- Aalst2005-baup
- W. M. P. van der Aalst.
Business alignment: using process mining as a tool for Delta analysis and conformance testing.
Requirements Engineering, 10(3):198-211, 2005.
Abstract:
Increasingly, business processes are being controlled and/or monitored by information systems. As a result, many business processes leave their “footprints” in transactional information systems, i.e., business events are recorded in so-called event logs. Process mining aims at improving this by providing techniques and tools for discovering process, control, data, organizational, and social structures from event logs, i.e., the basic idea of process mining is to diagnose business processes by mining event logs for knowledge. In this paper we focus on the potential use of process mining for measuring business alignment, i.e., comparing the real behavior of an information system or its users with the intended or expected behavior. We identify two ways to create and/or maintain the fit between business processes and supporting information systems: Delta analysis and conformance testing. Delta analysis compares the discovered model (i.e., an abstraction derived from the actual process) with some predefined processes model (e.g., the workflow model or reference model used to configure the system). Conformance testing attempts to quantify the “fit” between the event log and some predefined processes model. In this paper, we show that Delta analysis and conformance testing can be used to analyze business alignment as long as the actual events are logged and users have some control over the process.
- Abadi+Cardelli1995-ioc
- Martín Abadi and Luca Cardelli.
An imperative object calculus.
In Mosses, P. D. and Nielsen, M. and Schwartzbach, M. I., editors, TAPSOFT '95: Theory and Practice of Software Development, pp. 471-485.
Springer-Verlag, May 1995.
- Abadi+Cardelli1996-to
- Martín Abadi and Luca Cardelli. A theory of objects.
Springer-Verlag, New York, 1996.
- Abadi+Leino1997-loop
- Martín Abadi and Rustan Leino.
A Logic of Object-Oriented Programs.
In Bidoit, Michel and Dauchet, Max, editors, TAPSOFT '97: Theory and Practice of Software Development, pp. 682-696.
Springer-Verlag, Apr. 1997.
- ABB1999-srse
- Software requirements specification for Euronet v.2.
Asea Brown Boveri - Electric Systems Technology Institute,
1999.
- Abrahams+Eyers+Bacon2002-arba
- Alan Abrahams, David Eyers, and Jean Bacon.
An asynchronous rule-based approach for business process automation using obligations.
In RULE '02: Proceedings of the 2002 ACM SIGPLAN workshop on Rule-based programming, pp. 93-103.
2002.
Abstract:
The Edee architecture provides a mechanism for explicitly and uniformly capturing business occurrences, and provisions of contracts, policies, and law. Edee is able to reason about the interactions of intra-, inter-, and extra-organizational policy, and execute business procedures informed by the combined legal effects of these diverse rules. We show through an example how Edee's asynchronous approach, namely to initiate actions only after consulting the database to determine active obligations, differs from the traditional synchronous approach in which procedural side-effects are initiated when clauses of rules are evaluated. The example show-cases both conflict detection and resolution in Edee. Edee's novel mechanism for business process automation is based on assessment of legal status and directives, and can be contrasted to the conventional task-dependency and process-synchronization approach employed in other workflow systems.
- Aczel1977-iid
- Peter Aczel.
An Introduction to Inductive Definitions.
In Barwise, J., editor, Handbook of Mathematical Logic, pp. 739-782.
North-Holland 1977.
- Adolph+Bramble2001-peuc
- Steve Adolph and Paul Bramble.
Patterns for Effective Use Cases.
2001.
Abstract:
Use cases are a popular requirements modeling technique, yet people often struggle when writing them. They understand the basic concepts of use cases, but find that actually writing useful ones turns out to be harder than one would expect. One factor contributing to this difficulty is that we lack objective criteria to help judge their quality. Many people find it difficult to articulate the qualities of an effective use case.
This book examines the problems people encounter while writing use cases. It describes simple, elegant and proven solutions to the specific problems of writing use cases on real projects. We have identified approximately three-dozen patterns that people can use to evaluate their use cases. We have based these patterns on the observable signs of quality that successful projects tend to exhibit. Our goals are to provide a vocabulary for discussing and sharing these properties with other people, provide advice for writing and organizing use cases effectively, and provide some “diagnostics” for evaluating use cases. We want these patterns to become second nature. Our hope is to find people saying, “Do we have a SharedClearVision(95)?” or “Does this use case have CompleteSingleGoal(132)?” when discussing their use cases.
- Adolph+Cockburn+Bramble2002-peuc
- Steve Adolph, Alistair Cockburn, and Paul Bramble. Patterns for Effective Use Cases.
Addison-Wesley Longman Publishing Co., Inc., 2002.
- Adrion+Branstad+Cherniavsky1982-vvtc
- W. Richards Adrion, Martha A. Branstad, and John C. Cherniavsky.
Validation, Verification, and Testing of Computer Software.
ACM Comput. Surv., 14(2):159-192, 1982.
Abstract:
Software quality is achieved through the application of development techniques and the use of verification procedures throughout the development process. Careful consideration of specific quality attributes and validation requirements leads to the selection of a balanced collection of review, analysis, and testing techniques for use throughout the life cycle. This paper surveys current verification, validation, and testing approaches and discusses their strengths, weaknesses, and life-cycle usage. In conjunction with these, the paper describes automated tools used to implement validation, verification, and testing. In the discussion of new research thrusts, emphasis is gwen to the continued need to develop a stronger theoretical basis for testing and the need to employ combinations of tools and techniques that may vary over each application.
- Agouridas+McKay+2008-appc
- Vassilis Agouridas, Alison McKay, 3 Henri Winand2, and Alan de Pennington1.
Advanced product planning: a comprehensive process for systemic definition of new product requirements.
Requirements Engineering, 13(1):19-48, 2008.
Abstract:
This paper reports results of research into the definition of requirements for new consumer products-specifically, electro-mechanical products. The research dealt with the derivation of design requirements that are demonstrably aligned with stakeholder needs. The paper describes a comprehensive process that can enable product development teams to deal with statements of product requirements, as originally collected through market research activities, in a systematic and traceable manner from the early, fuzzy front end, stages of the design process. The process described has been based on principles of systems engineering. A case study from its application and evaluation drawn from the power sector is described in this paper. The case study demonstrates how the process can significantly improve product quality planning practices through revision of captured product requirements, analysis of stakeholder requirements and derivation of design requirements. The paper discusses benefits and issues from the use of the process by product development teams, and identifies areas for further research. Finally, the conclusions drawn from the reported research are presented.
- Aho+Corasick1975-esma
- Alfred V. Aho and Margaret J. Corasick.
Efficient string matching: an aid to bibliographic search.
Communications of the ACM, 18(6):333-340, 1975.
Abstract:
This paper describes a simple, efficient algorithm to locate all occurrences of any of a finite number of keywords in a string of text. The algorithm consists of constructing a finite state pattern matching machine from the keywords and then using the pattern matching machine to process the text string in a single pass. Construction of the pattern matching machine takes time proportional to the sum of the lengths of the keywords. The number of state transitions made by the pattern matching machine in processing the text string is independent of the number of keywords. The algorithm has been used to improve the speed of a library bibliographic search program by a factor of 5 to 10.
- Al-Ani+Sim2006-uefe
- Ban Al-Ani and Susan Elliot Sim.
Using Expertise as a Framework for Evaluating Requirements Technology.
In Fourth International Workshop on Comparative Evaluation in Requirements Engineering (CERE'06), Sep. 2006.
- Al-Ani2002-sroc
- Ban Al-Ani.
Systems' Requirements: Once Captured, are Slaughtered.
In AWRE'02, 2002.
Abstract:
Despite the diverse assortment of artefacts produced to support systems development processes practitioners have survived attempts to overcome the problems they face when developing requirements. These problems arise at almost every stage of systems development and are investigated with varying degrees with success by different research projects.
This paper unceremoniously focuses on some of the problematic activities at the front end of systems development, namely: requirements capture and analysis. A multi-layered evaluation process that is composed of several sets (layers) of criteria is outlined. A new method/tool can then be put through these multiple layers. If successful it would be `ticked' as being a viable option and adopted by practitioners. The argument made is that a move towards regulating the evaluation of methods/tools usefulness can be one way out of the ivory tower.
- Al-Ani2003-fvre
- Ban Al-Ani.
A Framework to Validate Requirements Engineering Research Artefacts.
In First International Workshop on Comparative Evaluation in Requirements Engineering (CERE'03), Sep. 2003.
Abstract:
Practitioners often resist the diverse assortment of research artefacts that are put forward to overcome the problems they face when developing requirements. This resistance often leads to the under-utilisation of artefacts despite their ability to reduce cost through software process improvement. There is a waste of resources (e.g. time and money) during development either as a consequence of practitioners' resistance or the inability of these artefacts to demonstrably meet practitioners' needs.
This paper details a three-layered evaluation framework consisting of several sets of criteria, standards and guidelines. The purpose of the framework is to provide a means to validate the diverse research artefacts produced thereby increasing the likelihood of its uptake by practitioners and academics alike. The paper also outlines ongoing work to implement the proposed framework to validate an analysis approach developed to assist stakeholders during the early stages of requirements development.
- Al-Karaghouli+AlShawi+Fitzgerald2000-nuis
- W. Al-Karaghouli, S. AlShawi, and G. Fitzgerald.
Negotiating and Understanding Information Systems Requirements: The Use of Set Diagrams.
Requirements Engineering, 5(2):93-102, 2000.
Abstract:
A major contributor to the failure of information technology-based systems is the problem of understanding user or customer requirements in the initial analysis and requirements identification stage of development. This paper identifies and describes an approach to help overcome some of these problems, particularly the mismatch or understanding gap between the customer and the developer. The approach is intended to be used at the early stages of requirement determination and introduces techniques from operational research into the process. In particular set theory and Venn diagrams are used as a way of graphically representing the relationships and gaps in understanding that may exist. The benefit obtained from the use of the technique is partly in the graphical representations themselves but mainly in the dialogue and negotiation that result from the construction of the diagrams. The technique has been developed in a research study of retail organisations' use of information technology in the UK and an example case study from the sector is used to illustrate and discuss the technique.
