|
Requirements Engineering Research at the University of Toronto |
|
Early RE Seminars
Requirements-driven approaches to Software and Systems Engineering
|
Hosts
Prof. Eric Yu, Faculty of Information Studies
Prof. Steve Easterbrook, Dept. of Computer Science
|
Upcoming seminars |
Jennifer Horkoff,Golnaz Elahi, Samer Abdulhadi, Eric Yu
Presenter:
Jennifer Horkoff
AbstractConceptual modeling notations are often designed without the benefit of empirical input. Reflective analysis of modeling languages can help find the gap between the intended design of the language and its use in practice. In this paper, we study instances of the i* goal and agent-oriented Framework to analyze differences between the core i* syntax developed at the University of Toronto and existing variations. We have surveyed 15 student assignments and 15 academic papers and presentations in order to capture and analyze the most common i* syntax variations. Through this analysis we offer insights into i* syntax and suggestions to improve the framework and increase consistency between models.
|
Past Events |
|
|
Nan Niu and Steve Easterbrook
Presenter:
Nan Niu
Abstract
We introduce an extractive approach to building a product lines requirements assets. We define the functional requirements profiles (FRPs) according to the linguistic characterization of a domain's action-oriented concerns, and show that FRPs can be extracted from a document based on domain-aware lexical affinities that bear a 'verb-direct object' relation.
http://www.cs.toronto.edu/~nn/papers/RE08.pdf
|
|
Tuesday July 22, 2008 12noon - 1:30pm BA3234
Trade-off Analysis of Identity Management Systems
|
AbstractInternet users interact with multiple Web Service Providers (WSP), and therefore, must remember and manage multiple passwords. Users try to overcome the burden of password management by employing insecure solutions such as reusing the same password with several WSP. Identity management systems provide a solution for such problems. The common “assertion-based” Identity Management systems require a strong trust in the Identity Provider (IdP), which has the power to impersonate any of its users. However, such trust is unlikely to materialize in the global Internet setting. This paper uses a goal-oriented approach for analyzing trust trade-offs of Identity Management systems in the global Internet scenario. We analyze a new proposal for a global Identity Management system named SlashID. SlashID takes advantage of client-side cryptography to eliminate the required trust relationship between the IdP and end users. We analyze and compare the impact of trust trade-offs of the SlashID solutionhttp://www.cs.toronto.edu/~gelahi/ . |
Jose Norberto Mazón and Juan Carlos Trujillo,
University of Alicante, Spain
Presenter:
Jose Norberto Mazón
AbstractDeveloping a multidimensional (MD) model of a data warehouse (DW) is a highly complex, prone to fail, and time consuming task, due to the fact that (i) the information needs of decision makers and the available operational data sources that will populate the DW must both be considered in a conceptual MD model, and (ii) complex mappings must be performed to obtain an implementation of this conceptual MD model. Therefore, one key issue is considering an explicit development phase in which information requirements of decision makers are addressed. Our proposal is based on using the i* modeling framework together with the Model Driven Architecture (MDA) for the development of a hybrid MD model at the conceptual level and for the automatic derivation of its logical representation. Finally, an Eclipse-based tool has been implemented as a proof of concept of our research.
|
Marsha Chechik, University of Toronto
Abstract
This is a talk given at a Cloud Computing Day at IBM in June. The idea is to show the relationship between model-driven development and the other side of the project, dealing with virtualization and runtime adaptation. We also show how creating and maintaining relationships between software artifacts (requirements, design, code) is useful for facilitating change management at all levels. We are using Trade 6 (a simple online brokerage system) as an example for our approach.
