Towards Adaptive Compliance

TL;DR

This paper advocates for adaptive compliance in dynamic, cloud-based environments by extending traditional compliance management with a MAPE loop and analyzing existing literature to identify research gaps.

Contribution

It introduces a process integrating the MAPE loop into compliance management and classifies existing work to highlight open challenges for adaptive compliance.

Findings

Proposes a MAPE-based process for adaptive compliance

Classifies literature to identify gaps in adaptive compliance support

Highlights open research challenges in the field

Abstract

Mission critical software is often required to comply with multiple regulations, standards or policies. Recent paradigms, such as cloud computing, also require software to operate in heterogeneous, highly distributed, and changing environments. In these environments, compliance requirements can vary at runtime and traditional compliance management techniques, which are normally applied at design time, may no longer be sufficient. In this paper, we motivate the need for adaptive compliance by illustrating possible compliance concerns determined by runtime variability. We further motivate our work by means of a cloud computing scenario, and present two main contributions. First, we propose and justify a process to support adaptive compliance that ex- tends the traditional compliance management lifecycle with the activities of the Monitor-Analyse-Plan-Execute (MAPE) loop, and enacts adaptation through re-configuration. Second, we explore the literature on software compliance and classify existing work in terms of the activities and concerns of adaptive compliance. In this way, we determine how the literature can support our proposal and what are the open research challenges that need to be addressed in order to fully support adaptive compliance.