ABSTRACT
Regulatory standards, designed to protect the safety, security, and privacy of the public, govern numerous areas of software intensive systems. Project personnel must therefore demonstrate that an as-built system meets all relevant regulatory codes. Current methods for demonstrating compliance rely either on after-the-fact audits, which can lead to significant refactoring when regulations are not met, or else require analysts to construct and use traceability matrices to demonstrate compliance. Manual tracing can be prohibitively time-consuming; however automated trace retrieval methods are not very effective due to the vocabulary mismatches that often occur between regulatory codes and product level requirements. This paper introduces and evaluates two machine-learning methods, designed to improve the quality of traces generated between regulatory codes and product level requirements. The first approach uses manually created traceability matrices to train a trace classifier, while the second approach uses web-mining techniques to reconstruct the original trace query. The techniques were evaluated against security regulations from the USA government's Health Insurance Privacy and Portability Act (HIPAA) traced against ten healthcare related requirements specifications. Results demonstrated improvements for the subset of HIPAA regulations that exhibited high fan-out behavior across the requirements datasets.
- Health Insurance Portability and Accountability Act of 1996 HIPAA, 1996.Google Scholar
- Antoniol, G., Canfora, G., Casazza, G. and De Lucia, A., Information Retrieval Models for Recovering Traceability Links between Code and Documentation. in IEEE Intn'l Conf on Software Maintenance, (San Jose, CA, 2000), 40--51. Google ScholarDigital Library
- Bennett, K. H., Rajlich, V. and 73--87, I.-F.o.S.T., Software maintenance and evolution: a roadmap. in International Conference on Software Engineering - The Future of Software Engineering Track, (2000), 73--87. Google ScholarDigital Library
- Berenbach, B., Gruseman, D., and Cleland-Huang, J., "Application of Just In Time Tracing to Regulatory Codes", Systems Engineering Research, Hoboken, NJ, March, 2010.Google Scholar
- Breaux, T. D. and Anton, A. I. Analyzing Regulatory Rules for Privacy and Security Requirements IEEE Transactions on Software Engineering, 2008, 5--20. Google ScholarDigital Library
- Broder, A., Fontoura, M., Gabrilovich, E., Joshi, A., Josifovski, V. and Zhang, T. Robust Classification of Rare Queries using Web Knowledge. 30th Intn'l ACM SIGIR Conf on Research and Development in Inf. Retrieval, July, 2007 Google ScholarDigital Library
- Cleland-Huang, J., Berenbach, B., Clark, S., Settimi, R. and Romanova, E. Best Practices of Automated Traceability. IEEE Computer, 40 (6). 27--35 Google ScholarDigital Library
- Cleland-Huang, J., Chang, C. K. and Christensen, M. Event-Based Traceability for Managing Evolutionary Change. IEEE Trans. on Software Engineering, 29 (9). 796--810. Google ScholarDigital Library
- Cleland-Huang, J., Settimi, R., Duan, C. and Zou, X. Utilizing Supporting Evidence to Improve Dynamic Requirements Traceability International Requirements Eng. Conf., IEEE, Paris, France, 2005, 135--144. Google ScholarDigital Library
- Cleland-Huang, J., Settimi, R., Zou, X. and P., S. Automated Detection and Classification of Quality Requirements. Reqs. Eng. Jrnl, Springer Verlag, 12 (2), 103--220. Google ScholarDigital Library
- DeLucia, A., Fasano, F., Oliveto, R. and Tortora, G. Enhancing an Artefact Management System with Traceability Recovery Features. Proc. of the 20th Intn'l Conf on Software Maintenance, Chicago, IL (Sept). 306--315. Google ScholarDigital Library
- Duan, C. and Cleland-Huang, J. Clustering Support for Automated Tracing Conference on Automated Software Engineering, IEEE, Atlanta, GA, 2007, 244--253. Google ScholarDigital Library
- Egyed, A. Scenario-Driven Approach to Trace Dependency Analysis. IEEE Trans. on Software Eng., 29 (2) 116--132. Google ScholarDigital Library
- Fawcett, T. ROC Graphs: Notes and Practical Considerations for Researchers HP Labs Technical Report, 2003.Google Scholar
- Gotel, O. and Finkelstein, A. An Analysis of the Requirements Traceability Problem, Intn'l Conf on Requirements Eng., Colorado Springs, CO, USA, 1994.Google Scholar
