Towards Variability-Aware Legal-GRL Framework for Modeling Compliance Requirements

Sara Sartoli; Sepideh Ghanavati; Akbar Siami Namin

doi:10.1109/ESPRE51200.2020.00007

Towards Variability-Aware Legal-GRL Framework for Modeling Compliance Requirements

Sara Sartoli, Sepideh Ghanavati, Akbar Siami Namin

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Scopus citations

Abstract

The increasing adoption of cloud computing is making operating environments highly dynamic and changing. Once an operating environment condition (e.g., geographical location of data) changes, the compliance requirements might alsochange. To ensure that compliance requirements are continuouslymet, there is a need for frameworks that not only support modeling regulations, but also capture the potential environment variabilities and conditions in a systematic way. This paper introduces Variability-Aware Legal-GRL (Goal-oriented Requirements Language) framework for modeling compliance requirements in the presence of runtime changes. We extend the Goal-oriented Requirements Language (GRL) with new elements and model construction rules to model context-Aware privacy policies for dynamic multi-jurisdictional domains as well as features for monitoring changes that trigger adaptation. We motivate and illustrate the proposed framework using Health Insurance Portability and Accountability Act (HIPAA) and Personal Health Information Protection Act (PHIPA) statements. The proposed modeling framework allows software engineers to automatically quantify and analyze satisfaction level of security and privacy related top level goals for multiple software design alternatives and thus, choose the best set of privacy measures.

Original language	English
Title of host publication	Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	7-12
Number of pages	6
ISBN (Electronic)	9781728183466
DOIs	https://doi.org/10.1109/ESPRE51200.2020.00007
State	Published - Aug 2020
Event	7th International Workshop on Evolving Security and Privacy Requirements Engineering, ESPRE 2020 - Zurich, Switzerland Duration: Aug 31 2020 → …

Publication series

Name	Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020

Conference

Conference	7th International Workshop on Evolving Security and Privacy Requirements Engineering, ESPRE 2020
Country/Territory	Switzerland
City	Zurich
Period	08/31/20 → …

Keywords

Adaptive Privacy
Adaptive Software
Dynamic Access Control
Goal Modeling
Legal Requirements

Access to Document

10.1109/ESPRE51200.2020.00007

Cite this

Sartoli, S., Ghanavati, S., & Siami Namin, A. (2020). Towards Variability-Aware Legal-GRL Framework for Modeling Compliance Requirements. In Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020 (pp. 7-12). Article 9223990 (Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ESPRE51200.2020.00007

Sartoli, Sara ; Ghanavati, Sepideh ; Siami Namin, Akbar. / Towards Variability-Aware Legal-GRL Framework for Modeling Compliance Requirements. Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020. Institute of Electrical and Electronics Engineers Inc., 2020. pp. 7-12 (Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020).

@inproceedings{56342917d9c24484a5fe5803e1c978f2,

title = "Towards Variability-Aware Legal-GRL Framework for Modeling Compliance Requirements",

abstract = "The increasing adoption of cloud computing is making operating environments highly dynamic and changing. Once an operating environment condition (e.g., geographical location of data) changes, the compliance requirements might alsochange. To ensure that compliance requirements are continuouslymet, there is a need for frameworks that not only support modeling regulations, but also capture the potential environment variabilities and conditions in a systematic way. This paper introduces Variability-Aware Legal-GRL (Goal-oriented Requirements Language) framework for modeling compliance requirements in the presence of runtime changes. We extend the Goal-oriented Requirements Language (GRL) with new elements and model construction rules to model context-Aware privacy policies for dynamic multi-jurisdictional domains as well as features for monitoring changes that trigger adaptation. We motivate and illustrate the proposed framework using Health Insurance Portability and Accountability Act (HIPAA) and Personal Health Information Protection Act (PHIPA) statements. The proposed modeling framework allows software engineers to automatically quantify and analyze satisfaction level of security and privacy related top level goals for multiple software design alternatives and thus, choose the best set of privacy measures.",

keywords = "Adaptive Privacy, Adaptive Software, Dynamic Access Control, Goal Modeling, Legal Requirements",

author = "Sara Sartoli and Sepideh Ghanavati and {Siami Namin}, Akbar",

note = "Publisher Copyright: {\textcopyright} 2020 IEEE.; 7th International Workshop on Evolving Security and Privacy Requirements Engineering, ESPRE 2020 ; Conference date: 31-08-2020",

