Extracting Access Control and Conflict Resolution Policies from European Data Protection Law

This paper presents the extraction of a legal access control policy and a conflict resolution policy from the EU Data Protection Directive [1]. These policies are installed in a multi-policy authorization infrastructure described in [2, 3]. A Legal Policy Decision Point (PDP) is constructed with a legal access control policy to provide automated decisions based on the relevant legal provisions. The legal conflict resolution policy is configured into a Master PDP to make sure that the legal access control policy gets priority over access control policies provided by other authorities i.e. the data subject, the data issuer and the data controller. We describe how clauses of the Directive are converted into access control rules based on attributes of the subject, action, resource and environment. There are currently some limitations in the conversion process, since the majority of provisions requires additional interpretation by humans. These provisions cannot be converted into deterministic rules for the PDP. Other provisions do allow for the extraction of PDP rules but need to be tailored to the application environment before they are configured into the Legal PDP

Regulatory Requirements Traceability and Analysis Using Semi-Formal Specifications

Abstract: Information systems are increasingly distributed and pervasive, enabling organizations to deliver remote services and share personal information, worldwide. However, developers face significant challenges in managing the many laws that govern their systems in this multi-jurisdictional environment. In this paper, we report on a computational requirements document expressible using a legal requirements specification language (LRSL). The purpose is to make legal requirements open and available to policy makers, business analysts and software developers, alike. We show how requirements engineers can codify policy and law using the LRSL and design, debug, analyze, trace, and visualize relationships among regulatory requirements. The LRSL provides new constructs for expressing distributed constraints, making regulatory specification patterns visually salient, and enabling metrics to quantitatively measure different styles for writing legal and policy documents. We discovered and validated the LRSL using thirteen U.S. state data breach notification laws

Designing Secure Systems Based on Open Architectures with Open Source and Closed Source Components

Abstract. The development and evolution of secure open architecture systems has received insufficient consideration. Such systems are composed of both open source and closed software software components subject to different security requirements in an architecture in which evolution can occur by evolving existing components, replacing them, or refactoring their interfaces, interconnections and configuration. But this may result in possible security requirements conflicts and organizational liability for failure to fulfill security obligations. We are developing an approach for understanding and modeling software security requirements as “security licenses”, as well as for analyzing conflicts among groups of such licenses in realistic system contexts and for guiding the acquisition, integration, or development of systems with open source components in such an environment. Consequently, this paper reports on our efforts to extend our existing approach to specifying and analyzing software Intellectual Property (IP) licenses to now address software security licenses that can be associated with secure OA systems. 1

A Legal Perspective on Business: Modeling the Impact of Law

Abstract. Modern goal-oriented requirements engineering frameworks use modeling as a means of better understanding a domain, leading to an overall improvement in the quality of the requirements. Regulations and laws impose additional context and constraints on software goals and can limit the satisfaction of stakeholder needs. Organizations and software developers need to have the modeling tools they need to properly address the potential deep impact legal issues can have on the effectiveness of business strategies. In this paper, we perform a preliminary study into the development of a modeling framework able to support the analysis of legal prescriptions alongside the business strategies. We demonstrate, via a case study involving the Health Insurance Portability and Accountability Act (HIPAA), how models of this law can be built with the GRL modeling language and how they can be evaluated as part of the business goal models

INCREMENT: A Mixed MDE-IR Approach for Regulatory Requirements Modeling and Analysis

International audience[Context and motivation] Regulatory requirements for Nuclear instrumentation and control (I&C) systems are first class requirements. They are written by national safety entities and are completed through a large documentation set of national recommendation guidesandnational/internationalstandards. [Question/Problem] I&C systems important to safety must comply to all of these requirements. The global knowledge of this domain is scattered through these different documents and not formalized. Its organization and traceability relationships within this domain is mainly implicit. As a consequence, such long lasting nuclear I&C projects set important challenges in terms of tacit expertise capitalization and domain analysis. [Principal ideas/results] To tackle this domain formalization issue, we propose a dual Model-driven Engineering (MDE) and Information Retrieval (IR) approach to address the nuclear regulatory requirements domain definition, and assisted traceability based on the acquired requirements model. [Contributions] In this paper, we present the Connexion metamodel that pro- vides a canvas for the definition and capitalization of the nuclear regu- latory requirements domain. We also present an hybrid MDE/IR-based approach, named INCREMENT, for acquiring, modeling and analyzing these regulatory requirements. This approach is supported by a tool that is developed in the context of the CONNEXION project, which gathers French major nuclear I&C industrial actors

Exploring the Effectiveness of Normative i* Modelling: Results from a Case Study on Food Chain Traceability

This paper evaluates the effectiveness of an extension to i* modelling – normative i* modelling – during the requirements analysis for new socio-technical systems for food traceability. The i* focus on modelling systems as networks of heterogeneous, inter-dependent actors provides limited support for modelling system-wide properties and norms, such as laws and regulations, that also influence the specification of socio-technical systems. In this paper we introduce an extension to i* to model and analyse norms, then apply it to model laws and regulations applicable to European food traceability systems. We report an analysis of the relative strengths and weaknesses of this extended form of i* with its traditional forms, and use results to answer two research questions about the usefulness and usability of the i* modelling extension