Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Terminology Matching of Requirements Specification Documents and Regulations for Compliance Checking

9,229 views

Published on

Presented at RELAW 2015
http://dx.doi.org/10.1109/RELAW.2015.7330206

Published in: Software
  • Be the first to comment

  • Be the first to like this

Terminology Matching of Requirements Specification Documents and Regulations for Compliance Checking

  1. 1. Terminology Matching of Requirements Specification Documents and Regulations for Compliance Checking Tokyo Institute of Technology, Japan Ryotaro Nakamura,Yu Negishi, Shinpei Hayashi, and Motoshi Saeki 1
  2. 2. 2 Goal: Regulation-Compliant Requirements Elicitation  Many regulations, laws, rules, etc. to follow  How to obtain requirements compliant to regulations? ☞Verification &Validation to check compliance after/during eliciting requirements
  3. 3. 3 Our Approach: Systematic Checking  Formal and iterative ways to improve compliance! Requirements Specification Regulation Regulation Regulation Regulation Systematic check of compliance Feedback
  4. 4. Compliance Checking w/ Model Checker [Saeki 09] 4 RegulationRegulationRegulation Regulation Compliance checking using Model Checker Feedback Actor UC1 S1 S2 State transition diag. Use case desc. Logical formula Requirements Specification p → AF q
  5. 5. Regulation [Act on the Protection of Personal Information] Use case description Terminology Matching 5 ... 3. The system gets from a customer her address. ... 6. The system notifies the purpose of utilization to the customer. When having acquired personal information, a business operator handling personal information shall, ..., promptly notify the person of the Purpose of Utilization or publicly announce the Purpose of Utilization. How to associate these sentences?
  6. 6. Regulation [Act on the Protection of Personal Information]Use case description 6 Case Grammar Approach  Requires semantic relationship of words 6 3. The system gets from a customer her address When having acquired personal information, a business operator handling personal information shall, ... (Get, actor: System, object: Address, source: Customer) (Acquire, actor: Business operator, object: Personal information, source: Person)
  7. 7. Dictionaries Overview of OurTechnique 7 State transition model Use case desc. Case frames w/ concepts Sentences in case frame form Properties concept hierarchy : : Case frames Regulations Detecting concepts Generating props. Words Model checker 1st step 2nd step Checking consistency
  8. 8. Step 1: Detecting Concepts 8 verb actor object source Learn Human | Organization Habit | Studies Human | Organization verb actor object source Acquire Human | Organization Thing Human | Organization Dictionary of Case Frames “The system gets from the customer her address” Case Structure verb actor object source Get System Address Customer P System Address Customer Customer HumanThing Address Dictionary of Hierarchical Concepts Get Acquire Learn Term Personal information Person ✘ ✔ Institution Organization Business operator
  9. 9. Step 2: Instantiating PropertyTemplate 9 (Acquire, ...) ∧ ¬ (Announce, ...) → AF ((Notify, ...) ∨ (Announce, ...)) verb actor object source Get System Address Customer Case frame from RD Template Instantiate every possible candidates (Get, System,Address, Customer) ∧ ¬ (Announce, ...) → AF ((Notify, ...) ∨ (Announce, ...) (Get, System,Address, Customer) ∧ ¬ (Announce, ...) → AF ((Notify, ...) ∨ (Announce, ...)) (Get, System,Address, Customer) ∧ ¬ (Announce, ...) → AF ((Notify, ...) ∨ (Announce, ...))
  10. 10. 10 Implementation  Components – Cabocha (Japanese lexical and dep. analyzer) – NuSMV (Model checker) – Dictionary: EDR Japanese dictionary # words # concepts # frames From EDR dic. 270000 410000 13000 Newly added by us 61 59 10
  11. 11. 11 Case Studies and Acts  Case 1: Online shopping (like Amazon) – Act on Protection of Personal Information • Article 18 – Act on Regulation of Transmission of Specified Electronic Mail • Article 3 – Act on Specified Commercial Transactions • Articles 11 and 13  Case 2: Pet Store – Act on Welfare and Management of Animals • Articles 21 and 22
  12. 12. 12 Case 1: Online Shopping  Including 16 use cases Show Change password Send an ad-mail Reject receiving ad-mails Confirm privacy policy Remove an item from the cart Open the items of the cart <<include>> Sign up Customer Admin Log out Delete account Display the detail of an item Add an item to the cart <<include>> Open search page <<include>> <<include>> Log in <<include>> Check out Accept receiving ad-mails <<include>> Open account setting page
  13. 13. 13 Case 1: Results  Precision: 0.50 (4/8)  Recall: 0.66 (4/6)  Reason of failures: – Structural differences of case frames • “System receives payment” vs.“System approves payment” – Regardless of relationships between formulas
  14. 14. 14 Case 2: Pet Store  Confirmed violation by comparing the results – Operator shall show a buyer the cats/dogs that she likes to by directly in advance Reserve an appointment to see cats/dogs Register animals Show cats/dogs suggested to add
  15. 15. 15 Concluding Remarks  Conclusion – A technique to support matching the words in a RD and regulations for checking the consistency – Word matching based on the concept hierarchy – Confirmed the feasibility  Future work – Improving accuracy of matching – Larger case studies

×