Skip to main content
SpringerLink
Log in

Regulatory Requirements Traceability and Analysis Using Semi-formal Specifications

  • Conference paper
Requirements Engineering: Foundation for Software Quality (REFSQ 2013)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7830))

Abstract

Information systems are increasingly distributed and pervasive, enabling organizations to deliver remote services and share personal information, worldwide. However, developers face significant challenges in managing the many laws that govern their systems in this multi-jurisdictional environment. In this paper, we report on a computational requirements document expressible using a legal requirements specification language (LRSL). The purpose is to make legal requirements open and available to policy makers, business analysts and software developers, alike. We show how requirements engineers can codify policy and law using the LRSL and design, debug, analyze, trace, and visualize relationships among regulatory requirements. The LRSL provides new constructs for expressing distributed constraints, making regulatory specification patterns visually salient, and enabling metrics to quantitatively measure different styles for writing legal and policy documents. We discovered and validated the LRSL using thirteen U.S. state data breach notification laws.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Allen, L.E., Saxon, C.S.: Better language, better thought, better communication: the a-hohfeld language for legal analysis. In: 5th Int’l Conf. AI & Law, pp. 219–228 (1995)

    Google Scholar 

  2. Biagioli, C., Mariani, P., Tiscornia, D.: ESPLEX: A rule and conceptual model for representing statutes. In: Proc. 1st Int’l Conf. AI & Law, pp. 240–251 (1987)

    Google Scholar 

  3. Bourcier, D., Mazzega, P.: Toward measures of complexity in legal systems. In: Int’l Conf. AI & Law, pp. 211–215 (2007)

    Google Scholar 

  4. Breaux, T.D., Antón, A.I.: Analyzing Regulatory Rules for Privacy and Security Requirements. IEEE Transactions on Software Engineering 34(1), 5–20 (2008)

    Article  Google Scholar 

  5. Breaux, T.D., Antón, A.I., Doyle, J.: Semantic parameterization: a process for modeling domain descriptions. ACM Trans. Soft. Engr. Method. 18(2), 5 (2008)

    Article  Google Scholar 

  6. Breaux, T.D., Vail, M.W., Antón, A.I.: Towards compliance: extracting rights and obligations to align requirements with regulations. In: 14th IEEE Int’l Req’ts Engr. Conf., pp. 49–58 (2006)

    Google Scholar 

  7. Breaux, T.D.: Exercising due diligence in legal requirements acquisition: a tool-supported, frame-based approach. In: IEEE 17th Int’l Req’ts Engr. Conf., pp. 225–230 (2009)

    Google Scholar 

  8. Breaux, T.D.: Legal requirements acquisition for the specification of legally compliance informaiton systems, North Carolina State Univ. Ph.D. thesis (2009)

    Google Scholar 

  9. Bench-Capon, T.J.M.: Deep models, normative reasoning and legal expert systems. In: Proc. 2nd International Conference on Artificial Intelligence and Law, Vancouver, British Columbia, Canada, pp. 37–45 (1989)

    Google Scholar 

  10. Corbin, J., Strauss, A.: Basics of Qualitative Research, 3rd edn. Sage Pubs (2008)

    Google Scholar 

  11. Dardenne, A., Fickas, S., van Lamsweerde, A.: Goal–directed requirements acquisition. Sci. Comp. Prog. 20, 3–50 (1993)

    Article  MATH  Google Scholar 

  12. Dulac, N., Viguier, T., Leveson, N., Storey, M.-A.: On the use of visualization in formal requirements specification. In: IEEE Joint Int’l Conf. Req’ts Engr., pp. 71–80 (2002)

    Google Scholar 

  13. Fraser, M.D., Kumar, K., Vaishnavi, V.K.: Informal and formal requirements specification languages: bridging the gap. IEEE Trans. Soft. Engr. 17(5), 454–466 (1991)

    Article  Google Scholar 

  14. Fuxman, A., Liu, L., Mylopoulos, J., Pistore, M., Roveri, M., Traverso, P.: Specifying and analyzing early requirements in Tropos. Req’ts Engr. Journal 9(2), 132–150 (2004)

    Article  Google Scholar 

  15. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permissions and delegation. In: IEEE 13th Int’l Req’ts Engr. Conf., pp. 167–176 (2005)

    Google Scholar 

  16. Greenspan, S., Mylopoulos, J., Borgida, A.: On Formal Requirements Modeling Languages: RML Revisited. In: 6th IEEE Int’l Soft. Engr. Conf., pp. 1–13 (1994)

    Google Scholar 

  17. Glinz, M., Berner, S., Joos, S.: Object-oriented modeling with ADORA. Info. Sys. 27, 425–444 (2002)

    Article  MATH  Google Scholar 

  18. Hohfeld, W.N.: Some fundamental legal conceptions as applied in judicial reasoning. The Yale Law Journal 23(1), 16–59 (1913)

