33 research outputs found
The Specification of Requirements in the MADAE-Pro Software Process
MADAE-Pro is an ontology-driven process for multi-agent domain and application engineering which promotes the construction and reuse of agent-oriented applications families. This article introduces MADAE-Pro, emphasizing the description of its domain analysis and application requirements engineering phases and showing how software artifacts produced from the first are reused in the last one. Illustrating examples are extracted from two case studies we have conducted to evaluate MADAE-Pro. The first case study assesses the Multi-Agent Domain Engineering sub-process of MADAE-Pro through the development of a multi-agent system family of recommender systems supporting alternative (collaborative, content-based and hybrid) filtering techniques. The second one, evaluates the Multi-Agent Application Engineering sub-process of MADAE-Pro through the construction of InfoTrib, a Tax Law recommender system which provides recommendations based on new tax law information items using a content-based filtering technique. ONTOSERS and InfoTrib were modeled using ONTORMAS, a knowledge-based tool for supporting and automating the tasks of MADAEPro
Design and Analysis of a Multi-Agent E-Learning System Using Prometheus Design Tool
Agent unified modeling languages (AUML) are agent-oriented approaches that
supports the specification, design, visualization and documentation of an
agent-based system. This paper presents the use of Prometheus AUML approach for
the modeling of a Pre-assessment System of five interactive agents. The
Pre-assessment System, as previously reported, is a multi-agent based
e-learning system that is developed to support the assessment of prior learning
skills in students so as to classify their skills and make recommendation for
their learning. This paper discusses the detailed design approach of the system
in a step-by-step manner; and domain knowledge abstraction and organization in
the system. In addition, the analysis of the data collated and models of
prediction for future pre-assessment results are also presented.Comment: 17 figures, 3 table
Reusing enterprise models to build platform independent computer models
Enterprises use enterprise models to represent and analyse their processes, products, decisions, organisation, information flows, etc. Nevertheless, the enterprise knowledge that exists in enterprise models is not used beyond these purposes. The main goal of this paper is to present a framework that allows enterprises to reuse enterprise models to build software. The framework includes these dimensions: (1) a methodology that guides the use of the other dimensions in the reutilisation of enterprise models in software generation; (2) a set of metamodels to represent enterprises at the Computation Independent Model (CIM) level; (3) a modelling guide to make enterprise models using the metamodels proposed in this paper; (4) an extraction algorithm to discriminate the part of the CIM model to reuse; and (5) a set of transformation rules to reuse enterprise models to build Platform Independent Models. In addition, a case example is shown to validate the work that was carried out and to identify limitations
Ontological analysis of means-end links
The i* community has raised several main dialects and dozens of variations in the definition of the i* language. Differences may be found related not just to the representation of new concepts but to the very core of the i* language. In previous work we have tackled this issue mainly from a syntactic point of view, using metamodels and syntactic-based model interoperability frameworks. In this paper, we go one step beyond and consider the use of foundational ontologies in general, and UFO in particular, as a way to clarify the meaning of core i* constructs and as the basis to propose a normative definition. We focus here on one of the most characteristics i* constructs, namely means-end links.Postprint (published version
A service-oriented approach for the i* framework
Nuevas áreas de aplicación como comercio electrónico, aplicaciones para provisión de
servicios y computación P2P (peer-to-peer) requieren de sistemas de software complejos
que puedan soportar procesos de negocio en línea . Actualmente, los ingenieros de
software han descubierto la efectividad de usar técnicas de modelado organizacional para
guiar el proceso de producción de este tipo de sistemas complejos.
En este contexto, el framework i* es una de las técnicas de modelado organizacional mejor
fundamentadas hoy en día. i* se enfoca en dos aspectos principales: a) la representación de
las relaciones sociales e intencionales que existen entre la red de actores de un negocio. b)
la representación del comportamiento interno requerido para satisfacer las dependencias
entre actores. El framework i* permite describir una organización como una red de actores
que tienen libertad de acción, pero que dependen de otros actores para lograr sus metas y
objetivos.
Sin embargo, a pesar de las bien conocidas ventajas de i*, existen ciertos problemas que
necesitan ser resueltos para asegurar su efectividad en ambientes reales de desarrollo. En
este sentido, el framework necesita ser evaluado en la práctica con el objetivo de identificar
sus fortalezas y debilidades en casos de estudio reales.
Uno de los objetivos de esta tesis fue realizar una evaluación empírica que nos permitiera
identificar y analizar los problemas prácticos de i*. Se presentan las lecciones aprendidas
en términos de fortalezas y de puntos débiles que necesitan ser resueltos. Además, la tesis
presenta soluciones a los puntos débiles que fueron detectados en la evaluación empírica.
Consideramos que la orientación a servicios es un paradigma muy prometedor para
enfrentar la complejidad del modelado de sistemas de tecnologías de información actuales.