- Al-Otaiby+Bond+AlSherif2004-smur
- Turky N. Al-Otaiby, Walter P. Bond, and Mohsen AlSherif.
Software modularization using requirements attributes.
In ACM-SE 42: Proceedings of the 42nd annual Southeast regional conference, pp. 104-109.
2004.
Abstract:
Due to the increasing complexity of today's software applications, design methodologies are of great concern to the software community. The design phase of the software lifecycle is a major factor to the success of a software system. Some studies have shown that the majority of errors detected during the testing phase are related to design. Therefore, it is very critical to assess the quality of the design. The correct top-level modularization of the software is critical to the design quality.
Software modularity is not a new concept in the software engineering field; it has been a design issue since the earliest days of software development. Because the software designer cannot be expected to conceptualize a complex software application as a whole, it is usual to create a top-level design which has been decomposed into a set of modules. The degree of modularization is a subjective concept that is difficult to measure; however, coupling and cohesion are two well-known concepts that are used to characterize software modularization.
In this paper we will illustrate how requirements scenarios can be clustered based on attributes identified in the scenarios. The technique uses heuristic clustering methods that cluster scenarios so that those scenarios within a cluster have a strong functional relationship with one another and weak relationships to the scenarios in other clusters. Hence, cohesion within clusters is maximized while coupling between clusters is minimized. Consequently, software modularization based on these clusters should provide a good initial design.
- Al-Subaie+Maibaum2006-eego
- Huzam S. F. Al-Subaie and Tom S. E. Maibaum.
Evaluating the Effectiveness of a Goal-Oriented Requirements Engineering Method.
In Fourth International Workshop on Comparative Evaluation in Requirements Engineering (CERE'06), Sep. 2006.
- Alagar+Venkatesan2001-ttse
- Sridhar Alagar and Subbarayan Venkatesan.
Techniques to Tackle State Explosion in Global Predicate Detection.
IEEE Transactions on Software Engineering, 27(8):704-714, 2001.
Abstract:
Global predicate detection, which is an important problem in testing and debugging distributed programs, is very hard due to the combinatorial explosion of the global state space. This paper presents several techniques to tackle the state explosion problem in detecting whether an arbitrary predicate Φ is true at some consistent global state of a distributed system. We present space efficient on-line algorithms for detecting Φ. We then improve the performance of our algorithms, both in space and time, by increasing the granularity of the execution step from an event to a sequence of events in each process.
- Alderson1999-frer
- A. Alderson.
False requirements express real needs.
Requirements Engineering, 4(1):61-61, 1999.
- Beatrice Alenljung and Anne Persson.
Portraying the practice of decision-making in requirements engineering: a case of large scale bespoke development.
Requirements Engineering, 13(4):257-279, 2008.
Abstract:
Complex decision-making is a prominent aspect of requirements engineering (RE) and the need for improved decision support for RE decision-makers has been identified by a number of authors in the research literature. A first step toward better decision support in requirements engineering is to understand multifaceted decision situations of decision-makers. In this paper, the focus is on RE decision-making in large scale bespoke development. The decision situation of RE decision-makers on a subsystem level has been studied at a systems engineering company and is depicted in this paper. These situations are described in terms of, e.g., RE decision matters, RE decision-making activities, and RE decision processes. Factors that affect RE decision-makers are also identified.
- Alexander+Maiden2004-ssuc
- Alexander, Ian F. and Maiden, Neil, editors. Scenarios, Stories, Use Cases: Through the Systems Development Life-Cycle.
John Wiley & Sons, Ltd., 2004.
- Alexander+Maiden2004-wssa
- Ian F. Alexander and Neil Maiden.
What scenarios (still) aren't good for.
In Alexander, Ian F. and Maiden, Neil, editors, Scenarios, Stories, Use Cases: Through the Systems Development Life-Cycle, pp. 465-469.
John Wiley & Sons, Ltd. 2004.
Abstract:
Scenarios are extremely versatile and useful in systems development — and in other places, but they do not offer help in every situation, and may even be misleading if over-enthusiastically applied. This short chapter suggests some possible limits to scenario use — at least until we gain a better understanding. We hope this may restrain the over-enthusiastic, give readers a better feel for what scenarios really can do well, and perhaps indicate some open areas where researchers and innovative practitioners can explore and develop new techniques.
- Alexander1998-ecoi
- Ian Alexander.
Engineering as a co-operative inquiry: A framework.
Requirements Engineering, 3(2):130-137, 1998.
Abstract:
This paper has grown out of my specific dissatisfaction with a view of the world centred on technology, rather than on the people who will use that technology. I have therefore looked for a framework which makes a definite shift of focus towards users, but allowing existing techniques wherever these are helpful. The paper presents a new framework in which requirements engineering is treated as a co-operative inquiry (C1), a general method for reaching shared understanding within a group. The treatment leads to a division of the requirements engineering life cycle into four cycles of co-operation between users and developers. With each cycle, a model (which may be quite conventional) is developed. The approach is compared with existing methods, and some predictions are made about how it may perform.
- Alexander1999-itst
- Ian Alexander.
Is There Such a Thing as a User Requirement?.
Requirements Engineering, 4(4):221-223, Dec., 1999.
- Alexander2000-sdsf
- I. Alexander.
Scenario-Driven Search Finds More Exceptions.
In DEXA '00: Proceedings of the 11th International Workshop on Database and Expert Systems Applications, pp. 991.
2000.
Abstract:
Requirements elicitation tends to focus on stakeholders' primary goals, whether these are modelled as processes or use cases. However, exception cases often outnumber 'normal' cases and can drive project cost. This paper describes an experiment to see whether scenarios could effectively drive the search for exceptions. Experienced engineers asked to specify a small system which found three times as many exceptions by searching all scenario steps as by examining draft requirements.
- Alexander2002-as
- I. Alexander.
On Abstraction in Scenarios.
Requirements Engineering, 6(4):252-255, 2002.
Abstract:
Scenarios are ways of representing knowledge. They may take many forms, from films of real events through acted scenes to documented procedures. These forms differ in many ways, including how vivid or abstract they are, how accessible they are as specifications, and how effective they are in helping to elicit requirements. Scenarios, especially as Use Cases, are in use or proposed for many aspects of systems engineering. Understanding of the different forms scenarios may take, and then of the costs and benefits of applying these forms in practice, may be valuable.
- Alexander2002-iiem
- Ian F. Alexander.
Initial Industrial Experience of Misuse Cases in Trade-Off Analysis.
In 10th IEEE Joint International Conference on Requirements Engineering (RE'02), pp. 61-70.
Sep. 2002.
Abstract:
Negative scenarios have long been applied in e.g. military and commercial operations planning. The negative form of the Use Case is the 'Misuse Case'. Experience has been gained in applying Misuse Cases to analyse requirement/design option Trade-Offs in a railway case study.In a Trade-Off workshop, a diagram is constructed showing Use Cases for goals held by system designers, and Misuse Cases for goals of hostile agents. Relationships between these goals are elicited and documented on the diagram. Experience in a railway Trade-Off study led to the devising of a set of relationships suited to Trade-Off analysis: 'threatens', 'mitigates', 'aggravates', and 'conflicts with', as well as the more general 'includes'. The result is a graphic that makes clear to non-technical stakeholders how their requirements may conflict in the design domain. This contributed to the success of the Trade-Off workshop.The approach taken for the railway workshop is simple. It could be applied in other domains, and with other participative methods.
- Alexander2003-itst
- Ian Alexander.
Is There Such a Thing as a User Requirement?.
IEEE Software, 20(1):58-66, Jan./Feb., 2003.
Abstract:
Humans have analyzed negative scenarios ever since they first sat around Ice Age campfires debating the dangers of catching a woolly rhinoceros: “What if it turns and charges us before it falls into the pit?” A more recent scenario is “What if the hackers launch a denial-of-service attack?” Modern systems engineers can employ a misuse case, the negative form of a use case, to document and analyze such scenarios. A misuse case is simply a use case from the point of view of an actor hostile to the system under design. Misuse cases have many possible applications and interact with use cases in interesting and helpful ways. The paper discusses the elicitation of safety requirements from failure cases and considers the interplay of design, functional, and nonfunctional requirements.
- Alexander2003-mcuc
- Ian Alexander.
Misuse cases: use cases with hostile intent.
IEEE Software, 20(1):58-66, Jan./Feb., 2003.
Abstract:
Humans have analyzed negative scenarios ever since they first sat around Ice Age campfires debating the dangers of catching a woolly rhinoceros: “What if it turns and charges us before it falls into the pit?” A more recent scenario is “What if the hackers launch a denial-of-service attack?” Modern systems engineers can employ a misuse case, the negative form of a use case, to document and analyze such scenarios. A misuse case is simply a use case from the point of view of an actor hostile to the system under design. Misuse cases have many possible applications and interact with use cases in interesting and helpful ways. The paper discusses the elicitation of safety requirements from failure cases and considers the interplay of design, functional, and nonfunctional requirements.
- Alexander2004-issd
- Ian Alexander.
Introduction: Scenarios in System Development.
In Alexander, Ian F. and Maiden, Neil, editors, Scenarios, Stories, Use Cases: Through the Systems Development Life-Cycle, pp. 3-24.
John Wiley & Sons, Ltd. 2004.
Abstract:
Scenarios are a powerful antidote to the complexity of systems and analysis. Telling stories about systems helps ensure that people — stakeholders — share a sufficiently wide view to avoid missing vital aspects of problems. Scenarios vary from brief stories to richly structured analyses, but are almost always based on the idea of a sequence of actions carried out by intelligent agents. People are very good at reasoning from even quite terse stories, for example detecting inconsistencies, omissions, and threats with little effort. These innate human capabilities give scenarios their power. Scenarios are applicable to systems of all types, and may be used at any stage of the development life cycle for different purposes.
- Alexander2004-uctc
- Ian Alexander.
Use Case, Test Cases.
In Alexander, Ian F. and Maiden, Neil, editors, Scenarios, Stories, Use Cases: Through the Systems Development Life-Cycle, pp. 281-298.
John Wiley & Sons, Ltd. 2004.
