RE'19 | Tutorials

Tutorials

A series of tutorials will be held in conjunction with RE'19 to develop skills in and advance awareness of requirements engineering practices. Tutorials will be held before the main conference on Monday - Tuesday, September 23 - 24, 2019.

	Monday, September 23, 2019
T05	Requirements Reuse and Reusability: Product Lines, Cases and Feature‐Similarity Models (Half-day: Afternoon)
T07	RE4CPS: Requirements Engineering for Cyber-Physical Systems (Half-day: Morning)
T08	Using Metamodeling for Requirements Engineering: A Best-Practice with ADOxx (Half-day: Afternoon)
~~T09~~	~~Working Session on CORE (Crowdsourcing an Ontology of Requirements Engineering approaches) (Full-day)~~ *[CANCELLED]*

	Tuesday, September 24, 2019
T01	Security Requirements Engineering: From TARA to PenTest (Half-day: Morning)
T02	Usable and Secure Requirements Engineering with CAIRIS (Half-day: Afternoon)
~~T03~~	~~Requirements Engineering in a highly uncertain and dynamic business environment: Lessons learned from the first 1000 days of a venture-capital-backed US startup (Half-day: Morning)~~
T04	Strategies for data and computation movements in fog computing (Half-day: Afternoon)
T06	Specifying Requirements through Interaction Design (Half-day: Afternoon)

T01 - Security Requirements Engineering: From TARA to PenTest

Cybersecurity is of a growing concern across industries. It is today not anymore nice to have, because systems are interconnected, and in one way or the other open for external penetration. Even worse security directly impacts functionality, user experience and safety, and thus has become subject to product liability. For instance, functional safety is not feasible without a concise approach to cover cyber security. OEMs and suppliers across industries must ensure an effective protection against manipulations of IT and SW systems. Key points in the development of protected E/E systems are the proper identification of security requirements, the systematic traceability of security functions, and a security validation to demonstrate that security requirements have been met. Based on our experiences with own product development and with client projects around the world, we will show typical challenges and highlight suitable security guidance. We show with concrete examples how these practices improve developing secure systems and how these activities can be performed efficiently. The tutorial brings the necessary underlying foundations of security requirements engineering. It will introduce to the basic RE concepts in cybersecurity, such as identifying assets, developing a Threat and Risk Analysis (TARA), deriving security requirements, and connecting them with the necessary traceability to design and test. A specific focus is given to novel test methods in cybersecurity which directly base upon RE techniques, such as Penetration testing and its link to misuse cases, abuse case and confuse cases. To facilitate good transfer of results, the tutorial will have two hands‐on interactive sessions, namely to develop a TARA with quality requirements engineering, and to derive a grey‐box PenTest with traceability to requirements.

Date

Tuesday, September 24, 2019 (Half-day: Morning)

Presenter

Christof Ebert
Vector Consulting Services, Germany

Christof Ebert is managing director at Vector Consulting Services. He supports clients around the world to sustainably improve product strategy and product development and to manage technology changes. He serves on a number of advisory and industry bodies and is a professor at the University of Stuttgart in Germany and Sorbonne in Paris where he is teaching requirements engineering. Prior to that, he held engineering and management positions for fifteen years with an IT industry leader. Dr. Ebert is well‐qualified for this tutorial as a worldwide leading expert in product development. For the leading journal “IEEE Software” he is since many years department editor for “Software Technology”. Over the years he had set up, managed and optimized several engineering sites and supported numerous companies in improving their product developments. He is the author of the best‐selling book "Global Software and IT" published by Wiley and IEEE in 2012 and "Systematic Requirements Engineering" which appeared in both Germany and China as best‐selling RE book. He serves on the executive board of the IEEE International Conference on Global Software Engineering (ICGSE) series.

Back to overiew

T02 - Usable and Secure Requirements Engineering with CAIRIS

Software needs to satisfy a range of security, privacy, and usability requirements. Eliciting them entails using design techniques both within and outside Requirements Engineering, together with tool-support which can analyse and make sense of requirements and other design concepts as early stage designs evolve. This half-day tutorial introduces participants to CAIRIS, and how it can be used to engineer requirements for usable and secure software. Participants will be given the chance to use CAIRIS with selected usability and security design techniques, and learn how CAIRIS has and can be deployed in real-world projects.

