A functional size measurement method for object-oriented conceptual schemas: design and evaluation issues

Functional Size Measurement (FSM) methods are intended to measure the size of software by quantifying the functional user requirements of the software. The capability to accurately quantify the size of software in an early stage of the development lifecycle is critical to software project managers for evaluating risks, developing project estimates and having early project indicators. In this paper, we present OO-Method Function Points (OOmFP), which is a new FSM method for object-oriented systems that is based on measuring conceptual schemas. OOmFP is presented following the steps of a process model for software measurement. Using this process model, we present the design of the measurement method, its application in a case study, and the analysis of different evaluation types that can be carried out to validate the method and to verify its application and results.     

An investigation of use case quality in a large safety-critical software development project

Use case modelling is a much-used technique for eliciting and documenting functional requirements. The quality of the use cases may have an important impact on the development project and on the resulting software product. This paper presents an empirical study of the changes that were made to the use case models in a large software project during the analysis phase. The results show (a) which were the most difficult aspects of use case modelling in this project and (b) how the quality of the functional requirements, in particular correctness, completeness, and clarity, was improved through the use case modelling process.     

Requirements Engineering and Downstream Software Development: Findings from a Case Study

Requirements management is being recognized as one of the most important albeit difficult phases in software engineering. The literature repeatedly cites the role of well-defined requirements and requirements management process in problem analysis and project management as benefiting software development throughout the life cycle: during design, coding, testing, maintenance and documentation of software. This paper reports on the findings of an investigation into industrial practice of requirements management process improvement and its positive effects on downstream software development. The evidence reveals a strong relationship between a well-defined requirements process and increased developer productivity, improved project planning through better estimations and enhanced ability for stakeholders to negotiate project scope. These results are important since there is little empirical evidence of the actual benefits of sound requirements practice, in spite of the plethora of claims in the literature. An account of these effects not only adds to our understanding of good requirements practice but also provides strong motivation for software organizations to develop programs for improvement of their requirements processes.     

Integrated Design and Verification of Simulation Programs

One of the more critical problems in computing science today is the rapidly increasing cost of developing and maintaining software for new automated data systems. New software development is generally a standardized process whereby software evolves from an idea to a useful system operating on a computer. The traditional model for a software development project includes feasibility study, requirements analysis, system design, program design, coding, testing, documentation, and implementation. Program design, coding, and testing are relatively well defined activities, but they are rarely straightforward. Involving many iterations among the phases and the activities within the phases, these iterations are a result of the knowledge gained as the system is being generated. We will describe here a different approach to the software development process. This approach, called "top-down modular design," attempts to minimize the numerous iterations of the development cycle. The basic philosophy, similar to that of structured programming, has already been applied to a variety of applications but has not yet been utilized in the general process of constructing simulation programs.     

Analysis of Secure Mobile Grid Systems: A systematic approach

Developing software through systematic processes is becoming more and more important due to the growing complexity of software development. It is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Systems which are based on Grid Computing are a kind of systems that have clear differentiating features in which security is a highly important aspect. The Mobile Grid, which is relevant to both Grid and Mobile Computing, is a full inheritor of the Grid with the additional feature that it supports mobile users and resources. A development methodology for Secure Mobile Grid Systems is proposed in which the security aspects are considered from the first stages of the life-cycle and in which the mobile Grid technological environment is always present in each activity. This paper presents the analysis activity, in which the requirements (focusing on the grid, mobile and security requirements) of the system are specified and which is driven by reusable use cases through which the requirements and needs of these systems can be defined. These use cases have been defined through a UML-extension for security use cases and Grid use cases which capture the behaviour of this kind of systems. The analysis activity has been applied to a real case.     

Accessible design and testing in the application development process: considerations for an integrated approach

Accessible design principles should permeate virtually all phases of the application development cycle, using existing “best practices of software engineering” for accessibility purposes. This paper proposes a methodology for accessible design and testing that includes proven tools of software engineering, namely use cases and scenarios, to capture functional requirements. Guidelines developed through user testing and heuristics are made real using personas to exemplify accessibility requirements, reflecting a diversity of user capabilities and use contexts. For implementation and testing, test cases containing accessibility checkpoints are generated, based on the guidelines. Complementary to this methodology, expert reviews and user testing should be conducted for evaluation of the developed products and further refinement of the development process.     

