Formal development and evaluation of narrow passageway system operations

This study applies a new intelligent transportation methodology for transforming informal operations concepts for narrow passageway systems into system-level designs, which will formal enough to support automated validation of anticipated component- and system-level behaviours. Models and specifications of behaviour are formally designed as labelled transition systems. Each object is the management system is assumed to have behaviour that can be defined by a finite state machine; thus, the waterway management system architecture is modelled as a network of communicating finite state machines. Architecture-level behaviours are validated using the Labelled Transition System Analyzer (LTSA). We exercise the methodology by working step by step through the synthesis and validation of a high-level behaviour model for a vessel passing through a waterway network (i.e., canal)

A framework for pathologies of message sequence charts

This is the post-print version of the final paper published in Information Software and Technology. The published article is available from the link below. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. Copyright @ 2012 Elsevier B.V.Context - It is known that a Message Sequence Chart (MSC) specification can contain different types of pathology. However, definitions of different types of pathology and the problems caused by pathologies are unclear, let alone the relationships between them. In this circumstance, it can be problematic for software engineers to accurately predict the possible problems that may exist in implementations of MSC specifications and to trace back to the design problems in MSC specifications from the observed problems of an implementation. Objective - We focus on generating a clearer view on MSC pathologies and building formal relationships between pathologies and the problems that they may cause. Method - By concentrating on the problems caused by pathologies, a categorisation of problems that a distributed system may suffer is first introduced. We investigate the different types of problems and map them to categories of pathologies. Thus, existing concepts related to pathology are refined and necessary concepts in the pathology framework are identified. Finally, we formally prove the relationships between the concepts in the framework. Results - A pathology framework is established as desired based on a restriction that considers problematic scenarios with a single undesirable event. In this framework, we define disjoint categories of both pathologies and the problems caused; the identified types of pathology are successfully mapped to the problems that they may cause. Conclusion - The framework achieved in this paper introduces taxonomies into and clarifies relationships between concepts in research on MSC pathologies. The taxonomies and relationships in the framework can help software engineers to predict problems and verify MSC specifications. The single undesirable event restriction not only enables a categorisation of pathological scenarios, but also has the potential practical benefit that a software engineer can concentrate on key problematic scenarios. This may make it easier to either remove pathologies from an MSC specification MM or test an implementation developed from MM for potential problems resulting from such pathologies

Goal sketching with activity diagrams

Goal orientation is acknowledged as an important paradigm in requirements engineering. The structure of a goal-responsibility model provides opportunities for appraising the intention of a development. Creating a suitable model under agile constraints (time, incompleteness and catching up after an initial burst of creativity) can be challenging. Here we propose a marriage of UML activity diagrams with goal sketching in order to facilitate the production of goal responsibility models under these constraints

A formal framework of human–machine interaction in proactive maintenance – MANTIS experience

The general concept of MANTIS project is to provide a proactive maintenance service platform architecture that allows to monitor essential system parameters and schedule maintenance in order to predict and prevent imminent failures. Human–machine interaction (HMI) is an important integral part of the platform by providing the right information in the right modality to the users when needed. As MANTIS comprises 11 distinct industrial use cases, the design of such HMI presents a great challenge. The framework presented in this paper originates from the scenariobased design and can be treated as a part of the overall scenario-based usability engineering approach. The framework has been conceived from an extensive list of HMI features extracted from the descriptions of use-case scenarios provided by each industrial partner. Due to the broad range of representative industry environments including production asset maintenance, vehicle maintenance, energy production management and health equipment maintenance we believe that the resulting HMI framework can be applied in different cases in practice and the paper would also be of general interest to the readers

Synthesis and distribution of modal transition systems from triggered scenarios

Synthesis of operational behaviour models from scenario-based specifications has been extensively studied. Focus has been mainly on either existential or universal interpretations. Existing model synthesis techniques use traditional two-valued behaviour models such as Labeled Transition Systems (LTS). We propose a scenario-based language that supports both existential and universal interpretations for conditional scenarios. We show that LTS are not sufficiently expressive to accommodate such languages and shift the target of synthesis to Modal Transition Systems (MTS), an extension of LTS that can distinguish between required, unknown and proscribed behaviour to capture the semantics of existential and universal scenarios. MTSs support elaboration of behaviour models through refinement, which complements an incremental elicitation process suitable for specifying behaviour with scenario-based notations. The synthesis algorithm that we define constructs an MTS that uses refinement to characterise all the LTS models that satisfy a mixed, conditional existential and universal scenario-based specification. In order to capture all permissible implementations, model MTSs of component based systems are given at the system level. However, iterative refinement by engineers is often more convenient at the component level. We address the problem of decomposing partial behaviour models from a single monolithic model to a component model. We prove that a sound and complete distribution can be built when the MTS to be distributed is deterministic, transition modalities are consistent and the LTS determined by its possible transitions is distributable. We show how this combination of scenario language, synthesis, MTSs, and distribution supports behaviour model elaboration.Open Acces

Requirement validation with enactable descriptions of use cases.