- Alexander2005-aabr
- Ian Alexander.
Agile or analytic? Book reviews: Cohn versus Lavi and Kudish.
Requirements Engineering, 10(4):307-308, 2005.
- Allen+Ferguson1994-aeit
- James F. Allen and George Ferguson. Actions and Events in Interval Temporal Logic.
Rochester, NY, USA. 1994.
Abstract:
We present a representation of events and action based on interval temporal logic that is significantly more expressive and more natural than most previous AI approaches. The representation is motivated by work in natural language semantics and discourse, temporal logic, and AI planning and plan recognition. The formal basis of the representation is illustrated by applying it to the axiomatization and solution of several standard problems from the AI literature on action and change. An approach to the frame problem based on explanation closure is shown to be both powerful and natural when combined with our representational framework. We also discuss features of the logic that are beyond the scope of many traditional representations, and describe our approach to difficult problems such as external events and simultaneous actions.
- Allen+Frisch1982-wsn
- James F. Allen and Alan M. Frisch.
What's in a semantic network?.
In Proceedings of the 20th annual meeting on Association for Computational Linguistics, pp. 19-27.
1982.
Abstract:
Ever since Wood's “What's in a Link” paper, there has been a growing concern for formalization in the study of knowledge representation. Several arguments have been made that frame representation languages and semantic-network languages are syntactic variants of the first-order predicate calculus (FOPC). The typical argument proceeds by showing how any given frame or network representation can be mapped to a logically isomorphic FOPC representation. For the past two years we have been studying the formalization of knowledge retrievers as well as the representation languages that they operate on. This paper presents a representation language in the notation of FOPC whose form facilitates the design of a semantic-network-like retriever.
- Allen+Hayes1985-cstt
- James F. Allen and Patrick J. Hayes.
A common-sense theory of time.
In Proceedings of International Joint Conference on Artificial Intelligence, pp. 528-531.
1985.
- Allen1981-wnhm
- James F. Allen.
What's necessary to hide?: modeling action verbs.
In Proceedings of the 19th annual meeting on Association for Computational Linguistics, pp. 77-81.
1981.
Abstract:
This paper considers what types of knowledge one must possess in order to reason about actions. Rather than concentrating on how actions are performed, as is done in the problem-solving literature, it examines the set of conditions under which an action can be said to have occurred. In other words, if one is told that action A occurred, what can be inferred about the state of the world? In particular, if the representation can define such conditions, it must have good models of time, belief, and intention. This paper discusses these issues and suggests a formalism in which general actions and events can be defined. Throughout, the action of hiding a book from someone is used as a motivating example.
- Allen1983-mkti
- James F. Allen.
Maintaining knowledge about temporal intervals.
Communications of the ACM, 26(11):832-843, Nov., 1983.
Abstract:
An interval-based temporal logic is introduced, together with a computationally effective reasoning algorithm based on constraint propagation. This system is notable in offering a delicate balance between expressive power and the efficiency of its deductive engine. A notion of reference intervals is introduced which captures the temporal hierarchy implicit in many domains, and which can be used to precisely control the amount of deduction performed automatically by the system. Examples are provided for a database containing historical data, a database used for modeling processes and process interaction, and a database for an interactive system where the present moment is continually being updated.
- Allen1984-tgta
- James F. Allen.
Towards a general theory of action and time.
Artif. Intell., 23(2):123-154, 1984.
Abstract:
A formalism for reasoning about actions is proposed that is based on a temporal logic. It allows a much wider range of actions to be described than with previous approaches such as the situation calculus. This formalism is then used to characterize the different types of events, processes, actions, and properties that can be described in simple English sentences. In addressing this problem, we consider actions that involve non-activity as well as actions that can only be defined in terms of the beliefs and intentions of the actors. Finally, a framework for planning in a dynamic world with external events and multiple agents is suggested.
- Allen1991-trp
- James F. Allen.
Temporal reasoning and planning.
In Reasoning about plans, pp. 1-67.
Morgan Kaufmann Publishers Inc. 1991.
- Allen1991-ttam
- James F. Allen.
Time and Time Again: The Many Ways to Represent Time.
Journal of Intelligent Systems, 6(4):341-355, July, 1991.
Abstract:
One of the most crucial problems in any computer system that involves representing the world is the representation of time. This includes applications such as databases, simulation, expert systems and applications of Artificial Intelligence in general. In this brief paper, I will give a survey of the basic techniques available for representing time, and then talk about temporal reasoning in a general setting as needed in AI applications. Quite different representations of time are usable depending on the assumptions that can be made about the temporal information to be represented. The most crucial issue is the degree of certainty one can assume. Can one assume that a time stamp can be assigned to each event, or barring that, that the events are fully ordered? Or can we only assume that a partial ordering of events is known? Can events be simultaneous? Can they overlap in time and yet not be simultaneous? If they are not instantaneous, do we know the durations of events? Different answers to each of these questions allow very different representations of time.
- Allenby+Kelly2001-dsru
- Karen Allenby and Tim Kelly.
Deriving Safety Requirements Using Scenarios.
In Fifth IEEE International Symposium on Requirements Engineering (RE'01), pp. 228-235.
Aug. 2001.
Abstract:
Abstract: Elicitation of requirements for safety critical aero-engine control systems is dependent on the capture of core design intent and the systematic derivation of requirements addressing hazardous deviations from that intent. Derivation of these requirements is inextricably linked to the safety assessment process. Conventional civil aerospace practice (as advocated by guidelines such as ARP4754 and ARP4671) promotes the application of Functional Hazard Assessment (FHA) to sets of statements of functional intent. Systematic hazard analysis of scenario-based requirements representations is less well understood. This paper discusses the principles and problems of hazard analysis and proposes an approach to conducting hazard analysis on use case requirements representations. Using the approach, it is possible to justifiably derive hazard-mitigation use cases as first class requirements from systematic hazard analysis of core design intent scenarios. An industrial example is used to illustrate the technique.
- Alspaugh+Anton+1999-isms
- Thomas A. Alspaugh, Annie I. Antón, Tiffany Barnes, and Bradford W. Mott.
An Integrated Scenario Management Strategy.
In Fourth IEEE International Symposium on Requirements Engineering (RE'99), pp. 142-149.
June 1999.
Abstract:
Scenarios have proven effective for eliciting, describing and validating software requirements; however, scenario management continues to be a significant challenge to practitioners. One reason for this difficulty is that the number of possible relations among scenarios grows exponentially with the number of scenarios. If these relations are formalized, they can be more easily identified and supported. To provide this support, we extend the benefits of project-wide glossaries with two complementary approaches. The first approach employs shared scenario elements to identify and maintain common episodes among scenarios. The resulting episodes impose consistency across related scenarios and provide a way to visualize their interdependencies. The second approach quantifies similarity between scenarios. The resulting similarity measures serve as heuristics for finding duplicate scenarios, scenarios needing further elaboration, and scenarios which have not yet been identified yielding valuable information about how well the scenarios provide coverage of the requirements. These two approaches, integrated with a scenario database, project glossaries, configuration management, and coverage analysis, form the basis of a useful and effective strategy for scenario management and evolution.
- Alspaugh+Anton+Davis2003-esss
- Thomas A. Alspaugh, Annie I. Antón, and Laura J. Davis. An empirical study of scenario similarity measures.
ISR Technical Report UCI-ISR-03-07. Institute for Software Research, University of California, Irvine. Sep. 2003.
Abstract:
Syntactic similarity measures have been proposed as a technique to support scenario management and provide process guidance in scenario-based requirements analysis. Similarity measures support locating duplication and near-duplication between scenarios, searching in a collection of scenarios, identifying episodes shared among scenarios, and determining dependencies between scenarios. The effectiveness of this technique depends in part on how well syntactic similarity tracks semantic similarity as judged by human analysts. We present a study that validates syntactic similarity measures using scenarios from the Enhanced Messaging System specification.
- Alspaugh+Anton+Modarressi2001-es
- Thomas A. Alspaugh, Annie I. Antón, and Abdi Modarressi.
EMS Scenarios.
2001.
http://www.ics.uci.edu/~alspaugh/rsr/EMSscos-public.html.
- Alspaugh+Anton2001-oors
- Thomas A. Alspaugh and Annie I. Antón. Object-Orientation in Requirements, Specifications and Models.
Computer Science Technical Report TR-2001-12. North Carolina State University, Raleigh, NC. Dec. 2001.
Abstract:
Object-oriented requirements and specifications seem desirable for object-oriented design and implementation. However, in this paper we demonstrate that this is not necessarily the case. When we compare the conventionally desired attributes of requirements (e.g., easily modifiable, expressed in the customer's terms, and individual requirements which are separable) with some of the conventional properties of object-orientation (e.g., taxonomic organization), we see that in some ways they are incompatible with each other. While a specification may be expressed as an object-oriented model, there are disadvantages to doing so that have not been adequately considered in this context. We illustrate these distinctions with examples from the Kaiserslautern Light Control Problem and offer strategies to assist practitioners as they address these issues.
- Alspaugh+Anton2001-sncs
- Thomas A. Alspaugh and Annie I. Antón.
Scenario Networks: A case study of the Enhanced Messaging System.
In 7th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'01), pp. 113-124.
June 2001.
Abstract:
Scenarios are widely used to specify desired system behavior. In this paper, we discuss a case study of an enhanced voice messaging system, in which the scenarios describing it were assembled into a scenario network. In a scenario network, each scenario is connected to those that may follow it. The resulting scenario network provides a specification of the entire system. The process of creating the scenario network improved the quality of the resulting specification by enabling us to identify gaps and inconsistencies that reviews and walkthroughs had not uncovered. Production of a scenario network compels analysts to improve the coverage and correctness of a set of scenarios, thereby improving the requirements engineering process and the resulting documentation.
- Alspaugh+Anton2001-snss
- Thomas A. Alspaugh and Annie I. Antón. Scenario networks for software specification and scenario management.
Computer Science Technical Report TR-2001-15. North Carolina State University, Raleigh, NC. Dec. 2001.
