23 research outputs found
Recommended from our members
Progressing problems from requirements to specifications in problem frames
One of the problems with current practice in software development is that often customer requirements are not well captured, understood and analysed, and there is no clear traceable path from customer requirements to software specifications. This often leads to a mismatch between what the customer needs and what the software developer understands the customer needs.
In addition to capturing, understanding and analysing requirements, requirements engineering (RE) aims to provide methods to allow software development practitioners to derive software specifications from requirements. Although work exists towards this aim, the systematic derivation of specifications from requirements is still an open problem.
This thesis provides practical techniques to implement the idea of problem progression as the basis for transforming requirements into specifications. The techniques allow us to progress a software problem towards identifying its solution by carefully investigating the problem context and re-expressing the requirement statement until a specification is reached. We develop two classes of progression techniques, one formal, based on Hoareâs Communicating Sequential Processes (CSP), and one semi-formal, based on a notion of causality between events. The case studies in this thesis provide some validation for the techniques we have developed
Managing security control assumptions using causal traceability
Security control specifications of software systems are designed to meet their security requirements. It is difficult to know both the value of assets and the malicious intention of attackers at design time, hence assumptions about the operational environment often reveal unexpected flaws. To diagnose the causes of violations in security requirements it is necessary to check these design-time assumptions. Otherwise, the system could be vulnerable to potential attacks. Addressing such vulnerabilities requires an explicit understanding of how the security control specifications were defined from the original security requirements. However, assumptions are rarely explicitly documented and monitored during system operation. This paper proposes a systematic approach to monitoring design-time assumptions explicitly as logs, by using traceability links from requirements to specifications. The work also helps identify which alternative specifications of security control can be used to satisfy a security requirement that has been violated based on the logs.
The work is illustrated by an example of an electronic patient record system
Rapid Development: A Content Analysis Comparison of Literature and Purposive Sampling of Rapid Reaction Projects
In the current environment of military operations requesting short development timelines to counter insurgent tactics, the engineering team often searches for ways to deliver the â80% solutionâ, typically in 6-12 months. These are labeled rapid development projects. A content analysis of best practices in commercial product development literature, where time to market is often a driving factor, was accomplished showing varying emphasis of systems engineering (SE) technical and technical management processes. This analysis confirms a preconceived notion of âplan upfront and earlyâ by emphasizing Stakeholder Requirements Definition, Architecture Design and Technical Planning. A purposive sampling of Air Force Research Laboratory rapid development project managers and engineers was conducted to identify important SE processes and then compared to the literature content analysis. The results of this sampling did not strongly emphasize one process over another, however Architecture Design and Implementation scored higher among Technical Processes. Decision Analysis, Technical Planning, Technical Assessment and Data Management scored slightly higher among Technical Management Processes. Anecdotal evidence also emphasized iterating prototype designs based on early customer feedback, focusing mostly on managing critical risks and holding frequent early reviews until trust is built in the team
Advanced flight control system study
A fly by wire flight control system architecture designed for high reliability includes spare sensor and computer elements to permit safe dispatch with failed elements, thereby reducing unscheduled maintenance. A methodology capable of demonstrating that the architecture does achieve the predicted performance characteristics consists of a hierarchy of activities ranging from analytical calculations of system reliability and formal methods of software verification to iron bird testing followed by flight evaluation. Interfacing this architecture to the Lockheed S-3A aircraft for flight test is discussed. This testbed vehicle can be expanded to support flight experiments in advanced aerodynamics, electromechanical actuators, secondary power systems, flight management, new displays, and air traffic control concepts
Leading Edge Boundary Layer Suction Device for the Cal Poly Rolling Road Wind Tunnel
Over the course of three quarters from Fall of 2016 to Spring of 2017, our team designed and built a boundary layer suction device. The boundary layer suction device has three main functions: a scoop that redirects most of the boundary layer air out of the wind tunnel, fans that suck the remaining boundary layer air through a porous plate and ducting and out of the wind tunnel, and a transition bridge that transitions the remaining air smoothly onto the rolling road. The wind tunnel is owned by Cal Poly and the rolling road is a new addition to it. By the end of our project, the rolling road was not yet functional. A variable-frequency drive (VFD) will be installed over the summer and belt suction fans will also be installed. Once these are in place, the rolling road can be used.
We were successful in building our device and installing it, but once the rolling road is functional, further iterations can be made on our device. The framing and ducting will likely stay in place without further iterations. However, which fans are used can be changed around. We designed our device with an American Fan model AF-10 in mind, but this fan cannot be used until the VFD is installed. There are other fans that can be repurposed and tested on this device as well, though. And, if necessary, a more powerful fan could be purchased.
The lid, consisting of the scoop, porous plate, and transition bridge, was also designed to be flexible enough for further iterations. All three of its components are separate pieces that fasten to each other and the lid itself is separate from the rest of the assembly and is only meant to attach to it during tests. Two issues could crop up with the scoop: less air than expected being redirected through the scoop, and the scoop creating flow separation. If the latter issue occurs, a new scoop could be made with the angle (currently 10 degrees) reduced. If the former issue occurs, a new scoop could be made with longer overhang, or ducting could be made from where the flow is redirected, to the end of the tunnel.
The following report details the process we went through to make this device. It provides details on the design process, final design analysis, manufacturing results, and test plans that show our progress from project ideation all the way to design acceptance and verification
OpenUP/MDRE: A Model-Driven Requirements Engineering Approach for Health-Care Systems
The domains and problems for which it would be desirable to introduce information systems are currently very complex and the software development process is thus of the same complexity. One of these domains is health-care. Model-Driven Development (MDD) and Service-Oriented Architecture (SOA) are software development approaches that raise to deal with complexity, to reduce time and cost of development, augmenting flexibility and interoperability. However, many techniques and approaches that have been introduced are of little use when not provided under a formalized and well-documented methodological umbrella. A methodology gives the process a well-defined structure that helps in fast and efficient analysis and design, trouble-free implementation, and finally results in the software product improved quality.
While MDD and SOA are gaining their momentum toward the adoption in the software industry, there is one critical issue yet to be addressed before its power is fully realized. It is beyond dispute that requirements engineering (RE) has become a critical task within the software development process. Errors made during this process may have negative effects on subsequent development steps, and on the quality of the resulting software. For this reason, the MDD and SOA development approaches should not only be taken into consideration during design and implementation as usually occurs, but also during the RE process.
The contribution of this dissertation aims at improving the development process of health-care applications by proposing OpenUP/MDRE methodology. The main goal of this methodology is to enrich the development process of SOA-based health-care systems by focusing on the requirements engineering processes in the model-driven context. I believe that the integration of those two highly important areas of software engineering, gathered in one consistent process, will provide practitioners with many benets. It is noteworthy that the approach presented here was designed for SOA-based health-care applications, however, it also provides means to adapt it to other architectural paradigms or domains. The OpenUP/MDRE approach is an extension of the lightweight OpenUP methodology for iterative, architecture-oriented and model-driven software development. The motivation for this research comes from the experience I gained as a computer science professional working on the health-care systems. This thesis also presents a comprehensive study about: i) the requirements engineering methods and techniques that are being used in the context of the model-driven development, ii) known generic but flexible and extensible methodologies, as well as approaches for service-oriented systems development, iii) requirements engineering techniques used in the health-care industry. Finally, OpenUP/MDRE was applied to a concrete industrial health-care project in order to show the feasibility and accuracy of this methodological approach.Loniewski, G. (2010). OpenUP/MDRE: A Model-Driven Requirements Engineering Approach for Health-Care Systems. http://hdl.handle.net/10251/11652Archivo delegad
Recommended from our members
Problem Oriented Engineering for Software Safety
Safety critical systems must satisfy stringent safety standards and there development requires the use of specialist safe software system development (SSSD) approaches as the complexity and penetration of these systems increases. These SSSD approaches satisfy certain useful properties that make them suitable for safety system development. The first objective of this thesis is to select a candidate SSSD approach and evaluate its capabilities against a set of useful properties identified from reviewing a group of existing SSSD approaches, and thus show that this candidate SSSD approach is appropriate for use in safety system development.
In addition, a second objective is to use this candidate SSSD approach to improve the early life cycle phase of an existing industrial safety development process used to develop embedded avionics applications. In particular to allow issues to be resolved earlier in the development, which are currently not being uncovered until much later in the development when they are much more difficult and expensive to correct. This involved the identification of further properties and issues that the candidate SSSD approach must address.
The overall aim is to demonstrate that this candidate SSSD approach can be used in the early phase of a safety system development to derive a validated specification that can be subjected to safety analysis to show that it satisfies the identified system safety properties and thus forms a viable basis for the rest of the development
Improving knowledge about the risks of inappropriate uses of geospatial data by introducing a collaborative approach in the design of geospatial databases
La disponibilitĂ© accrue de lâinformation gĂ©ospatiale est, de nos jours, une rĂ©alitĂ© que plusieurs organisations, et mĂȘme le grand public, tentent de rentabiliser; la possibilitĂ© de rĂ©utilisation des jeux de donnĂ©es est dĂ©sormais une alternative envisageable par les organisations compte tenu des Ă©conomies de coĂ»ts qui en rĂ©sulteraient. La qualitĂ© de donnĂ©es de ces jeux de donnĂ©es peut ĂȘtre variable et discutable selon le contexte dâutilisation. Lâenjeu dâinadĂ©quation Ă lâutilisation de ces donnĂ©es devient dâautant plus important lorsquâil y a disparitĂ© entre les nombreuses expertises des utilisateurs finaux de la donnĂ©e gĂ©ospatiale. La gestion des risques dâusages inappropriĂ©s de lâinformation gĂ©ospatiale a fait lâobjet de plusieurs recherches au cours des quinze derniĂšres annĂ©es. Dans ce contexte, plusieurs approches ont Ă©tĂ© proposĂ©es pour traiter ces risques : parmi ces approches, certaines sont prĂ©ventives et dâautres sont plutĂŽt palliatives et gĂšrent le risque aprĂšs l'occurrence de ses consĂ©quences; nĂ©anmoins, ces approches sont souvent basĂ©es sur des initiatives ad-hoc non systĂ©miques. Ainsi, pendant le processus de conception de la base de donnĂ©es gĂ©ospatiale, lâanalyse de risque nâest pas toujours effectuĂ©e conformĂ©ment aux principes dâingĂ©nierie des exigences (Requirements Engineering) ni aux orientations et recommandations des normes et standards ISO. Dans cette thĂšse, nous Ă©mettons l'hypothĂšse quâil est possible de dĂ©finir une nouvelle approche prĂ©ventive pour lâidentification et lâanalyse des risques liĂ©s Ă des usages inappropriĂ©s de la donnĂ©e gĂ©ospatiale. Nous pensons que lâexpertise et la connaissance dĂ©tenues par les experts (i.e. experts en geoTI), ainsi que par les utilisateurs professionnels de la donnĂ©e gĂ©ospatiale dans le cadre institutionnel de leurs fonctions (i.e. experts du domaine d'application), constituent un Ă©lĂ©ment clĂ© dans lâĂ©valuation des risques liĂ©s aux usages inadĂ©quats de ladite donnĂ©e, dâoĂč lâimportance dâenrichir cette connaissance. Ainsi, nous passons en revue le processus de conception des bases de donnĂ©es gĂ©ospatiales et proposons une approche collaborative dâanalyse des exigences axĂ©e sur lâutilisateur. Dans le cadre de cette approche, lâutilisateur expert et professionnel est impliquĂ© dans un processus collaboratif favorisant lâidentification a priori des cas dâusages inappropriĂ©s. Ensuite, en passant en revue la recherche en analyse de risques, nous proposons une intĂ©gration systĂ©mique du processus dâanalyse de risque au processus de la conception de bases de donnĂ©es gĂ©ospatiales et ce, via la technique Delphi. Finalement, toujours dans le cadre dâune approche collaborative, un rĂ©fĂ©rentiel ontologique de risque est proposĂ© pour enrichir les connaissances sur les risques et pour diffuser cette connaissance aux concepteurs et utilisateurs finaux. Lâapproche est implantĂ©e sous une plateforme web pour mettre en Ćuvre les concepts et montrer sa faisabilitĂ©.Nowadays, the increased availability of geospatial information is a reality that many organizations, and even the general public, are trying to transform to a financial benefit. The reusability of datasets is now a viable alternative that may help organizations to achieve cost savings. The quality of these datasets may vary depending on the usage context. The issue of geospatial data misuse becomes even more important because of the disparity between the different expertises of the geospatial data end-users. Managing the risks of geospatial data misuse has been the subject of several studies over the past fifteen years. In this context, several approaches have been proposed to address these risks, namely preventive approaches and palliative approaches. However, these approaches are often based on ad-hoc initiatives. Thus, during the design process of the geospatial database, risk analysis is not always carried out in accordance neither with the principles/guidelines of requirements engineering nor with the recommendations of ISO standards. In this thesis, we suppose that it is possible to define a preventive approach for the identification and analysis of risks associated to inappropriate use of geospatial data. We believe that the expertise and knowledge held by experts and users of geospatial data are key elements for the assessment of risks of geospatial data misuse of this data. Hence, it becomes important to enrich that knowledge. Thus, we review the geospatial data design process and propose a collaborative and user-centric approach for requirements analysis. Under this approach, the user is involved in a collaborative process that helps provide an a priori identification of inappropriate use of the underlying data. Then, by reviewing research in the domain of risk analysis, we propose to systematically integrate risk analysis â using the Delphi technique â through the design of geospatial databases. Finally, still in the context of a collaborative approach, an ontological risk repository is proposed to enrich the knowledge about the risks of data misuse and to disseminate this knowledge to the design team, developers and end-users. The approach is then implemented using a web platform in order to demonstrate its feasibility and to get the concepts working within a concrete prototype