A Framework for Enhanced Tropos Goal-Driven Risk Assessment in Requirements Engineering

  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract

    Every process model used by software industry has different phases including requirement engineering. This is the crucial phase as it is preceded by other phases and provides valuable inputs to the design phase. Risk assessment made in this phase can help avoid wastage of time, effort, cost and budget overruns and even missed delivery deadlines. Traditionally risks are analyzed in terms of technical aspects like failures in the working system, unavailability of certain services, and fault intolerances to mention few. The identified risks are used to have countermeasures. However, it causes the life cycle of the system to be repeated right from the requirements engineering. On the contrary, risk analysis in the requirements engineering phase can prove fact that a stitch in time saves nine. Therefore early detection of risks in the system can help improve efficiency of software development process. Goal-oriented risk assessment has thus gained popularity as it is done in the requirements analysis phase. Stakeholder interests are considered to analyze risks and provide countermeasures to leverage quality of the system being developed. In this paper, a formal framework pertaining to Tropos goal modelling is enhanced with quantitative reasoning technique coupled with qualitative ones. Towards this end we used a conceptual framework with three layer such as asset layer, event layer and treatment layer. We used a case study project named Loan Origination Process (LOP) to evaluate the proposed framework. Our framework supports probability of satisfaction (SAT) and denial (DEN) values in addition to supporting qualitative values. The Goal-Reasoning tool is extended to have the proposed quantitative solution for risk analysis in requirements engineering. The tool performs risk analysis and produces different alternative solutions with weights that enable software engineers or domain experts to choose best solution in terms of cost and risk. The results revealed the performance improvement and utility when compared with an existing goal-driven risk assessment approach.



  • Keywords

    Requirements analysis, Tropos goal-driven risk assessment, goal-oriented requirements engineering

  • References

      [1]. Raimundas Matuleviˇcius,Haralambos Mouratidis and Nicolas Mayer, Eric Dubois. (2012). Syntactic and Semantic Extensions to Secure Tropos to Support Security Risk Management. Journal of Universal Computer Science. 18 (6), p816-844.

      [2]. Naved Ahmed , Raimundas Matuleviˇcius and Haralambos Mouratidis. (2011). A Model Transformation from Misuse Cases to Secure Tropos, p1-8.


      [4]. K.Venkatesh Sharma and PV Kumar,Ph.D. (2013). An Efficient Risk Analysis based Risk Priority in Requirement Engineering using Modified Goal Risk Model. International Journal of Computer Applications. 73 (14), p15-25.

      [5]. K.Venkatesh Sharma and Dr P.V.Kumar. (2013). A Method to Risk Analysis in Requirement Engineering Using Tropos Goal Model with Optimized Candidate Solutions. International Journal of Computer Science Issues. 10 (6), p250-259.

      [6]. Antoine Cailliau and Axel van Lamsweerde. (2013). Assessing requirements-related risks through probabilistic goals and obstacles. Springer, p1-19.

      [7]. Denisse Mu˜nante, Vanea Chiprianov, Laurent Gallon and Philippe Aniort. (2016). A Review of Security Requirements Engineering Methods with Respect to Risk Analysis and Model-Driven Engineering. International Cross-Domain Conference and Workshop on Availability, p1-17 .

      [8]. Kristian Beckers, Stephan Faßbender, Maritta Heisel, Jan-Christoph K¨uster and Holger Schmidt. (2009). Supporting the Development and Documentation of ISO 27001 Information Security Management Systems Through Security Requirements Engineering Approaches, p1-8.

      [9]. Armstrong Nhlabatsi,Bashar Nuseibeh and Yijun Yu. (2012). Security Requirements Engineering for Evolving Software Systems: A Survey, P1-3.

      [10]. Tong Li and Jennifer Horkoff. (2010). Dealing with Security Requirements for Socio-Technical Systems, A Holistic Approach, p1-15.

      [11]. Amina Souag, Camille Salinesi, Isabelle Wattiau and Haralambos Mouratidis. (2013). Using Security and Domain ontologies for Security Requirements Analysis. The 8th IEEE International Workshop on Security, p1-8.

      [12]. Cyril Onwubiko. (2012). Modelling Situation Awareness Information and System Requirements for the Mission using Goal-Oriented Task Analysis Approach, P1-3.

      [13]. Jennifer Marie Horkoff . (2012). Iterative, Interactive Analysis of Agent-Goal Models for Early Requirements Engineering, P1-449.

      [14]. Mirko Morandini, Fabiano Dalpiaz, Cu Duy Nguyen, and Alberto Siena. (2011). The Tropos Software Engineering Methodology, P1-31.

      [15]. Mirko Morandini · Loris Penserini AND Anna Perini · Alessandro Marchetto. (2012). Engineering Requirements for Adaptive Systems. Requirements Engineering, P1-28 .

      [16]. Yudistira Asnar , Paolo Giorgini and John Mylopoulos. (2011). Goal-driven risk assessment in requirements engineering. Springer, p101–116.

      [17]. Emmanuel Letier and Axel van Lamsweerde. (2004). Reasoning about Partial Goal Satisfaction for Requirements and Design Engineering. ACM, p1-11.

      [18]. G. Goos, J. Hartmanis, and J. van Leeuwen. (2002). Lecture Notes in Computer Science. Springer, p1-432 .

      [19]. G. Goos, J. Hartmanis, and J. van Leeuwen. (2003). Lecture Notes in Computer Science. Springer, P1-244.

      [20]. Yudistira Asnar , Paolo Giorgini and John Mylopoulos. (2011). Goal-driven risk assessment in requirements engineering. Springer, p101–116.

      [21]. Daniele Barone, Lei Jiang, Daniel Amyot and John Mylopoulos. (2011). Reasoning with Key Performance Indicators. International Federation for Information Processing, p 82–96.


      [23]. Lawrence Chung. (1993). Dealing with Security Requirements During the Development of Information Systems. 5th Int. Conf. on Advanced Info. Sys. Eng, p234-251.

      [24]. Daniel Gross and Eric Yu. (2001). From Non-Functional Requirements to Design through Patterns. Springer, p18–36.

      [25]. Haralambos Mouratidis , Paolo Giorgini , Gordon Manson and Ian Philp. (2002). A Natural Extension of Tropos Methodology for Modelling Security, P1-13.

      [26]. Lin Liu, Eric Yu and John Mylopoulos. (2002). Security and Privacy Requirements Analysis within a Social Setting, P1-11 .

      [27]. David Hutchison. (2005). Foundations of Security Analysis and Design III. Springer, p1-279.

      [28]. Alfonso Rodríguez a , Eduardo Fernández-Medina b, Juan Trujillo c and Mario Piattini. (2011). Secure business process model specification through a UML 2.0 activity diagram profile. elsever, P446–465.

      [29]. Peter Herrmann and Gaby Herrmann. (2006). Security requirement analysis of business processes. Springer, p305–335.

      [30]. Michael Armstrong. (1999). $WWDFN 7UHHV UXFH 6FKQHLHU, P1-60.

      [31]. Guttorm Sindre , Andreas L and Opdahl. (2005). Eliciting security requirements with misuse cases, p34–44.

      [32]. Axel van Lamsweerde and Emmanuel Letier. ( 1998). Handling Obstacles in Goal-Oriented Requirements Engineering. IEEE, p1-29 .

      [33]. Haralambos Mouratidis and Jan Jurjens. (2006). From Goal-Driven Security Requirements Engineering to Secure Design, P1-26 .

      [34]. Michael Menzel,Ivonne Thomas and Christoph Meinel. (2009). Security Requirements Specification in Service-oriented Business Process Management. IEEE, p1-8. 11 tropos [35], 1 gram [36], i* 44 [37], kaos 17 [38]

      [35]. Bresciani P, Perini A, Giorgini P, Giunchiglia F, Mylopoulos J (2004) Tropos: an agent-oriented software development methodology. J Auton Agent Multi Agent Syst 8(3):203–236.

      [36]. Anton AI (1996) Goal-based requirements analysis. In: Proceedings of the 2nd IEEE international conference on requirements engineering (ICRE’96), IEEE Computer Society Press, Washington, DC, USA, p 136.

      [37]. Yu E (1995) Modelling strategic relationships for process engineering. PhD thesis, University of Toronto, Department of Computer Science.

      [38]. Dardenne A, van Lamsweerde A, Fickas S (1993) Goal-directed requirements acquisition. Sci Comput Program 20(1–2):3–50.




Article ID: 15345
DOI: 10.14419/ijet.v7i2.23.15345

Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.