Automated Software Engineering
Automating the Extraction of Rights and Obligations for Regulatory Compliance
ER '08 Proceedings of the 27th International Conference on Conceptual Modeling
A Requirements-based Comparison of Privacy Taxonomies
RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Why Eliciting and Managing Legal Requirements Is Hard
RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Supporting Evidence-Based Compliance Evaluation for Partial Business Process Outsourcing Scenarios
RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Comparative Analysis between Document-based and Model-based Compliance Management Approaches
RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Requirements and compliance in legal systems: a logic approach
RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Requirements-based Access Control Analysis and Policy Specification (ReCAPS)
Information and Software Technology
Identifying vulnerabilities and critical requirements using criminal court proceedings
Proceedings of the 2009 ACM symposium on Applied Computing
Accountability as a Way Forward for Privacy Protection in the Cloud
CloudCom '09 Proceedings of the 1st International Conference on Cloud Computing
Checking Existing Requirements for Compliance with Law Using a Production Rule Model
RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
Governance Requirements Extraction Model for Legal Compliance Validation
RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
Analyzing Email Archives to Better Understand Legal Requirements
RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
Prioritizing Legal Requirements
RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
A machine learning approach for tracing regulatory codes to product specific requirements
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Experiences in the logical specification of the HIPAA and GLBA privacy laws
Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
Proceedings of the 1st ACM International Health Informatics Symposium
A framework to support alignment of secure software engineering with legal regulations
Software and Systems Modeling (SoSyM)
InDico: information flow analysis of business processes for confidentiality requirements
STM'10 Proceedings of the 6th international conference on Security and trust management
UCONLEGAL: a usage control model for HIPAA
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Declarative privacy policy: finite models and attribute-based encryption
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Towards HIPAA-compliant healthcare systems
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Privacy management for global organizations
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
A pattern-based method for identifying and analyzing laws
REFSQ'12 Proceedings of the 18th international conference on Requirements Engineering: foundation for software quality
Privacy in mobile technology for personal healthcare
ACM Computing Surveys (CSUR)
Capturing variability of law with nómos 2
ER'12 Proceedings of the 31st international conference on Conceptual Modeling
International Journal of Strategic Information Technology and Applications
Proceedings of the 18th ACM symposium on Access control models and technologies
HIS'13 Proceedings of the second international conference on Health Information Science
Regulatory requirements traceability and analysis using semi-formal specifications
REFSQ'13 Proceedings of the 19th international conference on Requirements Engineering: Foundation for Software Quality
Choosing compliance solutions through stakeholder preferences
REFSQ'13 Proceedings of the 19th international conference on Requirements Engineering: Foundation for Software Quality
A framework to support selection of cloud providers based on security and privacy requirements
Journal of Systems and Software
Hi-index | 0.00 |
Information practices that use personal, financial and health-related information are governed by U.S. laws and regulations to prevent unauthorized use and disclosure. To ensure compliance under the law, the security and privacy requirements of relevant software systems must be properly aligned with these regulations. However, these regulations describe stakeholder rules, called rights and obligations, in complex and sometimes ambiguous legal language. These "rules" are often precursors to software requirements that must undergo considerable refinement and analysis before they are implementable. To support the software engineering effort to derive security requirements from regulations, we present a methodology to extract access rights and obligations directly from regulation texts. The methodology provides statement-level coverage for an entire regulatory document to consistently identify and infer six types of data access constraints, handle complex cross-references, resolve ambiguities, and assign required priorities between access rights and obligations to avoid unlawful information disclosures. We present results from applying this methodology to the entire regulation text of the U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.