Raimundas Matulevičius

Visual syntax does matter: improving the cognitive effectiveness of the i * visual notation

Goal-oriented modelling is one of the most important research developments in the requirements engineering (RE) field. This paper conducts a systematic analysis of the visual syntax of i*, one of the leading goal-oriented languages. Like most RE notations, i* is highly visual. Yet surprisingly, there has been little debate about or modification to its graphical conventions since it was proposed more than a decade ago. We evaluate the i* visual notation using a set of principles for designing cognitively effective visual notations (the Physics of Notations). The analysis reveals some serious flaws in the notation together with some practical recommendations for improvement. The results can be used to improve its effectiveness in practice, particularly for communicating with end users. A broader goal of the paper is to raise awareness about the importance of visual representation in RE research, which has historically received little attention.

A Systematic Approach to Define the Domain of Information System Security Risk Management

Today, security concerns are at the heart of information systems, both at technological and organizational levels. With over 200 practitioner-oriented risk management methods and several academic security modelling frameworks available, a major challenge is to select the most suitable approach. Choice is made even more difficult by the absence of a real understanding of the security risk management domain and its ontology of related concepts. This chapter contributes to the emergence of such an ontology. It proposes and applies a rigorous approach to build an ontology, or domain model, of information system security risk management. The proposed domain model can then be used to compare, select or otherwise improve security risk management methods.

Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development

Security is a major target for todays information systems (IS) designers. Security modelling languages exist to reason on security in the early phases of IS development, when the most crucial design decisions are made. Reasoning on security involves analysing risk, and effectively communicating risk-related information. However, we think that current languages can be improved in this respect. In this paper, we discuss this issue for Secure Tropos, the language supporting the eponymous agent-based IS development. We analyse it and suggest improvements in the light of an existing reference model for IS security risk management. This allows for checking Secure Tropos concepts and terminology against those of current risk management standards, thereby improving the conceptual appropriateness of the language. The paper follows a running example, called eSAP, located in the healthcare domain.

Alignment of Misuse Cases with Security Risk Management

It is recognised that security has to be addressed through the whole system development process. However current practices address security only in late stages, i.e., development or maintenance. Due to the success of UML use cases, misuse cases have been accepted by industry as a means to tackle security. However misuse cases, firstly, lack a precise application process, secondly, are too general which results in under-definition or misinterpretation of their concepts. In this paper we examine misuse cases in the light of a reference model for information system security risk management (ISSRM). Using the well-known meeting scheduler example we show how misuse cases can be used to follow a security risk management process. Next we check the misuse case ontology according to the concepts found in current risk management standards. The paper suggests improvements for the conceptual appropriateness of misuse cases for the security risk domain.

Evaluating formal properties of feature diagram languages

Feature diagrams (FDs) are a family of popular modelling languages, mainly used for managing variability in software product lines. FDs were first introduced by Kang et al. as part of the feature-oriented domain analysis (FODA) method back in 1990. Since then, various extensions of FODA FDs were devised to compensate for purported ambiguity and lack of precision and expressiveness. Recently, the authors surveyed these notations and provided them with a generic formal syntax and semantics, called free feature diagrams (FFDs). The authors also started investigating the comparative semantics of FFD with respect to other recent formalisations of FD languages. Those results were targeted at improving the quality of FD languages and making the comparison between them more objective. The previous results are recalled in a self-contained, better illustrated and better motivated fashion. Most importantly, a general method is presented for comparative semantics of FDs grounded in Harel and Rumpes guidelines for defining formal visual languages and in Krogstie et al.s semiotic quality framework. This method being actually applicable to other visual languages, FDs are also used as a language (re)engineering exemplar throughout the paper.

The Unified Enterprise Modelling Language—Overview and further work

The Unified Enterprise Modelling Language (UEML) aims at supporting integrated use of enterprise and IS models expressed using different languages. To achieve this aim, UEML offers a hub through which modelling languages can be connected, thereby paving the way for also connecting the models expressed in those languages. This paper motivates and presents the most central parts of the UEML approach: a structured path to describing enterprise and IS modelling constructs; a common ontology to interrelate construct descriptions at the semantic level; a correspondence analysis approach to estimate semantic construct similarity; a quality framework to aid selection of languages; a meta-meta model to integrate the different parts of the approach; and a set of tools to aid its use and evolution. The paper also discusses the benefits of UEML and points to paths for further work.

Improving the Effectiveness of Visual Representations in Requirements Engineering: An Evaluation of i* Visual Syntax

Goal-oriented modelling is one of the most important research developments in the RE field. This paper conducts a systematic analysis of the visual syntax of i*, one of the leading goal-oriented languages. Like most RE notations, i* is highly visual. Yet surprisingly, there has been little debate about or modification to its graphical conventions since it was proposed more than a decade ago. We evaluate the notation using a set of evidence-based principles for visual notation design. The paper identifies some serious flaws in the i* visual notation together with some recommendations for improvement. A broader goal of the paper is to raise the level of debate and stimulate discussion about visual representation in RE research.

Comparing goal modelling languages: an experiment

Although goal modelling is a recognised research area, only few empirical studies are reported. In this work we present an experiment where the quality of two goal languages - i* and KAOS - is investigated by means of the semiotic quality framework. We believed that a high quality language would contribute to effective and efficient modelling, and result in high quality models. But the experiment showed that model quality much depends on the particular language characteristics with respect to a given context. The experiment indicated weak and strong properties of goal modelling languages. For researchers, the findings point out possible language improvements. For practitioners, they can facilitate decisions about language selection and use.

Securing business processes using security risk-oriented patterns

Business process modelling and security engineering are two important concerns when developing information system. However current practices report that security is addressed at the later development stages (i.e. design and implementation). This raises a question whether the business processes are performed securely. In this paper, we propose a method to introduce security requirements to the business processes through the collaboration between business and security analysts. To support this collaboration we present a set of security risk-oriented patterns. We test our proposal in two industrial business models. The case findings characterise pattern performance when identifying business assets, risks, and countermeasures.

Towards Definition of Secure Business Processes

Business process modelling is one of the major aspects in the modern system development. Recently business process model and notation (BPMN) has become a standard technique to support this activity. Although BPMN is a good approach to understand business processes, there is a limited work to understand how it could deal with business security and security risk management. This is a problem, since both business processes and security concerns should be understood in parallel to support a development of the secure systems. In this paper we analyse BPMN with respect to the domain model of the IS security risk management (ISSRM). We apply a structured approach to understand key aspects of BPMN and how modeller could express secure assets, risks and risk treatment using BPMN. We align the main BPMN constructs with the key concepts of the ISSRM domain model. We show applicability of our approach on a running example related to the Internet store. Our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. In addition we open a possibility for the business and security model interoperability and the model transformation between several modelling approaches (if these both are aligned to the ISSRM domain model).