Terminology Matching of Requirements Specification Documents and Regulations for Compliance Checking
-
Upload
shinpei-hayashi -
Category
Software
-
view
3.839 -
download
0
Transcript of Terminology Matching of Requirements Specification Documents and Regulations for Compliance Checking
Terminology Matching ofRequirements Specification Documents and Regulationsfor Compliance Checking
Tokyo Institute of Technology, Japan
Ryotaro Nakamura, Yu Negishi,Shinpei Hayashi, and Motoshi Saeki
1
2
Goal: Regulation-Compliant Requirements Elicitation Many regulations, laws, rules, etc. to follow
How to obtain requirements compliant to regulations?☞Verification & Validation to check compliance
after/during eliciting requirements
3
Our Approach:
Systematic Checking Formal and iterative ways to improve
compliance!
RequirementsSpecification
RegulationRegulation
RegulationRegulation
Systematic checkof complianceFeedback
Compliance Checkingw/ Model Checker [Saeki 09]
4
RegulationRegulationRegulation
Regulation
Compliance checking using
Model Checker
Feedback
Actor
UC1
S1 S2
State transition diag.
Use case desc.
Logical formula
Requirements Specification
p → AF q
Regulation[Act on the Protection of Personal Information]Use case description
Terminology Matching
5
...3. The system gets from
a customer her address....6. The system notifies the
purpose of utilizationto the customer.
When having acquired personal information, a business operator handling personal information shall, ..., promptly notify the person of the Purpose of Utilization or publicly announce the Purpose of Utilization.
How to associate these sentences?
Regulation[Act on the Protection of Personal Information]Use case description
6
Case Grammar Approach
Requires semantic relationship of words6
3. The system gets froma customer her address
When having acquired personal information, a business operator handling personal information shall, ...
(Get,actor: System,object: Address,source: Customer)
(Acquire,actor: Business operator,object: Personal information,source: Person)
Dictionaries
Overview of Our Technique
7
State transition model
Use casedesc.
Case framesw/ concepts
Sentencesin case
frame form
Prop
ertie
s
concepthierarchy
: :
Caseframes
Regulations
Detectingconcepts
Generatingprops.
Words
Modelchecker
1st step 2nd stepChecking
consistency
Step 1: Detecting Concepts
8
verb actor object source
Learn Human |Organization
Habit |Studies
Human |Organization
verb actor object source
Acquire Human |Organization
Thing Human |Organization
Dictionary of Case Frames
“The system gets from thecustomer her address”
Case Structure
verb actor object source
Get System Address Customer
P
System Address Customer
Customer
HumanThing
Address
Dictionary of Hierarchical Concepts
Get
AcquireLearn
Term
Personal information Person
✘
✔
Institution
OrganizationBusinessoperator
Step 2: Instantiating Property Template
9
(Acquire, ...)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...))
verb actor object source
Get System Address Customer
Case frame from RD
Template
Instantiate everypossible candidates
(Get, System, Address, Customer)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...)
(Get, System, Address, Customer)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...))
(Get, System, Address, Customer)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...))
10
Implementation Components
– Cabocha (Japanese lexical and dep. analyzer)– NuSMV (Model checker)– Dictionary: EDR Japanese dictionary
# words # concepts # framesFrom EDR dic. 270000 410000 13000Newly added by us 61 59 10
11
Case Studies and Acts Case 1: Online shopping (like Amazon)
– Act on Protection of Personal Information• Article 18
– Act on Regulation of Transmission of Specified Electronic Mail• Article 3
– Act on Specified Commercial Transactions • Articles 11 and 13
Case 2: Pet Store– Act on Welfare and Management of Animals
• Articles 21 and 22
12
Case 1: Online Shopping Including 16 use cases
Show
Change password
Send an ad-mail
Reject receiving ad-mails
Confirm privacy policy
Remove an item from the cart
Open the items of the cart
<<include>>
Sign up
Customer Admin
Log out
Delete account
Display the detail of an item
Add an item to the cart
<<include>>
Open search page
<<include>>
<<include>>
Log in
<<include>>
Check out
Accept receiving ad-mails
<<include>>
Open account setting page
13
Case 1: Results
Precision: 0.50 (4/8) Recall: 0.66 (4/6) Reason of failures:
– Structural differences of case frames• “System receives payment” vs. “System approves payment”
– Regardless of relationships between formulas
14
Case 2: Pet Store Confirmed violation by comparing the results
– Operator shall show a buyer the cats/dogs that she likes to by directly in advance
Reserve an appointmentto see cats/dogs
Registeranimals
Showcats/dogs
suggested to add
15
Concluding Remarks Conclusion
– A technique to support matching the words in a RD and regulations for checking the consistency
– Word matching based on the concept hierarchy– Confirmed the feasibility
Future work– Improving accuracy of matching– Larger case studies