A New Approach for System Requirements Elicitation Using Discount Focus Subgroups Method

Requirements elicitation is a key and critical activity for software/system development success. Several methods and techniques have been developed and used for requirements elicitation. Prior research referred to many problems and shortfalls with existing group-based methods (e.g., brainstorming, focus groups, and joint application development [JAD]). This paper provides a new approach for requirements elicitation using a novel method called discount focus subgroups (DFSG). The current paper demonstrates that DFSG is an alternative effective technique to improve requirements elicitation activity by addressing pitfalls and problems with existing group-based methods. The method is effective in several situations such as when the development team aims to minimize the costs of system development, large numbers of stakeholders need to be involved in large projects like enterprise systems (ERP), the system is novel and where no similar systems have been developed before

Systematizing requirements elicitation technique selection

Context: This research deals with requirements elicitation technique selection for software product requirements and the overselection of open interviews. Objectives: This paper proposes and validates a framework to help requirements engineers select the most adequate elicitation techniques at any time. Method: We have explored both the existing underlying theory and the results of empirical research to build the framework. Based on this, we have deduced and put together justified proposals about the framework components. We have also had to add information not found in theoretical or empirical sources. In these cases, we drew on our own experience and expertise. Results: A new validated approach for requirements technique selection. This new approach selects tech- niques other than open interview, offers a wider range of possible techniques and captures more require- ments information. Conclusions: The framework is easily extensible and changeable. Whenever any theoretical or empirical evidence for an attribute, technique or adequacy value is unearthed, the information can be easily added to the framework

A Software Requirements Defect Management Approach Using Negotiation Technique To Improve Software Requirements Quality

Several defects are originated from requirements phase and poor requirements elicitation process leads to projects failure. Developing software projects with defects-free requirements are difficult, especially when project involve multiple stakeholders with different perspectives and perceptions. This is because conflicted stakeholders lead to mismatching goals and miscommunication. Traditionally, inspection method is proven effective to detect and to remove requirements defects. However, it is only feasible when the requirements document are ready. Earlier defects detection, fix and removed, can lessen the cost of testing and maintaining phase at later stages. Motivated by this, this research proposed a new defects management approach in software requirement to improve software requirements quality. This research introduces a prevention action to propose a defects management approach with embedding negotiation technique to prevent the defects from entering software requirements documents. Empirical software engineering method is adopted for this research and the evaluation is based on experimental study. A control group which deploy traditional inspection technique is used as our baseline to compare the effectiveness of defects management approach. Hence, to support that, we conduct experiments that runs both traditional and new approach using case study that involve multiple stakeholders. On top of that, five experts who are familiar with handling defects management and working in software engineering field more than five years, were selected to provide expert opinion. Overall results indicates that the new defects management approach and the inspection have similar capabilities to prevent and to detect defects respectively. Our new defect management approach able to prevent 28 percent more than inspection approach. This also means that both traditional inspection approach and the new approach complement each other by means that we can improve software requirements quality and reduce the maintenance cost in the future

