skip to main content
research-article
Free access

Liability issues in software engineering: the use of formal methods to reduce legal uncertainties

Published: 01 April 2011 Publication History

Abstract

This paper reports on the results of a multidisciplinary project involving lawyers and computer scientists with the aim to put forward a set of methods and tools to (1) define software liability in a precise and unambiguous way and (2) establish such liability in case of incident. The overall approach taken in the project is presented through an electronic signature case study. The case study illustrates a situation where, in order to reduce legal uncertainties, the parties wish to include in the contract specific clauses to define as precisely as possible the share of liabilities between them for the main types of failures of the system.

References

[1]
Anderson, R., Moore, T. Information security economics---and beyond. Information Security Summit (IS2) (2009).
[2]
Arasteh, A.R., Debbabi, M., Sakha, A., Saleh, M. Analyzing multiple logs for forensic evidence. Dig. Invest. 4 (2007), 82--91.
[3]
Avizienis, A., Laprie, J.-C., Randell, B. Fundamental concepts of computer system dependability. In IARP/IEEE-RAS Workshop on robot dependability: technological challenges of dependable robots in human environments (2001).
[4]
Berry, D.M. Appliances and software: The importance of the buyer's warranty and the developer's liability in promoting the use of systematic quality assurance and formal methods. In Proceedings of the Workshop on Modeling Software System Structures in a Fastly Moving Scenario (Santa Margherita Ligure, Italy, 2000); http://www.montereyworkshop.org/PROCEEDINGS/BERRY/
[5]
Brandan-Briones, L., Lazovik, A., Dague, P. Optimal observability for diagnosability. In International Workshop on Principles of Diagnosis (2008).
[6]
Farrell, A.D.H., Sergot, M.J., Sallé, M., Bartolini, C. Using the event calculus for tracking the normative state of contracts. Int. J. Coop. Inform. Sys. (IJCIS) 14, 2--3 (2005), 99--129.
[7]
Gladyshev, P. Enbacka, A. Rigorous development of automated inconsistency checks for digital evidence using the B method. Int. J. Dig. Evidence (IJDE) 6, 2 (2007), 1--21.
[8]
Goessler, G., Raclet, J.-B., Le Métayer, D. Causality analysis in contract violation. In International Conference on Runtime Verification (RV 2010), LNCS 6418 (2010), 270--284.
[9]
Governatori, G., Milosevic, Z., Sadiq, S.W. Compliance checking between business processes and business contracts. In EDOC. IEEE Computer Society (2006), 221--232.
[10]
Jones, A.K., Sielken, R.S. Computer System Intrusion Detection: A Survey, TR, University of Virginia Computer Science Department, 1999.
[11]
Le Métayer, D. A formal privacy management framework. In Formal Aspects of Security and Trust (FAST), Springer Verlag, LNCS 5491 (2009), 162--176.
[12]
Le Métayer, D., Maarek, M., Mazza, E., Potet, M.-L., Frénot, S., Viet Triem Tong, V., Craipeau, N., Hardouin, R. Liability in software engineering---Overview of the LISE approach and illustration on a case study. In International Conference on Software Engineering, Volume 1. ACM/IEEE (2010), 135--144.
[13]
Le Métayer, D, Mazza, E, Potet, M.-L. Designing log architectures for legal evidence. In International Conference on Software Engineering and Formal Methods (SEFM 2010). IEEE (2010), 156--165.
[14]
Lipovetsky, S. Les clauses limitatives de responsabilité et de garantie dans les contrats informatiques. Approche comparative France/ États-Unis. Quelles limitations. Expertises des systèmes d'information, no. 237 (May 2000), 143--148.
[15]
Mazza, E, Potet, M.-L., Le Métayer, D. A formal framework for specifying and analyzing logs as electronic evidence. In Brazilian Symposium on Formal Methods (SBMF 2010) (2010).
[16]
Papadopoulos, Y. Model-based system monitoring and diagnosis of failures using statecharts and fault trees. Reliab. Eng. Syst. Safety 81 (2003), 325--341.
[17]
Parrend, P. Frénot, S. Security benchmarks of OSGi platforms: Toward hardened OSGi. Softw.---Prac. Exp. (SPE) 39, 5 (2009), 471--499.
[18]
Peyton Jones, S.L., Eber, J.-M. How to write a financial contract. In The Fun of Programming, Cornerstones of Computing, chapter 6, 2003.
[19]
Prisacariu, C., Schneider, G. A formal language for electronic contracts. In FMOODS, Springer, LNCS 4468 (2007), 174--189.
[20]
Rekhis, S., Boudriga, N. A temporal logic-based model for forensic investigation in networked system security. Comput. Netw. Security 3685 (2005), 325--338.
[21]
Ryan, D.J. Two views on security vand software liability. Let the legal system decide. IEEE Security Privacy (January--February 2003).
[22]
Schneider, F.B. Accountability for perfection. IEEE Security Privacy (March--April 2009).
[23]
Schneier, B., Kelsey, J. Secure audit logs to support computer forensics. ACM Trans. Inform. Syst. Security (TISSEC) 2, 2 (1999), 159--176.
[24]
Skene, J., Lamanna, D.D., Emmerich, W. Precise service level agreements. In ACM/IEEE International Conference on Software Engineering (ICSE), IEEE (2004), 179--188.
[25]
Skene, J., Raimondi, F., Emmerich, W. Service-level agreements for electronic services. IEEE Tran. Software Eng. (TSE) 36, 2 (2010), 288--304.
[26]
Skene, J., Skene, A., Crampton, J., Emmerich, W. The monitorability of service-level agreements for application-service provision. In International Workshop on Software and Performance (WOSP), ACM (2007), 3--14.
[27]
Solon, M., Harper, P. Preparing evidence for court. Digit. Invest. 1 (2004), 279--283.
[28]
Stephenson, P. Modeling of post-incident root cause analysis. Digit. Evidence 2, 2 (2003).

