Liability in software engineering: overview of the LISE approach and illustration on a case study

LISE is a multidisciplinary project involving lawyers and computer scientists with the aim to put forward a set of methods and tools to (1) define software liability in a precise and unambiguous way and (2) establish such liability in case of incident. This paper provides an overview of the overall approach taken in the project based on a case study. The case study illustrates a situation where, in order to reduce legal uncertainties, the parties to a contract wish to include in the agreement specific clauses to define as precisely as possible the share of liabilities between them for the main types of failures of the system.

[1]  Shazia Wasim Sadiq,et al.  Compliance checking between business processes and business contracts , 2006, 2006 10th IEEE International Enterprise Distributed Object Computing Conference (EDOC'06).

[2]  Stéphane Frénot,et al.  Security benchmarks of OSGi platforms: toward Hardened OSGi , 2009, Softw. Pract. Exp..

[3]  J. Eber,et al.  How to write a financial contract , 2003 .

[4]  Noureddine Boudriga,et al.  A Temporal Logic-Based Model for Forensic Investigation in Networked System Security , 2005, MMM-ACNS.

[5]  Rafael Accorsi,et al.  On the Relationship of Privacy and Secure Remote Logging in Dynamic Systems , 2006, SEC.

[6]  Wolfgang Emmerich,et al.  The monitorability of service-level agreements for application-service provision , 2007, WOSP '07.

[7]  Fred B. Schneider Accountability for Perfection , 2009, IEEE Secur. Priv..

[8]  Eileen Kraemer,et al.  The inference validity problem in legal discovery , 2009, 2009 31st International Conference on Software Engineering - Companion Volume.

[9]  Frank Dignum,et al.  Organizational structure and responsibility , 2007, Artificial Intelligence and Law.

[10]  Daniel J. Ryan Two Views on Security Software Liability: Let the Legal System Decide , 2003, IEEE Secur. Priv..

[11]  Tyler Moore,et al.  Information Security Economics - and Beyond , 2007, DEON.

[12]  Wolfgang Emmerich,et al.  Efficient online monitoring of web-service SLAs , 2008, SIGSOFT '08/FSE-16.

[13]  Anita K. Jones,et al.  Computer System Intrusion Detection: A Survey , 2000 .

[14]  Pavel Gladyshev,et al.  Rigorous Development of Automated Inconsistency Checks for Digital Evidence Using the B Method , 2007, Int. J. Digit. EVid..

[15]  Christian Johansen,et al.  A Formal Language for Electronic Contracts , 2007, FMOODS.

[16]  Keith Marzullo,et al.  Principles-driven forensic analysis , 2005, NSPW '05.

[17]  Gordon J. Pace,et al.  Challenges in the Specification of Full Contracts , 2009, IFM.

[18]  Bev Littlewood,et al.  Software reliability and dependability: a roadmap , 2000, ICSE '00.

[19]  Peter Stephenson Modeling of Post-Incident Root Cause Analysis , 2003, Int. J. Digit. EVid..

[20]  B Renaud La preuve électronique , 2002 .

[21]  Peter Struss,et al.  IDD: Integrating Diagnosis in the Design of automotive systems , 2002, ECAI.

[22]  Debmalya Biswas,et al.  Small Logs for Transactional Services: Distinction is Much More Accurate than (Positive) Discrimination , 2008, 2008 11th IEEE High Assurance Systems Engineering Symposium.

[23]  Mark Solon,et al.  Preparing evidence for court , 2004, Digit. Investig..

[24]  Yiannis Papadopoulos Model-based system monitoring and diagnosis of failures using statecharts and fault trees , 2003, Reliab. Eng. Syst. Saf..

[25]  Brian Randell,et al.  Fundamental Concepts of Computer System Dependability , 2001 .

[26]  Fairouz Kamareddine,et al.  Flexible Encoding of Mathematics on the Computer , 2004, MKM.

[27]  Wolfgang Emmerich,et al.  Precise service level agreements , 2004, Proceedings. 26th International Conference on Software Engineering.

[28]  Marek J. Sergot,et al.  Using the event calculus for tracking the normative state of contracts , 2005, Int. J. Cooperative Inf. Syst..

[29]  SchneierBruce,et al.  Secure audit logs to support computer forensics , 1999 .

[30]  Bruce Schneier,et al.  Secure audit logs to support computer forensics , 1999, TSEC.

[31]  Daniel Le Métayer,et al.  A Formal Privacy Management Framework , 2009, Formal Aspects in Security and Trust.

[32]  Mohamed Saleh,et al.  Analyzing multiple logs for forensic evidence , 2007, Digit. Investig..