-
Model Driven Engineering for Data Protection and Privacy: Application and Experience with GDPR
Authors:
Damiano Torre,
Mauricio Alferez,
Ghanem Soltana,
Mehrdad Sabetzadeh,
Lionel Briand
Abstract:
In Europe and indeed worldwide, the General Data Protection Regulation (GDPR) provides protection to individuals regarding their personal data in the face of new technological developments. GDPR is widely viewed as the benchmark for data protection and privacy regulations that harmonizes data privacy laws across Europe. Although the GDPR is highly beneficial to individuals, it presents significant…
▽ More
In Europe and indeed worldwide, the General Data Protection Regulation (GDPR) provides protection to individuals regarding their personal data in the face of new technological developments. GDPR is widely viewed as the benchmark for data protection and privacy regulations that harmonizes data privacy laws across Europe. Although the GDPR is highly beneficial to individuals, it presents significant challenges for organizations monitoring or storing personal information. Since there is currently no automated solution with broad industrial applicability, organizations have no choice but to carry out expensive manual audits to ensure GDPR compliance. In this paper, we present a complete GDPR UML model as a first step towards designing automated methods for checking GDPR compliance. Given that the practical application of the GDPR is influenced by national laws of the EU Member States, we suggest a two-tiered description of the GDPR, generic and specialized. In this paper, we provide (1) the GDPR conceptual model we developed with complete traceability from its classes to the GDPR, (2) a glossary to help understand the model, (3) the plain-English description of 35 compliance rules derived from GDPR along with their encoding in OCL, and (4) the set of 20 variations points derived from GDPR to specialize the generic model. We further present the challenges we faced in our modeling endeavor, the lessons we learned from it, and future directions for research.
△ Less
Submitted 23 July, 2020;
originally announced July 2020.
-
On Systematically Building a Controlled Natural Language for Functional Requirements
Authors:
Alvaro Veizaga,
Mauricio Alferez,
Damiano Torre,
Mehrdad Sabetzadeh,
Lionel Briand
Abstract:
[Context] Natural language (NL) is pervasive in software requirements specifications (SRSs). However, despite its popularity and widespread use, NL is highly prone to quality issues such as vagueness, ambiguity, and incompleteness. Controlled natural languages (CNLs) have been proposed as a way to prevent quality problems in requirements documents, while maintaining the flexibility to write and co…
▽ More
[Context] Natural language (NL) is pervasive in software requirements specifications (SRSs). However, despite its popularity and widespread use, NL is highly prone to quality issues such as vagueness, ambiguity, and incompleteness. Controlled natural languages (CNLs) have been proposed as a way to prevent quality problems in requirements documents, while maintaining the flexibility to write and communicate requirements in an intuitive and universally understood manner. [Objective] In collaboration with an industrial partner from the financial domain, we systematically develop and evaluate a CNL, named Rimay, intended at hel** analysts write functional requirements. [Method] We rely on Grounded Theory for building Rimay and follow well-known guidelines for conducting and reporting industrial case study research. [Results] Our main contributions are: (1) a qualitative methodology to systematically define a CNL for functional requirements; this methodology is general and applicable to information systems beyond the financial domain, (2) a CNL grammar to represent functional requirements; this grammar is derived from our experience in the financial domain, but should be applicable, possibly with adaptations, to other information-system domains, and (3) an empirical evaluation of our CNL (Rimay) through an industrial case study. Our contributions draw on 15 representative SRSs, collectively containing 3215 NL requirements statements from the financial domain. [Conclusion] Our evaluation shows that Rimay is expressive enough to capture, on average, 88% (405 out of 460) of the NL requirements statements in four previously unseen SRSs from the financial domain.
△ Less
Submitted 4 May, 2020;
originally announced May 2020.
-
Towards Industry 4.0: Gap Analysis between Current Automotive MES and Industry Standards using Model-Based Requirement Engineering
Authors:
Manoj Kannan Soundarapandian,
Kunal Suri,
Juan Cadavid,
Ion Barosan,
Mark Van Den Brand,
Mauricio Alferez,
Sebastien Gerard
Abstract:
The dawn of the fourth industrial revolution, Industry 4.0 has created great enthusiasm among companies and researchers by giving them an opportunity to pave the path towards the vision of a connected smart factory ecosystem. However, in context of automotive industry there is an evident gap between the requirements supported by the current automotive manufacturing execution systems (MES) and the…
▽ More
The dawn of the fourth industrial revolution, Industry 4.0 has created great enthusiasm among companies and researchers by giving them an opportunity to pave the path towards the vision of a connected smart factory ecosystem. However, in context of automotive industry there is an evident gap between the requirements supported by the current automotive manufacturing execution systems (MES) and the requirements proposed by industrial standards from the International Society of Automation (ISA) such as, ISA-95, ISA-88 over which the Industry 4.0 is being built on. In this paper, we bridge this gap by following a model-based requirements engineering approach along with a gap analysis process. Our work is mainly divided into three phases, (i) automotive MES tool selection phase, (ii) requirements modeling phase, (iii) and gap analysis phase based on the modeled requirements. During the MES tool selection phase, we used known reliable sources such as, MES product survey reports, white papers that provide in-depth and comprehensive information about various comparison criteria and tool vendors list for the current MES landscape. During the requirement modeling phase, we specified requirements derived from the needs of ISA-95 and ISA-88 industrial standards using the general purpose Systems Modeling Language (SysML). During the gap analysis phase, we find the misalignment between standard requirements and the compliance of the existing software tools to those standards.
△ Less
Submitted 10 April, 2017;
originally announced April 2017.