Situation-oriented requirements engineering

The establishment of smart environments, Internet of Things (IoT) and socio-technical systems has introduced many challenges to the software development process. One such main challenge is software requirements gathering which needs to address issues in a broader spectrum than traditional standalone software development. Consideration of bigger picture that includes software, its domain, the components of the domains and especially the interactions between the software and the surrounding domain components, including both human and other systems entities, is essential to gathering reliable requirements. However, most of the traditional Requirements Engineering approaches lack such comprehensive overlook of the overall view. The main objective of this work is to introduce a human-centered approach to Requirements Engineering in order to push the boundaries of traditional concepts to be more suitable for use in the development of modern socio-technical systems in smart environments. A major challenge of introducing a human-centered approach is to effectively identify the related human factors; especially, since each individual has unique desires, goals, behaviors. Our proposed solution is to use the observational data sets generated by smart environments as a resource to extract individual\u27s unique personalities and behaviors related to the software design. The concept of situations defined in our earlier study is used to represent the human and domain related aspects including human desires, goals, beliefs, interactions with the system and the constrained environment. In the first stage of this work, a computational model called situation-transition structure is developed to understand the discrete factors and behavior patterns of individuals through the observational data. During the second stage, the information mined from the situation transition structure is applied to propose new human-centered approaches to support main Requirements Engineering concepts: requirements elicitation, risk management, and prioritization. The pertinence of the proposed work is illustrated through some case studies. The conclusion asserts some of the future research direction

Situation-oriented requirements engineering

The establishment of smart environments, Internet of Things (IoT) and socio-technical systems has introduced many challenges to the software development process. One such main challenge is software requirements gathering which needs to address issues in a broader spectrum than traditional standalone software development. Consideration of bigger picture that includes software, its domain, the components of the domains and especially the interactions between the software and the surrounding domain components, including both human and other systems entities, is essential to gathering reliable requirements. However, most of the traditional Requirements Engineering approaches lack such comprehensive overlook of the overall view. The main objective of this work is to introduce a human-centered approach to Requirements Engineering in order to push the boundaries of traditional concepts to be more suitable for use in the development of modern socio-technical systems in smart environments. A major challenge of introducing a human-centered approach is to effectively identify the related human factors; especially, since each individual has unique desires, goals, behaviors. Our proposed solution is to use the observational data sets generated by smart environments as a resource to extract individual's unique personalities and behaviors related to the software design. The concept of situations defined in our earlier study is used to represent the human and domain related aspects including human desires, goals, beliefs, interactions with the system and the constrained environment. In the first stage of this work, a computational model called situation-transition structure is developed to understand the discrete factors and behavior patterns of individuals through the observational data. During the second stage, the information mined from the situation transition structure is applied to propose new human-centered approaches to support main Requirements Engineering concepts: requirements elicitation, risk management, and prioritization. The pertinence of the proposed work is illustrated through some case studies. The conclusion asserts some of the future research direction.</p

Situation-Oriented Software Requirements Specification and Model Generation

In this paper, we present a semi-automated software requirements specification (SRS) and model generation methodology in order to formally represent the requirements elicited in human-centered fashion presented in our earlier study. The term situation is defined as a 3-tuple where d denotes human desire, A denotes the action vector, and E denotes the environment context vector. The probabilistic, timed situationtransition structure was derived using the observational data and was proposed to use as a source of new human-centered requirements elicitation. We illustrate the proposed methodology through some test cases with open access data sets and a comparison between existing SRS and the proposed SRS is given.</p

Situation-Transition Structure and Its Applications in Software System Development

Observing, analyzing and understanding human factors is becoming a major concern in software development process in order to gain higher customer satisfaction. In this paper, we present a semi-automated methodology to generate the situation-transition structure which can be used to analyze the human behavior patterns in a specific domain. The term situation is defined as a 3-tuple where d denotes human desire (mental state), A denotes the human actions vector, and E denotes the surrounding environment context vector. The situation-transition structure is a directed weighted graph where each node represents a unique situation or set of concurrent situations and an edge represents the transition from one situation to another. Data mining and machine learning techniques are used to generate situation-transition structure from raw observational data. We illustrate the proposed methodology through some case studies with open access datasets. The applications and advantages of situation-transition structure in software development are then asserted.</p

Towards a Security Stress-Test for Cloud Configurations

Securing cloud configurations is an elusive task, which is left up to system administrators who have to base their decisions on "trial and error"experimentations or by observing good practices (e.g., CIS Benchmarks). We propose a knowledge, AND/OR, graphs approach to model cloud deployment security objects and vulnerabilities. In this way, we can capture relationships between configurations, permissions (e.g., CAP_SYS_ADMIN), and security profiles (e.g., AppArmor and SecComp). Such an approach allows us to suggest alternative and safer configurations, support administrators in the study of what-if scenarios, and scale the analysis to large scale deployments. We present an initial validation and illustrate the approach with three real vulnerabilities from known sources

Towards a Security Stress-Test for Cloud Configurations

Securing cloud configurations is an elusive task, which is left up to system administrators who have to base their decisions on "trial and error"experimentations or by observing good practices (e.g., CIS Benchmarks). We propose a knowledge, AND/OR, graphs approach to model cloud deployment security objects and vulnerabilities. In this way, we can capture relationships between configurations, permissions (e.g., CAP_SYS_ADMIN), and security profiles (e.g., AppArmor and SecComp). Such an approach allows us to suggest alternative and safer configurations, support administrators in the study of what-if scenarios, and scale the analysis to large scale deployments. We present an initial validation and illustrate the approach with three real vulnerabilities from known sources