Abstract
New laws, such as HIPAA and SOX, are increasingly impacting the design of software systems, as business organisations strive to comply. This paper studies the problem of generating a set of requirements for a new system which comply with a given law. Specifically, the paper proposes a systematic process for generating law-compliant requirements by using a taxonomy of legal concepts and a set of primitives to describe stakeholders and their strategic goals. Given a model of law and a model of stakeholders goals, legal alternatives are identified and explored. Strategic goals that can realise legal prescriptions are systematically analysed, and alternative ways of fulfilling a law are evaluated. The approach is demonstrated by means of a case study. This work is part of the Nomos framework, intended to support the design of law-compliant requirements models.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Medical privacy - national standards to protect the privacy of personal health information. Office for Civil Rights, US Department of Health and Human Services (2000)
Online news published in dmreview.com, November 15 (2004)
Anton, A.I., Otto, P.N.: Addressing legal requirements in requirements engineering. In: IEEE Requirements Engineering Conference, RE 2007 (2007)
Asnar, Y., Giorgini, P.: Modelling risk and identifying countermeasure in organizations. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 55–66. Springer, Heidelberg (2006)
Breaux, T.D., Vail, M.W., Anton, A.I.: Towards regulatory compliance: Extracting rights and obligations to align requirements with regulations. In: 14th IEEE Requirements Engineering Conference (RE 2006), pp. 49–58. IEEE Society Press, Los Alamitos (2006)
Darimont, R., Lemoine, M.: Goal-oriented analysis of regulations. In: Laleau, R., Lemoine, M. (eds.) ReMo2V, held at CAiSE 2006, vol. 241. CEUR Workshop Proceedings, CEUR-WS.org (2006)
Ghanavati, S., Amyot, D., Peyton, L.: Towards a framework for tracking legal compliance in healthcare. In: Krogstie, J., Opdahl, A.L., Sindre, G. (eds.) CAiSE 2007 and WES 2007. LNCS, vol. 4495, pp. 218–232. Springer, Heidelberg (2007)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Requirements engineering meets trust management. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004, vol. 2995, pp. 176–190. Springer, Heidelberg (2004)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: IEEE Requirements Engineering Conference (RE 2005), pp. 167–176. IEEE Computer Society, Los Alamitos (2005)
Hohfeld, W.N.: Fundamental Legal Conceptions as Applied in Judicial Reasoning. Yale Law Journal 23(1) (1913)
Rifaut, A., Dubois, E.: Using goal-oriented requirements engineering for improving the quality of iso/iec 15504 based compliance assessment frameworks. In: RE 2008: Proceedings of the 2008 16th IEEE International Requirements Engineering Conference, pp. 33–42. IEEE Computer Society Press, Los Alamitos (2008)
Saeki, M., Kaiya, H.: Supporting the elicitation of requirements compliant with regulations. In: Bellahsène, Z., Léonard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 228–242. Springer, Heidelberg (2008)
Sartor, G.: Fundamental legal concepts: A formal and teleological characterisation. Artificial Intelligence and Law 14(1-2), 101–142 (2006)
Siena, A., Maiden, N.A.M., Lockerbie, J., Karlsen, K., Perini, A., Susi, A.: Exploring the effectiveness of normative i* modelling: Results from a case study on food chain traceability. In: Bellahsène, Z., Léonard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 182–196. Springer, Heidelberg (2008)
Siena, A., Mylopoulos, J., Perini, A., Susi, A.: From laws to requirements. In: 1st International Workshop on Requirements Engineering and Law Relaw 2008 (2008)
Siena, A., Mylopoulos, J., Perini, A., Susi, A.: The Nomos framework: Modelling requirements compliant with laws. Technical Report TR-0209-SMSP, FBK - Irst (2009), http://disi.unitn.it/asiena/files/TR-0209-SMSP.pdf
Susi, A., Perini, A., Mylopoulos, J., Giorgini, P.: The Tropos metamodel and its use. Informatica (Slovenia) 29(4), 401–408 (2005)
van Lamsweerde, A., Letier, E.: Handling obstacles in goal-oriented requirements engineering. IEEE Transactions on Software Engineering 26(10), 978–1005 (2000)
Yu, E.S.-K.: Modelling strategic relationships for process reengineering. PhD thesis, University of Toronto, Toronto, Ontario, Canada (1996)
Zave, P., Jackson, M.: Four dark corners of requirements engineering. ACM Transactions on Software Engineering and Methodology (TOSEM) 6(1), 1–30 (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Siena, A., Mylopoulos, J., Perini, A., Susi, A. (2009). Designing Law-Compliant Software Requirements. In: Laender, A.H.F., Castano, S., Dayal, U., Casati, F., de Oliveira, J.P.M. (eds) Conceptual Modeling - ER 2009. ER 2009. Lecture Notes in Computer Science, vol 5829. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04840-1_35
Download citation
DOI: https://doi.org/10.1007/978-3-642-04840-1_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04839-5
Online ISBN: 978-3-642-04840-1
eBook Packages: Computer ScienceComputer Science (R0)