year = "2020",

month = aug,

doi = "10.1109/ESPRE51200.2020.00007",

language = "English",

series = "Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "7--12",

booktitle = "Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020",

}

Sartoli, S, Ghanavati, S & Siami Namin, A 2020, Towards Variability-Aware Legal-GRL Framework for Modeling Compliance Requirements. in Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020., 9223990, Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020, Institute of Electrical and Electronics Engineers Inc., pp. 7-12, 7th International Workshop on Evolving Security and Privacy Requirements Engineering, ESPRE 2020, Zurich, Switzerland, 08/31/20. https://doi.org/10.1109/ESPRE51200.2020.00007

Towards Variability-Aware Legal-GRL Framework for Modeling Compliance Requirements. / Sartoli, Sara; Ghanavati, Sepideh; Siami Namin, Akbar.
Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020. Institute of Electrical and Electronics Engineers Inc., 2020. p. 7-12 9223990 (Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Towards Variability-Aware Legal-GRL Framework for Modeling Compliance Requirements

AU - Sartoli, Sara

AU - Ghanavati, Sepideh

AU - Siami Namin, Akbar

PY - 2020/8

Y1 - 2020/8

N2 - The increasing adoption of cloud computing is making operating environments highly dynamic and changing. Once an operating environment condition (e.g., geographical location of data) changes, the compliance requirements might alsochange. To ensure that compliance requirements are continuouslymet, there is a need for frameworks that not only support modeling regulations, but also capture the potential environment variabilities and conditions in a systematic way. This paper introduces Variability-Aware Legal-GRL (Goal-oriented Requirements Language) framework for modeling compliance requirements in the presence of runtime changes. We extend the Goal-oriented Requirements Language (GRL) with new elements and model construction rules to model context-Aware privacy policies for dynamic multi-jurisdictional domains as well as features for monitoring changes that trigger adaptation. We motivate and illustrate the proposed framework using Health Insurance Portability and Accountability Act (HIPAA) and Personal Health Information Protection Act (PHIPA) statements. The proposed modeling framework allows software engineers to automatically quantify and analyze satisfaction level of security and privacy related top level goals for multiple software design alternatives and thus, choose the best set of privacy measures.

AB - The increasing adoption of cloud computing is making operating environments highly dynamic and changing. Once an operating environment condition (e.g., geographical location of data) changes, the compliance requirements might alsochange. To ensure that compliance requirements are continuouslymet, there is a need for frameworks that not only support modeling regulations, but also capture the potential environment variabilities and conditions in a systematic way. This paper introduces Variability-Aware Legal-GRL (Goal-oriented Requirements Language) framework for modeling compliance requirements in the presence of runtime changes. We extend the Goal-oriented Requirements Language (GRL) with new elements and model construction rules to model context-Aware privacy policies for dynamic multi-jurisdictional domains as well as features for monitoring changes that trigger adaptation. We motivate and illustrate the proposed framework using Health Insurance Portability and Accountability Act (HIPAA) and Personal Health Information Protection Act (PHIPA) statements. The proposed modeling framework allows software engineers to automatically quantify and analyze satisfaction level of security and privacy related top level goals for multiple software design alternatives and thus, choose the best set of privacy measures.

KW - Adaptive Privacy

KW - Adaptive Software

KW - Dynamic Access Control

KW - Goal Modeling

KW - Legal Requirements

UR - http://www.scopus.com/inward/record.url?scp=85095424530&partnerID=8YFLogxK

U2 - 10.1109/ESPRE51200.2020.00007

DO - 10.1109/ESPRE51200.2020.00007

M3 - Conference contribution

AN - SCOPUS:85095424530

T3 - Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020

SP - 7

EP - 12

BT - Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 7th International Workshop on Evolving Security and Privacy Requirements Engineering, ESPRE 2020

Y2 - 31 August 2020

ER -

Sartoli S, Ghanavati S, Siami Namin A. Towards Variability-Aware Legal-GRL Framework for Modeling Compliance Requirements. In Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020. Institute of Electrical and Electronics Engineers Inc. 2020. p. 7-12. 9223990. (Proceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020). doi: 10.1109/ESPRE51200.2020.00007

Towards Variability-Aware Legal-GRL Framework for Modeling Compliance Requirements

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this