Islam, Shareeful and Mouratidis, Haralambos (2010) ‘A Framework to Support Alignment of Secure Software Engineering with Legal Regulations’, Software and Systems Modeling, 10(3), pp. 369-394.
2.pdf - Accepted Version
Available under License Creative Commons Attribution No Derivatives.
Download (642Kb) | Preview
Regulation compliance is getting more and more important for software systems that process and manage sensitive information. Therefore, identifying and analysing relevant legal regulations and aligning them with security requirements become necessary for the effective development of secure software systems. Nevertheless, Secure Software Engineering Modelling Languages (SSEML) use different concepts and terminology from those used in the legal domain for the description of legal regulations. This situation, together with the lack of appropriate background and knowledge of laws and regulations, introduces a challenge for software developers. In particular, it makes difficult to perform (i) the elicitation of appropriate security requirements from the relevant laws and regulations; and (ii) the correct tracing of the security requirements throughout the development stages. This paper presents a framework to support the consideration of laws and regulations during the development of secure software systems. In particular, the framework enables software developers (i) to correctly elicit security requirements from the appropriate laws and regulations; and (ii) to trace these requirements throughout the development stages in order to ensure that the design indeed supports the required laws and regulations. Our framework is based on existing work from the area of secure software engineering, and it complements this work with a novel and structured process and a well-defined method. A practical case study is employed to demonstrate the applicability of our work.
|Additional Information:||Citation: Islam, S., Mouratidis, H. and Jurjens, J. (2011) 'A Framework to Support Alignment of Secure Software Engineering with Legal Regulations', Software and Systems Modeling, 10(3), 369-394.|
|Divisions:||Schools > Architecture Computing and Engineering, School of|
|Depositing User:||Mr Stephen Grace|
|Date Deposited:||04 May 2012 15:02|
|Last Modified:||27 Sep 2012 11:59|
Actions (login required)