Establishing Regulatory Compliance in Goal-Oriented
Requirements Analysis
Tokyo Institute of Technology, Japan
Yu Negishi, Shinpei Hayashi,and Motoshi Saeki
1
Motivationl Regulatory compliance in IS development– Eliciting regulatory compliant requirements in an
early stage is important for reducing total cost
l Goal-oriented requirements analysis (GORA) is beneficial– Goal decomposition can be useful to trace rationale
2
Necessity to elicit regulatory compliant requirements
Derivation of regulatory compliant goals
Purpose
l To derive this kind of fixes, we need ...1. Detecting regulatory incompliant (violated) goals2. Adding goals to avoid regulatory violations
3
A suppliermails a product
Get the addressfrom a customer
Delivera product to
a carrier
A suppliernotifies a customerof the purpose of
utilization
Article 18, Act on the Protection of Personal InformationWhen having acquired personal information, a business operator shall promptly notify the person of the purpose of utilization.
A suppliermails a product
Get the addressfrom a customer
Delivera product to
a carrier
Goal model Regulation
1. Detecting regulatory incompliant goalsProblem
4
How can we match these sentences?
Get = AcquireAddress = Personal Information
A suppliermails a product
Get the addressfrom a customer
Article 18, Act on the Protection of Personal Information
When having acquired personal information, a business operator shall promptly notify the person of the purpose of utilization.
2. Adding goals to avoid violationsProblem
5
How can we generate the descriptionand modify the goal structure?
Article 18, Act on the Protection of Personal Information
When having acquired personal information, a business operator shall promptly notify the person of the purpose of utilization.
Regulatory compliant goal model
A suppliermails a product
Get the addressfrom a customer
Notify the customerof the purpose of
utilization
Goal Model Regulation
1. Detecting regulatory incompliant goalsOur Solution
6
A suppliermails a product
Get the addressfrom a customer
Article 18, Act on the Protection of Personal Information
When having acquired personal information, a business operator shall promptly notify the person of the purpose of utilization.
Situation case frame
Usage of case frames (CTs) for the matchingto detect the candidates
verb subject direct object
indirect object
Get Supplier Address Customer
verb actor object source
Acquire Business operator
Personalinformation
✔
2. Adding goals to avoid violationsOur Solution
7
Article 18, Act on the Protection of Personal Information
When having acquired personal information, a business operator shall promptly notify the person of the purpose of utilization.
Get = AcquireAddress = Personal Info.
Customer = Person
Generate goal description from the prepared template patterns and substitute the words in it
Regulatory compliant goal model
A suppliermails a product
Get the addressfrom a customer
Notify the customerof the purpose of
utilization
Matching result
Wordsubstitution
Notifies (y: person)of the purposeof utilization
Goal template
8
Proposed Techniquel Matching using CFs (1, 2, 3, 4)l Goal generation for compliance (5, 6, 7)
Goalmodel
7. Adding new goalsto the goal model
4. Matching goalsand regulations
Case framesof goals
Case frames of regulationsRegulation
5. Generatinggoals by patterns
Identifyingregulatoryviolation
Termmatchinginformation
x = □□
6. Generatinggoal descriptions
Goalsto be added
1. Developing caseframes of regulations
2. Supplementinggoal descriptions
3. Translating goalsinto case frames
Modifiedgoalmodel
Dict.
Developing Regulation CFsl Converts regulations into CFs
9
Article 18, Act on the Protectionof Personal Information Situation CF
Act CF (Modality: Obligation)
verb actor object source
Acquire x Personal information y
verb actor object target
Notify x Purpose of utilization y
When having acquired personal information,a business operatorshall promptlynotify the person of the purpose of utilization.
Words of the same meaning aremodeled using variables
Supplementing Descriptionsl Goal descriptions are often omitted– Hampers the matching process
l Supplements them from ancestors
10
A suppliermails a product
Get the addressfrom a customer
A supplier getsthe address from
a customer
Goals and goal descriptions Surface structures
Lexical analyzer
verb subject direct object indirect object
Mail Supplier Product −
verb subject direct object indirect object
Get − Address Customer
verb subject direct object indirect object
Get Supplier Address Customer
Goal-to-CF Translation
11[1] Nakamura et al.: Terminology Matching of Requirements Specification Documents and Regulations for Compliance Checking. In Proc. RELAW 2015.
