Fabiano Dalpiaz

A goal-based framework for contextual requirements modeling and analysis

Requirements engineering (RE) research often ignores or presumes a uniform nature of the context in which the system operates. This assumption is no longer valid in emerging computing paradigms, such as ambient, pervasive and ubiquitous computing, where it is essential to monitor and adapt to an inherently varying context. Besides influencing the software, context may influence stakeholders’ goals and their choices to meet them. In this paper, we propose a goal-oriented RE modeling and reasoning framework for systems operating in varying contexts. We introduce contextual goal models to relate goals and contexts; context analysis to refine contexts and identify ways to verify them; reasoning techniques to derive requirements reflecting the context and users priorities at runtime; and finally, design time reasoning techniques to derive requirements for a system to be developed at minimum cost and valid in all considered contexts. We illustrate and evaluate our approach through a case study about a museum-guide mobile information system.

Adaptive socio-technical systems: a requirements-based approach

A socio-technical system (STS) consists of an interplay of humans, organizations, and technical systems. STSs are heterogeneous, dynamic, unpredictable, and weakly controllable. Their operational environment changes unexpectedly, actors join and leave the system at will, actors fail to meet their objectives and under-perform, and dependencies on other actors are violated. To deal with such situations, we propose an architecture for STSs that makes an STS self-reconfigurable, i.e., capable of switching autonomously from one configuration to a better one. Our architecture performs a Monitor-Diagnose-Reconcile-Compensate cycle: it monitors actor behaviors and context changes, diagnoses failures and under-performance by checking whether monitored behavior is compliant with actors goals, finds a possible way to address the problem, and enacts compensation actions to reconcile actual and desired behavior. Compensation actions take into account the autonomy of participants in an STS, which cannot be controlled. Our architecture is requirements driven: we use extended Tropos goal models to diagnose failures as well as to identify alternative strategies to meet requirements. After presenting our conceptual architecture and the algorithms, it is founded upon; we describe a prototype implementation applied to a case study concerning smart-homes. We also provide experimental results that suggest that our architecture scales well as the size of the STS grows.

An Architecture for Requirements-Driven Self-reconfiguration

Self-reconfiguration is the capability of a system to autonomously switch from one configuration to a better one in response to failure or context change. There is growing demand for software systems able to self-reconfigure, and specifically systems that can fulfill their requirements in dynamic environments. We propose a conceptual architecture that provides systems with self-reconfiguration capabilities, enacting a model-based adaptation process based on requirements models. We describe the logical view on our architecture for self-reconfiguration, then we detail the main mechanisms to monitor for and diagnose failures. We present a case study where a self-reconfiguring system assists a patient perform daily tasks, such as getting breakfast, within her home. The challenge for the system is to fulfill its mission regardless of the context, also to compensate for failures caused by patient inaction or other omissions in the environment of the system.

Modeling and reasoning about service-oriented applications via goals and commitments

Service-oriented applications facilitate the exchange of business services among participants. Existing modeling approaches either apply at a lower of abstraction than required for such applications or fail to accommodate the autonomous and heterogeneous nature of the participants. We present a business-level conceptual model that addresses the above shortcomings. The model gives primacy to the participants in a service-oriented application. A key feature of the model is that it cleanly decouples the specification of an applications architecture from the specification of individual participants. We formalize the connection between the two--the reasoning that would help a participant decide if a specific application is suitable for his needs. We implement the reasoning in datalog and apply it to a case study involving car insurance.

Reasoning with contextual requirements: Detecting inconsistency and conflicts

Context: The environment in which the system operates, its context, is variable. The autonomous ability of a software to adapt to context has to be planned since the requirements analysis stage as a strong mutual influence between requirements and context does exist. On the one hand, context is a main factor to decide whether to activate a requirement, the applicable alternatives to meet an activated requirement as well as their qualities. On the other hand, the system actions to reach requirements could cause changes in the context. Objectives: Modelling the relationship between requirements and context is a complex task and developing error-free models is hard to achieve without an automated support. The main objective of this paper is to develop a set of automated analysis mechanisms to support the requirements engineers to detect and analyze modelling errors in contextual requirements models. Method: We study the analysis of the contextual goal model which is a requirements model that weaves together the variability of both context and requirements. Goal models are used during the early stages of software development and, thus, our analysis detects errors early in the development process. We develop two analysis mechanisms to detect two kinds of modelling errors. The first mechanism concerns the detection of inconsistent specification of contexts in a goal model. The second concerns the detection of conflicting context changes that arise as a consequence of the actions performed by the system to meet different requirements simultaneously. We support our analysis with a CASE tool and provide a systematic process that guides the construction and analysis of contextual goal models. We illustrate and evaluate our framework via a case study on a smart-home system for supporting the life of people having dementia problems. Results: The evaluation showed a significant ability of our analysis mechanisms to detect errors which were not notable by requirements engineers. Moreover, the evaluation showed acceptable performance of these mechanisms when processing up to medium-sized contextual goal models. The modelling constructs which we proposed as an input to enable the analysis were found easy to understand and capture. Conclusions: Our developed analysis for the detection of inconsistency and conflicts in contextual goal models is an essential step for the entire system correctness. It avoids us developing unusable and unwanted functionalities and functionalities which lead to conflicts when they operate together. Further research to improve our analysis to scale with large-sized models and to consider other kinds of errors is still needed.

