Title :
A method to acquire compliance monitors from regulations
Author :
Breaux, Travis D.
Author_Institution :
Sch. of Comput. Sci., Carnegie Mellon Univ., Pittsburgh, PA, USA
Abstract :
Developing software systems in heavily regulated industries requires methods to ensure systems comply with regulations and law. A method to acquire finite state machines (FSM) from stakeholder rights and obligations for compliance monitoring is proposed. Rights and obligations define what people are permitted or required to do; these rights and obligations affect software requirements and design. The FSM allows stakeholders, software developers and compliance officers to trace events through the invocation of rights and obligations as pre- and post-conditions. Compliance is monitored by instrumenting runtime systems to report these events and detect violations. Requirements and software engineers specify the rights and obligations, and apply the method using three supporting tasks: 1) identify under-specifications, 2) balance rights with obligations, and 3) generate finite state machines. Preliminary validation of the method includes FSMs generated from U.S. healthcare regulations and tool support to parse these specifications and generate the FSMs.
Keywords :
computerised monitoring; finite state machines; formal specification; law; software engineering; finite state machines; healthcare regulation; regulated industry; software design; software developer; software engineer; software requirement; software system development; system regulation; under specification identification; violation detection; Law; Medical services; Monitoring; Privacy; Semantics; Software;
Conference_Titel :
Requirements Engineering and Law (RELAW), 2010 Third International Workshop on
Conference_Location :
Sydney, NSW
Print_ISBN :
978-1-4244-8761-5
Electronic_ISBN :
978-1-4244-8760-8
DOI :
10.1109/RELAW.2010.5625358