Date

Tuesday, September 24, 2019 (Half-day: Afternoon)

Presenters

Shamal Faily
Bournemouth University, UK

Dr Shamal Faily is a Principal Lecturer in Systems Security Engineering at Bournemouth University and maintainer of the open-source CAIRIS platform; his research explores how the design of interactive secure systems can be better supported with design techniques and software tools, particularly those from Requirements Engineering. Shamal has also been a PC member and external reviewer for several security and usability conferences, including ARES, Trust, CHI, EICS, and British HCI. Shamal has been a co-organiser of the annual ESPRE workshop between 2014 and 2018, and was the general co-chair of British HCI 2016. Prior to joining Bournemouth University in 2013, Shamal has delivered material in HCI Security and design to postgraduate students at the University of Oxford and UCL for several years. Since joining BU, Shamal has designed and delivered an advanced undergraduate and postgraduate taught course on Security by Design. This unit includes material on CAIRIS.

Duncan Ki-Aries
Bournemouth University, UK

Duncan Ki-Aries is a final year PhD student in Cybersecurity at Bournemouth University; his research explores how techniques from Requirements Engineering can be used to assess risk in complex systems-of-systems. Duncan’s work has appeared in leading security and system engineering venues such as Computers & Security and the IEEE SoSE, in addition to ESPRE 2017 and ESPRE 2018. Duncan is one of the organising chairs of the ESPRE 2019 workshop. Duncan has used and extended CAIRIS extensively as part of his doctoral research. Duncan has also assisted in the delivery of the Security by Design unit delivered to advanced undergraduate and postgraduate students at Bournemouth University, and has expertise delivering classes and labs on CAIRIS.

Back to overiew

T03 - Requirements Engineering in a highly uncertain and dynamic business environment: Lessons learned from the first 1000 days of a venture-capital-backed US startup [CANCELLED]

Learn about the many competing aims, challenges, and trade-offs involved in leading and doing Requirements Engineering (RE) in a highly dynamic and uncertain environment of a venture-capital-backed New York City startup Fr8Hub ( https://www.fr8hub.com ) which runs a marketplace for over-the-road logistics services across North America. How to set up RE roles, responsibilities, and processes in such an environment? How and why did these change during the first 1000 days of this business? Which concepts, methods, and tools from RE research worked, and why? Which ones we tried and failed to get results from? How does RE - representations, models, and elicitation, representation, validation, verification methods - interface with corporate strategy, finance, product design, engineering, marketing, sales, and business intelligence? How do the priorities of speed and scale influence how RE is organized and done? Which research questions did this fieldwork lead to? I will discuss these questions together with the audience during the tutorial, while showing actually applied RE methods, processes, and artifacts; I will be describing actual situations, find out potential courses of action with the audience, and describe actual choices we made, and their outcomes. Beyond the role of RE in those situations, the aim is to stimulate discussion about the use of long term fieldwork in RE research, what can be gained through it, and how this one worked out.

Date

Tuesday, September 24, 2019 (Half-day: Morning)

Presenter

Ivan Jureta
University of Namur, Belgium

Ivan Jureta is a tenured scientist with Fonds de la Recherche Scientifique - FNRS, and associate professor at the University of Namur, teaching requirements engineering and decision analysis. He has published 90+ papers on requirements engineering and conceptual modeling, and two books, "Analysis and Design of Advice" and "The Design of Requirements Modeling Languages". Since 2015, he has served as Head of Product at Fr8Hub; prior to this, he was active mostly in corporate strategy, product ownership, and product design aspects in other startups and spinoffs, resulting in digital services that today serve more than 500.000 people every day.

Back to overiew

T04 - Strategies for data and computation movements in fog computing

Fog computing is a continuum of resources between the cloud provider and the edge of the network. Such resources can be used to host data and computation that can be moved from the cloud provider to near the consumer in order to increase the quality of the services provided. This tutorial presents a method to select the best data or computation movement to be enacted. The tutorial is divided in three sessions. The first session introduces the fog computing architecture. The second session introduces data and computation movement: their challenges and the available technologies used to enact them. The third session presents the actual method. In particular, how the method uses a goal-based modelling language to define the requirements of consumers, the impact of data and computation movements on their requirements and how it permits to choose the best movement.

