Skip to main content

Advertisement

Springer Nature Link
Log in

Assessing requirements-related risks through probabilistic goals and obstacles

  • RE 2012
  • Published:
Requirements Engineering Aims and scope Submit manuscript

Abstract

Requirements completeness is among the most critical and difficult software engineering challenges. Missing requirements often result from poor risk analysis at requirements engineering time. Obstacle analysis is a goal-oriented form of risk analysis aimed at anticipating exceptional conditions in which the software should behave adequately. In the identify-assess-control cycles of such analysis, the assessment step is not well supported by existing techniques. This step is concerned with evaluating how likely the obstacles to goals are and how likely and severe their consequences are. Those key factors drive the selection of most appropriate countermeasures to be integrated in the system goal model for increased completeness. Moreover, obstacles to probabilistic goals are currently not supported; such goals prescribe that some corresponding target property should be satisfied in at least X % of the cases. The paper presents a probabilistic framework for goal specification and obstacle assessment. The specification language for goals and obstacles is extended with a probabilistic layer where probabilities have a precise semantics grounded on system-specific phenomena. The probability of a root obstacle to a goal is thereby computed by up-propagation of probabilities of finer-grained obstacles through the obstacle refinement tree. The probability and severity of obstacle consequences is in turn computed by up-propagation from the obstructed leaf goals through the goal refinement graph. The paper shows how the computed information can be used to prioritize obstacles for countermeasure selection toward a more complete and robust goal model. A detailed evaluation of our framework on a non-trivial carpooling support system is also reported.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Alrajeh D, Kramer J, van Lamsweerde A, Russo A, Uchitel S (2012) Generating obstacle conditions for requirements completeness, Proceedings of ICSE’2012: 34th international conference on software engineering, Zürich

  2. Amoroso EJ (1994) Fundamentals of computer security. Prentice Hall, USA

    MATH  Google Scholar 

  3. Anton A, Potts C (1998) The use of goals to surface requirements for evolving systems. In: proceedings of ICSE’1998: international conference on software engineering, Kyoto, pp 157–166

  4. Asnar Y, Giorgini P, Mylopoulos J (2011) Goal-driven risk assessment in requirements engineering. Req Eng J 16(2):101–116

    Article  Google Scholar 

  5. Barone D, Jiang L, Amyot D, Mylopoulos J (2011) Reasoning with key performance indicators. In: Proceedings PoEM 2011, LNBIP 92: 82–96

  6. Bedford T, Cooke R (2001) Probabilistic risk assessment-foundations and methods. Cambridge University Press, Cambridge

    Book  Google Scholar 

  7. Boehm BW (1991) Software risk management: principles and practices. IEEE Softw 8:32–41

    Article  Google Scholar 

  8. Börzsönyi S, Kossmann D, Stocker K (2001) The skyline operator. In: Proceedings IEEE 17th international conference on data engineering, Washington, pp 421–430

  9. Cailliau A (2012) Risk analysis for a carpooling support system, UCL/INGI Report, September 2012, www.info.ucl.ac.be/~acaillia/publications/carpoolingsystem.html

  10. Darimont R, van Lamsweerde A (1996) Formal refinement patterns for goal-driven requirements elaboration. In: Proceedings FSE’4—fourth ACM SIGSOFT symposium on the foundations of software engineering, San Francisco, pp 179–190

  11. Darimont R, Lemoine M (2007) Security requirements for civil aviation with UML and goal orientation. In: Proceedings REFSQ’07—international working conference on foundations for software quality, Trondheim (Norway), LNCS 4542, Springer-Verlag, Berlin

  12. US Department of Defense (1980) Procedures for performing a failure mode effect and criticality analysis, Standard MIL-STD-1629A

  13. Feather MS, Cornford SL (2003) Quantitative risk-based requirements reasoning. Requir Eng J 8(4):248–265

    Article  Google Scholar 

  14. Fenton N, Neil M (2001) Making decisions: using Bayesian nets and MCDA. Knowl-Based Syst 14:307–325

    Article  Google Scholar 

  15. Giorgini P, Mylopoulos J, Nicchiarelli E, Sebastiani R (2003) Formal reasoning techniques for goal models. J Data Semant 1(1):1–20

