Copyright Information
The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of
scholarly and technical work on a noncommercial basis. Copyright and all rights therein are maintained by the authors or by other
copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying
this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without
the explicit permission of the copyright holder.
show main publications
How to capture, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach @INPROCEEDINGS{comp-elkh-mass-thom-zann-07-ICAIL, title = {{How to capture, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach}}, author = {{Luca} {Compagna} and {Paul El} {Khoury} and {Fabio} {Massacci} and {Reshma} {Thomas} and {Nicola} {Zannone}}, booktitle = {Proceedings of the 11th International Conference on Artificial Intelligence and Law, Proceedings of the Conference (ICAIL 2007). June 4th-8th, 2007. S}, pages = {149--154}, abstract = {Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose the adoption of the implementation of minimal precautionary security measures. Several frameworks have been proposed to deal with this issue. For instance, purpose-based access control is normally considered a good solution for meeting the requirements of privacy legislation. Yet, understanding why, how, and when such solutions to security and privacy problems have to be deployed is often unanswered.
In this paper, we look at the problem from a broader perspective, accounting for legal and organizational issues. Security engineers and legal experts should be able to start from the organizational model and derive from there the points where security and privacy problems may arise and determine which solutions best fit the (legal) problems that they face. In particular, we investigate the methodology needed to capture security and privacy requirements for a Health Care Centre using a smart items infrastructure.}, publisher = {ACM Press}, year = {2007}, url = {http://www.cs.toronto.edu/~zannone/publication/comp-elkh-mass-thom-zann-07-ICAIL.pdf}, address = {New York}, partner = {UNITN}, task = {T7.3}, }
|