Olawande Daramola

Enabling hazard identification from requirements and reuse-oriented HAZOP analysis

The capability to identify potential system hazards and operability problems, and to recommend appropriate mitigation mechanisms is vital to the development of safety critical embedded systems. Hazard and Operability (HAZOP) analysis which is mostly used to achieve these objectives is a complex and largely human-centred process, and increased tool support could reduce costs and improve quality. This work presents a framework and tool prototype that facilitates the early identification of potential system hazards from requirements and the reuse of previous experience for conducting HAZOP. The results from the preliminary evaluation of the tool suggest its potential viability for application in real industrial context.

Pattern-based security requirements specification using ontologies and boilerplates

The task of specifying and managing security requirements (SR) is a challenging one. Usually SR are often neglected or considered too late - leading to poor design, and cost overruns. Also, there is scarce expertise in managing SR, because most requirements engineering teams do not include security experts, which leads to prevalence of too vague or overly specific SR. In this work, we present an ontology-based approach that uses predefined pattern-based templates - requirements boilerplates - to aid requirements engineers in the formulation of SR. We realized the approach via a prototype tool that enables the formulation of SR from textual misuse case (TMUC) descriptions of security threat scenarios. The results from a preliminary evaluation suggest the viability of the proposed approach, in that the tool was judged as easy to use, supports reuse, and facilitates the formulation of good quality SR.

A conceptual framework for semantic case-based safety analysis

Hazard and Operability (HAZOP) Analysis and Failure Mode and Effect Analysis (FMEA) are among the most widely used safety analysis procedures in the development of safety-critical and embedded systems. These analyses are generally perceived as complex and time-consuming, hindering an effective reuse of previous results or experiences. In this paper we present a conceptual semantic case-based framework for safety analysis, which facilitates the reuse of previous HAZOP and FMEA experiences in order to reduce the time and effort associated with these analyses. We present the core technologies of the conceptual framework and evaluated a prototype of the framework, KROSA, in an experiment with domain experts at ABB Norway. Initial results confirm the viability of the conceptual framework for industrial application.

Managing implicit requirements using semantic case-based reasoning research preview

[Context and motivation] Implicit requirements (ImRs) are defined as requirements of a system which are not explicitly expressed during requirements elicitation, often because they are considered so basic that developers should already know them. Many products have been rejected or users made unhappy because implicit requirements were not sufficiently addressed. [Question/Problem] Requirement management tools have not addressed the issue of managing ImRs, also despite the challenges of managing ImRs that exist in practice the issue has not received sufficient attention in the literature. [Principal Idea/results] This planned research will investigate how automated support can be provided for managing ImRs within an organizational context, which is currently lacking in practice. This work proposed an approach that is based on semantic case-based reasoning for managing ImRs. [Contribution] We present the concept of a tool which enables managing of ImRs through the analogy-based requirements reuse of previously known ImRs. This ensures the discovery, structured documentation, proper prioritization, and evolution of ImRs, which improves the overall success of software development processes.

A process framework for semantics-aware tourism information systems

The growing sophistication of user requirements in tourism due to the advent of new technologies such as the Semantic Web and mobile computing has imposed new possibilities for improved intelligence in Tourism Information Systems (TIS). Traditional software engineering and web engineering approaches cannot suffice, hence the need to find new product development approaches that would sufficiently enable the next generation of TIS. The next generation of TIS are expected among other things to: enable semantics-based information processing, exhibit natural language capabilities, facilitate inter-organization exchange of information in a seamless way, and evolve proactively in tandem with dynamic user requirements. In this paper, a product development approach called Product Line for Ontology-based Semantics-Aware Tourism Information Systems (PLOSATIS) which is a novel hybridization of software product line engineering, and Semantic Web engineering concepts is proposed. PLOSATIS is presented as potentially effective, predictable and amenable to software process improvement initiatives.