Date

Tuesday, September 24, 2019 (Half-day: Afternoon)

Presenters

Pierluigi Plebani
Polytechnic University of Milan, Italy

Pierluigi Plebani is Assistant Professor at Dipartimento di Elettronica, Informazione e Bioingegneria, Politecnico di Milano (Italy), where he also received the Ph.D. in Information Engineering. His research interests concern Service Oriented Architectures based on Fog and Cloud environments, and Business Process Management with IoT.

Mattia Salnitri
Polytechnic University of Milan, Italy

Mattia Salnitri is a postdoctoral research fellow at Dipartimento di Elettron- ica, Informazione e Bioingegneria of Politecnico di Milano (Italy). His research interests include software engineering, requirement engineering, security requirement enforcement and alignment, fog computing. He has published over 20 papers in international journals, conferences and workshops.

Monica Vitali
Polytechnic University of Milan, Italy

Monica Vitali is a postdoctoral researcher at the Dipartimento di Elettronica, Informazione e Bioingegneria, Politecnico di Milano (Italy), and Senior Lecturer at the Computing Science Department, University of Umea (Sweden). She has been visiting Ph.D. candidate at MIT, Cambridge (Massachusetts - US). She is interested in adaptation and monitorability in cloud and fog computing, in adaptive and self-adaptive systems and services, and in machine learning tech- niques for adaptation. She has published over 30 papers in international journals, conferences and workshops.

Back to overiew

T05 - Requirements Reuse and Reusability: Product Lines, Cases and Feature‐Similarity Models

Several socio‐economic trends are increasing personalised customer demands. Suppliers are responding with mass customisation but the management of large‐scale cost‐effective software reuse remains a difficult challenge. Software reuse and reusability range from operational, ad‐hoc and short‐term to strategic, planned and long‐term. Often the focus of attention is just on code or low‐level design. This tutorial presents and compares two different requirementsled approaches. The first approach deals with requirements reuse and reusability in the context of product line engineering. The second approach deals with requirements reuse and reusability in the context of case‐based reasoning. Both approaches have different key properties and trade‐offs between the costs of making software artefacts reusable and the benefits of reusing them. To aid large‐scale development we have proposed a Feature‐Similarity Model, which draws on both approaches to facilitate discovering requirements relationships using similarity metrics. A Feature‐Similarity Model also helps with the evolution of a product line, since new requirements can be introduced first into a case base and then gradually included into a product line representation.

Date

Monday, September 23, 2019 (Half-day: Afternoon)

Presenters

Hermann Kaindl
Vienna University of Technology, Austria

Hermann Kaindl joined the Institute of Computer Technology at TU Wien in Vienna, Austria, in early 2003 as a full professor. Prior to moving to academia, he was a senior consultant with the division of program and systems engineering at Siemens Austria. There he has gained more than 24 years of industrial experience in software development and human‐computer interaction. He has published five books and more than 240 papers in refereed journals, books and conference proceedings. He is a Senior Member of the IEEE and a Distinguished Scientist Member of the ACM, and he is on the executive board of the Austrian Society for Artificial Intelligence. He has previously run more than 50 tutorials.

Mike Mannion
Glasgow Caledonian University, Scotland, UK

Mike Mannion is Assistant Vice‐Principal (Academic) and Professor of Computing at Glasgow Caledonian University, Glasgow, Scotland, UK. He has several years’ software engineering industrial experience and his research interests include product‐line engineering, software engineering and engineering education. He is a Chartered Engineer, a member of IEEE and ACM, and a Fellow of the British Computer Society. He has published more than 50 papers and delivered more than 25 tutorials.