Abstract:
Scenarios are widely used to specify the desired behavior of a system, but managing the large collection of scenarios that frequently result and making a scenario-based specification complete are challenging tasks. Scenario networks address these challenges while retaining the many advantages of scenarios during software specification activities. A scenario network is a collection of scenarios that has been integrated into a single entity by the specification of the sequential and concurrent relationships among its component scenarios. The addition of these relationships specifies the larger-scale behavior that is typically missing from a collection of scenarios, and ties scenarios together in a way that either indicates no gaps in the description are present, or makes gaps obvious. Scenario networks provide procedural guidance for scenario creation and support for scenario management. Gaps in the structure of a scenario network correspond to missing or incomplete scenarios, and the closing of these gaps result in the completion of the scenario collection. A scenario network organizes the collection of its scenarios, and its structure indicates several kinds of scenario relationships, including equivalence relations dividing them into equivalence classes. These relationships address some of the challenges associated with scenario management.
- Alspaugh+Anton2001-usns
- Thomas A. Alspaugh and Annie I. Antón. Using Scenario Networks for Scenario Management and Software Specification.
Computer Science Technical Report TR-2001-11. North Carolina State University, Raleigh, NC. Dec. 2001.
Abstract:
Scenarios are widely used to specify desired system behaviors but analyzing and managing large collections of scenarios remains a challenge. Scenario networks facilitate scenario management and serve as a powerful basis for analyzing and validating collections of scenarios. In a scenario network, each scenario is connected to those that may follow it, either as part of a single sequence or concurrently with others. A scenario network provides an integrated specification of an entire system and incorporates behaviors that span two or more scenarios. We show how the process of creating a scenario network improves the quality of the component scenarios by helping analysts identify gaps and inconsistenciesw that more traditional reviews and walkthroughs normally do not uncover.
- Alspaugh+Anton2003-cucg
- Thomas A. Alspaugh and Annie I. Antón.
Contrasting Use Case, Goal, and Scenario Analysis of the Euronet System.
In 11th IEEE Joint International Conference on Requirements Engineering (RE'03), pp. 355-356.
Sep. 2003.
Abstract:
In this research, we compare three related requirements engineering efforts: an industrial effort based on use cases; a case study analyzing these use cases by means of goal analysis; and a case study analyzing the same use cases with an integrated scenario analysis approach.
- Alspaugh+Anton2003-ucgs
- Thomas A. Alspaugh and Annie I. Antón. Use case, goal, and scenario analysis of the Euronet system: comparing methods and results.
technical report UCI-ISR-03-12. Institute for Software Research. Nov. 2003.
Abstract:
In this paper, we compare the results of three related requirements engineering efforts: an industrial requirements specification produced with a use case based process, a case study analyzing those use cases by means of goal analysis; and a second case study analyzing the original use cases with an integrated scenario analysis and management approach and software tool support. The scenario-based analysis proved more effective than either of the other two approaches. The results provide validation for both the integrated scenario analysis and the software tool.
- Alspaugh+Anton2008-sser
- Thomas A. Alspaugh and Annie I. Antón.
Scenario support for effective requirements.
Information and Software Technology, 50(3):198-220, Feb., 2008.
Abstract:
Scenarios are widely used as requirements, and the quality of requirements is an important factor in the efficiency and success of a development project. The informal nature of scenarios requires that analysts do much manual work with them, and much tedious and detailed effort is needed to make a collection of scenarios well-defined, relatively complete, minimal, and coherent. We discuss six aspects of scenarios having inherent structure on which automated support may be based, and the results of using such support. This automated support frees analysts to concentrate on tasks requiring human intelligence, resulting in higher-quality scenarios for better system requirements. Two studies validating the work are presented.
- Alspaugh+Baumer+Tomlinson2006-mmes
- Thomas A. Alspaugh, Eric Baumer, and Bill Tomlinson.
On a Mixed-Methods Evaluation of a Social-Agent Scenario Visualization.
In Fourth International Workshop on Comparative Evaluation in Requirements Engineering (CERE'06), pp. 60-65.
Sep. 2006.
Abstract:
Scenarios are a well-explored technique for working with and understanding a system's requirements. However, comprehending a large group of scenarios for a system can be difficult, especially for non-experts. Our previous work proposed that visualizing scenarios using social animated characters could assist this process. However, assessing the efficacy of visualization techniques can be challenging. This paper proposes that a mixed-method study combining qualitative and quantitative analysis can be effective for evaluating a social visualization of a group of scenarios. Specifically, we found that the quantitative data addressed focused hypotheses, while the qualitative data gave us insight into the nature of scenarios in requirements, the goals of scenario visualization, and how the technology can support these goals more effectively. Both forms of analysis can be valuable and mutually reinforcing in developing and evaluating effective social visualizations of scenarios, and by extension for other work in RE as well.
- Alspaugh+Faulk+1992-sra7
- Thomas A. Alspaugh, Stuart R. Faulk, Kathryn Heninger Britton, R. Alan Parker, David L. Parnas, and John E. Shore. Software Requirements for the A-7E Aircraft.
NRL Memorandum Report 3876. Naval Research Laboratory, Washington, DC. Aug. 1992.
Abstract:
This document is the second published release of the Software Requirements of the A-7E Aircraft [ref NRL Memorandum Report 3876]. The first release, published in November 1978, introduced a new approach to specifying requirements for real-time embedded systems in the form of an engineering model. That document has been perhaps the most successful of the publications of NRL's Software Cost Reduc- tion project in terms of the interest generated and the number of copies requested since its introduction.
In spite of its success (in a sense, because of it) the specification has changed in many details over the years. This is not the result of flaws in its design, but the fulfillment of its creators' vision that the requirements should be a “living document;” i.e., that it would serve as the primary reference document for system designers, as well as the authoritative “test to” document for program validation, and be useful throughout the system development process. Because the document has served these purposes as well, it has changed over the years as requirements became better understood. Further, since the document is intended to serve as a model document, we have felt free to change it as better specifications techniques have been developed. This release represents the accumulation of those changes from the original publica- tion in November 1978 to the end of the SCR project in December 1988.
In spite of many changes in its particulars, the reader will find the document remarkably unchanged in its overall structure and approach. One of the principles guiding the original design was that because requirements change, the requirements specification should be easy to change. As a result, incremental changes and improvements have been easy to accommodate over the years without disrupting the essential document structure.[Chmu82]
This remainder of this preface gives a brief overview of the software requirements specification methodology developed as part of the Software Cost Reduction (SCR) project at the Naval Research Laboratory. A good description of the role of requirements specification in the development process is given in [Heni80] and [Hest81].
- Alspaugh+Richardson+2005-sdsb
- Thomas A. Alspaugh, Debra J. Richardson, Thomas A. Standish, and Hadar Ziv.
Scenario-driven Specification-based Testing against Goals and Requirements.
In 11th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'05), pp. 201-216.
June 2005.
Abstract:
We describe a new verification and validation (V&V) approach based on comparing actual system behavior in the form of captured goal-annotated event traces with expected behavior expressed by requirements scenarios that are tied to system requirements goals. We believe our V&V approach can leverage requirements engineering work in a fruitful manner that leads to improved software quality because it offers six potential benefits in the form of improved capabilities for: (1) higher-yield testing, (2) distinguishing false positives, (3) defining test coverage metrics, (4) detecting domain-analysis errors, (5) validating top-level requirements, and (6) efficiently controlling the degree of retesting. We use examples to explain how our method can attain these six potential benefits. If our goal/requirements-based V&V techniques can succeed in realizing these six potential benefits, we believe they will lead to improved requirements practices that, in turn, can successfully attain improved software quality.
- Alspaugh+Richardson+Standish2005-ssmp
- Thomas A. Alspaugh, Debra J. Richardson, and Thomas A. Standish.
Scenarios, State Machines, and Purpose-Driven Testing.
In 4th International Workshop on Scenarios and State Machines: Models, Algorithms and Tools (SCESM'05), pp. 1-5.
May 2005.
Abstract:
Testing is a necessary but frequently expensive activity that is needed to ensure software quality. For large, complex systems, testing based on covering all control flow or all data flow paths is intractable. But focusing on tests that are purpose-driven, namely on tests that are derived from system requirements and that test whether requirements goals are met, significantly reduces the size of a “complete” test suite for the system while simultaneously increasing confidence that the system performs as expected. Scenarios and state machines provide a useful framework for modeling and analysis of purpose-driven testing. Scenarios are sequences of events that represent purposeful uses of a system (or of its components, to any desired degree of detail). State machines, in the form of recursive transition diagrams, can model the successive refinement of requirements goals into architectures and implementations, and testing them using purpose-driven scenario-based tests provides early validation of that refinement. Formulating sets of scenarios that capture and represent a complete-enough set of requirements ensures that a test suite covering them explores all important regions of a system's state space. The scenario-based tests will predict with high confidence which system goals have been met, and, certainly, which have not. This position paper sketches elements of our approach to purpose-driven testing using scenarios and state machines.
- Alspaugh+Sim+2006-icur
- Thomas A. Alspaugh, Susan Elliott Sim, Kristina Winbladh, Mamadou Diallo, Hadar Ziv, and Debra J. Richardson. The Importance of Clarity in Usable Requirements Specification Formats.
UCI-ISR-06-14. Institute for Software Research, University of California, Irvine. Sep. 2006.
Abstract:
Clarity is underappreciated as a requirements specification quality attribute. We studied the clarity of requirements forms, operationalized as ease of problem detection, least obstructive to understanding, and understandability by stakeholders. A set of use cases for an industrial system was translated into sequence diagrams and ScenarioML; problems identified during each translation were noted, and system stakeholders were interviewed and given a questionnaire on all three forms. The data showed that ScenarioML best supported requirements clarity, then sequence diagrams but only for stakeholders experienced with them, and finally use cases as the least clear form. Use cases were preferred for non-technical stakeholders to write; sequence diagrams were most effective for details of individual events and for showing interaction with architectural components; with ScenarioML preferred in all other situations.
- Alspaugh+Sim+2007-csee
- Thomas A. Alspaugh, Susan Elliott Sim, Kristina Winbladh, Mamadou Diallo, Hadar Ziv, and Debra J. Richardson.
