Thomas A. Alspaugh
Acceptance rates are given where known,
calculated from the number of full (F) and short (S) papers accepted
and the total number of submissions (T).
For full papers, the rate given is F/T, and
for short papers, the rate given is (F+S)/T.
PDF files are provided as a convenience for fair use by other researchers;
rights are owned by the relevant publishers.
Current
2019
⌖
Walt Scacchi and Thomas A. Alspaugh
.
Securing software ecosystem architectures
: Challenges and opportunities
.
IEEE Software, 36(3):33–38,
May/June 2019
.
Is everyone destined to become a software cybersecurity administrator? There is growing evidence suggesting that whenever individuals interact with a software ecosystem, they may be exposed to security threats they do not recognize, understand, or know how to mitigate. People need to take action to mitigate the exposure of their computing platforms—smartphones, tablets, desktop computers, and so on—to cybersecurity challenges. How do different cybersecurity threats, vulnerabilities, and mitigations appear in software ecosystems? How can we model where these issues arise in the software ecosystems that we rely on routinely?
@Article( Scacchi+Alspaugh2019-idmo,
author = {Scacchi, Walt and Alspaugh, Thomas A.},
title = {Securing Software Ecosystem Architectures: Challenges
and Opportunities},
journal = {IEEE Software},
volume = {36},
number = {3},
month = may # {/} # jun,
year = {2019},
pages = {33--38},
)
2017
⌖
Walt Scacchi and Thomas A. Alspaugh
.
Issues in development and maintenance of open architecture software systems
.
CrossTalk — The Journal of Defense Software Engineering, 30(3):10–14,
May/June 2017
.
This article identifies and describes a set of six emerging issues that affect the engineering of open architecture software systems that integrate proprietary and open source software components. These interdependent issues identify problems for software engineering research and practice associated with: (a) unknown or unclear open architecture software representations; (b) systems subject to heterogeneous software licenses; (c) cybersecurity of open architecture software systems; (d) build, release, and deployment processes and process automation; (e) evolution practices for open architecture software; and (f) new business models affecting the acquisition costs of open architecture software components.
@Article( Scacchi+Alspaugh2017-idmo,
author = {Scacchi, Walt and Alspaugh, Thomas A.},
title = {Issues in Development and Maintenance of Open
Architecture Software Systems},
journal = {CrossTalk --- The Journal of Defense Software
Engineering},
volume = {30},
number = {3},
month = may # {/} # jun,
year = {2017},
pages = {10--14},
)
⌖
Walt Scacchi and Thomas A. Alspaugh
.
Cybersecure modular open architecture software systems for stimulating innovation
.
In
14th Annual Acquisition Research Symposium, pages 316–334,
26–27 Apr. 2017
.
Our interest is to stimulate the development of innovative approaches to continuously assuring the cybersecurity of open architecture (OA) software systems. We focus on exploring the potential for using blockchains and smart contract techniques and how these techniques can be applied to support acquisition efforts for software systems for OA command and control, or business enterprise (C2/B) systems. We further limit our focus to examining the routine software system updates to OA software configuration specifications that arise during the development and evolution processes arising during system acquisition. We discuss new ways and means by which blockchains and smart contracts can be used to continuously assure the cybersecurity of software updates arising during OA software system development and evolution processes. We present a case study examining the software evolution process that updates an OA C2/B system to describe these details. We then discuss some consequences that follow for what emerges from these innovations in the expanded scope of cybersecurity assurance of not just the delivered OA C2/B software systems, but also in the engineering processes which create, transform, or otherwise update technical data that is central to the acquisition of OA software systems.
@InProceedings( Scacchi+Alspaugh2017-cmoa,
author = {Scacchi, Walt and Alspaugh, Thomas A.},
title = {Cybersecure Modular Open Architecture Software
Systems for Stimulating Innovation},
pages = {316--334},
booktitle = {14th Annual Acquisition Research Symposium},
month = apr,
year = {2017},
)
2016
⌖
Walt Scacchi and Thomas A. Alspaugh
.
Achieving better buying power for mobile open architecture software systems through diverse acquisition scenarios
.
In
13th Annual Acquisition Research Symposium, pages 163–183,
4–5 May 2016
.
The U.S. Defense community denotes an ecosystem of system or software component producers, system integrators, and customer organizations. For a variety of reasons this community now embraces the need to utilize open source software (OSS) and proprietary closed source software (CSS) in the system capabilities or software components it acquires, design, develops, deploys, and sustains. But the long-term transition to agile and adaptive capabilities that integrate bespoke or legacy, OSS and CSS components, has surfaced a number of issues that require acquisition-research-led approaches and solutions. In this paper, we identify and describe six key issues now found in the Defense software ecosystem: (1) unknown or unclear software architectural representations; (2) how to best deal with diverse, heterogeneous software IP licenses; (3) how to address cybersecurity requirements; (4) challenges arising in software integration and release pipelines; (5) how OSS evolution patterns transform software IP and cybersecurity requirements; and (6) the emergence of new business models for software distribution, cost accounting, and software distribution. We use the domain of command and control systems under different acquisition scenarios as our focus to help illuminate these issues along the way. We close with suggestions for how to resolve them.
@InProceedings( Scacchi+Alspaugh2016-abbp,
author = {Scacchi, Walt and Alspaugh, Thomas A.},
title = {Achieving Better Buying Power for Mobile Open
Architecture Software Systems Through Diverse
Acquisition Scenarios},
pages = {163--183},
booktitle = {13th Annual Acquisition Research Symposium},
month = may,
year = {2016},
)
2015
⌖
Walt Scacchi and Thomas A. Alspaugh
.
Achieving better buying power through acquisition of open architecture software systems for web-based and mobile devices
.
In
12th Annual Acquisition Research Symposium,
13–14 May 2015
.
Many people within large enterprises rely on up to four Web-based or mobile devices for their daily work routines—personal computer, tablet, personal and work-specific smartphones. Our research is directed at identifying, tracking, and analyzing software component costs and cost reduction opportunities within acquisition life cycle of open architecture (OA) systems for such Web- based and mobile devices. These systems are subject to different intellectual property license and cybersecurity requirements. Our research goal is to create a new approach to address challenges in the acquisition of software systems for Web-based or mobile devices used within academic, business, or government enterprises. Acquisition personnel in such enterprises will increasingly be called on to review and approve choices between functionally similar open source software (OSS) components, and commercially priced closed source software (CSS) components, to be used in the design, implementation, deployment, and evolution of secure OA systems. We seek to make this a simpler, more transparent, and more tractable process. Finally, this acquisition research supports and advances a public purpose by investigating acquisition challenges arising from the adoption and deployment of secure OA software systems for Web-based or mobile devices.
@InProceedings( Scacchi+Alspaugh2015-abbp,
author = {Scacchi, Walt and Alspaugh, Thomas A.},
title = {Achieving Better Buying Power through Acquisition of
Open Architecture Software Systems for Web-Based and
Mobile Devices},
booktitle = {12th Annual Acquisition Research Symposium},
month = may,
year = {2015},
)
2014
⌖
Walt Scacchi and Thomas A. Alspaugh
.
Achieving better buying power through cost-sensitive acquisition of open architecture software systems
.
In
11th Annual Acquisition Research Symposium,
14–15 May 2014
.
Our presentation focuses on our ongoing investigation and refinement of techniques for identifying and reducing the costs, streamlining the process, and improving the readiness of future workforce for the acquisition of complex software systems
. Emphasis is directed at identifying, tracking, and analyzing software component costs and cost reduction opportunities within acquisition life cycle of open architecture (OA) systems, where such systems combine best-of-breed software components and software products lines (SPLs) that are subject to different intellectual property (IP) license requirements
. The Department of Defense, other government agencies, and most large-scale business enterprises continually seek new ways to improve the functional capabilities of their software-intensive systems. The acquisition of OA systems that can adapt and evolve through replacement of functionally similar software components is an innovation that can lead to lower cost systems with more powerful functional capabilities. Our research identifies and analyzes how software component costs and IP license requirements interact to drive down (or drive up) total system costs across the system acquisition life cycle. The availability of such new scientific knowledge and technological practices can give rise to more effective expenditures of public funds and improve the effectiveness of future software- intensive systems used in government and industry. Thus, a goal of this presentation is to support and advance a public purpose through acquisition research and results.
@InProceedings( Scacchi+Alspaugh2014-abbp,
author = {Scacchi, Walt and Alspaugh, Thomas A.},
title = {Achieving Better Buying Power through Cost-Sensitive
Acquisition of Open Architecture Software Systems},
booktitle = {11th Annual Acquisition Research Symposium},
month = may,
year = {2014},
)
2013
⌖
Thomas A. Alspaugh and Walt Scacchi
.
Ongoing software development without classical requirements
.
In
21st IEEE International Requirements Engineering Conference (RE’13), pages 165–174,
15–19 July 2013
.
Many prominent open source software (OSS) development projects produce systems without overt requirements artifacts or processes, contrary to expectations resulting from classical software development experience and research, and a growing number of critical software systems are evolved and sustained in this way yet provide quality and rich functional capabilities to users and integrators that accept them without question. We examine data from several OSS projects to investigate this conundrum, and discuss the results of research into OSS outcomes that sheds light on the consequences of this approach to software requirements in terms of risk of development failure and quality of the resulting system.
@InProceedings( Alspaugh+Scacchi2013-osdc,
author = {Alspaugh, Thomas A. and Scacchi, Walt},
title = {Ongoing Software Development without Classical
Requirements},
pages = {165--174},
booktitle = {21st IEEE International Requirements Engineering
Conference ({RE}'13)},
month = jul,
year = {2013},
)
⌖
Walt Scacchi and Thomas A. Alspaugh
.
Streamlining the process of acquiring secure open architecture software systems
.
In
10th Annual Acquisition Research Symposium, pages 608–623,
2013
.
