Requirement engineering

Top PDF Requirement engineering:

A requirement engineering driven approach to security architecture design for distributed embedded systems

A requirement engineering driven approach to security architecture design for distributed embedded systems

System Modeling Language for Security - SysMLSec 3.1 Introduction We described the main building blocks of the security requirement engineering methodology in the previous chapter. To pave the way for system-wide SREP, we first have to breath live into a collection of conceptual stages following the map- ping of stakeholders needs into product functions and use cases. Also, preceding the design of these functions across the engineering disciplines (i.e., hardware, software, etc.). In this context, a number of modeling languages (i.e., UML, SysML, etc.) have been proposed to help engineers from different system development stages to communicate, share, and compare their perspectives, to reason about properties of a system. These modeling languages for software engineering practices express different concepts to serve different development purposes like use case modeling, requirement modeling, protocol modeling, etc. However, security issues involve spe- cial concerns that these traditional software engineering languages do not consider. Consider, for example, a general behavior modeling notation that expresses inter- actions of entities in the system without considering the harmful behavior of an adversary. Thus, the models do not convey the impacts of the malicious behavior of the adversary on requirements, design, and architecture to the next phases of system development lifecycle. As we have reviewed in Section 2.2, to model specific security aspects such as threats, vulnerabilities, assets, and security requirements several security modeling languages have been developed. A number of extensions of UML (i.e., UMLsec [69], SecureUML [88], Misuse cases [141], Abuse cases [86], etc.), allow to express security relevant information within the diagrams in a system specification have been proposed. Yet, to best of our knowledge, none of them pro- vides the expressivity required to deal effectively with system-wide SRE. Another major group of contributions to the conceptual modeling of security requirements like KAOS [151] and Secure Tropos [93], etc., have defined their own graphical formalism each of which allows to express security relevant information (i.e., goal, anti-goals, requirements, obstacles, etc.).
En savoir plus

222 En savoir plus

Applying a requirement engineering based approach to evaluate the security requirements engineering methodologies

Applying a requirement engineering based approach to evaluate the security requirements engineering methodologies

sbulusu@irit.fr , laborde@irit.fr , ahmad-samer.wazan@irit.fr , Francois.barrere@irit.fr , Abdelmalek.benzekri@irit.fr ABSTRACT Considering the multitude of security requirements engineering methodologies available today, selecting a security requirement engineering methodology that fits the security engineering context becomes a promising task. In previous work, we outlined a generic evaluation methodology to elicit and evaluate the anticipated characteristics of a security requirements engineering methodology according to the stakeholders’ working context. In this paper, we detail each step of our methodology using an example context of network security requirements engineering.
En savoir plus

4 En savoir plus

Requirement engineering of a Cooperative Information System using viewpoints

Requirement engineering of a Cooperative Information System using viewpoints

rigor, this critical, complex, and potentially expensive ac- tivity in the majority of cases is performed in an ad-hoc manner without a defined process or methodology. The lack of systematic methods with situational process guid- ance, and experience reports that can easily be applied to real-world situations are serious reasons for the current gap between requirements elicitation and needs analysis in re- search and practice. [6]. The methods that exist in the domain of RE in software engineering does not allow to address the complex needs of a CIS which involves the co- operation of many stakeholders in a common purpose and each with their own viewpoint. The use of existing ap- proaches based on concepts of: goal, scenario or viewpoint have shown their limits, and work has been done for their in- tegration into a single approach. [15] for example, proposed an approach named CREWS for requirements elicitation in which the authors use both goal and scenario, [3] proposed an approach inspired from CREWS where they integrated goal, scenario and viewpoints. there is also for example the methods VORD or VOSE which used the viewpoints for the requirement engineering. But these methods have not highlighted the concepts of actors, team (group of ac- tors), activity, actions and interactions between actors that must be in a cooperative information systems. For the anal- ysis needs phase of a cooperative information system other factors should be considered. It will be necessary to deter- mine who does what, on what, when, after what and before what, we must define the systems actors and relations or ac- tions and activities that may exist between them. Which im- plies the intervention of different stakeholders (the expert, designer of CIS, domain user ...) involving several levels of modeling and multiple domains (generic domain (CIS), business application ...). We will try to solve these problems by proposing an approach that highlights these concepts us- ing viewpoints with 5 dimensions in order to have a tool that allows to have a common formalism for each concept and remedy this complexity. This will allow us to decom- pose the needs of a CIS according to viewpoints of each stakeholder. A viewpoint-based approach to requirements engineering recognizes that all information about the sys- tem requirements cannot be discovered by considering the system from a single perspective. Rather, we need to col- lect and organize requirements from a number of different viewpoints. A viewpoint is an encapsulation of partial in- formation about a systems requirements. Information from different viewpoints must be integrated to form the final sys- tem specification [18]. There is several viewpoints methods in RE like : SADT [16],[14], CORE [13], VOSE [8], [11], VORD [10], [17], [7], PreView [19], ISO/IEC/IEEE 42010 standard [1]. In addition, the main arguments in favor of an approach based on viewpoints in requirements engineering are:
En savoir plus