Back to overiew

T06 - Specifying Requirements through Interaction Design

When the requirements and the interaction design of a system are separated, they will most likely not fit together, and the resulting system will be less than optimal. Even if all the real needs are covered in the requirements and also implemented, errors may be induced by human‐computer interaction through a bad interaction design and its resulting user interface. Such a system may even not be used at all. Alternatively, a great user interface of a system with features that are not required will not be very useful as well. This tutorial explains joint modeling of (communicative) interaction design and requirements, through discourse models and ontologies. While these models were originally devised for capturing interaction design, it turned out that they can be also viewed as precisely and comprehensively specifying classes of scenarios, i.e., use cases. In this sense, they can also be utilized for specifying requirements. User interfaces for these software systems can be generated semi‐automatically from our discourse models, domain‐of‐discourse models and specifications of the requirements. This is especially useful when user interfaces tailored for different devices are needed. So, interaction design facilitates requirements engineering to make applications both more useful and usable.

Date

Tuesday, September 24, 2019 (Half-day: Afternoon)

Presenter

Hermann Kaindl
Vienna University of Technology, Austria

Back to overiew

T07 - RE4CPS: Requirements Engineering for Cyber-Physical Systems

Cyber-Physical Systems (CPSs) connect the cyber world with the physical world through a network of interrelated elements, such as sensors and actuators, robots, and other computing devices. They are inspiring increasing number of beneficial applications in dependable sectors such as aviation, transportation, aerospace, healthcare. In requirements engineer’s viewpoint, the environment, the specification and the requirements are no longer independent, they become three integral concerns of a system. With CPSs, however, the trust assumptions about the environment are no longer fixed after deriving the specification and deployment. They face an open and continuously changing environment which poses challenges for RE. For such adaptive CPSs systems, environment must be treated as the first-class runtime concern. To deal with this concern, the abstraction of the environment should model the dynamic interactions. Furthermore, the interactive elements in the environment of a CPS are interrelated and these relationships cannot be neglected when deriving the specification of the dynamics especially to satisfy non-functional requirements such as timing, safety, security and privacy, etc. This tutorial will introduce an environment modelling based approach to engineering the requirements of CPSs. Extending the Problem Frames representations, this approach structures the model of the environmental elements and provides analysis methods for deriving and specifying requirements. We deliver this tutorial with a few supporting tools that assist the modelling and verification of the system specification, demonstrated with working examples in sufficient details. After the tutorial, participants will be able to work on the environment modelling requirements engineering from their own projects, with some hands-on experience and a good knowledge of some tool support.

Date

Monday, September 23, 2019 (Half-day: Morning)

Presenters

Zhi Jin
Peking University, China

Prof. Zhi Jin is Professor in Software Engineering at Peking University, China. Her work is concerned with requirements engineering and knowledge-based software engineering. She is co-author of four books and author/co-author over 150 journal/conference publications. She serves for RE’16 as General Chair and COMPSAC’11 and KSEM’09 as Program co- Chair. She is executive editor-in-chief of Chinese Journal of Software(2013-), Associate Editor of IEEE TSE(2018-) and serves in the Editorial Board of REJ(2014-) and JCST(2010-).

Xiaohong Chen
East China Normal University, China

Dr. Xiaohong Chen is Associate Professor in Software Engineering at East China Normal University, China. Her research interests include requirements engineering and formal methods. She currently focuses on modelling and verifying timing and safety requirements of Cyber-Physical systems. She is author/co-author over 30 journal/conference publications.

Zhi Li
Guangxi Normal University, China

Dr. Zhi Li is Professor at Guangxi Normal University, China. His research interests are Problem-oriented Requirements Engineering for big data analytics, modelling and verification of cyber-physical systems. His research has been sponsored by grants from the National Natural Science Foundation of China and he has published over 20 research papers (including 2 best papers and 1 best demo paper).

Yijun Yu
The Open University, UK

Dr. Yijun Yu is a Senior Lecturer in Computing and Communications at The Open University, UK. He is interested in developing automated, efficient and scalable techniques and tools to support human activities in software engineering, including goal-oriented and problem-oriented requirements engineering. His research on requirements-driven adaptation receives a 10 Year Most Influential Paper award (CASCON16), and Best and Distinguished Paper awards at SEAMS’18, iRENICS’16, TrustCom’14, RE’13, EICS’13, RE’11, BCS’08, ASE’07.

