The Specification of Requirements in the MADAE-Pro Software Process

MADAE-Pro is an ontology-driven process for multi-agent domain and application engineering which promotes the construction and reuse of agent-oriented applications families. This article introduces MADAE-Pro, emphasizing the description of its domain analysis and application requirements engineering phases and showing how software artifacts produced from the first are reused in the last one. Illustrating examples are extracted from two case studies we have conducted to evaluate MADAE-Pro. The first case study assesses the Multi-Agent Domain Engineering sub-process of MADAE-Pro through the development of a multi-agent system family of recommender systems supporting alternative (collaborative, content-based and hybrid) filtering techniques. The second one, evaluates the Multi-Agent Application Engineering sub-process of MADAE-Pro through the construction of InfoTrib, a Tax Law recommender system which provides recommendations based on new tax law information items using a content-based filtering technique. ONTOSERS and InfoTrib were modeled using ONTORMAS, a knowledge-based tool for supporting and automating the tasks of MADAEPro

Design and Analysis of a Multi-Agent E-Learning System Using Prometheus Design Tool

Agent unified modeling languages (AUML) are agent-oriented approaches that supports the specification, design, visualization and documentation of an agent-based system. This paper presents the use of Prometheus AUML approach for the modeling of a Pre-assessment System of five interactive agents. The Pre-assessment System, as previously reported, is a multi-agent based e-learning system that is developed to support the assessment of prior learning skills in students so as to classify their skills and make recommendation for their learning. This paper discusses the detailed design approach of the system in a step-by-step manner; and domain knowledge abstraction and organization in the system. In addition, the analysis of the data collated and models of prediction for future pre-assessment results are also presented.Comment: 17 figures, 3 table

Reusing enterprise models to build platform independent computer models

Enterprises use enterprise models to represent and analyse their processes, products, decisions, organisation, information flows, etc. Nevertheless, the enterprise knowledge that exists in enterprise models is not used beyond these purposes. The main goal of this paper is to present a framework that allows enterprises to reuse enterprise models to build software. The framework includes these dimensions: (1) a methodology that guides the use of the other dimensions in the reutilisation of enterprise models in software generation; (2) a set of metamodels to represent enterprises at the Computation Independent Model (CIM) level; (3) a modelling guide to make enterprise models using the metamodels proposed in this paper; (4) an extraction algorithm to discriminate the part of the CIM model to reuse; and (5) a set of transformation rules to reuse enterprise models to build Platform Independent Models. In addition, a case example is shown to validate the work that was carried out and to identify limitations

Ontological analysis of means-end links

The i* community has raised several main dialects and dozens of variations in the definition of the i* language. Differences may be found related not just to the representation of new concepts but to the very core of the i* language. In previous work we have tackled this issue mainly from a syntactic point of view, using metamodels and syntactic-based model interoperability frameworks. In this paper, we go one step beyond and consider the use of foundational ontologies in general, and UFO in particular, as a way to clarify the meaning of core i* constructs and as the basis to propose a normative definition. We focus here on one of the most characteristics i* constructs, namely means-end links.Postprint (published version

A service-oriented approach for the i* framework

Nuevas áreas de aplicación como comercio electrónico, aplicaciones para provisión de servicios y computación P2P (peer-to-peer) requieren de sistemas de software complejos que puedan soportar procesos de negocio en línea . Actualmente, los ingenieros de software han descubierto la efectividad de usar técnicas de modelado organizacional para guiar el proceso de producción de este tipo de sistemas complejos. En este contexto, el framework i* es una de las técnicas de modelado organizacional mejor fundamentadas hoy en día. i* se enfoca en dos aspectos principales: a) la representación de las relaciones sociales e intencionales que existen entre la red de actores de un negocio. b) la representación del comportamiento interno requerido para satisfacer las dependencias entre actores. El framework i* permite describir una organización como una red de actores que tienen libertad de acción, pero que dependen de otros actores para lograr sus metas y objetivos. Sin embargo, a pesar de las bien conocidas ventajas de i*, existen ciertos problemas que necesitan ser resueltos para asegurar su efectividad en ambientes reales de desarrollo. En este sentido, el framework necesita ser evaluado en la práctica con el objetivo de identificar sus fortalezas y debilidades en casos de estudio reales. Uno de los objetivos de esta tesis fue realizar una evaluación empírica que nos permitiera identificar y analizar los problemas prácticos de i*. Se presentan las lecciones aprendidas en términos de fortalezas y de puntos débiles que necesitan ser resueltos. Además, la tesis presenta soluciones a los puntos débiles que fueron detectados en la evaluación empírica. Consideramos que la orientación a servicios es un paradigma muy prometedor para enfrentar la complejidad del modelado de sistemas de tecnologías de información actuales. En este sentido, el principal objetivo de esta tesis fue definir una arquitectura orientada a servicios que nos permitiera resolver los problemas de complejidad de i*.Estrada Esquivel, H. (2008). A service-oriented approach for the i* framework [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/3305Palanci

