Affiliation:
1. Independent Researcher, Canada
2. University of Groningen, The Netherlands
Abstract
Regulatory compliance is a top priority for organizations in highly regulated ecosystems. As most operations are automated, the compliance efforts focus on the information systems supporting the business processes of the organizations and, to a lesser extent, on the humans using, managing, and maintaining them. Yet, the human factor is an unpredictable and challenging component of a secure system development and should be considered throughout the development process as both a legitimate user and a threat. In this chapter, the authors propose COMPARCH as a compliance-driven system engineering framework for privacy and security in socio-technical systems. It consists of (1) a risk-based requirement management process, (2) a test-driven security and privacy modeling framework, and (3) a simulation-based validation approach. The satisfaction of the regulatory requirements is evaluated through the simulation traces analysis. The authors use as a running example an E-CITY system providing municipality services to local communities.
Reference46 articles.
1. Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems
2. Model-Checking Driven Security Testing of Web-Based Applications
3. Bertolino, A., Inverardi, P., & Muccini, H. (2001). An Explorative Journey from Architectural Tests Definition down to Code Tests Execution. In Software Engineering,23rd International Conference on Software Engineering (ICSE’01). IEEE Computer Society Press.
4. Code Generation from AADL to a Real-Time Operating System: An Experimentation Feedback on the Use of Model Transformation.;M.Brun;Proceedings of the 13th IEEE International Conference on on Engineering of Complex Computer Systems (ICECCS ’08),2008
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献