A Meta-model for Legal Compliance and Trustworthiness of Information Systems

  • Fatemeh Zarrabi
  • Michalis Pavlidis
  • Haralambos Mouratidis
  • Shareeful Islam
  • David Preston
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 112)

Abstract

Information systems manage and hold a huge amount of important and critical information. For this reason, information systems must be trustworthy and should comply with relevant laws and regulations. Legal issues should be incorporated into the system development process and there should be a systematic and structured assessment of a system’s trustworthiness to fulfil relevant legal obligations. This paper presents a novel meta-model, which combines legal and trust related concepts, to enable information systems developers to model and reason about the trustworthiness of a system in terms of its law compliance. A case study is used to demonstrate the applicability and benefits of the proposed meta-model.

Keywords

Hohfeld taxonomy natural language pattern legal constraint trustworthy information systems trust modelling control 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ryan, J.D.: Two Views on Security Software Liability: Let the legal System Decide. In: Mead, R.N., McGraw, G. (eds.) IEEE Security & Privacy, pp. 70–72. IEEE Computer Society Press (2003)Google Scholar
  2. 2.
    Zarrabi, F., Mouratidis, H., Islam, S.: Extracting Security Requirements from Relevant Laws and Regulations. In: Proceedings of the International Conference on Research Challenges in Information Science (2012)Google Scholar
  3. 3.
    Pavlidis, M., Mouratidis, H., Islam, K.P.: Dealing with Trust and Control: A Meta-Model for Trustworthy Information Systems Development. In: Proceedings of the International Conference on Research Challenges in Information Science (2012)Google Scholar
  4. 4.
    Hohfeld, W.N.: Fundamental Legal Conceptions as Applied in Judicial Reasoning. Yale Law Journal 23(1) (1913)Google Scholar
  5. 5.
    Islam, S., Mouratidis, H., Jürjens, J.: A Framework to Support Alignment of Secure Software Engineering with Legal Regulations. Journal of Software and Systems Modeling (SoSyM), Theme Section on Non-Functional System Properties in Domain-Specific Modeling Languages (NFPinDSML) 10(3), 369–394 (2011)Google Scholar
  6. 6.
    The Cambridge Encyclopaedia of Language. Cambridge University Press (1997) ISBN 0-521-55967-7 Google Scholar
  7. 7.
    Yu, E.: Towards Modelling and Reasoning Support for Early-Requirements Engineering. In: Proceedings of the 3rd IEEE International Symposium on Requirements Engineering, pp. 226–235 (1997)Google Scholar
  8. 8.
    Yu, E., Liu, L., Mylopoulos, J.: A Social Ontology for Integrating Security and Software Engineering. In: Mouratidis, H., Giorgini, P. (eds.) Integrating Security and Software Engineering: Advances and Future Visions, pp. 70–105. Idea Group Publishing, London (2007)Google Scholar
  9. 9.
    Mollering, G.: The Trust/Control Duality: An Integrative Perspective on Positive Expectations of Others. International Sociology 20(3), 283–305 (2005)CrossRefGoogle Scholar
  10. 10.
  11. 11.
    House of Representatives: Conference Report: Digital Millennium Copyright Act. Report 105-796 (October 1998)Google Scholar
  12. 12.
    Breaux, T.D., Antón, A.I.: Analyzing Regulator Rules for privacy and Security Requirements. IEEE Transactions on Software Engineering 34(1) (January-February 2008)Google Scholar
  13. 13.
    May, M.J., Gunter, C.A., Lee, I.: Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies. In: Proc. of the 19th Computer Security Foundations Workshop (July 2006)Google Scholar
  14. 14.
    Darimont, R., Lemoine, M.: Goal-oriented Analysis of Regulations. Regulations Modeling and their Validation and Verification (2006)Google Scholar
  15. 15.
    Siena, A., Mylopoulos, J., Perini, A., Susi, A.: From Laws to Requirements. In: 1st International Workshop on Requirements Engineering and Law (2008)Google Scholar
  16. 16.
    Mead, N.R.: Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method. In: Integrating Security and Software Engineering, pp. 44–69. Idea Publishing Group (2006)Google Scholar
  17. 17.
    Mellado, D., Medina, E., Piattini, M.: A common criterion based security requirements engineering process for the development of secure information system. Computer Standards & Interfaces 29, 244–253 (2007)CrossRefGoogle Scholar
  18. 18.
    Pourshahid, A., Tran, T.: Modelling Trust in E-Commerce: An Approach Based on User Requirement. In: Proceedings of the 9th International Conference on Electronic Commerce, USA, pp. 413–422 (2007)Google Scholar
  19. 19.
    Yu, E., Liu, L.: Modelling Trust for System Design Using the i* Strategic Actors Framework. In: Falcone, R., Singh, M., Tan, Y.-H. (eds.) AA-WS 2000. LNCS (LNAI), vol. 2246, pp. 175–194. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Giorgini, P., Massaci, F., Mylopoulos, J., Zanone, N.: Requirements Engineering for Trust Management. International Journal of Information Security 5(4), 257–274 (2004)CrossRefGoogle Scholar
  21. 21.
    Bimrah, K.K.: A Framework for Modelling Trust during Information Systems Development. PhD Thesis, University of East London (2009)Google Scholar
  22. 22.
    Mouratidis, H., Giorgini, P.: Secure Tropos: A Security-Oriented Extension of the Tropos Methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Fatemeh Zarrabi
    • 1
  • Michalis Pavlidis
    • 1
  • Haralambos Mouratidis
    • 1
  • Shareeful Islam
    • 1
  • David Preston
    • 1
  1. 1.School of Architecture, Computing and EngineeringUniversity of East LondonUK

Personalised recommendations