Bi-Directional Safety Analysis for Product-Line, Multi-Agent Systems

Abstract. Safety-critical systems composed of highly similar, semi-autonomous agents are being developed in several application domains. An example of such multi-agent systems is a fleet, or “constellation ” of satellites. In constellations of satellites, each satellite is commonly treated as a distinct autonomous agent that must cooperate to achieve higher-level constellation goals. In previous work, we have shown that modeling a constellation of satellites or spacecraft as a product line of agents (where the agents have many shared commonalities and a few key differences) enables reuse of software analysis and design assets. We have also previously developed efficient safety analysis techniques for product lines. We now propose the use of Bi-Directional Safety Analysis (BDSA) to aid in system certification. We extend BDSA to product lines of multi-agent systems and show how the analysis artifacts thus produced contribute to the software’s safety case for certification purposes. The product-line approach lets us reuse portions of the safety analysis for multiple agents, significantly reducing the burden of certification. We motivate and illustrate this work through a specific application, a product-line, multi-agent satellite constellation

A Privacy Policy Comparison of Health and Fitness Related Mobile Applications

AbstractMany mobile device end users believe that privacy is important when dealing with personal health-related information, but the challenge is to develop privacy policies in a meaningful way so that mobile software application developers can adequately meet the requirements of their intended end users. Comprehensive privacy policies, which meet self-regulatory guidelines of increasing transparency on data collection, are often written in a way that average mobile users cannot understand or completely ignore. This paper provides the results of a privacy policy comparison including application permissions requested and several readability metrics used to assess the current state of privacy policies in the health and fitness mobile application market. Our analysis indicates that developers may not be considering their end-users’ reading comprehension levels and specific application permissions are not adequately addressed when developers are creating their privacy policies

A Grounded Theoretical and Linguistic Analysis Approach for Non-Functional Requirements Analysis

An important aspect of the requirements engineering process is the specification of traceable, unambiguous and operationalizable non-functional requirements. This remains a non-trivial task due to the lack of well-documented, systematic procedures that facilitate a structured analysis of the qualitative data that is typically the input to this activity. This research investigates the development of a procedural approach that can potentially fill this gap by incorporating procedural perspectives from Grounded Theory Method, Linguistic Analysis and the Non-Functional Requirement Framework, without significantly deviating from existing practice. This paper describes a preliminary version of this procedural approach along with empirical illustrations using data from a redesign initiative of a library website of a public university in the United States. The paper concludes with a preliminary assessment of the approach and a discussion of the contributions of the research the research

Caveats in Eliciting Mobile App Requirements

Factors such as app stores or platform choices heavily affect functional and non-functional mobile app requirements. We surveyed 45 companies and interviewed ten experts to explore how factors that impact mobile app requirements are understood by requirements engineers in the mobile app industry. We observed a lack of knowledge in several areas. For instance, we observed that all practitioners were aware of data privacy concerns, however, they did not know that certain third-party libraries, usage aggregators, or advertising libraries also occasionally leak sensitive user data. Similarly, certain functional requirements may not be implementable in the absence of a third-party library that is either banned from an app store for policy violations or lacks features, for instance, missing desired features in ARKit library for iOS made practitioners turn to Android. We conclude that requirements engineers should have adequate technical experience with mobile app development as well as sufficient knowledge in areas such as privacy, security and law, in order to make informed decisions during requirements elicitation.Comment: The 24th International Conference on Evaluation and Assessment in Software Engineering (EASE 2020

PLFaultCat: A Product-Line Software Fault Tree Analysis Tool

Abstract. Industry currently employs a product line approach to software development and deployment as a means to enhance quality while reducing development cost and time. This effort has created a climate where safety-critical software product lines are being developed without the full range of accompanying safety analysis tools available to software engineers. Software Fault Tree Analysis (SFTA) is a technique that has been used successfully to investigate contributing causes to potential hazards in safety-critical applications. This paper further extends the adaptation of SFTA to product lines of systems by describing a software safety analysis tool called PLFaultCAT. PLFaultCAT is an interactive, partially-automated support tool to aid software engineers in the application of product-line software SFTA. The paper describes the integration of product-line SFTA and PLFaultCAT with the software development life cycle. The description includes the initial construction of the product-line SFTA as well as the automated derivation of software fault trees for product line members. The technique and tool are illustrated with a small case study throughout the paper

Architecting Secure Software Systems Using an Aspect-Oriented Approach: A Survey of Current Research

dehlinge @ iastate.edu The importance of security in the development of complex software systems has increasingly become more critical as software becomes increasingly more pervasive in our everyday lives. Aspect-orientation has been proposed as a means to handle the crosscutting nature of security requirements when developing, designing and implementing security-critical applications. This paper surveys some of the approaches and contributions of integrating an aspect-oriented approach into designing and implementing secure software systems

Architecting Secure Software Systems Using an Aspect-Oriented Approach: : A Survey of Current Research

The importance of security in the development of complex software systems has increasingly become more critical as software becomes increasingly more pervasive in our everyday lives. Aspect-orientation has been proposed as a means to handle the crosscutting nature of security requirements when developing, designing and implementing security-critical applications. This paper surveys some of the approaches and contributions of integrating an aspect-oriented approach into designing and implementing secure software systems.</p