On the interplay between consistency, completeness, and correctness in requirements evolution

The initial expression of requirements for a computer-based system is often informal and possibly vague. Requirements engineers need to examine this often incomplete and inconsistent brief expression of needs. Based on the available knowledge and expertise, assumptions are made and conclusions are deduced to transform this 'rough sketch' into more complete, consistent, and hence correct requirements. This paper addresses the question of how to characterize these properties in an evolutionary framework, and what relationships link these properties to a customer's view of correctness. Moreover, we describe in rigorous terms the different kinds of validation checks that must be performed on different parts of a requirements specification in order to ensure that errors (i.e. cases of inconsistency and incompleteness) are detected and marked as such, leading to better quality requirements. © 2003 Elsevier B.V. All rights reserved

Elicitation and management of user requirements in market-driven software development

Market-driven software development companies experience challenges in requirements management that many traditional requirements engineering methods and techniques do not acknowledge. Large markets, limited contact with end users, and strong competition forces the market-driven software development company to constantly invent new, selling requirements, frequently release new versions with an accompanying pressure of short time-to-market, and take both the technical and financial risks of development. This thesis presents empirical results from case studies in requirements elicitation and management at a software development company. The results include techniques to explore, understand, and handle bottlenecks in the requirements process where requirements continuously arrive at a high rate from many different stakeholders. Through simulation of the requirements process, potential bottlenecks are identified at an early stage, and fruitless improvement attempts may be avoided. Several techniques are evaluated and recommended to support the market-driven organisation in order to increase software quality and avoid process overload situations. It is shown that a quick and uncomplicated in-house usability evaluation technique, an improved heuristic evaluation, may be adequate to get closer to customer satisfaction. Since needs and opportunities differ between markets, a distributed prioritisation technique is suggested that will help the organisation to pick the most cost-beneficial and customer satisfying requirements for development. Finally, a technique based on automated natural language analysis is investigated with the aim to help resolve congestion in the requirements engineering process, yet retaining ideas that may bring a competitive advantage

Requirements Engineering

Requirements Engineering (RE) aims to ensure that systems meet the needs of their stakeholders including users, sponsors, and customers. Often consid- ered as one of the earliest activities in software engineering, it has developed into a set of activities that touch almost every step of the software development process. In this chapter, we reflect on how the need for RE was first recognised and how its foundational concepts were developed. We present the seminal papers on four main activities of the RE process, namely (i) elicitation, (ii) modelling & analysis, (iii) as- surance, and (iv) management & evolution. We also discuss some current research challenges in the area, including security requirements engineering as well as RE for mobile and ubiquitous computing. Finally, we identify some open challenges and research gaps that require further exploration

Capturing System Intentionality with Maps

International audienceConceptual modelling has emerged as a means to capture the relevant aspects of the world on which it is necessary to provide information. Whereas conceptual models succeeded in telling us how to represent some excerpt of the world in informational terms, they failed to guide system analysts in conceptualising purposeful systems, i.e. systems that meet the expectations of their users. This chapter aims to investigate this issue of conceptualising purposeful systems and to discuss the role that goal driven approaches can play to resolve it. It considers the challenge of new systems having a multifaceted purpose and shows how intention/strategy maps help facing this challenge