Back to overiew

T08 - Using Metamodeling for Requirements Engineering: A Best-Practice with ADOxx

Requirement elicitation, analysis, documentation, verification and validation demand for conceptual, domain-specific modeling methods to externalise knowledge of involved stakeholders. Integrated and consistent viewpoints on these models are an important analytical instrument within the requirements engineering (RE) process to provide relevant abstractions of the system designed. Requirements specification languages support this challenge by providing the needed expressiveness to describe complex information system from a business, technical and organisational point of view, nevertheless these languages focus on a particular aspect of the process. This results in the definition of decoupled requirement artefacts and do not allow a holistic analytical assessment. Consequently, horizontal and vertical integration of such languages on a syntactic and semantic level is required to provide an adequate abstraction for involved stakeholders including traceability within the requirements engineering process. The evolution in domain-specific conceptual modeling has led to the observation that model-based requirements engineering cannot be seen isolated anymore, but needs to be understood in the context of an organisation ecosystem. RE processes and results are effected and contribute to the organisational knowledge base. In addition, the fast-paced evolution and transformation of enterprises nowadays impacts RE needs and call for an effective way to reflect these changes and updates on method and language level. Modeling tools, as an instrument to establish IT support systematically for requirements engineering, usually focus on a particular aspect (e.g. UML to define the software architecture, BPMN to identify business and organisational aspects, or i* for non-functional requirements) within the process. These tools are fit for a specific purpose but currently do not (i) support the requirement engineering life cycle holistically, (ii) provide flexibility on syntactical and semantical level amend domain-specific characteristics and functionality, and (iii) provide analytical and management functionalities to trace changes or assess the impact across abstraction layers. The tutorial discusses meta-modeling as a concept to overcome these shortcomings. Flexible extension, composition and re-use patterns enable an efficient conceptual definition of adequate, integrated meta-models fit for a concrete challenge within the requirement engineering process. The opensource meta-modeling platform ADOxx is introduces as an experimentation environment for researchers and practitioners to realise their individual meta-models and model processing functionalities for requirements engineering, resulting in domain-specificmodeling tools. Specific emphasis is given to the practical nature of the tutorial: participants are encouraged to build their individual modeling tools in a hands-on setting and experiment with the capabilities of ADOxx to implement meta-models and model processing functionalities from scratch, specialise existing abstract fragments or compose and integrate available outcomes provided by the ADOxx.org community. The individual prototypes realised as part of the tutorial are available thereafter for further refinement, assessment and evaluation.

Date

Monday, September 23, 2019 (Half-day: Afternoon)

Presenters

Dimitris Karagiannis
University of Vienna, Austria

Prof. Dr. Dimitris Karagiannis is a tenured professor in the Faculty of Computer Science of the University of Vienna. He heads the research group Knowledge Engineering (KE). His field of expertise includes Conceptual Modeling, Meta-Modeling and Artificial Intelligence. He has published several books and more than 200 reviewed articles in international conferences and journals. He is, in addition to his long-standing engagement in national and EU-funded research projects, a reviewer for the European Commission. In 1995, he founded BOC Group (www.bocgroup. com), a European software company, which provides modeling tools and consulting expertise to more than 1000 companies in different application domains around the globe. He recently initiated the Open Models Initiative (OMiLAB, www.omilab.org), a non-profit organisation headquartered in Berlin, aiming to promote common knowledge about intelligent enterprise ecosystems.

Moonkun Lee
Chonbuk National University, Republic of Korea

Prof. Dr. Moonkun Lee is affiliated with the Division of Computer Science and Engineering at Chonbuk National University, Republic of Korea. He received his bachelor, master and Ph.D degree in Computer and Information Science from the University of Pennsylvania, USA and worked at CCCC, USA, as a computer scientist developing SRE, a software re/reverse-engineering environment that has been applied to modernisation of legacy operating systems and software of in the US Navy to Ada. His main research interests include software roundtrip engineering of distributed real-time systems, formal methods, ontology, behaviour modeling and engineering to describe requirements on such system. Currently, he focusing on the domain of smart cities and intelligent factory in order to implement support for Cyber-Physical Systems with dTp-Calculus in SAVE on ADOxx and web-technologies.