|
Zinovy Diskin
AbstractAssociation between classes is a central construct in OO modeling. However, precise semantics of associations has not been defined, and only the most basic types are implemented in modern forward and reverse engineering tools. In this paper, we present a novel mathematical framework and build a precise semantics for several association constructs, whose implementation has been considered problematic. We also identify a number of patterns for using associations in practical applications, which cannot be modeled (reverse engineered) in UML |
Arbi Ghazaria
AbstractObtaining an accurate characterization of pre-release changes, especially those related to fault corrections, can give indications for the quality of the software development process and its product. The resulting indications can then be leveraged to identify areas for quality improvement within development organizations. Towards this objective, we studied the evolution of source code modules in a large industrial enterprise resource planning system spanning a time period of over two years from initial creation to release. In this paper, we describe the process used in our case study, and present the frequency distributions of pre-release changes and faults along with lessons learned from the case study. Overall, we found that (a) only 22% of pre-release changes contribute new functionality to the system under development; the remaining majority of pre-release changes are either fault corrections or code clean-ups (b) over 72% of pre-release faults are propagated from upper-stream requirements and design activities (c) fault classes that are the target of most fault detection tools have a low frequency. |
Jordi Cabot
University of Toronto
Luiz Marcio Cysneiros
School of Information Technology
York University
AbstractNon-Functional Requirements (NFR) are subjective, interactive and relative, thus realizing the need for a particular NFR is by itself a challenge. Understanding what the software must implement in order to cope with these needs may prove to be an even more challenging task. The same NFR may call for different solutions in different domains. Even in the same domain two different companies may require different solutions for the same NFR. One way of addressing the need for helping NFR elicitation is to use catalogues. However, it is not clear how effective it is to use them. This work investigates it through an empirical study where different teams will model the same problem. We experimented for two different modeling techniques, i* Framework and UML. For each technique three teams used catalogues with a systematic method, another three teams used catalogs in an ad hoc manner and yet another three teams did not use catalogues. We show at the end of this work that results suggest that using catalogues help NFR elicitation. |
2 School of Information Technology
York University
Abstract
Softgoal Interdependency Graphs (SIG) is a powerful technique for recording design decision and design rationale . However, its graph-based notation can be quite complex and even unreadable when the design process has recorded many alternatives and/or a well-documented rationale. This problem becomes worse if software architects need to compare two or more SIG when they want to reuse architecture decisions from other projects. This article proposes an ontology-based tool to record architecture decisions and rationale, keeping the SIG model semantics, but improving the capabilities for rationale exploration and comparison. Each SIG is translated to a named graph which contains instances of the ontology in TRIX and OWL format. Additional semantic web technologies as SPARQL and TRIQL are used to recover the original SIG together with related or similar stored solutions (for example, models addressing the same quality attributes). Finally, our work allows software architects to explore specific rationale details for each solution and highlight key differences among similar solutions. The proposed tool facilitates software architects to focus on design decisions as well as the rationale behind them improving their ability to make decisions about possible reuse.
|
AbstractThe world in which we live today can be more and more described as a myriad of distributed and interconnected nodes. This “new brave world” brings along new dimensions of complexity, which are due to its uncertainness, unpredictability, openness, and dynamicity. The problem is how to design systems that work effectively in the modern environment, where computing is pervasive, people interact with technology existing in a variety of networks, and under a range of policies and constraints imposed by the institutions and social structures that we live in. To design systems for the distributed world, we first need to conceptualise and model their complicated environment, where many parts, both social and technical, interact. This can be done in terms of goals, roles, and domain entities.In our research projects, the analysis and requirements engineering for a problem domain has consisted of goal, role, and domain modelling. We start distributed systems engineering by hierarchical modelling of goals for the problem domain. This is followed by identifying the roles required for achieving the goals. After that the knowledge to be handled within the problem domain is modelled in terms of domain entities. The resulting analysis models can be linked to design models – interaction, behaviour, and information models – created by applying alternative agent-oriented methodologies. The design models can then be complemented by platform-dependent models and implemented on various agent platforms. The seminar talk is illustrated by models developed in several industry-oriented research projects devoted to business process automation, smart home, and air traffic control. Biography Kuldar Taveter (PhD, Eng.) is a Research Fellow at the University of Melbourne, Australia. Before this, he was working as a Research Scientist for VTT Information Technology (Technical Research Centre of Finland) which acts as a mediator between academy and industry. His research interests are agent-oriented requirements analysis and design, business process modelling, simulation, and automation, and ontologies. At the University of Melbourne, Kuldar is working in the areas of agent-oriented software engineering, agent-based business process simulation and optimization (in cooperation with industry), and ontology reconciliation. . |
