Abstract
In today’s world many products and services are highly dependent on software and information systems. With the growing importance of IT systems, legislators worldwide decided to regulate and enforce laws for IT systems. With respect to this situation, the impact of compliance on the development of IT systems becomes more and more severe. Hence, software engineers have a need for techniques to deal with compliance. But identifying relevant compliance regulations for IT systems is a challenging task. We proposed patterns and a structured method to tackle these problems [1]. A crucial step is the transformation of requirements into a structure, which allows for the identification of laws. The transformation step was described in general in [2]. This work describes a method to structure the requirements, elicit the needed domain knowledge and transform requirements into law identification pattern instances. The manual execution of this method was reported by us to be time consuming and tedious. Hence, in this work we identify the points for (semi-)automation, and we outline a first implementation for the automation. We present our results using a voting system as an example, which was obtained from the ModIWa DFG (Juristisch-informatische Modellierung von Internetwahlen (II). A Deutsche Forschungsgemeinschaft project: http://cms.uni-kassel.de/unicms/index.php?id=38536) project and the common criteria profile for voting systems.
Part of this work is funded by the German Research Foundation (DFG) under grant number HE3322/4-2 and the EU project Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS, ICT-2009.1.4 Trustworthy ICT, Grant No. 256980).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Beckers, K., Faßbender, S., Küster, J.-C., Schmidt, H.: A pattern-based method for identifying and analyzing laws. In: Regnell, B., Damian, D. (eds.) REFSQ 2011. LNCS, vol. 7195, pp. 256–262. Springer, Heidelberg (2012)
Faßbender, S., Heisel, M.: From problems to laws in requirements engineering using model-transformation. In: ICSOFT 2013 - Proceedings of the 8th International Conference on Software Paradigm Trends, INSTICC. pp. 447–458. SciTePress (2013)
Federal Trade Commission: Choicepoint settles data security breach charges. Technical report, Federal Trade Commission (2006). http://www.ftc.gov/opa/2006/01/choicepoint.shtm
Biagioli, C., Mariani, P., Tiscornia, D.: Esplex: A rule and conceptual model for representing statutes. In: ICAIL, pp. 240–251. ACM (1987)
Otto, P.N., Antón, A.I.: Addressing legal requirements in requirements engineering. In: Proceedings of the International Conference on Requirements Engineering. IEEE (2007)
Beckers, K., Faßbender, S., Schmidt, H.: An integrated method for pattern-based elicitation of legal requirements applied to a cloud computing example. In: ARES, pp. 463–472 (2012)
Jackson, M.: Problem Frames: Analyzing and Structuring Software Development Problems. Addison-Wesley, Boston (2001)
Côté, I., Hatebur, D., Heisel, M., Schmidt, H., Wentzlaff, I.: A systematic account of problem frames. In: Proceedings of the European Conference on Pattern Languages of Programs (EuroPLoP), pp. 749–767. Universitätsverlag Konstanz (2008)
Hatebur, D., Heisel, M.: Making pattern- and model-based software development more rigorous. In: Dong, J.S., Zhu, H. (eds.) ICFEM 2010. LNCS, vol. 6447, pp. 253–269. Springer, Heidelberg (2010)
Kumar, S., Walia, E.: Analysis of electronic voting system in various countries. Int. J. Comput. Sci. Eng. (IJCSE) 3, 1825–1830 (2011)
Federal Constitutional Court of Germany: Verwendung von Wahlcomputern bei der Bundestagswahl 2005 verfassungswidrig (2009). https://www.bundesverfassungsgericht.de/pressemitteilungen/bvg09-019.html
Brehm, R.: Kryptographische verfahren in internetwahlsystemen, Technical report. Technical University of Darmstadt (2012)
Volkamer, M.: Requirements and evaluation procedures to support responsible election authorities. In: Volkamer, M. (ed.) Evaluation of Electronic Voting. LNBIP, vol. 30, pp. 37–57. Springer, Heidelberg (2009)
Volkamer, M., Vogt, R.: Common Criteria Protection Profile for Basic set of security requirements for Online Voting Products. Bundesamt für Sicherheit in der Informationstechnik (2008)
Alebrahim, A., Hatebur, D., Heisel, M.: A method to derive software architectures from quality requirements. In: Thu, T.D., Leung, K. (eds.) Proceedings of the 18th Asia-Pacific Software Engineering Conference (APSEC), pp. 322–330. IEEE Computer Society (2011)
Beckers, K., Faßbender, S., Heisel, M., Meis, R.: A problem-based approach for computer-aided privacy threat identification. In: Preneel, B., Ikonomou, D. (eds.) APF 2012. LNCS, vol. 8319, pp. 1–16. Springer, Heidelberg (2014)
Beckers, K., Côté, I., Faßbender, S., Heisel, M., Hofbauer, S.: A pattern-based method for establishing a cloud-specific information security management system. Requirements Eng. 18(4), 1–53 (2013)
Breaux, T.D., Vail, M.W., Antón, A.I.: Towards regulatory compliance: extracting rights and obligations to align requirements with regulations. In: Proceedings of the International Conference on Requirements Engineering (RE), pp. 46–55. IEEE (2006)
Breaux, T.D., Antón, A.I.: Analyzing regulatory rules for privacy and security requirements. IEEE Trans. Softw. Eng. 34, 5–20 (2008)
Bench-Capon, T.J.M., Robinson, G.O., Routen, T.W., Sergot, M.J.: Logic programming for large scale applications in law: a formalization of supplementary benefit legislation. In: Proceedings of the International Conference on Artificial Intelligence and Law. ACM (1987)
Siena, A., Perini, A., Susi, A.: From laws to requirements. In: Proceedings of the International Workshop on Requirements Engineering and Law (RELAW), pp. 6–10. IEEE (2008)
Hohfeld, W.N.: Fundamental legal conceptions as applied in judicial reasoning. Yale Law J. 26, 710–770 (1917)
Siena, A., Perini, A., Susi, A., Mylopoulos, J.: A meta-model for modelling law-compliant requirements. In: Proceedings of the International Workshop on Requirements Engineering and Law (RELAW), pp. 45–51. IEEE (2009)
Maxwell, J.C., Antón, A.I.: Developing production rule models to aid in acquiring requirements from legal texts. In: Proceedings of the 17th IEEE International Requirements Engineering Conference, RE, Washington, DC, USA. IEEE Computer Society (2009)
Álvarez, J.A.T., Olmos, A., Piattini, M.: Legal requirements reuse: a critical success factor for requirements quality and personal data protection. In: Proceedings of the International Conference on Requirements Engineering (RE), pp. 95–103. IEEE (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Faßbender, S., Heisel, M. (2014). A Computer-Aided Process from Problems to Laws in Requirements Engineering. In: Cordeiro, J., van Sinderen, M. (eds) Software Technologies. ICSOFT 2013. Communications in Computer and Information Science, vol 457. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44920-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-662-44920-2_14
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44919-6
Online ISBN: 978-3-662-44920-2
eBook Packages: Computer ScienceComputer Science (R0)