Automating the Extraction of Rights and Obligations for Regulatory Compliance

Authors:
Nadzeya Kiyavitskaya;Nicola Zeni;Travis D. Breaux;Annie I. Antón;James R. Cordy;Luisa Mich;John Mylopoulos
Affiliations:
Dept. of Information Engineering and Computer Science, University of Trento, Italy;Dept. of Information Engineering and Computer Science, University of Trento, Italy;Dept. of Computer Science, North Carolina State University, U.S.A.;Dept. of Computer Science, North Carolina State University, U.S.A.;School of Computing, Queens University, Kingston, Canada;Dept. of Computer and Management Sciences, University of Trento, Italy;Dept. of Information Engineering and Computer Science, University of Trento, Italy
Venue:
ER '08 Proceedings of the 27th International Conference on Conceptual Modeling
Year:
2008

Citing 16
Cited 6

Knowledge acquisition from prescriptive texts

IEA/AIE '90 Proceedings of the 3rd international conference on Industrial and engineering applications of artificial intelligence and expert systems - Volume 2
Automated analysis of requirement specifications

ICSE '97 Proceedings of the 19th international conference on Software engineering
Automated knowledge acquisition from regulatory texts

IEEE Expert: Intelligent Systems and Their Applications
Using Design Recovery Techniques to Transform Legacy Systems

ICSM '01 Proceedings of the IEEE International Conference on Software Maintenance (ICSM'01)
The two sides of ROI: return on investment vs. risk of incarceration

Communications of the ACM - Transforming China
Analyzing Goal Semantics for Rights, Permissions, and Obligations

RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
EA-Miner: a tool for automating aspect-oriented requirements identification

Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
The TXL source transformation language

Science of Computer Programming - The fourth workshop on language descriptions, tools, and applications (LDTA'04)
The Detection and Classification of Non-Functional Requirements with Application to Early Aspects

RE '06 Proceedings of the 14th IEEE International Requirements Engineering Conference
Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations

RE '06 Proceedings of the 14th IEEE International Requirements Engineering Conference
Extracting rights and obligations from regulations: toward a tool-supported process

Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Analyzing Regulatory Rules for Privacy and Security Requirements

IEEE Transactions on Software Engineering
Semantic parameterization: A process for modeling domain descriptions

ACM Transactions on Software Engineering and Methodology (TOSEM)
Financial Privacy Policies and the Need for Standardization

IEEE Security and Privacy
Text mining through semi automatic semantic annotation

PAKM'06 Proceedings of the 6th international conference on Practical Aspects of Knowledge Management
A lightweight approach to semantic annotation of research papers

NLDB'07 Proceedings of the 12th international conference on Applications of Natural Language to Information Systems

Why Eliciting and Managing Legal Requirements Is Hard

RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Supporting requirements engineers in recognising security issues

REFSQ'11 Proceedings of the 17th international working conference on Requirements engineering: foundation for software quality
Towards semantic methodologies for automatic regulatory compliance support

Proceedings of the 4th workshop on Workshop for Ph.D. students in information & knowledge management
Capturing variability of law with nómos 2

ER'12 Proceedings of the 31st international conference on Conceptual Modeling
Choosing compliance solutions through stakeholder preferences

REFSQ'13 Proceedings of the 19th international conference on Requirements Engineering: Foundation for Software Quality
RTS - an integrated analytic solution for managing regulation changes and their impact on business compliance

Proceedings of the ACM International Conference on Computing Frontiers

Quantified Score

Hi-index	0.00

Visualization

Abstract

Government regulations are increasingly affecting the security, privacy and governance of information systems in the United States, Europe and elsewhere. Consequently, companies and software developers are required to ensure that their software systems comply with relevant regulations, either through design or re-engineering. We previously proposed a methodology for extracting stakeholder requirements, called rights and obligations, from regulations. In this paper, we examine the challenges to developing tool support for this methodology using the Cerno framework for textual semantic annotation. We present the results from two empirical evaluations of a tool called "Gaius T." that is implemented using the Cerno framework and that extracts a conceptual model from regulatory texts. The evaluation, carried out on the U.S. HIPAA Privacy Rule and the Italian accessibility law, measures the quality of the produced models and the tool's effectiveness in reducing the human effort to derive requirements from regulations.