Implementation of an Intelligent Course Advisory Expert System

Academic advising of students is an expert task that requires a lot of time, and intellectual investments from the human agent saddled with such a responsibility. In addition, good quality academic advising is subject to availability of experienced and committed personnel to undertake the task. However, there are instances when there is paucity of capable human adviser, or where qualified persons are not readily available because of other pressing commitments, which will make system-based decision support desirable and useful. In this work, we present the design and implementation of an intelligent Course Advisory Expert System (CAES) that uses a combination of rule based reasoning (RBR) and case based reasoning (CBR) to recommend courses that a student should register in a specific semester, by making recommendation based on the student’s academic history. The evaluation of CAES yielded satisfactory performance in terms of credibility of its recommendations and usability.

Ontology-Based Support for Security Requirements Specification Process

The security requirements specification (SRS) is an integral aspect of the development of secured information systems and entails the formal documentation of the security needs of a system in a correct and consistent way. However, in many cases there is lack of sufficiently experienced security experts or security requirements (SR) engineer within an organization, which limits the quality of SR that are specified. This paper presents an approach that leverages ontologies and requirements boilerplates in order to alleviate the effect of lack of highly experienced personnel for SRS. It also offers a credible starting point for the SRS process. A preliminary evaluation of the tool prototype – ReqSec tool - was used to demonstrate the approach and to confirm its usability to support the SRS process. The tool helps to reduce the amount of effort required, stimulate discovery of latent security threats, and enables the specification of good quality SR.

Using Ontologies and Machine Learning for Hazard Identification and Safety Analysis

Safety analysis (SA) procedures, such as hazard and operability analysis (HazOp) and failure mode and effect analysis (FMEA), are generally regarded as repetitious, time consuming, costly and require a lot of human involvement. Previous efforts have targeted automated support for SA at the design stage of system development. However, studies have shown that the cost of correcting a safety error is much higher when done at the later stages than the early stages of system development. Hence, relative to previous approaches, this chapter presents an approach for hazard identification (HazId) based on requirements and reuse-oriented safety analysis. The approach offers a convenient starting point for the identification of potential system safety concerns from the RE phase of development. It ensures that knowledge contained in both the requirements document and previously documented HazOp projects can be leveraged in order to attain a reduction in the cost of SA by using established technologies such as ontology, case-based reasoning (CBR), and natural language processing (NLP). The approach is supported by a prototype tool, which was assessed by conducting a preliminary evaluation. The results indicate that the approach enables reuse of experience in conducting safety analysis, provides a sound basis for early identification of system hazards when used with a good domain ontology and is potentially suitable for application in practice by experts.

A comparative review of i ∗ -based and use case-based security modelling initiatives

Security requirements elicitation and modelling are integral for the successful development of secure systems. However, there are a lot of similar yet not identical approaches that currently exist for security requirements modelling, which is confusing for researchers and practitioners hence some characterisation will be useful to give a better overview and understanding of advantages and disadvantages of various approaches. This paper provides a comparative review of i*-based and use case - based security modelling initiatives, using a characterisation framework with several dimensions. Our findings show that both categories of initiatives have significant conceptual similarities in the aspect of modelling language and method process, and coverage of security requirements modelling notions. They have conceptual differences in the aspect of: representation perspective, kind of security requirements engineering activities that are supported, the quality of specification that is generated and the specification techniques used, and the degree of support for software evolution.

Component-based software engineering approach to development of a university e-administration system

Component-based software engineering (CBSE) has elicited research interests in recent times in different industrial sectors, including the educational domain because of its perceived advantage over traditional development approaches. However, there is need to empirically justify this claim through case study reports from several industrial domains. A university as a complex enterprise needs an Enterprise Resource Planning (ERP) system to automate its complex operational and administrative procedures for efficiency and effectiveness. However, the peculiarity of each university makes it difficult to obtain commercial off-the-shelf ERPS that perfectly suits their requirements. This paper, reports the application of the CBSE paradigm for the development of a university ERP - specifically an e-Administration System. The research provides a basis to empirically compare the merits of CBSE and traditional development approaches. The result of the case study yielded a usable ERP for a Nigerian university, and concrete empirical data that confirmed the superiority of CBSE over traditional software development.