Abstract
Information systems manage and hold a huge amount of important and critical information. For this reason, information systems must be trustworthy and should comply with relevant laws and regulations. Legal issues should be incorporated into the system development process and there should be a systematic and structured assessment of a system’s trustworthiness to fulfil relevant legal obligations. This paper presents a novel meta-model, which combines legal and trust related concepts, to enable information systems developers to model and reason about the trustworthiness of a system in terms of its law compliance. A case study is used to demonstrate the applicability and benefits of the proposed meta-model.
Chapter PDF
Similar content being viewed by others
Keywords
References
Ryan, J.D.: Two Views on Security Software Liability: Let the legal System Decide. In: Mead, R.N., McGraw, G. (eds.) IEEE Security & Privacy, pp. 70–72. IEEE Computer Society Press (2003)
Zarrabi, F., Mouratidis, H., Islam, S.: Extracting Security Requirements from Relevant Laws and Regulations. In: Proceedings of the International Conference on Research Challenges in Information Science (2012)
Pavlidis, M., Mouratidis, H., Islam, K.P.: Dealing with Trust and Control: A Meta-Model for Trustworthy Information Systems Development. In: Proceedings of the International Conference on Research Challenges in Information Science (2012)
Hohfeld, W.N.: Fundamental Legal Conceptions as Applied in Judicial Reasoning. Yale Law Journal 23(1) (1913)
Islam, S., Mouratidis, H., Jürjens, J.: A Framework to Support Alignment of Secure Software Engineering with Legal Regulations. Journal of Software and Systems Modeling (SoSyM), Theme Section on Non-Functional System Properties in Domain-Specific Modeling Languages (NFPinDSML) 10(3), 369–394 (2011)
The Cambridge Encyclopaedia of Language. Cambridge University Press (1997) ISBN 0-521-55967-7
Yu, E.: Towards Modelling and Reasoning Support for Early-Requirements Engineering. In: Proceedings of the 3rd IEEE International Symposium on Requirements Engineering, pp. 226–235 (1997)
Yu, E., Liu, L., Mylopoulos, J.: A Social Ontology for Integrating Security and Software Engineering. In: Mouratidis, H., Giorgini, P. (eds.) Integrating Security and Software Engineering: Advances and Future Visions, pp. 70–105. Idea Group Publishing, London (2007)
Mollering, G.: The Trust/Control Duality: An Integrative Perspective on Positive Expectations of Others. International Sociology 20(3), 283–305 (2005)
Dropbox, http://www.dropbox.com
House of Representatives: Conference Report: Digital Millennium Copyright Act. Report 105-796 (October 1998)
Breaux, T.D., Antón, A.I.: Analyzing Regulator Rules for privacy and Security Requirements. IEEE Transactions on Software Engineering 34(1) (January-February 2008)
May, M.J., Gunter, C.A., Lee, I.: Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies. In: Proc. of the 19th Computer Security Foundations Workshop (July 2006)
Darimont, R., Lemoine, M.: Goal-oriented Analysis of Regulations. Regulations Modeling and their Validation and Verification (2006)
Siena, A., Mylopoulos, J., Perini, A., Susi, A.: From Laws to Requirements. In: 1st International Workshop on Requirements Engineering and Law (2008)
Mead, N.R.: Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method. In: Integrating Security and Software Engineering, pp. 44–69. Idea Publishing Group (2006)
Mellado, D., Medina, E., Piattini, M.: A common criterion based security requirements engineering process for the development of secure information system. Computer Standards & Interfaces 29, 244–253 (2007)
Pourshahid, A., Tran, T.: Modelling Trust in E-Commerce: An Approach Based on User Requirement. In: Proceedings of the 9th International Conference on Electronic Commerce, USA, pp. 413–422 (2007)
Yu, E., Liu, L.: Modelling Trust for System Design Using the i* Strategic Actors Framework. In: Falcone, R., Singh, M., Tan, Y.-H. (eds.) AA-WS 2000. LNCS (LNAI), vol. 2246, pp. 175–194. Springer, Heidelberg (2001)
Giorgini, P., Massaci, F., Mylopoulos, J., Zanone, N.: Requirements Engineering for Trust Management. International Journal of Information Security 5(4), 257–274 (2004)
Bimrah, K.K.: A Framework for Modelling Trust during Information Systems Development. PhD Thesis, University of East London (2009)
Mouratidis, H., Giorgini, P.: Secure Tropos: A Security-Oriented Extension of the Tropos Methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zarrabi, F., Pavlidis, M., Mouratidis, H., Islam, S., Preston, D. (2012). A Meta-model for Legal Compliance and Trustworthiness of Information Systems. In: Bajec, M., Eder, J. (eds) Advanced Information Systems Engineering Workshops. CAiSE 2012. Lecture Notes in Business Information Processing, vol 112. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31069-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-31069-0_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31068-3
Online ISBN: 978-3-642-31069-0
eBook Packages: Computer ScienceComputer Science (R0)