Combining requirements engineering techniques - theory and case study

© Copyright 2005 IEEEThe selection of requirements engineering (RE) techniques during software project development is a challenge for most developers. One of the reasons is that there is a great lack of requirements engineering education in most academic programs, so software developers have to learn requirements engineering practices on the job. This can easily result in the selection of techniques that are ill-suited for a particular project, as the selection is based on personal preference rather than on the characteristics of the project. Very little research has been done in the area of technique selection based on project attributes. This paper describes research into the selection and combination of RE techniques as well as a case study that applied the selection process to an industrial software project.Li Jiang, Armin Eberlein, Behrouz H. Fa

Formulating the cognitive design problem of air traffic management

Evolutionary approaches to cognitive design in the air traffic management (ATM) system can be attributed with a history of delayed developments. This issue is well illustrated in the case of the flight progress strip where attempts to design a computer-based system to replace the paper strip have consistently been met with rejection. An alternative approach to cognitive design of air traffic management is needed and this paper proposes an approach centred on the formulation of cognitive design problems. The paper gives an account of how a cognitive design problem was formulated for a simulated ATM task performed by controller subjects in the laboratory. The problem is formulated in terms of two complimentary models. First, a model of the ATM domain describes the cognitive task environment of managing the simulated air traffic. Second, a model of the ATM worksystem describes the abstracted cognitive behaviours of the controllers and their tools in performing the traffic management task. Taken together, the models provide a statement of worksystem performance, and express the cognitive design problem for the simulated system. The use of the problem formulation in supporting cognitive design, including the design of computer-based flight strips, is discussed

Applying Bayes linear methods to support reliability procurement decisions

Bayesian methods are common in reliability and risk assessment, however, such methods often demand a large amount of specification and can be computationally intensive. Because of this, many practitioners are unable to take advantage of many of the benefits found in a Bayesian-based approach. The Bayes linear methodology is similar in spirit to a Bayesian approach but offers an alternative method of making inferences. Bayes linear methods are based on the use of expected values rather than probabilities, and updating is carried out by linear adjustment rather than by Bayes Theorem. The foundations of the method are very strong, based as they are in work of De Finetti and developed further by Goldstein. A Bayes linear model requires less specification than a corresponding probability model and for a given amount of model building effort, one can model a more complex situation quicker. The Bayes linear methodology has the potential to allow us to build ''broad-brush' models that enable us, for example, to explore different test setups or analysis methods and assess the benefits that they can give. The output a Bayes linear model is viewed as an approximation to 'traditional' probabilistic models. The methodology has been applied to support reliability decision making within a current United Kingdom Ministry of Defence (MOD) procurement project. The reliability decision maker had to assess different contractor bids and assess the reliability merit of each bid. Currently the MOD assess reliability programmes subjectively using expert knowledge - for a number of reasons, a quantitative method of assessment in some projects is desirable. The Bayes linear methodology was used to support the decision maker in quantifying his assessment of the reliability of each contractor's bid and determining the effectiveness of each contractor's reliability programme. From this, the decision maker was able to communicate to the project leader and contractors, why a specific contractor was chosen. The methodology has been used in other MOD projects and is considered by those within the MOD as a useful tool to support decision making. The paper will contain the following. The paper will introduce the Bayes linear methodology and briefly discuss some of the philosophical implications of adopting a Bayes linear methodology within the context of a reliability programme analysis. The paper will briefly introduce the reliability domain and the reasons why it is believed that the Bayes linear methodology can offer support to decision makers. An in-depth analysis of the problem will then be given documenting the steps taken in the project and how future decision makers can apply the methodology. A brief summary will then be given as to possible future work for those interested in the Bayes linear methodology

Bayesian belief network model for the safety assessment of nuclear computer-based systems

