Terminology Matching of Requirements Specification Documents and Regulations for Compliance Checking

Terminology Matching ofRequirements Specification Documents and Regulationsfor Compliance Checking

Tokyo Institute of Technology, Japan

Ryotaro Nakamura, Yu Negishi,Shinpei Hayashi, and Motoshi Saeki

1

2

Goal: Regulation-Compliant Requirements Elicitation Many regulations, laws, rules, etc. to follow

How to obtain requirements compliant to regulations?☞Verification & Validation to check compliance

after/during eliciting requirements

3

Our Approach:

Systematic Checking Formal and iterative ways to improve

compliance!

RequirementsSpecification

RegulationRegulation

RegulationRegulation

Systematic checkof complianceFeedback

Compliance Checkingw/ Model Checker [Saeki 09]

4

RegulationRegulationRegulation

Regulation

Compliance checking using

Model Checker

Feedback

Actor

UC1

S1 S2

State transition diag.

Use case desc.

Logical formula

Requirements Specification

p → AF q

Regulation[Act on the Protection of Personal Information]Use case description

Terminology Matching

5

...3. The system gets from

a customer her address....6. The system notifies the

purpose of utilizationto the customer.

When having acquired personal information, a business operator handling personal information shall, ..., promptly notify the person of the Purpose of Utilization or publicly announce the Purpose of Utilization.

How to associate these sentences?

Regulation[Act on the Protection of Personal Information]Use case description

6

Case Grammar Approach

Requires semantic relationship of words6

3. The system gets froma customer her address

When having acquired personal information, a business operator handling personal information shall, ...

(Get,actor: System,object: Address,source: Customer)

(Acquire,actor: Business operator,object: Personal information,source: Person)

Dictionaries

Overview of Our Technique

7

State transition model

Use casedesc.

Case framesw/ concepts

Sentencesin case

frame form

Prop

ertie

s

concepthierarchy

: :

Caseframes

Regulations

Detectingconcepts

Generatingprops.

Words

Modelchecker

1st step 2nd stepChecking

consistency

Step 1: Detecting Concepts

8

verb actor object source

Learn Human |Organization

Habit |Studies

Human |Organization

verb actor object source

Acquire Human |Organization

Thing Human |Organization

Dictionary of Case Frames

“The system gets from thecustomer her address”

Case Structure

verb actor object source

Get System Address Customer

P

System Address Customer

Customer

HumanThing

Address

Dictionary of Hierarchical Concepts

Get

AcquireLearn

Term

Personal information Person

✘

✔

Institution

OrganizationBusinessoperator

Step 2: Instantiating Property Template

9

(Acquire, ...)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...))

verb actor object source

Get System Address Customer

Case frame from RD

Template

Instantiate everypossible candidates

(Get, System, Address, Customer)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...)

(Get, System, Address, Customer)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...))

(Get, System, Address, Customer)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...))

10

Implementation Components

– Cabocha (Japanese lexical and dep. analyzer)– NuSMV (Model checker)– Dictionary: EDR Japanese dictionary

# words # concepts # framesFrom EDR dic. 270000 410000 13000Newly added by us 61 59 10

11

Case Studies and Acts Case 1: Online shopping (like Amazon)

– Act on Protection of Personal Information• Article 18

– Act on Regulation of Transmission of Specified Electronic Mail• Article 3

– Act on Specified Commercial Transactions • Articles 11 and 13

Case 2: Pet Store– Act on Welfare and Management of Animals

• Articles 21 and 22

12

Case 1: Online Shopping Including 16 use cases

Show

Change password

Send an ad-mail

Reject receiving ad-mails

Confirm privacy policy

Remove an item from the cart

Open the items of the cart

<<include>>

Sign up

Customer Admin

Log out

Delete account

Display the detail of an item

Add an item to the cart

<<include>>

Open search page

<<include>>

<<include>>

Log in

<<include>>

Check out

Accept receiving ad-mails

<<include>>

Open account setting page

13

Case 1: Results

Precision: 0.50 (4/8) Recall: 0.66 (4/6) Reason of failures:

– Structural differences of case frames• “System receives payment” vs. “System approves payment”

– Regardless of relationships between formulas

14

Case 2: Pet Store Confirmed violation by comparing the results

– Operator shall show a buyer the cats/dogs that she likes to by directly in advance

Reserve an appointmentto see cats/dogs

Registeranimals

Showcats/dogs

suggested to add

15

Concluding Remarks Conclusion

– A technique to support matching the words in a RD and regulations for checking the consistency

– Word matching based on the concept hierarchy– Confirmed the feasibility

Future work– Improving accuracy of matching– Larger case studies