Toward benchmarks to assess advancement in legal requirements modeling

As software engineers create and evolve information systems to support business practices, these engineers need to address constraints imposed by laws, regulations and policies that govern those business practices. Requirements modeling can be used to extract important legal constraints from laws, and decide how, and evaluate if an information system design complies to applicable laws. To advance research on evaluating requirements modeling formalisms for the representation of legal information, we propose several benchmarks that we believe represent important challenges in modeling laws and requirements governing information systems, and evaluating the compliance of these requirements with laws. While incomplete, the proposed set of benchmarks covers a range of challenges in modeling laws and requirements that we observed in privacy and security law: from the possibility to trace model fragments to law fragments, to the ability to distinguish modalities in law, and to model relations between requirements and law fragments, needed when evaluating compliance. Benchmarks can be used as a checklist when designing and discussing requirements formalisms that support legal requirements modeling. Each benchmark is motivated by related work, a brief legal excerpt, and our experience in modeling regulations.

[1]  Annie I. Antón,et al.  Legal requirements acquisition for the specification of legally compliant information systems , 2009 .

[2]  Daniel Amyot,et al.  Compliance Analysis Based on a Goal-oriented Requirement Language Evaluation Methodology , 2009, 2009 17th IEEE International Requirements Engineering Conference.

[3]  Michael Jackson,et al.  Four dark corners of requirements engineering , 1997, TSEM.

[4]  Layman E. Allen,et al.  Better language, better thought, better communication: the A-Hohfeld language for legal analysis , 1995, ICAIL '95.

[5]  John Mylopoulos,et al.  Capturing Variability of Law with Nómos 2 , 2012, ER.

[6]  Phan Minh Dung,et al.  On the Acceptability of Arguments and its Fundamental Role in Nonmonotonic Reasoning, Logic Programming and n-Person Games , 1995, Artif. Intell..

[7]  M. Hart,et al.  SOME FUNDAMENTAL LEGAL CONCEPTIONS AS APPLIED IN JUDICIAL REASONING , 2008 .

[8]  Paul McNamara,et al.  Deontic logic , 2006, Logic and the Modalities in the Twentieth Century.

[9]  Annie I. Antón,et al.  Analyzing Regulatory Rules for Privacy and Security Requirements , 2008, IEEE Transactions on Software Engineering.

[10]  Clare-Marie Karat,et al.  Enforceability vs. accountability in electronic policies , 2006, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06).

[11]  Andreas Classen,et al.  Comparative semantics of Feature Diagrams: FFD vs. vDFD , 2006, Fourth International Workshop on Comparative Evaluation in Requirements Engineering (CERE'06 - RE'06 Workshop).

[12]  John Mylopoulos,et al.  From Laws to Requirements , 2008, 2008 Requirements Engineering and Law.

[13]  Camille Salinesi,et al.  Criteria for Comparing Requirements Variability Modeling Notations for Product Lines , 2006, Fourth International Workshop on Comparative Evaluation in Requirements Engineering (CERE'06 - RE'06 Workshop).

[14]  Annie I. Antón,et al.  The role of policy and stakeholder privacy values in requirements engineering , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[15]  Annie I. Antón,et al.  Addressing Legal Requirements in Requirements Engineering , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[16]  Mario Piattini,et al.  Legal requirements reuse: a critical success factor for requirements quality and personal data protection , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.

[17]  Lars Hagge,et al.  A benchmarking method for information systems , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[18]  Nuel D. Belnap On rigorous definitions , 1993 .

[19]  Annie I. Antón,et al.  Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations , 2006, 14th IEEE International Requirements Engineering Conference (RE'06).

[20]  Jörg Dörr,et al.  Investigating the usefulness of notations in the context of requirements engineering , 2012, 2012 Second IEEE International Workshop on Empirical Requirements Engineering (EmpiRE).

[22]  John Mylopoulos,et al.  From object-oriented to goal-oriented requirements analysis , 1999, CACM.

[23]  Travis D. Breaux,et al.  Regulatory Requirements Traceability and Analysis Using Semi-formal Specifications , 2013, REFSQ.

[24]  Haralambos Mouratidis,et al.  Secure Tropos: a Security-Oriented Extension of the Tropos Methodology , 2007, Int. J. Softw. Eng. Knowl. Eng..