Automating Requirements Traceability: Two Decades of Learning from KDD

This paper summarizes our experience with using Knowledge Discovery in Data (KDD) methodology for automated requirements tracing, and discusses our insights.Comment: The work of the second author has been supported in part by NSF grants CCF-1511117 and CICI 1642134; 4 pages; in Proceedings of IEEE Requirements Engineering 201

Eliciting usable security requirements with misusability cases.

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice-versa. One way of using scenarios to bridge security and usability involves explicitly describing how design decisions can lead to users inadvertently exploiting vulnerabilities to carry out their production tasks. We present Mis-usability Cases: scenarios which describe how design decisions may lead to usability problems subsequently leading to system misuse. We describe the steps carried out to develop and apply misusability cases to elicit requirements and report preliminary results applying this technique in a recent case study

The Role of [email protected] in Autonomic Systems:keynote

Autonomic systems manage their own behaviour in accordance with high-level goals. This paper presents a brief outline of challenges related to Autonomic Computing due to uncertainty in the operational environments, and the role that [email protected] play in meeting them. We argue that the existing progress in Autonomic Computing can be further exploited with the support of runtime models. We briefly discuss our ideas related to the need to understand the extent to which the high-level goals of the autonomic system are being satisfied to support decision-making based on runtime evidence and, the need to support self-explanation

Discovering “unknown known” security requirements

Security is one of the biggest challenges facing organisations in the modern hyper-connected world. A number of theoretical security models are available that provide best practice security guidelines and are widely utilised as a basis to identify and operationalise security requirements. Such models often capture high-level security concepts (e.g., whitelisting, secure configurations, wireless access control, data recovery, etc.), strategies for operationalising such concepts through specific security controls, and relationships between the various concepts and controls. The threat landscape, however, evolves leading to new tacit knowledge that is embedded in or across a variety of security incidents. These unknown knowns alter, or at least demand reconsideration of the theoretical security models underpinning security requirements. In this paper, we present an approach to discover such unknown knowns through multi-incident analysis. The approach is based on a novel combination of grounded theory and incident fault trees. We demonstrate the effectiveness of the approach through its application to identify revisions to a theoretical security model widely used in industry

Exploiting multimedia in creating and analysing multimedia Web archives

The data contained on the web and the social web are inherently multimedia and consist of a mixture of textual, visual and audio modalities. Community memories embodied on the web and social web contain a rich mixture of data from these modalities. In many ways, the web is the greatest resource ever created by human-kind. However, due to the dynamic and distributed nature of the web, its content changes, appears and disappears on a daily basis. Web archiving provides a way of capturing snapshots of (parts of) the web for preservation and future analysis. This paper provides an overview of techniques we have developed within the context of the EU funded ARCOMEM (ARchiving COmmunity MEMories) project to allow multimedia web content to be leveraged during the archival process and for post-archival analysis. Through a set of use cases, we explore several practical applications of multimedia analytics within the realm of web archiving, web archive analysis and multimedia data on the web in general

The notion of specialization in the i*framework

This thesis provides a formal proposal for the specialization relationship in the i* framework that allows its use in a well-defined manner. I root my proposal over existing works in different areas that are interested in representing knowledge: knowledge representation from Artificial Intelligence and conceptual modeling and object-oriented programming languages from Software Development. Also, I use the results of a survey conducted in the i* community that provides some insights about what i* modelers expect from specialization. As a consequence of this twofold analysis, I identify three specialization operations: extension, refinement and redefinition. For each of them, I: - motivate its need and provide some rationale; - distinguish the several cases that can occur in each operation; - define the elements involved in each of these cases and the correctness conditions that must be fulfilled; - demonstrate by induction the fulfilment of the conditions identified for preserving satisfaction; - provide some illustrative examples in the context of an exemplar about travel agencies and travelers. The specialization relationship is offered by the i* framework through the is-a construct defined over actors (a subactor is-a superactor) since it was first released. Although the overall meaning of this construct is highly intuitive, its effects at the level of intentional elements and dependencies are not always clear, hampering seriously its appropriate use. In order to be able to reason about correctness and satisfaction, I define previously the conditions that must be preserved when a specialization takes place. In addition, I provide a methodology with well-defined steps that contextualize the formal aspects of this thesis in a development process. As a conclusion, this thesis is making possible the use of the specialization relationship in i* in a precise, non-ambiguous manner