Requirements Engineering for Internet of Things

The development of the Internet and cloud computing has set up a matured environment for developing and deploying big data services. The main objective of requirements engineering for big data is to capture big data service users’ needs and provider’s capabilities, and to identify value added service use cases for big data technology in a given organizational context. Major objectives may include: collect real-time data about the world, search for useful information in large data sets, gain insights about given problems by data analytics, predict possible trend of interesting subjects, and make decisions for the next immediate actions. In this paper, we propose a big data service requirements analysis framework, which aims to provide useful guidelines for eliciting service requirements, selecting the right services architectures and evaluate the available technological services implementations. For services under operation, we suggest data analysis to service logs to elicit user’s changing needs, to evaluate the run-time service performance and to check compliance to general standards and domain-specific regulations. Example cases from eHealth and industry 4.0 are discussed to illustrate the proposed service requirements framework.

Very Large Organization (VLO) develops and manufacturers hardware and software products, with each product being developed in its own project. Each project, from its inception, maintains a database that contains a wealth of data pertaining to its software development lifecycle. To empirically study VLO’s software development process, the authors mined the data from seven consecutive VLO projects to determine whether the data exhibit any anomalies and whether these anomalies can help assess a project’s level of success. Some anomalies provide evidence of what VLO does well, while other anomalies highlight possible areas of improvement. Through the anomalies in the mined data, the organization can direct additional focus and research to specific areas of the development process, particularly its requirements engineering, to improve the likelihood of success for future projects.

While describing the results of the empirical study, the paper also shows how such a study can be conducted even when the mined data are not very detailed.

APT attacks are increasing every year, and these APT attacks begin with social engineering attacks. In order to be effective in blocking APT attacks, blocking social engineering attacks make it possible to prevent APT attacks in advance. In this study, we define human factors which greatly influence social engineering attacks, and make it possible to obtain appropriate security requirements by modeling the relationships among human vulnerability, social engineering attacks and security requirements.

A software system is developed for satisfying requirements of stakeholders. Each requirement will be never satisfied without the collaboration of several components such as the system, devices and people interacting with them, i.e. users. However, a user does not or cannot always behave toward the other components according to their expectations. For example, a user sometimes makes mistake or even misuse of the system. The system thus has to encourage users to behave according to such expectations as well as possible. In this paper, we propose a method for eliciting software requirements that will improve users’ behavior with respect to the expectations. We rely on transparency, i.e. the open flow of information amongst stakeholders because no one can directly manipulate users but transparency has an influence on users’ behavior. We expect users will voluntarily behave better than ever when the system provides suitable information flows. We represent our method by using KAOS goal modeling notation, and show examples how it works.

Cloud users are striving for minimum provider interference in accessing services from cloud’s shared pool of resources due to the dynamic and untrusted nature of cloud, and untrusted, vulnerable and greedy nature of Cloud Service Providers (CSPs). Service level agreements (SLA) are a critical aspect in maintaining security, trust and provisioning Quality of Service (QoS) in Cloud. The SLA consists of Service-level goals or the Functional and Non-Functional levels that are officially agreed by the customer and the providers. The SLA lifecycle is costly and time-consuming process. Using Blockchain technology’s use-cases with Cloud can solve the trust and security requirements of cloud users as well as make SLAs transparent and open to cloud users for quick service provisioning. In order to analyze the feasibility of using Blockchain technology with Cloud, this paper, comparatively analyze the Security and trust requirements and Non-Functional requirements of Cloud and Blockchain to solve the security and trust requirements of cloud users in cloud. We also propose a secure and self-adaptive Blockchain based framework for cloud. Blockchain being the backbone of this framework, this framework exploits the feasible use cases of the Blockchain to enhance the trust requirement of the third party (Cloud Service provider) in Cloud and maintain trust and security in the Cloud by making data secure and SLA transparent and open to all Cloud users, aiding users to analyze and make spontaneous decisions for using Cloud services.

