A Computer-Aided Process from Problems to Laws in Requirements Engineering

  • Stephan FaßbenderEmail author
  • Maritta Heisel
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 457)


In today’s world many products and services are highly dependent on software and information systems. With the growing importance of IT systems, legislators worldwide decided to regulate and enforce laws for IT systems. With respect to this situation, the impact of compliance on the development of IT systems becomes more and more severe. Hence, software engineers have a need for techniques to deal with compliance. But identifying relevant compliance regulations for IT systems is a challenging task. We proposed patterns and a structured method to tackle these problems [1]. A crucial step is the transformation of requirements into a structure, which allows for the identification of laws. The transformation step was described in general in [2]. This work describes a method to structure the requirements, elicit the needed domain knowledge and transform requirements into law identification pattern instances. The manual execution of this method was reported by us to be time consuming and tedious. Hence, in this work we identify the points for (semi-)automation, and we outline a first implementation for the automation. We present our results using a voting system as an example, which was obtained from the ModIWa DFG (Juristisch-informatische Modellierung von Internetwahlen (II). A Deutsche Forschungsgemeinschaft project: project and the common criteria profile for voting systems.


Compliance Law Voting system Requirements engineering Model transformation 


  1. 1.
    Beckers, K., Faßbender, S., Küster, J.-C., Schmidt, H.: A pattern-based method for identifying and analyzing laws. In: Regnell, B., Damian, D. (eds.) REFSQ 2011. LNCS, vol. 7195, pp. 256–262. Springer, Heidelberg (2012)Google Scholar
  2. 2.
    Faßbender, S., Heisel, M.: From problems to laws in requirements engineering using model-transformation. In: ICSOFT 2013 - Proceedings of the 8th International Conference on Software Paradigm Trends, INSTICC. pp. 447–458. SciTePress (2013)Google Scholar
  3. 3.
    Federal Trade Commission: Choicepoint settles data security breach charges. Technical report, Federal Trade Commission (2006).
  4. 4.
    Biagioli, C., Mariani, P., Tiscornia, D.: Esplex: A rule and conceptual model for representing statutes. In: ICAIL, pp. 240–251. ACM (1987)Google Scholar
  5. 5.
    Otto, P.N., Antón, A.I.: Addressing legal requirements in requirements engineering. In: Proceedings of the International Conference on Requirements Engineering. IEEE (2007)Google Scholar
  6. 6.
    Beckers, K., Faßbender, S., Schmidt, H.: An integrated method for pattern-based elicitation of legal requirements applied to a cloud computing example. In: ARES, pp. 463–472 (2012)Google Scholar
  7. 7.
    Jackson, M.: Problem Frames: Analyzing and Structuring Software Development Problems. Addison-Wesley, Boston (2001)Google Scholar
  8. 8.
    Côté, I., Hatebur, D., Heisel, M., Schmidt, H., Wentzlaff, I.: A systematic account of problem frames. In: Proceedings of the European Conference on Pattern Languages of Programs (EuroPLoP), pp. 749–767. Universitätsverlag Konstanz (2008)Google Scholar
  9. 9.
    Hatebur, D., Heisel, M.: Making pattern- and model-based software development more rigorous. In: Dong, J.S., Zhu, H. (eds.) ICFEM 2010. LNCS, vol. 6447, pp. 253–269. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Kumar, S., Walia, E.: Analysis of electronic voting system in various countries. Int. J. Comput. Sci. Eng. (IJCSE) 3, 1825–1830 (2011)Google Scholar
  11. 11.
    Federal Constitutional Court of Germany: Verwendung von Wahlcomputern bei der Bundestagswahl 2005 verfassungswidrig (2009).
  12. 12.
    Brehm, R.: Kryptographische verfahren in internetwahlsystemen, Technical report. Technical University of Darmstadt (2012)Google Scholar
  13. 13.
    Volkamer, M.: Requirements and evaluation procedures to support responsible election authorities. In: Volkamer, M. (ed.) Evaluation of Electronic Voting. LNBIP, vol. 30, pp. 37–57. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  14. 14.
    Volkamer, M., Vogt, R.: Common Criteria Protection Profile for Basic set of security requirements for Online Voting Products. Bundesamt für Sicherheit in der Informationstechnik (2008)Google Scholar
  15. 15.
    Alebrahim, A., Hatebur, D., Heisel, M.: A method to derive software architectures from quality requirements. In: Thu, T.D., Leung, K. (eds.) Proceedings of the 18th Asia-Pacific Software Engineering Conference (APSEC), pp. 322–330. IEEE Computer Society (2011)Google Scholar
  16. 16.
    Beckers, K., Faßbender, S., Heisel, M., Meis, R.: A problem-based approach for computer-aided privacy threat identification. In: Preneel, B., Ikonomou, D. (eds.) APF 2012. LNCS, vol. 8319, pp. 1–16. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  17. 17.
    Beckers, K., Côté, I., Faßbender, S., Heisel, M., Hofbauer, S.: A pattern-based method for establishing a cloud-specific information security management system. Requirements Eng. 18(4), 1–53 (2013)Google Scholar
  18. 18.
    Breaux, T.D., Vail, M.W., Antón, A.I.: Towards regulatory compliance: extracting rights and obligations to align requirements with regulations. In: Proceedings of the International Conference on Requirements Engineering (RE), pp. 46–55. IEEE (2006)Google Scholar
  19. 19.
    Breaux, T.D., Antón, A.I.: Analyzing regulatory rules for privacy and security requirements. IEEE Trans. Softw. Eng. 34, 5–20 (2008)CrossRefGoogle Scholar
  20. 20.
    Bench-Capon, T.J.M., Robinson, G.O., Routen, T.W., Sergot, M.J.: Logic programming for large scale applications in law: a formalization of supplementary benefit legislation. In: Proceedings of the International Conference on Artificial Intelligence and Law. ACM (1987)Google Scholar
  21. 21.
    Siena, A., Perini, A., Susi, A.: From laws to requirements. In: Proceedings of the International Workshop on Requirements Engineering and Law (RELAW), pp. 6–10. IEEE (2008)Google Scholar
  22. 22.
    Hohfeld, W.N.: Fundamental legal conceptions as applied in judicial reasoning. Yale Law J. 26, 710–770 (1917)CrossRefGoogle Scholar
  23. 23.
    Siena, A., Perini, A., Susi, A., Mylopoulos, J.: A meta-model for modelling law-compliant requirements. In: Proceedings of the International Workshop on Requirements Engineering and Law (RELAW), pp. 45–51. IEEE (2009)Google Scholar
  24. 24.
    Maxwell, J.C., Antón, A.I.: Developing production rule models to aid in acquiring requirements from legal texts. In: Proceedings of the 17th IEEE International Requirements Engineering Conference, RE, Washington, DC, USA. IEEE Computer Society (2009)Google Scholar
  25. 25.
    Álvarez, J.A.T., Olmos, A., Piattini, M.: Legal requirements reuse: a critical success factor for requirements quality and personal data protection. In: Proceedings of the International Conference on Requirements Engineering (RE), pp. 95–103. IEEE (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.Paluno - The Ruhr Institute for Software TechnologyUniversity of Duisburg-EssenEssenGermany

Personalised recommendations