The formalism of Bayesian Belief Networks (BBNs) is being increasingly applied to probabilistic modelling and decision problems in a widening variety of fields. This method provides the advantages of a formal probabilistic model, presented in an easily assimilated visual form, together with the ready availability of efficient computational methods and tools for exploring model consequences. Here we formulate one BBN model of a part of the safety assessment task for computer and software based nuclear systems important to safety. Our model is developed from the perspective of an independent safety assessor who is presented with the task of evaluating evidence from disparate sources: the requirement specification and verification documentation of the system licensee and of the system manufacturer; the previous reputation of the various participants in the design process; knowledge of commercial pressures;information about tools and resources used; and many other sources. Based on these multiple sources of evidence, the independent assessor is ultimately obliged to make a decision as to whether or not the system should be licensed for operation within a particular nuclear plant environment. Our BBN model is a contribution towards a formal model of this decision problem. We restrict attention to a part of this problem: the safety analysis of the Computer System Specification documentation. As with other BBN applications we see this modelling activity as having several potential benefits. It employs a rigorous formalism as a focus for examination, discussion, and criticism of arguments about safety. It obliges the modeller to be very explicit about assumptions concerning probabilistic dependencies, correlations, and causal relationships. It allows sensitivity analyses to be carried out. Ultimately we envisage this BBN, or some later development of it, forming part of a larger model, which might well take the form of a larger BBN model, covering all sources of evidence about pre-operational life-cycle stages. This could provide an integrated model of all aspects of the task of the independent assessor, leading up to the final judgement about system safety in a particular context. We expect to offer some results of this further work later in the DeVa project

Interplay of Misuse Case and Fault Tree Analysis for Security and Safety Analysis

Ohutus ja turvalisus infosüsteemides muutuvad aasta-aastalt üha olulisemaks. Seda seetõttu, et kaasaegsed infosüsteemid on üha enam levinud veebiteenustes, -võrgustikes ja –pilvedes. Ohutuse seisukohalt olulisi süsteeme, mida ei ole varem Internetis kasutatud, tehakse ümber, et muuta neid kasuatatvaks Internetis. Selle tulemusena on tekkinud vajadus leida uusi meetodeid, mis kindlustaks nii ohutuse kui turvalisuse tarkvarasüsteemides. Kui ohutust ja turvalisust ei käsitleta koos, võivad nad riske suurendada – olukorra ohutuks muutmine võib tekitada riski turvalisuses ning sellest tekib probleem. Näiteks lukustatud uksed ühiselamutes turvalisuse huvides, kaitsmaks sealseid elanikke röövide ning muude võimalike kuritegude eest. Uste avamiseks kasutavad ühiselamu elanikud kaarte, mis uksed avavad. Tulekahju korral aga avanevad uksed ohutuse eesmärgil automaatselt ning kurjategijad, lülitades sisse tuletõrjealarmi, pääsevad ühiselamu elanike vara juurde.Antud uurimistöös antakse ülevaade ohutusest ja turvalisusest kui ühtsest süsteemist, määratledes ohutuse ja turvalisuse mõisted ning otsides võimalikke viise nende integreerimiseks, arendades koosmõju ohutuse ja turvalisuse vahel kasutades misuse case´i ja fault tree analysis´i. Töös selgitatakse fault tree analysis´i sobivust ohutuse domeeni mudelisse ja püütakse leida koosmõju fault tree analysis´i ja misuse case´i tehnikate vahel. Kasutades nii ohutuse kui turvalisuse domeenimudeleid ning tekitades koosmõju tehnikate vahel, on oodatud tulemuseks ohutuse ja turvalisuse probleemi lahendamine tarkvarasüsteemides. Usutavasti aitab antud uurimistöö kaasa ohutuse ja turvalisuse integreerimisvõimaluste leidmisele selgitades fault tree analysis sobivust ohutuse domeenimudelisse, kasutades misuse case´i ja information security risk management´i seost ja kooskõlastades seda misuse case´i tehnikaga Samuti selgitatakse töös uut metoodikat, kuidas kasutada fault tree analysis-d ja misuse case´i selleks, et saavutada nii ohutus kui turvalisus kaasaegsetes infosüsteemides. Lisaks sellele testiti töös selgitatud sobivust usaldusväärse stsenaariumi korral, mis kinnitab sobivuse paikapidavust.Nowadays safety and security are becoming more and more important because of the fact that modern information systems are increasingly distributed over web-services, grids and clouds. Safety critical systems that were not utilizing usage over Internet are being re-engineered in order to be use over Internet. As a consequence of this situation there is need of new methods that cover both security and safety aspects of software systems, since these systems are used in transportation, health and process control systems that arises risk of physical injury or environmental damage. Additionally when safety and security aspects are not considered together they may violate each other while one situation is making a case safe it may violate security and this is a problem. Such as in the sample of lock doors at dormitories for security purpose to protect inhabitants against robbery and some other possible crimes, those inhabitants of dormitories use distance keys to unlock them but in case of a fire situation in the building for safety purposes these lock doors are unlocking themselves and by activating fire alarms attackers can get access to inhabitants properties. In current thesis we introduce integrated domain models of security and safety, extracting definitions from safety and security domains and finding possible pairs to integrate. Developing interplays between security and safety technique that is misuse cases and fault tree analysis. We demonstrate alignment of fault tree analysis to safety domain model and making interplay between techniques from fault tree analysis to misuse cases. By using the domain models of both security and safety and making interplay between techniques we proposed an integrated technique we expect to solve the problem to cover both safety aspects of software system benefiting from complementary strengths of security domain model and techniques. We believe that our study is contributing to the integration attempts of security and safety techniques by illustrating alignment of fault tree analysis with safety domain model benefitting from misuse cases and information security risk management relationship and making interplay with misuse case technique. And also we illustrate a new methodology on how to use fault tree analysis and misuse cases in order to elicit safety concerns in a new information system by having interplay with misuse case. Moreover, we test correctness of our methodology by making results comparison of a safety risk analyze done