Clarity for Stakeholders: Empirical Evaluation of ScenarioML, Use Cases, and Sequence Diagrams.
In Fifth International Workshop on Comparative Evaluation in Requirements Engineering (CERE'07), Oct. 2007.
Abstract:
We studied the clarity of three requirements forms, operationalized as ease of problem detection, freedom from obstructions to understanding, and understandability by a variety of stakeholders. A set of use cases for an industrial system was translated into ScenarioML scenarios and into sequence diagrams; problems identified during each translation were noted; and all three forms were presented to a range of system stakeholders, who were interviewed before and after performing tasks using the forms. The data was analyzed, and convergent results were triangulated across data sources and methods. The data indicated that ScenarioML scenarios best support requirements clarity, then sequence diagrams but only for stakeholders experienced with them, and finally use cases as the least clear form.
- Alspaugh+Tomlinson+Baumer2006-usav
- Thomas A. Alspaugh, Bill Tomlinson, and Eric Baumer.
Using Social Agents to Visualize Software Scenarios.
In ACM Symposium on Software Visualization (SOFTVIS'06), pp. 87-94.
Sep. 2006.
Abstract:
Enabling nonexperts to understand a software system and the scenarios of usage of that system can be challenging. Visually modeling a collection of scenarios as social interactions can provide quicker and more intuitive understanding of the system described by those scenarios. This project combines a scenario language with formal structure and automated tool support (ScenarioML) and an interactive graphical game engine featuring social automomous characters and text-to-speech capabilities. We map scenarios to social interactions by assigning a character to each actor and entity in the scenarios, and animate the interactions among these as social interactions among the corresponding characters. The social interactions can help bring out these important aspects: interactions of multiple agents, pattern and timing of interactions, non-local inconsistencies within and among scenarios, and gaps and missing information in the scenario collection. An exploratory study of this modeling's effectiveness is presented.
- Alspaugh2002-snfs
- Thomas A. Alspaugh. Scenario networks and formalization for scenario management.
North Carolina State University Sep. 2002.
Abstract:
Scenarios are widely used to specify the behavior of software due to their informality and accessibility. However, their informality makes them difficult to analyze and manage. We address these difficulties with two complementary approaches, one syntactic and one semantic, that add a small amount of structure to scenarios to allow automated analyses and support. The syntactic approach represents a scenario as a set of attribute-value pairs, some of which may also be viewed as events, each of which is an actor-action pair, that are arranged in a sequence. This representation supports the use of episodes (shared subsequences of events) to show dependency relationships between scenarios and to help maintain those relationships as the scenarios evolve. The representation also supports automated measures of similarity between scenarios, to find duplicates or near-duplicates, searching in a collection of scenarios, and assess requirements coverage and completeness of the collection. The representation can be analyzed for consistency of various attributes within individual scenarios. The semantic approach integrates the scenarios that describe a system into a network that expresses which scenarios can follow each other. The network expresses the context expected by the events of each scenario and the temporal relationships between the scenarios. This information is either implicit or incomplete for an ordinary collection of scenarios. Construction of a scenario network provides process guidance for assessing and improving completeness and consistency of the scenario collection. A scenario network represents equivalence relationships between scenarios, and these relationships can be used to organize and classify the scenarios and to maintain the temporal relationships between scenarios as the scenarios evolve. A scenario network can be analyzed to evaluate completeness of the scenario collection and several kinds of consistency between scenarios in the collection. Together the syntactic and semantic approaches form an effective approach for addressing the scenario management problem, which has not been effectively addresses heretofore.
- Alspaugh2005-ssca
- Thomas A. Alspaugh. Software support for calculations in Allen's Interval Algebra.
ISR Technical Report UCI-ISR-05-02. Institute for Software Research, University of California, Irvine. Feb. 2005.
Abstract:
Allen's interval algebra formally expresses temporal relations between intervals, operations on them, and reasoning about them. Many of its most interesting operations are tedious or difficult to perform by hand. This report gives a compact introduction to interval algebra and describes a software tool, allen, for working with interval algebra relations. In connection with this tool, we propose a convenient notation for Allen's basic relations in which each relation is represented by a single lower or uppercase letter.
- Alspaugh2005-tess
- Thomas A. Alspaugh. Temporally Expressive Scenarios in ScenarioML.
ISR Technical Report UCI-ISR-05-06. Institute for Software Research, University of California, Irvine. May 2005.
Abstract:
Sequential, non-overlapping events are the norm in traditionally-expressed scenarios and use cases, but the world is much more fluid. Events have duration and may overlap, be separated in time, begin or end together, or have various other specific temporal relations. The ordering of the events may be completely known or partially uncertain, resulting in any of a large (but finite) number of relations for any two events. These relations, which can be formally stated and manipulated, are separable in form and meaning from the events themselves, which in requirements are most often expressed in prose. The temporal relations and partial ordering of events can be a significant part of what is specified, and must be inferred by a reader if not explicitly expressed. This paper presents a scenario language, ScenarioML, which expresses requirements scenarios using a broad and effective selection of event relations and structures. ScenarioML scenarios range from concrete scenarios to parameterized schemata that represent large families of scenarios related in a variety of temporal and structural ways. The language is designed for automated analysis and operations on temporal event relations, as well as other aspects of scenarios. An example from aircraft navigation is presented.
- Alspaugh2006-rbs
- Thomas A. Alspaugh. Relationships Between Scenarios.
Technical Report UCI-ISR-06-7. Institute for Software Research, University of California, Irvine. May 2006.
Abstract:
Scenarios are widely used in requirements analysis and other activities, but their informality is a challenge for reasoning about them and providing significant tool support. This research describes an approach for identifying aspects of scenarios that people use consistently, structuring them, and using this structure to support work with scenarios. Our approach clarifies how scenarios can be related (for example by specialization) and how they can be used to give each other context and constraints, and provides a foundation for more extensive automated support. Automated support for scenario manipulation and analysis lets human expertise be concentrated on the tasks that need it most. Our approach is implemented by an XML language and a Java package for it. We describe how they have been used in goal-driven specification-based testing, computed social worlds of autonomous animated agents, and analysis of business rules and scenarios.
- Alspaugh2006-sbrm
- Thomas A. Alspaugh. Scenarios, Business Rules, and Matching.
Technical Report UCI-ISR-06-5. Institute for Software Research, University of California, Irvine. Apr. 2006.
Abstract:
Scenarios (or use cases) and business rules each have strengths and offer mutually reinforcing views of a software system. Scenarios describe uses of a system in terms of situations, interactions, and events unfolding over time. Business rules describe fundamental constraints on a system's transactions. However, analysis of scenarios and business rules together can be challenging. We present an approach for evaluating these two distinct views in combination. We operationalize business rules as scenarios that must match the world in every appropriate context, or as negative scenarios that must not match. Scenarios are patterns that can match occurrences in the world; a system whose behavior meets its requirements results in occurrences that its scenarios match successfully. We mediate the interaction of business rules and scenarios through comatching events appearing in two or more scenarios. A co-matched event is not judged to have successfully matched unless all the events that co-match it do. A case study of business rules for automated teller machines illustrates our approach.
- Alur+Etessami+Yannakakis2000-imsc
- R. Alur, K. Etessami, and M. Yannakakis.
Inference of message sequence charts.
In 22nd International Conference on Software Engineering (ICSE '00), pp. 304-313.
June 2000.
Keywords:
concurrency control; software engineering; concurrent state machines; concurrent system; deadlock-free realizability; formal framework; message sequence charts; polynomial-time algorithms
Abstract:
Software designers draw Message Sequence Charts for early modeling of the individual behaviors they expect from the concurrent system under design. Can they be sure that precisely the behaviors they have described are realizable by some implementation of the components of the concurrent system? If so, can one automatically synthesize concurrent state machines realizing the given MSCs? If, on the other hand, other unspecified and possibly unwanted scenarios are “implied” by their MSCs, can the software designer be automatically warned and provided the implied MSCs? In this paper we provide a framework in which all these questions are answered positively. We first describe the formal framework within which one can derive implied MSCs, and we then provide polynomial-time algorithms for implication, realizability, and synthesis. In particular, we describe a novel algorithm for checking deadlock-free (safe) realizability.
- Alur+Yannakakis1998-mchs
- Rajeev Alur and Mihalis Yannakakis.
Model checking of hierarchical state machines.
In SIGSOFT '98/FSE-6: Proceedings of the 6th ACM SIGSOFT international symposium on Foundations of software engineering, pp. 175-188.
1998.
Abstract:
Model checking is emerging as a practical tool for detecting logical errors in early stages of system design. We investigate the model checking of hierarchical (nested) systems, i.e. finite state machines whose states themselves can be other machines. This nesting ability is common in various software design methodologies and is available in several commercial modeling tools. The straightforward way to analyze a hierarchical machine is to flatten it (thus, incurring an exponential blow up) and apply a model checking tool on the resulting ordinary FSM. We show that this flattening can be avoided. We develop algorithms for verifying linear time requirements whose complexity is polynomial in the size of the hierarchical machine. We address also the verification of branching time requirements and provide efficient algorithms and matching lower bounds.
- Alur+Yannakakis1999-mcms
- Rajeev Alur and Mihalis Yannakakis.
Model Checking of Message Sequence Charts.
In CONCUR '99: Proceedings of the 10th International Conference on Concurrency Theory, pp. 114-129.
Springer-Verlag, 1999.
Abstract:
Scenario-based specifications such as message sequence charts (MSC) offer an intuitive and visual way of describing design requirements. Such specifications focus on message exchanges among communicating entities in distributed software systems. Structured specifications such as MSC-graphs and Hierarchical MSC-graphs (HMSC) allow convenient expression of multiple scenarios, and can be viewed as an early model of the system. In this paper, we present a comprehensive study of the problem of verifying whether this model satisfies a temporal requirement given by an automaton, by developing algorithms for the different cases along with matching lower bounds.
