一种面向特征的软件产品线非功能需求建模方法

分析传统非功能需求定义的不足,基于需求分析阶段的系统抽象—"需求模型"重新定义非功能需求,规范并简化功能需求与非功能需求之间的关系。扩展面向特征的软件产品线建模方法,在特征模型中显式地建模功能需求、非功能需求、非功能需求类型以及它们之间的相互关系,沿用传统特征模型中固有的变化性建模机制建模并管理非功能需求的变化性,显式地复用与非功能需求相关的建模知识和资产,为进一步研究定量评估产品线变体质量的新技术奠定基础。设计了一个基于多视图的特征建模方法,指导开发者在迭代的过程中建模非功能需求和功能需求,支持关注点分离和模型的复杂性管控。实现了工具原型并进行了实例验证。     

A common criteria based security requirements engineering process for the development of secure information systems

In order to develop security critical Information Systems, specifying security quality requirements is vitally important, although it is a very difficult task. Fortunately, there are several security standards, like the Common Criteria (ISO/IEC 15408), which help us handle security requirements. This article will present a Common Criteria centred and reuse-based process that deals with security requirements at the early stages of software development in a systematic and intuitive way, by providing a security resources repository as well as integrating the Common Criteria into the software lifecycle, so that it unifies the concepts of requirements engineering and security engineering.     

An ASPIRE-based method for quality requirements identification from business goals

Quality requirements are the main drivers for modeling and evaluating software quality at an early stage, and ASPIRE is an engineering method designed to elicit and document the quality requirements of embedded systems. This paper proposes an extension to ASPIRE to identify quality requirements from the business goals of the organization and ensure their traceability. This extension includes a set of added components created from the main concepts of the SOQUAREM methodology, including the BMM (business motivation model), derivation rules, the quality attribute utility tree, the quality attribute scenario template, the quality attribute documentation template, and ISO 9126. The applicability of the extended method is illustrated with a wireless plant control system as an example.     

Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec

Building secure systems is difficult for many reasons. This paper deals with two of the main challenges: (i) the lack of security expertise in development teams and (ii) the inadequacy of existing methodologies to support developers who are not security experts. The security standard ISO 14508 Common Criteria (CC) together with secure design techniques such as UMLsec can provide the security expertise, knowledge, and guidelines that are needed. However, security expertise and guidelines are not stated explicitly in the CC. They are rather phrased in security domain terminology and difficult to understand for developers. This means that some general security and secure design expertise are required to fully take advantage of the CC and UMLsec. In addition, there is the problem of tracing security requirements and objectives into solution design, which is needed for proof of requirements fulfilment. This paper describes a security requirements engineering methodology called SecReq. SecReq combines three techniques: the CC, the heuristic requirements editor HeRA, and UMLsec. SecReq makes systematic use of the security engineering knowledge contained in the CC and UMLsec, as well as security-related heuristics in the HeRA tool. The integrated SecReq method supports early detection of security-related issues (HeRA), their systematic refinement guided by the CC, and the ability to trace security requirements into UML design models. A feedback loop helps reusing experience within SecReq and turns the approach into an iterative process for the secure system life-cycle, also in the presence of system evolution.     

Effectiveness and performance analysis of model-oriented security requirements engineering to elicit security requirements: a systematic solution for developing secure software systems

Software systems are becoming more and more critical in every domain of human society. These systems are used not only by corporates and governments, but also by individuals and across networks of organizations. The wide use of software systems has resulted in the need to contain a large amount of critical information and processes, which certainly need to remain secure. As a consequence, it is important to ensure that the systems are secure by considering security requirements at the early phases of software development life cycle. In this paper, we propose to consider security requirements as functional requirements and apply model-oriented security requirements engineering framework as a systematic solution to elicit security requirements for e-governance software systems. As the result, high level of security can be achieved by more coverage of assets and threats, and identifying more traces of vulnerabilities in the early stages of requirements engineering. This in turn will help to elicit effective security requirements as countermeasures with business requirements.     

Control case approach to record and model non-functional requirements

While the functional requirements of a system can be effectively modeled through the use case driven approach, there is no standard or de facto method for modeling non-functional requirements (NFR) of the system architecture. Often such requirements are dealt with in a reactive manner, rather than proactively. Yet increasingly a contributing factor in project difficulty and failure are the NFR imposed on the solution architecture. This paper outlines a control case approach to record and model NFR. This technique enables the control case to represent the NFR from different perspectives, most typically the various operating conditions. We also propose an extension to the “4 + 1” view model for depicting software architecture by adding the control case view. In addition, a detailed control case modeling example is illustrated to demonstrate how these techniques may be applied during development. Taken together, we suggest that the combination of both the use case and control case views thus reflects the complete requirements across the collective system life cycle views: design, process, implementation and deployment.     