We present results from our ongoing investigation of how best to acquire secure open architecture (OA) software systems. These systems incorporate software product line (SPL) practices that include closed source proprietary software and open source software (OSS) components, where such components and overall system configurations are subject to different security requirements. The combination of SPLs and OSS components within secure OA systems represents a significant opportunity for reducing the acquisition costs of software-intensive systems. We seek to make this a simpler, more transparent, and more tractable process. Such a process must be easy to reuse, adapt, and streamline for different system application domains in order to realize cost reductions and improve acquisition workforce capabilities. Further, such a process should be aligned with Better Buying Power initiatives addressing OA systems, improved competition, Defense affordability, and acquisition workforce improvements. We identify different ways and means for how to streamline the acquisition process for secure OA software systems through a focus on doing more with limited resources. Along the way, we pay particular attention to revealing how software licensing practices can affect cost in ways that hamper or better the buying power of acquisition programs.
@InProceedings( Scacchi+Alspaugh2013-spas,
author = {Scacchi, Walt and Alspaugh, Thomas A.},
title = {Streamlining the Process of Acquiring Secure Open
Architecture Software Systems},
pages = {608--623},
booktitle = {10th Annual Acquisition Research Symposium},
year = {2013},
)
⌖
Walt Scacchi and Thomas A. Alspaugh
.
Challenges in the development and evolution of secure open architecture command and control systems
.
In
18th International Command and Control Research and Technology Symposium (ICCRTS), pages 1–17,
19–21 June 2013
.
We identify challenges that arise during development and evolution of secure Open Architecture (OA) command and control (C2) systems. OA systems are those whose software system components and interconnection mechanisms are either proprietary closed source software offerings with open interfaces (e.g., Application Program Interfaces), open source software, or some architectural configuration of closed and open source elements. Secure OA systems are those where the security of individual software elements may be uncertain, because of the ongoing evolution, poorly understood system integration compromises, or obtrusive software intellectual property licenses, yet where overall OA security must be continuously assured. We present a framework that organizes OA system security elements and mechanisms in forms aligned with stages of the life cycle of C2 for system design, building, and runtime deployment, as well as system evolution. We provide a case study to show our scheme and how it can be applied to C2 system architectures that rely on an OA. Finally, we show how our efforts complement and extend the agile C2 framework that utilizes a new generation of software components and security mechanisms that are engineered/adapted by multiple parties and disseminated within a diverse marketplace ecosystem of software producers, integrators, and consumers.
@InProceedings( Scacchi+Alspaugh2013-cdes,
author = {Scacchi, Walt and Alspaugh, Thomas A.},
title = {Challenges in the Development and Evolution of Secure
Open Architecture Command and Control Systems},
pages = {1--17},
booktitle = {18th {International Command and Control Research and
Technology Symposium (ICCRTS)}},
month = jun,
year = {2013},
)
⌖
Walt Scacchi and Thomas A. Alspaugh
.
Processes in securing open architecture software systems
.
In
International Conference on Software and System Processes (ICSSP 2013), pages 126–135,
18–19 May 2013
.
Our goal is to identify and understand issues that arise in the development and evolution processes for securing open architecture (OA) software systems. OA software systems are those developed with a mix of closed source and open source software components that are configured via an explicit system architectural specification. Such a specification may serve as a reference model or product line model for a family of concurrently sustained OA system versions/variants. We employ a case study focusing on an OA software system whose security must be continually sustained throughout its ongoing development and evolution. We limit our focus to software processes surrounding the architectural design, continuous integration, release deployment, and evolution found in the OA system case study. We also focus on the role automated tools, software development support mechanisms, and development practices play in facilitating or constraining these processes through the case study. Our purpose is to identify issues that impinge on modeling (specification) and integration of these processes, and how automated tools mediate these processes, as emerging research problems areas for the software process research community. Finally, our study is informed by related research found in the prescriptive versus descriptive practice of these processes and tool usage in studies of conventional and open source software development projects.
@InProceedings( Scacchi+Alspaugh2013-psoa,
author = {Scacchi, Walt and Alspaugh, Thomas A.},
title = {Processes in Securing Open Architecture Software
Systems},
booktitle = {International Conference on Software and System
Processes (ICSSP 2013)},
month = may,
year = {2013},
pages = {126--135},
)
⌖
Walt Scacchi and Thomas A. Alspaugh
.
Advances in the acquisition of secure systems based on open architectures
.
Journal of Cyber Security and Information Systems, 1(2):2–16,
Feb. 2013
.
The role of software ecosystems in the development and evolution of secure open architecture systems has received insufficient consideration. Such systems are composed of software components subject to different security requirements in an architecture in which evolution can occur by evolving existing components or by replacing them. But this may result in possible security requirements conflicts and organizational liability for failure to fulfill security obligations. We have developed an approach for understanding and modeling software security requirements as “security licenses”, as well as for analyzing conflicts among groups of such licenses in realistic system contexts and for guiding the acquisition, integration, or development of systems with open source components in such an environment. Consequently, this paper reports on our efforts to extend our existing approach to specifying and analyzing software intellectual property licenses to now address software security licenses that can be associated with secure OA systems.
@Article( Scacchi+Alspaugh2013-aass,
author = {Scacchi, Walt and Alspaugh, Thomas A.},
title = {Advances in the Acquisition of Secure Systems Based
on Open Architectures},
journal = {Journal of Cyber Security and Information Systems},
volume = {1},
number = {2},
month = feb,
year = {2013},
pages = {2--16},
)
⌖
Thomas A. Alspaugh, Hazeline U. Asuncion, and Walt Scacchi
.
The challenge of heterogeneously licensed systems in open architecture software ecosystems
.
In Slinger Jansen, Michael Cusumano, and Sjaak Brinkkemper, editors,
Software Ecosystems: Analyzing and Managing Business Networks in the Software Industry, pages 103–120,
Edward Elgar Publishing, 2013
.
The development and evolution of secure open architecture systems has received insufficient consideration. Such systems are composed of both open source and closed software software components subject to different security requirements in an architecture in which evolution can occur by evolving existing components, replacing them, or refactoring their interfaces, interconnections and configuration. But this may result in possible security requirements conflicts and organizational liability for failure to fulfill security obligations. We are developing an approach for understanding and modeling software security requirements as “security licenses”, as well as for analyzing conflicts among groups of such licenses in realistic system contexts and for guiding the acquisition, integration, or development of systems with open source components in such an environment. Consequently, this paper reports on our efforts to extend our existing approach to specifying and analyzing software Intellectual Property (IP) licenses to now address software security licenses that can be associated with secure OA systems.
@InCollection( Alspaugh+Asuncion+Scacchi2013-chls,
author = {Alspaugh, Thomas A. and Asuncion, Hazeline U. and
Scacchi, Walt},
title = {The Challenge of Heterogeneously Licensed Systems in
Open Architecture Software Ecosystems},
booktitle = {Software Ecosystems: Analyzing and Managing Business
Networks in the Software Industry},
editor = {Jansen, Slinger and Cusumano, Michael and
Brinkkemper, Sjaak},
chapter = {6},
publisher = {Edward Elgar Publishing},
year = {2013},
pages = {103--120},
)
2012
⌖
Thomas A. Alspaugh, Walt Scacchi, and Rihoko (Inoue) Kawai
.
Software licenses, coverage, and subsumption
.
In
Fifth International Workshop on Requirements Engineering and Law (RELAW’12), pages 17–24,
25 Sep. 2012
.
Software licensing issues for a system design, instantiation, or configuration are often complex and difficult to evaluate, and mistakes can be costly. Automated assistance requires a formal representation of the significant features of the software licenses involved. We present results from an analysis directed toward a formal representation capable of covering an entire license. The key to such a representation is to identify the license’s actions, and relate them to the actions for exclusive rights defined in law and to the actions defined in other licenses. Parameterizing each action by the object(s) acted on, the instrumental entities through which the action is performed, and similar contextual variables enables a subsumption relation among the actions. The resulting formalism is lightweight, flexible enough to support the scope of legal interpretations, and extensible to a wide range of software licenses. We discuss the application of our approach to the Lesser General Public License (LGPL) version 2.1.
@InProceedings( Alspaugh+Scacchi+Kawai2012-slcs,
author = {Alspaugh, Thomas A. and Scacchi, Walt and Kawai,
Rihoko (Inoue)},
title = {Software Licenses, Coverage, and Subsumption},
pages = {17--24},
booktitle = {Fifth International Workshop on Requirements
Engineering and Law ({RELAW}'12)},
month = sep,
year = {2012},
)
⌖
Thomas A. Alspaugh and Walt Scacchi
.
Licensing security
.
In
Fifth International Workshop on Requirements Engineering and Law (RELAW’12), pages 25–28,
25 Sep. 2012
.
Position paper
.
There exist legal structures defining the exclusive rights of authors, and means for licensing portions of them to others in exchange for appropriate obligations. We propose an analogous approach for security, in which portions of exclusive security rights owned by system stakeholders may be licensed as needed to others, in exchange for appropriate security obligations. Copyright defines exclusive rights to reproduce, distribute, and produce derivative works, among others. We envision exclusive security rights that might include the right to access a system, the right to run specific programs, and the right to update specific programs or data, among others. Such an approach uses the existing legal structures of licenses and contracts to manage security, as copyright licenses are used to manage copyrights. At present there is no law of “security right” as there is a law of copyright, but with the increasing prevalence and prominence of security attacks and abuses, of which Stuxnet and Flame are merely the best known recent examples, such legislation is not implausible. We discuss kinds of security rights and obligations that might produce fruitful results, and how a license structure and approach might prove more effective than security policies.
@InProceedings( Alspaugh+Scacchi2012-ls,
author = {Alspaugh, Thomas A. and Scacchi, Walt},
title = {Licensing Security},
pages = {25--28},
note = {Position paper.},
booktitle = {Fifth International Workshop on Requirements
Engineering and Law ({RELAW}'12)},
month = sep,
year = {2012},
)
⌖
Walt Scacchi and Thomas A. Alspaugh
.