An Empirical Comparison of Approaches for Security Requirements Elicitation

Kaasaegne töökeskond on tihedalt seotud infotehnoloogiaga (edaspidi IT). Seoses IT laialdase kasutamisega kõigis eluvaldkondades on üles kerkinud küsimus selle turvalisusest. Turvalisuse tagamine IT valdkonnas on tähtsal kohal. Vaatamata erinevate turvalisuse nõuete saavutamise meetodite rohkusele võib ettevõtetel ja asutustel olla keeruline leida sobivat meetodit tagamaks piisav IT turvalisus. Antud probleemi lahendamiseks võrdlesin kaht meetodit Eesti Jalgpalliliidus (EJL) läbiviidud juhtumuuringus. Security Quality Requirements Engineering (SQUARE) on laialt kasutust leidev turvalisuse nõuete tuletamise metood, mis paneb rõhku varajase disainiastme riskikaalutlustele. Security Requirements Elicitation from Business Processes (SREBP) on uus metood, mis võimaldab tuletada turvalisuse nõudeid äriprotsesside analüüsist. Tuletatud turvalisuse nõuded paigutasin võrdlevatesse kategooriatesse, mille abil sain määrata nende tõhususastme. Uuringu tulemusena selgus, et SREBP meetodi kasutamisel saadud tulem vastas rohkem turvalisuse tagamise nõuetele. See uuring kinnitab SREBP meetodi tulemuslikkust ja usaldusväärsust.The importance of security engineering in the development cycle is widely accepted. In spite of the large variety of security requirements elicitation techniques, organizations struggle to select the most suitable security requirements elicitation method that would enable the elicitation of security requirements with the most complete coverage. Two potential solutions exist to this problem; Security Quality Requirements Engineering (SQUARE) and Security Requirements Elicitation from Business Processes (SREBP). SQUARE is an already established and widely used security requirements elicitation method that addresses security early in the software development cycle. On the other hand, SREBP is a new approach that helps derive security requirements from operational business processes. To address the above mentioned issue, this thesis compares the two methods based on an empirical case study of the Estonian Football Association. The elicited security requirements are categorized and the completeness of their coverage is compared. As a result, it was determined that SREBP provides more coverage of the security requirements. Such a result contributes to the existing literature by further strengthening the validity of SREBP

A framework for software requirement ambiguity avoidance

This research deals with software requirements ambiguity problems. Among these are incomplete, incorrect, improper, inaccurate and unambiguous requirements. Interestingly, published material related to Software Requirements Specifications (SRS) problems discusses ambiguity as one of the most conversed problems. This paper proposes a Software Requirement Ambiguity Avoidance Framework (SRAAF) to assist and support requirement engineers to write unambiguous requirements, by selecting correct elicitation technique based on the evaluation of various attributes and by applying the W6H technique. We explored existing theories and the outcomes of experimental research to construct the framework. On the basis of existing and inferred knowledge, we tried to justify proposed frameworks components. Our selection process focuses on various situational attributes. We added various situational attributes related to project, stakeholders and requirement engineer for the selection process. Newly devised approach chooses techniques other than traditional techniques or most common techniques and deals with ambiguity to capture the correct requirements information from stakeholders. The framework will be able to address the selection and ambiguity issues in a more effective way and can handle vagueness. New evidence related to attributes and adequacy matrix can be easily added to the framework without any inconvenience

Eliciting security requirements for internet of things software application development using semi-formalized model approach

In today’s era, there is a rapid increase in the demand for Internet of Thing (IoT) applications. Thus, securing the information content delivered among various entities involved in the IoT applications development has become an important issue. It is also identified that high cost is needed in implementing a secured IoT application as it requires efforts, skills, and knowledge to understand the security concern, especially when developers and requirement engineers do not have any formal training in software engineering and eliciting security requirements. Furthermore, security requirement is an important intangible requirement that could be taken as a burden on the smooth functioning of the system or application. Requirement engineers without adequate experience in security are at risk of overlooking security requirement, which frequently leads to the act of misuse. In addition, requirements engineers who are unfamiliar with the IoT applications face problems to elicit accurate security requirements. Motivated by this problem, the main objectives of this study are threefold. The first objective is to determine the security requirements for the IoT applications. Secondly, the study aims to propose a model-based approach for security requirements elicitation of IoT application and finally, to evaluate the approach in terms of usability and correctness in eliciting the security requirements for the IoT applications. A model-based approach was developed in adopting Model-Design Driven (MDD) approach with semiformalized models: Essential Use Cases (EUCs) and Essential User Interface (EUI). Security requirement pattern library and IoT technologies pattern library were developed to assist the correct elicitation from the EUC model. A new model was proposed to be a reference for IoT developers in developing secure IoT applications software. Here, automated tool support was also developed to realise the approach. Finally, a comprehensive evaluation of the approach, comprising the comparison study between the existing tool and our tool, experiments of correctness test, and usability test were conducted. This study also evaluated the feedback from the industry experts, especially on the usability of the approach and tool support. In summary, the findings of the evaluation show that our approach contributed to the body of knowledge of requirements engineering, especially in enhancing the performance and correctness level of security requirement elicitation and its usability for end-to-end elicitation. It is found that the approach was able to enhance the correctness level of the elicited security attribute compared to the manual task, and produce the correct generation of security requirement. The results of the usability test by the novice and experts show that the approach is useful and helpful in eliciting security requirements application software development and is able to ease the elicitation process of security requirements and technologies involved in IoT applications software development