Cited By

View all
  • (2017)Counterfactual Causality from First Principles?Electronic Proceedings in Theoretical Computer Science10.4204/EPTCS.259.5259(47-53)Online publication date: 10-Oct-2017
  • (2016)Fault Ascription in Concurrent SystemsTrustworthy Global Computing10.1007/978-3-319-28766-9_6(79-94)Online publication date: 5-Jan-2016
  • (2014)Modelling and refinement of forensic data acquisition specificationsDigital Investigation: The International Journal of Digital Forensics & Incident Response10.1016/j.diin.2014.04.00111:2(90-101)Online publication date: 1-Jun-2014
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image Communications of the ACM
Communications of the ACM  Volume 54, Issue 4
April 2011
139 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/1924421
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 April 2011
Published in CACM Volume 54, Issue 4

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Popular
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)329
  • Downloads (Last 6 weeks)70
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2017)Counterfactual Causality from First Principles?Electronic Proceedings in Theoretical Computer Science10.4204/EPTCS.259.5259(47-53)Online publication date: 10-Oct-2017
  • (2016)Fault Ascription in Concurrent SystemsTrustworthy Global Computing10.1007/978-3-319-28766-9_6(79-94)Online publication date: 5-Jan-2016
  • (2014)Modelling and refinement of forensic data acquisition specificationsDigital Investigation: The International Journal of Digital Forensics & Incident Response10.1016/j.diin.2014.04.00111:2(90-101)Online publication date: 1-Jun-2014
  • (2013)HomePort: Middleware for heterogeneous home automation networks2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops)10.1109/PerComW.2013.6529570(627-633)Online publication date: Mar-2013
  • (2013)A Formal Framework for Domain Software Analysis Based on Raise Specification LanguageFrontier and Future Development of Information Technology in Medicine and Education10.1007/978-94-007-7618-0_339(2699-2705)Online publication date: 6-Dec-2013
  • (2011)Formal methods as a link between software code and legal rulesProceedings of the 9th international conference on Software engineering and formal methods10.5555/2075679.2075682(3-18)Online publication date: 14-Nov-2011

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Full Access

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media