Designing secure systems based on open architectures with open source and closed source components
.
In
8th International Conference on Open Source Systems,
Sep. 2012
.
The development and evolution of secure open architecture systems has received insufficient consideration. Such systems are composed of both open source and closed software software components subject to different security requirements in an architecture in which evolution can occur by evolving existing components, replacing them, or refactoring their interfaces, interconnections and configuration. But this may result in possible security requirements conflicts and organizational liability for failure to fulfill security obligations. We are developing an approach for understanding and modeling software security requirements as “security licenses”, as well as for analyzing conflicts among groups of such licenses in realistic system contexts and for guiding the acquisition, integration, or development of systems with open source components in such an environment. Consequently, this paper reports on our efforts to extend our existing approach to specifying and analyzing software Intellectual Property (IP) licenses to now address software security licenses that can be associated with secure OA systems.
@InProceedings( Scacchi+Alspaugh2012-dssb,
author = {Scacchi, Walt and Alspaugh, Thomas A.},
title = {Designing Secure Systems Based on Open Architectures
with Open Source and Closed Source Components},
booktitle = {8th International Conference on Open Source Systems},
month = sep,
year = {2012},
)
⌖
Walt Scacchi and Thomas A. Alspaugh
.
Addressing challenges in the acquisition of secure software systems with open architectures
.
In
9th Annual Acquisition Research Symposium, pages 165–184,
15–17 May 2012
.
We seek to articulate and address a number of emerging challenges in continuously assuring the security of open architecture (OA) software systems throughout the system acquisition life-cycle. It is now clear that future system must resist coordinated international attacks on vulnerable software-intensive systems that are of high value and control complex systems. But current approaches to system security are most often piece-meal with little/no support for guiding the analyst in what system security requirements must address across different system processing elements and data levels, and how those can be manifest during the design, building, and deployment of OA software systems. We present a framework that organizes OA system security elements and mechanisms in forms that can be aligned with different stages of acquisition spanning system design, building, and run-time deployment, as well as system evolution. We provide a case study to show our scheme and how it can be applied to common enterprise systems.
@InProceedings( Scacchi+Alspaugh2012-acas,
author = {Scacchi, Walt and Alspaugh, Thomas A.},
title = {Addressing Challenges in the Acquisition of Secure
Software Systems with Open Architectures},
pages = {165--184},
booktitle = {{9th Annual Acquisition Research Symposium}},
month = may,
year = {2012},
)
⌖
Walt Scacchi and Thomas A. Alspaugh
.
Understanding the role of licenses and evolution in open architecture software ecosystems
.
Journal of Systems and Software, 85(7):1479–1494,
July 2012
.
The role of software ecosystems in the development and evolution of open architecture systems whose components are subject to different licenses has received insufficient consideration. Such systems are composed of components potentially under two or more licenses, open source or proprietary or both, in an architecture in which evolution can occur by evolving existing components, replacing them, or refactoring. The software licenses of the components both facilitate and constrain the system’s ecosystem and its evolution, and the licenses’ rights and obligations are crucial in producing an acceptable system. Consequently, software component licenses and the architectural composition of a system help to better define the software ecosystem niche in which a given system lies. Understanding and describing software ecosystem niches for open architecture systems is a key contribution of this work. An example open architecture software system that articulates different niches is employed to this end. We examine how the architecture and software component licenses of a composed system at design time, build time, and run time help determine the system’s software ecosystem niche and provide insight and guidance for identifying and selecting potential evolutionary paths of system, architecture, and niches.
@Article( Scacchi+Alspaugh2012-urle,
author = {Scacchi, Walt and Alspaugh, Thomas A.},
title = {Understanding the role of licenses and evolution in
open architecture software ecosystems},
pages = {1479--1494},
journal = JSS,
volume = {85},
number = {7},
month = jul,
year = {2012},
)
⌖
Thomas A. Alspaugh, Hazeline U. Asuncion, and Walt Scacchi
.
Software licenses, open source components, and open architectures
.
In Ivan Mistrík, Antony Tang, Rami Bahsoon, and Judith A. Stafford, editors,
Aligning Enterprise, System, and Software Architectures, pages 58–79,
IGI Global, 2012
.
A substantial number of enterprises and independent software vendors are adopting a strategy in which software-intensive systems are developed with an open architecture (OA) that may contain open source software (OSS) components or components with open APIs. The emerging challenge is to realize the benefits of openness when components are subject to different copyright or property licenses. In this chapter we identify key properties of OSS licenses, present a license analysis scheme to identify license conflicts arising from composed software elements, and apply it to provide guidance for software architectural design choices whose goal is to enable specific licensed component configurations. Our scheme has been implemented in an operational environment and demonstrates a practical, automated solution to the problem of determining overall rights and obligations for alternative OAs as a technique for aligning such architectures with enterprise strategies supporting open systems.
@InCollection( Alspaugh+Asuncion+Scacchi2012-slos,
author = {Alspaugh, Thomas A. and Asuncion, Hazeline U. and
Scacchi, Walt},
title = {Software Licenses, Open Source Components, and Open
Architectures},
booktitle = {Aligning Enterprise, System, and Software
Architectures},
editor = {Mistr{\'i}k, Ivan and Tang, Antony and Bahsoon, Rami
and Stafford, Judith A.},
chapter = {4},
publisher = {IGI Global},
year = {2012},
pages = {58--79},
)
2011
⌖
Travis D. Breaux and Thomas A. Alspaugh
.
Governance and accountability in the new data ecology
: A vision for electronic data licenses
.
In
Fourth International Workshop on Requirements Engineering and Law (RELAW’11),
30 Aug. 2011
.
Electronic data licenses (EDLs) are data governance instruments that consist of legal rules (rights, obligations and prohibitions) governing an organization’s data practices. These rules include data requirements, such as rights to collect, use, retain and transfer data to third parties and prohibitions preventing these practices. We introduce the EDL concept by describing the emerging data ecology, wherein information sharing will reach unprecedented scale, and by presenting legal foundations for the EDL concept. We conclude with a broad vision for the EDL framework by discussing the license management and composition strategies, criteria for evaluating solutions, and how EDLs should support data principles and standards, before concluding with a review of related work that supports this vision.
@InProceedings( Breaux+Alspaugh2011-gand,
author = {Breaux, Travis D. and Alspaugh, Thomas A.},
title = {Governance and accountability in the new data
ecology: A vision for electronic data licenses},
booktitle = {Fourth International Workshop on Requirements
Engineering and Law ({RELAW}'11)},
month = aug,
year = {2011},
)
⌖
Susan Elliott Sim and Thomas A. Alspaugh
.
Getting the whole story
: An experience report on analyzing data elicited using the war stories procedure
.
Empirical Software Engineering Journal, 16(4):460–486,
Aug. 2011
.
When analyzing data elicited using the “war stories” technique, previously introduced by Lutters and Seaman (2007), we encountered unexpected challenges in applying standard qualitative analysis techniques. After reviewing the literature on stories and storytelling, we realized that a richer analysis would be possible if we accorded more respect to the data’s structure and nature as stories, rather than treating our participants’ utterances simply as textual data. We report on five lessons learned regarding how we can better analyze war stories as stories: 1) war stories tend to be about exceptional situations; 2) war stories tend to be diverse and resistant to being combined into a single grand narrative; 3) the humanities can be a valuable resource for analyzing war stories; 4) war stories are not just text, they are also performances; and 5) war stories are not just data, they are also instructive and evocative.
@Article( Sim+Alspaugh2011-gwse,
author = {Sim, Susan Elliott and Alspaugh, Thomas A.},
title = {Getting the Whole Story: An Experience Report on
Analyzing Data Elicited Using the War Stories
Procedure},
journal = {Empirical Software Engineering Journal},
volume = {16},
number = {4},
month = aug,
year = {2011},
pages = {460--486},
)
⌖
Thomas A. Alspaugh, Hazeline U. Asuncion, and Walt Scacchi
.
Presenting software license conflicts through argumentation
.
In
23rd International Conference on Software Engineering and Knowledge Engineering (SEKE 2011), pages 509–514,
7–9 July 2011
.
Heterogeneously-licensed systems pose new challenges to architects and designers seeking to develop systems with appropriate intellectual property rights and obligations. In the extreme case, license conflicts may prevent a system’s legal use. Our previous work showed that rights, obligations, and conflicts can be calculated. But architects benefit from fuller information than simply (for example) a list of conflicts. In this work we demonstrate an approach for presenting intellectual property results in terms of arguments supporting them. The network of argumentation provides not only an explanation of each conclusion, but also a guide to the tradeoffs available in choosing among design alternatives with different licensing results. The approach has been integrated into the ArchStudio software architecture environment. We present an illustrative example of its use.
@InProceedings( Alspaugh+Asuncion+Scacchi2011-pslc,
author = {Alspaugh, Thomas A. and Asuncion, Hazeline U. and
Scacchi, Walt},
title = {Presenting Software License Conflicts through
Argumentation},
pages = {509--514},
booktitle = {23rd International Conference on Software Engineering
and Knowledge Engineering ({SEKE} 2011)},
month = jul,
year = {2011},
)
⌖
Walt Scacchi and Thomas A. Alspaugh
.
Advances in the acquisition of secure systems based on open architectures
.
In
8th Annual Acquisition Research Symposium,
10–12 May 2011
.
An extended version appears in the DOD
Journal of Cyber Security and Information Systems, February 2013
.
The role of software ecosystems in the development and evolution of secure open architecture systems has received insufficient consideration. Such systems are composed of software components subject to different security requirements in an architecture in which evolution can occur by evolving existing components or by replacing them. But this may result in possible security requirements conflicts and organizational liability for failure to fulfill security obligations. We have developed an approach for understanding and modeling software security requirements as “security licenses”, as well as for analyzing conflicts among groups of such licenses in realistic system contexts and for guiding the acquisition, integration, or development of systems with open source components in such an environment. Consequently, this paper reports on our efforts to extend our existing approach to specifying and analyzing software intellectual property licenses to now address software security licenses that can be associated with secure OA systems.
