Article

How to capture, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach

Authors:

Paul El Khoury,

Fabio Massacci,

Nicola ZannoneAuthors Info & Claims

ICAIL '07: Proceedings of the 11th international conference on Artificial intelligence and law

Pages 149 - 153

https://doi.org/10.1145/1276318.1276346

Published: 04 June 2007 Publication History

Abstract

Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose the adoption of the implementation of minimal precautionary security measures. Several frameworks have been proposed to deal with thii issue. For instance, purpose-based access control is normally considered a good solution for meeting the requirements of privacy legislation. Yet, understanding why, how, and when such solutions to security and privacy problems have to be deployed is often unanswered.

In this paper, we look at the problem from a broader perspective, accounting for legal and organizational issues. Security engineers and legal experts should be able to start from the organizational model and derive from there the points where security and privacy problems may arise and determine which solutions best fit the (legal) problems that they face. In particular, we investigate the methodology needed to capture security and privacy requirements for a Health Care Centre using a smart items infrastructure.

References

[1]

T. J. M. Bench-Capon, G. O. Robinson, T. W. Routen, and M. J. Sergot. Logic programming for large scale applications in law: A formalisation of supplementary benefit legislation. In Proc. of ICAIL'87, pages 190--198. ACM Press, 1987.

Digital Library

[2]

T. J. M. Bench-Capon and G. Sartor. A model of legal reasoning with cases incorporating theories and values. Artif. Intell., 150(1--2):97--143, 2003.

Digital Library

[3]

K. D. M. and E. M. C. Final technical report: Security patterns for web application development. Technical report, 2002. Available at http://www.scrypt.net/

[4]

E. Fernandez and R. Pan. A Pattern Language for Security Models. In In Proc. of PLoP'01, 2001.

[5]

E. Gamma, R. Helm, R. Johnson, and J. Vlissides. Design patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, 1994.

Digital Library

[6]

P. Giorgini, F. Massacci, and N. Zannone. Security and Trust Requirements Engineering. In FOSAD 2004/2005, LNCS 3655, pages 237--272. Springer-Verlag, 2005.

Digital Library

[7]

ISO. Quality Management Systems: Requirements. ISO 9001:2000, 2000.

[8]

S. Kanger. Law and logic. Theoria, 38(3):105--132, 1972.

[9]

S. Konrad, B. H. C. Cheng, L. A. Campbell, and R. Wassermann. Using security patterns to model and analyze security requirements. In Proc. of RHAS'03. IEEE Press, 2003.

[10]

R. A. Kowalski and M. J. Sergot. Computer Representation of the Law. In Proc. of IJCAI'05, pages 1269--1270. Morgan Kaufmann, 1985.

[11]

L. Lamport. How to write a long formula. Formal Aspects of Comp., 6(5):580--584, 1994.

[12]

F. Massacci, J. Mylopoulos, and N. Zannone. An Ontology for Secure Socio-Technical Systems. In Handbook of Ontologies for Business Interaction. The IDEA Group, 2007.

[13]

H. Mouratidis, M. Weiss, and P. Giorgini. Security patterns meet agent oriented software engineering: a complementary solution for developing security information systems. In In Proc. of ER'05, 2005.

Digital Library

[14]

M. Schumacher. Security Engineering with Patterns: Origins, Theoretical Models, and New Applications. Springer-Verlag, 2003.

Digital Library

[15]

J. Yoder and J. Barcalow. Architectural Patterns for Enabling Application Security. In In Proc. of PLoP'97, 1997.

Cited By

Alwidian SJaskolka J(2023)Understanding the Role of Human-Related Factors in Security Requirements ElicitationRequirements Engineering: Foundation for Software Quality10.1007/978-3-031-29786-1_5(65-74)Online publication date: 4-Apr-2023
https://doi.org/10.1007/978-3-031-29786-1_5
Jaskolka JHamid B(2022)Towards the Integration of Human Factors in Collaborative Decision Making for Secure Architecture DesignProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering10.1145/3551349.3561149(1-8)Online publication date: 10-Oct-2022
https://dl.acm.org/doi/10.1145/3551349.3561149
Dickhaut EJanson ALeimeister J(2022)It Takes Two to Tango: Design Thinking and Design Patterns for Better System DevelopmentDesign Thinking for Software Engineering10.1007/978-3-030-90594-1_14(201-211)Online publication date: 13-Feb-2022
https://doi.org/10.1007/978-3-030-90594-1_14
Show More Cited By

Index Terms

How to capture, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach
1. Software and its engineering
  1. Software creation and management
    1. Software development techniques
      1. Reusability
  2. Software notations and tools
    1. Software libraries and repositories

