TOSCA-based Intent modelling: goal-modelling for infrastructure-as-code

Goal modelling usually takes place during the early information systems development phase known as requirements engineering (RE). RE is a key factor for project success where a good tool support is necessary. Several goal-modelling tools exist and several approaches can be used to evaluate them. In this paper, we report on an experiment to evaluate two goal-modelling tools - KAOS/Objectiver and i*/OME. We use an RE-tool evaluation approach (R-TEA) in order to determine which of the tools is better at supporting the creation of goal models. It turns out that KAOS/Objectiver apparently offers better model creation support but the quality of the resulting models is more dependent on situational language characteristics such as the focus on early (vs late) requirements.

Download Full-text

A Framework for Enhanced Tropos Goal-Driven Risk Assessment in Requirements Engineering

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.23.15345 ◽

2018 ◽

Vol 7 (2.23) ◽

pp. 510

Author(s):

ShankarNayak Bhkukya ◽

Dr Suresh Pabboju

Keyword(s):

Risk Assessment ◽

Risk Analysis ◽

Requirements Engineering ◽

Process Model ◽

Requirement Engineering ◽

Domain Experts ◽

Stakeholder Interests ◽

Formal Framework ◽

Goal Modelling ◽

Assessment Approach

Every process model used by software industry has different phases including requirement engineering. This is the crucial phase as it is preceded by other phases and provides valuable inputs to the design phase. Risk assessment made in this phase can help avoid wastage of time, effort, cost and budget overruns and even missed delivery deadlines. Traditionally risks are analyzed in terms of technical aspects like failures in the working system, unavailability of certain services, and fault intolerances to mention few. The identified risks are used to have countermeasures. However, it causes the life cycle of the system to be repeated right from the requirements engineering. On the contrary, risk analysis in the requirements engineering phase can prove fact that a stitch in time saves nine. Therefore early detection of risks in the system can help improve efficiency of software development process. Goal-oriented risk assessment has thus gained popularity as it is done in the requirements analysis phase. Stakeholder interests are considered to analyze risks and provide countermeasures to leverage quality of the system being developed. In this paper, a formal framework pertaining to Tropos goal modelling is enhanced with quantitative reasoning technique coupled with qualitative ones. Towards this end we used a conceptual framework with three layer such as asset layer, event layer and treatment layer. We used a case study project named Loan Origination Process (LOP) to evaluate the proposed framework. Our framework supports probability of satisfaction (SAT) and denial (DEN) values in addition to supporting qualitative values. The Goal-Reasoning tool is extended to have the proposed quantitative solution for risk analysis in requirements engineering. The tool performs risk analysis and produces different alternative solutions with weights that enable software engineers or domain experts to choose best solution in terms of cost and risk. The results revealed the performance improvement and utility when compared with an existing goal-driven risk assessment approach.

Download Full-text

Threat Analysis in Goal-Oriented Security Requirements Modelling

Computer Systems and Software Engineering ◽

10.4018/978-1-5225-3923-0.ch085 ◽

2017 ◽

pp. 2025-2042 ◽

Cited By ~ 2

Author(s):

Per Håkon Meland ◽

Elda Paja ◽

Erlend Andreas Gjære ◽

Stéphane Paul ◽

Fabiano Dalpiaz ◽

...

Keyword(s):

Traffic Management ◽

Mutual Influence ◽

Automated Analysis ◽

Security Requirements ◽

Tool Support ◽

Security Issues ◽

Raising Awareness ◽

Goal Modelling ◽

Threat Modelling ◽

High Level

Goal and threat modelling are important activities of security requirements engineering: goals express why a system is needed, while threats motivate the need for security. Unfortunately, existing approaches mostly consider goals and threats separately, and thus neglect the mutual influence between them. In this paper, the authors address this deficiency by proposing an approach that extends goal modelling with threat modelling and analysis. The authors show that this effort is not trivial and a trade-off between visual expressiveness, usability and usefulness has to be considered. Specifically, the authors integrate threat modelling with the socio-technical security modelling language (STS-ml), introduce automated analysis techniques that propagate threats in the combined models, and present tool support that enables reuse of threats facilitated by a threat repository. The authors illustrate their approach on a case study from the Air Traffic Management (ATM) domain, from which they extract some practical challenges. The authors conclude that threats provide a useful foundation and justification for the security requirements that the authors derive from goal modelling, but this should not be considered as a replacement to risk assessment. The usage of goals and threats early in the development process allows raising awareness of high-level security issues that occur regardless of the chosen technology and organizational processes.

Download Full-text