Dictionary of case frames
Candidates of case frame close to Get
...
1st
10th
Dictionary ofhierarchical concepts
Thing
Address
Human
Customer,Supplier
“A supplier gets the address from a customer”
Surface structure Ranked CFs
... ...
verb actor object source
Acquire Supplier Address Customer
Learn − Address −
verb actor object source
Acquire Human Thing Human
Learn − Thing −
verb subject direct object
indirect object
Get Supplier Address Customer
CFmatching [1]
Goal-Regulation Matching
12
Regulationin CFs
Dictionary ofhierarchical concepts
Personal information
Address
Thing
Telephone number
Situation Obligation of Act
x = SupplierPersonal information = Address
y = Customer
A supplier notifiesa customer of the
purpose of utilization
New goal to be added
A supplier getsthe address
from a customer
✔ ✔
Get the addressfrom a customer
Supplement
verb actor object source
Acquire x Personal information y
verb actor object target
Notify x Purpose of utilization y
Acquire Supplier Address Customer
✔Similar! x notifies y of the
purpose of utilization
Goal Generation Patterns
13
Obligation
Prohibition
Exemption (+Obligation)
Permission (+Prohibition)
G1: Or
G2: Oa
G1: Pr
G2:Check ¬Pa
G1: Or
G2:If ¬Er, Oa
G3: Er
G1: Pr
G2: If ¬Fr ,check ¬Pa
G3:If Fr , Pa
Obligation and Exemptionl Generate a goal to force the act part
14
G1: Or
G2: Oa
Situation part
act part
Obligation Exemption + Obligation
G1: Or
G2:If ¬Er, Oa G3: Er
If exemption condition doesn’t hold,follow the obligation
Exemptionconditionholds
Prohibition and Permissionl Generate a goal to check whether prohibition happens
15
Prohibition Permission + Prohibition
15
G1: Pr
G2:Check ¬Pa
Situation part
Checking whetherthe prohibited actdoes not happen
G1: Pr
G2: If ¬Fr ,check ¬Pa
G3:If Fr , Pa
If permission doesn’t hold,check the prohibited act
If permission holds, allow the prohibited act
Adding Generated Goall Preserving the logical meaning
17
A supplier notifiesa customer of the
purpose of utilization
New goal
A supplier mailsa Product
Get the addressfrom a customer
Deliver aproduct toa carrier
Bytelephone
ByE-mail
OR decomposition
A supplier mailsa Product
Get the addressfrom a customer
Deliver aproduct toa carrier
Bytelephone
ByE-mail
A supplier notifiesa customer of the
purpose of utilizationIntermediategoal
AND
OR
Implementationl Architecture– Extension of a GORA editor [1]– Target language: Japanese• Language resource: EDR dictionary [2]• Lexical analyzer: Cabocha [3]
l Features– Automated application of the matching process– Automated generation of goals to avoid incompliance
18
[1] Saeki et al.: A tool for attributed goal-oriented requirements analysis. In Proc. ASE 2009.[2] EDR electronic dictionary,http://www2.nict.go.jp/out-promotion/techtransfer/EDR/J_index.html[3] Cabocha, http://taku910.github.io/cabocha/
Evaluationl Q1 (Detection Accuracy):
How many occurrences of regulatory violation can be identified?
l Q2 (Solution Acceptance):Can regulatory violations be resolved by the suggested sub-goals?
