Automated completeness check in KAOS

KAOS is a popular and useful goal oriented requirements engineering (GORE) language, which can be used in business requirements modelling, specification, and analysis. Currently, KAOS is being used in areas such as business process modelling, and enterprise architecture (EA). But, an incomplete or malformed KAOS model can result to incomplete and erroneous requirements analysis, which in turn can lead to overall systems failure . Therefore, it is necessary to check that a requirements specification in KAOS language are complete and well formed. The contribution at hand is to provide an automated technique for checking the completeness and well-formed-ness of a requirements specification in KAOS language. Such a technique can be useful, especially to business or requirements analysts in industries and research, to check that requirements specification in KAOS language is well formed

Modelling the Strategic Alignment of Software Requirements using Goal Graphs

This paper builds on existing Goal Oriented Requirements Engineering (GORE) research by presenting a methodology with a supporting tool for analysing and demonstrating the alignment between software requirements and business objectives. Current GORE methodologies can be used to relate business goals to software goals through goal abstraction in goal graphs. However, we argue that unless the extent of goal-goal contribution is quantified with verifiable metrics and confidence levels, goal graphs are not sufficient for demonstrating the strategic alignment of software requirements. We introduce our methodology using an example software project from Rolls-Royce. We conclude that our methodology can improve requirements by making the relationships to business problems explicit, thereby disambiguating a requirement's underlying purpose and value.Comment: v2 minor updates: 1) bitmap images replaced with vector, 2) reworded related work ref[6] for clarit

Role-Based Access Control Using Knowledge Acquisition in Automated Specification

Turvalisust peetakse infosüsteemide üheks aspektiks. RBAC on lähenemine, mis piirab süsteemi ligipääsu ainult autoriseeritud kasutajatele infosüsteemides. Olemasolevad turvalisusmudelite keeled või lähenemised adresseerivad IS-i turvalisust, kuigi olemasolevad keeled või lähenemised tingimata ei kohandu RBAC-i vajadustele. On olemas mitmeid modelleerimiskeeli (nt SecureUML, UMLSec, jne) mis esindavad RBAC-i, kuid nad ei ole koosvõimelised (raske selgitada) ning neid ei ole lihtne võrrelda omavahel. Iga modelleerimiskeel esindab erinevaid perspektiive informatsioonisüsteemides. Pealegi on vajadus ühendada disain ja nõudestaadiumid selleks, et avastada süsteemi turvalisusprobleemid ja analüüsida seotud turvalisuskompromisse varasemates staadiumites. KAOS on eesmärgipõhine nõue tehnikavaatenurgast, et paika panna tarkvara nõuded. Sellel hetkel, KAOS on tulevikus võtmelahendus selleks, et kombineerida nõuded disainipõhimõtetega. Selles teesis me analüüsime KAOS-e võimet kohaneda RBAC-ile. Täpsemalt, me kasutame süstemaatilist lähenemist selleks, et aru saada kuidas KAOS-t on võimalik kasutada nii, et see kohanduks RBAC-ile. Meie uurimistöö põhineb transformatsioonireeglitel KAOS-SecureUML-i ja KAOS-UMLSec-i vahel. Pealegi, läbi nende muutuste näitame me kuidas sobitasime KAOS-e RBAC-ile. Selle uurimistöö esitamisel on mitmeid kasutegureid. Esiteks, see aitab potentsiaalselt mõista kuidas KAOS toimib koos RBAC-iga. Teiseks, see defineerib lähenemise välja meelitada turvanõuetele IS-i varajastes arendusfaasides RBAC-i jaoks. See rakendab meie tulemused juhtumuuringus selleks, et mõõta määratletud lähenemise õigsust. Kolmandaks, see transformatsioon KAOS-est/KAOS-eni aitaks IS arendajaid ja teistel süsteemi osanikel (nt süsteemianalüütikuid, süsteemi administraatoreid jne) mõista kui tähtsad need turvalisuslähenemised on ja millistel on rohkem eeliseid/puudusi. Me planeerime kehtestada oma tulemused selleks, et reegleid ja modeleid muuta olenevalt nende õigsust, mida mõõdetakse. Viimaseks, me oleme võimelised õigustama oma disainistaadiumit nõudmise staadiumiga.Security is considered to be an aspect of information systems. Role-based access control (RBAC) is an approach to restricting system access to authorized users in information systems. Existing security modeling languages and/or approaches address the security of the IS, however existing languages or approaches do not necessarily conforms to the needs of RBAC. There are several modeling languages (e.g. SecureUML, UMLSec, etc.) to represent RBAC but they are not interoperable and it is not easy to compare one with another. Each modeling language represents different perspectives on information systems. Besides, there is a need to merge design and requirement stages in order to discover system security concerns and analyze related security trade-offs at the earlier stages. Knowledge acquisition in automated specification (KAOS) is a goal oriented requirement engineering approach to elicit software requirements. In this point, KAOS will be a key solution in order to combine requirements with design principles. In this thesis, we will analyze KAOS to apply RBAC. More specifically, we will apply a systematic approach to understand how KAOS can be used to apply RBAC. Our research work will be based on the transformation rules between KAOS-SecureUML and KAOS-UMLSec, and vice versa. Moreover, through these transformations we will show how we aligned KAOS to RBAC. The contribution of this research has several benefits. Firstly, it will potentially help to understand how KAOS could deal with RBAC. Secondly it will define the approach to elicit security requirements for RBAC at early stages of the IS development. This will apply our results in a case study to measure the correctness of the defined approach. Thirdly, the transformations from/to the KAOS would help IS developers and the other system stakeholders (e.g. system analysts, system administrators, etc.) to understand how important these security approaches (KAOS, SecureUML and UMLSec) are and which one has more advantages/disadvantages. We plan to validate our results for transformation rules and the models regarding their correctness that will be measured. Last but not least, we will be able to justify the design stage with requirement stage

