New laws,such as HIPAA and SOX,are increasingly impacting the design of software systems,as business organisations strive to comply. This paper studies the problem of generating a set of requirements for a new system which comply with a given law. Specifically,the paper proposes a systematic process for generating law-compliant requirements by using a taxonomy of legal concepts and a set of primitives to describe stakeholders and their strategic goals. Given a model of law and a model of stakeholders goals,legal alternatives are identified and explored. Strategic goals that can realise legal prescriptions are systematically analysed,and alternative ways of fulfilling a law are evaluated. The approach is demonstrated by means of a case study. This work is part of the Nomos framework,intended to support the design of law-compliant requirements models.
Formalization and validation of a subset of the European Train Control System
Cimatti, Alessandro;Macchi, Luca;Roveri, Marco;Susi, Angelo;Tonetta, Stefano;
2010-01-01
Abstract
New laws,such as HIPAA and SOX,are increasingly impacting the design of software systems,as business organisations strive to comply. This paper studies the problem of generating a set of requirements for a new system which comply with a given law. Specifically,the paper proposes a systematic process for generating law-compliant requirements by using a taxonomy of legal concepts and a set of primitives to describe stakeholders and their strategic goals. Given a model of law and a model of stakeholders goals,legal alternatives are identified and explored. Strategic goals that can realise legal prescriptions are systematically analysed,and alternative ways of fulfilling a law are evaluated. The approach is demonstrated by means of a case study. This work is part of the Nomos framework,intended to support the design of law-compliant requirements models.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
