Abstract—Scenarios are increasingly recognized as an effective means for eliciting, validating, and documenting software requirements. This paper concentrates on the use of scenarios for requirements elicitation and explores the process of inferring formal specifications of goals and requirements from scenario descriptions. Scenarios are considered here as typical examples of system usage; they are provided in terms of sequences of interaction steps between the intended software and its environment. Such scenarios are in general partial, procedural, and leave required properties about the intended system implicit. In the end such properties need to be stated in explicit, declarative terms for consistency/completeness analysis to be carried out. A formal method is proposed for supporting the process of inferring specifications of system goals and requirements inductively from interaction scenarios provided by stakeholders. The method is based on a learning algorithm that takes scenarios as examples/counterexamples and generates a set of goal specifications in temporal logic that covers all positive scenarios while excluding all negative ones. The output language in which goals and requirements are specified is the KAOS goal-based specification language. The paper also discusses how the scenario-based inference of goal specifications is integrated in the KAOS methodology for goal-based requirements engineering. In particular, the benefits of inferring declarative specifications of goals from operational scenarios are demonstrated by examples of formal analysis at the goal level, including conflict analysis, obstacle analysis, the inference of higherlevel goals, and the derivation of alternative scenarios that better achieve the underlying goals. Index Terms—Scenario-based requirements elicitation, inductive inference of specifications, goal-oriented requirements engineering, specification refinement and analysis, lightweight formal methods. 1

Abstract. This paper considers the problem of runtime system deviations from requirements specifications. Such deviations may arise from lack of anticipation of possible behaviors of environment agents at specification time, or from evolving conditions in this environment. We discuss an architecture for on-the-fly monitoring and customization of requirements and design so as to reduce the gap between the system requirements and its runtime behavior. The architecture is deployed on three scenarios of requirements-execution reconciliation for the Meeting Scheduler system. The work builds on our previous work on goal-driven requirements engineering and on runtime requirements monitoring.

As the interest in using policy-based approaches for systems management grows, it is becoming increasingly important to develop methods for performing analysis and refinement of policy specifications. Although this is an area that researchers have devoted some attention to, none of the proposed solutions address the issues of analysing specifications that combine authorisation and management policies; analysing policy specifications that contain constraints on the applicability of the policies; and performing a priori analysis of the specification that will both detect the presence of inconsistencies and explain the situations in which the conflict will occur. This paper presents a method for transforming both policy and system behaviour specifications into a formal notation that is based on Event Calculus. Additionally it describes how this formalism can be used in conjunction with abductive reasoning techniques to perform a priori analysis of policy specifications for the various conflict types identified in the literature. Finally, it presents some initial thoughts on how this notation and analysis technique could be used to perform policy refinement. 1.

Goal orientation is an increasingly recognized paradigm for eliciting, modeling, specifying and analyzing software requirements. Goals are statements of intent organized in AND/OR refinement structures; they range from high-level, strategic concerns to lowlevel, technical requirements on the software-to-be and assumptions on its environment. The operationalization of system goals into specifications of software services is a core aspect of the requirements elaboration process for which little systematic and constructive support is available. In particular, most formal methods assume such operational specifications to be given and focus on their a posteriori analysis. The paper considers a formal, constructive approach in which operational software specifications are built incrementally from higher-level goal formulations in a way that guarantees their correctness by construction. The operationalization process is based on formal derivation rules that map goal specifications to specifications of software operations; more specifically, these rules map real-time temporal logic specifications to sets of pre-, post- and trigger conditions. The rules define operationalization patterns that may be used for guiding and documenting the operationalization process while hiding all formal reasoning details; the patterns are formally proved correct once and for all. The catalog of operationalization patterns is structured according to a rich taxonomy of goal specification patterns. Our constructive approach to requirements elaboration requires a multiparadigm specification language that supports incremental reasoning about partial models. The paper also provides a formal semantics for goal operationalization and discusses several semantic features of our language that allow for such incremental reasoning.

