Towards Variability-Aware Legal-GRL Framework for Modeling Compliance Requirements

Sara Sartoli, Sepideh Ghanavati, Akbar Siami Namin

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The increasing adoption of cloud computing is making operating environments highly dynamic and changing. Once an operating environment condition (e.g., geographical location of data) changes, the compliance requirements might alsochange. To ensure that compliance requirements are continuouslymet, there is a need for frameworks that not only support modeling regulations, but also capture the potential environment variabilities and conditions in a systematic way. This paper introduces Variability-Aware Legal-GRL (Goal-oriented Requirements Language) framework for modeling compliance requirements in the presence of runtime changes. We extend the Goal-oriented Requirements Language (GRL) with new elements and model construction rules to model context-Aware privacy policies for dynamic multi-jurisdictional domains as well as features for monitoring changes that trigger adaptation. We motivate and illustrate the proposed framework using Health Insurance Portability and Accountability Act (HIPAA) and Personal Health Information Protection Act (PHIPA) statements. The proposed modeling framework allows software engineers to automatically quantify and analyze satisfaction level of security and privacy related top level goals for multiple software design alternatives and thus, choose the best set of privacy measures.

Original languageEnglish
Title of host publicationProceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages7-12
Number of pages6
ISBN (Electronic)9781728183466
DOIs
StatePublished - Aug 2020
Event7th International Workshop on Evolving Security and Privacy Requirements Engineering, ESPRE 2020 - Zurich, Switzerland
Duration: Aug 31 2020 → …

Publication series

NameProceedings - Evolving Security and Privacy Requirements Engineering Workshop, ESPRE 2020

Conference

Conference7th International Workshop on Evolving Security and Privacy Requirements Engineering, ESPRE 2020
Country/TerritorySwitzerland
CityZurich
Period08/31/20 → …

Keywords

  • Adaptive Privacy
  • Adaptive Software
  • Dynamic Access Control
  • Goal Modeling
  • Legal Requirements

Fingerprint

Dive into the research topics of 'Towards Variability-Aware Legal-GRL Framework for Modeling Compliance Requirements'. Together they form a unique fingerprint.

Cite this