The British Nationality Act as a logic program
Communications of the ACM
Telos: representing knowledge about information systems
ACM Transactions on Information Systems (TOIS)
Informal and Formal Requirements Specification Languages: Bridging the Gap
IEEE Transactions on Software Engineering
Goal-directed requirements acquisition
6IWSSD Selected Papers of the Sixth International Workshop on Software Specification and Design
Proceedings of the 17th international conference on Software engineering
Object-oriented modeling with ADORA
Information Systems - The 13th international conference on advanced information systems engineering (CAiSE*01)
Specifying and analyzing early requirements in Tropos
Requirements Engineering
Modeling Security Requirements Through Ownership, Permission and Delegation
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Dynamics of legal provisions and its representation
ICAIL '05 Proceedings of the 10th international conference on Artificial intelligence and law
Constructing a semantic network for legal content
ICAIL '05 Proceedings of the 10th international conference on Artificial intelligence and law
RE '06 Proceedings of the 14th IEEE International Requirements Engineering Conference
Semantic parameterization: A process for modeling domain descriptions
ACM Transactions on Software Engineering and Methodology (TOSEM)
Legal Requirements, Compliance and Practice: An Industry Case Study in Accessibility
RE '08 Proceedings of the 2008 16th IEEE International Requirements Engineering Conference
Toward a general theory of document modeling
Proceedings of the 12th International Conference on Artificial Intelligence and Law
Developing Production Rule Models to Aid in Acquiring Requirements from Legal Texts
RE '09 Proceedings of the 2009 17th IEEE International Requirements Engineering Conference, RE
Legal requirements acquisition for the specification of legally compliant information systems
Legal requirements acquisition for the specification of legally compliant information systems
A machine learning approach for tracing regulatory codes to product specific requirements
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Experiences in the logical specification of the HIPAA and GLBA privacy laws
Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
Verifying cloud services: present and future
ACM SIGOPS Operating Systems Review
| Hi-index | 0.00 |
Although cloud services allow organizations to transfer the planning and setup to the service provider and thus reduce costs through reuse, these services raise new questions regarding the privacy and security of personal information stored in and transferred across systems in the cloud. Prior to cloud services, personal information was commonly stored within the owning or licensing company's locality where the company maintained its facilities. Cloud services, however, move data to remote, potentially unknown, locations maintained by third parties. The responsibility for data protection and integrity no longer remains exclusively with its owner or licensee, but with these third parties. Thus, both parties must identify and manage the many regulatory requirements that govern their services and products in this multi-jurisdictional environment. To simplify this problem, we are developing methods to extract and codify regulatory requirements from government laws. We apply previously validated metrics to measure gaps and overlaps between the codified regulations. Our findings include a semi-formalization of the legal landscape using operational constructs for high- and low-watermark practices, which correspond to high- and low standards of care, respectively. Business analysts and system developers can use these watermarks to reason about compliance trade-offs based on perceived businesses costs and risks. We discovered and validated these constructs using seven U.S. state data breach notification laws that govern transactions of financial and health information of residents of these seven states.