- Gotel, O. and Finkelstein, A., Extended Requirements Traceability: Results of an Industrial Case Study. Intn'l Symposium on Requirements Engineering, (1997), 169--178. Google ScholarDigital Library
- Hu, J., Wang, G., Lochovsky, F., Sun, J. and Chen, Z. Understanding user's query intent with wikipedia. 18th International Conference on World Wide Web, Madrid, Spain, April 20--24, 2009 (WWW'09). 471--480. Google ScholarDigital Library
- Huffman Hayes, J. and Dekhtyar, A. A Framework for Comparing Requirements Tracing Experiments. International Journal of Software Engineering and Knowledge Engineering, 15 (5). 751--782.Google Scholar
- Huffman Hayes, J., Dekhtyar, A. and Karthikeyan, S. Advancing Candidate Link Generation for Requirements Tracing: The Study of Methods. IEEE Transactions on Software Engineering, 32 (1). 4--19. Google ScholarDigital Library
- Huffman Hayes, J., Dekhtyar, A., Sundaram, S. and Howard, S. Helping Analysts Trace Requirements: An Objective Look Reqs. Eng. Conference, Kyoto, Japan, 2004, 249--259. Google ScholarDigital Library
- Jalaji, A., Goff, R., Jackson, M., Jones, N. and Menzies, T. Making Sense of Text: Identifying Non Functional Requirements Early. W. Virginia Univ. CSEE Tech. report.Google Scholar
- Maletic, J. I. and Marcus, A., Using Latent Semantic Analysis to Identify Similarities in Source Code to Support Program Understanding. in 12th IEEE Intn'l Conf on Tools with Artificial Intelligence, Vancouver, BC, 2000, 46--53. Google ScholarDigital Library
- Marcus, A. and Maletic, J. I., Recovering Documentation-to-Source-Code Traceability Links using Latent Semantic Indexing. in 25th IEEE/ACM Intn'l Conf on Software Engineering (ICSE'03), (Portland, OR, 2003), 125--137. Google ScholarDigital Library
- Murta, L. G. P., Andre, V. D. H. and Werner, C. M. L. ArchTrace: Policy-Based Support for Managing Evolving Architecture-to-Implementation Traceability Links. 21st IEEE Intn'l Conf on Automated Software Eng., 135--144. Google ScholarDigital Library
- Ramesh, B. and Jarke, M. Towards Reference Models for Requirements Traceability. IEEE Trans. on Software Engineering, 27 (1). 58--93. Google ScholarDigital Library
- Salton, G. Automatic Text Processing: The Transformation, Analysis and Retrieval of Information by Computer. Addison-Wesley, 1989. Google ScholarDigital Library
- Shen, D., Sun, J., Yang, Q. and Chen, Z. Building bridges for Web Query Classification. Proceedings of the 29th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, SIGIR-06 (2006). Google ScholarDigital Library
- Spanoudakis, G. and Zisman, A. Software Traceability: A Roadmap. Handbook of Software Eng. and Knowledge Eng., S. K. Chang, Ed., World Scientific Publishing Co. 395--428.Google Scholar
- Spanoudakis, G., Zisman, A., Perez-Minana, E. and Krause, P. Rule-based generation of requirements traceability relations. The Jrnl of Systems and Software, 72 (2004). 105--127.Google Scholar
- Zou, X. Evaluating the Use of Project Glossaries in Automated Trace Retreival Software Engineering Research and Practice, CSREA Press 2008, Las Vegas, USA, 2008.Google Scholar
- Zou, X., Settimi, R. and Cleland-Huang, J. Improving Automated Requirements Trace Retrieval: A Study of Term-based Enhancement Methods. Empirical Software Engineering, Online First. Google ScholarDigital Library
Recommendations
On the naturalness of software
ICSE '12: Proceedings of the 34th International Conference on Software EngineeringNatural languages like English are rich, complex, and powerful. The highly creative and graceful use of languages like English and Tamil, by masters like Shakespeare and Avvaiyar, can certainly delight and inspire. But in practice, given cognitive ...
Natural Language Processing for Requirements Engineering: A Systematic Mapping Study
Natural Language Processing for Requirements Engineering (NLP4RE) is an area of research and development that seeks to apply natural language processing (NLP) techniques, tools, and resources to the requirements engineering (RE) process, to support ...
Ethical Mining: A Case Study on MSR Mining Challenges
MSR '20: Proceedings of the 17th International Conference on Mining Software RepositoriesResearch in Mining Software Repositories (MSR) is research involving human subjects, as the repositories usually contain data about developers' interactions with the repositories. Therefore, any research in the area needs to consider the ethics ...
Comments