En este sentido, el principal objetivo de esta tesis fue definir una arquitectura orientada a
servicios que nos permitiera resolver los problemas de complejidad de i*.Estrada Esquivel, H. (2008). A service-oriented approach for the i* framework [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/3305Palanci
Maps of Lessons Learnt in Requirements Engineering
Both researchers and practitioners have emphasized the importance of learning from past experiences and its consequential impact on project time, cost, and quality. However, from the survey we conducted of requirements engineering (RE) practitioners, over 70\% of the respondents stated that they seldom use RE lessons in the RE process, though 85\% of these would use such lessons if readily available. Our observation, however, is that RE lessons are scattered, mainly implicitly, in the literature and practice, which obviously, does not help the situation. We, therefore, present ``maps” of RE lessons which would highlight weak (dark) and strong (bright) areas of RE (and hence RE theories). Such maps would thus be: (a) a driver for research to ``light up” the darker areas of RE and (b) a guide for practice to benefit from the brighter areas. To achieve this goal, we populated the maps with over 200 RE lessons elicited from literature and practice using a systematic literature review and survey. The results show that approximately 80\% of the elicited lessons are implicit and that approximately 70\% of the lessons deal with the elicitation, analysis, and specification RE phases only. The RE Lesson Maps, elicited lessons, and the results from populating the maps provide novel scientific groundings for lessons learnt in RE as this topic has not yet been systematically studied in the field
Modeling of Security Measurement (Metrics) in an Information System
Security metrics and measurement is a sub-field of broader information security field. This field
is not new but it got very least and sporadic attention as a result of which it is still in its early
stages. The measurement and evaluation of security now became a long standing challenge to the
research community. Much of the focus remained towards devising and the application of new
and updated protection mechanisms. Measurements in general act as a driving force in decision
making. As stated by Lord Kelvin “if you cannot measure it then you cannot improve it”. This
principle is also applicable to security measurement of information systems. Even if the
necessary and required protection mechanisms are in place still the level of security remains
unknown, which limits the decision making capabilities to improve the security of a system.
With the increasing reliance on these information systems in general and software systems in
particular security measurement has become the most pressing requirement in order to promote
and develop the security critical systems in the current networked environment. The resultant
indicators of security measurement preferably the quantative indicators act as a basis for the
decision making to enhance the security of overall system.
The information systems are comprised of various components such as people, hardware, data,
network and software. With the fast growing reliance on the software systems, the research
reported in this thesis aims to provide a framework using mathematical modeling techniques for
evaluation of security of the software systems at the architectural and design phase of the system
lifecycle and the derived security metrics on a controlled scale from the proposed framework.
The proposed security evaluation framework is independent of the programing language and the
platform used in developing the system and also is applicable from small desktop application to
large complex distributed software. The validation process of security metrics is the most
challenging part of the security metrics field. In this thesis we have conducted the exploratory
empirical evaluation on a running system to validate the derived security metrics and the
measurement results. To make the task easy we have transformed the proposed security evaluation into algorithmic form which increased the applicability of the proposed framework
without requiring any expert security knowledge.
The motivation of the research is to provide the software development team with a tool to
evaluate the level of security of each of the element of the system and the overall system at the
early development stages of the system life cycle. In this regard three question “What is to be
measured?”, “where (in the system life cycle) to measure?” and “how to measure?” have been
answered in the thesis.
Since the field of security metrics and measurements is still in the its early stages, the first part of
the thesis investigates and analyzes the basic terminologies , taxonomies and major efforts made
towards security metrics based on the literature survey.
Answering the second question “Where (in the system life cycle) to measure security”, the
second part of the thesis analyzes the secure software development processes (SSDPs) followed
and identifies the key stages of the system’s life cycle where the evaluation of security is
necessary.
Answering the question 1 and 2, “What is to be measured “and “How to measure”, third part of
the thesis presents a security evaluation framework aimed at the software architecture and design
phase using mathematical modeling techniques. In the proposed framework, the component
based architecture and design (CBAD) using UML 2.0 component modeling techniques has been
adopted. Further in part 3 of the thesis present the empirical evaluation of the proposed
framework to validate and analyze the applicability and feasibility of the proposed security
metrics. Our effort is to get the focus of the software development community to focus on the
security evaluation in the software development process in order to take the early decisions
regarding the security of the overall system
Security-Driven Software Evolution Using A Model Driven Approach
High security level must be guaranteed in applications in order to mitigate risks during the deployment of information systems in open network environments. However, a significant number of legacy systems remain in use which poses security risks to the enterprise’ assets due to the poor technologies used and lack of security concerns when they were in design. Software reengineering is a way out to improve their security levels in a systematic way. Model driven is an approach in which model as defined by its type directs the execution of the process. The aim of this research is to explore how model driven approach can facilitate the software reengineering driven by security demand. The research in this thesis involves the following three phases.
Firstly, legacy system understanding is performed using reverse engineering techniques. Task of this phase is to reverse engineer legacy system into UML models, partition the legacy system into subsystems with the help of model slicing technique and detect existing security mechanisms to determine whether or not the provided security in the legacy system satisfies the user’s security objectives.
Secondly, security requirements are elicited using risk analysis method. It is the process of analysing key aspects of the legacy systems in terms of security. A new risk assessment method, taking consideration of asset, threat and vulnerability, is proposed and used to elicit the security requirements which will generate the detailed security requirements in the specific format to direct the subsequent security enhancement.
Finally, security enhancement for the system is performed using the proposed ontology based security pattern approach. It is the stage that security patterns derived from security expertise and fulfilling the elicited security requirements are selected and integrated in the legacy system models with the help of the proposed security ontology.
The proposed approach is evaluated by the selected case study. Based on the analysis, conclusions are drawn and future research is discussed at the end of this thesis. The results show this thesis contributes an effective, reusable and suitable evolution approach for software security