Situation-oriented requirements engineering

The establishment of smart environments, Internet of Things (IoT) and socio-technical systems has introduced many challenges to the software development process. One such main challenge is software requirements gathering which needs to address issues in a broader spectrum than traditional standalone software development. Consideration of bigger picture that includes software, its domain, the components of the domains and especially the interactions between the software and the surrounding domain components, including both human and other systems entities, is essential to gathering reliable requirements. However, most of the traditional Requirements Engineering approaches lack such comprehensive overlook of the overall view. The main objective of this work is to introduce a human-centered approach to Requirements Engineering in order to push the boundaries of traditional concepts to be more suitable for use in the development of modern socio-technical systems in smart environments. A major challenge of introducing a human-centered approach is to effectively identify the related human factors; especially, since each individual has unique desires, goals, behaviors. Our proposed solution is to use the observational data sets generated by smart environments as a resource to extract individual\u27s unique personalities and behaviors related to the software design. The concept of situations defined in our earlier study is used to represent the human and domain related aspects including human desires, goals, beliefs, interactions with the system and the constrained environment. In the first stage of this work, a computational model called situation-transition structure is developed to understand the discrete factors and behavior patterns of individuals through the observational data. During the second stage, the information mined from the situation transition structure is applied to propose new human-centered approaches to support main Requirements Engineering concepts: requirements elicitation, risk management, and prioritization. The pertinence of the proposed work is illustrated through some case studies. The conclusion asserts some of the future research direction

Training of Crisis Mappers and Map Production from Multi-sensor Data: Vernazza Case Study (Cinque Terre National Park, Italy)

This aim of paper is to presents the development of a multidisciplinary project carried out by the cooperation between Politecnico di Torino and ITHACA (Information Technology for Humanitarian Assistance, Cooperation and Action). The goal of the project was the training in geospatial data acquiring and processing for students attending Architecture and Engineering Courses, in order to start up a team of "volunteer mappers". Indeed, the project is aimed to document the environmental and built heritage subject to disaster; the purpose is to improve the capabilities of the actors involved in the activities connected in geospatial data collection, integration and sharing. The proposed area for testing the training activities is the Cinque Terre National Park, registered in the World Heritage List since 1997. The area was affected by flood on the 25th of October 2011. According to other international experiences, the group is expected to be active after emergencies in order to upgrade maps, using data acquired by typical geomatic methods and techniques such as terrestrial and aerial Lidar, close-range and aerial photogrammetry, topographic and GNSS instruments etc.; or by non conventional systems and instruments such us UAV, mobile mapping etc. The ultimate goal is to implement a WebGIS platform to share all the data collected with local authorities and the Civil Protectio

Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS - a collection of Technical Notes Part 1

This report provides an introduction and overview of the Technical Topic Notes (TTNs) produced in the Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS (Tigars) project. These notes aim to support the development and evaluation of autonomous vehicles. Part 1 addresses: Assurance-overview and issues, Resilience and Safety Requirements, Open Systems Perspective and Formal Verification and Static Analysis of ML Systems. Part 2: Simulation and Dynamic Testing, Defence in Depth and Diversity, Security-Informed Safety Analysis, Standards and Guidelines

A bi-directional analysis technique for software safety and software security

With the recent rapid development of software technology, safety-critical and security-critical software is playing a more important role in people\u27s lives. The importance of system safety and system security has promoted much research on systematic techniques to develop complete safety and security requirements. Among the techniques used in the analysis of the software safety, bi-directional analysis has shown promise in security requirement analysis. This method combines a forward search from potential failure modes to their effects with a backward search from feasible hazards to the contributing causes of each hazard. We use bi-directional analysis to investigate the requirements for two applications in the areas of safety analysis and security analysis. The two contributions of this work both involve the application of the bi-directional analysis and develop systematic methods to apply it to these two different types of non-functional requirements analysis. The first application is to construct a systematic safety requirements analysis technique for a smart door product line. The final results include a reusable safety analysis and the discovery of missing safety requirements. The second application investigates a systematic security requirements technique for a Delay Tolerant Network protocol called the Bundle Protocol. This work improves an existing security analysis technique by integrating it with the bi- directional analysis to demonstrate and challenge the correctness and completeness of the resulting security requirements specifications. We also report the discovery of missing security requirements and the remediation of the security requirements. Both applications explore the technique of applying bi-directional analysis to software safety analysis and software security analysis and find that the bi-directional analysis assists in finding incorrect and incomplete requirements

