论文信息 - How to capture, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach

How to capture, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach

Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose the adoption of the implementation of minimal precautionary security measures. Several frameworks have been proposed to deal with thii issue. For instance, purpose-based access control is normally considered a good solution for meeting the requirements of privacy legislation. Yet, understanding why, how, and when such solutions to security and privacy problems have to be deployed is often unanswered. In this paper, we look at the problem from a broader perspective, accounting for legal and organizational issues. Security engineers and legal experts should be able to start from the organizational model and derive from there the points where security and privacy problems may arise and determine which solutions best fit the (legal) problems that they face. In particular, we investigate the methodology needed to capture security and privacy requirements for a Health Care Centre using a smart items infrastructure.

[1] Stig Kanger,et al. Law and logic , 2008 .

[2] Ralph Johnson,et al. design patterns elements of reusable object oriented software , 2019 .

[3] Trevor J. M. Bench-Capon,et al. Logic programming for large scale applications in law: A formalisation of supplementary benefit legislation , 1987, ICAIL '87.

[4] Joseph W. Yoder,et al. Architectural Patterns for Enabling Application Security , 1998 .

[5] Markus Schumacher,et al. Security Engineering with Patterns: Origins, Theoretical Models, and New Applications , 2003 .

[6] Leslie Lamport. How to write a long formula , 2005, Formal Aspects of Computing.

[7] John Mylopoulos,et al. An ontology for secure socio-technical systems , 2007 .

[8] Eduardo B. Fernandez,et al. A pattern language for security models , 2001 .

[9] Marek J. Sergot,et al. Computer Representation of the Law , 1985, IJCAI.

[10] Michael Weiss,et al. Security Patterns Meet Agent Oriented Software Engineering: A Complementary Solution for Developing Secure Information Systems , 2005, ER.

[11] Trevor J. M. Bench-Capon,et al. A model of legal reasoning with cases incorporating theories and values , 2003, Artif. Intell..

[12] Fabio Massacci,et al. Security and Trust Requirements Engineering , 2005, FOSAD.