Enforcing legal compliance into software systems is a non-trivial task that requires an interdisciplinary approach. This thesis presents a new methodology for legal compliance checking against European legal provisions, namely the EU Data Protection Directive, the EU General Data Protection Regulation and the revised EU Payment Services Directive. We propose two types of compliance checking mechanisms that should be exploited at design-time or run-time. The former is based on security policy analysis of access control policies. The later is built on top of an approach to synthesizing run-time monitors for workflow-driven applications. Our contributions include a comprehensive methodology for legal compliance checking, the formalization of the regulations and the prototype tool of the implemented compliance methodology.
| Identifer | oai:union.ndltd.org:unitn.it/oai:iris.unitn.it:11572/368988 |
| Date | January 2018 |
| Creators | Siswantoro, Hari |
| Contributors | Siswantoro, Hari, Ranise, Silvio |
| Publisher | Università degli studi di Trento, place:TRENTO |
| Source Sets | Università di Trento |
| Language | English |
| Detected Language | English |
| Type | info:eu-repo/semantics/doctoralThesis |
| Rights | info:eu-repo/semantics/closedAccess |
| Relation | firstpage:1, lastpage:110, numberofpages:110 |
Page generated in 0.002 seconds