When the model is given as an MSC, model checking can be done by constructing a suitable automaton for the linearizations of the partial order specified by the MSC, and the problem is coNP-complete. When the model is given by an MSC-graph, we consider two possible semantics depending on the synchronous or asynchronous interpretation of concatenating two MSCs. For synchronous model checking of MSC-graphs and HMSCs, we present algorithms whose time complexity is proportional to the product of the size of the description and the cost of processing MSCs at individual vertices. Under the asynchronous interpretation, we prove undecidability of the model checking problem. We, then, identify a natural requirement of boundedness, give algorithms to check boundedness, and establish asynchronous model checking to be PSPACE-complete for bounded MSC-graphs and EXPSPACE-complete for bounded HMSCs.
- Alur+Yannakakis2001-mchs
- Rajeev Alur and Mihalis Yannakakis.
Model checking of hierarchical state machines.
ACM Trans. Program. Lang. Syst., 23(3):273-303, 2001.
Abstract:
Model checking is emerging as a practical tool for detecting logical errors in early stages of system design. We investigate the model checking of sequential hierarchical (nested) systems, i.e., finite-state machines whose states themselves can be other machines. This nesting ability is common in various software design methodologies, and is available in several commercial modeling tools. The straightforward way to analyze a hierarchical machine is to flatten it (thus incurring an exponential blow up) and apply a model-checking tool on the resulting ordinary FSM. We show that this flattening can be avoided. We develop algorithms for verifying linear-time requirements whose complexity is polynomial in the size of the hierarchical machine. We also address the verification of branching time requirements and provide efficient algorithms and matching lower bounds.
- Alvarez+Urla2002-tmgs
- Rosío Alvarez and Jacqueline Urla.
Tell me a good story: using narrative analysis to examine information requirements interviews during an ERP implementation.
SIGMIS Database, 33(1):38-52, 2002.
Abstract:
This paper reports on a participant-observation study examining how clients use narratives to convey information during ERP requirements analysis interviews. Techniques drawn from narrative analysis are used to analyze the structure and content of different types of narratives clients tell during requirements analysis interviews. First, findings reveal that interviewees organized their experience, sought to persuade listeners, and conveyed information to analysts using “stories,” “habitual,” and “hypothetical” narratives. We argue that cClient narratives provide a pragmatic view of the information system, offering insight into the ways the system is actually used and the habitual practices of the work environment. Second, narratives function to signal the embeddedness of the information system in its larger organizational and social context.While analysts may be inclined to dismiss narratives as messy or asuncodeable data, we argue that the insights they provide merit attention. To the degree that narratives give insight into users' perspectives on organizational issues, they provide knowledge that is essential to any information systems project. This is especially true for ERP projects that, unlike other systems projects, seek to integrate processes spanning the entire organization. ERP projects typically require departments with very different priorities and vocabularies to radically rethink the organization and its habitual practices. Work habits, values, and dilemmas faced by users as recounted in narratives are likely to carry over after the legacy system has been removed. Hence, a sound grasp of these factors is surely advantageous for analysts in assessing the current and future environment of the organization. Future implications for research and practice are also discussed.
- Alves+Finkelstein2002-ccdm
- Carina Alves and Anthony Finkelstein.
Challenges in COTS decision-making: a goal-driven requirements engineering perspective.
In SEKE '02: Proceedings of the 14th international conference on Software engineering and knowledge engineering, pp. 789-794.
2002.
Abstract:
This position paper outlines the problems and risks of selecting COTS products. In particular, we highlight the challenges of the decision-making process where requirements specification plays an essential role to evaluate and compare products features. It is necessary to perform a careful balancing between requirements and COTS features. Customers may have to compromise on requirements not satisfied by any available product or request products modifications. We analyse the problems and risks arising in the selection process and review related work. We argue that a goal-oriented approach can support an effective balancing between requirements and COTS feature during the decision-making.
- America1987-ispo
- Pierre America.
Inheritance and Subtyping in a Parallel Object-Oriented Language.
In Bézivin, J. and others, editors, ECOOP '87, European Conference on Object-Oriented Programming, pp. 234-242.
Springer-Verlag, June 1987.
Abstract:
We have investigated the concepts of inheritance and subtyping in order to integrate them in a parallel object-oriented language. In doing so, we have concluded that inheritance and subtyping are two different concepts, which should not be confused in any object-oriented language (be it parallel or sequential). Inheritance takes place on the implementation level of classes, and it is a convenient mechanism for code sharing. It can be supported, for example, by introducing inheritance packages into a programming language. Subtyping deals with the message interface of objects, and it leads to a conceptual hierarchy based on behavioral specialization. Subtyping should take place on the basis of specifications of the external behaviour of objects, and as much as possible of these specifications should be formal. Some specific problems with introducing these two concepts into a parallel language are also discussed.
- Ammann+Black1999-sbcm
- Paul Ammann and Paul E. Black.
A Specification-Based Coverage Metric to Evaluate Test Sets.
In Fourth IEEE International Symposium on High-Assurance Systems Engineering (HASE '99), pp. 239-248.
1999.
Abstract:
Software developers use a variety of methods, including both formal methods and testing, to argue that their systems are suitable components for high assurance applications. In this paper, we develop another connection between formal methods and testing by defining a specification-based coverage metric to evaluate test sets. Formal methods in the form of a model checker supply the necessary automation to make the metric practical. The metric gives the software developer assurance that a given test set is sufficiently sensitive to the structure of an application's specification. In this paper, we develop the necessary foundation for the metric and then illustrate the metric on an example.
- Amon+Borriello+Liu1998-mctr
- Tod Amon, Gaetano Borriello, and Jiwen Liu.
Making complex timing relationships readable: Presburger formula simplicication using don't cares.
In DAC '98: Proceedings of the 35th annual conference on Design automation, pp. 586-590.
ACM Press, 1998.
Abstract:
Solutions to timing relationship analysis problems are often reported using symbolic variables and inequalities which specify linear relationships between the variables. Complex relationships can be expressed using Presburger formulas which allow Boolean relations to be specified between the inequalities. This paper develops and applies a highly effective simplification approach for Presburger formulas based on logic minimization techniques.
- Amorim+Maciel+2006-mlsc
- Leonardo Amorim, Paulo Maciel, Meuse Nogueira, Raimundo Barreto, and Eduardo Tavares.
Mapping live sequence chart to coloured petri nets for analysis and verification of embedded systems.
SIGSOFT Softw. Eng. Notes, 31(3):1-25, 2006.
Abstract:
This paper presents a methodology for mapping the Live Sequence Chart (LSC) language to an equivalent Coloured Petri Net (CPN) model as an approach for analysis and verification of embedded systems' properties. LSC is a language for system specification, allowing one to specify what should happen for all execution of the system as well as the modeling of anti-scenarios. However, analysis and verification of systems' properties are not possible. In order to allow diagnosis of inconsistent specifications, besides simulation, verification and analysis should be considered. Therefore the proposition of a CPN model for LSC allows verification and analysis of systems described in LSC, hence, contributing for increasing designers' confidence on the system development process and reducing risks that may lead to project failure.
- Amyot+Bordeleau+1996-fsdt
- Daniel Amyot, Francis Bordeleau, Raymond J. A. Buhr, and Luigi Logrippo.
Formal Support for Design Techniques: A Timethreads-LOTOS Approach.
In Proceedings of the IFIP TC6 Eighth International Conference on Formal Description Techniques VIII, pp. 57-72.
Chapman & Hall, Ltd., 1996.
Abstract:
A design methodology which allies the graphical expressiveness of the timethread notation with the analytical power of the LOTOS language and its associated tools is presented. The concept of timethread is at the basis of a design methodology based on scenarios. A simple telephone system is used as an example. It is shown how the main scenarios of such a system can be expressed by the timethread notation, leading to an abstract system design. Further, it is shown how the notation can be translated into LOTOS. LOTOS tools are used to validate the high-level design. Tools used include LOLA for analysis and design testing, LMC for checking temporal logic properties, and GOAL for checking reachability of actions.
- Amyot+Eberlein2003-esnc
- Daniel Amyot and Armin Eberlein.
An Evaluation of Scenario Notations and Construction Approaches for Telecommunication Systems Development.
Telecommunication Systems, 24(1):61 94, Sep., 2003.
Abstract:
The elicitation, modeling and analysis of requirements have consistently been one of the main challenges during the development of complex systems. Telecommunication systems belong to this category of systems due to the worldwide distribution and the heterogeneity of today's telecommunication networks. Scenarios and use cases have become popular for capturing and analyzing requirements. However, little research has been done that compares different approaches and assesses their suitability for the telecommunications domain. This paper defines evaluation criteria and then reviews fifteen scenario notations. In addition, twenty-six approaches for the construction of design models from scenarios are briefly compared.
- Amyot+Logrippo+1999-ucmc
- D. Amyot, L. Logrippo, R. J. A. Buhr, and T. Gray.
Use Case Maps for the Capture and Validation of Distributed Systems Requirements.
In Fourth IEEE International Symposium on Requirements Engineering (RE'99), pp. 44-53.
June 1999.
Abstract:
Functional scenarios describing system views, uses, or services are a common way of capturing requirements of distributed systems. However, integrating individual scenarios in different ways may result in different kinds of unexpected or undesirable interactions. We present an innovative approach based on the combined use of two notations. The first one is a recent visual notation for causal scenarios called use case maps (UCMs), which is used to capture and integrate the requirements. Integrating UCMs together helps avoiding many interactions before any prototype is generated. The second notation is the formal specification language LOTOS. UCM scenarios are translated into high-level LOTOS specifications, which can be used to validate the requirements formally through numerous techniques, including functional testing based on UCMs. LOTOS possesses powerful testing concepts and tools that we use for the detection of remaining undesirable interactions. To illustrate these concepts, we use a simple connection example and results from the capture and the validation of several telephony features from the First Feature Interaction Contest.
- Amyot2003-iurn
- Daniel Amyot.
Introduction to the User Requirements Notation: learning by example.
Computer Networks, 42(3):285-301, 2003.
