2017 IEEE 25th International Requirements Engineering Conference Workshops (REW)最新文献

{"title":"Exploratory Study of the Privacy Extension for System Theoretic Process Analysis (STPA-Priv) to Elicit Privacy Risks in eHealth","authors":"K. Mindermann, Frederik Riedel, Asim Abdulkhaleq, Christoph Stach, Stefan Wagner","doi":"10.1109/REW.2017.30","DOIUrl":"https://doi.org/10.1109/REW.2017.30","url":null,"abstract":"Context: System Theoretic Process Analysis for Privacy (STPA-Priv) is a novel privacy risk elicitation method using a top down approach. It has not gotten very much attention but may offer a convenient structured approach and generation of additional artifacts compared to other methods. Aim: The aim of this exploratory study is to find out what benefits the privacy risk elicitation method STPA-Priv has and to explain how the method can be used. Method: Therefore we apply STPA-Priv to a real world health scenario that involves a smart glucose measurement device used by children. Different kinds of data from the smart device including location data should be shared with the parents, physicians, and urban planners. This makes it a sociotechnical system that offers adequate and complex privacy risks to be found. Results: We find out that STPA-Priv is a structured method for privacy analysis and finds complex privacy risks. The method is supported by a tool called XSTAMPP which makes the analysis and its results more profound. Additionally, we learn that an iterative application of the steps might be necessary to find more privacy risks when more information about the system is available later. Conclusions: STPA-Priv helps to identify complex privacy risks that are derived from sociotechnical interactions in a system. It also outputs privacy constraints that are to be enforced by the system to ensure privacy.","PeriodicalId":382958,"journal":{"name":"2017 IEEE 25th International Requirements Engineering Conference Workshops (REW)","volume":"2012 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121547046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Traceability for Automated Production Systems: A Position Paper","authors":"Mounifah Alenazi, Nan Niu, Wentao Wang, Arushi Gupta","doi":"10.1109/REW.2017.55","DOIUrl":"https://doi.org/10.1109/REW.2017.55","url":null,"abstract":"Automated production systems are design-to-order, custom-built mechatronic systems that are intended to deliver automation capabilities to satisfy the stakeholder requirements in the manufacturing/production domain. Traceability has its research root in requirements engineering (RE) and is defined as \"the ability to describe and follow the life of a requirement\". Such descriptions and followings have mainly been scoped within a single software project's process and artifacts. We argue that, in the context of automated production systems, the scope of traceability shall go beyond the software engineering boundary into the environments which the software is operated. We outline in this position paper our aim to define a new form of the trace links and to explore the role of these links in the RE of automated production systems. In particular, we adapt a formal interaction-oriented RE framework that focuses on specifying the commitments of participants rather than the goals of each individual participant. We then integrate model checking into the framework to elaborate when, why, and how much traceability should be instrumented. We demonstrate our approach with a bench-scale automated production system where model-driven engineering practices such as constructing and evolving SysML models are adopted.","PeriodicalId":382958,"journal":{"name":"2017 IEEE 25th International Requirements Engineering Conference Workshops (REW)","volume":"34 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115155189","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Refinement and Resolution of Just-in-Time Requirements in Open Source Software: A Case Study","authors":"A. Q. Do, Tanmay Bhowmik","doi":"10.1109/REW.2017.42","DOIUrl":"https://doi.org/10.1109/REW.2017.42","url":null,"abstract":"Just-in-time (JIT) requirements are characterized as not following the traditional requirement engineering approach, instead focusing on elaboration when the implementation begins. In this experience report, we analyze both functional and nonfunctional JIT requirements from three successful open source software (OSS) projects, including Firefox, Lucene, and Mylyn, to explore the common activities that shaped those requirements. We identify a novel refinement and resolution process that all studied requirements followed from requirement inception to their complete realization and subsequent release. This research provides new insights into how OSS project teams create quality features from simple initial descriptions of JIT requirements. Our study also initiates three captivating questions regarding JIT requirements and opens new avenues for further research in this emerging field.","PeriodicalId":382958,"journal":{"name":"2017 IEEE 25th International Requirements Engineering Conference Workshops (REW)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116242821","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"From User Demand to Software Service: Using Machine Learning to Automate the Requirements Specification Process","authors":"L. V. Rooijen, F. S. Bäumer, Marie Christin Platenius, Michaela Geierhos, Heiko Hamann, G. Engels","doi":"10.1109/REW.2017.26","DOIUrl":"https://doi.org/10.1109/REW.2017.26","url":null,"abstract":"Bridging the gap between informal, imprecise, and vague user requirements descriptions and precise formalized specifications is the main task of requirements engineering. Techniques such as interviews or story telling are used when requirements engineers try to identify a user's needs. The requirements