Abstract

In modern societies, both business and private life are deeply pervaded by software and information systems. Using software has extended human capabilities, allowing information to cross physical and ethical barriers. To handle misuse dangers, governments are increasingly laying down new laws and introducing obligations, rights and responsibilities concerned with the use of software. As a consequence, laws are assuming a steering role in the specification of software requirements, which must be compliant to avoid fines and penalties. This work proposes a model-based approach to the problem of law compliance of software requirements. It aims at extending state-of-the-art goal-oriented requirements engineering techniques with the capability to argue about compliance, through the use and analysis of models. It is based on a language for modelling legal prescriptions. Upon the language, compliance can be defined as a condition that depends on a set of properties. Such a condition is achieved through an iterative modelling process. Specifically, we investigated the nature of legal prescription to capture their conceptual language. From jurisprudence literature, we adopted a taxonomy of legal concepts, which has been elaborated and translated into a conceptual meta-model. Moreover, this metamodel was integrated with the meta-model of a goal-oriented modelling language for requirements engineering, in order to provide a common legal-intentional meta-model. Requirements models built with the proposed language consist of graphs, which ultimately can be verified automatically. Compliance amounts then in a set of properties the graph must have. The compliance condition gains relevance in two cases. Firstly, when a requirements model has already been developed, and it needs to be reconciled with a set of laws. Secondly, when requirements have to be modelled from scratch, and they are need to be compliant. In both cases, compliance results from a design process. The proposed modelling language, as well as the compliance condition and the corresponding design process, have been applied to two case studies. The obtained results confirm the validity of the approach, and point out interesting research directions for the future.