Terminology Matching ofRequirements Specification Documents and Regulationsfor Compliance Checking
Tokyo Institute of Technology, Japan
Ryotaro Nakamura, Yu Negishi,Shinpei Hayashi, and Motoshi Saeki
1
2
Goal: Regulation-Compliant Requirements Elicitation Many regulations, laws, rules, etc. to follow
How to obtain requirements compliant to regulations?☞Verification & Validation to check compliance
after/during eliciting requirements
3
Our Approach:
Systematic Checking Formal and iterative ways to improve
compliance!
RequirementsSpecification
RegulationRegulation
RegulationRegulation
Systematic checkof complianceFeedback
Compliance Checkingw/ Model Checker [Saeki 09]
4
RegulationRegulationRegulation
Regulation
Compliance checking using
Model Checker
Feedback
Actor
UC1
S1 S2
State transition diag.
Use case desc.
Logical formula
Requirements Specification
p → AF q
Regulation[Act on the Protection of Personal Information]Use case description
Terminology Matching
5
...3. The system gets from
a customer her address....6. The system notifies the
purpose of utilizationto the customer.
When having acquired personal information, a business operator handling personal information shall, ..., promptly notify the person of the Purpose of Utilization or publicly announce the Purpose of Utilization.
How to associate these sentences?
Regulation[Act on the Protection of Personal Information]Use case description
6
Case Grammar Approach
Requires semantic relationship of words6
3. The system gets froma customer her address
When having acquired personal information, a business operator handling personal information shall, ...
(Get,actor: System,object: Address,source: Customer)
(Acquire,actor: Business operator,object: Personal information,source: Person)
Dictionaries
Overview of Our Technique
7
State transition model
Use casedesc.
Case framesw/ concepts
Sentencesin case
frame form
Prop
ertie
s
concepthierarchy
: :
Caseframes
Regulations
Detectingconcepts
Generatingprops.
Words
Modelchecker
1st step 2nd stepChecking
consistency
Step 1: Detecting Concepts
8
verb actor object source
Learn Human |Organization
Habit |Studies
Human |Organization
verb actor object source
Acquire Human |Organization
Thing Human |Organization
Dictionary of Case Frames
“The system gets from thecustomer her address”
Case Structure
verb actor object source
Get System Address Customer
P
System Address Customer
Customer
HumanThing
Address
Dictionary of Hierarchical Concepts
Get
AcquireLearn
Term
Personal information Person
✘
✔
Institution
OrganizationBusinessoperator
Step 2: Instantiating Property Template
9
(Acquire, ...)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...))
verb actor object source
Get System Address Customer
Case frame from RD
Template
Instantiate everypossible candidates
(Get, System, Address, Customer)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...)
(Get, System, Address, Customer)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...))
(Get, System, Address, Customer)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...))
10
Implementation Components
– Cabocha (Japanese lexical and dep. analyzer)– NuSMV (Model checker)– Dictionary: EDR Japanese dictionary
# words # concepts # framesFrom EDR dic. 270000 410000 13000Newly added by us 61 59 10
11
Case Studies and Acts Case 1: Online shopping (like Amazon)
– Act on Protection of Personal Information• Article 18
– Act on Regulation of Transmission of Specified Electronic Mail• Article 3
– Act on Specified Commercial Transactions • Articles 11 and 13
Case 2: Pet Store– Act on Welfare and Management of Animals
• Articles 21 and 22
12
Case 1: Online Shopping Including 16 use cases
Show
Change password
Send an ad-mail
Reject receiving ad-mails
Confirm privacy policy
Remove an item from the cart
Open the items of the cart
<<include>>
Sign up
Customer Admin
Log out
Delete account
Display the detail of an item
Add an item to the cart
<<include>>
Open search page
<<include>>
<<include>>
Log in
<<include>>
Check out
Accept receiving ad-mails
<<include>>
Open account setting page
13
Case 1: Results
Precision: 0.50 (4/8) Recall: 0.66 (4/6) Reason of failures:
– Structural differences of case frames• “System receives payment” vs. “System approves payment”
– Regardless of relationships between formulas
14
Case 2: Pet Store Confirmed violation by comparing the results
– Operator shall show a buyer the cats/dogs that she likes to by directly in advance
Reserve an appointmentto see cats/dogs
Registeranimals
Showcats/dogs
suggested to add
15
Concluding Remarks Conclusion
– A technique to support matching the words in a RD and regulations for checking the consistency
– Word matching based on the concept hierarchy– Confirmed the feasibility
Future work– Improving accuracy of matching– Larger case studies
Top Related