Abstract. The introduction of information technologies in health care systems often requires to re-engineer the business processes used to deliver care. Obviously, the new and re-engineered processes are observationally different and thus we cannot use existing model-based techniques to argue that they are somehow “equivalent”. In this paper we propose a method for passing from SI*, a modeling language for capturing and modeling functional, security, and trust organizational and system requirements, to business process specifications and vice versa. In particular, starting from an old secure business process, we reconstruct the functional and security requirements at organizational level that such a business process was supposed to meet (including the trust relations that existed among the members of the organization). To ensure that the re-engineered business process meets the elicited requirements, we employ a notion of equivalence based on goal-equivalence. Basically, we verify if the execution of the business process, described in terms of the trace it generates, satisfies the organizational model. We motivate and illustrate the method with an e-health case study. 1

Goal-orientation is a widespread and useful approach to Requirements Engineering. However, quality assessment frameworks focused on goaloriented processes are either limited or remain on the theoretical side. Requirements quality initiatives range from simple metrics applicable to requirements documents, to general-purpose quality frameworks that include syntactic, semantic and pragmatic concerns. In some recent works, we have proposed a metrics framework for goal-oriented models, but the approach did not cover the cycle of quality assessment. In this paper we present a semiotic-based quality assessment proposal built upon the i * framework and the SEQUAL proposal. We propose a simplification of SEQUAL which can be applied to i * models by defining semantic, pragmatic and social metrics. As a result, we obtain suites of metrics that can be applied to i * goaloriented requirements models. This theoretical work is put into practice by using iStarML, a XML representation of i * models, over which XQuery sentences compute the proposed metrics.

Abstract. Security is a major issue in developing software systems. It is widely recognized that security aspects must be considered in all the phases of the development process from the analysis of the organizational context to the final implementation of the software system. However, current approaches for designing secure systems only target particular security aspects at specific stages of the development process. A unified process combining these different approaches is still missing. This paper surveys several existing techniques and discuss the need of a general framework for integrating them into a single development process. 1

E-government refers to the introduction of digital technologies into public administrations and it is assuming a pivotal role in many countries, including Italy. In particular, the supply of on-line services by public administrations represents a rapidly expanding phenomenon. The objective of the paper is to support system designer in the development of IT systems that comply with regulations that govern the use of technologies in public administrations. Thus, taking as running example a tax portal and its authentication issues, we look at the general principles and rules that govern institutional sites and portals, as established in the Italian Public Administration Code. We also show how Security Requirements Engineering methodologies can assist system designers in their activities.

Goal-orientation is a widespread and useful approach to Requirements Engineering. However, quality assessment frameworks focused on goaloriented processes are either limited or remain on the theoretical side. Requirements quality initiatives range from simple metrics applicable to requirements documents, to general-purpose quality frameworks that include syntactic, semantic and pragmatic concerns. In some recent works, we have proposed a metrics framework for goal-oriented models, but the approach did not cover the cycle of quality assessment. In this paper we present a semiotic-based quality assessment proposal built upon the i * framework and the SEQUAL proposal. We propose a simplification of SEQUAL which can be applied to i * models by defining semantic, pragmatic and social metrics. As a result, we obtain suites of metrics that can be applied to i * goaloriented requirements models. This theoretical work is put into practice by using iStarML, a XML representation of i * models, over which XQuery sentences compute the proposed metrics.