Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
Handling Obstacles in Goal-Oriented Requirements Engineering
IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Tropos: An Agent-Oriented Software Development Methodology
Autonomous Agents and Multi-Agent Systems
Eliciting security requirements with misuse cases
Requirements Engineering
Sound methods and effective tools for model-based security engineering with UML
Proceedings of the 27th international conference on Software engineering
Deriving Semantic Models from Privacy Policies
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Modeling Security Requirements Through Ownership, Permission and Delegation
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
RE '06 Proceedings of the 14th IEEE International Requirements Engineering Conference
Computer Standards & Interfaces
Integrating Security and Software Engineering: Advances and Future Vision
Integrating Security and Software Engineering: Advances and Future Vision
Tools for secure systems development with UML
International Journal on Software Tools for Technology Transfer (STTT)
Analyzing Regulatory Rules for Privacy and Security Requirements
IEEE Transactions on Software Engineering
Security Requirements Engineering: A Framework for Representation and Analysis
IEEE Transactions on Software Engineering
MOQARE: misuse-oriented quality requirements engineering
Requirements Engineering
RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Towards a framework for tracking legal compliance in healthcare
CAiSE'07 Proceedings of the 19th international conference on Advanced information systems engineering
Exploring the characteristics of NFR methods: a dialogue about two approaches
REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
Secure Systems Development with UML
Secure Systems Development with UML
Towards a comprehensive framework for secure systems development
CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Modelling Security Using Trust Based Concepts
International Journal of Secure Software Engineering
Model Based Process to Support Security and Privacy Requirements Engineering
International Journal of Secure Software Engineering
A framework to support selection of cloud providers based on security and privacy requirements
Journal of Systems and Software
Hi-index | 0.00 |
Regulation compliance is getting more and more important for software systems that process and manage sensitive information. Therefore, identifying and analysing relevant legal regulations and aligning them with security requirements become necessary for the effective development of secure software systems. Nevertheless, Secure Software Engineering Modelling Languages (SSEML) use different concepts and terminology from those used in the legal domain for the description of legal regulations. This situation, together with the lack of appropriate background and knowledge of laws and regulations, introduces a challenge for software developers. In particular, it makes difficult to perform (i) the elicitation of appropriate security requirements from the relevant laws and regulations; and (ii) the correct tracing of the security requirements throughout the development stages. This paper presents a framework to support the consideration of laws and regulations during the development of secure software systems. In particular, the framework enables software developers (i) to correctly elicit security requirements from the appropriate laws and regulations; and (ii) to trace these requirements throughout the development stages in order to ensure that the design indeed supports the required laws and regulations. Our framework is based on existing work from the area of secure software engineering, and it complements this work with a novel and structured process and a well-defined method. A practical case study is employed to demonstrate the applicability of our work.