8 En savoir plus

Viewpoints for Requirement Engineering in a Cooperatif Information System (VpCIS)

Viewpoints for Requirement Engineering in a Cooperatif Information System (VpCIS)

²LINA-Nantes University Computer Science, Nantes, France {kkessi,zalimazighi}@usthb.dz, Mourad.Oussalah@univ-nantes.fr Abstract. In this paper we propose an approach which allows to define the Requirement Engineering step of a Cooperatif Information System. We used a notion of software engineering: the viewpoints. CIS is a complex system, it involves the cooperation of many stakeholders in a common purpose and each with their own viewpoint. This is why we used the notion of viewpoints, in order to decompose and partition the needs of a CIS according to the viewpoint of each stakeholder, to simplify its modeling. This approach define a meta- model of viewpoint that will allow us to instance the necessary viewpoint to define the needs and requirements of a CIS.
En savoir plus

11 En savoir plus

Reusing Scenario Based Approaches in Requirement Engineering Methods: CREWS Method Base

Reusing Scenario Based Approaches in Requirement Engineering Methods: CREWS Method Base

We situate our work in the situational method engineering domain. The situational method engineering discipline aims at defining information systems development methods by reusing and assembling different existing method fragments. This approach allows to construct modular methods which can be modified and augmented to meet the requirements of a given situation. Following this approach, a method is viewed as a collection of method fragments [Rolland 96], [Harmsen 94], [Harmsen 97]. New methods can be constructed by selecting fragments from different methods which are the more appropriate to a given situation [Brinkkemper 98], [Plihon 98]. Thus, method fragments are the basic building blocks which allow to define methods in a modular way. In our work we are interested in specific method fragments, namely scenario based approaches, that we call scenario method chunks.
En savoir plus

14 En savoir plus

Applying a requirement engineering based approach to evaluate the security requirements engineering methodologies

Applying a requirement engineering based approach to evaluate the security requirements engineering methodologies

3 Application of our methodology 3.1 Step1: Problem context and initial requirement analysis The initial step of our approach allows analysing the security problem context of the example scenario given in section 2. Accordingly, this step deals with interviewing the people involved in the security engineering process. We have developed an elicitation tools using a consolidated list of 20 characteristics of good security requirements provided in our previous paper[2], see Figure 3. The first three columns contain a unique identifier, a quick one-line definition and corresponding synonyms found in the literature. The last column describes the quality criteria via a set of questions, each reflecting different perspectives of the respective criterion definition. This elicitation tool facilitates to trigger the discussions. It acts as a common platform to discuss as well as to obtain common understanding of their perspectives and expectations.
En savoir plus

5 En savoir plus

Operations requirement for Black Brant rocket AD-II-52

Operations requirement for Black Brant rocket AD-II-52

L’accès à ce site Web et l’utilisation de son contenu sont assujettis aux conditions présentées dans le site LISEZ CES CONDITIONS ATTENTIVEMENT AVANT D’UTILISER CE SITE WEB. Report (National Research Council of Canada. Radio and Electrical Engineering Division : ERB); no. ERB-687, 1964-10

81 En savoir plus

Operations requirement for Black Brant rocket AA-II-53

Operations requirement for Black Brant rocket AA-II-53

L’accès à ce site Web et l’utilisation de son contenu sont assujettis aux conditions présentées dans le site LISEZ CES CONDITIONS ATTENTIVEMENT AVANT D’UTILISER CE SITE WEB. Report (National Research Council of Canada. Radio and Electrical Engineering Division : ERB); no. ERB-688, 1964-10