The validation of stakeholder requirements for a software system is a pivotal activity for any nontrivial software development project. Often, differences in knowledge regarding development issues, and knowledge regarding the problem domain, impede the elaboration of requirements amongst developers and stakeholders. A description technique that provides a user perspective of the system behaviour is likely to enhance shared understanding between the developers and stakeholders. The Unified Modelling Language (UML) use case is such a notation. Use cases describe the behaviour of a system (using natural language) in terms of interactions between the external users and the system. Since the standardisation of the UML by the Object Management Group in 1997, much research has been devoted to use cases. Some researchers have focussed on the provision of writing guidelines for use case specifications whereas others have focussed on the application of formal techniques. This thesis investigates the adequacy of the use case description for the specification and validation of software behaviour. In particular, the thesis argues that whereas the user-system interaction scheme underpins the essence of the use case notation, the UML specification of the use case does not provide a mechanism by which use cases can describe dependencies amongst constituent interaction steps. Clarifying these issues is crucial for validating the adequacy of the specification against stakeholder expectations. This thesis proposes a state-based approach (the Educator approach) to use case specification where constituent events are augmented with pre and post states to express both intra-use case and inter-use case dependencies. Use case events are enacted to visualise implied behaviour, thereby enhancing shared understanding among users and developers. Moreover, enaction provides an early "feel" of the behaviour that would result from the implementation of the specification. The Educator approach and the enaction of descriptions are supported by a prototype environment, the EducatorTool, developed to demonstrate the efficacy and novelty of the approach. To validate the work presented in this thesis an industrial study, involving the specification of realtime control software, is reported. The study involves the analysis of use case specifications of the subsystems prior to the application of the proposed approach, and the analysis of the specification where the approach and tool support are applied. This way, it is possible to determine the efficacy of the Educator approach within an industrial setting

A Collaboration-based Approach to Service Specification and Detection of Implied Scenarios

ABSTRACT Methods for service specification should be simple and intuitive. At the same time they should be precise and allow early validations to be performed, in order to detect inconsistencies as early as possible in the service development cycle. In this paper we present a service specification approach based on UML 2.0 collaborations. It aims to be a constructive approach, rather than a corrective one, as it is intended to promote understanding and help reducing the number of specification errors. We also address the detection of implied scenarios from collaboration-based service specifications, and propose an approach that limits the state explosion problem. This is possible since the detection analysis is modular and it is performed at a high-level of abstraction

Architecture-centric testing for security

This thesis presents a novel architecture-centric approach, which uses Implied Scenarios (IS) to detect design-vulnerabilities in the software architecture. It reviews security testing approaches, and draws on their limitations in addressing unpredictable behaviour in the face of evolution. The thesis introduces the concept of Security ISs as unanticipated (possibly malicious) behaviours that indicate potential insecurities in the architecture. The IS approach uses the architecture as the appropriate level of abstraction to tackle the complexity of testing. It provides potential for scalability to test large scale complex applications. It proposes a three-phased method for security testing: (1) Detecting design-level vulnerabilities in the architecture in an incremental manner by composing functionalities as they evolve. (2) Classifying the impact of detected ISs on the security of the architecture. (3) Using the detected ISs and their impact to guide the refinement of the architecture. The refinement is test-driven and incremental, where refinements are tested before they are committed. The thesis also presents SecArch, an extension to the IS approach to enhance its search-space to detect hidden race conditions. The thesis reports on the applications of the proposed approach and its extension to three case studies for testing the security of distributed and cloud architectures in the presence of uncertainty in the operating environment, unpredictability of interaction and possible security IS

Early aspects: aspect-oriented requirements engineering and architecture design

This paper reports on the third Early Aspects: Aspect-Oriented Requirements Engineering and Architecture Design Workshop, which has been held in Lancaster, UK, on March 21, 2004. The workshop included a presentation session and working sessions in which the particular topics on early aspects were discussed. The primary goal of the workshop was to focus on challenges to defining methodical software development processes for aspects from early on in the software life cycle and explore the potential of proposed methods and techniques to scale up to industrial applications