@InProceedings( Scacchi+Alspaugh2011-aass,
author = {Scacchi, Walt and Alspaugh, Thomas A.},
title = {Advances in the Acquisition of Secure Systems Based
on Open Architectures},
note = {An extended version appears in the DOD
\textit{Journal of Cyber Security and Information
Systems}, February 2013.},
booktitle = {{8th Annual Acquisition Research Symposium}},
month = may,
year = {2011},
)
2010
⌖
Thomas A. Alspaugh, Walt Scacchi, and Hazeline U. Asuncion
.
Software licenses in context
: The challenge of heterogeneously-licensed systems
.
Journal of the Association for Information Systems, 11(11):730–755,
Nov. 2010
.
The prevailing approach to free/open source software and licenses has been that each system is developed, distributed, and used under the terms of a single license. But it is increasingly common for information systems and other software to be composed with components from a variety of sources, and with a diversity of licenses. This may result in possible license conflicts and organizational liability for failure to fulfill license obligations. Research and practice to date have not kept up with this sea-change in software licensing arising from free/open source software development. System consumers and users consequently rely on ad hoc heuristics (or costly legal advice) to determine which license rights and obligations are in effect, often with less than optimal results; consulting services are offered to identify unknowing unauthorized use of licensed software in information systems; and researchers have shown how the choice of a (single) specific license for a product affects project success and system adoption. Legal scholars have examined how pairs of software licenses conflict but only in simple contexts. We present an approach for understanding and modeling software licenses, as well as for analyzing conflicts among groups of licenses in realistic system contexts, and for guiding the acquisition, integration, or development of systems with free/open source components in such an environment. This work is based on an empirical analysis of representative software licenses and of heterogeneously-licensed systems. Our approach provides guidance for achieving a “best-of-breed” component strategy while obtaining desired license rights in exchange for acceptable obligations.
@Article( Alspaugh+Scacchi+Asuncion2010-slcc,
author = {Alspaugh, Thomas A. and Scacchi, Walt and Asuncion,
Hazeline U.},
title = {Software Licenses in Context: The Challenge of
Heterogeneously-Licensed Systems},
journal = {Journal of the Association for Information Systems},
volume = {11},
number = {11},
month = nov,
year = {2010},
pages = {730--755},
)
⌖
Walt Scacchi, Kevin Crowston, Chris Jensen, Greg Madey, Thomas Alspaugh, Megan Squire, Les Gasser, Scott Hissam, Yuzo Kanomata, Hamid Ekbia, Kangning Wei, Charles Schweik et al
.
Towards a science of open source systems
.
Nov. 2010
.
Report prepared for the Computing Community Consortium (CCC)
.
We seek to establish a national program for research into the science of open source systems
. Open source systems are beginning to appear in many diverse disciplines, though perhaps the area with the highest level of activity, visibility, and impact is free/open source software (FOSS) systems. FOSS systems are being researched and developed by fast growing communities of academic and industrial practitioners in different disciplines. However, FOSS systems are much more than just source code, or software applications; they are better understood as packages of interrelated social and technical resources that interact and overlap, and that can occasionally give rise to profound consequences. This report addresses and elaborates on the nature of FOSS systems in order to identify the questions and problems that will guide research in this domain over the next five to ten years. Further, it provides a set of recommendations for action targeted to FOSS researchers, research agencies, and others involved in scientific research and technology development.
How are FOSS systems developed?, How do people working at a distance from each other build them? How does such work draw on surrounding webs of resources and socio-technical relationships? How do these systems evolve over time? These are questions of growing importance to the future of software engineering, education, innovation, science, society, and government. This report details the published research studies and the open research problems that together describe the current state of scientific knowledge about FOSS systems. Yet as FOSS systems permeate more aspects of science, technology, society, and government, we will be limited in our collective ability to explain, rationalize, predict, control, develop and transfer these systems. Consequently, we identify and recommend the research studies, research infrastructures, and other resources needed to expand the scientific knowledge we have started to produce.
@Misc( Scacchi+Crowston+2010-tsos,
author = {Scacchi, Walt and Crowston, Kevin and Jensen, Chris
and Madey, Greg and Alspaugh, Thomas and Squire, Megan
and Gasser, Les and Hissam, Scott and Kanomata, Yuzo
and Ekbia, Hamid and Wei, Kangning and Schweik,
Charles and others},
title = {Towards a Science of Open Source Systems},
month = nov,
year = {2010},
note = {Report prepared for the Computing Community
Consortium (CCC).},
)
⌖
Thomas A. Alspaugh, Hazeline U. Asuncion, and Walt Scacchi
.
The challenge of heterogeneously licensed systems in open architecture software ecosystems
.
In
7th Annual Acquisition Research Symposium,
12–13 May 2010
.
The role of software ecosystems in the development and evolution of open architecture systems has received insufficient consideration. Such systems are composed of heterogeneously-licensed components, open source or proprietary or both, in an architecture in which evolution can occur by evolving existing components or by replacing them. But this may result in possible license conflicts and organizational liability for failure to fulfill license obligations. We have developed an approach for understanding and modeling software licenses, as well as for analyzing conflicts among groups of licenses in realistic system contexts and for guiding the acquisition, integration, or development of systems with open source components in such an environment. This work is based on empirical analysis of representative software licenses and heterogeneously-licensed systems, and collaboration with researchers in the legal world. Our approach provides guidance for achieving a “best-of-breed” component strategy while obtaining desired license rights in exchange for acceptable obligations.
@InProceedings( Alspaugh+Asuncion+Scacchi2010-chls,
author = {Alspaugh, Thomas A. and Asuncion, Hazeline U. and
Scacchi, Walt},
title = {The Challenge of Heterogeneously Licensed Systems in
Open Architecture Software Ecosystems},
booktitle = {{7th Annual Acquisition Research Symposium}},
month = may,
year = {2010},
)
2009
⌖
Thomas A. Alspaugh, Hazeline U. Asuncion, and Walt Scacchi
.
The role of software licenses in open architecture ecosystems
.
In
First International Workshop on Software Ecosystems (IWSECO-2009), pages 4–18,
27 Sep. 2009
.
The role of software ecosystems in the development and evolution of open architecture systems has received insufficient consideration. Such systems are composed of heterogeneously-licensed components, open source or proprietary or both, in an architecture in which evolution can occur by evolving existing components or by replacing them. The software licenses of the components both facilitate and constrain the system’s ecosystem, and the rights and duties of the licenses are crucial in producing an acceptable system. We discuss software ecosystems of open architecture systems from the perspective of an architect or an acquisition organization, and outline how our automated tool and environment help address their challenges, support reuse, and assist in managing coevolution and component interdependence.
@InProceedings( Alspaugh+Asuncion+Scacchi2009-rslo,
author = {Alspaugh, Thomas A. and Asuncion, Hazeline U. and
Scacchi, Walt},
title = {The Role of Software Licenses in Open Architecture
Ecosystems},
booktitle = {First International Workshop on Software Ecosystems
(IWSECO-2009)},
month = sep,
year = {2009},
pages = {4--18},
)
⌖
Thomas A. Alspaugh, Hazeline U. Asuncion, and Walt Scacchi
.
Intellectual property rights requirements for heterogeneously-licensed systems
.
In
17th IEEE International Requirements Engineering Conference (RE’09), pages 24–33,
Aug. 31 – Sep. 4 2009
.
Heterogeneously-licensed systems pose new challenges to analysts and system architects. Appropriate intellectual property rights must be available for the installed system, but without unnecessarily restricting the system’s other requirements, the system architecture, and the choice of components both initially and as it evolves. Such systems are increasingly common and important in e-business, game development, and other domains. Our semantic parameterization analysis of open-source licenses confirms that while most licenses present few roadblocks, reciprocal licenses such as the GNU General Public License produce knotty constraints that cannot be effectively managed without analysis of the system’s license architecture. Our automated tool supports intellectual property requirements management and evolution of license architectures. We validate our approach on an existing heterogeneously-licensed system.
@InProceedings( Alspaugh+Asuncion+Scacchi2009-iprr,
author = {Alspaugh, Thomas A. and Asuncion, Hazeline U. and
Scacchi, Walt},
title = {Intellectual Property Rights Requirements for
Heterogeneously-Licensed Systems},
booktitle = {17th IEEE International Requirements Engineering
Conference ({RE}'09)},
year = {2009},
pages = {24--33},
)
⌖
Thomas A. Alspaugh and Walt Scacchi
.
Heterogeneously-licensed system requirements, acquisition, and governance
.
In
Second International Workshop on Requirements Engineering and Law (RELAW’09), pages 13–14,
1 Sep. 2009
.
Increasingly, software-intensive systems are being constructed from components subject to different licenses. As software reuse, component-based software development, and open source software components come into more widespread use during system development, developers and consumers are faced with a complex array of legal rights and obligations that they have difficulty tracking, yet alone comprehending. We outline aspects of this problem and an approach for managing it from the points of view of architects, analysts, acquisition managers, and regulators.
@InProceedings( Alspaugh+Scacchi2009-hlsr,
author = {Alspaugh, Thomas A. and Scacchi, Walt},
title = {Heterogeneously-Licensed System Requirements,
Acquisition, and Governance},
booktitle = {Second International Workshop on Requirements
Engineering and Law ({RELAW}'09)},
month = sep,
year = {2009},
pages = {13--14},
)
⌖
Thomas A. Alspaugh, Hazeline U. Asuncion, and Walt Scacchi
.
Analyzing software licenses in open architecture software systems
.
In
2nd International Workshop on Emerging Trends in FLOSS Research and Development (FLOSS), pages 1–4,
18 May 2009
.