81 En savoir plus

Operations requirement for U.A.C. auroral x-ray balloon flights

Operations requirement for U.A.C. auroral x-ray balloon flights

L’accès à ce site Web et l’utilisation de son contenu sont assujettis aux conditions présentées dans le site LISEZ CES CONDITIONS ATTENTIVEMENT AVANT D’UTILISER CE SITE WEB. Report (National Research Council of Canada. Radio and Electrical Engineering Division : ERB); no. ERB-689, 1964-11

27 En savoir plus

Operations requirement for black brant rocket AK-II-104

Operations requirement for black brant rocket AK-II-104

L’accès à ce site Web et l’utilisation de son contenu sont assujettis aux conditions présentées dans le site LISEZ CES CONDITIONS ATTENTIVEMENT AVANT D’UTILISER CE SITE WEB. Report (National Research Council of Canada. Radio and Electrical Engineering Division : ERB); no. ERB-722, 1965-10

60 En savoir plus

Timing Requirement Description Diagrams for Real-Time System Verification

Timing Requirement Description Diagrams for Real-Time System Verification

In KAOS (Keep All Objective Satisfied [13]) requirements are expressed by means of logic formulas written in RT-LTL (Real Time Linear Temporal Logic). KAOS also includes a method for goal driven requirement elaboration. The KAOS tool Objectiver [15] enables analysts to elicit and specify requirements in a systematic way and to achieve traceability from requirements to goals. The interest of the KAOS methodology is to formalize and trace functional and non-functional requirements (including security, safety, accuracy, cost, performance) throughout the design cycle. In this paper, we also link (temporal) requirements to our formalism and we integrate requirement capture and requirement traceability.
En savoir plus

9 En savoir plus

Timing requirement description diagrams for real-time system verification

Timing requirement description diagrams for real-time system verification

Figure 13: Traceability Matrix of Hybrid Power Management Unit Requirements 5. Conclusions and Future Work TURTLE is a real-time UML profile designed with formal verification in mind. The profile was recently extended with SysML requirement diagrams. The objective is to formally verify temporal requirements. The paper shows how SysML requirement diagrams are supported by the profile. Formal temporal requirements are expressed with TRDDs, a graphical language based on UML Timing Diagrams. The paper’s contribution lies in the possibility to automatically derive observers from temporal requirements defined by Timing Requirement Description Diagrams. TTool automatically inserts these observers in the relevant design diagrams (class and activity diagrams) as a premise to guide the verification process.
En savoir plus

8 En savoir plus

Contract-Based Requirement Modularization via Synthesis of Correct Decompositions

Contract-Based Requirement Modularization via Synthesis of Correct Decompositions

Our conditions and synthesis strategy can be applied to generic contract frameworks equipped with specification operators (e.g., composition, refinement) including popular frameworks suc[r]

27 En savoir plus

Taxing a Natural Resource with a Minimum Revenue Requirement

Taxing a Natural Resource with a Minimum Revenue Requirement

to which the firm could devote its resources and expect the same profits. Ex ante, the firm takes into account the risk that the project might not be profitable or get green-lighted. I assume that the minimal revenue y is known ex ante. Ex post exploitation thus depends on y and on the market and geological conditions (p and c) unknown at the time the regime is put in place. Exploitation takes place when the two following constraints are satisfied: i) the ex post profitability constraint (XP) —the firm’s profit should cover its tax liability—; ii) the minimal revenue requirement constraint (MR) —the tax brings at least y to the State.
En savoir plus

30 En savoir plus

Robust material requirement planning with cumulative demand under uncertainty

Robust material requirement planning with cumulative demand under uncertainty

Namely, we deal with the CLSP (for the MPS process) and MLCLSP (for the MRP process), both with backordering, with uncertain cumulative demand under the interval uncertainty representati[r]

23 En savoir plus

LELIE - An Intelligent Assistant for Improving Requirement Authoring

LELIE - An Intelligent Assistant for Improving Requirement Authoring

LELIE: An Intelligent Assistant for Improving Requirement Authoring 1. LELIE project LELIE 1 was funded by the French National Research Agency (ANR) from 2008 till 2013. It is still a research framework but it is now paired with R&D efforts in order to investigate its relevance and customization to the industrial world. The LELIE project is a research and R&D framework, based on natural language processing and artificial intelligence, the aim of which is to detect and analyze potential risks in technical documents, related to health and ecology, but also to a number of social and economic dimensions.
En savoir plus

11 En savoir plus

On the facultative requirement of the bacterial RNA chaperone, Hfq.

