Establishing Regulatory Compliance for Software Requirements
Identifieur interne : 000480 ( Main/Exploration ); précédent : 000479; suivant : 000481Establishing Regulatory Compliance for Software Requirements
Auteurs : Silvia Ingolfo [Italie] ; Alberto Siena [Italie] ; John Mylopoulos [Italie, États-Unis]Source :
- Lecture Notes in Computer Science [ 0302-9743 ] ; 2011.
Abstract
Abstract: A software system complies with a regulation if its operation is consistent with the regulation under all circumstances. The importance of regulatory compliance for software systems has been growing, as regulations are increasingly impacting both the functional and non-functional requirements of legacy and new systems. HIPAA and SOX are recent examples of laws with broad impact on software systems, as attested by the billions of dollars spent in the US alone on compliance. In this paper we propose a framework for establishing regulatory compliance for a given set of software requirements. The framework assumes as inputs models of the requirements (expressed in i*) and the regulations (expressed in Nòmos). In addition, we adopt and integrate with i* and Nòmos a modeling technique for capturing arguments and establishing their acceptability. Given these, the framework proposes a systematic process for revising the requirements, and arguing through a discussion among stakeholders that the revisions make the requirements compliant. Our proposed framework is illustrated through a case study involving fragments of the HIPAA regulation.
Url:
DOI: 10.1007/978-3-642-24606-7_5
Affiliations:
Links toward previous steps (curation, corpus...)
- to stream Istex, to step Corpus: 002106
- to stream Istex, to step Curation: 001F64
- to stream Istex, to step Checkpoint: 000137
- to stream Main, to step Merge: 000486
- to stream Main, to step Curation: 000480
Le document en format XML
<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">Establishing Regulatory Compliance for Software Requirements</title>
<author><name sortKey="Ingolfo, Silvia" sort="Ingolfo, Silvia" uniqKey="Ingolfo S" first="Silvia" last="Ingolfo">Silvia Ingolfo</name>
</author>
<author><name sortKey="Siena, Alberto" sort="Siena, Alberto" uniqKey="Siena A" first="Alberto" last="Siena">Alberto Siena</name>
</author>
<author><name sortKey="Mylopoulos, John" sort="Mylopoulos, John" uniqKey="Mylopoulos J" first="John" last="Mylopoulos">John Mylopoulos</name>
</author>
</titleStmt>
<publicationStmt><idno type="wicri:source">ISTEX</idno>
<idno type="RBID">ISTEX:08F75F16D7DBB72ECE507E4379124A6E681ED8E6</idno>
<date when="2011" year="2011">2011</date>
<idno type="doi">10.1007/978-3-642-24606-7_5</idno>
<idno type="url">https://api.istex.fr/document/08F75F16D7DBB72ECE507E4379124A6E681ED8E6/fulltext/pdf</idno>
<idno type="wicri:Area/Istex/Corpus">002106</idno>
<idno type="wicri:Area/Istex/Curation">001F64</idno>
<idno type="wicri:Area/Istex/Checkpoint">000137</idno>
<idno type="wicri:doubleKey">0302-9743:2011:Ingolfo S:establishing:regulatory:compliance</idno>
<idno type="wicri:Area/Main/Merge">000486</idno>
<idno type="wicri:Area/Main/Curation">000480</idno>
<idno type="wicri:Area/Main/Exploration">000480</idno>
</publicationStmt>
<sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">Establishing Regulatory Compliance for Software Requirements</title>
<author><name sortKey="Ingolfo, Silvia" sort="Ingolfo, Silvia" uniqKey="Ingolfo S" first="Silvia" last="Ingolfo">Silvia Ingolfo</name>
<affiliation wicri:level="1"><country xml:lang="fr">Italie</country>
<wicri:regionArea>University of Trento, Trento</wicri:regionArea>
<wicri:noRegion>Trento</wicri:noRegion>
</affiliation>
<affiliation wicri:level="1"><country wicri:rule="url">Italie</country>
</affiliation>
</author>
<author><name sortKey="Siena, Alberto" sort="Siena, Alberto" uniqKey="Siena A" first="Alberto" last="Siena">Alberto Siena</name>
<affiliation wicri:level="1"><country xml:lang="fr">Italie</country>
<wicri:regionArea>University of Trento, Trento</wicri:regionArea>