As the interest in using policy-based approaches for systems management grows, it is becoming increasingly important to develop methods for performing analysis and refinement of policy specifications. Although this is an area that researchers have devoted some attention to, none of the proposed solutions address the issue of deriving implementable policies from high-level goals. A key part of the solution to this problem is having the ability to identify the operations, available on the underlying system, which can achieve a given goal. This paper presents an approach by which a formal representation of a system, based on the Event Calculus, can be used in conjunction with abductive reasoning techniques to derive the sequence of operations that will allow a given system to achieve a desired goal. Additionally it outlines how this technique might be used for providing tool support and partial automation for policy refinement. Building on previous work on using formal techniques for policy analysis, the approach presented here applies a transformation of both policy and system behaviour specifications into a formal notation that is based on Event Calculus. Finally, it shows how the overall process could be used in conjunction with UML modelling and illustrates this by means of an example. 1.

Reusing similar requirements fragments is among the promising ways to reduce elaboration time and increase requirements quality. This paper investigates the application of analogical reasoning techniques to complete partial requirements specifications. A case base is assumed to be available; it contains requirements frameworks involving goals, constraints, objects, actions, and agents from systems already specified. We show how a rich requirements meta-model coupled with an expressive formal assertion language may increase the effectiveness of analogical reuse. An acquisition problem is first specified by the requirements engineer as a query formulated in the vocabulary of the specification fragments built so far. Source cases and partial mappings are found by query generalization followed by search through the case base. Once analogies have been confirmed, mappings are completed by use of relevance rules that distinguish in the formal assertions what is relevant to the analogy from what is irrelevant. Best analogies are then selected and extended in such a way that logical properties of the answers to the query may be verified, thus increasing confidence in the analogy. The approach is illustrated by analogical acquisition of specifications of a meeting scheduler in the KAOS goal-oriented specification language.

Requirements engineering is concerned with the elicitation of high-level goals to be achieved by the system envisioned, the refinement of such goals and their operationalization into services and constraints, and the assignment of responsibilities for the resulting requirements to agents such as humans, devices, and software. Requirements engineering processes may often result in requirements and assumptions about agent behaviour that are too ideal; some of them are likely to be violated from time to time in the running system due to unexpected agent behaviour. The lack of anticipation of exceptional behaviors results in unrealistic, unachievable and/or incomplete requirements. As a consequence, the software developed from those requirements will inevitably result in poor performance, sometimes with critical consequences on the environment. This paper proposes systematic techniques for reasoning about obstacles to the satisfaction of goals, requirements, and assumptions elaborated in t...

Requirements engineering (RE) is concerned with the elicitation of the objectives to be achieved by the system envisioned, the operationalization of such objectives into specifications of services and constraints, the assignment of responsibilities for the resulting requirements to agents such as humans, devices and software, and the evolution of such requirements over time and across system families. Getting highquality requirements is difficult and critical. Recent surveys have confirmed the growing recognition of RE as an area of primary concern in software engineering research and practice.

Policy refinement is meant to derive lower-level policies from higher-level ones so that these more specific policies are better suited for use in different execution environments. Although it has been recognized as crucial, it has received relatively little attention. We present a policy refinement framework grounded in goal-elaboration methodologies and reactive systems analysis. Through Linear-Time Model Checking, we obtain system trace executions aimed at fulfilling lower-level goals refined with the KAOS goal-elaboration method. From system executions, we abstract managed entities, conditions and actions to encode the refined policies. We present our framework and provide a refinement scenario applied to the DiffServ QoS Management domain.

Scenarios and goals are effective and popular techniques for requirements definition. Validation is essential in order to ensure that they represent what stakeholders actually want. Rather than validating scenarios and goals separately, possibly driving the elaboration of one through the validation of the other, this paper focuses on exploiting the relation between goals and scenarios. The aim is to provide effective graphical animations as a means of validating both. Goals are objectives that a system is to meet. They are elaborated into a structure that decomposes declarative goals into goals that can be formulated in terms of events that can be controlled or monitored by the system. Scenarios are operational examples of system usage. The relation between scenarios and goals is established by means of fluents that describe how events of the operational description change the state of the basic propositions from which goals are expressed. Graphical animations are specified in terms of fluents and driven by a behaviour model synthesised from the operational scenarios. 1.