The RAPPID Project: Symbiosis between Industrial Requirements and MAS Research

The RAPPID project (Responsible Agents for Product-Process Integrated Design) is developing agent-based software tools and methods that use market place dynamics among members of a distributed design team to coordinate set-based design of discrete manufactured products. This report describes the interplay of industrial requirements and Multi-Agent System (MAS) research in the design, implementation, and testing of RAPPID. Like any industrial project, RAPPID begins with the requirements of the problem domain, and draws selectively from research results to meet those requirements. However, the flow of information is not unidirectional. In the process of addressing its requirements, RAPPID developed some new concepts that hold promise for broader application to distributed constraint optimization. RAPPID is work in process, not a completed product, and this report includes an assessment of what needs to be done in addition to what has been accomplished.     

Evaluating the effectiveness of independent verification andvalidation

The complexity of today's software systems mandates a structured approach to development and a verification and validation process that ensure that the right product is built and that it is built right. A V&V process is critical for those high-consequence systems in which a software failure can result in injury or death or where live testing is not feasible. NASA Langley Research Center funded a study to examine the effectiveness of the Army's Software Engineering Evaluation System (SEES). The project led to a study designed to examine the benefits of using SEES as an independent V&V methodology. The study consisted of two independent-development groups. Each was given an identical set of requirements that outlined a solution to a particular problem. The authors asked both groups to design, code, and test their software. The results indicate that IV&V provides a significant value-added component to the software development process     

具有不确定需求的软件测试用例生成方法研究

软件测试是软件开发重要的一部分,是保证软件质量,提高软件可靠性的重要途径。测试在需求分析阶段就开始介入,而在现实中很多需求是不确定的,在软件测试的过程中会面临许多不确定性的挑战。主要研究具有不确定需求的软件测试用例生成方法,利用基于标记迁移系统的Partial Models（部分模型）对不确定的需求进行建模,进而基于建立的模型生成有效的测试用例。针对模型中具有的不确定性引入概率,对不确定的部分进行概率表示,进一步基于标记迁移系统和Partial Models的特点提出测试用例生成方法。由于模型中具有不确定信息,由此生成的测试用例具有一定的概率,基于此对测试用例进行优先级排序。     

Introduction to object-oriented systems engineering. 2

Based on a set of views for the system, use cases help define the behavior of a system, from its top level to its terminal components. They are used in object-oriented systems engineering (OOSE) to provide a framework that ensures consistent systems development.     

Cost-Effective Security

To be successful, application software needs compelling functionality, availability within the right timeframe, and a reasonable price. But equally critical, teams must get nonfunctional characteristics right - performance, scalability, manageability, maintainability, usability, and, of course, security. The authors introduced misuse or abuse cases as counterparts to use cases and explained that although use cases capture functional requirements, abuse cases describes how users can misuse a svstem with malicious intent, thereby identifying additional security requirements. Another prior installment discussed how to fit misuse and abuse cases into the development process by defining who should write them, when to do so, and how to proceed. In this article, we discuss what abuse cases bring to software development in terms of planning. We don't assumes fixed budget is assigned to security measure's but that budgetary constraints apply to the project as a whole. We believe it's reasonable, and often accessary, to trade funtionality against security, so the question isn't how to prioritize security requirements but how to prioritize the development effort across both functional and security requirements.     

Integrating a software architecture-centric method into object-oriented analysis and design

The choice of methodology for the development of the architecture for software systems has a direct effect on the suitability of that architecture. If the development process is driven by the user’s functional requirements, we would expect the architecture to appropriately reflect those requirements. We would also expect other aspects not captured in the functional specification to be absent from the architecture. The same phenomenon is true in development approaches that stress the importance of systemic quality attributes or other non-functional requirements; those requirements are prominent in the resulting architecture, while other requirement types not stressed by the approach are absent. In other words, the final architecture reflects the focus of the development approach. An ideal approach, therefore, is one that incorporates all goals, expectations, and requirements: both business and technical. To accomplish this we have incorporated, into a single architectural development process, generalized Object-Oriented Analysis and Design (OOAD) methodologies with the software architecture-centric method, the Quality Attribute Workshop (QAW) and Attribute Driven Design (ADD). OOAD, while relatively intuitive, focuses heavily on functional requirements and has the benefit of semantic closeness to the problem domain making it an intuitive process with comprehendible results. Architecture-centric approaches, on the other hand, provide explicit and methodical guidance to an architect in creating systems with desirable qualities and goals. They provide minimal guidance in determining fine-grained architecture, however. The integrated approach described in this paper maximizes the benefits of the respective processes while eliminating their flaws and was applied in a eight university, global development research project with great success. A case study from that experiment is included here to demonstrate the method.     

