Web Services as Product Experience Augmenters and the Implications for Requirements Engineering: A Position Paper

There is currently little insight into what requirement engineering for web services is and in which context it will be carried out. In this position paper, we investigate requirements engineering for a special kind of web services, namely web services that are used to augment the perceived value of a primary service or product that is itself not a web service. We relate requirements engineering to a common enterprise architecture pattern and derive from this a number of research questions for further study

Towards alignment of architectural domains in security policy specifications

Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI

Defense against Insider Threat: a Framework for Gathering Goal-based Requirements

Insider threat is becoming comparable to outsider threat in frequency of security events. This is a worrying situation, since insider attacks have a high probability of success because insiders have authorized access and legitimate privileges. Despite their importance, insider threats are still not properly addressed by organizations. We contribute to reverse this situation by introducing a framework composed of a method for identification and assessment of insider threat risks and of two supporting deliverables for awareness of insider threat. The deliverables are: (i) attack strategies structured in four decomposition trees, and (ii) a matrix which correlates defense strategies, attack strategies and control principles. The method output consists of goal-based requirements for the defense against insiders

Value-Based Business-IT Alignment in Networked Constellations of Enterprises

Business-ICT alignment is the problem of matching ICTservices with the requirements of the business. In businesses of any significant size, business-ICT alignment is a hard problem, which is currently not solved completely. With the advent of networked constellations of enterprises, the problem gets a new dimension, because in such a network, there is not a single point of authority for making decisions about ICT support to solve conflicts in requirements these various enterprises may have. Network constellations exist when different businesses decide to cooperate by means of ICT networks, but they also exist in large corporations, which often consist of nearly independent business units, and thus have no single point of authority anymore. In this position paper we discuss the need for several solution techniques to address the problem of business-ICT alignment in networked constellations. Such techniques include: -RE techniques to describe networked value constellations requesting and offering ICT services as economic value. These techniques should allow reasoning about the matching of business needs with available ICT services in the constellation. - RE techniques to design a networked ICT architecture that supports ICT services required by the business, taking the value offered by those services, and the costs incurred by the architecture, into account. - Models of decision processes about ICT services and their architecture, and maturity models of those processes.The techniques and methods will be developed and validated using case studies and action research

Value-based Design of Collaboration Processes for e-Commerce

Designing cross-organizational e-business applications faces the problem that the collaborating businesses must align their commercial interests without any central decision making authority. The design process must therefore yield a clear view of the commercial value of the collaboration for each economic actor, as well as a clear specification of the activities to be performed by each actor and a specification of information systems to be used by each actor. We present guidelines for designing the value network of the collaboration, which shows the commercial value of the collaboration for each participating actor. We then present guidelines for transforming the value network into process models, which show the feasibility of implementing the value network in the business processes of the actors. Our approach has been developed in different consultancy projects. We illustrate our approach with a consultancy project performed at a company that we will call the Amsterdam Times

Value Framing: A Prelude to Software Problem Framing

Software problem framing is a way to find specifications for software. Software problem frames can be used to structure the environment of a software system (the machine) and specify desired software properties in such a way that we can show that software with these properties will help achieve the required effects in the environment. Actually framing a software problem, i.e. finding suitable problem frames of a given situation, is creative activity for which no guidelines are currently known. In this paper, we propose to use an idea exploration technique called e3-value to find software problem frames. The e3-value methodology is an approach to help business analysists solve the problem of designing a networked enterprise, defined as a set of businesses or business units that make money by performing value exchanges over a computer network. The outcome of e3-value is viewed by business managers as a solution, but it is a problem for software engineers who have to implement this idea. In this paper we illustrate the combination of e3-value with problem framing by means of a small example from real life, and discuss the research questions that come out of this

A Mobile Ambients-based Approach for Network Attack Modelling and Simulation

Attack Graphs are an important support for assessment and subsequent improvement of network security. They reveal possible paths an attacker can take to break through security perimeters and traverse a network to reach valuable assets deep inside the network. Although scalability is no longer the main issue, Attack Graphs still have some problems that make them less useful in practice. First, Attack Graphs remain difficult to relate to the network topology. Second, Attack Graphs traditionally only consider the exploitation of vulnerable hosts. Third, Attack Graphs do not rely on automatic identification of potential attack targets. We address these gaps in our MsAMS (Multi-step Attack Modelling and Simulation) tool, based on Mobile Ambients. The tool not only allows the modelling of more static aspects of the network, such as the network topology, but also the dynamics of network attacks. In addition to Mobile Ambients, we use the PageRank algorithm to determine targets and hub scores produced by the HITS (Hypertext Induced Topic Search) algorithm to guide the simulation of an attacker searching for targets

Requirements Engineering for Pervasive Services

Developing pervasive mobile services for a mass market of end customers entails large up-front investments and therefore a good understanding of customer requirements is of paramount importance. This paper presents an approach for developing requirements engineering method that takes distinguishing features of pervasive services into account and that is based on fundamental insights in design methodology

Goal-Oriented RE for E-Services

Current research in service-oriented computing (SoC) is mainly\ud about technology standards for SoC and the design of software components that\ud implement these standards. In this paper we investigate the problem of\ud requirements engineering (RE) for SoC. We propose a framework for goaloriented\ud RE for e-services that identifies patterns in service provisioning and\ud shows how to compose business models from them. Based on an analysis of 19\ud business models for e-intermediaries we identified 10 intermediation service\ud patterns and their goals, and show how we can compose new business models\ud from those patterns in a goal-oriented way. We represent the service patterns\ud using value models, which are models that show which value exchanges\ud business patterns engage in. We conclude the paper with a discussion of how\ud this approach can be extended to include business process patterns to perform\ud the services, and software components that support these processes

Competences of IT Architects

The field of architecture in the digital world uses a plethora of terms to refer to different kinds of architects, and recognises a confusing variety of competences that these architects are required to have. Different service providers use different terms for similar architects and even if they use the same term, they may mean something different. This makes it hard for customers to know what competences an architect can be expected to have.\ud \ud This book combines competence profiles of the NGI Platform for IT Professionals, The Open Group Architecture Framework (TOGAF), as well as a number of Dutch IT service providers in a comprehensive framework. Using this framework, the book shows that notwithstanding a large variety in terminology, there is convergence towards a common set of competence profiles. In other words, when looking beyond terminological differences by using the framework, one sees that organizations recognize similar types of architects, and that similar architects in different organisations have similar competence profiles. The framework presented in this book thus provides an instrument to position architecture services as offered by IT service providers and as used by their customers.\ud \ud The framework and the competence profiles presented in this book are the main results of the special interest group “Professionalisation” of the Netherlands Architecture Forum for the Digital World (NAF). Members of this group, as well as students of the universities of Twente and Nijmegen have contributed to the research on which this book is based