A substantial number of enterprises and independent software vendors are adopting a strategy in which software-intensive systems are developed with an open architecture (OA) that may contain open source software (OSS) components or components with open APIs. The emerging challenge is to realize the benefits of openness when components are subject to different copyright or property licenses. In this position paper, we identify key properties of OSS licenses, present a license analysis scheme, and discuss our approach for automatically analyzing license interactions.
@InProceedings( Alspaugh+Asuncion+Scacchi2009-aslo,
author = {Alspaugh, Thomas A. and Asuncion, Hazeline U. and
Scacchi, Walt},
title = {Analyzing Software Licenses in Open Architecture
Software Systems},
booktitle = {2nd International Workshop on Emerging Trends in
FLOSS Research and Development (FLOSS)},
month = may,
year = {2009},
pages = {1--4},
)
⌖
Thomas A. Alspaugh, Hazeline U. Asuncion, and Walt Scacchi
.
Software licenses, open source components, and open architectures
.
In
6th Annual Acquisition Research Symposium,
13–14 May 2009
.
A substantial number of enterprises and independent software vendors are adopting a strategy in which software-intensive systems are developed with an open architecture (OA) that may contain open source software (OSS) components or components with open APIs. The emerging challenge is to realize the benefits of openness when components are subject to different copyright or property licenses. In this paper we identify key properties of OSS licenses, present a license analysis scheme to identify license conflicts arising from composed software elements, and apply it to provide guidance for software architectural design choices whose goal is to enable specific licensed component configurations. Our scheme has been implemented in an operational environment and demonstrates a practical, automated solution to the problem of determining overall rights and obligations for alternative OAs.
@InProceedings( Alspaugh+Asuncion+Scacchi2009-slos,
author = {Alspaugh, Thomas A. and Asuncion, Hazeline U. and
Scacchi, Walt},
title = {Software Licenses, Open Source Components, and Open
Architectures},
booktitle = {6th Annual Acquisition Research Symposium},
month = may,
year = {2009},
)
2008
⌖
Susan Elliott Sim, Thomas A. Alspaugh, and Ban Al-Ani
.
Marginal notes on amethodical requirements engineering
: What experts learned from experience
.
In
16th IEEE International Requirements Engineering Conference (RE’08), pages 105–114,
8–12 Sep. 2008
.
Requirements engineers with many years of experience have a distinct perspective on the field. To sample this knowledge, we interviewed 34 requirements researchers and practitioners with up to 42 years of experience. We used open-ended structured interviews in which we asked them to reflect on their experiences and professional development as requirements engineers over their careers. Several themes emerged: requirements engineers act as bridges between the different worlds, good communication is key, good process can help but isn’t everything, shorter requirements documents can be better, and good requirements are driven by customer value not technical elegance. All of these pertain to amethodical requirements engineering. Amethodical concepts are not rejections of method, but rather those concepts that are marginalized and left out of methods presented as prescriptions for carrying out a procedure. We discuss these results and their implications.
@InProceedings( Sim+Alspaugh+Al-Ani2008-mnar,
author = {Sim, Susan Elliott and Alspaugh, Thomas A. and
Al-Ani, Ban},
title = {Marginal Notes on Amethodical Requirements
Engineering: What experts learned from experience},
booktitle = {16th IEEE International Requirements Engineering
Conference ({RE}'08)},
month = sep,
year = {2008},
pages = {105--114},
)
⌖
Amanda M. Williams and Thomas A. Alspaugh
.
Articulating software requirements comic book style
.
In
Third International Workshop on Multimedia and Enjoyable Requirements Engineering (MERE’08), pages 1–5,
9 Sep. 2008
.
It is almost a truism that system stakeholders do not fully understand and communicate what they want, often until a system is produced and they see it isn’t right. Such an outcome is wasteful, expensive, and unsatisfactory. Working with requirements in comic book style provides affordances, absent or weaker in other requirements forms, that may assist stakeholders in surfacing and expressing desires sooner and developers in understanding them and each other. Appropriate incorporation of comic book style artifacts into requirements work, in addition to making it more playful and enjoyable, can contribute to greater stakeholder satisfaction and more effective software development.
@InProceedings( Williams+Alspaugh2008-asrc,
author = {Williams, Amanda M. and Alspaugh, Thomas A.},
title = {Articulating software requirements comic book style},
booktitle = {Third International Workshop on Multimedia and
Enjoyable Requirements Engineering (MERE'08)},
month = sep,
year = {2008},
pages = {1--5},
)
⌖
Mamadou Diallo, Leila Naslavsky, Thomas A. Alspaugh, Hadar Ziv, and Debra J. Richardson
.
Toward architecture evaluation through ontology-based requirements-level scenarios
.
In R. de Lemos, F. Di Giandomenico, C. Gacek, H. Muccini, and M. Vieira, editors,
Architecting Dependable Systems V,
Springer, 2008
.
We describe an approach for evaluating whether a candidate architecture dependably satisfies stakeholder requirements expressed in requirements-level scenarios. We map scenarios to architectural elements through an ontology of requirements-level event classes and domain entities. The scenarios express both functional requirements and quality attributes of the system; for quality attributes, the scenarios either operationalize the quality or show how the quality can be verified. Our approach provides a connection between requirements a stakeholder can understand directly, and architectures developed to satisfy those requirements. The requirements-level ontology simplifies the mapping, acts as the focus for maintaining the mapping as both scenarios and architecture evolve, and provides a foundation for evaluating scenarios and architecture individually and jointly. In this paper, we focus on the mapping through event classes and demonstrate our approach with two examples.
@InCollection( Diallo+Naslavsky+2008-taet,
author = {Diallo, Mamadou and Naslavsky, Leila and Alspaugh,
Thomas A. and Ziv, Hadar and Richardson, Debra J.},
title = {Toward Architecture Evaluation Through Ontology-based
Requirements-level Scenarios},
booktitle = {Architecting Dependable Systems V},
editor = {de Lemos, R. and Di Giandomenico, F. and Gacek, C.
and Muccini, H. and Vieira, M.},
publisher = {Springer},
year = {2008},
)
⌖
Walt Scacchi and Thomas A. Alspaugh
.
Emerging issues in the acquisition of open source software within the U.S
. Department of Defense
.
In
5th Annual Acquisition Research Symposium, pages 230–244,
14–15 May 2008
.
In the past five or so years, it has become clear that the U.S. Air Force, Army, and Navy have all committed to a strategy of acquiring software-intensive systems that require or utilize an “open architecture” (OA) and “open technology” (OT) which may incorporate OSS technology or OSS development processes. There are many perceived benefits and anticipated cost savings associated with an OA strategy. However, the challenge for acquisition program managers is how to realize the savings and benefits through requirements that can be brought into system development practice. As such, the central problem we examine in this paper is to identify principles of software architecture and OSS copyright licenses that facilitate or inhibit the success of an OA strategy when OSS and open APIs are required or otherwise employed. By examining and analyzing this problem we can begin to identify what additional requirements may be needed to fulfill an OA strategy during program acquisition.
@InProceedings( Scacchi+Alspaugh2008-eiao,
author = {Scacchi, Walt and Alspaugh, Thomas A.},
title = {Emerging Issues in the Acquisition of Open Source
Software within the {U.S. Department of Defense}},
pages = {230--244},
booktitle = {5th Annual Acquisition Research Symposium},
month = may,
year = {2008},
)
⌖
Thomas A. Alspaugh and Annie I. Antón
.
Scenario support for effective requirements
.
Information and Software Technology, 50(3):198–220,
Feb. 2008
.
Scenarios are widely used as requirements, and the quality of requirements is an important factor in the efficiency and success of a development project. The informal nature of scenarios requires that analysts do much manual work with them, and much tedious and detailed effort is needed to make a collection of scenarios well-defined, relatively complete, minimal, and coherent. We discuss six aspects of scenarios having inherent structure on which automated support may be based, and the results of using such support. This automated support frees analysts to concentrate on tasks requiring human intelligence, resulting in higher-quality scenarios for better system requirements. Two studies validating the work are presented.
@Article( Alspaugh+Anton2008-sser,
author = {Alspaugh, Thomas A. and Ant{\'o}n, Annie I.},
title = {Scenario support for effective requirements},
journal = {Information and Software Technology},
volume = {50},
number = {3},
month = feb,
year = {2008},
pages = {198--220},
)
2007
⌖
Mamadou Diallo, Susan Elliott Sim, and Thomas A. Alspaugh
.
Case study, interrupted
: The paucity of subject systems that span the requirements-architecture gap
.
In
First Workshop on Empirical Assessment of Software Engineering Languages and Technologies (WEASELTech’07),
5 Nov. 2007
.
A number of approaches for spanning the requirements-architecture gap have been published in recent years, and we sought to rigorously characterize the gap and to conduct a comparative evaluation of approaches to span the gap using a case study method on a realistic problem. However, our intentions were impeded by the problem of finding appropriate subject systems that included sufficient information in both requirements and architecture document. Most subject systems that we found contained either detailed requirements or detailed architecture description, but not both. In this paper, we report on our search and the seventeen most suitable subject systems with the hope of aiding others undertaking a similar study. We speculate on the reasons for the paucity of suitable subject systems and invite contributions and suggestions for our ongoing work.
@InProceedings( Diallo+Sim+Alspaugh2007-csip,
author = {Diallo, Mamadou and Sim, Susan Elliott and Alspaugh,
Thomas A.},
title = {Case Study, Interrupted: The Paucity of Subject
Systems that Span the Requirements-Architecture Gap},
booktitle = {First Workshop on Empirical Assessment of Software
Engineering Languages and Technologies (WEASELTech'07)},
month = nov,
year = {2007},
)
⌖
Thomas A. Alspaugh, Susan Elliott Sim, Kristina Winbladh, Mamadou Diallo, Hadar Ziv, and Debra J. Richardson
.
Clarity for stakeholders
: Empirical evaluation of ScenarioML, use cases, and sequence diagrams
.
