RE 2012 Workshops
RE 2012 Workshops
Powered by
Conference Publishing Consulting

2012 Second IEEE International Workshop on Requirements Patterns (RePa), September 24, 2012, Chicago, Illinois, USA

RePa 2012 – Proceedings

Contents - Abstracts - Authors

Second IEEE International Workshop on Requirements Patterns (RePa)

Title Page


Foreword
Getting requirements right is critical to the success of just about any software development project, and yet oftentimes challenging and in need of a large amount of knowledge and experience. “Patterns” have been used to capture knowledge of software engineering, concerning software architectures, component designs and programs, and more recently requirements too.
This workshop is the second edition of the International Workshop on Requirements Patterns (RePa) that provides an open forum for researchers and practitioners to exchange ideas and experience, regarding pattern-based approaches to capturing, organizing, and reusing of all aspects of requirements engineering-related knowledge, from both product and process perspectives.

Pattern Papers

A Catalogue of Non-technical Requirement Patterns
Cristina Palomares, Carme Quer, Xavier Franch, Cindy Guerlain, and Samuel Renault
(Universitat Politècnica de Catalunya, Spain; CRP Henri Tudor, Luxembourg)
Software Requirement Patterns (SRP) have been proposed as an artifact for fostering requirements reuse. PABRE is a framework that promotes the use of SRP as a means for requirements elicitation, validation and documentation in the context of IT procurement projects. In this paper, we present a catalogue of non-technical SRP included in the framework and present in detail some of them. We also introduce the motivation to arrive to these patterns.

Towards Trust-Based Software Requirement Patterns
Axel Hoffmann, Matthias Söllner, Holger Hoffmann, and Jan Marco Leimeister
(Kassel University, Germany)
Users adopt trust to reduce social complexity that can be caused by the lack of knowledge about the inner working of an information system. Our aim is to translate results from trust research about the transformation of user trust in new technologies into software requirement patterns. Therefore, we collect antecedents that build trust, and develop requirement patterns that demand functionality to support these antecedents. This paper presents software requirement patterns consisting of the name, the goal, forces and the pre-defined requirement template that can be used to specify trust based requirements.

Requirements Patterns for Seismology Software Applications
Yang Li, Christian Pelties, Martin Käser, and Nitesh Narayan
(TU Munich, Germany; LMU Munich, Germany; Munich Re, Germany)
Requirements patterns help reusing the knowledge of capturing required functionalities and properties of a system. To improve requirements engineering in seismological software development, we identify commonly used requirements patterns. This paper introduces research of identifying two main requirements patterns in projects typical for computational seismology, namely, the forward simulation pattern and the data access pattern. They help efficiently and effectively eliciting requirements by providing necessary abstractions. We present a dynamic rupture example to illustrate how to apply both patterns. The patterns can foster a more productive requirements engineering process and sharing software development knowledge within the domain.

Early Security Patterns: A Collection of Constraints to Describe Regulatory Security Requirements
Robin A. Gandhi and Mariam Rahmani
(University of Nebraska at Omaha, USA)
Security engineering involves systematically applying the accumulated experience and best practices, such as regulatory security requirements, to identify a repeatable solution that is cost-effective, continuously improved, and fulfills security expectations of the stakeholders. However, security principles and regulatory requirements are rarely applied systematically during system design. We outline a stepwise process to extract domain concepts and apply a lightweight formal modeling language, Alloy, for the representation of regulatory requirements as early security patterns. These patterns, as a collection of constraints describing regulatory requirements provide a template for the systematic integration and analysis of these constraints in a system context. Each pattern defines a constrained solution space that can be enforced in subsequent phases of secure system development, testing and operation.

Using Norm Analysis Patterns for Automated Requirements Validation
Richa Sharma and K. K. Biswas
(IIT Delhi, India)
Requirements validation is an integral activity of Requirements Engineering. An early detection of mismatch between the observable behavior of the real-world and the interpreted behavior of the information system after requirements analysis is essential to the success of the software developed. This paper presents how norm analysis patterns can be effectively utilized for automated software validation. Norms represent behavioral patterns in an organization. In this paper, we harness this fact to validate the elicited requirements.