From misuse cases to mal-activity diagrams: bridging the gap between functional security analysis and design

Secure software engineering is concerned with developing software systems that will continue delivering its intended functionality despite a multitude of harmful software technologies that can attack these systems from anywhere and at anytime. Misuse cases and mal-activity diagrams are two techniques to model functional security requirements address security concerns early in the development life cycle. This allows system designers to equip their systems with security mechanisms built within system design rather than relying on external defensive mechanisms. In a model-driven engineering process, misuse cases are expected to drive the construction of mal-activity diagrams. However, a systematic approach to transform misuse cases into mal-activity diagrams is missing. Therefore, this process remains dependent on human skill and judgment, which raises the risk of developing mal-activity diagrams that are inconsistent with the security requirements described in misuse cases, leading to the development of an insecure system. This paper presents an authoring structure for misuse cases and a transformation technique to systematically perform this desired model transformation. A study was conducted to evaluate the proposed technique using 46 attack stories outlined in a book by a former well-known hacker (Mitnick and Simon in The art of deception: controlling the human element of security, Wiley, Indianapolis, 2002). The results indicate that applying the proposed technique produces correct mal-activity diagrams from misuse cases.     

软件开发中的用例分析技术

用例技术是通过用例、参与者与用例以及用例之间的关系来描绘系统外在需求的一种方法。作为UML(统一建模语言)的一种重要表示法，用例分析方法在软件开发过程中占据着重要的地位。正确使用用例分析方法有助于项目的需求分析、体系结构设计、进度安排、测试和验证。文中简要介绍了增量／迭代式软件过程，通过实例探讨了软件开发中如何使用用例分析技术，包括项目风险分析、确定系统边界、细化事件流、图形化用例以及用例归档技术，从而为获取用例模型提供了有效的方法和途径。     

Enhancing the OPEN Process Framework with service-oriented method fragments

Service orientation is a promising paradigm that enables the engineering of large-scale distributed software systems using rigorous software development processes. The existing problem is that every service-oriented software development project often requires a customized development process that provides specific service-oriented software engineering tasks in support of requirements unique to that project. To resolve this problem and allow situational method engineering, we have defined a set of method fragments in support of the engineering of the project-specific service-oriented software development processes. We have derived the proposed method fragments from the recurring features of 11 prominent service-oriented software development methodologies using a systematic mining approach. We have added these new fragments to the repository of OPEN Process Framework to make them available to software engineers as reusable fragments using this well-known method repository.     

The Analyst's View of Complex Systems Projects

The general systems model based on inputs, processes, and outputs is useful for defining and documenting a development project, but it may not be the mental model that analysts and programmers actually use to differentiate system elements. An exploratory study using multidimensional scaling suggests that employing other dimensions during requirements analysis, functional decomposition, and even final documentation may help manage some of the complexity of today's software.     

需求工程的探讨

软件工程被分为需求、设计、实现、测试等几个阶段,其中需求阶段是一个项目的开端,也是项目成功的基石。在软件工程中,需求分析指的是在建立一个新的或改变一个现存的电脑系统时描写新系统的目的、范围、定义和功能时所要做的所有的工作。需求分析是软件工程中的一个关键过程。在这个过程中,系统分析员和软件工程师确定顾客的需要。只有在确定了这些需要后他们才能够分析和寻求新系统的解决方法。在软件工程的历史中,很长时间里人们一直认为需求分析是整个软件工程中最简单的一个步骤,但在过去十年中越来越多的人认识到它是整个过程中最关键的一个过程。假如在需求分析时分析者们未能正确地认识到顾客的需要的话,那么最后的软件实际上不可能达到顾客的需要,或者软件无法在规定的时间里完工。     

Effective Hybrid Content-Based Collaborative Filtering Approach for Requirements Engineering

Requirements engineering (RE) is among the most valuable and critical processes in software development. The quality of this process significantly affects the success of a software project. An important step in RE is requirements elicitation, which involves collecting project-related requirements from different sources. Repositories of reusable requirements are typically important sources of an increasing number of reusable software requirements. However, the process of searching such repositories to collect valuable project-related requirements is time-consuming and difficult to perform accurately. Recommender systems have been widely recognized as an effective solution to such problem. Accordingly, this study proposes an effective hybrid content-based collaborative filtering recommendation approach. The proposed approach will support project stakeholders in mitigating the risk of missing requirements during requirements elicitation by identifying related requirements from software requirement repositories. The experimental results on the RALIC dataset demonstrate that the proposed approach considerably outperforms baseline collaborative filtering-based recommendation methods in terms of prediction accuracy and coverage in addition to mitigating the data sparsity and cold-start item problems.