Quality security requirements contribute to the success of secure software development. However, the process of eliciting and writing security requirements is tedious and complex, It requires Requirements Engineers (RE) to have security experience in the process of eliciting consistent security requirements from the clients-stakeholders. Considering the requirements are derived from natural language, RE faced problems in eliciting and writing security requirements as they have the tendency to misunderstand the real needs and the security terms used. Motivated from these problems, this paper proposed a security requirements library and template to assist RE in writing security requirements. The library was built based on compilation of security attributes derived from syntax analysis and keywords matching. The realization of the library and writing template was demonstrated using two sets of scenario taken from real projects. The usage examples show that the template is able to help the RE to write security requirements by providing the relevant and suitable sentence structure as guidance.

In today’s era, there is a rapid increase in the demand for IoT applications. Thus, securing the information content delivered among various entities involved in the IoT applications development has become an important issue. It is also identified that there is a high cost of implementing a secured IoT application as it requires efforts, skills and knowledge to understand the security concern, especially when developers and requirement engineers do not have any formal training in software engineering and eliciting security requirements. In addition, requirements engineers who are unfamiliar with the IoT applications confront problems to elicit accurate security requirements to avoid misinterpretations. Motivated by these issues, this paper presents the development of a new IoT security requirements library of security requirement for the development of IoT applications. Using an industry scenario, the utilities of the library demonstrated the elicitation of security requirements for each of the IoT attributes of specific business applications domains.

Web-based software systems face a wide range of users and situates in different context. Developing such systems needs to deal with the diversity and variability of requirements. Crowd-based requirements engineering performs requirements engineering activities, such as elicitation requirements from the crowd of stakeholders. That leads to the collected requirements being more diverse and wider coverage. However, the requirements elicited from crowd are not directly available and need to be merged into system requirements. It is a tedious and error-prone work without the help of automatic method. System requirements can be expressed in a variety of ways, of which activity diagram is widely used. This paper provides a method based on genetic algorithm. This approach targets to solve two key issues about the individual requirements representation and the requirements synthesis, one is using a triangular matrix encoding scheme to ensure completeness and uniqueness of genetic representation of solution, the other is proposing a generalized information entropy as fitness function to measure candidate solutions. A simple but meaningful example has been used to demonstrate the feasible of this approach. Moreover, during the synthesis of activity diagrams, the information source’s IDs are kept. This can be used for building the traceability links between the system requirements and their source. That will be helpful to requirements management and evolution.

Crowdsourcing is a complex and sociotechnical problem solving approach for collaboration of geographically distributed volunteer crowd to contribute to the achievement of a common task. One of the major issues faced by crowdsourced projects is the trustworthiness of the crowd. This paper presents a vision to develop a framework with supporting methods and tools for early detection of the malicious acts of sabotage in crowdsourced projects by utilizing and scaling digital forensic techniques. The idea is to utilize the crowd to build the digital evidence of sabotage with systematic collection and analysis of data from the same crowdsourced project where the threat is situated. The proposed framework aims to improve the security of the crowdsourced projects and their outcomes by building confidence about the trustworthiness of the workers.

Goal Oriented Requirements Engineering (GORE) has the potential to fulfill customer’s needs. It is an emergent field in requirements engineering (RE) because it helps to achieve the intended objectives of the system under consideration. A large number of Conferences and Journals have reported GORE work regarding different techniques, tools, frameworks, and methods with various processes. However, there is little effort to aggregate GORE existing empirical work, identify knowledge gaps, trends, and patterns by using an unbiased, comprehensive and systematic methodology. Therefore, there is a need to evaluate GORE empirical research to show its affluence. We conducted Systematic Mapping Study (SMS) to analyze empirical research in GORE. An analysis on extracted data showed the great increase of GORE empirical work in the year 2012 and the most focused area is Requirements Analysis (63%), and Elicitation (20%) while the Modeling (70%) is a trendy concept in Requirements Analysis. The most used research method in GORE empirical studies was the experiment. Our study did not find any empirical work in the GORE area of Validation and Verification. A large percentage of studies presented methods as the output of research and validated these methods empirically. To develop the reliability and integrity of research outcomes, the researchers need to perform evaluative empirical research. The practitioners are required to share their experiences of using various modeling tools and techniques the community.