AbstractAgent and goal orientation are used in modeling and analysis of various security aspects such as security requirements, malicious behavior, and trust issues. Agent- and goal-oriented models express the distributed intentionality, but are not expressive enough to capture the temporal aspects of the security protocols and cryptographic operations. On the other hand, UML sequence diagrams, extended with formal description notations, are able to express the details of message exchanges and actions that interacting parties perform in a timely ordered fashion. However, sequence diagrams do not capture the goals of actions: why a message is sent to a party, why it is encrypted, or why it is not, what is the impact of each step on potential attacks and other goals such as privacy. This paper suggests modeling protocols' sequence diagrams with i* goal-oriented models together to improve the expressiveness of the combined views of security protocols. We propose a mapping between modeling elements of i* goal models and UML sequence diagrams. The integration method and combined modeling approach are illustrated using examples of SlashID protocol. |
AbstractModern software systems are characterized by high complexity, adaptivity to unpredicted circumstances, and increasingly dynamic behaviors. Nevertheless, most existing software exploits ad-hoc approaches to enact self-reconfiguration. There is hence a manifest need of an engineering approach to build self-reconfiguring systems. AI provides effective approaches to face the different aspects of software reconfiguration, such as the BDI agents paradigm, intention reconsideration mechanisms, and planning techniques. This talk examines some important challenges in building of self-reconfiguring software, and proposes the joint use of goal-oriented software engineering and AI techniques to face them, emphasizing the benefits and limits of variants of this solution.Presenter homepage: http://disi.unitn.it/~dalpiaz/ |
AbstractThis is a talk I gave to the IFIP 2.9 Working Group on Requirements Engineering in February. It's intended to provoke discussion on how requirements engineering research (and perhaps SE research in general) might have a contribution to make to the challenge of global climate change. The talk comes in two parts:In the first part, I'll talk about how we might help climate scientists with their large scale computational models. A coupled climate model typically includes simluations of the atmosphere, ocean circulation, sea ice, biomass, clouds, and other earth subsystems. Climate scientists build and integrate these models directly in Fortran, and test them against observed climate data, from both historical and paleontological records. Leading climate models are now as large as a million lines of Fortran, of which up to one third might be altered each year, as the models are improved and extended. Managing an evolving code base this large takes a great deal of effort, and software productivity is beginning to eclipse computational power as the main constraint on further scientific progress. I will speculate wildly on how ideas from requirements engineering might help with validation of these models. In the second part, I will discuss how ideas from requirements engineering might be used to assess policy responses to climate change. In particular, problem analysis techniques geared to investigating complex, multi-stakeholder socio-technical problems seem to offer interesting insights into the choices of solutions for reducing emissions of greenhouse gases, and mitigating the effects. Again, I will speculate wildly on how RE modeling and analysis techniques might help. |
| Research in Requirements Engineering has turned to the use of intentional models, such as those created by the i* Framework, to represent stakeholder goals, design alternatives, and their interactions in system design. Deriving the full benefits of i* models requires analysis and iteration beyond initial construction. This exploratory work uses a simple example to describe a procedure which allows backwards (top-down), qualitative, interactive analysis of i* models using SAT solving techniques. This approach expands on work in goal model reasoning, expressing i* models and qualitative evaluation values as a SAT problem. |
AbstractWeb accessibility guidelines have textual representation and provide little support in systematic analysis and usage. The study hypothesizes that the guidelines can be reorganized and represented using the goal oriented technique and design patterns which will allow their usage in a more systematic manner and accommodate detailed analysis of the guidelines with other competing goals. For this study, knowledge from web designers’ experiences in using the guidelines, researchers’ findings, and the actual guidelines have been amalgamated. Six web designers have been consulted on a one-on-one basis and difficulties in using the guidelines for (1) specific scenarios, (2) systematic application, and (3) detailed systems analysis have been reported. Goal oriented modeling and design patterns have been introduced for (1) graphical representation of the guidelines using goal graphs, and (2) keeping the technical details separate from the goal graphs. The proposed representation allows for the accessibility guidelines to be systematically applied into interface design, and systems design using the goal oriented modeling technique. . |
|
Unlike their traditional computer-based cousins, socio-technical systems include in their architecture and operation organizational and human actors along with software ones. This introduces the need of considering the design of such systems as an integral part of the organizational and social structure development. Alternative requirements models have to be evaluated and selected from a social perspective finding a right trade-off between the technical and social dimension. In this talk, I will present a Tropos-based approach for requirements analysis, which adopts AI planning techniques for exploring the space of design alternatives and a number of social criteria for their evaluation.
The slides of the talk are available at http://dit.unitn.it/~bryl/Toronto_2007_27_11.ppt.