Robert Andrei Buchmann
Babeş-Bolyai University, Romania

Prof. Dr. Robert Andrei Buchmann received his doctoral degree in the field of E-commerce application models from Babes-Bolyai University of Cluj Napoca, Romania, in 2005. Since then, he has been specialising in Semantic Technology and Conceptual Modeling, as enablers for Knowledge Management Systems and Enterprise Architecture Management. During 2012-2015 he occupied a postdoctoral research position at University of Vienna, focusing on Agile Modeling Method Engineering, while managing meta-modeling and requirements engineering tasks for the ComVantage FP7 project. Currently, he occupies a Professor position at Babes-Bolyai University and is a Scientific Director of the University’s Business Informatics Research Center, where his team is investigating opportunities of interplay between the paradigms of Semantic Web, Enterprise Modeling and Requirements Engineering.

Back to overiew

T09 - Working Session on CORE (Crowdsourcing an Ontology of Requirements Engineering approaches) [CANCELLED]

This working session will engage participants to develop an ontology of requirements engineering approaches. We actively seek both research and industry participation to harness the full breadth and depth of knowledge and experience of the RE community. Approaches will be mapped onto a two-dimensional chart; RE life-cycle and “maturity” of the approach (similar to Technology Readiness Level or “TRL”). Participants will propose approaches to be added to the chart and will collectively determine where each approach fits in the ontology. We will also identify the inputs to and outputs from each approach. This will allow us to show how approaches are related to one another. Attendees will benefit in a number of ways, both tangible and intangible. The session will be a rich learning environment in which ideas will be shared and new perspectives will emerge. The ontology itself will be a significant tangible asset that will provide an holistic overview of the RE domain. Participants will be able to identify approaches they can use, see areas ripe for new research and opportunities for collaboration. The session will be participatory, engaging and fun.

Date

Monday, September 23, 2019 (Full-day)

Presenters

Alistair Mavin
Independent requirements specialist, UK

Alistair Mavin (Mav) is an independent requirements specialist based in the UK. He has carried out systems engineering and requirements engineering projects in a range of industries including aerospace, automotive, defence, industrial plant design, rail and software systems. He is the lead author of EARS and EARS+ and has experience in the development and delivery of requirements engineering training and in innovation and creativity support. He was Industry Chair for RE13 and Industry Laboratory Chair for RE14. He has published numerous peer-reviewed papers on systems engineering and requirements engineering. Mav is a member of IEEE and the British Computer Society Requirements Engineering Specialist Group committee and is a chartered engineer.

Sabine Mavin
Laing O’Rourke, UK

Sabine Mavin is a researcher and practitioner in Software and Systems Engineering. She holds a PhD in requirements engineering from the Technical University of Munich, Germany. She currently works at Engineering Excellence, Laing O’Rourke, a major international construction company based in the UK. Her recent research includes the following main fields: method and tool support for requirements engineering; modeling frameworks to guide software and systems engineering, and; software and systems for state-of-the-art production within an Industry 4.0 context.

Birgit Penzenstadler
California State University Long Beach, USA and Adjunct Professor at Lappeenranta University of Technology (LUT), Finland.

Birgit Penzenstadler is an Assistant Professor at the California State University Long Beach, USA, and Adjunct Professor at Lappeenranta University of Technology (LUT), Finland. She holds a PhD in requirements engineering and a habilitation from the Technical University of Munich, Germany. Birgit is a founding member of the Sustainability Design Alliance. Her main research area is SE for Sustainability (SE4S). She has authored and co-authored over 90 peer-reviewed publications.

Colin C. Venters
University of Huddersfield, USA

Colin C. Venters is a Reader in Software Engineering at the University of Huddersfield, UK. He is a member of the High-Performance Computing research group, and group leader of the Software Engineering Incubator group at the University of Huddersfield. His main research focuses on sustainable software systems engineering from a software architecture perspective for pre-system understanding and post-system maintenance and evolution. Colin is a founding member of the Sustainability Design Alliance (http://sustainabilitydesign.org). He received his PhD in Computer Science from the University of Manchester, UK. He is a member of the ACM and IEEE.

Back to overiew

Organizers

Tutorial Co-Chair

Haruhiko Kaiya

Kanagawa University, Japan

Tutorial Co-Chair

Jennifer Horkoff

Chalmers and the University of Gothenburg, Sweden