Towards Increased Efficiency and Confidence in Process Compliance

  • Julieth Patricia Castellanos ArdilaEmail author
  • Barbara Gallina
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 748)


Nowadays, the engineering of (software) systems has to comply with different standards, which often exhibit common requirements or at least a significant potential for synergy. Compliance management is a delicate, time-consuming, and costly activity, which would benefit from increased confidence, automation, and systematic reuse. In this paper, we introduce a new approach, called SoPLE&Logic-basedCM. SoPLE&Logic-basedCM combines (safety-oriented) process line engineering with defeasible logic-based approaches for formal compliance checking. As a result of this combination, SoPLE&Logic-basedCM enables automation of compliance checking and systematic reuse of process elements as well as compliance proofs. To illustrate SoPLE&Logic-basedCM, we apply it to the automotive domain and we draw our lessons learnt.


ISO 26262 Automotive SPICE Compliance by design Reuse Defeasible logic Process assessment Software process improvement 



This work is supported by the EU and VINNOVA via the ECSEL JU project AMASS (No. 692474) [19]. We thank Mustafa Hashmi for his valuable comments on an earlier version of this paper.


  1. 1.
    Rushby, J.: New challenges in certification for aircraft software. In: 9th ACM International Conference on Embedded Software (EMSOFT), pp. 211–218 (2011)Google Scholar
  2. 2.
    Gallina, B., Sljivo, I., Jaradat, O.: Towards a safety-oriented process line for enabling reuse in safety critical systems development and certification. In: 35th Annual IEEE Software Engineering Workshop (SEW), pp. 148–157 (2012)Google Scholar
  3. 3.
    Gallina, B., Kashiyarandi, S., Martin, H., Bramberger, R.: Modeling a safety- and automotive-oriented process line to enable reuse and flexible process derivation. In: IEEE 38th International Computer Software and Applications Conference Workshops (COMPSACW), pp. 504–509 (2014)Google Scholar
  4. 4.
    Gallina, B., Lundqvist, K., Forsberg, K.: THRUST: a method for speeding up the creation of process-related deliverables. In: IEEE/AIAA 33rd Digital Avionics Systems Conference (DASC), p. 5D4-11 (2014)Google Scholar
  5. 5.
    Gallina, B.: A Model-driven safety certification method for process compliance. In: 2nd International Workshop on Assurance Cases for Software-Intensive Systems (ISSREW), pp. 204–209 (2014)Google Scholar
  6. 6.
    Hashmi, M., Governatori, G., Wynn, M.T.: Normative requirements for regulatory compliance: an abstract formal framework. Inf. Syst. Front. 18(3), 429–455 (2016)CrossRefGoogle Scholar
  7. 7.
    Automotive SPICE: Process Assessment/Reference Model (2015)Google Scholar
  8. 8.
    ISO 26262: Road Vehicles-Functional Safety. International Standard (2011)Google Scholar
  9. 9.
    Lami, G., Falcini, F.: Automotive SPICE assessments in safety-critical contexts: an experience report. In: IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), 497–502 (2014)Google Scholar
  10. 10.
    Bleakley, G.: How rational can help with compliance to ISO 26262 & ASPICE. Technical report, IBM Software Group (2014)Google Scholar
  11. 11.
    SPEM 2.0: Software & Systems Process Engineering Meta-Model (2008)Google Scholar
  12. 12.
    Eclipse Composer Framework.
  13. 13.
    Antoniou, G., Billington, D., Governatori, G., Maher, M.J.: Representation results for defeasible logic. ACM Trans. Comput. Logic 2, 255–287 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Governatori, G., Rotolo, A., Sartor, G.: Temporalised normative positions in defeasible logic. In: 10th International Conference on Artificial Intelligence and Law (ICAIL), pp. 25–34 (2005)Google Scholar
  15. 15.
    Awad, A., Decker, G., Weske, M.: Efficient compliance checking using BPMN-Q and temporal logic. In: Dumas, M., Reichert, M., Shan, M.-C. (eds.) BPM 2008. LNCS, vol. 5240, pp. 326–341. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85758-7_24 CrossRefGoogle Scholar
  16. 16.
    Reif, W., Stenzel, K.: Reuse of proofs in software verification. In: Shyamasundar, R.K. (ed.) FSTTCS 1993. LNCS, vol. 761, pp. 284–293. Springer, Heidelberg (1993). doi: 10.1007/3-540-57529-4_61 CrossRefGoogle Scholar
  17. 17.
    Beckert, B., Bormer, T., Klebanov, V.: Reusing Proofs when Program Verification Systems are Modified. Long Beach, California (2005)Google Scholar
  18. 18.
    Governatori, G.: The regorous approach to process compliance. In: IEEE 19th International Enterprise Distributed Object Computing Workshop (EDOCW), pp. 33–40. IEEE (2015)Google Scholar
  19. 19.
    AMASS: Architecture-driven, multi-concern and seamless assurance and certification of cyber-physical systems.
  20. 20.
    Schumm, D., Turetken, O., Kokash, N., Elgammal, A., Leymann, F., van den Heuvel, W.-J.: Business process compliance through reusable inits of compliant processes. In: International Conference on Web Engineering (ICWE), pp. 325–337 (2010)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Julieth Patricia Castellanos Ardila
    • 1
    Email author
  • Barbara Gallina
    • 1
  1. 1.IDTMälardalen UniversityVästeråsSweden

Personalised recommendations