Modeling and Verifying Security Policies in Business Processes

Modern information systems are large-sized and comprise multiple heterogeneous and autonomous components. Autonomy enables decentralization, but it also implies that components providers are free to change, retire, or introduce new components. This is a threat to security, and calls for a continuous verification process to ensure compliance with security policies. Existing verification frameworks either have limited expressiveness—thereby inhibiting the specification of real-world requirements—, or rely on formal languages that are hardly employable for modeling and verifying large systems. In this paper, we overcome the limitations of existing approaches by proposing a framework that enables: (1) specifying information systems in SecBPMN, a security-oriented extension of BPMN; (2) expressing security policies through SecBPMN-Q, a query language for representing security policies; and (3) verifying SecBPMN-Q against SecBPMN specifications via an implemented query engine. We report on the applicability of our approach via a case study about air traffic management.

A Goal Modeling Framework for Self-contextualizable Software

Self-contextualizability refers to the system ability to autonomously adapt its behaviour to context in order to maintain its objectives satisfied. In this paper, we propose a modeling framework to deal with self-contextualizability at the requirements level. We use Tropos goal models to express requirements; we provide constructs to analyse and represent context at each variation point of the goal model; and we exploit the goal and context analysis to define how the system satisfies its requirements in different contexts. Tropos goal analysis provides constructs to hierarchically analyse goals and discover alternative sets of tasks the system can execute to satisfy goals; our framework extends Tropos goal model by considering context at its variation points, and provides constructs to hierarchically analyse context and discover alternative sets of facts the system has to monitor to verify a context. A self-contextualizable promotion information system scenario is used to illustrate our approach.

Managing Security Requirements Conflicts in Socio-Technical Systems

Requirements are inherently prone to conflicts, for they originate from stakeholders with different, often opposite, needs. Security requirements are no exception. Importantly, their violation leads to severe effects, including privacy infringement, legal sanctions, and exposure to security attacks. Todays systems are Socio-Technical Systems STSs: they consist of autonomous participants humans, organisations, software that interact to get things done. In STSs, security is not just a technical challenge, but it needs to consider the social components of STSs too. We have previously proposed STS-ml, a security requirements modelling language for STSs that expresses security requirements as contractual constraints over the interactions among STS participants. In this paper, we build on top of STS-ml and propose a framework that, via automated reasoning techniques, supports the identification and management of conflicts in security requirements models. We apply our framework to a case study about e-Government, and report on promising scalability results of our implementation.

Location-Based Software Modeling and Analysis: Tropos-Based Approach

The continuous growth of interest in mobile applications makes the concept of location essential to design and develop software systems. Location-based software is supposed to be able to monitor the surrounding location and choose accordingly the most appropriate behavior. In this paper, we propose a novel conceptual framework to model and analyze location-based software. We mainly focus on the social facets of location adopting concepts such as actor, resource, and location-based behavior. Our approach is based on Tropos methodology and allows the analyst to elicit and model software requirements according to the different locations where the software will operate. We propose an extension of Tropos modeling and adapt its process to suit well with the development of location-based software. The proposed framework also includes automated analysis techniques to reason about the relation between location and location-based software.

Forging high-quality User Stories: Towards a discipline for Agile Requirements

User stories are a widely used notation for formulating requirements in agile development projects. Despite their popularity in industry, little to no academic work is available on assessing their quality. The few existing approaches are too generic or employ highly qualitative metrics. We propose the Quality User Story Framework, consisting of 14 quality criteria that user story writers should strive to conform to. Additionally, we introduce the conceptual model of a user story, which we rely on to design the AQUSA software tool. AQUSA aids requirements engineers in turning raw user stories into higher-quality ones by exposing defects and deviations from good practice in user stories. We evaluate our work by applying the framework and a prototype implementation to three user story sets from industry.