    Google Scholar 

  16. Jones C (1994) Assessment and control of software risks. Yourdon Press, Upper saddle river, NJ, USA

  17. Kwiatkowska M, Norman G, Parker D (2002) Probabilistic symbolic model checking with PRISM: a hybrid approach. In: Proceedings TACAS’02, LNCS 2280, Springer-Verlag, pp 52–66

  18. Kung HT, Luccio F, Preparata FP (1975) On finding the maxima of a set of vectors. J ACM 22(4):469–476

    Article  MathSciNet  MATH  Google Scholar 

  19. van Lamsweerde A, Letier E (1998) Integrating obstacles in goal-driven requirements engineering. In: Proceedings ICSE-98: 20th International Conference on Software Engineering, Kyoto

  20. van Lamsweerde A, Letier Emmanuel (2000) Handling obstacles in goal-oriented requirements engineering. IEEE Trans Softw Eng 26(10):978–1005

    Article  Google Scholar 

  21. van Lamsweerde A (2004) Elaborating security requirements by construction of intentional anti-models. In: Proceedings ICSE’04, 26th international conference on software engineering, ACM-IEEE pp 148–157

  22. van Lamsweerde A (2009) Requirements engineering: from system goals to UML models to software specifications. Wiley, NY

    Google Scholar 

  23. Report of the inquiry into the London ambulance service. The communications directorate, SW Thames Regional Authority, 1993

  24. Letier E, van Lamsweerde A (2004) Reasoning about partial goal satisfaction for requirements and design engineering. In: Proceedings FSE 2004: 12th ACM symposium on foundation of software engineering, Newport Beach, CA, pp 53–62

  25. Leveson NG (1995) Safeware: system safety and computers. Addison-Wesley, Wokingham

    Google Scholar 

  26. Leveson NG (2002) An approach to designing safe embedded software. In: Proceedings of EMSOFT 2002—embedded software: 2nd international conference, Grenoble, LNCS 2491, Springer-Verlag, pp 15–29

  27. Lund MS, Solhaug B, Stølen K (2011) Model-driven risk analysis: the CORAS approach. Springer-Verlag, Berlin

    Book  Google Scholar 

  28. Lutz R, Patterson-Hine A, Nelson S, Frost CR, Tal D, Harris R (2007) Using obstacle analysis to identify contingency requirements on an unpiloted aerial vehicle. Requir Eng J 12(1):41–54

    Article  Google Scholar 

  29. Robertson S, Robertson J (1999) Mastering the Requirements Process. Addison-Wesley, Wokingham

    Google Scholar 

  30. Sabetzadeh M, Falessi D, Briand L, Di Alesio S, McGeorge D, Ahjem V, Borg J (2011) Combining goal models, expert elicitation, and probabilistic simulation for qualification of new technology, IEEE 13th international symposium on high-assurance systems engineering (HASE), pp 10–12

Download references

Acknowledgments

This work was supported by the European Fund for Regional Development and the Walloon Region (TIC-FEDER Grant CE-IQS Project). Bernard Lambeau and Christophe Damas contributed to the elaboration of the goal and obstacle models for the carpooling system. Thanks also to them and to Simon Busard for inspiring discussions on our approach and to the reviewers for comments calling for clarifications.

Author information

Authors and Affiliations

  1. Département d’Ingénierie Informatique, Université catholique de Louvain, Louvain-la-Neuve, Belgium

    Antoine Cailliau & Axel van Lamsweerde

Authors
  1. Antoine Cailliau
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Axel van Lamsweerde
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Antoine Cailliau.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Cailliau, A., van Lamsweerde, A. Assessing requirements-related risks through probabilistic goals and obstacles. Requirements Eng 18, 129–146 (2013). https://doi.org/10.1007/s00766-013-0168-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00766-013-0168-5

Keywords