On the facultative requirement of the bacterial RNA chaperone, Hfq.

Figure 1. Variable requirement for Hfq in sRNA-mediated gene regulations in bacteria. (a) List of bacteria and sRNAs organized according to their Hfq requirement. With the exception of RsmY (shown in parentheses because it requires Hfq to function but traps regulatory proteins [55] ), only sRNAs that regulate the expression of target mRNAs are considered. Hfq is required for the function of sRNAs colored in blue and dispensable for the function of those colored in red. The yellow triangle represents incremental involvement of Hfq. The hfq gene is missing in S. pyogenes and in most strains of Prochlorococcus. Note that in E. coli [56] and S. typhimurium [17] additional sRNAs interact with Hfq in vivo. (b,c) Parameters to consider for the facultative involvement of the Hfq protein in sRNA –mRNA interactions. The size of the circles reflects the relative importance of each parameter.
En savoir plus

8 En savoir plus

Knowledge Engineering

Knowledge Engineering

UNCORRECTED PROOF Designing models requires access to knowledge available through various sources. 342[r]

37 En savoir plus

A requirement mining framework to support complex sub-systems suppliers

A requirement mining framework to support complex sub-systems suppliers

classifier. Unsupervised because we do not predefine a list of categories but search for dissimilar clusters. We used the LinLog algorithm from the Carrot2 API and applied it to 1618 requirements collected from three specifications. We obtained 109 clusters and could therefore expect approximately 15 requirements within each cluster. However, results show that the biggest cluster contains 169 requirements, whereas the smallest one contains 2 requirements. Moreover, there is a cluster named “Other Topics” that contains 436 requirements, that is, ¼ of the data. If clusters contain more than a hundred of requirements, we do not solve the issue of large sets of requirements. Additionally, with the LinLog algorithm, a requirement may belong to several clusters. Thus, experts may overestimate the decision-making criteria. Finally, when we carefully look at the cluster labels, we notice that clusters are based on sequences of terms such as “boxes shall”, “conduit shall”, “system shall”, etc. In our specific application, such assumption is irrelevant as it corresponds to co-occurrences of “Subject + Modal verb”. Clustering of requirements have been extensively studied [10]. However, most approaches are purely text-based. We believe that a community of requirements should not only include requirements that share linguistic affinities, but also requirements that are linked by other kinds of interdependencies, such as conceptual ones and cross- references. Any kind of relationship such as SysML ones (derive, trace, satisfy, etc.) can be relevant. We have therefore studied the clustering of requirements based on graph theory (Fig. 2.H). The basic approach for graph clustering is to detect local particular subgraphs (cliques, k-plexes, k-cores, k- components), but this would lead to relatively small clusters. The second approach, graph partitioning, is also inappropriate as we cannot guess the number and the size of communities a- priori. We therefore adopted the third approach – community detection – with which communities of requirements arise naturally from the graph topology. We used the Spectral algorithm proposed in [16] and implemented in the Jmod API.
En savoir plus

7 En savoir plus

A surface engineering approach applicable to concrete repair engineering

A surface engineering approach applicable to concrete repair engineering

• application of adhesive coating to improve barrier proper- ties. Therefore mentioned approach emphasises that the prop- erties of the near-surface layer influence barrier properties of concrete and in consequence its durability [5, 6]. Such ap- proach shares characteristics with surface engineering com- monly applied to many construction materials like metal al- loys, including nanomaterials, eg. [7, 8]. Surface engineering is defined [7] as a scientific and technological approach relat- ed to the design, the production and the application of surface layers to improve some properties of the substrate, particularly the resistance to corrosion and abrasion, as well as aesthetic properties. Surface engineering covers all phenomena involv- ing a modification of the near-to-surface layer and/or applica-
En savoir plus

12 En savoir plus

Show all 1250 documents...