LOGIN TO YOUR ACCOUNT

Username
Password
Remember Me
Or use your Academic/Social account:

CREATE AN ACCOUNT

Or use your Academic/Social account:

Congratulations!

You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.

Important!

Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message

CREATE AN ACCOUNT

Name:
Username:
Password:
Verify Password:
E-mail:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
Islam, Shareeful; Mouratidis, Haralambos (2010)
Languages: English
Types: Article
Subjects:

Classified by OpenAIRE into

ACM Ref: ComputingMilieux_LEGALASPECTSOFCOMPUTING
Regulation compliance is getting more and more important for software systems that process and manage sensitive information. Therefore, identifying and analysing relevant legal regulations and aligning them with security requirements become necessary for the effective development of secure software systems. Nevertheless, Secure Software Engineering Modelling Languages (SSEML) use different concepts and terminology from those used in the legal domain for the description of legal regulations. This situation, together with the lack of appropriate background and knowledge of laws and regulations, introduces a challenge for software developers. In particular, it makes difficult to perform (i) the elicitation of appropriate security requirements from the relevant laws and regulations; and (ii) the correct tracing of the security requirements throughout the development stages. This paper presents a framework to support the consideration of laws and regulations during the development of secure software systems. In particular, the framework enables software developers (i) to correctly elicit security requirements from the appropriate laws and regulations; and (ii) to trace these requirements throughout the development stages in order to ensure that the design indeed supports the required laws and regulations. Our framework is based on existing work from the area of secure software engineering, and it complements this work with a novel and structured process and a well-defined method. A practical case study is employed to demonstrate the applicability of our work.
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • [1] A. Herrmann, D. Kerkow and J. Doerr, Exploring the Characteristics of NFR Methods - a Dialogue about two Approaches, REFSQ - Workshop on Requirements Engineering for Software Quality (2007), Foundations of Software Quality, 2007.
    • [2] A. Herrmann and B. Paech, MOQARE: misuse-oriented quality requirements engineering, Requirements Engineering Journal, vol 13, Number 1, January 2008.
    • [3] A. van Lamsweerde and E. Letier, Handling Obstacles in Goal-Oriented Requirements Engineering, IEEE Transactions on Software Engineering, Special Issue on Exception Handling, Vol 26, no 10, October 2000, pp. 978-1005.
    • [4] A. Siena, J. Mylopoulos, A. Perini and A. Susi, From Laws to Requirements, 1st International Workshop on Requirements Engineering and Law (Relaw'08).
    • [5] Bundesdatenschutzgesetz - Federal Data Protection Act (as of 15 November 2006), http://www.bfdi.bund.de.
    • [6] C. B. Haley, R. Laney, J. D. Moffett and B. Nuseibeh, Arguing Satisfaction of Security Requirements, in Integrating Security and Software Engineering: Advances and Future Visions, pp. 16-43, Idea Publishing Group, 2006.
    • [7] C. B. Haley, R. C. Laney, J. D. Moffett, and B. Nuseibeh, Security requirements engineering: A framework for representation and analysis. IEEE Trans. Software Eng., 34(1):133-153, 2008.
    • [8] Common attack pattern enumeration and classification (CAPEC). http://capec.mitre.org/.
  • No related research data.
  • No similar publications.

Share - Bookmark

Funded by projects

  • EC | SECURECHANGE

Related to

  • fet-fp7FET Proactive: FET proactive: ICT forever yours
  • fet-fp7FET Proactive: Security Engineering for lifelong Evolvable Systems

Cite this article