Modeling security and privacy requirements: A use case-driven approach

Context: Modern internet-based services, ranging from food-delivery to home-caring, leverage the availability of multiple programmable devices to provide handy services tailored to end-user needs. These services are delivered through an ecosystem of device-specific software components and interfaces (e.g., mobile and wearable device applications). Since they often handle private information (e.g., location and health status), their security and privacy requirements are of crucial importance. Defining and analyzing those requirements is a significant challenge due to the multiple types of software components and devices integrated into software ecosystems. Each software component presents peculiarities that often depend on the context and the devices the component interact with, and that must be considered when dealing with security and privacy requirements. Objective: In this paper, we propose, apply, and assess a modeling method that supports the specification of security and privacy requirements in a structured and analyzable form. Our motivation is that, in many contexts, use cases are common practice for the elicitation of functional requirements and should also be adapted for describing security requirements. Method: We integrate an existing approach for modeling security and privacy requirements in terms of security threats, their mitigations, and their relations to use cases in a misuse case diagram. We introduce new security-related templates, i.e., a mitigation template and a misuse case template for specifying mitigation schemes and misuse case specifications in a structured and analyzable manner. Natural language processing can then be used to automatically report inconsistencies among artifacts and between the templates and specifications. Results: We successfully applied our approach to an industrial healthcare project and report lessons learned and results from structured interviews with engineers. Conclusion: Since our approach supports the precise specification and analysis of security threats, threat scenarios and their mitigations, it also supports decision making and the analysis of compliance to standards

On requirements elicitation for Software Projects in ICT for development

Currently, there is much interest in harnessing the potential of new and affordable Information and Communication Technologies (ICT) such as mobile phones, to assist in reducing disparities in socioeconomic conditions throughout the world. Such efforts have come to be known as ICT for Development or ICT4D. While this field of research holds much promise, few projects have managed to achieve long-term sustained success. Among the many reasons for this, from a software engineering perspective, in many cases it can be attributed to inadequacies in the gathering and defining of software requirements. Failures in realising sustainable systems stern from inadequate consideration of the high-level socioeconomic development goals, neglect of environmental constraints, and a lack of adequate input from end-users regarding their specific needs and sociocultural context. The situation is exacerbated by inadequate reporting on the social impact of such interventions, making it difficult to assess a project's success, let alone apply lessons learned to new projects. In this thesis we propose enhancing conventional requirements elicitation with a complementary elicitation methodology specifically adapted to address these shortcomings. Our approach is based on a proposed novel technique of Structured Digital Storytelling to elicit input from end-users having limited literacy in the form of stories. The proposed methodology includes a systematic method for extracting and interpreting the informational content of the stories that applies a conceptual model derived from Communications Theory to identify constraints arising from the users' sociocultural context. The thesis introduces an ICT4D quality model identifying non-functional requirements related to the sociodynamics of a system's sustained use in a rural community. The needs, goals and constraints thus identified are integrated using a goal-based analysis to produce a more informed understanding of potential areas of technology intervention and to develop high-level functional and non-functional software requirements. The resulting goal model is also used in deriving a measurement framework for assessing a project's success based on its social impact. We illustrate our approach and validate its effectiveness with a field study. Keywords: ICT4D, digital divide. requirements engineering. needs elicitation, requirements elicitation, culture, storytellin