Carnegie Mellon University
file.pdf (345.96 kB)

A Method to Acquire Compliance Monitors from Regulations

Download (345.96 kB)
journal contribution
posted on 2010-09-01, 00:00 authored by Travis BreauxTravis Breaux

Developing software systems in heavily regulated industries requires methods to ensure systems comply with regulations and law. A method to acquire finite state machines (FSM) from stakeholder rights and obligations for compliance monitoring is proposed. Rights and obligations define what people are permitted or required to do; these rights and obligations affect software requirements and design. The FSM allows stakeholders, software developers and compliance officers to trace events through the invocation of rights and obligations as pre- and post-conditions. Compliance is monitored by instrumenting runtime systems to report these events and detect violations. Requirements and software engineers specify the rights and obligations, and apply the method using three supporting tasks: 1) identify under-specifications, 2) balance rights with obligations, and 3) generate finite state machines. Preliminary validation of the method includes FSMs generated from U.S. healthcare regulations and tool support to parse these specifications and generate the FSMs.


Publisher Statement

© 2010 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.



Usage metrics


    Ref. manager