Abstract- A wide range of inconsistencies can arise during requirements engineering as goals and requirements are elicited from multiple stakeholders. Resolving such inconsistencies sooner or later in the process is a necessary condition for successful development of the software implementing those requirements. The paper first reviews the main types of inconsistency that can arise during requirements elaboration, defining them in an integrated framework and exploring their interrelationships. It then concentrates on the specific case of conflicting formulations of goals and requirements among different stakeholder viewpoints or within a single viewpoint. A frequent, weaker form of conflict called divergence is introduced and studied in depth. Formal techniques and heuristics are proposed for detecting conflicts and divergences from specifications of goals / requirements and of domain properties. Various techniques are then discussed for resolving conflicts and divergences systematically by introduction of new goals or by transformation of specifications of goals/objects towards conflict-free versions. Numerous examples are given throughout the paper to illustrate the practical relevance of the concepts and techniques presented. The latter are discussed in the framework of the KAOS methodology for goal-driven requirements engineering.

Modern window-based user interface systems generate user interface events as natural products of their normal operation. Because such events can be automatically captured and because they indicate user behavior with respect to an application's user interface, they have long been regarded as a potentially fruitful source of information regarding application usage and usability. However, because user interface events are typically voluminos and rich in detail, automated support is generally required to extract information at a level of abstraction that is useful to investigators interested in analyzing application usage or evaluating usability. This survey examines computer-aided techniques used by HCI practitioners and researchers to extract usability-related information from user interface events. A framework is presented to help HCI practitioners and researchers categorize and compare the approaches that have been, or might fruitfully be, applied to this problem. Because many of the techniques in the research literature have not been evaluated in practice, this survey provides a conceptual evaluation to help identify some of the relative merits and drawbacks of the various classes of approaches. Ideas for future research in this area are also presented. This survey addresses the following questions: How might user interface events be used in evaluating usability? How are user interface events related to other forms of usability data? What are the key challenges faced by investigators wishing to exploit this data? What approaches have been brought to bear on this problem and how do they compare to one another? What are some of the important open research questions in this area?

Certified code is a general mechanism for enforcing security properties. In this paradigm, untrusted mobile code carries annotations that allow a host to verify its trustworthiness. Before running the agent, the host checks the annotations and proves that they imply the host's security policy. Despite the flexibility of this scheme, so far, compilers that generate certified code have focused on simple type safety properties rather than more general security properties.

Mobile devices, such as mobile phones and personal digital assistants, have gained wide-spread popularity. These devices will increasingly be networked, thus enabling the construction of distributed applications that have to adapt to changes in context, such as variations in network bandwidth, battery power, connectivity, reachability of services and hosts, and so on. In this paper we describe CARISMA, a mobile computing middleware which exploits the principle of reflection to enhance the construction of adaptive and context-aware mobile applications. The middleware provides software engineers with primitives to describe how context changes should be handled using policies. These policies may conflict. We classify the di#erent types of conflicts that may arise in mobile computing and argue that conflicts cannot be resolved statically at the time applications are designed, but, rather, need to be resolved at execution time. We demonstrate a method by which policy conflicts can be handled; this method uses a micro-economic approach that relies on a particular type of sealed-bid auction. We describe how this method is implemented in the CARISMA middleware architecture, and sketch a distributed context-aware application for mobile devices to illustrate how the method works in practise. We show, by way of a systematic performance evaluation, that conflict resolution does not imply undue overheads, before comparing our research to related work and concluding the paper.

This paper introduces declarative event patterns (DEPs) as a means to implement protocols while improving their traceability, comprehensibility, and maintainability. DEPs are descriptions of sequences of events in the execution of a system that include the ability to recognize properly nested event structures. DEPs allow a developer to describe a protocol at a high-level, without the need to express extraneous details. A developer can indicate that specific actions be taken when a given pattern occurs. DEPs are automatically translated into the appropriate instrumentation and automaton for recognizing a given pattern. Support for DEPs has been implemented in a proof-of-concept extension to the AspectJ language that is based on advanced compiler technology. A case study is described that compares the use of DEPs in the implementation of a protocol (FTP user authentication) to the use of a set of other approaches, both object-oriented and aspect-oriented.

This paper presents a classification scheme for research efforts in requirements engineering. For those readers who are not familiar with requirements engineering, it is intended to provide an overview and a coherent framework for further study.

Empirical evaluation of software systems in actual usage situations is critical in software engineering. Prototyping, beta testing, and usability testing are widely used to refine system requirements, detect anomalous or unexpected system and user behavior, and to evaluate software usefulness and usability. The World Wide Web enables cheap, rapid, and large-scale distribution of software for evaluation purposes. However, current techniques for collecting usage data have not kept pace with the opportunities presented by Web-based deployment. This paper presents an approach and prototype system that makes large-scale collection of usage data over the Internet a practical possibility. A general framework for comparing software monitoring systems is presented and used to compare the proposed approach to existing techniques.

Abstract. This paper considers the problem of runtime system deviations from requirements specifications. Such deviations may arise from lack of anticipation of possible behaviors of environment agents at specification time, or from evolving conditions in this environment. We discuss an architecture for on-the-fly monitoring and customization of requirements and design so as to reduce the gap between the system requirements and its runtime behavior. The architecture is deployed on three scenarios of requirements-execution reconciliation for the Meeting Scheduler system. The work builds on our previous work on goal-driven requirements engineering and on runtime requirements monitoring.

A method for scenario-based requirements engineering is described. The method uses two types of scenario: structure models of " the system context and scripts of system usage. A modelling language is reported for describing scenarios, and heuristics are given to crosscheck dependencies between scenario models and the requirements specification. Heuristics are grouped into several anah,tic treatments that investigate correspondences between users' goals and system fimctions; input events and system processes to deal with them: system output and its destination in the scenario model, and acceptability anah,sis of system output for different stakehoMetw. The method is i/htstrated with a case study taken from the London Ambulance Service report. The prospects for scenario-based requirements engineering and related work are discussed.

This paper proposes a framework for monitoring the compliance of systems composed of web-services with requirements set for them. This framework assumes systems composed of webservices that are co-ordinated by a service composition process expressed in BPEL4WS and uses event calculus to specify the properties to be monitored. The monitorable properties may include behavioural properties of a system which are automatically extracted from the specification of its composition process in BPEL4WS and/or assumptions that system providers can specify in terms of events extracted from this specification.