|
Presenter: Nicola Zannone
AbstractSecurity Requirements Engineering is an emerging field at the crossroads between Security and Software Engineering. Much research has focused on this field in the last years, spurred by the realization that security must be dealt with from the earliest phases of the software development process that cover a broader organizational perspective. Specifically, the development of secure and privacy-aware systems requires to explicitly model the goals and trust relations of stakeholders of the system which will be partially implemented by the IT system and partially by organizational procedures. Existing frameworks are often not expressive enough as they lack fundamental concepts needed in order to talk about security and privacy within an organization.This work addresses this problem. We present the SI* modeling language in order to deal with security, privacy and trust, and the Secure Tropos methodology for designing secure and privacy-aware software systems. The SI* modeling language proposes a set of concepts founded on the notions of permission, delegation, and trust. These concepts are formalized and are shown to support the requirements analysis process through a formal reasoning tool based on the Answer Set Programming paradigm. The Secure Tropos methodology adopts the SI* modeling language for the modeling of functional, security, privacy and trust requirements. The methodology assists system designers in securing their systems by providing them facilities for verifying the correctness of security, privacy, and trust requirements and their consistency with functional requirements and guidelines to identify appropriate protection mechanisms. |
AbstractRE research has produced many tools and techniques, but few have seen adoption---much less widespread adoption---in industry. One cause may be the lack of entry-level systems: when students first encounter RE, it seems like an awfully big hammer for their very small walnuts. This "seminar" will brainstorm meta-requirements and possible designs for a beginner's RE tool.(Note: I have to leave at 10:00 to teach; I really just want to get the discussion going among the grad students, in the hope that ideas will emerge in the coming weeks and months.) |
AbstractChanging requirements constitute one of the greatest risks for large software systems. The only way of keeping track of what the system should be doing is with reference to the customer requirements. However, this is rarely done for a variety of reasons. This talk proposes a formative design and analysis framework for modeling systems with an eye to post-implementation evolution and upgrade. The analysis toolkit is a modified version of i* and CWA, the Cognitive Work Analysis framework. Such a proposal ought to be evaluated for validity and usefulness. What is the nature of requirements change? Does the framework express the issues of interest? The latter portion of the talk focuses on a proposal to evaluate the toolkit longitudinally with respect to these questions. |
AbstractAbstract. Context-aware applications monitor changes in their operating environment and switch their behaviour to keep satisfying their requirements. Therefore, they must be equipped with the capability to detect variations in their operating context and to switch behaviour in response to such variations. However, specifying monitoring and switching in such applications can be difficult due to their dependence on varying contextual properties which need to be made explicit. In this talk, I will present our development on specifying monitoring/switching requirements, highlight the results of our ongoing project. I will also discuss its connection to the monitoring/diagnosing framework. |
| Abstract: In designing software systems, security is typically only one design objective among many. It may compete with other objectives such as functionality, usability, and performance. Too often, security mechanisms such as firewalls, access control, or encryption are adopted without explicit recognition of competing design objectives and their origins in stakeholder interests. Recently, there is increasing acknowledgement that security is ultimately about trade-offs. One can only aim for “good enough” security, given the competing demands from many parties. In this paper, we examine how conceptual modeling can provide explicit and systematic support for analyzing security trade-offs. After considering the desirable criteria for conceptual modeling methods, we examine several existing approaches for dealing with security trade-offs. From analyzing the limitations of existing methods, we propose an extension to the i* framework for security trade-off analysis, taking advantage of its multi-agent and goal orientation. The method was applied to several casestudies used to exemplify existing approaches. |
|
Abstract: The service-oriented architecture (SOA) has been emerging as one of the most popular system architectures in both the business and IT communities because of its capability in achieving flexibility, agility, and responsiveness to changing business needs. However, these values can only be delivered if the business needs and strategic concepts are properly analyzed and met by the technical solution. The study of business models, stimulated by innovations in e-business, has become an important step to support such analysis leading to technical system design. This thesis examines the business modeling and analysis needs arising from the business models literature, and considers the potential of the i* modeling framework [Yu97] in addressing those needs. A reference catalog approach is proposed to capture recurring business models and provide design rationales for service-oriented design. A sample reference catalog is provided. The effectiveness of the proposed approach is evaluated using a real-world case study.
|
| Abstract: Monitoring the satisfaction of software requirements and diagnosing what went wrong in case of failure is a hard problem that has received little attention in the Software and Requirement Engineering literature. To address this problem, we propose a framework adapted from artificial intelligence theories of action and diagnosis. Specifically, the framework monitors the satisfaction of software requirements and generates log data at a level of granularity that can be tuned adaptively at runtime depending on monitored feedback. When errors are found, the framework diagnoses the denial of the requirements and identifies problematic components. To support diagnostic reasoning, we transform the diagnostic problem into a propositional satisfiability (SAT) problem that can be solved by existing SAT solvers. We preprocess log data into a compact propositional encoding that better scales with problem size. The proposed theoretical framework has been implemented as a diagnosing component that will return sound and complete diagnoses accounting for observed aberrant system behaviors. Our solution is illustrated with two medium-sized publicly available case studies: a Web-based email client and an ATM simulation. Our experimental results demonstrate the feasibility of scaling our approach to medium-size software systems. |
Abstract<abstract text goes here. This is a "table" in html. ><links to your homepage, papers, if desired> . |