In
Fifth International Workshop on Comparative Evaluation in Requirements Engineering (CERE’07), pages 1–10,
16 Oct. 2007
.
We studied the clarity of three requirements forms, operationalized as ease of problem detection, freedom from obstructions to understanding, and understandability by a variety of stakeholders. A set of use cases for an industrial system was translated into ScenarioML scenarios and into sequence diagrams; problems identified during each translation were noted; and all three forms were presented to a range of system stakeholders, who were interviewed before and after performing tasks using the forms. The data was analyzed, and convergent results were triangulated across data sources and methods. The data indicated that ScenarioML scenarios best support requirements clarity, then sequence diagrams but only for stakeholders experienced with them, and finally use cases as the least clear form.
@InProceedings( Alspaugh+Sim+2007-csee,
author = {Alspaugh, Thomas A. and Sim, Susan Elliott and
Winbladh, Kristina and Diallo, Mamadou and Ziv, Hadar
and Richardson, Debra J.},
title = {Clarity for Stakeholders: Empirical Evaluation of
{ScenarioML}, Use Cases, and Sequence Diagrams},
booktitle = {{Fifth International Workshop on Comparative
Evaluation in Requirements Engineering (CERE'07)}},
month = oct,
year = {2007},
pages = {1--10},
)
⌖
Mamadou H. Diallo, Leila Naslavsky, Hadar Ziv, Thomas A. Alspaugh, and Debra J. Richardson
.
Evaluating software architectures against requirements-level scenarios
.
In
Third International Workshop on the Role of Software Architecture for Testing and Analysis (ROSATEA’07),
10–11 July 2007
.
Scenarios have been used to express requirements and system behavior throughout software development. Scenarios are used with different representation and semantics across software phases, and these can be related. This paper argues for exploring scenarios as one means for mapping requirements to architecture as well as evaluating architectures against requirements-level scenarios. Additionally, our approach facilitates consistency-checking between requirements and architectures. In our approach, software requirements take the form of ontology-based scenarios, while architectures are described using both structural and behavioral models. Mapping from requirements to architectures is modeled explicitly, then the mapping-model is used to evaluate architectures against original requirements-level scenarios.
@InProceedings( Diallo+Naslavsky+2007-esaa,
author = {Diallo, Mamadou H. and Naslavsky, Leila and Ziv,
Hadar and Alspaugh, Thomas A. and Richardson, Debra J.},
title = {Evaluating Software Architectures Against
Requirements-level Scenarios},
booktitle = {Third International Workshop on the Role of Software
Architecture for Testing and Analysis (ROSATEA'07)},
month = jul,
year = {2007},
)
⌖
Rand Waltzman, Kristina Winbladh, Thomas A. Alspaugh, and Debra J. Richardson
.
In the requirements lies the power
.
In
International Conference on Software Engineering and Knowledge Engineering (SEKE’07),
9–11 July 2007
.
To produce better quality software at reasonable cost, we propose requirements-based testing, in which testing is driven directly from the requirements and faults that prevent the product from meeting its requirements are detected. Our approach makes use of requirements in the form of goals and scenarios. From these we generate test scenarios that drive the system under test through particular paths of the scenarios, and a test harness that verifies the system follows the particular path and meets its conditions. Because our test scenarios are derived directly from the requirements, a major benefit of the process of writing test scenarios is the identification of poorly formulated requirements. We applied our approach to a sample software system and to mutants of it generated by MuJava. Our approach was effective at finding implementation faults that caused the system to diverge from the requirements.
@InProceedings( Waltzman+Winbladh+2007-rlp,
author = {Waltzman, Rand and Winbladh, Kristina and Alspaugh,
Thomas A. and Richardson, Debra J.},
title = {In the Requirements Lies the Power},
booktitle = {International Conference on Software Engineering and
Knowledge Engineering (SEKE'07)},
month = jul,
year = {2007},
)
2006
⌖
Lihua Xu, Hadar Ziv, Thomas A. Alspaugh, and Debra J. Richardson
.
An architectural pattern for non-functional dependability requirements
.
Journal of Systems and Software, 79(10):1370–1378,
Oct. 2006
.
We address the research question of transforming dependability requirements into corresponding software architecture constructs, by proposing first that dependability needs can be classified into three types of requirements and second, an architectural pattern that allows requirements engineers and architects to map the three types of dependability requirements into three corresponding types of architectural components. The proposed pattern is general enough to work with existing requirements techniques and existing software architectural styles, including enterprise and product-line architectures.
@Article( Xu+Ziv+2006-apnf,
author = {Xu, Lihua and Ziv, Hadar and Alspaugh, Thomas A. and
Richardson, Debra J.},
title = {An architectural pattern for non-functional
dependability requirements},
journal = {Journal of Systems and Software},
volume = {79},
number = {10},
month = oct,
year = {2006},
pages = {1370--1378},
)
⌖
Kristina Winbladh, Thomas A. Alspaugh, Hadar Ziv, and Debra J. Richardson
.
An automated approach for goal-driven, specification-based testing
.
In
21st International Conference on Automated Software Engineering (ASE 2006), pages 289–292,
18–22 Sep. 2006
.
This paper presents a specification-based approach that addresses several known challenges including false positives and domain knowledge errors. Our approach begins with a goal graph and plans. Source code is annotated with goals and events and precompiled to emit those at run time. Plans are automatically translated into a rule-based recognizer. An oracle is produced from the pre- and postconditions associated with the plan’s goals. When the program is executed, goals and events are emitted and automatically tested against plans and oracles. The concept is demonstrated on a small example and a larger publicly available case study.
@InProceedings( Winbladh+Alspaugh+2006-aagd,
author = {Winbladh, Kristina and Alspaugh, Thomas A. and Ziv,
Hadar and Richardson, Debra J.},
title = {An Automated Approach for Goal-driven,
Specification-based Testing},
pages = {289--292},
booktitle = {21st International Conference on Automated Software
Engineering (ASE 2006)},
month = sep,
year = {2006},
)
⌖
Thomas A. Alspaugh, Eric Baumer, and Bill Tomlinson
.
On a mixed-methods evaluation of a social-agent scenario visualization
.
In
Fourth International Workshop on Comparative Evaluation in Requirements Engineering (CERE’06), pages 60–65,
11 Sep. 2006
.
Scenarios are a well-explored technique for working with and understanding a system’s requirements. However, comprehending a large group of scenarios for a system can be difficult, especially for non-experts. Our previous work proposed that visualizing scenarios using social animated characters could assist this process. However, assessing the efficacy of visualization techniques can be challenging. This paper proposes that a mixed-method study combining qualitative and quantitative analysis can be effective for evaluating a social visualization of a group of scenarios. Specifically, we found that the quantitative data addressed focused hypotheses, while the qualitative data gave us insight into the nature of scenarios in requirements, the goals of scenario visualization, and how the technology can support these goals more effectively. Both forms of analysis can be valuable and mutually reinforcing in developing and evaluating effective social visualizations of scenarios, and by extension for other work in RE as well.
@InProceedings( Alspaugh+Baumer+Tomlinson2006-mmes,
author = {Alspaugh, Thomas A. and Baumer, Eric and Tomlinson,
Bill},
title = {On a Mixed-Methods Evaluation of a Social-Agent
Scenario Visualization},
pages = {60--65},
booktitle = {{Fourth International Workshop on Comparative
Evaluation in Requirements Engineering (CERE'06)}},
month = sep,
year = {2006},
)
⌖
Thomas A. Alspaugh, Bill Tomlinson, and Eric Baumer
.
Using social agents to visualize software scenarios
.
In
ACM Symposium on Software Visualization (SOFTVIS’06), pages 87–94,
4–5 Sep. 2006
.
Enabling nonexperts to understand a software system and the scenarios of usage of that system can be challenging. Visually modeling a collection of scenarios as social interactions can provide quicker and more intuitive understanding of the system described by those scenarios. This project combines a scenario language with formal structure and automated tool support (ScenarioML) and an interactive graphical game engine featuring social autonomous characters and text-to-speech capabilities. We map scenarios to social interactions by assigning a character to each actor and entity in the scenarios, and animate the interactions among these as social interactions among the corresponding characters. The social interactions can help bring out these important aspects: interactions of multiple agents, pattern and timing of interactions, non-local inconsistencies within and among scenarios, and gaps and missing information in the scenario collection. An exploratory study of this modeling’s effectiveness is presented.
@InProceedings( Alspaugh+Tomlinson+Baumer2006-usav,
author = {Alspaugh, Thomas A. and Tomlinson, Bill and Baumer,
Eric},
title = {Using Social Agents to Visualize Software Scenarios},
booktitle = {ACM Symposium on Software Visualization (SOFTVIS'06)},
month = sep,
year = {2006},
pages = {87--94},
)
⌖
Kristina Winbladh, Thomas A. Alspaugh, Hadar Ziv, and Debra J. Richardson
.
Architecture-based testing using goals and plans
.
In
Second International Workshop on the Role of Software Architecture for Testing and Analysis (ROSATEA’06),
17 July 2006
.
This paper presents a specification-based testing approach that compares software specifications defined at different levels of abstraction, e.g. architecture and implementation, against specified system goals. We believe that a goal-driven approach that connects several development artifacts through verification of specified goals provides useful traceability links between those artifacts as well as an efficient testing technique. Our approach begins with a system goal graph in which high-level goals are step-wise refined into low-level functional goals that can be realized as code components. Each of the architectural components is associated with a plan that describes the component’s functional behavior. Source code is annotated with goals from plans and events that achieve the goals; code is then precompiled to emit those goals and events at run time. Plans are automatically translated into a rule-based recognizer. An oracle is produced from the pre- and post-conditions associated with the plan’s goals. When the program executes, the goals and events emitted are automatically tested against the plans and expected results. As components achieve their component-level plans, a higher-level plan recognizer, concerned with the integration of components, can verify correct system behavior over the interaction trace of a collection of lower-level plans. A small example illustrates the concept.
