016/j.jss.2021.111090, https://www.sciencedirect.com/science/article/pii/S0164121221001874
Canedo, E.D., C.A.e.a.: A named entity recognition based approach for privacy requirements engineering. Unpublished Manuscript, presented. In: The 29th IEEE International Requirement Engineering Conference (2021)
Dalpiaz, F.: Requirements Data Sets (User Stories). Mendeley Data, V1 (2018)
Elallaoui, M., Nafil, K., Touahni, R.: Automatic transformation of user stories into uml use case diagrams using nlp techniques. Procedia Comput. Sci. 130, 42–49 (2018)
Gilson, F., Galster, M., Georis, F.: Generating use case scenarios from user stories. In: Proceedings of the International Conference on Software and System Processes. pp. 31–40. ICSSP 2020, Association for Computing Machinery, New York (2020)
Harel, D., Rumpe, B.: Meaningful modeling: what’s the semantics of “semantics”? Computer 37(10), 64–72 (2004)
Herwanto, G.B., Quirchmayr, G., Tjoa, A.M.: A named entity recognition based approach for privacy requirements engineering. In: 2021 IEEE 29th International Requirements Engineering Conference Workshops (REW), pp. 406–411 (2021). https://doi.org/10.1109/REW53955.2021.00072
Kochbati, T., Li, S., Gérard, S., Mraidha, C.: From user stories to models: a machine learning empowered automation. In: Hammoudi, S., Pires, L.F., Seidewitz, E., Soley, R. (eds.) Proceedings of the 9th International Conference on Model-Driven Engineering and Software Development, MODELSWARD 2021, Online Streaming, February 8–10, 2021. pp. 28–40. SCITEPRESS (2021)
Lucassen, G., Dalpiaz, F., Van Der Werf, J.M.E., Brinkkemper, S.: Visualizing user story requirements at multiple granularity levels via semantic relatedness. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) pp. 463–478 (2016)
Robeer, M., Lucassen, G., Van Der Werf, J.M.E., Dalpiaz, F., Brinkkemper, S.: Automated extraction of conceptual models from user stories via NLP. In: Proceedings - 2016 IEEE 24th International Requirements Engineering Conference, RE 2016 (November 2018), pp. 196–205 (2016)
Wuyts, K., Sion, L., Joosen, W.: LINDDUN GO: a lightweight approach to privacy threat modeling. In: Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020, pp. 302–309 (2020)
Acknowledgment
The authors acknowledge the scholarship granted by the Indonesia Endowment Fund for Education (IEFE/LPDP), Ministry of Finance, Republic of Indonesia, and the support received from the University of Vienna, Faculty of Computer Science.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Herwanto, G.B., Quirchmayr, G., Tjoa, A.M. (2022). From User Stories to Data Flow Diagrams for Privacy Awareness: A Research Preview. In: Gervasi, V., Vogelsang, A. (eds) Requirements Engineering: Foundation for Software Quality. REFSQ 2022. Lecture Notes in Computer Science, vol 13216. Springer, Cham. https://doi.org/10.1007/978-3-030-98464-9_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-98464-9_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-98463-2
Online ISBN: 978-3-030-98464-9
eBook Packages: Computer ScienceComputer Science (R0)