Terminology Matching ofRequirements Specification Documents and Regulationsfor Compliance Checking

Tokyo Institute of Technology, Japan

Ryotaro Nakamura, Yu Negishi,Shinpei Hayashi, and Motoshi Saeki

1

2

Goal: Regulation-Compliant Requirements Elicitation Many regulations, laws, rules, etc. to follow

How to obtain requirements compliant to regulations?☞Verification & Validation to check compliance

after/during eliciting requirements

3

Our Approach:

Systematic Checking Formal and iterative ways to improve

compliance!

RequirementsSpecification

RegulationRegulation

RegulationRegulation

Systematic checkof complianceFeedback

Compliance Checkingw/ Model Checker [Saeki 09]

4

RegulationRegulationRegulation

Regulation

Compliance checking using

Model Checker

Feedback

Actor

UC1

S1 S2

State transition diag.

Use case desc.

Logical formula

Requirements Specification

p → AF q

Regulation[Act on the Protection of Personal Information]Use case description

Terminology Matching

5

...3. The system gets from

a customer her address....6. The system notifies the

purpose of utilizationto the customer.

When having acquired personal information, a business operator handling personal information shall, ..., promptly notify the person of the Purpose of Utilization or publicly announce the Purpose of Utilization.

How to associate these sentences?

Regulation[Act on the Protection of Personal Information]Use case description

6

Case Grammar Approach

Requires semantic relationship of words6

3. The system gets froma customer her address

When having acquired personal information, a business operator handling personal information shall, ...

(Get,actor: System,object: Address,source: Customer)

(Acquire,actor: Business operator,object: Personal information,source: Person)

Dictionaries

Overview of Our Technique

7

State transition model

Use casedesc.

Case framesw/ concepts

Sentencesin case

frame form

Prop

ertie

s

concepthierarchy

: :

Caseframes

Regulations

Detectingconcepts

Generatingprops.

Words

Modelchecker

1st step 2nd stepChecking

consistency

Step 1: Detecting Concepts

8

verb actor object source

Learn Human |Organization

Habit |Studies

Human |Organization

verb actor object source

Acquire Human |Organization

Thing Human |Organization

Dictionary of Case Frames

“The system gets from thecustomer her address”

Case Structure

verb actor object source

Get System Address Customer

P

System Address Customer

Customer

HumanThing

Address

Dictionary of Hierarchical Concepts

Get

AcquireLearn

Term

Personal information Person

✘

✔

Institution

OrganizationBusinessoperator

Step 2: Instantiating Property Template

9

(Acquire, ...)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...))

verb actor object source

Get System Address Customer

Case frame from RD

Template

Instantiate everypossible candidates

(Get, System, Address, Customer)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...)

(Get, System, Address, Customer)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...))

(Get, System, Address, Customer)∧ ¬ (Announce, ...)→AF ((Notify, ...) ∨ (Announce, ...))

10

Implementation Components

– Cabocha (Japanese lexical and dep. analyzer)– NuSMV (Model checker)– Dictionary: EDR Japanese dictionary

# words # concepts # framesFrom EDR dic. 270000 410000 13000Newly added by us 61 59 10

11

Case Studies and Acts Case 1: Online shopping (like Amazon)

– Act on Protection of Personal Information• Article 18

– Act on Regulation of Transmission of Specified Electronic Mail• Article 3

– Act on Specified Commercial Transactions • Articles 11 and 13

Case 2: Pet Store– Act on Welfare and Management of Animals

• Articles 21 and 22

12

Case 1: Online Shopping Including 16 use cases

Show

Change password

Send an ad-mail

Reject receiving ad-mails

Confirm privacy policy

Remove an item from the cart

Open the items of the cart

<<include>>

Sign up

Customer Admin

Log out

Delete account

Display the detail of an item

Add an item to the cart

<<include>>

Open search page

<<include>>

<<include>>

Log in

<<include>>

Check out

Accept receiving ad-mails

<<include>>

Open account setting page

13

Case 1: Results

Precision: 0.50 (4/8) Recall: 0.66 (4/6) Reason of failures:

– Structural differences of case frames• “System receives payment” vs. “System approves payment”

– Regardless of relationships between formulas

14

Case 2: Pet Store Confirmed violation by comparing the results

– Operator shall show a buyer the cats/dogs that she likes to by directly in advance

Reserve an appointmentto see cats/dogs

Registeranimals

Showcats/dogs

suggested to add

15

Concluding Remarks Conclusion

– A technique to support matching the words in a RD and regulations for checking the consistency

– Word matching based on the concept hierarchy– Confirmed the feasibility

Future work– Improving accuracy of matching– Larger case studies