Towards Variability-Aware Legal-GRL Framework for Modeling Compliance Requirements

The increasing adoption of cloud computing is making operating environments highly dynamic and changing. Once an operating environment condition (e.g., geographical location of data) changes, the compliance requirements might alsochange. To ensure that compliance requirements are continuouslymet, there is a need for frameworks that not only support modeling regulations, but also capture the potential environment variabilities and conditions in a systematic way. This paper introduces Variability-Aware Legal-GRL (Goal-oriented Requirements Language) framework for modeling compliance requirements in the presence of runtime changes. We extend the Goal-oriented Requirements Language (GRL) with new elements and model construction rules to model context-aware privacy policies for dynamic multi-jurisdictional domains as well as features for monitoring changes that trigger adaptation. We motivate and illustrate the proposed framework using Health Insurance Portability and Accountability Act (HIPAA) and Personal Health Information Protection Act (PHIPA) statements. The proposed modeling framework allows software engineers to automatically quantify and analyze satisfaction level of security and privacy related top level goals for multiple software design alternatives and thus, choose the best set of privacy measures.