Pub Date : 2015-08-25DOI: 10.1109/RELAW.2015.7330207
Jaspreet Bhatia, T. Breaux
Privacy policies serve to inform consumers about a company's data practices, and to protect the company from legal risk due to undisclosed uses of consumer data. In addition, US and EU regulators require companies to accurately describe their practices in these policies, and some laws prescribe how companies should write these policies. Despite these aims, privacy policies are frequently criticized for being vague and uninformative. To support and improve the analysis of privacy policies, we report results from constructing an information type lexicon from manual, human annotations and an entity extractor based on part-of-speech tagging. The lexicon was constructed from 3,850 annotations obtained from crowd workers analyzing 15 privacy policies. An entity extractor was designed to extract entities from these annotations. The extractor succeeds at finding entities in 92% of annotations and the lexicon consists of 725 unique entities. Finally, we measured the terminological reuse across all 15 policies and observed the lexicon has a 31-78% chance of containing a word from any previously seen policy.
{"title":"Towards an information type lexicon for privacy policies","authors":"Jaspreet Bhatia, T. Breaux","doi":"10.1109/RELAW.2015.7330207","DOIUrl":"https://doi.org/10.1109/RELAW.2015.7330207","url":null,"abstract":"Privacy policies serve to inform consumers about a company's data practices, and to protect the company from legal risk due to undisclosed uses of consumer data. In addition, US and EU regulators require companies to accurately describe their practices in these policies, and some laws prescribe how companies should write these policies. Despite these aims, privacy policies are frequently criticized for being vague and uninformative. To support and improve the analysis of privacy policies, we report results from constructing an information type lexicon from manual, human annotations and an entity extractor based on part-of-speech tagging. The lexicon was constructed from 3,850 annotations obtained from crowd workers analyzing 15 privacy policies. An entity extractor was designed to extract entities from these annotations. The extractor succeeds at finding entities in 92% of annotations and the lexicon consists of 725 unique entities. Finally, we measured the terminological reuse across all 15 policies and observed the lexicon has a 31-78% chance of containing a word from any previously seen policy.","PeriodicalId":130029,"journal":{"name":"2015 IEEE Eighth International Workshop on Requirements Engineering and Law (RELAW)","volume":"105 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133981090","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-25DOI: 10.1109/RELAW.2015.7330209
Sanaa A. Alwidian, Daniel Amyot
Emerging cyberjustice systems are in need of relevant requirements engineering approaches, for example, to provide citizens with better access to the judicial system. In this context, this paper proposes the use of goal modeling for developing Online Dispute Resolution (ODR) systems in Canada. With ODR, the use of technology has the potential of increasing access to justice at low cost. We argue that a goal-oriented view is needed to capture early requirements about who are the stakeholders, what goals and quality criteria they have and how the various enabling technologies can be combined to meet these goals. A particular case is made for the use of the Goal-oriented Requirement Language (GRL), which covers the above and enables trade-off analysis as well as the introduction of indicators for measurement activities. GRL also has the potential of being used to guide some run-time decisions in ODR systems.
{"title":"Towards systems for increased access to justice using goal modeling","authors":"Sanaa A. Alwidian, Daniel Amyot","doi":"10.1109/RELAW.2015.7330209","DOIUrl":"https://doi.org/10.1109/RELAW.2015.7330209","url":null,"abstract":"Emerging cyberjustice systems are in need of relevant requirements engineering approaches, for example, to provide citizens with better access to the judicial system. In this context, this paper proposes the use of goal modeling for developing Online Dispute Resolution (ODR) systems in Canada. With ODR, the use of technology has the potential of increasing access to justice at low cost. We argue that a goal-oriented view is needed to capture early requirements about who are the stakeholders, what goals and quality criteria they have and how the various enabling technologies can be combined to meet these goals. A particular case is made for the use of the Goal-oriented Requirement Language (GRL), which covers the above and enables trade-off analysis as well as the introduction of indicators for measurement activities. GRL also has the potential of being used to guide some run-time decisions in ODR systems.","PeriodicalId":130029,"journal":{"name":"2015 IEEE Eighth International Workshop on Requirements Engineering and Law (RELAW)","volume":"8 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121002342","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-25DOI: 10.1109/RELAW.2015.7330206
Ryotaro Nakamura, Yu Negishi, Shinpei Hayashi, M. Saeki
To check the consistency between requirements specification documents and regulations by using a model checking technique, requirements analysts generate inputs to the model checker, i.e., state transition machines from the documents and logical formulas from the regulatory statements to be verified as properties. During these generation processes, to make the logical formulas semantically correspond to the state transition machine, analysts should take terminology matching where they look for the words in the requirements document having the same meaning as the words in the regulatory statements and unify the semantically same words. In this paper, by using case grammar approach, we propose an automated technique to reason the meaning of words in requirements specification documents by means of co-occurrence constraints on words in case frames, and to generate from regulatory statements the logical formulas where the words are unified to the words of the requirements documents. We have a feasibility study of our proposal with two case studies.
