R. Accorsi, L. Lowis, and Y. Sato, Automated Certification for Compliant Cloud-based Business Processes, Business & Information Systems Engineering, vol.14, issue.6, pp.145-154, 2011.
DOI : 10.1007/s12599-011-0155-7
URL : http://elibrary.aisnet.org/Default.aspx?url=http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1132&context=bise

A. Adriansyah, N. Sidorova, and B. F. Van-dongen, Cost-Based Fitness in Conformance Checking, 2011 Eleventh International Conference on Application of Concurrency to System Design, pp.57-66, 2011.
DOI : 10.1109/ACSD.2011.19
URL : http://library.tue.nl/csp/dare/LinkToRepository.csp?recordnumber=720411

H. Anderson, Personalized Medicine and Privacy -Pairing Genetic Information, EHRs Raises Concerns, 2010.

A. Arenas, An Event-B Approach to Data Sharing Agreements, In: Integrated Formal Methods, vol.12, issue.2, pp.28-42, 2010.
DOI : 10.1007/11961635_2
URL : https://hal.archives-ouvertes.fr/inria-00525098

S. Banescu, M. Petkovic, and N. Zannone, Measuring Privacy Compliance Using Fitness Metrics, Business Process Management, pp.114-119, 2012.
DOI : 10.1007/978-3-642-32885-5_8
URL : http://library.tue.nl/csp/dare/LinkToRepository.csp?recordnumber=736500

D. Basin, M. Clavel, and M. Egea, A decade of model-driven security, Proceedings of the 16th ACM symposium on Access control models and technologies, SACMAT '11, pp.1-10, 2011.
DOI : 10.1145/1998441.1998443

D. A. Basin, Model-Driven Development of Security-Aware GUIs for Data-Centric Applications, FOSAD VI, pp.101-124, 2011.
DOI : 10.1007/978-3-642-16145-2_19

J. Bicarregui, Towards Modelling Obligations in Event-B, In: ABZ, pp.181-194, 2008.
DOI : 10.1007/978-3-540-87603-8_15
URL : http://eprints.port.ac.uk/5020/1/ABZ08%2Dv10.pdf

N. Damianou, N. Dulay, E. Lupu, and M. Sloman, The Ponder Policy Specification Language, Policies for Distributed Systems and Networks. POLICY '01, pp.18-38, 2001.
DOI : 10.1007/3-540-44569-2_2
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.17.4489

P. J. Fontaine, Goal-Oriented Elaboration of Security Requirements, 2001.

S. Goedertier, D. Martens, J. Vanthienen, and B. Baesens, Robust process discovery with artificial negative events, Journal of Machine Learning Research, vol.10, pp.1305-1340, 2009.

Q. He and A. I. Antón, Requirements-based Access Control Analysis and Policy Specification (ReCAPS), Information and Software Technology, vol.51, issue.6, pp.993-1009, 2009.
DOI : 10.1016/j.infsof.2008.11.005

J. Jin, G. J. Ahn, H. Hu, M. J. Covington, and X. Zhang, Patient-centric authorization framework for electronic healthcare services, Computers & Security, vol.30, issue.2-3, pp.116-127, 2011.
DOI : 10.1016/j.cose.2010.09.001

M. E. Kharbili, CoReL: Policy-Based and Model-Driven Regulatory Compliance Management, 2011 IEEE 15th International Enterprise Distributed Object Computing Conference, pp.247-256, 2011.
DOI : 10.1109/EDOC.2011.23

L. Liu, E. Yu, and J. Mylopoulos, Security and privacy requirements analysis within a social setting, Journal of Lightwave Technology, pp.151-161, 2003.
DOI : 10.1109/ICRE.2003.1232746
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.79.7282

F. Martinelli, I. Matteucci, M. Petrocchi, and L. Wiegand, A Formal Support for Collaborative Data Sharing, pp.547-561, 2012.
DOI : 10.1007/978-3-642-32498-7_42

F. Massacci, J. Mylopoulos, and N. Zannone, Security Requirements Engineering: The SI* Modeling Language and the Secure Tropos Methodology, Advances in Intelligent Information Systems. Studies in Computational Intelligence 265, pp.147-174, 2010.
DOI : 10.1007/978-3-642-05183-8_6

F. Massacci and N. Zannone, A Model-Driven Approach for the Specification and Analysis of Access Control Policies, Proceedings of Confederated International Conferences On the Move to Meaningful Internet Systems, pp.1087-1103, 2008.
DOI : 10.1007/978-3-540-88873-4_11

I. Matteucci, P. Mori, M. Petrocchi, and L. Wiegand, Controlled data sharing in E-health, 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST), pp.17-23, 2011.
DOI : 10.1109/STAST.2011.6059251

I. Matteucci, M. Petrocchi, and M. L. Sbodio, CNL4DSA, Proceedings of the 2010 ACM Symposium on Applied Computing, SAC '10, pp.616-620, 2010.
DOI : 10.1145/1774088.1774218

I. Matteucci, M. Petrocchi, M. L. Sbodio, and L. Wiegand, A Design Phase for Data Sharing Agreements, In: DPM/SETOP, pp.25-41, 2011.
DOI : 10.1007/978-3-642-28879-1_3

P. Mori, I. Matteucci, and M. Petrocchi, Prioritised execution of privacy policies, 2012.

M. Petkovic, D. Prandi, and N. Zannone, Purpose Control: Did You Process the Data for the Intended Purpose?, Proc. Secure Data Management, 2011.
DOI : 10.1109/TKDE.2004.47

T. Saaty, How to make a decision: The analytic hierarchy process, European Journal of Operational Research, vol.48, issue.1, pp.9-26, 1990.
DOI : 10.1016/0377-2217(90)90057-I

S. Spiekermann and L. Cranor, Engineering Privacy, IEEE Transactions on Software Engineering, vol.35, issue.1, pp.67-82, 2009.
DOI : 10.1109/TSE.2008.88

W. M. Van-der-aalst, Process Mining and Verification of Properties: An Approach Based on Temporal Logic, OTM, pp.130-147, 2005.
DOI : 10.1007/11575771_11

S. Vavilis, M. Petkovic, and N. Zannone, Impact of ICT on Home Healthcare, Proceedings of International Conference on Human Choice and Computers. IFIP Advances in Information and Communication Technology, pp.111-122, 2012.
DOI : 10.1007/978-3-642-33332-3_11

M. Weidlich, A. Polyvyanyy, N. Desai, J. Mendling, and M. Weske, Process compliance analysis based on behavioural profiles, Information Systems, vol.36, issue.7, pp.1009-1025, 2011.
DOI : 10.1016/j.is.2011.04.002

A. Westin, Harris-Equifax Consumer Privacy Survey, Report, Equifax Inc, 1991.

E. Yu, Modeling organizations for information systems requirements engineering, [1993] Proceedings of the IEEE International Symposium on Requirements Engineering, pp.34-41, 1993.
DOI : 10.1109/ISRE.1993.324839