Threat Assessment and Risk Analysis (TARA) for Interoperable Medical Devices in the Operating Room Inspired by the Automotive Industry

Prevailing trends in the automotive and medical device industry, such as life cycle overarching configurability, connectivity, and automation, require an adaption of development processes, especially regarding the security and safety thereof. The changing requirements imply that interfaces are more exposed to the outside world, making them more vulnerable to cyberattacks or data leaks. Consequently, not only do development processes need to be revised but also cybersecurity countermeasures and a focus on safety, as well as privacy, have become vital. While vehicles are especially exposed to cybersecurity and safety risks, the medical devices industry faces similar issues. In the automotive industry, proposals and draft regulations exist for security-related risk assessment processes. The medical device industry, which has less experience in these topics and is more heterogeneous, may benefit from drawing inspiration from these efforts. We examined and compared current standards, processes, and methods in both the automotive and medical industries. Based on the requirements regarding safety and security for risk analysis in the medical device industry, we propose the adoption of methods already established in the automotive industry. Furthermore, we present an example based on an interoperable Operating Room table (OR table)

Meeting the challenges of decentralized embedded applications using multi-agent systems

International audienceToday embedded applications become large scale andstrongly constrained. They require a decentralized embedded intelligencegenerating challenges for embedded systems. A multi-agent approach iswell suited to model and design decentralized embedded applications.It is naturally able to take up some of these challenges. But somespecific points have to be introduced, enforced or improved in multiagentapproaches to reach all features and all requirements. In thisarticle, we present a study of specific activities that can complementmulti-agent paradigm in the ”embedded” context.We use our experiencewith the DIAMOND method to introduce and illustrate these featuresand activities

A Reasoning Framework for Dependability in Software Architectures

The degree to which a software system possesses specified levels of software quality attributes, such as performance and modifiability, often have more influence on the success and failure of those systems than the functional requirements. One method of improving the level of a software quality that a product possesses is to reason about the structure of the software architecture in terms of how well the structure supports the quality. This is accomplished by reasoning through software quality attribute scenarios while designing the software architecture of the system. As society relies more heavily on software systems, the dependability of those systems becomes critical. In this study, a framework for reasoning about the dependability of a software system is presented. Dependability is a multi-faceted software quality attribute that encompasses reliability, availability, confidentiality, integrity, maintainability and safety. This makes dependability more complex to reason about than other quality attributes. The goal of this reasoning framework is to help software architects build dependable software systems by using quantitative and qualitative techniques to reason about dependability in software architectures

Quality modelling and metrics of Web-based information systems

In recent years, the World Wide Web has become a major platform for software applications. Web-based information systems have been involved in many areas of our everyday life, such as education, entertainment, business, manufacturing, communication, etc. As web-based systems are usually distributed, multimedia, interactive and cooperative, and their production processes usually follow ad-hoc approaches, the quality of web-based systems has become a major concern. Existing quality models and metrics do not fully satisfy the needs of quality management of Web-based systems. This study has applied and adapted software quality engineering methods and principles to address the following issues, a quality modeling method for derivation of quality models of Web-based information systems; and the development, implementation and validation of quality metrics of key quality attributes of Web-based information systems, which include navigability and timeliness. The quality modeling method proposed in this study has the following strengths. It is more objective and rigorous than existing approaches. The quality analysis can be conducted in the early stage of system life cycle on the design. It is easy to use and can provide insight into the improvement of the design of systems. Results of case studies demonstrated that the quality modeling method is applicable and practical. Practitioners can use the modeling method to develop their own quality models. This study is amongst the first comprehensive attempts to develop quality measurement for Web-based information systems. First, it identified the relationship between website structural complexity and navigability. Quality metrics of navigability were defined, investigated and implemented. Empirical studies were conducted to evaluate the metrics. Second, this study investigated website timeliness and attempted to find direct and indirect measures for the quality attribute. Empirical studies for validating such metrics were also conducted. This study also suggests four areas of future research that may be fruitful