{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,27]],"date-time":"2025-11-27T10:07:42Z","timestamp":1764238062236,"version":"3.37.3"},"reference-count":43,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2010,3,9]],"date-time":"2010-03-09T00:00:00Z","timestamp":1268092800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Softw Syst Model"],"published-print":{"date-parts":[[2011,7]]},"DOI":"10.1007\/s10270-010-0154-z","type":"journal-article","created":{"date-parts":[[2010,3,8]],"date-time":"2010-03-08T06:18:25Z","timestamp":1268029105000},"page":"369-394","source":"Crossref","is-referenced-by-count":29,"title":["A framework to support alignment of secure software engineering with legal regulations"],"prefix":"10.1007","volume":"10","author":[{"given":"Shareeful","family":"Islam","sequence":"first","affiliation":[]},{"given":"Haralambos","family":"Mouratidis","sequence":"additional","affiliation":[]},{"given":"Jan","family":"J\u00fcrjens","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2010,3,9]]},"reference":[{"key":"154_CR1","unstructured":"Herrmann, A., Kerkow, D., Doerr, J.: Exploring the Characteristics of NFR Methods\u2014a Dialogue about two Approaches, REFSQ\u2014Workshop on Requirements Engineering for Software Quality (2007), Foundations of Software Quality (2007)"},{"issue":"1","key":"154_CR2","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1007\/s00766-007-0058-9","volume":"13","author":"A. Herrmann","year":"2008","unstructured":"Herrmann, A., Paech B.: MOQARE: misuse-oriented quality requirements engineering. Requir. Eng. J. 13(1), 73\u201386 (2008)","journal-title":"Requir. Eng. J."},{"issue":"10","key":"154_CR3","doi-asserted-by":"crossref","first-page":"978","DOI":"10.1109\/32.879820","volume":"26","author":"A. Lamsweerde van","year":"2000","unstructured":"van Lamsweerde, A., Letier, E.: Handling obstacles in goal-oriented requirements engineering. IEEE Trans. Softw. Eng. Special Issue on Exception Handling 26(10), 978\u20131005 (2000)","journal-title":"IEEE Trans. Softw. Eng. Special Issue on Exception Handling"},{"key":"154_CR4","unstructured":"Siena, A., Mylopoulos, J., Perini, A., Susi, A.: From laws to requirements. In: 1st International Workshop on Requirements Engineering and Law (Relaw\u201908)"},{"key":"154_CR5","unstructured":"Bundesdatenschutzgesetz - Federal Data Protection Act (as of 15 November 2006), http:\/\/www.bfdi.bund.de ."},{"key":"154_CR6","doi-asserted-by":"crossref","unstructured":"Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Arguing satisfaction of security requirements. In: Integrating Security and Software Engineering: Advances and Future Visions, pp. 16\u201343. Idea Publishing Group, Miami (2006)","DOI":"10.4018\/978-1-59904-147-6.ch002"},{"issue":"1","key":"154_CR7","doi-asserted-by":"crossref","first-page":"133","DOI":"10.1109\/TSE.2007.70754","volume":"34","author":"C.B. Haley","year":"2008","unstructured":"Haley C.B., Laney R.C., Moffett J.D., Nuseibeh B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133\u2013153 (2008)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"154_CR8","unstructured":"Common attack pattern enumeration and classification (CAPEC). http:\/\/capec.mitre.org\/"},{"key":"154_CR9","doi-asserted-by":"crossref","unstructured":"Firesmith, D.: Engineering security requirements. J. Obj. Technol. 2(1) http:\/\/www.jot.fm\/issues\/issues_2003_01\/column6 (2003)","DOI":"10.5381\/jot.2003.2.1.c6"},{"key":"154_CR10","doi-asserted-by":"crossref","first-page":"244","DOI":"10.1016\/j.csi.2006.04.002","volume":"29","author":"D. Mellado","year":"2007","unstructured":"Mellado D., Medina E., Piattini M.: A common criterion based security requirements engineering process for the development of secure information system. Comput. Stand. Interfaces 29, 244\u2013253 (2007)","journal-title":"Comput. Stand. Interfaces"},{"key":"154_CR11","unstructured":"Massacci, F., Prest, M., Zannone, N.: Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation, Technical Report DIT-04-103 (2004)"},{"issue":"1","key":"154_CR12","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1007\/s00766-004-0194-4","volume":"10","author":"G. Sindre","year":"2005","unstructured":"Sindre G., Opdahl A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34\u201344 (2005)","journal-title":"Requir. Eng."},{"key":"154_CR13","doi-asserted-by":"crossref","unstructured":"Sartor, G.: Fundamental legal concepts: a formal and teleological characterisation, EUI working paper LAW No. 2006\/11","DOI":"10.2139\/ssrn.910808"},{"key":"154_CR14","doi-asserted-by":"crossref","DOI":"10.4018\/978-1-59904-147-6","volume-title":"Integrating Security and Software Engineering: Advances and Future Visions","author":"H. Mouratidis","year":"2006","unstructured":"Mouratidis H., Giorgini P.: Integrating Security and Software Engineering: Advances and Future Visions. Idea Group Publishing, Miami (2006)"},{"key":"154_CR15","doi-asserted-by":"crossref","unstructured":"Mouratidis, H., J\u00fcrjens, J., Fox, J.: Towards a comprehensive framework for secure systems development, CAiSE 2006. Lecture Notes in Computer Science, vol. 4001, pp. 48\u201362. Springer, Berlin (2006)","DOI":"10.1007\/11767138_5"},{"issue":"8","key":"154_CR16","doi-asserted-by":"crossref","first-page":"609","DOI":"10.1016\/j.is.2004.06.002","volume":"30","author":"H. Mouratidis","year":"2005","unstructured":"Mouratidis H., Giorgini P., Manson G.: When security meets software engineering: a case of modelling secure information systems. Inf. Syst. Elsevier 30(8), 609\u2013629 (2005)","journal-title":"Inf. Syst. Elsevier"},{"key":"154_CR17","unstructured":"Mouratidis, H.: A security oriented approach in the development of multiagent systems: applied to the management of the health and social care needs of older people in England. PhD thesis, University of Sheffield, UK (2004)"},{"issue":"8","key":"154_CR18","doi-asserted-by":"crossref","first-page":"1166","DOI":"10.1016\/j.is.2007.03.002","volume":"32","author":"H. Mouratidis","year":"2007","unstructured":"Mouratidis H., Giorgini P.: Security Attack Testing (SAT)\u2014testing the security of information systems at design time. Inf. Syst. 32(8), 1166\u20131183 (2007)","journal-title":"Inf. Syst."},{"key":"154_CR19","doi-asserted-by":"crossref","unstructured":"Mouratidis, H., Giorgini, P.: Integrating security and software engineering: an introduction. In: Integrating Security and Software Engineering: Advances and Future Actions, pp. 1\u201314. Idea Publishing Group, Miami (2006)","DOI":"10.4018\/978-1-59904-147-6.ch001"},{"issue":"2","key":"154_CR20","doi-asserted-by":"crossref","first-page":"285","DOI":"10.1142\/S0218194007003240","volume":"17","author":"H. Mouratidis","year":"2007","unstructured":"Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. (IJSEKE) 17(2), 285\u2013309 (2007)","journal-title":"Int. J. Softw. Eng. Knowl. Eng. (IJSEKE)"},{"key":"154_CR21","unstructured":"Information society, Summary of legislation, European Commission, http:\/\/europa.eu\/legislation_summaries\/information_society\/index_en.htm"},{"issue":"9","key":"154_CR22","doi-asserted-by":"crossref","first-page":"1278","DOI":"10.1109\/PROC.1975.9939","volume":"63","author":"J. Saltzer","year":"1975","unstructured":"Saltzer, J., Schroeder, M.: The protection of information in computer systems. Proc. IEEE 63(9), 1278\u20131308 (1975)","journal-title":"Proc. IEEE"},{"key":"154_CR23","volume-title":"Secure Systems Development with UML","author":"J. J\u00fcrjens","year":"2004","unstructured":"J\u00fcrjens J.: Secure Systems Development with UML. Springer, Berlin (2004)"},{"key":"154_CR24","doi-asserted-by":"crossref","unstructured":"J\u00fcrjens, J., Shabalin, P.: Tools for Secure Systems Development with UML. FASE 2004\/05 special issue of the International Journal on Software Tools for Technology Transfer, 9(5\u20136), 527\u2013544. Springer, Berlin (2007)","DOI":"10.1007\/s10009-007-0048-8"},{"key":"154_CR25","unstructured":"J\u00fcrjens, J.: Sound methods and effective tools for model-based security engineering with UML. ICSE 2005, ACM, pp. 322\u2013331, (2005)"},{"key":"154_CR26","doi-asserted-by":"crossref","unstructured":"Chung L., Nixon B.A., Yu E., Mylopoulos, J.: Non-Functional Requirements in Software Engineering. Kluwer Academic Publishers, Dordrecht (1999)","DOI":"10.1007\/978-1-4615-5269-7"},{"key":"154_CR27","unstructured":"May, M.J., Gunter, C.A., Lee, I.: Privacy APIs: access control techniques to analyze and verify legal privacy policies. In: Proceedings of the 19th Computer Security Foundations Workshop (2006)"},{"key":"154_CR28","unstructured":"Medical Privacy\u2014National Standards to Protect the Privacy of Personal Health Information. Office for Civil Rights, US Department of Health and Human Services. http:\/\/www.hhs.gov\/ocr\/hipaa\/finalreg.html (2000)"},{"key":"154_CR29","doi-asserted-by":"crossref","unstructured":"Mead, N.R.: Identifying security requirements using the security quality requirements engineering (SQUARE) method. In: Integrating Security and Software Engineering, pp. 44\u201369. Idea Publishing Group, Miami (2006)","DOI":"10.4018\/978-1-59904-147-6.ch003"},{"key":"154_CR30","unstructured":"Online news of November 15, 