Security Requirements Specification and Tracing within Topological Functioning Model

Specification and traceability of security requirements is still a challenge since modeling and analysis of security aspects of systems require additional efforts at the very beginning of software development. The topological functioning model is a formal mathematical model that can be used as a reference model for functional and non-functional requirements of the system. It can also serve as a reference model for security requirements. The purpose of this study is to determine the approach to how security requirements can be specified and traced using the topological functioning model. This article demonstrates the suggested approach and explains its potential benefits and limitations

Can Regulatory Bodies Expect Efficient Help from Formal Methods?

In the context of EDEMOI - a French national project that proposed the use of semiformal and formal methods to infer the consistency and robustness of aeronautical regulations through the analysis of faithfully representative models- a methodology had been suggested (and applied) to different (safety and security-related) aeronautical regulations. This paper summarizes the preliminary results of this experience by stating which were the methodology s expected benefits, from a scientific point of view, and which are its useful benefits, from a regulatory body s point of view

New Tasks in Old Jobs: Drivers of Change and Implications for Job Quality

This overview report summarises the findings of 20 case studies looking at recent changes in the task content of five manufacturing occupations (car assemblers, meat processing workers, hand-packers, chemical products plant and machine operators and inspection engineers) as a result of factors such as digital transformations, globalisation and offshoring, increasing demand for high quality standards and sustainability. It also discusses some implications in terms of job quality and working life. The study reveals that the importance of physical tasks in manufacturing is generally declining due to automation; that more intensive use of digitally controlled equipment, together with increasing importance of quality standards, involve instead a growing amount of intellectual tasks for manual industrial workers; and that the amount of routine task content is still high in the four manual occupations studied. Overall, the report highlights how qualitative contextual information can complement existing quantitative data, offering a richer understanding of changes in the content and nature of jobs

Requirements Engineering

Requirements Engineering (RE) aims to ensure that systems meet the needs of their stakeholders including users, sponsors, and customers. Often consid- ered as one of the earliest activities in software engineering, it has developed into a set of activities that touch almost every step of the software development process. In this chapter, we reflect on how the need for RE was first recognised and how its foundational concepts were developed. We present the seminal papers on four main activities of the RE process, namely (i) elicitation, (ii) modelling & analysis, (iii) as- surance, and (iv) management & evolution. We also discuss some current research challenges in the area, including security requirements engineering as well as RE for mobile and ubiquitous computing. Finally, we identify some open challenges and research gaps that require further exploration

ENFORCING COMPLIANCE ON BUSINESS PROCESSES THROUGH THE USE OF PATTERNS

In the past recent years, business process compliance has become an area of significant concern to many organizations. Despite an increasing number of methods and tools, organizations are still facing difficulties in finding effective support to ensure that their business processes comply with the requirements set forth by regulations, laws, standards, etc. While manual solutions offer limited assurance for compliance, there is a lack of a comprehensive framework for semi-automatically managing compliance requirements and ensuring compliance throughout all the phases of business process lifecycle. One of the foundational building blocks of such a framework is a generic conceptual model that supports factoring compliance and its relation to business processes. This paper introduces a compliance conceptual model to capture and manage compliance requirements and to relate them to business processes in a transparent and verifiable manner. The model also incorporates a set of patterns to facilitate the specification of formal compliance rules to be used for automated compliance verification and monitoring. We have developed a set of integrated tools that supports our framework and partially validated the framework in two case studies involving industry companies

Challenges and Practices in Aligning Requirements with Verification and Validation: A Case Study of Six Companies

Weak alignment of requirements engineering (RE) with verification and validation (VV) may lead to problems in delivering the required products in time with the right quality. For example, weak communication of requirements changes to testers may result in lack of verification of new requirements and incorrect verification of old invalid requirements, leading to software quality problems, wasted effort and delays. However, despite the serious implications of weak alignment research and practice both tend to focus on one or the other of RE or VV rather than on the alignment of the two. We have performed a multi-unit case study to gain insight into issues around aligning RE and VV by interviewing 30 practitioners from 6 software developing companies, involving 10 researchers in a flexible research process for case studies. The results describe current industry challenges and practices in aligning RE with VV, ranging from quality of the individual RE and VV activities, through tracing and tools, to change control and sharing a common understanding at strategy, goal and design level. The study identified that human aspects are central, i.e. cooperation and communication, and that requirements engineering practices are a critical basis for alignment. Further, the size of an organisation and its motivation for applying alignment practices, e.g. external enforcement of traceability, are variation factors that play a key role in achieving alignment. Our results provide a strategic roadmap for practitioners improvement work to address alignment challenges. Furthermore, the study provides a foundation for continued research to improve the alignment of RE with VV

Use of IBM Collaborative Lifecycle Management Solution to Demonstrate Traceability for Small, Real-World Software Development Project

The Standish Group Study of 1994 showed that 53 percent of software projects failed outright and another 31 percent were challenged by extreme budget and/or time overrun. Since then different responses to the high rate of software project failures have been proposed. SEI’s CMMI, the ISO’s 9001:2000 for software development, and the IEEE’s JSTD-016 are some examples of such responses. Traceability is the one common feature that these software development standards impose. Over the last decade, software and system engineering communities have been researching subjects such as developing more sophisticated tooling, applying information retrieval techniques capable of semi-automating the trace creation and maintenance process, developing new trace query languages and visualization techniques that use trace links, applying traceability in specific domains such as Model Driven Development, product line systems and agile project environment. These efforts have not been in vain. The 2012 CHAOS results show an increase in project success rate of 39% (delivered on time, on budget, with required features and functions), and a decrease of 18% in the number of failures (cancelled prior to completion or delivered and never used). Since research has shown traceability can improve a project’s success rate, the main purpose of this thesis is to demonstrate traceability for a small, real-world software development project using IBM Collaborative Lifecycle Management. The objective of this research was fulfilled since the case study of traceability was described in detail as applied to the design and development of the Value Adjustment Board Project (VAB) of City of Jacksonville using the scrum development approach within the IBM Rational Collaborative Lifecycle Management Solution. The results may benefit researchers and practitioners who are looking for evidence to use the IBM CLM solution to trace artifacts in a small project

Natural Language Requirements Processing: A 4D Vision

The future evolution of the application of natural language processing technologies in requirements engineering can be viewed from four dimensions: discipline, dynamism, domain knowledge, and datasets