{"title":"Terminology matching of requirements specification documents and regulations for compliance checking","authors":"Ryotaro Nakamura, Yu Negishi, Shinpei Hayashi, M. Saeki","doi":"10.1109/RELAW.2015.7330206","DOIUrl":"https://doi.org/10.1109/RELAW.2015.7330206","url":null,"abstract":"To check the consistency between requirements specification documents and regulations by using a model checking technique, requirements analysts generate inputs to the model checker, i.e., state transition machines from the documents and logical formulas from the regulatory statements to be verified as properties. During these generation processes, to make the logical formulas semantically correspond to the state transition machine, analysts should take terminology matching where they look for the words in the requirements document having the same meaning as the words in the regulatory statements and unify the semantically same words. In this paper, by using case grammar approach, we propose an automated technique to reason the meaning of words in requirements specification documents by means of co-occurrence constraints on words in case frames, and to generate from regulatory statements the logical formulas where the words are unified to the words of the requirements documents. We have a feasibility study of our proposal with two case studies.","PeriodicalId":130029,"journal":{"name":"2015 IEEE Eighth International Workshop on Requirements Engineering and Law (RELAW)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130314856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-25DOI: 10.1109/RELAW.2015.7330210
Diana Marosin, S. Ghanavati
Implementation and formalisation, alongside with creation, adoption and usage of Enterprise Architecture (EA) principles are hot topics of the current years of EA research. However, the EA community, both academic and professional, misses a consensus on the definitions and use of principles. Furthermore, not much research is done in the direction of measuring the impact (e.g. design restriction) of EA principles. We aim to create a formal framework for measuring and managing this impact manifested by the EA principles on the EA models. Studying the current literature, we noticed there are similarities and differences between EA principles and regulations. The two concepts resemble each other given first, the purpose (both providing a normative guidance on the evolution of the enterprise) and second, the natural language representation and the structural definition (even if most of the time the principles are company specific, they all seem to have common fields in their definition). Principles behave mostly like soft-laws and being non-compliant with them results in fewer penalties and consequences compared to non-compliance with regulations. To that end, we investigate and adapt methods similar to the ones that can be found in requirements engineering for checking and managing regulatory compliance.
{"title":"Measuring and managing the design restriction of enterprise architecture (EA) principles on EA models","authors":"Diana Marosin, S. Ghanavati","doi":"10.1109/RELAW.2015.7330210","DOIUrl":"https://doi.org/10.1109/RELAW.2015.7330210","url":null,"abstract":"Implementation and formalisation, alongside with creation, adoption and usage of Enterprise Architecture (EA) principles are hot topics of the current years of EA research. However, the EA community, both academic and professional, misses a consensus on the definitions and use of principles. Furthermore, not much research is done in the direction of measuring the impact (e.g. design restriction) of EA principles. We aim to create a formal framework for measuring and managing this impact manifested by the EA principles on the EA models. Studying the current literature, we noticed there are similarities and differences between EA principles and regulations. The two concepts resemble each other given first, the purpose (both providing a normative guidance on the evolution of the enterprise) and second, the natural language representation and the structural definition (even if most of the time the principles are company specific, they all seem to have common fields in their definition). Principles behave mostly like soft-laws and being non-compliant with them results in fewer penalties and consequences compared to non-compliance with regulations. To that end, we investigate and adapt methods similar to the ones that can be found in requirements engineering for checking and managing regulatory compliance.","PeriodicalId":130029,"journal":{"name":"2015 IEEE Eighth International Workshop on Requirements Engineering and Law (RELAW)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123811913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-25DOI: 10.1109/RELAW.2015.7330211
S. Ghanavati, T. Breaux
Regulatory definitions establish the scope and boundary for legal statements and provide software designers with means to assess the coverage of their designs under the law. However, the number of phrases that serve to define this boundary in a legal statement are usually large and often a simple legal statement contains or is affected by up to 10 definition-related phrases. In addition, software designers may need to design their software to operate under multiple jurisdictions, which may not use the same terminology to express conditions. Thus, it is necessary for designers to keep track of definitions in one or more regulations and to compare these definitions across jurisdictions. In this paper we report a study to develop a method to analyze and compare natural language definitions across legal texts and how to analyze the legal statements with respect to definitions. Our method helps reduce the number of comparison between definitions across multiple jurisdictions as well as allows software designers keep track of several inter-related definitions in a systematic way.