Recommendations

How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns

Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose them to implement minimal precautionary security measures. Several IT solutions (e.g., Privacy Enhancing Technologies, Access Control ...
Legal goal-oriented requirement language (legal GRL) for modeling regulations
MiSE 2014: Proceedings of the 6th International Workshop on Modeling in Software Engineering

Every year, governments introduce new or revised regulations that are imposing new types of requirements on software development. Analyzing and modeling these legal requirements is time consuming, challenging and cumbersome for software and ...
Information security requirements - Interpreting the legal aspects

With information security being the focal point of business in the media and in legislatures around the world, organisations face complex requirements to comply with security and privacy standards and regulations. The escalating magnitude of national ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICAIL '07: Proceedings of the 11th international conference on Artificial intelligence and law

June 2007

302 pages

ISBN:9781595936806

DOI:10.1145/1276318

Conference Chair:
Anne Gardner
Atherton, California
,
Program Chair:
Radboud Winkels
Leibniz Center for Law, Universiteit van Amsterdam, The Netherlands

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

International Association for Artificial Intelligence and Law

In-Cooperation

SIGAI: ACM Special Interest Group on Artificial Intelligence

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 June 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

ICAIL07

Sponsor:

ICAIL07: 11th International Conference on Artificial Intelligence and Law

June 4 - 8, 2007

California, Stanford

Acceptance Rates

Overall Acceptance Rate 69 of 169 submissions, 41%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

28
Total Citations
View Citations
800
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)0

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Alwidian SJaskolka J(2023)Understanding the Role of Human-Related Factors in Security Requirements ElicitationRequirements Engineering: Foundation for Software Quality10.1007/978-3-031-29786-1_5(65-74)Online publication date: 4-Apr-2023
https://doi.org/10.1007/978-3-031-29786-1_5
Jaskolka JHamid B(2022)Towards the Integration of Human Factors in Collaborative Decision Making for Secure Architecture DesignProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering10.1145/3551349.3561149(1-8)Online publication date: 10-Oct-2022
https://dl.acm.org/doi/10.1145/3551349.3561149
Dickhaut EJanson ALeimeister J(2022)It Takes Two to Tango: Design Thinking and Design Patterns for Better System DevelopmentDesign Thinking for Software Engineering10.1007/978-3-030-90594-1_14(201-211)Online publication date: 13-Feb-2022
https://doi.org/10.1007/978-3-030-90594-1_14
Kosenkov OUnterkalmsteiner MMendez DFucci DLanubile F(2021)Vision for an Artefact-based Approach to Regulatory Requirements EngineeringProceedings of the 15th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)10.1145/3475716.3484191(1-6)Online publication date: 11-Oct-2021
https://dl.acm.org/doi/10.1145/3475716.3484191
Dickhaut EJanson ALeimeister J(2021)The Hidden Value of Patterns – Using Design Patterns to Whitebox Technology Development in Legal AssessmentsInnovation Through Information Systems10.1007/978-3-030-86797-3_27(405-421)Online publication date: 16-Oct-2021
https://doi.org/10.1007/978-3-030-86797-3_27
Riva GVasenev AZannone NVolkamer MWressnegger C(2020)SoKProceedings of the 15th International Conference on Availability, Reliability and Security10.1145/3407023.3407061(1-10)Online publication date: 25-Aug-2020
https://dl.acm.org/doi/10.1145/3407023.3407061
Colesky MCaiza JDel Álamo JHoepman JMartín YHaddad HWainwright RChbeir R(2018)A system of privacy patterns for user controlProceedings of the 33rd Annual ACM Symposium on Applied Computing10.1145/3167132.3167257(1150-1156)Online publication date: 9-Apr-2018
https://dl.acm.org/doi/10.1145/3167132.3167257
Aljohani MBlustein JHawkey K(2018)Toward Applying Online Privacy Patterns Based on the Design Problem: A Systematic ReviewDesign, User Experience, and Usability: Theory and Practice10.1007/978-3-319-91797-9_43(608-627)Online publication date: 2-Jun-2018
https://doi.org/10.1007/978-3-319-91797-9_43
Muthuri RBoella GHulstijn JCapecchi SHumphreys LKeppens JGovernatori G(2017)Compliance patternsProceedings of the 16th edition of the International Conference on Articial Intelligence and Law10.1145/3086512.3086526(139-148)Online publication date: 12-Jun-2017
https://dl.acm.org/doi/10.1145/3086512.3086526
Lenhard JFritsch LHerold S(2017)A Literature Study on Privacy Patterns Research2017 43rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA)10.1109/SEAA.2017.28(194-201)Online publication date: Aug-2017
https://doi.org/10.1109/SEAA.2017.28
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents