Checking Regulatory Compliance of Business Processes and Information Systems

Saeki, Motoshi; Kaiya, Haruhiko; Hattori, Satoshi

doi:10.1007/978-3-642-20116-5_6

Motoshi Saeki⁴,
Haruhiko Kaiya⁵ &
Satoshi Hattori⁴

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 50))

Included in the following conference series:

International Conference on Software and Data Technologies

497 Accesses
1 Citations

Abstract

In these years, many laws and regulations are being enacted to prevent business processes (BPs) and information systems (ISs) from their malicious users. As a result, it is significant for organizations to ensure that their BPs and ISs comply with these regulations. This paper proposes a technique to apply a formal technique to ensure the regulatory compliance of BP or IS descriptions written in use case models. We translate the use case models of the behavior of BPs and ISs into finite state transition machines. Regulations are represented with computational tree logic (CTL) and their satisfiability are automatically verified using a model checker SMV. The modality of regulations can be specified with temporal operators based on branching time semantics of the CTL in our technique.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Cabinet Office, Government of Japan: Act on the Protection of Personal Information (2003), http://www5.cao.go.jp/seikatsu/kojin/foreign/act.pdf
Castero, P., Maibaum, T.: A Tableaux System for Deontic Action Logic. In: van der Meyden, R., van der Torre, L. (eds.) DEON 2008. LNCS (LNAI), vol. 5076, pp. 34–48. Springer, Heidelberg (2008)
Chapter Google Scholar
Darimont, R., Lemoine, M.: Goal Oriented Analysis of Regulations. In: REMO2V, CAiSE 2006 Workshop, pp. 838–844 (2006)
Google Scholar
Dinesh, N., Joshi, A., Lee, I., Sokolsky, O.: Reasoning about Conditions and Exceptions to Laws in Regulatory Conformance Checking. In: van der Meyden, R., van der Torre, L. (eds.) DEON 2008. LNCS (LNAI), vol. 5076, pp. 110–124. Springer, Heidelberg (2008)
Chapter Google Scholar
Eckoff, T., Sundby, N.: RECHTSSYSTEME (1997)
Google Scholar
Hassan, W., Logrippo, L.: Requirements and Compliance in Legal Systems: a Logic Approach. In: Requirements Engineering and Law (RELAW 2008), pp. 40–44 (2008)
Google Scholar
Jones, A., Sergot, M.: Deontic Logic in the Representation of Law: Towards a Methodology. Aritificial Intelligence and Law 1(1), 45–64 (2004)
Article Google Scholar
Nebut, C., Fleurey, F., Traon, Y., Jezequel, J.M.: Automatic Test Generation: A Use Case Driven Approach. IEEE Transaction on Software Engineering 32(3), 140–155 (2006)
Article Google Scholar
NuSMV: A New Symbolic Model Checker (2007), http://nusmv.fbk.eu/
Otto, P., Anton, A.: Addressing Legal Requirements in Requirements Engineering. In: Proc. of 15th IEEE International Requirements Engineering Conference, pp. 5–14 (2007)
Google Scholar
1st International Workshop on Requirements Engineering and Law (2008), http://www.csc2.ncsu.edu/workshops/relaw/
International Workshop on Regulations Modelling and Their Validation and Verification (REMO2V), CAiSE 2006 Workshop(2006), http://lacl.univ-paris12.fr//REMO2V/
Interdisciplinary Workshop: Regulations Modelling and Deployment (2008), http://lacl.univ-paris12.fr/REMOD08/
Saeki, M., Kaiya, H.: Supporting the Elicitation of requirements Compliant with Regulations. In: Bellahsène, Z., Léonard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 228–242. Springer, Heidelberg (2008)
Chapter Google Scholar
Some, S.: Use case editor (uced), http://www.site.uottawa.ca/~ssome/Use_Case_Editor_UCEd.html
Whittle, J., Jayaraman, P.: Generating Hierarchical State Machines from Use Case Charts. In: Proc. of 14th IEEE Requirements Engineering Conference (RE 2006), pp. 19–28 (2006)
Google Scholar

Download references

Author information

Authors and Affiliations

Dept. of Computer Science, Tokyo Institute of Technology, Ookayama 2-12-1-W8-83, Meguro-ku, Tokyo, 152-8552, Japan
Motoshi Saeki & Satoshi Hattori
Dept. of Computer Science, Shinshu University, Wakasato 4-17-1, Nagano, 380-8553, Japan
Haruhiko Kaiya

Authors

Motoshi Saeki
View author publications
You can also search for this author in PubMed Google Scholar
Haruhiko Kaiya
View author publications
You can also search for this author in PubMed Google Scholar
Satoshi Hattori
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Institute for Systems and Technologies of Information, Control and Communication (INSTICC), Rua do Vale de Chaves, Estefanilha, 2910-761, Setúbal, Portugal
José Cordeiro
INSTICC, Avenida D. Manuel I, 2910, Setúbal, Portugal
AlpeshKumar Ranchordas
Interdisciplinary Institute for Collaboration and Research on Enterprise Systems and Technology – IICREST, P.O. Box 104, 1618, Sofia, Bulgaria
Boris Shishkov

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Saeki, M., Kaiya, H., Hattori, S. (2011). Checking Regulatory Compliance of Business Processes and Information Systems. In: Cordeiro, J., Ranchordas, A., Shishkov, B. (eds) Software and Data Technologies. ICSOFT 2009. Communications in Computer and Information Science, vol 50. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20116-5_6

Download citation

DOI: https://doi.org/10.1007/978-3-642-20116-5_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20115-8
Online ISBN: 978-3-642-20116-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics