research-article

A machine learning approach for tracing regulatory codes to product specific requirements

Authors:

Jane Cleland-Huang,

Adam Czauderna,

John EmeneckerAuthors Info & Claims

ICSE '10: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1

Pages 155 - 164

https://doi.org/10.1145/1806799.1806825

Published: 01 May 2010 Publication History

Abstract

Regulatory standards, designed to protect the safety, security, and privacy of the public, govern numerous areas of software intensive systems. Project personnel must therefore demonstrate that an as-built system meets all relevant regulatory codes. Current methods for demonstrating compliance rely either on after-the-fact audits, which can lead to significant refactoring when regulations are not met, or else require analysts to construct and use traceability matrices to demonstrate compliance. Manual tracing can be prohibitively time-consuming; however automated trace retrieval methods are not very effective due to the vocabulary mismatches that often occur between regulatory codes and product level requirements. This paper introduces and evaluates two machine-learning methods, designed to improve the quality of traces generated between regulatory codes and product level requirements. The first approach uses manually created traceability matrices to train a trace classifier, while the second approach uses web-mining techniques to reconstruct the original trace query. The techniques were evaluated against security regulations from the USA government's Health Insurance Privacy and Portability Act (HIPAA) traced against ten healthcare related requirements specifications. Results demonstrated improvements for the subset of HIPAA regulations that exhibited high fan-out behavior across the requirements datasets.

References

[1]

Health Insurance Portability and Accountability Act of 1996 HIPAA, 1996.

[2]

Antoniol, G., Canfora, G., Casazza, G. and De Lucia, A., Information Retrieval Models for Recovering Traceability Links between Code and Documentation. in IEEE Intn'l Conf on Software Maintenance, (San Jose, CA, 2000), 40--51.

Digital Library

[3]

Bennett, K. H., Rajlich, V. and 73--87, I.-F.o.S.T., Software maintenance and evolution: a roadmap. in International Conference on Software Engineering - The Future of Software Engineering Track, (2000), 73--87.

Digital Library

[4]

Berenbach, B., Gruseman, D., and Cleland-Huang, J., "Application of Just In Time Tracing to Regulatory Codes", Systems Engineering Research, Hoboken, NJ, March, 2010.

[5]

Breaux, T. D. and Anton, A. I. Analyzing Regulatory Rules for Privacy and Security Requirements IEEE Transactions on Software Engineering, 2008, 5--20.

Digital Library

[6]

Broder, A., Fontoura, M., Gabrilovich, E., Joshi, A., Josifovski, V. and Zhang, T. Robust Classification of Rare Queries using Web Knowledge. 30th Intn'l ACM SIGIR Conf on Research and Development in Inf. Retrieval, July, 2007

Digital Library

[7]

Cleland-Huang, J., Berenbach, B., Clark, S., Settimi, R. and Romanova, E. Best Practices of Automated Traceability. IEEE Computer, 40 (6). 27--35

Digital Library

[8]

Cleland-Huang, J., Chang, C. K. and Christensen, M. Event-Based Traceability for Managing Evolutionary Change. IEEE Trans. on Software Engineering, 29 (9). 796--810.

Digital Library

[9]

Cleland-Huang, J., Settimi, R., Duan, C. and Zou, X. Utilizing Supporting Evidence to Improve Dynamic Requirements Traceability International Requirements Eng. Conf., IEEE, Paris, France, 2005, 135--144.

Digital Library

[10]

Cleland-Huang, J., Settimi, R., Zou, X. and P., S. Automated Detection and Classification of Quality Requirements. Reqs. Eng. Jrnl, Springer Verlag, 12 (2), 103--220.

Digital Library

[11]

DeLucia, A., Fasano, F., Oliveto, R. and Tortora, G. Enhancing an Artefact Management System with Traceability Recovery Features. Proc. of the 20th Intn'l Conf on Software Maintenance, Chicago, IL (Sept). 306--315.

Digital Library

[12]

Duan, C. and Cleland-Huang, J. Clustering Support for Automated Tracing Conference on Automated Software Engineering, IEEE, Atlanta, GA, 2007, 244--253.

Digital Library

[13]

Egyed, A. Scenario-Driven Approach to Trace Dependency Analysis. IEEE Trans. on Software Eng., 29 (2) 116--132.

Digital Library

[14]

Fawcett, T. ROC Graphs: Notes and Practical Considerations for Researchers HP Labs Technical Report, 2003.

[15]

Gotel, O. and Finkelstein, A. An Analysis of the Requirements Traceability Problem, Intn'l Conf on Requirements Eng., Colorado Springs, CO, USA, 1994.

[16]

Gotel, O. and Finkelstein, A., Extended Requirements Traceability: Results of an Industrial Case Study. Intn'l Symposium on Requirements Engineering, (1997), 169--178.

Digital Library

[17]

Hu, J., Wang, G., Lochovsky, F., Sun, J. and Chen, Z. Understanding user's query intent with wikipedia. 18th International Conference on World Wide Web, Madrid, Spain, April 20--24, 2009 (WWW'09). 471--480.

Digital Library

[18]

Huffman Hayes, J. and Dekhtyar, A. A Framework for Comparing Requirements Tracing Experiments. International Journal of Software Engineering and Knowledge Engineering, 15 (5). 751--782.

[19]

Huffman Hayes, J., Dekhtyar, A. and Karthikeyan, S. Advancing Candidate Link Generation for Requirements Tracing: The Study of Methods. IEEE Transactions on Software Engineering, 32 (1). 4--19.

Digital Library

[20]

Huffman Hayes, J., Dekhtyar, A., Sundaram, S. and Howard, S. Helping Analysts Trace Requirements: An Objective Look Reqs. Eng. Conference, Kyoto, Japan, 2004, 249--259.

Digital Library

[21]

Jalaji, A., Goff, R., Jackson, M., Jones, N. and Menzies, T. Making Sense of Text: Identifying Non Functional Requirements Early. W. Virginia Univ. CSEE Tech. report.

[22]

Maletic, J. I. and Marcus, A., Using Latent Semantic Analysis to Identify Similarities in Source Code to Support Program Understanding. in 12th IEEE Intn'l Conf on Tools with Artificial Intelligence, Vancouver, BC, 2000, 46--53.

Digital Library

[23]

Marcus, A. and Maletic, J. I., Recovering Documentation-to-Source-Code Traceability Links using Latent Semantic Indexing. in 25th IEEE/ACM Intn'l Conf on Software Engineering (ICSE'03), (Portland, OR, 2003), 125--137.

Digital Library

[24]

Murta, L. G. P., Andre, V. D. H. and Werner, C. M. L. ArchTrace: Policy-Based Support for Managing Evolving Architecture-to-Implementation Traceability Links. 21st IEEE Intn'l Conf on Automated Software Eng., 135--144.

Digital Library

[25]

Ramesh, B. and Jarke, M. Towards Reference Models for Requirements Traceability. IEEE Trans. on Software Engineering, 27 (1). 58--93.

Digital Library

[26]

Salton, G. Automatic Text Processing: The Transformation, Analysis and Retrieval of Information by Computer. Addison-Wesley, 1989.

Digital Library

[27]

Shen, D., Sun, J., Yang, Q. and Chen, Z. Building bridges for Web Query Classification. Proceedings of the 29th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, SIGIR-06 (2006).

Digital Library

[28]

Spanoudakis, G. and Zisman, A. Software Traceability: A Roadmap. Handbook of Software Eng. and Knowledge Eng., S. K. Chang, Ed., World Scientific Publishing Co. 395--428.

[29]

Spanoudakis, G., Zisman, A., Perez-Minana, E. and Krause, P. Rule-based generation of requirements traceability relations. The Jrnl of Systems and Software, 72 (2004). 105--127.

[30]

Zou, X. Evaluating the Use of Project Glossaries in Automated Trace Retreival Software Engineering Research and Practice, CSREA Press 2008, Las Vegas, USA, 2008.

[31]

Zou, X., Settimi, R. and Cleland-Huang, J. Improving Automated Requirements Trace Retrieval: A Study of Term-based Enhancement Methods. Empirical Software Engineering, Online First.

Digital Library

Cited By

Abualhaija SCeci MSannier NBianculli DZetzsche DBodellini M(2024)Toward Automated Change Impact Analysis of Financial RegulationsProceedings of the 1st IEEE/ACM Workshop on Software Engineering Challenges in Financial Firms10.1145/3643665.3648046(31-32)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.1145/3643665.3648046
Arora CGrundy JPuli LLayton N(2024)Towards Standards-Compliant Assistive Technology Product Specifications via LLMs2024 IEEE 32nd International Requirements Engineering Conference Workshops (REW)10.1109/REW61692.2024.00060(385-389)Online publication date: 24-Jun-2024
https://doi.org/10.1109/REW61692.2024.00060
Hassan SLi QAurangzeb KYasin AKhan JAnwar M(2024)A systematic mapping to investigate the application of machine learning techniques in requirement engineering activitiesCAAI Transactions on Intelligence Technology10.1049/cit2.12348Online publication date: 10-Jun-2024
https://doi.org/10.1049/cit2.12348
Show More Cited By

Recommendations

Natural Language Processing for Requirements Engineering: A Systematic Mapping Study