Ontology-based methodology for error detection in software design

Improving the quality of a software design with the goal of producing a high quality software product continues to grow in importance due to the costs that result from poorly designed software. It is commonly accepted that multiple design views are required in order to clearly specify the required functionality of software. There is universal agreement as to the importance of identifying inconsistencies early in the software design process, but the challenge is how to reconcile the representations of the diverse views to ensure consistency. To address the problem of inconsistencies that occur across multiple design views, this research introduces the Methodology for Objects to Agents (MOA). MOA utilizes a new ontology, the Ontology for Software Specification and Design (OSSD), as a common information model to integrate specification knowledge and design knowledge in order to facilitate the interoperability of formal requirements modeling tools and design tools, with the end goal of detecting inconsistency errors in a design. The methodology, which transforms designs represented using the Unified Modeling Language (UML) into representations written in formal agent-oriented modeling languages, integrates object-oriented concepts and agent-oriented concepts in order to take advantage of the benefits that both approaches can provide. The OSSD model is a hierarchical decomposition of software development concepts, including ontological constructs of objects, attributes, behavior, relations, states, transitions, goals, constraints, and plans. The methodology includes a consistency checking process that defines a consistency framework and an Inter-View Inconsistency Detection technique. MOA enhances software design quality by integrating multiple software design views, integrating object-oriented and agent-oriented concepts, and defining an error detection method that associates rules with ontological properties

Exploring the impact of software requirements on system-wide goals: a method using satisfaction arguments and i* goal modelling

This paper describes the application of requirements engineering concepts to support the analysis of the impact of new software systems on system-wide goals. Requirements on a new or revised software component of a socio-technical system not only have implications on the goals of the subsystem itself, but they also impact upon the goals of the existing integrated system. In industries such as air traffic management and healthcare, impacts need to be identified and demonstrated in order to assess concerns such as risk, safety, and accuracy. A method called PiLGRIM was developed which integrates means-end relationships within goal modelling with knowledge associated with the application domain. The relationship between domain knowledge and requirements, as described in a satisfaction argument, adds traceability rationale to help determine the impacts of new requirements across a network of heterogeneous actors. We report procedures that human analysts follow to use the concepts of satisfaction arguments in a software tool for i* goal modelling. Results were demonstrated using models and arguments developed in two case studies, each featuring a distinct socio-technical system – a new controlled airspace infringement detection tool for NATS (the UK's air navigation service provider), and a new version of the UK’s HIV/AIDS patient reporting system. Results provided evidence towards our claims that the conceptual integration of i* and satisfaction arguments is usable and useful to human analysts, and that the PiLGRIM impact analysis procedures and tool support are effective and scalable to model and analyse large and complex socio-technical systems