Technical Papers

Security Requirements Patterns: Understanding the Science Behind the Art of Pattern Writing
Maria Riaz and Laurie Williams
(North Carolina State University, USA)
Security requirements engineering ideally combines expertise in software security with proficiency in requirements engineering to provide a foundation for developing secure systems. However, security requirements are often inadequately understood and improperly specified, often due to lack of security expertise and a lack of emphasis on security during early stages of system development. Software systems often have common and recurrent security requirements in addition to system-specific security needs. Security requirements patterns can provide a means of capturing common security requirements while documenting the context in which a requirement manifests itself and the tradeoffs involved. The objective of this paper is to aid in understanding of the process for pattern development and provide considerations for writing effective security requirements patterns. We analyzed existing literature on software patterns, problem solving and cognition to outline the process for developing software patterns. We also reviewed strategies for specifying reusable security requirements and security requirements patterns. Our proposed considerations can aid pattern writers in capturing necessary contextual information when documenting security requirements patterns to facilitate application and integration of security requirements.

Using the Goal-Oriented Pattern Family Framework for Modelling Outcome-Based Regulations
Saeed Ahmadi Behnam, Daniel Amyot, Gunter Mussbacher, Edna Braun, Nick Cartwright, and Mario Saucier
(University of Ottawa, Canada; Carleton University, Canada; Transport Canada, Canada)
Outcome-based regulations focus on measurable goals rather than on prescriptive ways of achieving these goals. As regulators start evolving regulations towards an outcome-based approach, it becomes important to reuse knowledge about existing problems and solutions, and patterns are known to be a means of increasing reusability. Regulatory parties can benefit from a pattern-based framework that (i) lays down a foundation for capturing knowledge about business goals and processes, (ii) provides methods for reusing this knowledge by extracting and customizing models for specific stakeholders, and (iii) enables evolution of the knowledge when new problems and solutions emerge. In this paper, we provide systematic steps for eliciting requirements leading to the creation of patterns and families and show the applicability of the Goal-oriented Pattern Family framework in this novel context. We improve the framework’s infrastructure and include the concept of indicator in the framework in order to facilitate the reuse of compliance measurement approaches, in context.

Towards a Framework for Pattern Experimentation: Understanding Empirical Validity in Requirements Engineering Patterns
Travis D. Breaux, Hanan Hibshi, Ashwini Rao, and Jean-Michel Lehker
(CMU, USA; University of Texas at San Antonio, USA)
Despite the abundance of information security guidelines, system developers have difficulties implementing technical solutions that are reasonably secure. Security patterns are one possible solution to help developers reuse security knowledge. The challenge is that it takes experts to develop security patterns. To address this challenge, we need a framework to identify and assess patterns and pattern application practices that are accessible to non-experts. In this paper, we narrowly define what we mean by patterns by focusing on requirements patterns and the considerations that may inform how we identify and validate patterns for knowledge reuse. We motivate this discussion using examples from the requirements pattern literature and theory in cognitive psychology.

Characterizations and Boundaries of Security Requirements Patterns
Rocky Slavin, Hui Shen, and Jianwei Niu
(University of Texas at San Antonio, USA)
Very often in the software development life cycle, security is applied too late or important security aspects are overlooked. Although the use of security patterns is gaining popularity, the current state of security requirements patterns is such that there is not much in terms of a defining structure. To address this issue, we are working towards defining the important characteristics as well as the boundaries for security requirements patterns in order to make them more effective. By examining an existing general pattern format that describes how security patterns should be structured and comparing it to existing security requirements patterns, we are deriving characterizations and boundaries for security requirements patterns. From these attributes, we propose a defining format. We hope that these can reduce user effort in elicitation and specification of security requirements patterns.

Pattern-Based Security Requirements Specification Using Ontologies and Boilerplates
Olawande Daramola, Guttorm Sindre, and Tor Stålhane
(NTNU, Norway; Covenant University, Nigeria)
The task of specifying and managing security requirements (SR) is a challenging one. Usually SR are often neglected or considered too late – leading to poor design, and cost overruns. Also, there is scarce expertise in managing SR, because most requirements engineering teams do not include security experts, which leads to prevalence of too vague or overly specific SR. In this work, we present an ontology-based approach that uses predefined pattern-based templates – requirements boilerplates – to aid requirements engineers in the formulation of SR. We realized the approach via a prototype tool that enables the formulation of SR from textual misuse case (TMUC) descriptions of security threat scenarios. The results from a preliminary evaluation suggest the viability of the proposed approach, in that the tool was judged as easy to use, supports reuse, and facilitates the formulation of good quality SR.

proc time: 0.02