<wicri:noRegion>Trento</wicri:noRegion>
</affiliation>
<affiliation wicri:level="1"><country wicri:rule="url">Italie</country>
</affiliation>
</author>
<author><name sortKey="Mylopoulos, John" sort="Mylopoulos, John" uniqKey="Mylopoulos J" first="John" last="Mylopoulos">John Mylopoulos</name>
<affiliation wicri:level="1"><country xml:lang="fr">Italie</country>
<wicri:regionArea>University of Trento, Trento</wicri:regionArea>
<wicri:noRegion>Trento</wicri:noRegion>
</affiliation>
<affiliation wicri:level="1"><country wicri:rule="url">États-Unis</country>
</affiliation>
</author>
</analytic>
<monogr></monogr>
<series><title level="s">Lecture Notes in Computer Science</title>
<imprint><date>2011</date>
</imprint>
<idno type="ISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="ISSN">0302-9743</idno>
</series>
<idno type="istex">08F75F16D7DBB72ECE507E4379124A6E681ED8E6</idno>
<idno type="DOI">10.1007/978-3-642-24606-7_5</idno>
<idno type="ChapterID">5</idno>
<idno type="ChapterID">Chap5</idno>
</biblStruct>
</sourceDesc>
<seriesStmt><idno type="ISSN">0302-9743</idno>
</seriesStmt>
</fileDesc>
<profileDesc><textClass></textClass>
<langUsage><language ident="en">en</language>
</langUsage>
</profileDesc>
</teiHeader>
<front><div type="abstract" xml:lang="en">Abstract: A software system complies with a regulation if its operation is consistent with the regulation under all circumstances. The importance of regulatory compliance for software systems has been growing, as regulations are increasingly impacting both the functional and non-functional requirements of legacy and new systems. HIPAA and SOX are recent examples of laws with broad impact on software systems, as attested by the billions of dollars spent in the US alone on compliance. In this paper we propose a framework for establishing regulatory compliance for a given set of software requirements. The framework assumes as inputs models of the requirements (expressed in i*) and the regulations (expressed in Nòmos). In addition, we adopt and integrate with i* and Nòmos a modeling technique for capturing arguments and establishing their acceptability. Given these, the framework proposes a systematic process for revising the requirements, and arguing through a discussion among stakeholders that the revisions make the requirements compliant. Our proposed framework is illustrated through a case study involving fragments of the HIPAA regulation.</div>
</front>
</TEI>
<affiliations><list><country><li>Italie</li>
<li>États-Unis</li>
</country>
</list>
<tree><country name="Italie"><noRegion><name sortKey="Ingolfo, Silvia" sort="Ingolfo, Silvia" uniqKey="Ingolfo S" first="Silvia" last="Ingolfo">Silvia Ingolfo</name>
</noRegion>
<name sortKey="Ingolfo, Silvia" sort="Ingolfo, Silvia" uniqKey="Ingolfo S" first="Silvia" last="Ingolfo">Silvia Ingolfo</name>
<name sortKey="Mylopoulos, John" sort="Mylopoulos, John" uniqKey="Mylopoulos J" first="John" last="Mylopoulos">John Mylopoulos</name>
<name sortKey="Siena, Alberto" sort="Siena, Alberto" uniqKey="Siena A" first="Alberto" last="Siena">Alberto Siena</name>
<name sortKey="Siena, Alberto" sort="Siena, Alberto" uniqKey="Siena A" first="Alberto" last="Siena">Alberto Siena</name>
</country>
<country name="États-Unis"><noRegion><name sortKey="Mylopoulos, John" sort="Mylopoulos, John" uniqKey="Mylopoulos J" first="John" last="Mylopoulos">John Mylopoulos</name>
</noRegion>
</country>
</tree>
</affiliations>
</record>
Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Ticri/CIDE/explor/OcrV1/Data/Main/Exploration
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000480 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd -nk 000480 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien |wiki= Ticri/CIDE |area= OcrV1 |flux= Main |étape= Exploration |type= RBID |clé= ISTEX:08F75F16D7DBB72ECE507E4379124A6E681ED8E6 |texte= Establishing Regulatory Compliance for Software Requirements }}
This area was generated with Dilib version V0.6.32. |