Keywords:
Goals; GRL; ITU-T languages; Requirements engineering; Scenarios; UCM; User requirements notation
Abstract:
Recognizing the need for a notation that would be used in the very first and often informal stages of the development cycle, the International Telecommunication Union (ITU-T) initiated a question on a User Requirements Notation (URN), which will be standardized as the Z.150 series of Recommendations. URN supports the development, description, and analysis of requirements for telecommunications systems and services, as well as for other types of complex reactive, distributed, and dynamic systems. Through a wireless telephony example, this paper gives an overview of the core elements and typical usage of the two complementary notations comprised in URN. The Goal-oriented Requirement Language (GRL) is used to describe business goals, non-functional requirements, alternatives, and rationales, whereas Use Case Map (UCM) enables the description of functional requirements as causal scenarios. This paper also briefly explores methodology elements and the complementarity between URN and the existing ITU-T languages.
- Anda+Sjoberg+Jorgensen2001-quuc
- Bente Anda, Dag I. K. Sjøberg, and Magne Jørgensen.
Quality and Understandability of Use Case Models.
In ECOOP '01: Proceedings of the 15th European Conference on Object-Oriented Programming, pp. 402-428.
2001.
Abstract:
Use case models are used in object-oriented analysis for capturing and describing the functional requirements of a system. Use case models are also used in communication between stakeholders in development projects. It is therefore important that the use case models are constructed in such a way that they support the development process and promote a good understanding of the requirements among the stakeholders. Despite this, there are few guidelines on how to construct use case models.
This paper describes an explorative study where three different sets of guidelines were used for constructing and documenting use case models. An experiment with 139 undergraduate students divided into 31 groups was conducted. Each group used one out of the three sets of guidelines when constructing a use case model from an informal requirements specification. After completing the use case model, each student answered a questionnaire.
The results of the experiment indicate that guidelines based on templates support the construction of use case models that are easier to understand for the readers, than guidelines without specific details on how to document each use case. The guidelines based on templates were also considered as the most useful when constructing use cases. In addition to better understandability, our experiment indicates that the guidelines based on templates result in better use case models regarding also other quality attributes. Our results further indicate that it may be beneficial to combine the template guidelines with another set of guidelines that focus on the documentation of the flow of events of each use case.
- Anderberg1973-caa
- Michael R. Anderberg. Cluster analysis for applications.
Academic Press, New York, 1973.
- Anderson+Bradley+Brinko1997-ucbr
- Ed Anderson, Mike Bradley, and Rosemary Brinko.
Use case and business rules: styles of documenting business rules in use cases.
In OOPSLA '97: Addendum to the 1997 ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications (Addendum), pp. 85-87.
1997.
- Anderson+Durney1993-usdd
- J. S. Anderson and B. Durney.
Using scenarios in deficiency-driven requirements engineering.
In IEEE International Symposium on Requirements Requirements Engineering (RE'93), pp. 134-141.
Jan. 1993.
Abstract:
A process is described for generating and validating specifications, together with an automated tool which supports this approach. The input to the process is a set of client objectives, expressed as transitions between states. These transitions fall into two classes: those which should be supported, and those which should be prevented. The output is a specification of a target artifact, expressed as a set of capabilities. A valid specification is a set of artifact capabilities that can be used to achieve all desired transitions but cannot be used to achieve any undesirable transitions. An automated system is used for reasoning about scenarios (sequences of actions) to generate and evaluate specifications. Scenarios are employed to identify missing capabilities that would enable artifact users to achieve their goals, and to determine whether a particular capability set will allow prohibited transitions.
- Andrea2004-pmcw
- Jennitta Andrea.
Putting a Motor on the Canoo WebTest Acceptance Testing Framework.
In Eckstein, Jutta and Baumeister, Hubert, editors, Extreme Programming and Agile Processes in Software Engineering: 5th International Conference, XP 2004, pp. 20-28.
June 2004.
Keywords:
Automated testing, Canoo WebTest, framework extension, test automation patterns, testing strategy, user acceptance testing
Abstract:
User acceptance testing is finally getting the attention and tool support it deserves. It is imperative that acceptance tests follow the best practices and embody the critical success factors that have been established over the years for automated unit testing. However, it is often challenging for acceptance tests to be repeatable, readable, and maintainable due to the nature of the tests and the tools currently available for automation. The key contributions this paper makes to the agile community are: first, it provides concrete examples of applying test automation patterns to user acceptance testing, and secondly it provides a description of various extensions to the WebTest acceptance testing framework that facilitate developing automated acceptance tests according to these established best practices.
- Andreou2003-psqt
- Andreas S. Andreou.
Promoting software quality through a human, social and organisational requirements elicitation process.
Requirements Engineering, 8(2):85-101, 2003.
Abstract:
Human, social and organisational (HSO) factors play a decisive role in software development in terms of determining functional and non-functional characteristics of software products. The significance of these factors is underlined by the need to produce applications that fit nicely in a working setting, supporting the working procedures followed and promoting users' content and productivity. In this context, a new requirements elicitation process is proposed, a part of which utilises a short-scale ethnography analysis. The process introduces specific steps for recording HSO factors based on certain software quality characteristics that are treated as principal components for conducting requirements identification. The output of the process is the HSO document, which can be used in conjunction with the classic requirements document to identify structural and functional aspects of the system.
- Andrews+Li+Menzies2007-ntlg
- James H. Andrews, Felix C. H. Li, and Tim Menzies.
Nighthawk: a two-level genetic-random unit test data generator.
In 22nd International Conference on Automated Software Engineering (ASE 2007), pp. 144-153.
Nov. 2007.
Abstract:
Randomized testing has been shown to be an effective method for testing software units. However, the thoroughness of randomized unit testing varies widely according to the settings of certain parameters, such as the relative frequencies with which methods are called. In this paper, we describe a system which uses agenetic algorithm to find parameters for randomized unit testing that optimize test coverage. We compare our coverage results to previous work, and report on case studies and experiments on system options
- Andriole1989-spna
- Stephen J. Andriole. Storyboard Prototyping: A new approach to user requirements analysis.
QED Information Sciences, 1989.
- Angelsmark+Jonsson2000-sods
- Ola Angelsmark and Peter Jonsson.
Some Observations on Durations, Scheduling and Allen's Algebra.
In CP '02: Proceedings of the 6th International Conference on Principles and Practice of Constraint Programming, pp. 484-488.
Springer-Verlag, 2000.
Abstract:
Representing and reasoning about time has for a long time been acknowledged as one of the core areas of artificial intelligence and a large number of formalisms for temporal constraint reasoning (TCR) have been proposed in the literature. Important examples are the time point algebra [16], Allen's algebra [1], simple temporal constraints [5] and the qualitative algebra [12]. These formalisms are almost exclusively dealing with the relative positions of time points (qualitative information) and/or the absolute position of time points on the time line (quantitative or metric information).
- Anger+Rodriguez1996-lsti
- Frank D. Anger and Rita V. Rodríguez.
Lattice structure of temporal interval relations.
Applied Intelligence, 6(1):29-38, 1996.
Keywords:
branching time; constraint propagation; lattices; relativistic time; temporal intervals; temporal reasoning; time
Abstract:
Due to increasing interest in representation of temporal knowledge, automation of temporal reasoning, and analysis of distributed systems, literally dozens of temporal models have been proposed and explored during the last decade. Interval-based temporal models are especially appealing when reasoning about events with temporal extent but pose special problems when deducing possible relationships among events. The paper delves deeply into the structure of the set of atomic relations in a class of temporal interval models assumed to satisfy density and homogeneity properties. An order structure is imposed on the atomic relations of a given model allowing the characterization of the compositions of atomic relations (or even lattice intervals) as lattice intervals. By allowing the utilization of lattice intervals rather than individual relations, this apparently abstract result explicitly leads to a concrete approach which speeds up constraint propagation algorithms.
- Anonymous1998-e
- Anonymous.
Everyman.
In Halsall, Paul, editor, Internet Medieval Source Book, pp. .
1998.
- Antkiewicz+Bartolomei+Czarnecki2007-aefs
- Michal Antkiewicz, Thiago Tonelli Bartolomei, and Krzysztof Czarnecki.
Automatic extraction of framework-specific models from framework-based application code.
In 22nd International Conference on Automated Software Engineering (ASE 2007), pp. 214-223.
Nov. 2007.
Abstract:
Framework-specific models represent the design of pplicationcode from the framework viewpoint by showing how framework-provided concepts are implemented in the code. In this paper, we describe an experimental study of the static analyses necessary to automatically retrieve such models from application code. We reverse engineer a number of applications based on three open-source frameworks and evaluate the quality of the retrieved models. The models are expressed using framework-specific modeling languages(FSMLs), each designed for one of the open-source frameworks. For reverse engineering, we use prototype implementations of the three FSMLs. Our results show that for the considered frameworks rather simple code analysesare sufficient for automatically retrieving framework-specific models form a large body of application code with high precision and recall
- Anton+Bertino+2007-rcop
- Annie I. Ant\'on, Elisa Bertino, Ninghui Li, and Ting Yu.
A roadmap for comprehensive online privacy policy management.
Commun. ACM, 50(7):109-116, 2007.
Abstract:
Aframework supporting the privacy policy life cycle helps guide the kind of research to consider before sound privacy answers may be realized.
- Anton+Carter+2001-dguc
- Annie I. Antón, Ryan A. Carter, Aldo Dagnino, John H. Dempster, and Devon F. Siege.
Deriving Goals from a Use-Case Based Requirements Specification.
Requirements Engineering Journal, 6(1):63-73, 2001.
Abstract:
Use cases and scenarios have emerged as prominent analysis tools during requirements engineering activities due to both their richness and informality. In some instances, for example when a project's budget or schedule time is reduced at short notice, practitioners have been known to adopt a collection of use cases as a suitable substitute for a requirements specification. Given the challenges inherent in managing large collections of scenarios, this shortcut is cause for concern and deserves focused attention. We describe our experiences during a goal-driven requirements analysis effort for an electronic commerce application. In particular, we identify the specific risks incurred, focusing more on the challenges imposed due to traceability, inconsistent use of terminology, incompleteness and consistency, rather than on traditional software project management risks. We conclude by discussing the impact of the lessons learned for requirements engineering in the context of building quality systems during goal and scenario analysis.