2004, http:\/\/digital.dmreview.com\/dmreview"},{"key":"154_CR31","doi-asserted-by":"crossref","unstructured":"Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: an agent oriented software development methodology. In: Journal of Autonomous Agents and Multi-Agent Systems, 8(3), 203\u2013236. Kluwer Academic Publishers, Dordrecht (2004)","DOI":"10.1023\/B:AGNT.0000018806.20944.ef"},{"key":"154_CR32","doi-asserted-by":"crossref","unstructured":"Devanbu, P., Stubblebine, S.: Software engineering for security: a roadmap. In: Proceedings of ICSE 2000 (the Conference of the Future of Software Engineering) (2000)","DOI":"10.1145\/336512.336559"},{"key":"154_CR33","doi-asserted-by":"crossref","unstructured":"Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modelling security requirements through ownership, permission and delegation. In: Proceedings of the 13th IEEE International Requirements Engineering Conference (RE\u201905), IEEE Computer Society Press, 29 August\u20132 September (2005)","DOI":"10.1109\/RE.2005.43"},{"key":"154_CR34","doi-asserted-by":"crossref","unstructured":"Otto, P.N., Ant\u00f3n, A.I.: Addressing legal requirements in requirements engineering. In: 15th IEEE International R. E. Conference (2007)","DOI":"10.1109\/RE.2007.65"},{"key":"154_CR35","unstructured":"Privacy Guidelines for Developing Software Products and Services, Version 3.1, September, 2008, http:\/\/download.microsoft.com"},{"key":"154_CR36","unstructured":"Darimont, R., Lemoine, M.: Goal-oriented analysis of regulations. In: Proceedings of the CAISE06 Workshop on Regulations Modelling and their Validation and Verification (ReMo2V \u201906). Luxemburg, 5\u20139 June 2006. http:\/\/sunsite.informatik.rwth-aachen.de\/Publications\/CEUR-WS\/Vol-241"},{"key":"154_CR37","unstructured":"Islam, S., Dong, W.: Security requirements addressing security risks for improving software quality. In: Workshop-Band Software-Qualit\u00e4tsmodellierung und -bewertung (SQMB \u201808), Technical Report TUM-I0811, Technische Universit\u00e4t M\u00fcnchen, 2008, Munich, Germany (2008)"},{"key":"154_CR38","unstructured":"Islam, S., J\u00fcrjens, J.: Incorporating security requirements from legal regulations into UMLsec model, Modelling Security Workshop (MODSEC08). In: Association with MODELS \u201908, Toulouse, France, September (2008)"},{"key":"154_CR39","unstructured":"Ghanavati, S., Amyot, D., Peyton, L.: Towards a framework for tracking legal compliance in healthcare. In: Krogstie, J., Opdahl, A.L., Sindre, G. (eds.) 19th International Conference on Advanced Information Systems Engineering (CAiSE\u201907), pp. 218\u2013232. Springer, Berlin (2007)"},{"key":"154_CR40","doi-asserted-by":"crossref","unstructured":"Breaux, T.D. Vail, M.W., Ant\u00f3n, A.I.: Towards regulatory compliance: extracting rights and obligations to align requirements with regulations. In: Proceedings of the 13th IEEE International Conference on Requirement Engineering (2006)","DOI":"10.1109\/RE.2006.68"},{"issue":"1","key":"154_CR41","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1109\/TSE.2007.70746","volume":"34","author":"T.D Breaux","year":"2008","unstructured":"Breaux, T.D, Ant\u00f3n, A.I.: Analyzing regulator rules for privacy and security requirements. IEEE Trans. Softw. Eng. 34(1), 5\u201320 (2008)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"154_CR42","doi-asserted-by":"crossref","unstructured":"Breaux, T.D., Ant\u00f3n, A.I.: Deriving semantic models from privacy policies. In: IEEE 6th Workshop on Policies for Distributed Systems and Networks, Stockholm, Sweden, pp. 67\u201376 (2005)","DOI":"10.1109\/POLICY.2005.12"},{"key":"154_CR43","doi-asserted-by":"crossref","unstructured":"Hohfeld, W.N.: Fundamental legal conceptions as applied in judicial reasoning. Yale Law J. 23(1) (1913)","DOI":"10.2307\/785533"}],"container-title":["Software &amp; Systems Modeling"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10270-010-0154-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10270-010-0154-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10270-010-0154-z","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,19]],"date-time":"2025-02-19T01:42:31Z","timestamp":1739929351000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10270-010-0154-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,3,9]]},"references-count":43,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2011,7]]}},"alternative-id":["154"],"URL":"https:\/\/doi.org\/10.1007\/s10270-010-0154-z","relation":{},"ISSN":["1619-1366","1619-1374"],"issn-type":[{"type":"print","value":"1619-1366"},{"type":"electronic","value":"1619-1374"}],"subject":[],"published":{"date-parts":[[2010,3,9]]}}}