specification process is typically done in a dialogue between users, domain experts, and requirements engineers. In our research, we aim at automating the specification of requirements. The idea is to distinguish between untrained users and trained users, and to exploit domain knowledge learned from previous runs of our system. We let untrained users provide unstructured natural language descriptions, while we allow trained users to provide examples of behavioral descriptions. In both cases, our goal is to synthesize formal requirements models similar to statecharts. From requirements specification processes with trained users, behavioral ontologies are learned which are later used to support the requirements specification process for untrained users. Our research method is original in combining natural language processing and search-based techniques for the synthesis of requirements specifications. Our work is embedded in a larger project that aims at automating the whole software development and deployment process in envisioned future software service markets.","PeriodicalId":382958,"journal":{"name":"2017 IEEE 25th International Requirements Engineering Conference Workshops (REW)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116940389","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Toward an Approach to Privacy Notices in IoT","authors":"Parvaneh Shayegh, S. Ghanavati","doi":"10.1109/REW.2017.77","DOIUrl":"https://doi.org/10.1109/REW.2017.77","url":null,"abstract":"Companies are obliged to have privacy policies in place to notify the users about their privacy practices. However, privacy policies are not generally efficient and they fail to help users make informed decisions. The privacy policy challenges get worse when dealing with Internet of Things (IoT) as these devices have access to very sensitive data about users. Much research have addressed these problems using different approaches to make privacy policies more understandable. With the increase in the use of IoT, there is a large demand to improve privacy policies and provide better notices. In this paper, we propose a method to extract notice and choice statements from privacy policies for IoT users to decide about their privacy. We explain our approach by considering Google Home and Amazon Alexa as case studies. We show how our method creates notice and choices and evaluate our approach by conducting a survey among users. Our result shows that our proposed method is useful for the users to make decision and understand privacy notices.","PeriodicalId":382958,"journal":{"name":"2017 IEEE 25th International Requirements Engineering Conference Workshops (REW)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122274309","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An Effective Immersive Cyber Security Awareness Learning Platform for Businesses in the Hospitality Sector","authors":"John Holdsworth, E. Apeh","doi":"10.1109/REW.2017.47","DOIUrl":"https://doi.org/10.1109/REW.2017.47","url":null,"abstract":"The rapid digitalisation of the hospitality industry over recent years has brought forth many new points of attack for consideration. The hasty implementation of these systems has created a reality in which businesses are using the technical solutions, but employees have very little awareness when it comes to the threats and implications that they might present. This gap in awareness is further compounded by the existence of preestablished, often rigid, cultures that drive how hospitality businesses operate. Potential attackers are recognising this and the last two years have seen a huge increase in cyber-attacks within the sector.Attempts at addressing the increasing threats have taken the form of technical solutions such as encryption, access control, CCTV, etc. However, a high majority of security breaches can be directly attributed to human error. It is therefore necessary that measures for addressing the rising trend of cyber-attacks go beyond just providing technical solutions and make provision for educating employees about how to address the human elements of security. Inculcating security awareness amongst hospitality employees will provide a foundation upon which a culture of security can be created to promote the seamless and secured interaction of hotel users and technology.One way that the hospitality industry has tried to solve the awareness issue is through their current paper-based training. This is unengaging, expensive and presents limited ways to deploy, monitor and evaluate the impact and effectiveness of the content. This leads to cycles of constant training, making it very hard to initiate awareness, particularly within those on minimum waged, short-term job roles.This paper presents a structured approach for eliciting industry requirement for developing and implementing an immersive Cyber Security Awareness learning platform. It used a series of over 40 interviews and threat analysis of the hospitality industry to identify the requirements for designing and implementing cyber security program which encourage engagement through a cycle of reward and recognition. In particular, the need for the use of gamification elements to provide an engaging but gentle way of educating those with little or no desire to learn was identified and implemented. Also presented is a method for guiding and monitoring the impact of their employee’s progress through the learning management system whilst monitoring the levels of engagement and positive impact the training is having on the business.","PeriodicalId":382958,"journal":{"name":"2017 IEEE 25th International Requirements Engineering Conference Workshops (REW)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131838191","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"From RELAW Research to Practice: Reflections on an Ongoing Technology Transfer