@InProceedings( Winbladh+Alspaugh+2006-abtu,
author = {Winbladh, Kristina and Alspaugh, Thomas A. and Ziv,
Hadar and Richardson, Debra J.},
title = {Architecture-based Testing Using Goals and Plans},
booktitle = {Second International Workshop on the Role of Software
Architecture for Testing and Analysis (ROSATEA'06)},
month = jul,
year = {2006},
)
⌖
Eric Baumer, Bill Tomlinson, Man Lok Yau, and Thomas A. Alspaugh
.
Normative echoes
: use and manipulation of player generated content by communities of NPCs
.
In
Artificial Intelligence and Interactive Digital Entertainment (AIIDE-06),
20–23 June 2006
.
Normative Echoes is an interactive installation that explores ways to combine player-created content with procedural content. Animated autonomous agents inhabit virtual islands on stationary computers; a tablet PC is used as a virtual raft to transfer agents between the islands. The agents on each island communicate with one another and form scenario-based computational representations of their social interactions. These scenarios represent emergent social patterns and norms within the society. Humans can communicate with the animated autonomous agents through the use of a microphone. Utterances spoken by participants are parsed, repeated, and learned by agents, then used by the agents in communications with their social partners. When transferred between islands, agents bring with themselves the utterances and norms they have learned, thus spreading those norms throughout the various communities in the installation. In this way, agents can meaningfully perform procedural operations on player-created content, allowing for a dynamic and engaging experience.
@InProceedings( Baumer+Tomlinson+2006-neum,
author = {Baumer, Eric and Tomlinson, Bill and Yau, Man Lok and
Alspaugh, Thomas A.},
title = {Normative Echoes: use and manipulation of player
generated content by communities of {NPC}s},
booktitle = {Artificial Intelligence and Interactive Digital
Entertainment (AIIDE-06)},
month = jun,
year = {2006},
)
⌖
Mamadou H. Diallo, Jose Romero-Mariona, Susan Elliot Sim, Thomas A. Alspaugh, and Debra J. Richardson
.
A comparative evaluation of three approaches to specifying security requirements
.
In
12th International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ’06),
5–6 June 2006
.
As software systems and networks continue to evolve, so do threats to their security. Unfortunately, most security issues come to light only after completion of the system because security is often managed in an ad hoc fashion late in the software lifecycle. There are many advantages to incorporating security specification into the requirements phase and a number of approaches have been proposed. In this paper, we present a comparative evaluation of three such approaches: The Common Criteria, Misuse Cases, and Attack Trees. We applied each of these approaches to a common problem, a wireless hotspot, and evaluated them for learnability, usability, solution inclusiveness, clarity of output, and analyzability. We found that each approach has strengths and weaknesses, and that they can be complimentary when combined. The Common Criteria are difficult to learn and use, but are easy to analyze. Misuse Cases are easy to learn and use, but produces output that is hard to read. In contrast, Attack Trees produce clear output, but are difficult to analyze.
@InProceedings( Diallo+Romero-Mariona+2006-ceta,
author = {Diallo, Mamadou H. and Romero-Mariona, Jose and Sim,
Susan Elliot and Alspaugh, Thomas A. and Richardson,
Debra J.},
title = {A Comparative Evaluation of Three Approaches to
Specifying Security Requirements},
booktitle = {12th International Working Conference on Requirements
Engineering: Foundation for Software Quality
({REFSQ}'06)},
month = jun,
year = {2006},
)
2005
⌖
Leila Naslavsky, Thomas A. Alspaugh, Debra J. Richardson, and Hadar Ziv
.
Using scenarios to support traceability
.
In
3rd International Workshop on Traceability in Emerging Forms of Software Engineering (TEFSE’05),
Nov. 2005
.
Software traceability is a recognized problem in software development that can be alleviated with requirements management tools. Traceability information can be used in a number of different software engineering activities such as software change impact analysis and testing. One main challenge to automation of software testing is mapping modeling to code concepts. The level of granularity and the semantics supported by available requirements management tools does not, however, fully support such mapping, nor more sophisticated requirement change impact analysis. Scenarios have been used as an alternative (and sometimes complementary) way to express requirements and system behavior throughout the software phases. Their use has different representation and semantics across software phases, which can be related. This paper argues for exploring scenarios as one means for tracing requirements to code, and using this information to leverage automation of activities that benefit from traceability such as change impact analysis and software testing.
@InProceedings( Naslavsky+Alspaugh+2005-usst,
author = {Naslavsky, Leila and Alspaugh, Thomas A. and
Richardson, Debra J. and Ziv, Hadar},
title = {Using Scenarios to Support Traceability},
booktitle = {3rd International Workshop on Traceability in
Emerging Forms of Software Engineering (TEFSE'05)},
month = nov,
year = {2005},
)
⌖
Lihua Xu, Hadar Ziv, Debra Richardson, and Thomas A. Alspaugh
.
An architectural pattern for non-functional dependability requirements
.
In
ICSE 2005 Workshop on Architecting Dependable Systems (WADS 2005), pages 1–6,
15–17 Aug. 2005
.
We address the research question of transforming dependability requirements into corresponding software architecture constructs. by proposing first that dependability needs can be classified into three types of requirements and second, an architectural pattern that allows requirements engineers and architects to map dependability requirements into three corresponding types of architectural components. The proposed pattern is general enough to work with existing requirements techniques and existing software architectural styles, including enterprise and product-line architectures.
@InProceedings( Xu+Ziv+2005-apnf,
author = {Xu, Lihua and Ziv, Hadar and Richardson, Debra and
Alspaugh, Thomas A.},
title = {An architectural pattern for non-functional
dependability requirements},
booktitle = {ICSE 2005 Workshop on Architecting Dependable Systems
(WADS 2005)},
month = aug,
year = {2005},
pages = {1--6},
)
⌖
Thomas A. Alspaugh, Debra J. Richardson, Thomas A. Standish, and Hadar Ziv
.
Scenario-driven specification-based testing against goals and requirements
.
In
11th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ’05), pages 201–216,
13–14 June 2005
.
We describe a new verification and validation (V&V) approach based on comparing actual system behavior in the form of captured goal-annotated event traces with expected behavior expressed by requirements scenarios that are tied to system requirements goals. We believe our V&V approach can leverage requirements engineering work in a fruitful manner that leads to improved software quality because it offers six potential benefits in the form of improved capabilities for: (1) higher-yield testing, (2) distinguishing false positives, (3) defining test coverage metrics, (4) detecting domain-analysis errors, (5) validating top-level requirements, and (6) efficiently controlling the degree of retesting. We use examples to explain how our method can attain these six potential benefits. If our goal/requirements-based V&V techniques can succeed in realizing these six potential benefits, we believe they will lead to improved requirements practices that, in turn, can successfully attain improved software quality.
@InProceedings( Alspaugh+Richardson+2005-sdsb,
author = {Alspaugh, Thomas A. and Richardson, Debra J. and
Standish, Thomas A. and Ziv, Hadar},
title = {Scenario-driven Specification-based Testing against
Goals and Requirements},
booktitle = {11th International Workshop on Requirements
Engineering: Foundation for Software Quality
({REFSQ}'05)},
month = jun,
year = {2005},
pages = {201--216},
)
⌖
Thomas A. Alspaugh, Debra J. Richardson, and Thomas A. Standish
.
Scenarios, state machines, and purpose-driven testing
.
In
Fourth International Workshop on Scenarios and State Machines: Models, Algorithms and Tools (SCESM’05), pages 1–5,
21 May 2005
.
Testing is a necessary but frequently expensive activity that is needed to ensure software quality. For large, complex systems, testing based on covering all control flow or all data flow paths is intractable. But focusing on tests that are purpose-driven, namely on tests that are derived from system requirements and that test whether requirements goals are met, significantly reduces the size of a “complete” test suite for the system while simultaneously increasing confidence that the system performs as expected. Scenarios and state machines provide a useful framework for modeling and analysis of purpose-driven testing. Scenarios are sequences of events that represent purposeful uses of a system (or of its components, to any desired degree of detail). State machines, in the form of recursive transition diagrams, can model the successive refinement of requirements goals into architectures and implementations, and testing them using purpose-driven scenario-based tests provides early validation of that refinement. Formulating sets of scenarios that capture and represent a complete-enough set of requirements ensures that a test suite covering them explores all important regions of a system’s state space. The scenario-based tests will predict with high confidence which system goals have been met, and, certainly, which have not. This position paper sketches elements of our approach to purpose-driven testing using scenarios and state machines.
@InProceedings( Alspaugh+Richardson+Standish2005-ssmp,
author = {Alspaugh, Thomas A. and Richardson, Debra J. and
Standish, Thomas A.},
title = {Scenarios, State Machines, and Purpose-Driven Testing},
booktitle = {Fourth International Workshop on Scenarios and State
Machines: Models, Algorithms and Tools (SCESM'05)},
month = may,
year = {2005},
pages = {1--5},
)
2004
2003
⌖
Thomas A. Alspaugh and Annie I. Antón
.
Contrasting use case, goal, and scenario analysis of the Euronet system
.
In
11th IEEE Joint International Conference on Requirements Engineering (RE’03), pages 355–356,
8–12 Sep. 2003
.
In this research, we compare three related requirements engineering efforts: an industrial effort based on use cases; a case study analyzing these use cases by means of goal analysis; and a case study analyzing the same use cases with an integrated scenario analysis approach.
@InProceedings( Alspaugh+Anton2003-cucg,
author = {Alspaugh, Thomas A. and Ant{\'o}n, Annie I.},
title = {Contrasting Use Case, Goal, and Scenario Analysis of
the {Euronet} System},
booktitle = {11th {IEEE} Joint International Conference on
Requirements Engineering ({RE}'03)},
month = sep,
year = {2003},
pages = {355--356},
)
⌖
William Stufflebeam, Annie I. Antón, and Thomas A. Alspaugh
.
