Visualising personas as goal models to find security tensions

Purpose This paper aims to present a tool-supported approach for visualising personas as social goal models, which can subsequently be used to identify security tensions. Design/methodology/approach The authors devised an approach to partially automate the construction of social goal models from personas. The authors provide two examples of how this approach can identify previously hidden implicit vulnerabilities and validate ethical hazards faced by penetration testers and their safeguards. Findings Visualising personas as goal models makes it easier for stakeholders to see implications of their goals being satisfied or denied and designers to incorporate the creation and analysis of such models into the broader requirements engineering (RE) tool-chain. Originality/value The approach can be used with minimal changes to existing user experience and goal modelling approaches and security RE tools.

Visualization of the Values of Requirements Attributes with Goal Models

Attributes such as cost, risk, priority, and customer satisfaction are integral components of requirements specifications, helping with decision-making during the software development process. Moreover, requirements status and stability are relevant meta-information for requirements management. Even though goal modelling is a visual approach for requirements engineering that enables expressing and reasoning about goals, qualities, tasks and resources, existing approaches do not include the aforementioned attributes as part of the visualization of the models. This paper presents a set of strategies for visually representing requirements attributes over goal models, aiming at minimizing the cognitive effort required in their analysis. The proposal is supported by a tool that implements the visualization strategies here defined. Empirical evaluation of the effectiveness of the proposal, however, is expected to be carried out as future work.

A Framework for Enhanced Tropos Goal-Driven Risk Assessment in Requirements Engineering

Every process model used by software industry has different phases including requirement engineering. This is the crucial phase as it is preceded by other phases and provides valuable inputs to the design phase. Risk assessment made in this phase can help avoid wastage of time, effort, cost and budget overruns and even missed delivery deadlines. Traditionally risks are analyzed in terms of technical aspects like failures in the working system, unavailability of certain services, and fault intolerances to mention few. The identified risks are used to have countermeasures. However, it causes the life cycle of the system to be repeated right from the requirements engineering. On the contrary, risk analysis in the requirements engineering phase can prove fact that a stitch in time saves nine. Therefore early detection of risks in the system can help improve efficiency of software development process. Goal-oriented risk assessment has thus gained popularity as it is done in the requirements analysis phase. Stakeholder interests are considered to analyze risks and provide countermeasures to leverage quality of the system being developed. In this paper, a formal framework pertaining to Tropos goal modelling is enhanced with quantitative reasoning technique coupled with qualitative ones. Towards this end we used a conceptual framework with three layer such as asset layer, event layer and treatment layer. We used a case study project named Loan Origination Process (LOP) to evaluate the proposed framework. Our framework supports probability of satisfaction (SAT) and denial (DEN) values in addition to supporting qualitative values. The Goal-Reasoning tool is extended to have the proposed quantitative solution for risk analysis in requirements engineering. The tool performs risk analysis and produces different alternative solutions with weights that enable software engineers or domain experts to choose best solution in terms of cost and risk. The results revealed the performance improvement and utility when compared with an existing goal-driven risk assessment approach.

Agent-Oriented Requirement Engineering for Mobile Application Development

<span>Mobile application development is receiving much attention nowadays. With the enhancement of mobile application tools like an Android studio, etc. and kinds of online support, the development of the mobile application is getting easier. Indeed, mobile application development is not a trivial task. When given a particular problem, a novice mobile programmer will commonly sketch the mobile interface followed by coding. The rapid prototyping technique and trial from errors have led to issues such as poor domain understanding. We argue that a complete understanding of the domain is needed for mobile application development. Hence, requirements engineering is an important phase. This paper introduces a technique to assist mobile application development through Agent-Oriented Requirements Engineering (AORE). AORE consists of goal modelling to analyse and understand a mobile-based project. With goal modelling, AORE allows a modeller to identify and analyse the functionalities and non-functionalities of the system and present a holistic view of the proposed system. It showcases the services, operations and constraints of the proposed system. AORE is a useful part of the development phase and can complement current steps in mobile application development lifecycle.</span>