{"title":"Comparing and analyzing definitions in multi-jurisdictions","authors":"S. Ghanavati, T. Breaux","doi":"10.1109/RELAW.2015.7330211","DOIUrl":"https://doi.org/10.1109/RELAW.2015.7330211","url":null,"abstract":"Regulatory definitions establish the scope and boundary for legal statements and provide software designers with means to assess the coverage of their designs under the law. However, the number of phrases that serve to define this boundary in a legal statement are usually large and often a simple legal statement contains or is affected by up to 10 definition-related phrases. In addition, software designers may need to design their software to operate under multiple jurisdictions, which may not use the same terminology to express conditions. Thus, it is necessary for designers to keep track of definitions in one or more regulations and to compare these definitions across jurisdictions. In this paper we report a study to develop a method to analyze and compare natural language definitions across legal texts and how to analyze the legal statements with respect to definitions. Our method helps reduce the number of comparison between definitions across multiple jurisdictions as well as allows software designers keep track of several inter-related definitions in a systematic way.","PeriodicalId":130029,"journal":{"name":"2015 IEEE Eighth International Workshop on Requirements Engineering and Law (RELAW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130901744","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-25DOI: 10.1109/RELAW.2015.7330208
Radhika Garg, Bram Naudts, S. Verbrugge, B. Stiller
The decision to adopt a new technology in an organization is a complex task because of several Non-Functional Requirements (NFR) e.g., availability, interoperability, and presence of several alternatives, e.g., service providers can offer multiple packages. To support such a decision and to select the best alternative a Trade-off based Adoption Methodology for Cloud-based Infrastructure and Services (TrAdeCIS), based on NFR for cloud-based services, was proposed. This methodology makes the decision based on multi-criteria decision algorithms, namely the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) and the Analytic Network Process (ANP). However, in addition, the decision for adopting cloud-based services is also influenced by the presence of various legal and regulative constraints. Therefore, it is crucial to understand, identify, and model the effect of such constraints on the evaluation of NFR and available alternatives. This paper, therefore, uses the Goal-oriented Requirement Language (GRL) to model the effect of legal and regulative constraints on ranking available alternatives with respect to NFR. The paper also discusses the extensibility and applicability of this methodology to other domains that require evaluating the effect of legal and regulative constraints on the adoption decision. To illustrate this, decisions within the domain providing better voice and data quality on-board train is also discussed in this paper.