Natural Language Processing for Requirements Engineering (NLP4RE) is an area of research and development that seeks to apply natural language processing (NLP) techniques, tools, and resources to the requirements engineering (RE) process, to support ...
On the naturalness of software
ICSE '12: Proceedings of the 34th International Conference on Software Engineering

Natural languages like English are rich, complex, and powerful. The highly creative and graceful use of languages like English and Tamil, by masters like Shakespeare and Avvaiyar, can certainly delight and inspire. But in practice, given cognitive ...
A Literature Review of Automatic Traceability Links Recovery for Software Change Impact Analysis
ICPC '20: Proceedings of the 28th International Conference on Program Comprehension

In large-scale software development projects, change impact analysis (CIA) plays an important role in controlling software design evolution. Identifying and accessing the effects of software changes using traceability links between various software ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE '10: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1

May 2010

627 pages

ISBN:9781605587196

DOI:10.1145/1806799

General Chairs:
Jeff Kramer
Imperial College, London, UK
,
Judith Bishop
Microsoft Research, Redmond
,
Program Chairs:
Prem Devanbu
University of California at Davis
,
Sebastian Uchitel
University of Buenos Aires, Argentina and Imperial College London, UK

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 May 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Division of Computing and Communication Foundations

Conference

ICSE '10

Sponsor:

SIGSOFT

ICSE '10: 32nd International Conference on Software Engineering

May 1 - 8, 2010

Cape Town, South Africa

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

138
Total Citations
View Citations
1,890
Total Downloads

Downloads (Last 12 months)47
Downloads (Last 6 weeks)10

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Abualhaija SCeci MSannier NBianculli DZetzsche DBodellini M(2024)Toward Automated Change Impact Analysis of Financial RegulationsProceedings of the 1st IEEE/ACM Workshop on Software Engineering Challenges in Financial Firms10.1145/3643665.3648046(31-32)Online publication date: 16-Apr-2024
https://dl.acm.org/doi/10.1145/3643665.3648046
Arora CGrundy JPuli LLayton N(2024)Towards Standards-Compliant Assistive Technology Product Specifications via LLMs2024 IEEE 32nd International Requirements Engineering Conference Workshops (REW)10.1109/REW61692.2024.00060(385-389)Online publication date: 24-Jun-2024
https://doi.org/10.1109/REW61692.2024.00060
Hassan SLi QAurangzeb KYasin AKhan JAnwar M(2024)A systematic mapping to investigate the application of machine learning techniques in requirement engineering activitiesCAAI Transactions on Intelligence Technology10.1049/cit2.12348Online publication date: 10-Jun-2024
https://doi.org/10.1049/cit2.12348
Rahman KGhani AMisra SRahman A(2024)A deep learning framework for non-functional requirement classificationScientific Reports10.1038/s41598-024-52802-014:1Online publication date: 8-Feb-2024
https://doi.org/10.1038/s41598-024-52802-0
Tian JZhang LLian X(2023)A Cross-Level Requirement Trace Link Update Model Based on Bidirectional Encoder Representations from TransformersMathematics10.3390/math1103062311:3(623)Online publication date: 26-Jan-2023
https://doi.org/10.3390/math11030623
Dai PYang LWang YJin DGong Y(2023)Constructing Traceability Links between Software Requirements and Source Code Based on Neural NetworksMathematics10.3390/math1102031511:2(315)Online publication date: 7-Jan-2023
https://doi.org/10.3390/math11020315
Ersoy KSezer EÜsküdarlı SAydemir F(2023)Visualizing Software Repositories Through Requirements Trace Links2023 IEEE 31st International Requirements Engineering Conference Workshops (REW)10.1109/REW57809.2023.00090(479-486)Online publication date: Sep-2023
https://doi.org/10.1109/REW57809.2023.00090
Chang ZLi MWang QLi SWang J(2023)Cross-Domain Requirements Linking via Adversarial-based Domain Adaptation2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00138(1596-1608)Online publication date: May-2023
https://doi.org/10.1109/ICSE48619.2023.00138
Wang QLiu JZhang JDou HSun HChen HChen XHe J(2023)Ont4Sys: Ontology-based tool of Semantic Representation and Verification for Traceability Models2023 27th International Conference on Engineering of Complex Computer Systems (ICECCS)10.1109/ICECCS59891.2023.00024(126-135)Online publication date: 14-Jun-2023
https://doi.org/10.1109/ICECCS59891.2023.00024
Zhao ZZhang LLian XLv H(2023)DRIP: Segmenting individual requirements from software requirement documentsSoftware: Practice and Experience10.1002/spe.330354:5(842-874)Online publication date: 19-Dec-2023
https://doi.org/10.1002/spe.3303
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten