1 / 28

Towards a Framework for Law-Compliant Software Requirements

This paper presents the Nomos framework, a language and method for systematically translating law prescriptions into software requirements that satisfy stakeholders' goals while adhering to legal regulations.

melisal
Télécharger la présentation

Towards a Framework for Law-Compliant Software Requirements

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Towards a Framework for Law-Compliant Software Requirements Alberto Siena

  2. Problem statement • GORE focuses on stakeholders and their goals • Effective in specifying requirements that satisfy some properties (e.g., cost/benefit trade-off, risk, security, …) and match stakeholders needs

  3. Problem statement • New laws, increased pervasiveness of IS • Laws are increasingly source of requirements • However law prescriptions are NOT stakeholders goals • Stakeholders want goals, whereas law prescriptions are imposed to stakeholders • Law prescriptions can contraddict goals

  4. Compliance • The act adhering to, and demonstratingadherence to, a standard or regulation (wikipedia) Is conceived here Requirements-time Compliance Exists here Run-time (adhering to) Can be proved here Recovery-time (demonstrating adherence to)

  5. Requirements compliance

  6. The Nomos framework • Framework for systematically go from law prescriptions to requirements. • Nomos = A language + a method + a set of properties (e.g., intentional compliance) • It allows to • Reason about how requirements are generated(select among alternatives) • Checkproperties of requirements models wrt. laws

  7. The Nomos framework • Properties concern the interaction between goals and laws • Needed: languages for modeling The models of G and L must be consistent with each other! Requirements (G): i* Laws (L): Nomos

  8. Foundations of legal theory • Hohfeld’s taxonomy of legal concepts (1913) • Milestone in juridical literature • Rights are the core concepts“Rights are entitlement (not) to perform certain actions or be in certain states, or entitlements that others (not) perform certain actions or be in certain states” W. N. Hohfeld. Fundamental Legal Conceptions as Applied in Judicial Reasoning. Yale Law Journal 23(1), 1913.

  9. The hohfeldian taxonomy • 8 fundamental rights:Privilege, Claim, No-claim, Duty, Power, Liability, Immunity, Disability • Opposites and correlatives

  10. Formalization • A legal text can be subdivided into smaller legal statements, called Normative Propositions(NP) • Each NP carries the atomic piece ofinformation about a single rightNP = <Subject>, <Counter-party>,<RightNature>, <Action> • A hard formalization is given by Sartor • Maps rights to deontic operators

  11. Meta-model of a NP

  12. Example Health Insurance Portability and Accountability Act (HIPAA), art. §164.502(a): A CE may not use or disclose PHI NP = (CE, Individual, claim, Don’t disclose PHI)

  13. Example HIPAA, art. §164.502: (a) A CE may not use or disclose PHI, except as permitted or required by this subpart [...] (1) A covered entity is permitted to use or disclose PHI [...] (i) To the individual; […] (2) A CE is required to disclose PHI: (i) To an individual, when requested [...]; and (ii) When required by the Secretary.

  14. NPs

  15. Nomos language

  16. Dominance relations • To deal with: conditions, exceptions, etc., that exist in law texts • Relative approach rather than absolute approach

  17. A law model

  18. Nomos Meta-model

  19. Atomic compliance • Building block for aggregate (intentional) compliance • Uses the realization relation between goal and NP • Changes according to the nature of the right

  20. Aggregate compliance Many compliance alternatives Many compliance preferences Many compliance “degrees”

  21. Modeling compliance • Bind domain stakeholders with subjects addressed by law • Identify legal alternatives • Select the normative proposition to realize • Identify potential realizations of normative propositions • Identify legal risks • Identify proof artifacts • Constrain delegation of goals to other actors

  22. Properties • Traceability • Documentability • Legal risk identifiability • Protected across organizational interactions (delegations)

  23. Traceability

  24. Documentability

  25. Legal risk identifiability

  26. Security properties

  27. References • W. N. Hohfeld. Fundamental Legal Conceptions as Applied in Judicial Reasoning. Yale Law Journal 23(1), 1913. • Giovanni Sartor. Fundamental legal concepts: A formal and teleological characterisation. Artificial Intelligence and Law, 14(1-2):101–142, April 2006. • Alberto Siena, John Mylopoulos, Anna Perini, and Angelo Susi. The Nomos framework: Modelling requirements compliant with laws. Technical Report TR-0209-SMSP, FBK – Irst, http://disi.unitn.it/asiena/files/TR- 0209- SMSP.pdf, 2009.

  28. Thank you

More Related