Project","authors":"Nicolas Sannier, M. Sabetzadeh, L. Briand","doi":"10.1109/REW.2017.28","DOIUrl":"https://doi.org/10.1109/REW.2017.28","url":null,"abstract":"Over the past years, we have been studying the topic of automated metadata extraction from legal texts. While our research has been motivated primarily by RE problems, we have observed that the interdisciplinarity of the research on legal metadata, and indeed on several other topics considered by the RELAW community, has the potential to trigger innovation beyond the traditional RE. In particular, legal metadata is a key enabler for the rapidly-expanding field of Legal Technology (LegalTech). In this short paper, we describe the preliminary steps we have taken toward transitioning a prototype tool for legal metadata extraction (developed in our previous work) into a platform that is palatable to the LegalTech market. We hope that our findings would provide useful insights about the value chain for legal metadata and further offer a concrete example of a technology transfer attempt that is rooted in RELAW research.","PeriodicalId":382958,"journal":{"name":"2017 IEEE 25th International Requirements Engineering Conference Workshops (REW)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133938751","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"How to Make Use of Empirical Knowledge About Testers’ Information Needs","authors":"Anne Hess, Jörg Dörr, N. Seyff","doi":"10.1109/REW.2017.63","DOIUrl":"https://doi.org/10.1109/REW.2017.63","url":null,"abstract":"Software requirements specifications (SRS) serve as a source of communication and information for a variety of roles involved in development activities. From the viewpoint of these SRS consumers, which includes testers as one of the key customers, the analysis of requirements specifications is often frustrating as it is time consuming and often requiring a lot of cognitive effort due to the increasing complexity of the documented information. Filtering the large amount of information by generating views that fit role-specific demands of SRS consumers is a promising solution approach for tackling this problem. This paper discusses concepts and key functionalities of an initial tool implementation of our proposed solution that is based on detailed knowledge about information needs that we gained in a series of empirical studies. Furthermore, we present potential usage scenarios illustrating its application in industry from the viewpoint of a tester.","PeriodicalId":382958,"journal":{"name":"2017 IEEE 25th International Requirements Engineering Conference Workshops (REW)","volume":"393 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122850110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Evaluation of Goal Models in Reuse Hierarchies with Delayed Decisions","authors":"Mustafa Berk Duran, G. Mussbacher","doi":"10.1109/REW.2017.66","DOIUrl":"https://doi.org/10.1109/REW.2017.66","url":null,"abstract":"Trade-off analysis through goal model evaluation has been a valuable tool for requirements elicitation and analysis. This is also true in the context of reuse. When goal models are used to describe reusable artifacts and to represent the impacts of reusable artifacts on high-level goals and qualities, they can guide the selection of reusable artifacts to build reuse hierarchies. In previous work, we introduced the use of relative contribution values for reusable goal models, while considering constraints imposed by other modeling notations. In this paper, we expand the result of goal model evaluation from the typical single satisfaction value to a range of values that are still possible based on the current task selections. In the context of reuse hierarchies, we call the remaining task selections delayed decisions because they are postponed to a higher level in the reuse hierarchy when more is known about the system under development. The extended algorithm takes into account the delayed decisions and evaluates the best and worst possible results that can be obtained with the task selections that have been made in the entire reuse hierarchy. The distinct levels in the reuse hierarchy are leveraged to manage the computational complexity of this reuse hierarchy-wide evaluation. A proof-of-concept implementation of the novel evaluation algorithm is presented in the concern-oriented software design modeling tool TouchCORE.","PeriodicalId":382958,"journal":{"name":"2017 IEEE 25th International Requirements Engineering Conference Workshops (REW)","volume":"170 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123756781","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Automated Identification of Component State Transition Model Elements from Requirements","authors":"Kaushik Madala, Danielle Gaither, Rodney D. Nielsen, Hyunsook Do","doi":"10.1109/REW.2017.73","DOIUrl":"https://doi.org/10.1109/REW.2017.73","url":null,"abstract":"Most system requirements are currently written in common, i.e., unstructured, natural language, which existing requirements analysis tools are poorly equipped to handle. Extracting mentions of model elements from common natural language requirements is a first step toward the automation of model-driven requirements analysis. We propose an approach in which we identify mentions of elements of a component state transition (CST) model in natural language requirements by creating classifiers using a recurrent neural network with long short-term memory. To evaluate our approach, we performed a study on a pacemaker system requirements document, and the results show promising directions for future research.","PeriodicalId":382958,"journal":{"name":"2017 IEEE 25th International Requirements Engineering Conference Workshops (REW)","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128373128","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}