How perspective-based reading can improve requirements inspections

Because defects constitute an unavoidable aspect of software development, discovering and removing them early is crucial. Overlooked defects (like faults in the software system requirements, design, or code) propagate to subsequent development phases where detecting and correcting them becomes more difficult. At best, developers will eventually catch the defects, but at the expense of schedule delays and additional product-development costs. At worst, the defects will remain, and customers will receive a faulty product. The authors explain their perspective based reading (PBR) technique that provides a set of procedures to help developers solve software requirements inspection problems. PBR reviewers stand in for specific stakeholders in the document to verify the quality of requirements specifications. The authors show how PBR leads to improved defect detection rates for both individual reviewers and review teams working with unfamiliar application domains     

Holistic security requirements analysis for socio-technical systems

Security has been a growing concern for large organizations, especially financial and governmental institutions, as security breaches in the systems they depend on have repeatedly resulted in billions of dollars in losses per year, and this cost is on the rise. A primary reason for these breaches is that the systems in question are “socio-technical” a mix of people, processes, technology, and infrastructure. However, such systems are designed in a piecemeal rather than a holistic fashion, leaving parts of the system vulnerable. To tackle this problem, we propose a three-layer security analysis framework consisting of a social layer (business processes, social actors), a software layer (software applications that support the social layer), and an infrastructure layer (physical and technological infrastructure). In our proposal, global security requirements lead to local security requirements, cutting across conceptual layers, and upper-layer security analysis influences analysis at lower layers. Moreover, we propose a set of analytical methods and a systematic process that together drive security requirements analysis across the three layers. To support analysis, we have defined corresponding inference rules that (semi-)automate the analysis, helping to deal with system complexity. A prototype tool has been implemented to support analysts throughout the analysis process. Moreover, we have performed a case study on a real-world smart grid scenario to validate our approach.     

Management of performance requirements for information systems

The management of performance requirements is a major challenge for information systems as well as other software systems. This is because performance requirements can have a global impact on the target system. In addition, there are interactions and trade-offs among performance requirements, other nonfunctional requirements (NFRs), and the numerous alternatives for the target system. To provide a systematic approach to managing performance requirements, this paper presents a performance requirements framework (PeRF). It integrates and catalogues a variety of kinds of knowledge of information systems and performance. These include: performance concepts, software performance engineering principles for building performance into systems, and information systems development knowledge. In addition, layered structures organize performance knowledge and the development process. All this knowledge is represented using an existing goal-oriented approach, the “NFR framework”, which offers a developer-directed graphical treatment for stating NFRs, analyzing and interrelating them, and determining the impact of decisions upon NFRs. This approach allows customized solutions to be built, taking into account the characteristics of the particular domain. The use of PeRF in managing performance requirements is illustrated in a study of performance requirements and other NFRs for a university student record system. This paper concludes with a summary of other studies of information systems, tool support and directions for future work     

Automated COSMIC Function Point measurement using a requirements engineering ontology

ContextThere are two interrelated difficulties in requirements engineering processes. First, free-format modelling practices in requirements engineering activities may lead to low quality artefacts and productivity problems. Second, the COSMIC Function Point Method is not yet widespread in the software industry because applying measurement rules to imprecise and ambiguous textual requirements is difficult and requires additional human measurement effort. This challenge is common to all functional size measurement methods.ObjectiveIn this study, alternative solutions have been investigated to address these two difficulties. Information created during the requirements engineering process is formalized as an ontology that also becomes a convenient model for transforming requirements into COSMIC Function Point Method concepts.MethodA method is proposed to automatically measure the functional size of software by using the designed ontology. The proposed method has been implemented as a software application and verified with real projects conducted within the ICT department of a leading telecommunications provider in Turkey.ResultsWe demonstrated a novel method to measure the functional size of software in COSMIC FP automatically. It is based on a newly developed requirements engineering ontology. Our proposed method has several advantages over other methods explored in previous research.ConclusionManual and automated measurement results are in agreement, and the tool is promising for the company under study and for the industry at large.     

