Powered by
2012 Second IEEE International Workshop on Requirements Patterns (RePa),
September 24, 2012,
Chicago, Illinois, USA
Second IEEE International Workshop on Requirements Patterns (RePa)
Foreword
Getting requirements right is critical to the success of just about any software development project, and yet oftentimes challenging and in need of a large amount of knowledge and experience. “Patterns” have been used to capture knowledge of software engineering, concerning software architectures, component designs and programs, and more recently requirements too.
This workshop is the second edition of the International Workshop on Requirements Patterns (RePa) that provides an open forum for researchers and practitioners to exchange ideas and experience, regarding pattern-based approaches to capturing, organizing, and reusing of all aspects of requirements engineering-related knowledge, from both product and process perspectives.
Pattern Papers
A Catalogue of Non-technical Requirement Patterns
Cristina Palomares, Carme Quer, Xavier Franch, Cindy Guerlain, and Samuel Renault
(Universitat Politècnica de Catalunya, Spain; CRP Henri Tudor, Luxembourg)
Software Requirement Patterns (SRP) have been proposed as an artifact for fostering requirements reuse. PABRE is a framework that promotes the use of SRP as a means for requirements elicitation, validation and documentation in the context of IT procurement projects. In this paper, we present a catalogue of non-technical SRP included in the framework and present in detail some of them. We also introduce the motivation to arrive to these patterns.
@InProceedings{RePa12p1,
author = {Cristina Palomares and Carme Quer and Xavier Franch and Cindy Guerlain and Samuel Renault},
title = {A Catalogue of Non-technical Requirement Patterns},
booktitle = {Proc.\ RePa},
publisher = {IEEE},
pages = {1--6},
doi = {},
year = {2012},
}
Towards Trust-Based Software Requirement Patterns
Axel Hoffmann, Matthias Söllner, Holger Hoffmann, and Jan Marco Leimeister
(Kassel University, Germany)
Users adopt trust to reduce social complexity that can be caused by the lack of knowledge about the inner working of an information system. Our aim is to translate results from trust research about the transformation of user trust in new technologies into software requirement patterns. Therefore, we collect antecedents that build trust, and develop requirement patterns that demand functionality to support these antecedents. This paper presents software requirement patterns consisting of the name, the goal, forces and the pre-defined requirement template that can be used to specify trust based requirements.
@InProceedings{RePa12p7,
author = {Axel Hoffmann and Matthias Söllner and Holger Hoffmann and Jan Marco Leimeister},
title = {Towards Trust-Based Software Requirement Patterns},
booktitle = {Proc.\ RePa},
publisher = {IEEE},
pages = {7--11},
doi = {},
year = {2012},
}
Requirements Patterns for Seismology Software Applications
Yang Li, Christian Pelties, Martin Käser, and Nitesh Narayan
(TU Munich, Germany; LMU Munich, Germany; Munich Re, Germany)
Requirements patterns help reusing the knowledge of capturing required functionalities and properties of a system. To improve requirements engineering in seismological software development, we identify commonly used requirements patterns. This paper introduces research of identifying two main requirements patterns in projects typical for computational seismology, namely, the forward simulation pattern and the data access pattern. They help efficiently and effectively eliciting requirements by providing necessary abstractions. We present a dynamic rupture example to illustrate how to apply both patterns. The patterns can foster a more productive requirements engineering process and sharing software development knowledge within the domain.
@InProceedings{RePa12p12,
author = {Yang Li and Christian Pelties and Martin Käser and Nitesh Narayan},
title = {Requirements Patterns for Seismology Software Applications},
booktitle = {Proc.\ RePa},
publisher = {IEEE},
pages = {12--16},
doi = {},
year = {2012},
}
Early Security Patterns: A Collection of Constraints to Describe Regulatory Security Requirements
Robin A. Gandhi and Mariam Rahmani
(University of Nebraska at Omaha, USA)
Security engineering involves systematically applying the accumulated experience and best practices, such as regulatory security requirements, to identify a repeatable solution that is cost-effective, continuously improved, and fulfills security expectations of the stakeholders. However, security principles and regulatory requirements are rarely applied systematically during system design. We outline a stepwise process to extract domain concepts and apply a lightweight formal modeling language, Alloy, for the representation of regulatory requirements as early security patterns. These patterns, as a collection of constraints describing regulatory requirements provide a template for the systematic integration and analysis of these constraints in a system context. Each pattern defines a constrained solution space that can be enforced in subsequent phases of secure system development, testing and operation.