Integrating requirements prioritization and selection into goal models

Requirements engineering is the first main activity in software development process. It must address the individual goals of the organization. The inadequate, inconsistent, incomplete and ambiguous requirements are main obstacles on the quality of software systems. Goal Oriented Requirements Engineering (GORE) starts with abstracts high level goals. These goals are refined to lower levels until they are assignable to agents. During GORE analysis, decisions need to be made among alternatives at various positions. Decisions involve different stakeholders which may contradict with each other based on certain criteria. In the context of GORE, the support for identifying and managing the criteria for requirements selection process is required. The criteria are based on stakeholders needs and preferences and therefore stakeholders opinions need to be involved in selection process. It helps to identify the importance of requirement according to stakeholders understandings and needs. It also helps in the understanding of interaction between system and stakeholders (stakeholders involvement in making important decisions) and by documenting the stakeholder preferences early in GORE, helps to identify inconsistencies early in the requirements engineering. Software quality requirements are essential part for the success of software development. Defined and guaranteed quality in software development requires identifying, refining, and predicting quality properties by appropriate means. Goal models and quality models are useful for modelling of functional goals as well as for quality goals. This thesis presents the integration of goal models with quality models, which helps to involve stakeholders opinions and the representation of dependencies among goals and quality models. The integration of goal models and quality models helps in the derivation of customized quality models. The integrated goal-quality model representing the functional requirements and quality requirements is used to rank each functional requirement arising from functional goals and quality requirement arising from quality goals. Triangular Fuzzy Numbers (TFN) are used to represent stakeholder opinions for prioritizing requirements. By defuzzification process on TFN, stakeholders opinions are quantified. TFN and defuzzification process is also used to prioritize the identified relationships among functional and non-functional requirements. In the last step development constraints are used to re-prioritize the requirements. After final prioritization, a selection algorithm helps to select the requirements based on benefit over cost ratio. The algorithm makes sure that maximum number of requirements are selected while fulfilling the upper cost limit. Thus the whole process helps in the selection of requirements based on stakeholders opinions, goal-quality models interaction and development constraints. The thesis also presents an integrative model of influence factors to tailor product line development processes according to different project needs, organizational goals, individual goals of the developers or constraints of the environment. Tailoring is realized with prioritized attributes, with which the resulting elements of the product, process and project analysed are ranked. An integrative model for the description of stakeholder needs and goals in relation to the development process artefacts and the development environment specifics is needed, to be able to analyse potential influences of changing goals early in the project development. The proposed tailoring meta-model includes goal models, SPEM models and requirements to development processes. With this model stakeholder specific goals can be used to support binding a variable part of the development process. This support addresses soft factors as well as concrete requirements.Requirements Engineering ist der erste Schritt im Softwareentwicklungsprozess. Er dient zur Aufnahme organisationsabhängiger Ziele und Anforderungen. Unangemessene, inkonsistente, unvollständige oder mehrdeutige Anforderungen können die Qualität von Softwaresystem stark negativ beeinflussen. Goal Oriented Requirements Engineering (GORE) beginnt mit der Entwicklung von übergeordneter Zielen, welche in weiteren Entwicklungsstufen verfeinert werden, bis sie einer verantwortlichen Person zugewiesen werden können. Während einer GORE Analyse werden an verschiedenen Stellen Entscheidungen über Alternativen getroffen. Diese Entscheidungen betreffen unterschiedliche Akteure, die sich in ihren Ansichten widersprechen können. Im Rahmen von GORE wird die Unterstützung zur Identifizierung und Verwaltung von Kriterien zur Auswahl von Anforderungen benötigt. Diese Kriterien basieren auf den Vorstellungen und Vorlieben von Stakeholdern, daher ist eine Integration aller Stakeholder in den Auswahlprozess erforderlich. Dies soll dabei helfen, die Bedeutung bestimmter Anforderungen auf Basis der betroffenen Personen zu identifizieren und aufzuarbeiten. Darüber hinaus hilft GORE bei der Kommunikation zwischen System und Akteuren durch ihren Einbezug in wichtige Entscheidungen. Durch frühzeitige Dokumentation des tatsächlichen Stakholderbedarfs können Inkonsistenzen im Requirements Engineering frühzeitig ermittelt werden. Die Bestimmung von Software Qualitätsmerkmalen ist wesentlicher Erfolgsfaktor in der Software Entwicklung. Zur Gewährleistung einer qualitativen Softwareentwicklung und eines entsprechenden Produktes sind die Identifizierung, die Verfeinerung und die Vorhersage von Qualitätseigenschaften jederzeit durch geeignete Maßnahmen erforderlich. Goal Models und Quality Models sind wertvolle Werkzeuge zur Ermittlung und Modellierung funktionaler und nicht-funktionaler Anforderungen und Ziele. Diese Arbeit enthält einen Lösungsansatz zur Integration von Goal Models und Quality Models, der dazu beitragen soll, Stakeholder und Abhängigkeiten zwischen Goal und Quality Models einzubeziehen und sichtbar zu machen. Die Integration von Goal Models und Quality Models soll zur Ableitung spezifischer Quality Models beitragen. Somit kann das integrierte Goal-Quality Model, welches die funktionalen Anforderungen und die Qualitätsanforderungen vereint, zur Priorisierung aller funktionalen Anforderung, die sich aus den funktionalen Zielen ergeben, und aller Qualitätsanforderungen, die aus Qualitätszielen resultieren, dienen. Zur Priorisierung der Anforderung auf Basis der Stakeholderbedarfe werden Triangular Fuzzy Numbers (TFN) verwendet. Nach der endgültigen Priorisierung dient ein spezieller Algorithmus zur Einschätzung und Auswahl der Anforderungen auf Basis einer Kosten-Nutzen-Analyse. Dieser Algorithmus stellt sicher, dass unter Einhaltung einer von der Organisation gewählten Kostenobergrenze die maximale Anzahl der Anforderungen umgesetzt werden kann. Der gesamte Prozess dient demnach zur Anforderungsanalyse unter Berücksichtigung verschiedener Interessengruppen, Abhängigkeiten, sowie durch den Einbezug von Grenzen, die sich beim Zusammenspiel von Goal-Quality Models und der Softwareentwicklung ergeben können. Darüber hinaus enthält die Arbeit ein integratives Modell, um Entwicklungsprozesse während der Erstellung von Produktlinien an Einflussfaktoren, wie Projektbedürfnisse, Organisationsziele, individuelle Ziele von Entwicklern oder an Umweltbedingungen anzupassen. Dieses sogenannte Tailoring wird durch Priorisierung von Attributen erreicht, welche verschiedene Elemente des zu erzeugende Produktes, des Prozesses oder des Projektes analysieren und nach Bedeutung sortieren. Ein integratives Modell zur Beschreibung von Stakeholderbedürfnissen und -zielen in Bezug auf die Artefakte des Entwicklungsprozesses und die Besonderheiten einer Entwicklungsumgebung wird benötigt, um potenzielle Einflüsse sich verändernder Ziele frühzeitig während der Projektentwicklung zu analysieren. Das hier vorgestellte Tailoring-Meta-Model beinhaltet Goal-Models, SPEM Models und Requirements hinsichtlich Entwicklungsprozesse. Mithilfe dieses Modells können stakeholderspezifische Ziele dazu verwendet werden, um einen variablen Teil eines Entwicklungsprozesses projektbezogen zu gestalten. Auf diese Weise können weiche Faktoren genauso integriert werden, wie konkrete Anforderungen