Using security robustness analysis for early-stage validation of functional security requirements

Security is nowadays an indispensable requirement in software systems. Traditional software engineering processes focus primarily on business requirements, leaving security as an afterthought to be addressed via generic “patched-on” defensive mechanisms. This approach is insufficient, and software systems need to have security functionality engineered within in a similar fashion as ordinary business functional requirements. Functional security requirements need to be elicited, analyzed, specified and validated at the early stages of the development life cycle. If the functional security requirements were not properly validated, then there is a risk of developing a system that is insecure, deeming it unusable. Acceptance testing is an effective technique to validate requirements. However, an ad hoc approach to develop acceptance tests will suffer the omission of important tests. This paper presents a systematic approach to develop executable acceptance tests that is specifically geared for model-based secure software engineering processes. The approach utilizes early-stage artifacts, namely misuse case and domain models, and robustness diagrams. The feasibility of the proposed approach is demonstrated by applying it to a real-world system. The results show that a comprehensive set of security acceptance tests can be developed based upon misuse case models for early-stage validation of functional security requirements.     

Automated classification of non-functional requirements

This paper describes a technique for automating the detection and classification of non-functional requirements related to properties such as security, performance, and usability. Early detection of non-functional requirements enables them to be incorporated into the initial architectural design instead of being refactored in at a later date. The approach is used to detect and classify stakeholders’ quality concerns across requirements specifications containing scattered and non-categorized requirements, and also across freeform documents such as meeting minutes, interview notes, and memos. This paper first describes the classification algorithm and then evaluates its effectiveness through reporting a series of experiments based on 30 requirements specifications developed as term projects by MS students at DePaul University. A new and iterative approach is then introduced for training or retraining a classifier to detect and classify non-functional requirements (NFR) in datasets dissimilar to the initial training sets. This approach is evaluated against a large free-form requirements document obtained from Siemens Logistics and Automotive Organization. Although to the NFR classifier is unable to detect all of the NFRs, it is useful for supporting an analyst in the error-prone task of manually discovering NFRs, and furthermore can be used to quickly analyse large and complex documents in order to search for NFRs.     

Shifting knowledge from analysis to design: requirements for contextual user interface development

There is consensus among the members of the HCI community as well as among software developers that work tasks and user characteristics (i.e. context) should play a leading role in the course of system development. There seems to be less consensus on how the information about users and work tasks should be acquired and subsequently moved to the design process of a development project. Due to the use of unifying methods and concepts--such as object-orientation-- that might be used for analysis, design and implementation, this transition seems to be facilitated. However, few inputs have been provided to guide developers on how to shift knowledge from analysis to design when task- and user knowledge are considered to be inherent parts of the development knowledge. This paper details the interface between analysis and design, reviews existing concepts to bridge the gap between the two phases of development, and enriches these findings with some empirical results from a survey with respect to practical experiences. From these findings, requirements to successfully shift knowledge in the early phases of software development have been derived.     

A framework for the design and verification of software measurement methods

At the core of any engineering discipline is the use of measures, based on ISO standards or on widely recognized conventions, for the development and analysis of the artifacts produced by engineers. In the software domain, many alternatives have been proposed to measure the same attributes, but there is no consensus on a framework for how to analyze or choose among these measures. Furthermore, there is often not even a consensus on the characteristics of the attributes to be measured.In this paper, a framework is proposed for a software measurement life cycle with a particular focus on the design phase of a software measure. The framework includes definitions of the verification criteria that can be used to understand the stages of software measurement design. This framework also integrates the different perspectives of existing measurement approaches. In addition to inputs from the software measurement literature the framework integrates the concepts and vocabulary of metrology. This metrological approach provides a clear definition of the concepts, as well as the activities and products, related to measurement. The aim is to give an integrated view, involving the practical side and the theoretical side, as well as the basic underlying concepts of measurement.     

Modelling access policies using roles in requirements engineering

Pressures are increasing on organisations to take an early and more systematic approach to security. A key to enforcing security is to restrict access to valuable assets. We regard access policies as security requirements that specify such restrictions. Current requirements engineering methods are generally inadequate for eliciting and analysing these types of requirements, because they do not allow complex organisational structures and procedures that underlie policies to be represented adequately. This paper discusses roles and why they are important in the analysis of security. The paper relates roles to organisational theory and how they could be employed to define access policies. A framework is presented, based on these concepts, for analysing access policies.     

Quantitative risk-based requirements reasoning

At NASA we have been developing and applying a risk management framework, "Defect Detection and Prevention" (DDP). It is based on a simple quantitative model of risk and is supported by custom software. We have used it to aid in study and planning for systems that employ advanced technologies. The framework has proven successful at identifying problematic requirements (those which will be the most difficult to attain), at optimizing the allocation of resources so as to maximize requirements attainment, at identifying areas where research investments should be made, and at supporting tradeoff analyses among major alternatives. We describe the DDP model, the information that populates a model, how DDP is used, and its tool support. DDP has been designed to aid decision making early in development. Detailed information is lacking at this early stage. Accordingly, DDP exhibits a number of strategic compromises between fidelity and tractability. The net result is an approach that appears both feasible and useful during early requirements decision making.