Aleksander Jarzębowicz

Trust case: justifying trust in an IT solution

In the paper we present an approach to the trust case development for DRIVE, the IT infrastructure supporting the processes of drugs distribution and application. The objectives of DRIVE included safer and cheaper drugs distribution and application. The trust case represents an argument supporting the trustworthiness of the DRIVE solution. It is decomposed into claims that postulate some trust related properties. Claims differ concerning their abstraction level and scope. To express a claim we need a language and a conceptual model. We used the Unified Modeling Language (UML) to represent claim models and the related context models of the trust case. To specify claims we introduced Claim Definition Language - CDL. The paper gives a detailed description of the above concepts and illustrates how they were applied in practice.

An Approach to Trust Case Development

In the paper we present an approach to the architectural trust case development for DRIVE, the IT infrastructure supporting the processes of drugs distribution and application. The objectives of DRIVE included safer and cheaper drugs distribution and application. A trust case represents an argument supporting the trustworthiness of the system. It is decomposed into claims that postulate some trust related properties. Claims differ concerning their abstraction level and scope. To express a claim we need a language and a conceptual model. We used UML to represent claim models and related context models of the trust case. To specify claims we introduced Claim Definition Language – CDL. The paper gives a deeper description of the above concepts and illustrates how they were applied in practice.

Supporting assurance by evidence-based argument services

Structured arguments based on evidence are used in many domains, including systems engineering, quality assurance and standards conformance. Development, maintenance and assessment of such arguments is addressed by TRUST-IT methodology outlined in this paper. The effective usage of TRUST-IT requires an adequate tool support. We present a platform of software services, called NOR-STA, available in the Internet, supporting key activities related to argument editing, communication and assessment and demonstrate an example of its application based on real case study focusing on analyzing safety of an innovative IT system.

An Industrial Survey on Business Analysis Problems and Solutions

The paper focuses on the problems reported by business analysts which have a negative impact on their work and on the applicability of available business analysis (BA) techniques as solutions to such problems. A unified set of BA techniques was developed on the basis of 3 industrial standards associated with IIBA, REQB and IREB certification schemes. A group of 8 business analysts was surveyed to list problems they encounter in their work activities and assess their frequency. A subset of most frequent problems was further analyzed and solutions were proposed by selecting the most suitable BA techniques. Solution proposals were validated through follow-up discussions with business analysts. The results indicate that the unified set of techniques addresses the problems reported by practitioners and solution proposals are generally accepted as valid, although several techniques can be used interchangeably.

Towards Safety Case Integration with Hazard Analysis for Medical Devices

Safety case is one of system safety lifecycle products and should be consistent with other lifecycle products like hazard analysis results. In this paper we present a method of safety case integration with hazard tables based on the use of parametrized argument patterns. We describe a hazard table metamodel, a safety argument pattern and a mechanism of pattern instantiation using a linking table which represents references to system lifecycle artefacts. We report and comment results of a feasibility study of pattern application for medical device hazard analysis. Finally we discuss the opportunities of applying such solution to safety case development and maintenance and the perspectives of further development of this approach.

Tool support for detecting defects in object-oriented models

Object-oriented models are commonly used in software projects. They may be affected, however, by various defects introduced easily due to e.g. wrong understanding of modelled reality, making wrong assumptions or editorial mistakes. The defects should be identified and corrected as early as possible, preferably before the model is used as the basis for the subsequent representations of the system. To assure the effectiveness of the defect detection process we need both, better analysis methods and effective tool support. The paper introduces a new analytical method called UML-HAZOP and presents a tool supporting the application of this method.

Assurance Case Patterns On-line Catalogue

Assurance case is an evidence-based argument demonstrating that a given property of a system (e.g. safety, security) is assured. Assurance cases are developed for high integrity systems, as in many industry domains such argument is explicitly required by regulations. Despite the fact that each assurance case is unique, several reusable argument patterns have been identified and published. This paper reports work on development of an on-line assurance case patterns catalogue available in NOR-STA web-based software tool. This work included an extensive literature search, critical evaluation of available patterns and selection of most relevant ones, finally translation of selected patterns to their target representation. The paper also describes a validation case study in which an assurance case for medical devices was reviewed and restructured by introducing patterns. The resulting catalogue was published and its 45 patterns can be directly used in assurance cases built using NOR-STA tool.

A Survey on Identifying and Addressing Business Analysis Problems

Abstract Despite the growing body of knowledge on requirements engineering and business analysis, these areas of software project are still considered problematic. The paper focuses on problems reported by business analysts and on applicability of available business analysis techniques as solutions to such problems. A unified set of techniques was developed on the basis of 3 industrial standards associated with IIBA, REQB and IREB certification schemes. A group of 8 business analysts was surveyed to list problems they encounter in their work and to assess their frequency. Selected problems were further analyzed and most suitable techniques were proposed to address them. These proposals were validated through follow-up discussions with business analysts. The main results of research reported in this paper are: the comparative analysis of techniques included in IIBA, REQB and IREB standards and the list of problems reported by practitioners associated with techniques suggested as effective solutions.

Comparative Conformance Cases for Monitoring Multiple Implementations of Critical Requirements

The paper presents the concept and the mechanism of comparative conformance cases which support conformance monitoring in situations where a standard or other set of requirements are being implemented at multiple sites. The mechanism is enabled by NOR-STA services which implement the TRUST-IT methodology and are deployed in the cloud in accordance with the SaaS model. In the paper we introduce the concept of comparative conformance cases, explain the software services used to implement them and present a case study of monitoring the implementation of the EC Regulation No. 994/2010, related to risk management of gas supply infrastructures across Europe.

A Survey Investigating the Influence of Business Analysis Techniques on Software Quality Characteristics

Business analysis is recognized as one of the most important areas determining the outcome (success or failure) of a software project. In this paper we explore this subject further by investigating the potential impact of techniques applied in business analysis on essential software quality characteristics. We conducted a literature search for software quality models, analyzed the existing models and selected a subset of commonly recognized quality characteristics. Also, we identified a representative set of recommended state-of-the-art business analysis techniques. These two sets provided the basis for questionnaire survey and interviews. We conducted a survey involving 20 industry professionals, followed up by 2 interviews with experienced business analysts to discuss and interpret survey results. The main outcome are recommendations regarding techniques to be used in software project for a given quality characteristic considered essential.