Requirements model generation to support requirements elicitation: the Secure Tropos experience
Automated Software Engineering
| Hi-index | 0.00 |
In our own previous work [1], we looked at the problem of designing IT solutions (Security Patterns) accounting for legal and organizational issues. The proposed pattern design and validation process require legal experts to describe patterns in natural language. Such a description is parsed by a natural language processor on the basis of a semantic template [2]. The annotated description is then used to automatically generate graphical models of SI* patterns, which are revised by security engineers using a CASE Tool. The intriguing question that we address in this paper is the opposite of the mainstream one: Challenge 1. You have a technical solution (e.g. a security and dependability pattern). Can some of your system requirements be implemented by legal means? This challenge might seem at odd with intuition but only because we don't bring the usage of patterns to their logical end: if an answer to a legal, organizational or technical security requirement can be an organizational or technical solution, why cannot it also be a ... legal solution?