Context-aware applications are becoming increasingly popular as they can adapt their behaviors to situations. However, the modeling of context-aware requirements is challenging owing to the inherent complexity and dynamicity of the context. Therefore, learning from existing studies can help academia and industry overcome the challenges. The primary objectives of this study are as follows: (1) survey the state-of-the-art of context-aware requirements modeling; (2) determine the challenges in context-aware requirements modeling and the extent to which the challenges have been addressed; (3) explore the future research directions of context-aware requirements modeling. We adopt the method of systematic literature review to retrieve relevant studies and extract available data aimed at the objectives. Seventy-two studies are finally selected. After data synthesis, we identify 4 categories of 13 challenges in context-aware requirements modeling. Based on the findings, we analyze the extent to which the challenges have been addressed and suggest future research directions.

Software go through changes at all stages of Software Development Life Cycle (SDLC). Accepting a large amount of changes may raise the time and cost of the software. While denying changes may rise customer dissatisfaction. An effective change acceptance decision helps software project manager to decide whether to accept or reject these changes. Software effort estimation is one of the methods that helps software project manager in an efficient change acceptance decision. Several software effort estimation techniques have been introduced to date and Function Point Analysis (FPA) is one of them. FPA method is used for measuring the size and complexity of a software by calculating the functionality that the system provides its user. Many studies highlighted that FPA method is used for early phases of SDLC as compared to software development phase. During software development phase software artifacts are in inconsistent states. Therefore, it is a challenging task for software project manager to estimate the amount of required effort for a change request during software development phase. In this paper we have used FPA method in a case study for requirement changes during software development phase. This study has highlighted the main concerns of using FPA method for requirement changes during software development phase.

Requirements engineering uncertainty is considered as one of the main problems in software industry. It can complicate early decisions on requirements and architecture and might expose the software project to significant risks. Continuous effort by researchers has resulted in a largely grown body of work on uncertainty in software requirements. In this paper, a systematic literature review protocol is presented to investigate the research literature on approaches deals with uncertainty in software requirements engineering. Requirements management was widely studied on the uncertainty in software requirement engineering. Results showed that review and analyses approach are most widely approaches dealt with requirements uncertainty and some were briefly explained. Further research is required on the identification of prominent causes of software requirements uncertainty and the solution to cope with such causes.

A goal model, which is one of the common requirements models, has advantages of formalizing and visualizing results of requirements analysis. The model regards a requirement as a goal, and the root goal that is achieved by system execution should be decomposed to precondition goals. Current systems are large and complexed, so that there are a lot of requirements to be implemented. Therefore it is difficult to extract all goals and construct an elaborated goal model manually. In this paper we propose a process to support constructing goal models from requirements descriptions written in a natural language. In the proposed process, extraction rules are used to extract goals from requirements descriptions and then to construct a goal model from the goals. To evaluate our process, we applied the process to two system descriptions to construct goal models. The results show that the proposed process extracted appropriate goals and successfully assembled these goals in a goal hierarchy. We also report preliminary results of automating the proposed process.

Although train control system (TCS) is regarded relatively safe, accidents still happened from time to time. In this paper, we propose a simulation based approach to elicit new requirements from accidents and then modify the TCS to provide a more reliable and safer system. A Modelica system model is constructed to describe the structure and interactions of TCS according to the continuous behavior and discrete fault event of TCS devices. A Modelica accident model is also defined based on the system model in order to predict accidents. These Modelica models are simulated in Open Modelica until all scenarios (paths) are covered. By analyzing the simulation results which indicate the causes of accidents, we elicit new requirements, and modify the original system model. Simulation is used again to show that these modifications could effectively avoid such accidents. A case study is provided to validate our approach.