Mining rule semantics to understand legislative compliance
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
Building problem domain ontology from security requirements in regulatory documents
Proceedings of the 2006 international workshop on Software engineering for secure systems
Research Directions in Requirements Engineering
FOSE '07 2007 Future of Software Engineering
Extracting rights and obligations from regulations: toward a tool-supported process
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Semantic parameterization: A process for modeling domain descriptions
ACM Transactions on Software Engineering and Methodology (TOSEM)
Automating the Extraction of Rights and Obligations for Regulatory Compliance
ER '08 Proceedings of the 27th International Conference on Conceptual Modeling
A Formal Privacy Management Framework
Formal Aspects in Security and Trust
Mining and analysing security goal models in health information systems
SEHC '09 Proceedings of the 2009 ICSE Workshop on Software Engineering in Health Care
Hi-index | 0.00 |
Software requirements, rights, permissions, obligations, and operations of policy enforcing systems are often misaligned. Our goal is to develop tools and techniques that help requirements engineers and policy makers bring policies and system requirements into better alignment. Goals from requirements engineering are useful for distilling natural language policy statements into structured descriptions of these interactions; however, they are limited in that they are not easy to compare with one another despite sharing common semantic features. In this paper, we describe a process called semantic parameterization that we use to derive semantic models from goals mined from privacy policy documents. We present example semantic models that enable comparing policy statements and present a template method for generating natural language policy statements (and ultimately requirements) from unique semantic models. The semantic models are described by a context-free grammar called KTL that has been validated within the context of the most frequently expressed goals in over 100 Internet privacy policy documents. KTL is supported by a policy analysis tool that supports queries and policy statement generation.