- Anton+Dempster+Siege1999-mucd
- Annie I. Antón, John H. Dempster, and Devon F. Siege. Managing Use-Cases During Goal-Driven Requirements Engineering: Challenges Encountered and Lessons Learned.
TR-99-16. North Carolina State University, Department of Computer Science. 1999.
Abstract:
Use cases and scenarios have emerged as prominent analysis tools during requirements engineering activities due to both their richness and informality. In some instances, for example when a project”s budget or schedule time is reduced on short notice, practitioners have been known to adopt a collection of use cases as a suitable substitute for a requirements specification. Given the challenges inherent in managing large collections of scenarios, this shortcut is cause for concern and deserves focused attention. We discuss our experiences with a goal-driven analysis of a requirements specification for an electronic commerce application for a large international company. We describe scenario management within the context of this goal-driven requirements analysis effort. In particular, we identify the specific risks incurred, focusing more on the challenges imposed due to traceability, inconsistent use of terminology, incompleteness and consistency, rather than on traditional software project management risks. We conclude by discussing the impact of the lessons learned for requirements engineering in the context of building quality systems during goal and scenario analysis.
- Anton+Dempster+Siege2000-dguc
- Annie I. Antón, John H. Dempster, and Devon F. Siege.
Deriving goals from a use-case based requirements specification for an electronic commerce system.
In 6th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'00), pp. 10-19.
June 2000.
Abstract:
Use cases and scenarios have emerged as prominent analysis tools during requirements engineering activities due to both their richness and informality. In some instances, for example when a project's budget or schedule time is reduced on short notice, practitioners have been known to adopt a collection of use cases as a suitable substitute for a requirements specification. This shortcut is cause for concern and deserves focused attention. We describe our experiences during a goal-driven requirements analysis effort for an electronic commerce application. In particular, we identify the specific risks incurred, focusing more on the challenges imposed due to traceability, inconsistent use of terminology, incompleteness and consistency, rather than on traditional software project management risks. We conclude by discussing the impact of the lessons learned for requirements engineering in the context of building quality systems.
- Anton+Earp+2001-rpsp
- Annie I. Antón, Julia B. Earp, Colin Potts, and Thomas A. Alspaugh.
The Role of Policy and Stakeholder Privacy Values in Requirements Engineering.
In Fifth IEEE International Symposium on Requirements Engineering (RE'01), pp. 138-145.
Aug. 2001.
Abstract:
Diverse uses of information technology (IT) in organizations affect privacy. Developers of electronic commerce, database management, security mechanisms, telecommunication and collaborative systems should be aware of these effects and acknowledge the need for early privacy planning during the requirements definition activity. Public concerns about the collection of personal information by consumer-based Web sites have led most organizations running such sites to establish and publish privacy policies. However, these policies often fail to align with prevalent societal values on one hand and the operational functioning of web-based applications on the other. Assuming that such misalignments stem from imperfect appreciation of consequences and not an intent to deceive, we discuss concepts, tools and techniques to help requirements engineers and IT policy makers bring policies and system requirements into better alignment. Our objective is to encourage RE researchers and practitioners to adopt a more holistic view of application and system specification, in which a system or application is seen as an engine of policy enforcement and values attainment.
- Anton+Earp+Carter2003-piba
- Annie I. Antón, Julia B. Earp, and Ryan A. Carter.
Precluding incongruous behavior by aligning software requirements with security and privacy policies.
Information and Software Technology, 45(14):967-977, 2003.
Keywords:
Privacy policy; Security policy; Requirements alignment
Abstract:
Keeping sensitive information secure is increasingly important in e-commerce and web-based applications in which personally identifiable information is electronically transmitted and disseminated. This paper discusses techniques to aid in aligning security and privacy policies with system requirements. Early conflict identification between requirements and policies enables analysts to prevent incongruous behavior, misalignments and unfulfilled requirements, ensuring that security and privacy are built in rather than added on as an afterthought. Validated techniques to identify conflicts between system requirements and the governing security and privacy policies are presented. The techniques are generalizable to other domains, in which systems contain sensitive information.
- Anton+Earp2001-sdpr
- Annie I. Antón and Julia B. Earp.
Strategies for Developing Policies and Requirements for Secure E-Commerce Systems.
In Ghosh, A. K., editor, Recent Advances in E-Commerce Security and Privacy, pp. 29-46.
Kluwer 2001.
- Anton+Earp2001-twsp
- Annie I. Antón and Julia B. Earp. A Taxonomy for Web Site Privacy Requirements.
Technical Report TR-2001-14. North Carolina State University. Dec. 2001.
Abstract:
Privacy has recently become a prominent issue in the context of electronic commerce Web sites. Increasingly, privacy policies posted on such Web sites are receiving considerable attention from the government and consumers. In this paper we present a taxonomy for Web site privacy requirements. We have used goal-mining, the extraction of pre-requirements goals from post-requirements text artifacts, as a technique for analyzing privacy policies. The identified goals are useful for analyzing implicit internal conflicts within privacy policies and conflicts with the corresponding web sites and their manner of operation. These goals can also be used to reconstruct the implicit requirements met by the privacy policies. We present the results of our analysis of 23 Internet privacy policies for companies in three health care industries: pharmaceutical, health insurance and online drugstores.
- Anton+Earp2004-rtrw
- A. I. Antón and J. B. Earp.
A requirements taxonomy for reducing Web site privacy vulnerabilities.
Requir. Eng., 9(3):169-185, 2004.
Abstract:
The increasing use of personal information on Web-based applications can result in unexpected disclosures. Consumers often have only the stated Web site policies as a guide to how their information is used, and thus on which to base their browsing and transaction decisions. However, each policy is different, and it is difficult—if not impossible—for the average user to compare and comprehend these policies. This paper presents a taxonomy of privacy requirements for Web sites. Using goal-mining, the extraction of pre-requirements goals from post-requirements text artefacts, we analysed an initial set of Internet privacy policies to develop the taxonomy. This taxonomy was then validated during a second goal extraction exercise, involving privacy policies from a range of health care related Web sites. This validation effort enabled further refinement to the taxonomy, culminating in two classes of privacy requirements: protection goals and vulnerabilities. Protection goals express the desired protection of consumer privacy rights, whereas vulnerabilities describe requirements that potentially threaten consumer privacy. The identified taxonomy categories are useful for analysing implicit internal conflicts within privacy policies, the corresponding Web sites, and their manner of operation. These categories can be used by Web site designers to reduce Web site privacy vulnerabilities and ensure that their stated and actual policies are consistent with each other. The same categories can be used by customers to evaluate and understand policies and their limitations. Additionally, the policies have potential use by third-party evaluators of site policies and conflicts.
- Anton+Eart+2007-hews
- Annie I. Anton, Julia B. Eart, Matthew W. Vail, Neha Jain, Carrie M. Gheen, and Jack M. Frink.
HIPAA's Effect on Web Site Privacy Policies.
IEEE Security and Privacy, 5(1):45-52, 2007.
Abstract:
Healthcare institutions typically post their privacy practices online as privacy policy documents. A study of nine institutions with Web sites shows that since the introduction of the 1996 Health Information and Portability Accountability Act (HIPAA), privacy policies are more descriptive but haven't necessarily improved online privacy practices.
- Anton+Gale+1993-obrm
- A. I. Antón, T. A. Gale, W. M. McCracken, and J. J. Shilling.
Object based requirements modelling for process continuity.
In Proceedings of the Twenty-Sixth Hawaii International Conference on System Sciences, pp. 191-202.
Jan. 1993.
Abstract:
The reengineering of information systems and business processes that occurs during enterprise analysis demands a robust, rigorous, and expressive technique for modeling elicited system requirements. The requirements models must also be easily understood by end users. A hybrid object based modeling technique is presented to support progressive formalization of requirements models with minimal transformations. The technique strives to impose consistency and coherence on the modeling process, yielding a higher level of process continuity, enhancing end-user comprehension, and facilitating communication between analysis and end users.
- Anton+Liang+Rodenstein1996-wbra
- A. Antón, E. Liang, and R. Rodenstein.
A web-based requirements analysis tool.
In 5th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 238-243.
June 1996.
Abstract:
The Goal Based Requirements Analysis Tool (GBRAT) is designed to support goal based requirements analysis. We discuss the GBRAT prototype which provides procedural support for the identification, elaboration, refinement and organization of goals to specify the requirements for software based information systems. GBRAT employs interactive Web browser technology to support the collaborative nature of requirements engineering. We illustrate the features of the tool and close the paper with a discussion of future anticipated research
- Anton+McCracken+Potts1994-gdsa
- Annie I. Antón, Michael McCracken, and Colin Potts.
Goal decomposition and scenario analysis in business process reengineering.
In Proceedings of the 6th International Conference on Advanced Information Systems Engineering (CAiSE'94), pp. 94-104.
1994.
- Anton+Potts1998-rfss
- A. I. Antón and C. Potts.
A Representational Framework for Scenarios of System Use.
Requirements Engineering Journal, 3(3-4):219-241, Dec., 1998.
Keywords:
Design representations; Requirements engineering; Scenarios
Abstract:
Scenarios are becoming widely used in three areas of system development: software engineering, human- computer interaction (HCI), and organisational process design. There are many reasons to use scenarios during system design. The one usually advanced in support of the practice is to aid the processes of validating the developers' understanding of the customers' or users' work practices, organisational goals and structures, and system requirements. All three areas identified above deal with these processes, and not surprisingly this has given rise to a profusion of scenario-based practices and representations. Yet there has been little analysis of why scenarios should be useful, let alone whether they are. Only by having such a framework for understanding what scenarios are, and what they are for, can we begin to evaluate different scenario approaches in specific development contexts. This paper is a contribution toward such a framework. We lay out a space of representational possibilities for scenarios and enumerate a set of values or criteria that are important for different uses of scenarios. We then summarise several salient representations drawn from the software engineering, HCI, and organisational process design communities to clarify how these representational choices contribute to or detract from the goals of the respective practices. Finally, we discuss how scenario representations from one area of design may be useful in others, and we discuss the relationship between these representations and other significant early-design and requirements engineering practices.