Visual language representation for use case evolution and traceability

The primary goal of this research is to assist non-technical stakeholders involved in requirements engineering with a comprehensible method for managing changing requirements within a specific domain. An important part of managing evolving requirements over time is to maintain a temporal ordering of the changes and to support traceability of the modifications. This research defines a semi-formal syntactical and semantic definition of such a method using a visual language, RE/TRAC (Requirements Evolution with Traceability), and a supporting formal semantic notation RE/TRAC-SEM. RE/TRAC-SEM is an ontological specification employing a combination of models, including verbal definitions, set theory and a string language specification RE/TRAC-CF. The language RE/TRAC-CF enables the separation of the syntactical description of the visual language from the semantic meaning of the model, permitting varying target representations and taking advantage of existing efficient parsing algorithms for context-free grammars. As an application of the RE/TRAC representation, this research depicts the hierarchical step-wise refinement of UML use case diagrams to demonstrate evolving system requirements. In the current arena of software development, where systems are described using platform independent models (PIMs) which emphasize the front-end design process, requirements and design documents, including the use cases, have become the primary artifacts of the system. Therefore the management of requirements’ evolution has become even more critical in the creation and maintenance of systems

Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec

Building secure systems is difficult for many reasons. This paper deals with two of the main challenges: (i) the lack of security expertise in development teams, and (ii) the inadequacy of existing methodologies to support developers who are not security experts. The security standard ISO 14508 (Common Criteria) together with secure design techniques such as UMLsec can provide the security expertise, knowledge, and guidelines that are needed. However, security expertise and guidelines are not stated explicitly in the Common Criteria. They are rather phrased in security domain terminology and difficult to understand for developers. This means that some general security and secure design expertise are required to fully take advantage of the Common Criteria and UMLsec. In addition, there is the problem of tracing security requirements and objectives into solution design,which is needed for proof of requirements fulfilment. This paper describes a security requirements engineering methodology called SecReq. SecReq combines three techniques: the Common Criteria, the heuristic requirements editorHeRA, andUMLsec. SecReqmakes systematic use of the security engineering knowledge contained in the Common Criteria and UMLsec, as well as security-related heuristics in the HeRA tool. The integrated SecReq method supports early detection of security-related issues (HeRA), their systematic refinement guided by the Common Criteria, and the ability to trace security requirements into UML design models. A feedback loop helps reusing experiencewithin SecReq and turns the approach into an iterative process for the secure system life-cycle, also in the presence of system evolution