@InProceedings{RePa12p17,
author = {Robin A. Gandhi and Mariam Rahmani},
title = {Early Security Patterns: A Collection of Constraints to Describe Regulatory Security Requirements},
booktitle = {Proc.\ RePa},
publisher = {IEEE},
pages = {17--22},
doi = {},
year = {2012},
}
Using Norm Analysis Patterns for Automated Requirements Validation
Richa Sharma and K. K. Biswas
(IIT Delhi, India)
Requirements validation is an integral activity of Requirements Engineering. An early detection of mismatch between the observable behavior of the real-world and the interpreted behavior of the information system after requirements analysis is essential to the success of the software developed. This paper presents how norm analysis patterns can be effectively utilized for automated software validation. Norms represent behavioral patterns in an organization. In this paper, we harness this fact to validate the elicited requirements.
@InProceedings{RePa12p23,
author = {Richa Sharma and K. K. Biswas},
title = {Using Norm Analysis Patterns for Automated Requirements Validation},
booktitle = {Proc.\ RePa},
publisher = {IEEE},
pages = {23--28},
doi = {},
year = {2012},
}
Technical Papers
Security Requirements Patterns: Understanding the Science Behind the Art of Pattern Writing
Maria Riaz and Laurie Williams
(North Carolina State University, USA)
Security requirements engineering ideally combines expertise in software security with proficiency in requirements engineering to provide a foundation for developing secure systems. However, security requirements are often inadequately understood and improperly specified, often due to lack of security expertise and a lack of emphasis on security during early stages of system development. Software systems often have common and recurrent security requirements in addition to system-specific security needs. Security requirements patterns can provide a means of capturing common security requirements while documenting the context in which a requirement manifests itself and the tradeoffs involved. The objective of this paper is to aid in understanding of the process for pattern development and provide considerations for writing effective security requirements patterns. We analyzed existing literature on software patterns, problem solving and cognition to outline the process for developing software patterns. We also reviewed strategies for specifying reusable security requirements and security requirements patterns. Our proposed considerations can aid pattern writers in capturing necessary contextual information when documenting security requirements patterns to facilitate application and integration of security requirements.
@InProceedings{RePa12p29,
author = {Maria Riaz and Laurie Williams},
title = {Security Requirements Patterns: Understanding the Science Behind the Art of Pattern Writing},
booktitle = {Proc.\ RePa},
publisher = {IEEE},
pages = {29--34},
doi = {},
year = {2012},
}
Using the Goal-Oriented Pattern Family Framework for Modelling Outcome-Based Regulations
Saeed Ahmadi Behnam, Daniel Amyot, Gunter Mussbacher, Edna Braun, Nick Cartwright, and Mario Saucier
(University of Ottawa, Canada; Carleton University, Canada; Transport Canada, Canada)
Outcome-based regulations focus on measurable goals rather than on prescriptive ways of achieving these goals. As regulators start evolving regulations towards an outcome-based approach, it becomes important to reuse knowledge about existing problems and solutions, and patterns are known to be a means of increasing reusability. Regulatory parties can benefit from a pattern-based framework that (i) lays down a foundation for capturing knowledge about business goals and processes, (ii) provides methods for reusing this knowledge by extracting and customizing models for specific stakeholders, and (iii) enables evolution of the knowledge when new problems and solutions emerge. In this paper, we provide systematic steps for eliciting requirements leading to the creation of patterns and families and show the applicability of the Goal-oriented Pattern Family framework in this novel context. We improve the framework’s infrastructure and include the concept of indicator in the framework in order to facilitate the reuse of compliance measurement approaches, in context.