Maps of Lessons Learnt in Requirements Engineering

Both researchers and practitioners have emphasized the importance of learning from past experiences and its consequential impact on project time, cost, and quality. However, from the survey we conducted of requirements engineering (RE) practitioners, over 70\% of the respondents stated that they seldom use RE lessons in the RE process, though 85\% of these would use such lessons if readily available. Our observation, however, is that RE lessons are scattered, mainly implicitly, in the literature and practice, which obviously, does not help the situation. We, therefore, present ``maps” of RE lessons which would highlight weak (dark) and strong (bright) areas of RE (and hence RE theories). Such maps would thus be: (a) a driver for research to ``light up” the darker areas of RE and (b) a guide for practice to benefit from the brighter areas. To achieve this goal, we populated the maps with over 200 RE lessons elicited from literature and practice using a systematic literature review and survey. The results show that approximately 80\% of the elicited lessons are implicit and that approximately 70\% of the lessons deal with the elicitation, analysis, and specification RE phases only. The RE Lesson Maps, elicited lessons, and the results from populating the maps provide novel scientific groundings for lessons learnt in RE as this topic has not yet been systematically studied in the field

Modeling of Security Measurement (Metrics) in an Information System

Security metrics and measurement is a sub-field of broader information security field. This field is not new but it got very least and sporadic attention as a result of which it is still in its early stages. The measurement and evaluation of security now became a long standing challenge to the research community. Much of the focus remained towards devising and the application of new and updated protection mechanisms. Measurements in general act as a driving force in decision making. As stated by Lord Kelvin “if you cannot measure it then you cannot improve it”. This principle is also applicable to security measurement of information systems. Even if the necessary and required protection mechanisms are in place still the level of security remains unknown, which limits the decision making capabilities to improve the security of a system. With the increasing reliance on these information systems in general and software systems in particular security measurement has become the most pressing requirement in order to promote and develop the security critical systems in the current networked environment. The resultant indicators of security measurement preferably the quantative indicators act as a basis for the decision making to enhance the security of overall system. The information systems are comprised of various components such as people, hardware, data, network and software. With the fast growing reliance on the software systems, the research reported in this thesis aims to provide a framework using mathematical modeling techniques for evaluation of security of the software systems at the architectural and design phase of the system lifecycle and the derived security metrics on a controlled scale from the proposed framework. The proposed security evaluation framework is independent of the programing language and the platform used in developing the system and also is applicable from small desktop application to large complex distributed software. The validation process of security metrics is the most challenging part of the security metrics field. In this thesis we have conducted the exploratory empirical evaluation on a running system to validate the derived security metrics and the measurement results. To make the task easy we have transformed the proposed security evaluation into algorithmic form which increased the applicability of the proposed framework without requiring any expert security knowledge. The motivation of the research is to provide the software development team with a tool to evaluate the level of security of each of the element of the system and the overall system at the early development stages of the system life cycle. In this regard three question “What is to be measured?”, “where (in the system life cycle) to measure?” and “how to measure?” have been answered in the thesis. Since the field of security metrics and measurements is still in the its early stages, the first part of the thesis investigates and analyzes the basic terminologies , taxonomies and major efforts made towards security metrics based on the literature survey. Answering the second question “Where (in the system life cycle) to measure security”, the second part of the thesis analyzes the secure software development processes (SSDPs) followed and identifies the key stages of the system’s life cycle where the evaluation of security is necessary. Answering the question 1 and 2, “What is to be measured “and “How to measure”, third part of the thesis presents a security evaluation framework aimed at the software architecture and design phase using mathematical modeling techniques. In the proposed framework, the component based architecture and design (CBAD) using UML 2.0 component modeling techniques has been adopted. Further in part 3 of the thesis present the empirical evaluation of the proposed framework to validate and analyze the applicability and feasibility of the proposed security metrics. Our effort is to get the focus of the software development community to focus on the security evaluation in the software development process in order to take the early decisions regarding the security of the overall system

Security-Driven Software Evolution Using A Model Driven Approach

High security level must be guaranteed in applications in order to mitigate risks during the deployment of information systems in open network environments. However, a significant number of legacy systems remain in use which poses security risks to the enterprise’ assets due to the poor technologies used and lack of security concerns when they were in design. Software reengineering is a way out to improve their security levels in a systematic way. Model driven is an approach in which model as defined by its type directs the execution of the process. The aim of this research is to explore how model driven approach can facilitate the software reengineering driven by security demand. The research in this thesis involves the following three phases. Firstly, legacy system understanding is performed using reverse engineering techniques. Task of this phase is to reverse engineer legacy system into UML models, partition the legacy system into subsystems with the help of model slicing technique and detect existing security mechanisms to determine whether or not the provided security in the legacy system satisfies the user’s security objectives. Secondly, security requirements are elicited using risk analysis method. It is the process of analysing key aspects of the legacy systems in terms of security. A new risk assessment method, taking consideration of asset, threat and vulnerability, is proposed and used to elicit the security requirements which will generate the detailed security requirements in the specific format to direct the subsequent security enhancement. Finally, security enhancement for the system is performed using the proposed ontology based security pattern approach. It is the stage that security patterns derived from security expertise and fulfilling the elicited security requirements are selected and integrated in the legacy system models with the help of the proposed security ontology. The proposed approach is evaluated by the selected case study. Based on the analysis, conclusions are drawn and future research is discussed at the end of this thesis. The results show this thesis contributes an effective, reusable and suitable evolution approach for software security