Travis D. Breaux Carnegie Mellon University Travis D. Breaux
Associate Professor of Computer Science
Institute for Software Research
School of Computer Science
5000 Forbes Avenue, Pittsburgh, PA 15213
Office:
Tel:
Fax:
E-mail:
5103 Wean Hall
412-268-7334
412-268-3455

Links: Home | Research | Teaching | Publications | Biography | Vitae

Title: Legal Requirements Acquisition for the Specification of Legally Compliant Information Systems
Author: Travis D. Breaux

Abstract: U.S. federal and state regulations impose mandatory and discretionary requirements on industry-wide business practices to achieve non-functional, societal goals such as improved accessibility, privacy and safety. The structure and syntax of regulations affects how well software engineers identify and interpret legal requirements. Inconsistent interpretations can lead to non-compliance and violations of the law. To support software engineers who must comply with these regulations, I propose a Frame-Based Requirements Analysis Method (FBRAM) to acquire and specify legal requirements from U.S. federal regulatory documents. The legal requirements are systematically specified using a reusable, domain-independent upper ontology, natural language phrase heuristics, a regulatory document model and a frame-based markup language. The methodology maintains traceability from regulatory statements and phrases to formal properties in a frame-based model and supports the resolution of multiple types of legal ambiguity. The methodology is supported by a software prototype to assist engineers with applying the model and with analyzing legal requirements. This work is validated in three domains, information privacy, information accessibility and aviation safety, which are governed by the Health Insurance Portability and Accountability Act of 1996, the Rehabilitation Act Amendments of 1998, and the Federal Aviation Act of 1958, respectively.

Complete Dissertation(Download PDF) (BibTeX)


Chapter 1: Introduction

  • Introduces the problem, background and related work.

Chapter 2: Abstract Model

  • Defines the abstract model, which formalizes a grounded theory of legal requirements acquisition.

Chapter 3: Validity and Empirical Design

  • Describes the empirical multi-case study and experimental designs.

Chapter 4: Findings of the Multi-case Study

  • Reports the multi-case study findings.

Chapter 5: Findings of the Experiment

  • Reports the human subject experimental findings.

Chapter 6: Conclusion

  • Reports limitations and future work to support broader research goals in legal software compliance.

Appendices

  • Appendix A: Acts of United States Congress
  • Appendix B: The Frame-based Markup Grammar
  • Appendix C: The Document Model XML Schema
  • Appendix D: Transaction and Delegation Verbs
  • Appendix E: Qualitative Requirements Metrics

Bibliography