@InProceedings{RePa12p35,
author = {Saeed Ahmadi Behnam and Daniel Amyot and Gunter Mussbacher and Edna Braun and Nick Cartwright and Mario Saucier},
title = {Using the Goal-Oriented Pattern Family Framework for Modelling Outcome-Based Regulations},
booktitle = {Proc.\ RePa},
publisher = {IEEE},
pages = {35--40},
doi = {},
year = {2012},
}
Towards a Framework for Pattern Experimentation: Understanding Empirical Validity in Requirements Engineering Patterns
Travis D. Breaux, Hanan Hibshi, Ashwini Rao, and Jean-Michel Lehker
(CMU, USA; University of Texas at San Antonio, USA)
Despite the abundance of information security guidelines, system developers have difficulties implementing technical solutions that are reasonably secure. Security patterns are one possible solution to help developers reuse security knowledge. The challenge is that it takes experts to develop security patterns. To address this challenge, we need a framework to identify and assess patterns and pattern application practices that are accessible to non-experts. In this paper, we narrowly define what we mean by patterns by focusing on requirements patterns and the considerations that may inform how we identify and validate patterns for knowledge reuse. We motivate this discussion using examples from the requirements pattern literature and theory in cognitive psychology.
@InProceedings{RePa12p41,
author = {Travis D. Breaux and Hanan Hibshi and Ashwini Rao and Jean-Michel Lehker},
title = {Towards a Framework for Pattern Experimentation: Understanding Empirical Validity in Requirements Engineering Patterns},
booktitle = {Proc.\ RePa},
publisher = {IEEE},
pages = {41--47},
doi = {},
year = {2012},
}
Characterizations and Boundaries of Security Requirements Patterns
Rocky Slavin, Hui Shen, and Jianwei Niu
(University of Texas at San Antonio, USA)
Very often in the software development life cycle,
security is applied too late or important security aspects are
overlooked. Although the use of security patterns is gaining
popularity, the current state of security requirements patterns
is such that there is not much in terms of a defining structure.
To address this issue, we are working towards defining the
important characteristics as well as the boundaries for security
requirements patterns in order to make them more effective.
By examining an existing general pattern format that describes
how security patterns should be structured and comparing it
to existing security requirements patterns, we are deriving
characterizations and boundaries for security requirements
patterns. From these attributes, we propose a defining format.
We hope that these can reduce user effort in elicitation and
specification of security requirements patterns.
@InProceedings{RePa12p48,
author = {Rocky Slavin and Hui Shen and Jianwei Niu},
title = {Characterizations and Boundaries of Security Requirements Patterns},
booktitle = {Proc.\ RePa},
publisher = {IEEE},
pages = {48--53},
doi = {},
year = {2012},
}
Pattern-Based Security Requirements Specification Using Ontologies and Boilerplates
Olawande Daramola, Guttorm Sindre, and Tor Stålhane
(NTNU, Norway; Covenant University, Nigeria)
The task of specifying and managing security requirements (SR) is a challenging one. Usually SR are often neglected or considered too late – leading to poor design, and cost overruns. Also, there is scarce expertise in managing SR, because most requirements engineering teams do not include security experts, which leads to prevalence of too vague or overly specific SR. In this work, we present an ontology-based approach that uses predefined pattern-based templates – requirements boilerplates – to aid requirements engineers in the formulation of SR. We realized the approach via a prototype tool that enables the formulation of SR from textual misuse case (TMUC) descriptions of security threat scenarios. The results from a preliminary evaluation suggest the viability of the proposed approach, in that the tool was judged as easy to use, supports reuse, and facilitates the formulation of good quality SR.
@InProceedings{RePa12p54,
author = {Olawande Daramola and Guttorm Sindre and Tor Stålhane},
title = {Pattern-Based Security Requirements Specification Using Ontologies and Boilerplates},
booktitle = {Proc.\ RePa},
publisher = {IEEE},
pages = {54--59},
doi = {},
year = {2012},
}
proc time: 0.02