How to capture, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach

Authors:
Luca Compagna;Paul El Khoury;Fabio Massacci;Reshma Thomas;Nicola Zannone
Affiliations:
SAP Research;SAP Research;University of Trento;University of Leuven;University of Trento
Venue:
Proceedings of the 11th international conference on Artificial intelligence and law
Year:
2007

Citing 6
Cited 5

Logic programming for large scale applications in law: A formalisation of supplementary benefit legislation

ICAIL '87 Proceedings of the 1st international conference on Artificial intelligence and law
Design patterns: elements of reusable object-oriented software

Design patterns: elements of reusable object-oriented software
Security Engineering with Patterns: Origins, Theoretical Models, and New Applications

Security Engineering with Patterns: Origins, Theoretical Models, and New Applications
A model of legal reasoning with cases incorporating theories and values

Artificial Intelligence - Special issue on AI and law
Security and trust requirements engineering

Foundations of Security Analysis and Design III
Security patterns meet agent oriented software engineering: a complementary solution for developing secure information systems

ER'05 Proceedings of the 24th international conference on Conceptual Modeling

Mining and analysing security goal models in health information systems

SEHC '09 Proceedings of the 2009 ICSE Workshop on Software Engineering in Health Care
S&D Pattern Deployment at Organizational Level: A Prototype for Remote Healthcare System

Electronic Notes in Theoretical Computer Science (ENTCS)
How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns

Artificial Intelligence and Law
Legal Patterns Implement Trust in IT Requirements: When Legal Means are the "Best" Implementation of IT Technical Goals

RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
A dynamic security framework for ambient intelligent systems: a smart-home based eHealth application

Transactions on computational science X

Quantified Score

Hi-index	0.00

Visualization

Abstract

Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose the adoption of the implementation of minimal precautionary security measures. Several frameworks have been proposed to deal with thii issue. For instance, purpose-based access control is normally considered a good solution for meeting the requirements of privacy legislation. Yet, understanding why, how, and when such solutions to security and privacy problems have to be deployed is often unanswered. In this paper, we look at the problem from a broader perspective, accounting for legal and organizational issues. Security engineers and legal experts should be able to start from the organizational model and derive from there the points where security and privacy problems may arise and determine which solutions best fit the (legal) problems that they face. In particular, we investigate the methodology needed to capture security and privacy requirements for a Health Care Centre using a smart items infrastructure.