Balancing Trust and Privacy in Computer-Mediated Introduction: Featuring Risk as a Determinant for Trustworthiness Requirements Elicitation

Abstract

In requirements elicitation methods, it is not unusual that conflicts between software requirements or between software goals and requirements can be detected. It is efficient to deal with those conflicts before further costs are invested to implement a solution that includes insufficient software features. This work introduces risk as an extension of a method for eliciting trust-related software features for computer-mediated introduction (CMI) so that software engineers can i) decide on the implementation of conflicting requirements in the problem space and ii) additionally reduce risks that accompany CMI use. CMI describes social media platforms on which strangers with compatible interests get acquainted online and build trust relationships with each other for potential offline encounters (e.g.: online dating and sharing economy). CMI involves security and safety risks such as data misuse, deceit or violence. In the engineering process, software goals and requirements for trust building often come along with the disclosure of personal data, which may result in conflicts with goals and requirements for privacy protection. In order to tackle i) conflicting requirements and goals and ii) CMI risks, our approach involves risk assessment of user concerns and requirements in order to rank goals by their importance for the application. Based on the prioritization, conflicting requirements can be managed. The findings are presented with explicit examples of the application field online dating.

Publication
Proceedings of the 15th International Conference on Availability, Reliability and Security (ARES ‘20), pp. 84:1–84:10, https://doi.org/10.1145/3407023.3409208

Related