Extracting security requirements from relevant laws and regulations

Proceedings - International Conference on Research Challenges in Information Science

Volumn , Issue , 2012, Pages

  Jorshari, Fatemeh Zarrabi ^a   Mouratidis, Haralambos ^a   Islam, Shareeful ^a  

^a UNIVERSITY OF EAST LONDON   (United Kingdom)

Author keywords

Duty dependency; Hohfeld; Right dependency; Secure Tropos

Indexed keywords

DUTY DEPENDENCY; HOHFELD; LAWS AND REGULATIONS; RIGHT DEPENDENCY; SECURE TROPOS; SECURITY REQUIREMENTS; SENSITIVE INFORMATIONS; SOFTWARE SYSTEMS; SYSTEM REQUIREMENTS;

COMPUTER SOFTWARE; INFORMATION MANAGEMENT; INFORMATION SCIENCE; REQUIREMENTS ENGINEERING; RESEARCH;

LAWS AND LEGISLATION;

EID: 84865007784     PISSN: 21511349     EISSN: 21511357     Source Type: Conference Proceeding    
DOI: 10.1109/RCIS.2012.6240443     Document Type: Conference Paper

References (25)

1. J. Saltzer and M. Schroeder, "The protection of information in computer systems," Proceedings of the IEEE.63(9), pp.1278-1308, September 1975
2. Information society, "Summary of legislation, European Commission", http://europa.eu/legislation-summaries/information-society/ index-en.htm
3. Privacy guidelines for developing software products and services, Version 3.1, September, 2008,http://download.microsoft.com.
4. S. Ghanavati, D. Amyot, and L. Peyton, "Towards a framework for tracking legal compliance in healthcare," In J. Krogstie, A. L. Opdahl, and G. Sindre, editors, 19th International Conference on Advanced Information Systems Engineering (CAiSE'07), pp. 218-232. Springer, 2007
5. F. Massacci, M. Prest and N. Zannone, "Using a security requirements engineering methodology in practice: The compliance with the Italian Data Protection Legislation," Technical Report DIT-04-103, 2004.
6. P. N. Otto and A. I. Antón, "Addressing legal requirements in requirements engineering," 15th IEEE International R. E. Conference, 2007
7. S. Islam, H.Mouratidis, S.Wagner, "Toward a framework to elicit and manage security and privacy requirments from laws and regulation," Lecture Notes in Computer Science, Volume 6182/2010, pp.255-261, 2010.
8. F. Zarrabi, S. Islam and H. Mouratidis, "To comply software and IT system development with related laws", The 23th International Conference on Advanced Information System Engineering (CAiSE 2011), The CAiSE Doctoral Consortium 2011, www.ceur-ws.org/Vol-731/04.pdf
9. S. Islam, H. Mouratidis and J. Jürjens, A Framework to Support Alignment of Secure Software Engineering with Legal Regulations, Journal of Software and Systems Modeling (SoSyM), Theme Section on Non-Functional System Properties in Domain-Specific Modeling Languages (NFPinDSML), Vol 10, No 3, page 369-394, 2011, Springer-Verlag.
10. W. N. Hohfeld, "Fundamental legal conceptions as applied in judicial reasoning," Yale Law Journal 23(1), 1913.
11. T. D, Breaux and A. I. Antón, "Analyzing regulator rules for privacy and security requirements," IEEE transactions on software engineering, Vol. 34, No. 1, January-February 2008.
12. H. Mouratidis, "A security oriented approach in the development of multiagent systems: Applied to the management of the health and social care needs of older people in England," PhD thesis, University of Sheffield, U.K., 2004.
13. H. Mouratidis and P. Giorgini, "Secure Tropos: A security-oriented extension of the Tropos methodology," International Journal of Software Engineering and Knowledge Engineering, © World Scientific Publishing Company
14. H. Mouratidis, J. Jürjens and J. Fox, "Towards a comprehensive framework for secure systems development," CAiSE 2006, Lecture Notes in Computer Science 4001,pp. 48-62, Springer-Verlag, 2006.
15. GlobalPlatform, http://www.globalplatform.org/aboutus.asp
16. GlobalPlatform, http://www.globalplatform.org/specificationssystems.asp
17. European Commission Justice, Protection of Personal Data http://ec.europa.eu/justice/data-protection/index-en.htm
18. S. Islam and S. H. Houmb, Integrating Risk Management Activities into Requirements Engineering, In Proc. of the 4th IEEE International Conference on Research Challenges in IS (RCIS2010), Nice, France.
19. M. J. May, C. A. Gunter and I. Lee, "Privacy APIs: Access control techniques to analyse and verify legal privacy policies," Proc. of the 19th Computer Security Foundations Workshop, July 2006.
20. R. Darimont and M. Lemoine, "Goal-oriented analysis of regulations modelling and their validation and verification
21. A. Siena, J. Mylopoulos, A. Perini and A. Susi, "From laws to requirements," 1st International Workshop on Requirements Engineering and Law (Relaw'08).
22. N. R. Mead, "Identifying security requirements using the security quality requirements engineering (SQUARE) Method, in Integrating Security and Software Engineering," pp. 44-69, Idea Publishing Group, 2006.
23. D. Mellado, E. Medina and M. Piattini, "A common criterion based security requirements engineering process for the development of secure information system," Computer standards & interfaces," 29:244-253, June 2007.
24. S. H. Houmb, S. Islam, E. Knauss, J. Jürjens and K. Schneider, Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec, Requirements Engineering Journal (REJ), Vol 15, No 1, 2010, PP 63-93., March 2010, Special Issue on Security Requirements Engineering, Springer-Verlag.
25. P. Giorgini, F. Massacci, J. Mylopoulos and N. Zannone, "Modelling security requirements through ownership, permission and delegation," In Proceedings of the 13th IEEE International Requirements Engineering Conference (RE'05), IEEE Computer Society Press, 29 August - 2 September 2005.