决定在组织中采用一项新技术是一项复杂的任务,因为有几个非功能需求(NFR),例如,可用性、互操作性和几个备选方案的存在,例如,服务提供者可以提供多个包。为了支持这样的决策并选择最佳替代方案,提出了基于NFR的基于权衡的基于云的基础设施和服务采用方法(TrAdeCIS)。该方法基于多准则决策算法,即TOPSIS (technical for Order of Preference by Similarity to Ideal Solution)和ANP (analytical Network Process)。然而,此外,采用基于云的服务的决定也受到各种法律和监管限制的影响。因此,理解、识别和模拟这些限制因素对NFR评估和可用替代方案的影响至关重要。因此,本文使用面向目标的需求语言(GRL)来模拟法律和法规约束对NFR可用替代方案排序的影响。本文还讨论了该方法在其他领域的可扩展性和适用性,这些领域需要评估对采用决策的法律和法规约束的影响。为了说明这一点,本文还讨论了在提供更好的语音和数据质量的领域内的决策。
{"title":"Modeling legal and regulative requirements for ranking alternatives of cloud-based services","authors":"Radhika Garg, Bram Naudts, S. Verbrugge, B. Stiller","doi":"10.1109/RELAW.2015.7330208","DOIUrl":"https://doi.org/10.1109/RELAW.2015.7330208","url":null,"abstract":"The decision to adopt a new technology in an organization is a complex task because of several Non-Functional Requirements (NFR) e.g., availability, interoperability, and presence of several alternatives, e.g., service providers can offer multiple packages. To support such a decision and to select the best alternative a Trade-off based Adoption Methodology for Cloud-based Infrastructure and Services (TrAdeCIS), based on NFR for cloud-based services, was proposed. This methodology makes the decision based on multi-criteria decision algorithms, namely the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) and the Analytic Network Process (ANP). However, in addition, the decision for adopting cloud-based services is also influenced by the presence of various legal and regulative constraints. Therefore, it is crucial to understand, identify, and model the effect of such constraints on the evaluation of NFR and available alternatives. This paper, therefore, uses the Goal-oriented Requirement Language (GRL) to model the effect of legal and regulative constraints on ranking available alternatives with respect to NFR. The paper also discusses the extensibility and applicability of this methodology to other domains that require evaluating the effect of legal and regulative constraints on the adoption decision. To illustrate this, decisions within the domain providing better voice and data quality on-board train is also discussed in this paper.","PeriodicalId":130029,"journal":{"name":"2015 IEEE Eighth International Workshop on Requirements Engineering and Law (RELAW)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131018912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-25DOI: 10.1109/RELAW.2015.7330205
Sayonnha Mandal, R. Gandhi, Harvey P. Siy
In this paper, the Nomos 2 framework for modeling law-compliant solutions in software system design is applied in the context of the Federal Information Security Modernization Act (FISMA) of 2014. Information security regulatory statements with a high variability space are examined to explore the utility and limits of the Nomos 2 framework for information security regulations. Additionally, Nomos 2 concepts are modeled in a semantic web representation for reasoning about the applicability and satisfiablity of FISMA regulations for information systems. The use of freely available semantic web toolsets for knowledge modeling and reasoning are demonstrated in an example scenario requiring the determination of FISMA related authorities and functions.
{"title":"Semantic web representations for reasoning about applicability and satisfiability of federal regulations for information security","authors":"Sayonnha Mandal, R. Gandhi, Harvey P. Siy","doi":"10.1109/RELAW.2015.7330205","DOIUrl":"https://doi.org/10.1109/RELAW.2015.7330205","url":null,"abstract":"In this paper, the Nomos 2 framework for modeling law-compliant solutions in software system design is applied in the context of the Federal Information Security Modernization Act (FISMA) of 2014. Information security regulatory statements with a high variability space are examined to explore the utility and limits of the Nomos 2 framework for information security regulations. Additionally, Nomos 2 concepts are modeled in a semantic web representation for reasoning about the applicability and satisfiablity of FISMA regulations for information systems. The use of freely available semantic web toolsets for knowledge modeling and reasoning are demonstrated in an example scenario requiring the determination of FISMA related authorities and functions.","PeriodicalId":130029,"journal":{"name":"2015 IEEE Eighth International Workshop on Requirements Engineering and Law (RELAW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114073964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-25DOI: 10.1109/RELAW.2015.7330212
M. Spichkova, H. Schmidt, Md. Rashed Iqbal Nekvi, N. Madhavji
Developing a system for different contexts (e.g., countries, organisations and situations) means that the requirements for the system can differ in diverse cases. The challenge is to deal with this diversity in a systematic way, taking account of variance in compliance, and avoiding contradictions. In this paper, we describe a framework for analysing the diversity of requirements that emanates from differences in the regulations across the contexts.
{"title":"Structuring diverse regulatory requirements for global product development","authors":"M. Spichkova, H. Schmidt, Md. Rashed Iqbal Nekvi, N. Madhavji","doi":"10.1109/RELAW.2015.7330212","DOIUrl":"https://doi.org/10.1109/RELAW.2015.7330212","url":null,"abstract":"Developing a system for different contexts (e.g., countries, organisations and situations) means that the requirements for the system can differ in diverse cases. The challenge is to deal with this diversity in a systematic way, taking account of variance in compliance, and avoiding contradictions. In this paper, we describe a framework for analysing the diversity of requirements that emanates from differences in the regulations across the contexts.","PeriodicalId":130029,"journal":{"name":"2015 IEEE Eighth International Workshop on Requirements Engineering and Law (RELAW)","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122552028","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: