Requirements Engineering that Balances Agility of Teams and System-level Information Needs at Scale

Context: Motivated by their success in software development, large-scale systems development companies are increasingly adopting agile methods and their practices. Such companies need to accommodate different development cycles of hardware and software and are usually subject to regulation and safety concerns. Also, for such companies, requirements engineering is an essential activity that involves upfront and detailed analysis which can be at odds with agile development methods. Objective: The overall aim of this thesis is to investigate the challenges and solution candidates of performing effective requirements engineering in an agile environment, based on empirical evidence. Illustrated with studies on safety and system-level information needs, we explore RE challenges and solutions in large-scale agile development, both in general and from the teams’ perspectives. Method: To meet our aim, we performed a secondary study and a series of empirical studies based on case studies. We collected qualitative data using interviews, focus groups and workshops to derive challenges and potential solutions from industry. Findings: Our findings show that there are numerous challenges of conducting requirements engineering in agile development especially where systems development is concerned. The challenges discovered sprout from an integration problem of working with agile methods while relying on established plan-driven processes for the overall system. We highlight the communication challenge of crossing the boundary of agile methods and system-level (or plan-driven) development, which also proves the coexistence of both methods. Conclusions: Our results highlight the painful areas of requirements engineering in agile development and propose solutions that can be explored further. This thesis contributes to future research, by establishing a holistic map of challenges and candidate solutions that can be further developed to make RE more efficient within agile environments

Perspectives on Cyber Security for Offshore Oil and Gas Assets

In an ever-evolving technological industry, the oil and gas sector is already moving forward through the adaptation of Industry 4.0 and the adaptation of advanced cyber technologies through Oil and Gas 4.0. As IT/OT (information technology/operational technology) systems are evolving technologically, so are the cyber security threats faced by the offshore oil and gas assets. This paper aims to raise the awareness of cyber security threats and the organizational and technical measures that need to be adopted by the oil and gas industry for remote and complex assets in the upstream sector. A comprehensive literature review covering the areas of new IT/OT systems integration and cyber security risk analysis and management is presented. The results of a survey on the subject of cyber security for offshore oil and gas assets are also presented, and they provide valuable insight into the current industry culture and the perception of cyber security concepts. The importance of organizational culture, personnel training and involvement, as well as corporate engagement and support in the subject of cyber security is highlighted

Perspectives on Cyber Security for Offshore Oil and Gas Assets

In an ever-evolving technological industry, the oil and gas sector is already moving forward through the adaptation of Industry 4.0 and the adaptation of advanced cyber technologies through Oil and Gas 4.0. As IT/OT (information technology/operational technology) systems are evolving technologically, so are the cyber security threats faced by the offshore oil and gas assets. This paper aims to raise the awareness of cyber security threats and the organizational and technical measures that need to be adopted by the oil and gas industry for remote and complex assets in the upstream sector. A comprehensive literature review covering the areas of new IT/OT systems integration and cyber security risk analysis and management is presented. The results of a survey on the subject of cyber security for offshore oil and gas assets are also presented, and they provide valuable insight into the current industry culture and the perception of cyber security concepts. The importance of organizational culture, personnel training and involvement, as well as corporate engagement and support in the subject of cyber security is highlighte

Perspectives on Cyber Security for Offshore Oil and Gas Assets

In an ever-evolving technological industry, the oil and gas sector is already moving forward through the adaptation of Industry 4.0 and the adaptation of advanced cyber technologies through Oil and Gas 4.0. As IT/OT (information technology/operational technology) systems are evolving technologically, so are the cyber security threats faced by the offshore oil and gas assets. This paper aims to raise the awareness of cyber security threats and the organizational and technical measures that need to be adopted by the oil and gas industry for remote and complex assets in the upstream sector. A comprehensive literature review covering the areas of new IT/OT systems integration and cyber security risk analysis and management is presented. The results of a survey on the subject of cyber security for offshore oil and gas assets are also presented, and they provide valuable insight into the current industry culture and the perception of cyber security concepts. The importance of organizational culture, personnel training and involvement, as well as corporate engagement and support in the subject of cyber security is highlighted.</jats:p

Explanation of the Model Checker Verification Results

Immer wenn neue Anforderungen an ein System gestellt werden, müssen die Korrektheit und Konsistenz der Systemspezifikation überprüft werden, was in der Praxis in der Regel manuell erfolgt. Eine mögliche Option, um die Nachteile dieser manuellen Analyse zu überwinden, ist das sogenannte Contract-Based Design. Dieser Entwurfsansatz kann den Verifikationsprozess zur Überprüfung, ob die Anforderungen auf oberster Ebene konsistent verfeinert wurden, automatisieren. Die Verifikation kann somit iterativ durchgeführt werden, um die Korrektheit und Konsistenz des Systems angesichts jeglicher Änderung der Spezifikationen sicherzustellen. Allerdings ist es aufgrund der mangelnden Benutzerfreundlichkeit und der Schwierigkeiten bei der Interpretation von Verifizierungsergebnissen immer noch eine Herausforderung, formale Ansätze in der Industrie einzusetzen. Stellt beispielsweise der Model Checker bei der Verifikation eine Inkonsistenz fest, generiert er ein Gegenbeispiel (Counterexample) und weist gleichzeitig darauf hin, dass die gegebenen Eingabespezifikationen inkonsistent sind. Hier besteht die gewaltige Herausforderung darin, das generierte Gegenbeispiel zu verstehen, das oft sehr lang, kryptisch und komplex ist. Darüber hinaus liegt es in der Verantwortung der Ingenieurin bzw. des Ingenieurs, die inkonsistente Spezifikation in einer potenziell großen Menge von Spezifikationen zu identifizieren. Diese Arbeit schlägt einen Ansatz zur Erklärung von Gegenbeispielen (Counterexample Explanation Approach) vor, der die Verwendung von formalen Methoden vereinfacht und fördert, indem benutzerfreundliche Erklärungen der Verifikationsergebnisse der Ingenieurin bzw. dem Ingenieur präsentiert werden. Der Ansatz zur Erklärung von Gegenbeispielen wird mittels zweier Methoden evaluiert: (1) Evaluation anhand verschiedener Anwendungsbeispiele und (2) eine Benutzerstudie in Form eines One-Group Pretest-Posttest Experiments.Whenever new requirements are introduced for a system, the correctness and consistency of the system specification must be verified, which is often done manually in industrial settings. One viable option to traverse disadvantages of this manual analysis is to employ the contract-based design, which can automate the verification process to determine whether the refinements of top-level requirements are consistent. Thus, verification can be performed iteratively to ensure the system’s correctness and consistency in the face of any change in specifications. Having said that, it is still challenging to deploy formal approaches in industries due to their lack of usability and their difficulties in interpreting verification results. For instance, if the model checker identifies inconsistency during the verification, it generates a counterexample while also indicating that the given input specifications are inconsistent. Here, the formidable challenge is to comprehend the generated counterexample, which is often lengthy, cryptic, and complex. Furthermore, it is the engineer’s responsibility to identify the inconsistent specification among a potentially huge set of specifications. This PhD thesis proposes a counterexample explanation approach for formal methods that simplifies and encourages their use by presenting user-friendly explanations of the verification results. The proposed counterexample explanation approach identifies and explains relevant information from the verification result in what seems like a natural language statement. The counterexample explanation approach extracts relevant information by identifying inconsistent specifications from among the set of specifications, as well as erroneous states and variables from the counterexample. The counterexample explanation approach is evaluated using two methods: (1) evaluation with different application examples, and (2) a user-study known as one-group pretest and posttest experiment

An assurance level sensitive UML profile for supporting DO-178C

Several model-based approaches have been proposed to ease the process of developing certifiable safety-critical software. In this thesis, we are interested in airborne software which must comply with DO-178C standard. However, existing approaches do not provide complete support for all the activities of the software life cycle as defined by DO-178C. In this thesis, we propose an UML profile that captures the concepts of DO-178C and its supplements in order to model the evidence required for certification. This profile provides modeling constructs for the definition of a DO-178C compliant software life cycle, the specification of the software requirements, the specification of verification data and finally the specification of the traceability that is requested by DO-178C. Furthermore, this profile has the unique feature of providing means to specify the objectives and activities to be performed throughout the software life cycle depending on the targeted assurance level and applied DO-178C supplements. We implemented the proposed profile within Papyrus, an UML modeling environment. We used the profile to model a realistic example of airborne software. Specifically, we illustrated the usefulness of the profile through four use cases

Managing the Evolution of Dependability Cases for Systems of Systems

. Dependability is a composite property consisting of attributes such as reliability, availability, safety and security. The achievement of these attri~utes is often essential for the operational success of systems undertaking critical and complex tasks. .Assurance that the fmal system will demonstrate the required dependability qualities, can be crucial to the acceptance of the system into service. Safety cases are a well established c,oncept used to establish assurance about the safety properties of a system. However, safety cases focus only on one attribute of dependability. The principles and processes ofcreating an integrated dependability case - that assures all aspects of dependable system behaviour - are less well understood. A number of challenges are faced when attempting to support dependability case development. These include the systematic elicitation of dependability goals, the management and justification of trade-offs, and the evolution of multi-attribute arguments in step with the design process. This thesis addresses these challenges by defming a rigorous framework, accompanied by a set of methods, for establishing dependability cases. Firstly, a method for eliciting dependability requirements is defmed by extending existing safety deviational analysis techniques. Secondly, a method for systematically identifying and managing justified trade-offs is presented. Thirdly, the thesis describes the co-evolution of depen~bility . case arguments alongside system development - using a dependability case architecture that corresponds to system structures. Finally, the thesis unifies these contributions by defming a metamodel that captures and interrelates the 'concepts underlying the proposed methods. Evaluation of the work is presented by means of peer review, pilot studies and industrial examples

Formal analysis of confidentiality conditions related to data leakage

The size of the financial risk, the social repercussions and the legal ramifications resulting from data leakage are of great concern. Some experts believe that poor system designs are to blame. The goal of this thesis is to use applied formal methods to verify that data leakage related confidentiality properties of system designs are satisfied. This thesis presents a practically applicable approach for using Banks's confidentiality framework, instantiated using the Circus notation. The thesis proposes a tool-chain for mechanizing the application of the framework and includes a custom tool and the Isabelle theorem prover that coordinate to verify a given system model. The practical applicability of the mechanization was evaluated by analysing a number of hand-crafted systems having literature related confidentiality requirements. Without any reliable tool for using BCF or any Circus tool that can be extended for the same purpose, it was necessary to build a custom tool. Further, a lack of literature related descriptive case studies on confidentiality in systems compelled us to use hand-written system specifications with literature related confidentiality requirements. The results of this study show that the tool-chain proposed in this thesis is practically applicable in terms of time required. Further, the efficiency of the proposed tool-chain has been shown by comparing the time taken for analysing a system both using the mechanised approach as well as the manual approach