SMaRT — scenario management and requirements tool
.
In
11th IEEE Joint International Conference on Requirements Engineering (RE’03), page 351,
8–12 Sep. 2003
.
Requirements elicitation, derivation, refinement, and specification are all very time and effort intensive activities. With effective tool support, the time and effort required for these activities can be significantly reduced. The right tool will also reduce the learning curve for individuals new to Requirements Engineering by simplifying the requirements phase in its entirety. To this end, we will demonstrate the Scenario Management and Requirements Tool (SMaRT). It provides an intuitive web-based interface that supports analysts as they input, manage, view, analyze, and work with scenarios and their associated episodes, requirements, goals, obstacles, and pre- and postconditions. The tool also supports project management functions, and over the course of the next few years it will grow to encompass greater functionality through the implementation of: similarity measures to aid in the automatic identification of probable duplication, syntactic indicators of scenario dependencies, notifiers of probable coverage gaps, procedural guidance for analysts, as well as revision and evolution tracking mechanisms.
@InProceedings( Stufflebeam+Anton+Alspaugh2003-ssmr,
author = {Stufflebeam, William and Ant{\'o}n, Annie I. and
Alspaugh, Thomas A.},
title = {{SMaRT} --- Scenario Management and Requirements Tool},
booktitle = {11th {IEEE} Joint International Conference on
Requirements Engineering ({RE}'03)},
month = sep,
year = {2003},
pages = {351},
)
2002
⌖
Thomas A. Alspaugh
.
Scenario networks and formalization for scenario management
.
PhD thesis, North Carolina State University, 23 Sep. 2002
.
Scenarios are widely used to specify the behavior of software due to their informality and accessibility. However, their informality makes them difficult to analyze and manage. We address these difficulties with two complementary approaches, one syntactic and one semantic, that add a small amount of structure to scenarios to allow automated analyses and support. The syntactic approach represents a scenario as a set of attribute-value pairs, some of which may also be viewed as events, each of which is an actor-action pair, that are arranged in a sequence. This representation supports the use of episodes (shared subsequences of events) to show dependency relationships between scenarios and to help maintain those relationships as the scenarios evolve. The representation also supports automated measures of similarity between scenarios, to find duplicates or near-duplicates, searching in a collection of scenarios, and assess requirements coverage and completeness of the collection. The representation can be analyzed for consistency of various attributes within individual scenarios. The semantic approach integrates the scenarios that describe a system into a network that expresses which scenarios can follow each other. The network expresses the context expected by the events of each scenario and the temporal relationships between the scenarios. This information is either implicit or incomplete for an ordinary collection of scenarios. Construction of a scenario network provides process guidance for assessing and improving completeness and consistency of the scenario collection. A scenario network represents equivalence relationships between scenarios, and these relationships can be used to organize and classify the scenarios and to maintain the temporal relationships between scenarios as the scenarios evolve. A scenario network can be analyzed to evaluate completeness of the scenario collection and several kinds of consistency between scenarios in the collection. Together the syntactic and semantic approaches form an effective approach for addressing the scenario management problem, which has not been effectively addresses heretofore.
@PhDThesis( Alspaugh2002-snfs,
author = {Alspaugh, Thomas A.},
title = {Scenario networks and formalization for scenario
management},
school = {North Carolina State University},
address = {Raleigh, NC},
month = sep,
year = {2002},
)
2001
⌖
Annie I. Antón, Julia B. Earp, Colin Potts, and Thomas A. Alspaugh
.
The role of policy and stakeholder privacy values in requirements engineering
.
In
Fifth IEEE International Symposium on Requirements Engineering (RE’01), pages 138–145,
27–31 Aug. 2001
.
Diverse uses of information technology (IT) in organizations affect privacy. Developers of electronic commerce, database management, security mechanisms, telecommunication and collaborative systems should be aware of these effects and acknowledge the need for early privacy planning during the requirements definition activity. Public concerns about the collection of personal information by consumer-based Web sites have led most organizations running such sites to establish and publish privacy policies. However, these policies often fail to align with prevalent societal values on one hand and the operational functioning of web-based applications on the other. Assuming that such misalignments stem from imperfect appreciation of consequences and not an intent to deceive, we discuss concepts, tools and techniques to help requirements engineers and IT policy makers bring policies and system requirements into better alignment. Our objective is to encourage RE researchers and practitioners to adopt a more holistic view of application and system specification, in which a system or application is seen as an engine of policy enforcement and values attainment.
@InProceedings( Anton+Earp+2001-rpsp,
author = {Ant{\'o}n, Annie I. and Earp, Julia B. and Potts,
Colin and Alspaugh, Thomas A.},
title = {The Role of Policy and Stakeholder Privacy Values in
Requirements Engineering},
booktitle = {Fifth IEEE International Symposium on Requirements
Engineering ({RE}'01)},
month = aug,
year = {2001},
pages = {138--145},
)
⌖
Thomas A. Alspaugh and Annie I. Antón
.
Scenario networks
: A case study of the Enhanced Messaging System
.
In
7th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ’01), pages 113–124,
4–5 June 2001
.
Scenarios are widely used to specify desired system behavior. In this paper, we discuss a case study of an enhanced voice messaging system, in which the scenarios describing it were assembled into a scenario network. In a scenario network, each scenario is connected to those that may follow it. The resulting scenario network provides a specification of the entire system. The process of creating the scenario network improved the quality of the resulting specification by enabling us to identify gaps and inconsistencies that reviews and walkthroughs had not uncovered. Production of a scenario network compels analysts to improve the coverage and correctness of a set of scenarios, thereby improving the requirements engineering process and the resulting documentation.
@InProceedings( Alspaugh+Anton2001-sncs,
author = {Alspaugh, Thomas A. and Ant{\'o}n, Annie I.},
title = {Scenario Networks: A case study of the {E}nhanced
{M}essaging {S}ystem},
booktitle = {7th International Workshop on Requirements
Engineering: Foundation for Software Quality
({REFSQ}'01)},
month = jun,
year = {2001},
pages = {113--124},
)
2000
1999
⌖
Thomas A. Alspaugh, Annie I. Antón, Tiffany Barnes, and Bradford W. Mott
.
An integrated scenario management strategy
.
In
Fourth IEEE International Symposium on Requirements Engineering (RE’99), pages 142–149,
7–11 June 1999
.
Scenarios have proven effective for eliciting, describing and validating software requirements; however, scenario management continues to be a significant challenge to practitioners. One reason for this difficulty is that the number of possible relations among scenarios grows exponentially with the number of scenarios. If these relations are formalized, they can be more easily identified and supported. To provide this support, we extend the benefits of project-wide glossaries with two complementary approaches. The first approach employs shared scenario elements to identify and maintain common episodes among scenarios. The resulting episodes impose consistency across related scenarios and provide a way to visualize their interdependencies. The second approach quantifies similarity between scenarios. The resulting similarity measures serve as heuristics for finding duplicate scenarios, scenarios needing further elaboration, and scenarios which have not yet been identified yielding valuable information about how well the scenarios provide coverage of the requirements. These two approaches, integrated with a scenario database, project glossaries, configuration management, and coverage analysis, form the basis of a useful and effective strategy for scenario management and evolution.
@InProceedings( Alspaugh+Anton+1999-isms,
author = {Alspaugh, Thomas A. and Ant{\'o}n, Annie I. and
Barnes, Tiffany and Mott, Bradford W.},
title = {An Integrated Scenario Management Strategy},
booktitle = {Fourth {IEEE} International Symposium on Requirements
Engineering ({RE}'99)},
month = jun,
year = {1999},
pages = {142--149},
)
1992
⌖
Thomas A. Alspaugh, Stuart R. Faulk, Kathryn Heninger Britton, R. Alan Parker, David L. Parnas, and John E. Shore
.
Software requirements for the A-7E aircraft
.
NRL Memorandum Report 3876
.
Naval Research Laboratory, Washington, DC
.
31 Aug. 1992
.
This document is the second published release of the Software Requirements of the A-7E Aircraft [ref NRL Memorandum Report 3876]
. The first release, published in November 1978, introduced a new approach to specifying requirements for real-time embedded systems in the form of an engineering model
. That document has been perhaps the most successful of the publications of NRL’s Software Cost Reduction project in terms of the interest generated and the number of copies requested since its introduction
. In spite of its success (in a sense, because of it) the specification has changed in many details over the years. This is not the result of flaws in its design, but the fulfillment of its creators’ vision that the requirements should be a “living document;” i.e., that it would serve as the primary reference document for system designers, as well as the authoritative “test to” document for program validation, and be useful throughout the system development process. Because the document has served these purposes as well, it has changed over the years as requirements became better understood. Further, since the document is intended to serve as a model document, we have felt free to change it as better specifications techniques have been developed. This release represents the accumulation of those changes from the original publication in November 1978 to the end of the SCR project in December 1988.
In spite of many changes in its particulars, the reader will find the document remarkably unchanged in its overall structure and approach. One of the principles guiding the original design was that because requirements change, the requirements specification should be easy to change. As a result, incremental changes and improvements have been easy to accommodate over the years without disrupting the essential document structure.[Chmu82]
This remainder of this preface gives a brief overview of the software requirements specification methodology developed as part of the Software Cost Reduction (SCR) project at the Naval Research Laboratory. A good description of the role of requirements specification in the development process is given in [Heni80] and [Hest81].
@TechReport( Alspaugh+Faulk+1992-sra7,
author = {Alspaugh, Thomas A. and Faulk, Stuart R. and Heninger
Britton, Kathryn and Parker, R. Alan and Parnas, David
L. and Shore, John E.},
title = {Software Requirements for the {A-7E} Aircraft},
type = {NRL Memorandum Report},
number = {3876},
institution = {Naval Research Laboratory},
address = {Washington, DC},
month = aug,
year = {1992},
)