19
Creators ofground truths
--------------------------------
Regulations
Examples
Proposed modifications
Supportingtool
Correct answer of
the violation goals
Identification resultsby tool
Modifiedgoal model
Comparisonresults
Experimentenforcer
Q2
Precision, recall
Creators ofGround truths
(the same persons)
Q1
Systems and Actsl Case 1: Online shopping (like Amazon)– # goals: 31, max depth: 4– Related acts (7 articles):• Act on Protection of Personal Information• Act on Specified Commercial Transactions • Act against Unjustifiable Premiums and Misleading
Representations
l Case 2: Pet shopping– # goals: 19, max depth: 4– Related acts (7 articles):• Act on Welfare and Management of Animals
Q1: Detection AccuracyResults
l ~Half of violations were correctly detected– Precision 47%, Recall 50%– The existing technique [1] missed these all violations
21
0%
20%
40%
60%
80%
100%
Online Pet Total
Precision
Recall
75% 75%
30%27%
50%47%
6/8 6/8
3/10 3/119/18 9/19
[1]Nakamura et al.: Terminology Matching of Requirements Specification Documents and Regulations for Compliance Checking. In Proc. RELAW 2015.
Q2: Solution AcceptanceResults
l Solutions were accepted in most cases– 73% of violations were resolved– 93% of violations were (at least partially) resolved
l Negative results were mainly due toinappropriate patterns
22
Resolved Resolved alternatively Resolved partially Not resolved Unknown
43% 20% 3%30% 3%
Related Workl Extension of existing requirements model– URN framework extension for regulatory
compliance [1]– KAOS extension for regulatory compliance [2]→Although they can confirm incompliance, they did not support the derivation of requirements to avoid incompliance
l i* extension using NOMOS model– It can deduce requirements to avoid incompliance [3]– It requires to learn the extended model
[1] Ghanavati et al.: Goal-oriented compliance with multiple regulations. In Proc. RE 2014.[2] Ishikawa et al.: Modeling, Analyzing and Weaving Legal Interpretations in Goal-Oriented Requirements Engineering. In Proc. RELAW 2009.[3] Siena et al.: A meta-model for modelling law-compliant requirements. In Prco. RELAW 2009. 23
ConclusionPurpose
l To derive this kind of fixes, we need ...1. Detecting regulatory incompliant (violated) goals2. Adding goals to avoid regulatory violations
3
A suppliermails a product
Get the addressfrom a customer
Delivera product to
a carrier
A suppliernotifies a customerof the purpose of
utilization
Article 18, Act on the Protection of Personal InformationWhen having acquired personal information, a business operator shall promptly notify the person of the purpose of utilization.
A suppliermails a product
Get the addressfrom a customer
Delivera product to
a carrier
Goal-Regulation Matching
12
Regulationin CFs
Dictionary ofhierarchical concepts
Personal information
Address
Thing
Telephone number
Situation Obligation of Act
x = SupplierPersonal information = Address
y = Customer
A supplier notifiesa customer of the
purpose of utilization
New goal to be added
A supplier getsthe address
from a customer
� �
Get the addressfrom a customer
Supplement
verb actor object source
Acquire x Personal information y
verb actor object target
Notify x Purpose of utilization y
Acquire Supplier Address Customer
�Similar! x notifies y of the
purpose of utilization
Goal Generation Patterns
13
Obligation
Prohibition
Exemption (+Obligation)
Permission (+Prohibition)
G1: Or
G2: Oa
G1: Pr
G2:Check ¬Pa
G1: Or
G2:If ¬Er, Oa
G3: Er
G1: Pr
G2: If ¬Fr ,check ¬Pa
G3:If Fr , Pa
Q1: Detection Accuracy
Results
l ~Half of violations were correctly detected
– Precision 47%, Recall 50%
– The existing technique [1] missed these all violations
21
0%20%40%60%80%
100%
Online
Pet
Total
Precision
Recall
75% 75%
30%27%
50%47%
6/8 6/8
3/10 3/11
9/18 9/19
[1]Nakamura et al.: Terminology Matching of Requirements Specification Documents and Regulations for Compliance Checking. In Proc. RELAW 2015.
Q2: Solution AcceptanceResults
l Solutions were accepted in most cases
– 73% of violations were resolved
– 93% of violations were (at least partially) resolved
l Negative results were mainly due to
inappropriate patterns
22
Resolved Resolved alternatively Resolved partially Not resolved Unknown43%20% 3%
30%
3%
Creditsl Judge hammer | ssalonso | Flickr– https://www.flickr.com/photos/ssalonso/3989418655