DETECTING REGULATORY VULNERABILITY IN FUNCTIONAL REQUIREMENTS SPECIFICATIONS

Motoshi Saeki, Haruhiko Kaiya, Satoshi Hattori

2009

Abstract

This paper proposes a technique to apply model checking in order to show the regulatory compliance of requirements specifications written in use case models. We define three levels of regulatory vulnerability of a requirements specification by the situation of its non-compliance with regulations. For automatic compliance checking, the behavior of business processes and information systems are specified with use cases and they are translated into finite state transition machines. By using model checker SMV, we formally verify if the regulations that are represented with computational tree logic can be satisfied with the state machines.

References

1. Cabinet Office, Government of Japan (2003). Act on the protection of personal information. http://www5.cao.go.jp/seikatsu/kojin/foreign/act.pdf.
2. Castero, P. and Maibaum, T. (2008). A Tableaux System for Deontic Action Logic. In Lecture Notes in Computer Science (DEON2008), volume 5076, pages 34-48.
3. Darimont, R. and Lemoine, M. (2006). Goal Oriented Analysis of Regulations. In REMO2V, CAiSE2006 Workshop, pages 838-844.
4. Dinesh, N., Joshi, A., Lee, I., and Sokolsky, O. (2008). Reasoning about Conditions and Exceptions to Laws in Regulatory Conformance Checking. In Lecture Notes in Computer Science (DEON2008), volume 5076, pages 110-124.
5. Eckoff, T. and Sundby, N. (1997). RECHTSSYSTEME.
6. Hassan, W. and Logrippo, L. (2008). Requirements and Compliance in Legal Systems: a Logic Approach. In Requirements Engineering and Law (RELAW 2008), pages 40-44.
7. Jones, A. and Sergot, M. (2004). Deontic Logic in the Representation of Law: Towards a Methodology. Aritificial Intelligence and Law, 1(1):45-64.
8. Nebut, C., Fleurey, F., Traon, Y., and Jezequel, J.-M. (2006). Automatic Test Generation: A Use Case Driven Approach. IEEE Transaction on Software Engineering, 32(3):140-155.
9. NuSMV (2007). Nusmv: A new symbolic model checker. http://nusmv.fbk.eu/.
10. Otto, P. and Anton, A. (2007). Addressing Legal Requirements in Requirements Engineering. In Proc. of 15th IEEE International Requirements Engineering Conference, pages 5-14.
11. RELAW (2008). 1st international workshop on requirements engineering and law. http://www.csc2.ncsu.edu/workshops/relaw/.
12. REMO2V (2006). International Workshop on Regulations Modelling and Their Validation and Verification (REMO2V), CAiSE2006 Workshop. http://lacl.univparis12.fr//REMO2V/.
13. REMOD (2008). Interdisciplinary workshop: Regulations modelling and deployment. http://lacl.univparis12.fr/REMOD08/.
14. Saeki, M. and Kaiya, H. (2008). Supporting the elicitation of requirements compliant with regulations. In Lecture Notes in Computer Science (CAiSE'2008), volume 5074, pages 228-242.
15. Whittle, J. and Jayaraman, P. (2006). Generating Hierarchical State Machines from Use Case Charts. In Proc. of 14th IEEE Requirements Engineering Conference (RE2006), pages 19-28.

Paper Citation

in Harvard Style

Saeki M., Kaiya H. and Hattori S. (2009). DETECTING REGULATORY VULNERABILITY IN FUNCTIONAL REQUIREMENTS SPECIFICATIONS . In Proceedings of the 4th International Conference on Software and Data Technologies - Volume 1: ICSOFT, ISBN 978-989-674-009-2, pages 105-114. DOI: 10.5220/0002240001050114

in Bibtex Style

@conference{icsoft09,
author={Motoshi Saeki and Haruhiko Kaiya and Satoshi Hattori},
title={DETECTING REGULATORY VULNERABILITY IN FUNCTIONAL REQUIREMENTS SPECIFICATIONS},
booktitle={Proceedings of the 4th International Conference on Software and Data Technologies - Volume 1: ICSOFT,},
year={2009},
pages={105-114},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002240001050114},
isbn={978-989-674-009-2},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 4th International Conference on Software and Data Technologies - Volume 1: ICSOFT,
TI - DETECTING REGULATORY VULNERABILITY IN FUNCTIONAL REQUIREMENTS SPECIFICATIONS
SN - 978-989-674-009-2
AU - Saeki M.
AU - Kaiya H.
AU - Hattori S.
PY - 2009
SP - 105
EP - 114
DO - 10.5220/0002240001050114