Requirements Elicitation for Barrier Monitoring System

Master's thesis in Industrial asset managementThe activities undertaken by operator companies in the Norwegian Continental Shelf pose a very high risk to human life and the environment. Leading causes of accidents are poor maintenance, inadequate risk assessment and failure of barrier safety valves. A combination of all the listed accident causes are investigated with a focus on barrier valves (PMV, PWV, DHSV). Despite the fact that PSA has defined regulations and recommended standards related to barriers managements, operators in the Norwegian continental shelf still fail to implement the regulatory requirements regarding safety barriers. This stems from challenges related to interpretation and uncertainty of barrier testing requirements. Challenges related to interpreting barrier requirements arise from terminological inconsistencies or the use of non-standard syntax in documenting requirements. The purpose of this study was to illuminate the challenges encountered by operator companies in adhering to standards recommended by Petroleum Safety Authority of Norway. There will be a focus on clarity of testing requirements from standards, technical challenges which prevent standard adherence and technical capabilities of current condition monitoring systems. To understand how these requirements and generate primary data, semi-structured interviews (with customers or via representative) were performed to get specific clarification and standard based requirements, customer-based requirements are analyzed and verified. Secondary data was also collected and analyzed from di erent case studies. The requirements elicitation discovered that companies preferred to follow NOR-SOK D-10 as opposed to PSAN recommendation of NOG 070, since NOG 070 gives little weight to uncertainties during PFD calculation. Commonest failure modes cited during valve failure were mechanical failure due to leakage, general mechanical failure and corrosion. Findings also suggested that operator companies did not follow the maintenance procedure strictly. Also, condition monitoring systems provided by monitoring service providers did not could not detect certain failure modes that operators faced

Software Architecture: Managing Design for Achieving Warfighter Capability

Proceedings Paper (for Acquisition Research Program)Software engineers will typically spend 50% or more of the total software development time designing software architecture, and that architecture may provide up to 80% of a modern weapon system''s functionality. Increasingly, these systems will operate within a network or other system-of-systems architecture. Obviously, the requirements driving that architectural design effort and the process for tracing requirement to functions, insight into the process, and control of the effort are critical for the successful development of the capability needed by the warfighter.Naval Postgraduate School Acquisition Research ProgramApproved for public release; distribution is unlimited

A META ANALYSIS OF CONTINGENT VALUES FOR GROUNDWATER QUALITY IN THE UNITED STATES

This paper provides an overview and a meta analysis of existing US contingent valuation studies of groundwater quality. Using 108 observations from 14 studies, core economic variables, risk variables, and elicitation effects are found to systematically influence groundwater values. Other research design features are also investigated.Resource /Energy Economics and Policy,