    Article  Google Scholar 

  19. Lauritsen, M., Gordon, T.F.: Toward a general theory of document modeling. In: Int’l Conf. AI & Law, pp. 202–211 (2009)

    Google Scholar 

  20. Levene, A.A., Mullery, G.P.: An investigation of requirement specification languages: theory and practice. IEEE Computer 15(5), 50–59 (1982)

    Article  Google Scholar 

  21. Massey, A.K., Anton, A.I.: Triage for legal requirements. NCSU Technical Report #TR-2010-22 (October 11, 2010)

    Google Scholar 

  22. Maxwell, J., Anton, A.I.: Developing production rule models to aid in acquiring requirements from legal texts. In: IEEE 17th Int’l Req’ts Engr. Conf., pp. 101–110 (2009)

    Google Scholar 

  23. Maxwell, J., Anton, A.I., Swire, P.: A legal cross-references taxonomy for identifying conflicting software requirements. In: IEEE 19th Int’l Req’ts Engr. Conf., pp. 197–206 (2011)

    Google Scholar 

  24. Martinek, J., Cybulka, J.: Dynamics of legal provisions and its representation. In: Int’l Conf. AI & Law, pp. 20–24 (2005)

    Google Scholar 

  25. Mernik, M., Heering, J., Sloane, A.M.: When and how to develop domain-specific languages. ACM Computing Surveys 37(4), 316–344 (2005)

    Article  Google Scholar 

  26. Mylopoulos, J., Borgida, A., Jarke, M., Koubarakis, M.: Telos: representing knowledge about information systems. ACM Trans. on Info. Sys. 8(4), 325–362 (1990)

    Article  Google Scholar 

  27. Romanosky, S., Telang, R., Acquisti, A.: Do data breach disclosure laws reduce identity theft? In: W’shp Econ. of Info. Sec. (WEIS), June 25-28 (2008)

    Google Scholar 

  28. Rubinstein, I.: Privacy and Regulatory Innovation: Moving Beyond Voluntary Codes. I/S: A Journal of Law and Policy for the Information Society (April 2011) (in press)

    Google Scholar 

  29. Sergot, M.J., Sadri, F., Kowalski, R.A., Kriwaczek, F., Hammond, P., Cory, H.T.: The British Nationality Act as a logic program. Communications of the ACM 29(5), 370–386 (1986)

    Article  Google Scholar 

  30. Sergot, M.: A computational theory of normative positions. ACM Transactions of Computational Logic 2(4), 581–622 (2001)

    Article  MathSciNet  Google Scholar 

  31. Siena, A., Jureta, I., Ingolfo, S., Susi, A., Perini, A., Mylopoulos, J.: Capturing variability of law with Nomós 2. In: 31st Int’l Conf. Conc. Mod., pp. 383–396 (2012)

    Google Scholar 

  32. Stamper, R.K.: LEGOL: Modelling legal rules by computer. In: Proc. Advanced Workshop on Computer Science and Law, pp. 45–71 (September 1979)

    Google Scholar 

  33. Wasson, K.S.: A case study in systematic improvement of language for requirements. In: Proc. IEEE 14th Int’l Req’ts Engr. Conf., pp. 6–15 (2006)

    Google Scholar 

  34. Winkels, R., Boer, A., de Maat, E., van Engers, T., Breebaart, M., Melger, H.: Constructing a semantic network for legal content. In: Int’l Conf. AI & Law, pp. 125–132 (2005)

    Google Scholar 

  35. Yin, R.K.: Case study research, 4th edn. Applied Social Research Methods Series, vol. 5. Sage Publications (2008)

    Google Scholar 

  36. Yu, E.: Modeling organizations for information systems requirements engineering. In: Int’l Symp. Req’ts Engr., pp. 34–41 (1993)

    Google Scholar 

  37. Zave, P., Jackson, M.: Four dark corners of requirements engineering. ACM Trans. Soft. Engr. & Method. 6(1), 1–30 (1997)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Software Research, Carnegie Mellon University, Pittsburgh, PA, USA

    Travis D. Breaux

  2. Engineering and Public Policy, Carnegie Mellon University, Pittsburgh, PA, USA

    David G. Gordon

Authors
  1. Travis D. Breaux
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David G. Gordon
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Fraunhofer-Institut Experimentelles Software Engineering, Fraunhofer-Platz 1, 67663, Kaiserslautern, Germany

    Joerg Doerr

  2. Department of Information Science and Media Studies, University of Bergen, NO-5020, Bergen, Norway

    Andreas L. Opdahl

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Breaux, T.D., Gordon, D.G. (2013). Regulatory Requirements Traceability and Analysis Using Semi-formal Specifications. In: Doerr, J., Opdahl, A.L. (eds) Requirements Engineering: Foundation for Software Quality. REFSQ 2013. Lecture Notes in Computer Science, vol 7830. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37422-7_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-37422-7_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-37421-0

  • Online ISBN: 978-3-642-37422-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation