• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 1
  • 1
  • 1
  • Tagged with
  • 3
  • 3
  • 2
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Ustory-Refactory: ferramenta de refatoração de requisitos aplicada em cartões user stories (CRC Cards)

Minuzzi, Tiago da Silva 26 February 2007 (has links)
Made available in DSpace on 2015-03-05T13:58:27Z (GMT). No. of bitstreams: 0 Previous issue date: 26 / Nenhuma / O surgimento de novas metodologias ágeis para apoiar o desenvolvimento de sistemas, como a Extreme Programming (XP), vem causando impacto nas empresas de desenvolvimento de software, especialmente por sua flexibilidade nas mudanças de requisitos no decorrer do projeto. Assim, um melhor entendimento e representação estrutural dos requisitos tornam-se fundamental. Logo, esta pesquisa aplica o conceito das técnicas de refatoração de código dentro da Engenharia de Requisitos, que é focado na metodologia XP, por meios das User Stories. O trabalho aplica um conjunto de padrões e regras que permite aos requisitos expressos em cartões CRC serem refatorados através de pré e pós-condições, sendo que esses requisitos são descritos por mapas conceituais (MC) em formato OWL. Por sua vez, os MCs são convertidos em diagramas de classes da UML por meio da UML-MC que formaliza esta transformação. Dessa forma, o ambiente UStory-Refactory automatiza parcialmente o processo de refatoração e permite que os requisitos refatorados / The emergence of new agile methodologies to support systems development, as the Extreme Programming (XP), has been causing impact on software development companies, specially for its flexibility in the requirements changes during the project. Thus, a better understanding and structural representation of the requirements become basic. Then, this research applies the concept of the code refactoring techniques, inside of the Requirements Engineering, which is focused at XP methodology, through the User Stories. The work applies a set of standards and rules that allows the requirements expressed in CRC cards to be refactored through pre and post-conditions, and the requirements are described for conceptual maps (CMaps) in OWL format. In their turn, the CMaps are converted into UML classes diagrams by the UML-MC that formalizes this transformation. This way, the UStory-Refactory environment partially automatizes the refactoring process and allows the refactored requirements to be exported in OWL format, promoting
2

Consent modeling and verification: privacy regulations compliance from business goals to business processes

16 October 2020 (has links)
open / Privacy regulations impose on companies limitations about the collection, use, and disclosure of user data. One of the actions most companies undertake for this, consists in modifying their systems with processes for consent acquisition and management. Unfortunately, where systems are large and with many dependencies, they often also have little documentation, and knowledge on the system is distributed among different domain experts. These circumstances make the re-engineering of systems a tedious and complex, if not impossible, activity. This PhD Thesis proposes a model-based method with a top-down approach, for modeling consent requirements and analyzing compliance with regulations, by refinement of models from organizational structure down to business processes. The method is provided with guidelines in the form of a process and includes modeling languages and reasoning frameworks for the analysis of requirements with respect to a preset of privacy principles on consent. The Thesis includes validations with realistic scenarios and with domain practitioners from the healthcare domain. / open / sì / Information and Communication Technology / no / no / [1] DLVSYSTEM S.r.l. j DLV. [2] Driver’s Privacy Protection Act of 1994. 1994. [3] Mark S Ackerman, Lorrie Faith Cranor, and Joseph Reagle. Privacy in ecommerce: examining user scenarios and privacy preferences. In Proceedings of the 1st ACM conference on Electronic commerce, pages 1{8. ACM, 1999. [4] Alessandro Acquisti, Laura Brandimarte, and George Loewenstein. Privacy and human behavior in the age of information. Science, 347(6221):509{514, 2015. [5] James F Allen. Maintaining knowledge about temporal intervals. Communications of the ACM, 26(11):832{843, 1983. [6] Asim Ansari, Skander Essegaier, and Rajeev Kohli. Internet recommendation systems, 2000. [7] Annie I Anton. Goal-based requirements analysis. In Proceedings of the second international conference on requirements engineering, pages 136{144. IEEE, 1996. [8] Annie I Ant´on and Julia B Earp. Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems. Technical report, 2000. [9] Alessandro Artale and Enrico Franconi. A survey of temporal extensions of description logics. Annals of Mathematics and Artificial Intelligence, 30(1-4):171{ 210, 2000. [10] Paul Ashley, Satoshi Hada, Gunter Karjoth, Calvin Powers, and Matthias ¨ Schunter. Enterprise privacy authorization language (epal). IBM Research, 2003. [11] Paul Ashley, Satoshi Hada, Gunter Karjoth, and Matthias Schunter. E-p3p ¨ privacy policies and privacy authorization. In Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, pages 103{109. ACM, 2002. [12] Franz Baader, Ian Horrocks, and Ulrike Sattler. Description logics. In Handbook on ontologies, pages 3{28. Springer, 2004. [13] Adam Barth, Anupam Datta, John C Mitchell, and Helen Nissenbaum. Privacy and contextual integrity: Framework and applications. In 2006 IEEE Symposium on Security and Privacy (S&P’06), pages 15{pp. IEEE, 2006. [14] Michael JA Berry and Gordon S Linoff. Data mining techniques: for marketing, sales, and customer relationship management. John Wiley & Sons, 2004. [15] Travis D Breaux, Hanan Hibshi, and Ashwini Rao. Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements. Requirements Engineering Journal, (3):281{307. [16] Travis D Breaux, Hanan Hibshi, and Ashwini Rao. Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements. Requirements Engineering, 19(3):281{307, 2014. [17] Travis D Breaux, Daniel Smullen, and Hanan Hibshi. Detecting repurposing and over-collection in multi-party privacy requirements specifications. In 2015 IEEE 23rd international requirements engineering conference (RE), pages 166{ 175. IEEE, 2015. [18] Paolo Bresciani, Paolo Giorgini, Fausto Giunchiglia, John Mylopoulos, and Anna Perini. Tropos: an Agent-Oriented Software Development Methodology. JAAMAS, 8(3):203{236, 2004. [19] Carole Cadwalladr and E Graham-Harrison. The cambridge analytica files. The Guardian, 21:6{7, 2018. [20] Carole Cadwalladr and Emma Graham-Harrison. Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach. The Guardian, 17, 2018. [21] Lorrie Cranor. Web privacy with P3P. " O’Reilly Media, Inc.", 2002. [22] Fabiano Dalpiaz, Elda Paja, and Paolo Giorgini. Security requirements engineering: designing secure socio-technical systems. MIT Press, 2016. [23] Remco Dijkman, Marcello La Rosa, and Hajo A Reijers. Managing Large Collections of Business Process Models-Current Techniques and Challenges. Computers in Industry, 63(2):91{97, 2012. [24] Marlon Dumas, Marcello La Rosa, Jan Mendling, Hajo A Reijers, et al. Fundamentals of business process management, volume 1. Springer, 2013. [25] Benjamin Edelman. Adverse selection in online rust" certifications and search results. Electronic Commerce Research and Applications, 10(1):17{25, 2011. [26] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union, L119/59, May 2016. [27] Batya Friedman, Peter H Khan Jr, and Daniel C Howe. Trust online. Communications of the ACM, 43(12):34{40, 2000. [28] Simson L. Garfinkel. De-Identification of Personal Information. Technical report, 2015. [29] Paolo Giorgini, Fabio Massacci, John Mylopoulos, and Nicola Zannone. Modeling security requirements through ownership, permission and delegation. In Proceedings of 13th IEEE International Conference on Requirements Engineering., pages 167{176. IEEE, 2005. [30] Paolo Giorgini, John Mylopoulos, and Roberto Sebastiani. Goal-oriented requirements analysis and reasoning in the tropos methodology. Engineering Applications of AI, 18(2):159{171, 2005. [31] Seda Gurses, Carmela Troncoso, and Claudia Diaz. Engineering privacy by ¨ design. 2011. [32] Qingfeng He, Annie I Ant´on, et al. A framework for modeling privacy requirements in role engineering. In Proc. of REFSQ, volume 3, pages 137{146, 2003. [33] Alan R Hevner, Salvatore T March, Jinsoo Park, and Sudha Ram. Design science in information systems research. Management Information Systems Quarterly, 28(1):6, 2008. [34] Jerry R Hobbs and Feng Pan. Time ontology in owl. W3C working draft, 27:133, 2006. [35] Jaap-Henk Hoepman. Privacy design strategies. In IFIP International Information Security Conference, pages 446{459. Springer, 2014. [36] S Ingolfo, A Siena, and J Mylopoulos. Goals and Compliance in Nomos 3. International Conference on Conceptual Modeling, pages 275{288, 2014. [37] Christos Kalloniatis, Evangelia Kavakli, and Stefanos Gritzalis. Addressing privacy requirements in system design: the PriS method. Requirements Engineering, 13.3:241{255, 2008. [38] Michel CA Klein and Dieter Fensel. Ontology versioning on the semantic web. In SWWS, pages 75{91, 2001. [39] Nicola Leone, Gerald Pfeifer, Wolfgang Faber, Thomas Eiter, Georg Gottlob, Simona Perri, and Francesco Scarcello. The dlv system for knowledge representation and reasoning. ACM Transactions on Computational Logic (TOCL), 7(3):499{562, 2006. [40] Hector J Levesque and Ronald J Brachman. Expressiveness and tractability in knowledge representation and reasoning 1. Computational intelligence, 3(1):78{ 93, 1987. [41] Ninghui Li, Tiancheng Li, and Suresh Venkatasubramanian. t-Closeness: Privacy Beyond k-Anonymity and l-Diversity. In IEEE 23rd International Conference on Data Engineering, pages 106{115, 2007. [42] Jialiu Lin, Bin Liu, Norman Sadeh, and Jason I Hong. Modeling users’ mobile app privacy preferences: Restoring usability in a sea of permission settings. In 10th Symposium On Usable Privacy and Security (fSOUPSg 2014), pages 199{212, 2014. [43] Lin Liu, Eric Yu, and John Mylopoulos. Analyzing security requirements as relationships among strategic actors. In Submitted to the Symposium on Requirements Engineering for Information Security (SREIS’02), Raleigh, North Carolina, 2002. [44] Lin Liu, Eric Yu, and John Mylopoulos. Security and privacy requirements analysis within a social setting. In Proceedings. 11th IEEE International Requirements Engineering Conference, pages 151{161. IEEE Comput. Soc, 2003. [45] Lin Liu, Eric Yu, and John Mylopoulos. Security and privacy requirements analysis within a social setting. In Requirements Engineering Conference, 2003. Proceedings. 11th IEEE International, pages 151{161. IEEE, 2003. [46] Ashwin Machanavajjhala, Daniel Kifer, and Johannes Gehrke. l-Diversity: Privacy Beyond k-Anonymity. ACM Trans. Knowl. Discov. Data, 1(52), 2007. [47] Aleecia M McDonald and Lorrie Faith Cranor. The cost of reading privacy policies. Isjlp, 4:543, 2008. [48] Tim Moses et al. Extensible access control markup language (xacml) version 2.0. Oasis Standard, 200502, 2005. [49] Haralambos Mouratidis, Paolo Giorgini, and Gordon Manson. Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems. Technical report, 2003. [50] John Mylopoulos, Lawrence Chung, and Brian Nixon. Representing and using nonfunctional requirements: A process-oriented approach. IEEE Transactions on software engineering, 18(6):483{497, 1992. [51] Natasha Noy, Alan Rector, Pat Hayes, and Chris Welty. Defining n-ary relations on the semantic web. W3C working group note, 12(4), 2006. [52] Elda Paja, Fabiano Dalpiaz, and Paolo Giorgini. Modelling and reasoning about security requirements in socio-technical systems. Data & Knowledge Engineering, 98:123{143, 2015. [53] Elda Paja, Fabiano Dalpiaz, Mauro Poggianella, Pierluigi Roberti, and Paolo Giorgini. Specifying and reasoning over socio-technical security requirements with sts-tool. In ER, pages 504{507. Springer, 2013. [54] Jaehong Park and Ravi Sandhu. The ucon abc usage control model. ACM Transactions on Information and System Security (TISSEC), 7(1):128{174, 2004. [55] European Parliament and Council of the European Union. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Union, L119/59, 2016. [56] Marco Robol. Proprivacy v1. Mendeley Data, doi:10.17632/sm9p7jk383.1, 2019. [57] Marco Robol, Travis D Breaux, Elda Paja, and Paolo Giorgini. Consent verification under evolving privacy policies. In 2019 IEEE 27th International Requirements Engineering Conference (RE), pages 422{427. IEEE, 2019. [58] Marco Robol, Travis D Breaux, Elda Paja, and Paolo Giorgini. Consent verification monitoring. 2020. [59] Marco Robol, Travis D Breaux, Elda Paja, and Paolo Giorgini. Toward gdprcertified business processes. 2020. [60] Marco Robol, Elda Paja, Mattia Salnitri, and Paolo Giorgini. Modeling and reasoning about privacy-consent requirements. In IFIP Working Conference on The Practice of Enterprise Modeling, pages 238{254. Springer, 2018. [61] Marco Robol, Mattia Salnitri, and Paolo Giorgini. Toward gdpr-compliant socio-technical systems: modeling language and reasoning framework. In IFIP Working Conference on The Practice of Enterprise Modeling, pages 236{250. Springer, 2017. [62] Mattia Salnitri. Secure Business Process Engineering: a socio-technical approach. PhD thesis, University of Trento, 2016. [63] Mattia Salnitri, Fabiano Dalpiaz, and Paolo Giorgini. Designing secure business processes with secbpmn. Software & Systems Modeling, pages 1{21, 2015. [64] Mattia Salnitri, Elda Paja, and Paolo Giorgini. Maintaining Secure Business Processes in Light of Socio-Technical Systems’ Evolution. In EEE 24th International Requirements Engineering Conference Workshops (REW), pages 155{ 164. IEEE, sep 2016. [65] Mattia Salnitri, Elda Paja, Mauro Poggianella, and Paolo Giorgini. Sts-tool 3.0: Maintaining security in socio-technical systems. In CAiSE Forum, pages 205{212, 2015. [66] Florian Schaub, Rebecca Balebako, Adam L Durity, and Lorrie Faith Cranor. A design space for effective privacy notices. In Eleventh Symposium On Usable Privacy and Security (fSOUPSg 2015), pages 1{17, 2015. [67] Alberto Siena, Ivan Jureta, Silvia Ingolfo, Angelo Susi, Anna Perini, and John Mylopoulos. Capturing variability of law with n´omos 2. ER, 7532:383{396, 2012. [68] Alberto Siena, Anna Perini, Angelo Susi, and John Mylopoulos. A Meta-Model for Modelling Law-Compliant Requirements. In Requirements Engineering and Law (RELAW), pages 45{51. [69] Alberto Siena and Angelo Susi. Engineering Law-Compliant Requirements - The Nomos Framework. PhD thesis, University Of Trento, 2010. [70] Daniel J. Solove. A Taxonomy of Privacy. 2005. [71] Daniel J. Solove. Introduction: Privacy self-management and the consent dilemma. Harv. L. Rev., 126(7):1880, 2012. [72] S. Spiekermann and L.F. Cranor. Engineering Privacy. IEEE Transactions on Software Engineering, 35(1):67{82, jan 2009. [73] Sarah Spiekermann, Jens Grossklags, and Bettina Berendt. E-privacy in 2nd generation e-commerce: privacy preferences versus actual behavior. In Proceedings of the 3rd ACM conference on Electronic Commerce, pages 38{47. ACM, 2001. [74] Myra Spiliopoulou. Web usage mining for web site evaluation. Communications of the ACM, 43(8):127{134, 2000. [75] Latanya Sweeney. k-Anonymity: a Model for Protecting Privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(5):557{ 570, 2002. [76] Maximilian Teltzrow and Alfred Kobsa. Impacts of user privacy preferences on personalized systems. In Designing personalized user experiences in eCommerce, pages 315{332. Springer, 2004. [77] the 104th United States Congress. The Health Insurance Portability and Accountability Act of 1996. Pub. L. 104-191. Stat. 1936., 1996. [78] the 105th United States Congress. Children’s Online Privacy Protection Act of 1998. Pub. L. 105-277, 1998. [79] the 106th United States Congress. Gramm{Leach{Bliley Act of 1999. Pub. L. 106{102. Stat. 1338., 1970. [80] the 91st United States Congress. Fair Credit Reporting Act of 1970. Pub. L. 91-508. Stat. 1114-2., 1970. [81] Axel Van Lamsweerde, Robert Darimont, and Emmanuel Letier. Managing conflicts in goal-driven requirements engineering. IEEE transactions on Software engineering, 24(11):908{926, 1998. [82] Axel Van Lamsweerde and Emmanuel Letier. Handling obstacles in goaloriented requirements engineering. IEEE Transactions on software engineering, 26(10):978{1005, 2000. [83] Chris Welty, Richard Fikes, and Selene Makarios. A reusable ontology for fluents in owl. In FOIS, volume 150, pages 226{236, 2006. [84] Eric Yu. Modelling strategic relationships for process reengineering. Social Modeling for Requirements Engineering, 11:2011, 2011. [85] Nicola Zeni, Elias A.Seid, SIlvia Ingolfo, and John Mylopoulos. Building Large Models of Law with N`omosT. Conceptual Modeling ER, pages 1{17, 2017 / Robol, Marco
3

On the domain-specific formalization of requirement specifications - a case study of ETCS

Dorka, Moritz 25 August 2015 (has links)
This paper presents a piece of software to automatically extract requirements captured in Microsoft Word files while using domain knowledge. In a subsequent step, these requirements are enhanced for implementation purposes and ultimately saved to ReqIF, an XML-based file format for the exchange of specification documents. ReqIF can be processed by a wide range of industry-standard requirements management tools. By way of this enhancement a formalization of both the document structure and selected elements of its natural language contents is achieved. In its current version, the software was specifically developed for processing the Subset-026, a conceptually demanding specification document covering the core functionality of the pan-European train protection system ETCS. Despite this initial focus, the two-part design of this thesis facilitates a generic applicability of its findings: Section 2 presents the fundamental challenges of weakly structured specification documents and devotes a large part to the computation of unique, but human-readable requirement identifiers. Section 3, however, delves into more domain-specific features, the text processing capabilities, and the actual implementation of this novel software. Due to the open-source nature of the application, an adaption to other use-cases can be achieved with comparably little effort.:1 Introduction 13 1.1 Motivation 14 1.2 Previous formalization attempts 15 2 Processing specification documents 17 2.1 Structural considerations 17 2.1.1 The input format: DOC 18 2.1.2 Different parts of a specification document 20 2.1.3 The output format: ReqIF 20 2.2 Enhancing requirement content 23 2.2.1 Visualizing dependencies 25 2.2.2 Querying for data 25 2.3 Computing requirement identifiers 28 2.3.1 Unwinding complex structures: Tables 33 2.3.2 Unwinding complex structures: Other structures 37 2.3.3 Summary 38 3 The tool 41 3.1 Basic usage 41 3.1.1 Dealing with embedded media 43 3.2 ReqIF output 45 3.2.1 Data associated with a requirement artifact 46 3.2.2 Links between requirement artifacts 52 3.2.3 Issues with IBM DOORS 55 3.3 Content formalization 56 3.3.1 Detection of recurring elements 56 3.3.2 Sublist dependencies 58 3.3.3 Intra-cell requirements 59 3.3.4 Unformalizable elements 61 3.4 Inner workings 62 3.4.1 List hierarchy algorithm 64 3.4.2 Techniques for natural language content 69 3.5 Comparison to other tools 72 3.6 Applying this tool to other documents 74 3.7 EN 50128 tool qualification 76 4 Outlook 77 5 Conclusion 79 A Appendices 83 A.1 Postprocessing statistics data 83 A.1.1 Clean up spurious external links 83 A.1.2 Merge data of several tool runs 84 A.2 Subset-026 keywords 85 A.2.1 Legal obligation 85 A.2.2 Weak words 85 A.2.3 Other keywords for the implementerEnhanced-field 86 Lists of Figures, Tables and Listings 87 Glossary 89 Terms specific to this thesis 92 Bibliography 93 / Diese Arbeit befasst sich mit einer Software zur automatisierten Extraktion von Anforderungen aus Dokumenten im Microsoft Word Format unter Nutzung von Domänenwissen. In einem nachgelagerten Schritt werden diese Anforderungen für Implementierungszwecke aufgewertet und schließlich als ReqIF, einem XML-basierten Dateiformat zum Austausch von Spezifikationsdokumenten, gespeichert. ReqIF wird von zahlreichen branchenüblichen Anforderungsmanagementwerkzeugen unterstützt. Durch die Aufwertung wird eine Formalisierung der Struktur sowie ausgewählter Teile der natürlichsprachlichen Inhalte des Dokuments erreicht. Die jetzige Version der Software wurde speziell für die Verarbeitung des Subset-026 entwickelt, eines konzeptionell anspruchsvollen Anforderungsdokuments zur Beschreibung der Kernfunktionalität des europaweiten Zugsicherungssystems ETCS. Trotz dieser ursprünglichen Intention erlaubt die zweigeteilte Gestaltung der Arbeit eine allgemeine Anwendung der Ergebnisse: Abschnitt 2 zeigt die grundsätzlichen Herausforderungen in Bezug auf schwach strukturierte Anforderungsdokumente auf und widmet sich dabei ausführlich der Ermittlung von eindeutigen, aber dennoch menschenlesbaren Anforderungsidentifikatoren. Abschnitt 3 befasst sich hingegen eingehender mit den domänenspezifischen Eigenschaften, den Textaufbereitungsmöglichkeiten und der konkreten Implementierung der neuen Software. Da die Software unter open-source Prinzipien entwickelt wurde, ist eine Anpassung an andere Anwendungsfälle mit relativ geringem Aufwand möglich.:1 Introduction 13 1.1 Motivation 14 1.2 Previous formalization attempts 15 2 Processing specification documents 17 2.1 Structural considerations 17 2.1.1 The input format: DOC 18 2.1.2 Different parts of a specification document 20 2.1.3 The output format: ReqIF 20 2.2 Enhancing requirement content 23 2.2.1 Visualizing dependencies 25 2.2.2 Querying for data 25 2.3 Computing requirement identifiers 28 2.3.1 Unwinding complex structures: Tables 33 2.3.2 Unwinding complex structures: Other structures 37 2.3.3 Summary 38 3 The tool 41 3.1 Basic usage 41 3.1.1 Dealing with embedded media 43 3.2 ReqIF output 45 3.2.1 Data associated with a requirement artifact 46 3.2.2 Links between requirement artifacts 52 3.2.3 Issues with IBM DOORS 55 3.3 Content formalization 56 3.3.1 Detection of recurring elements 56 3.3.2 Sublist dependencies 58 3.3.3 Intra-cell requirements 59 3.3.4 Unformalizable elements 61 3.4 Inner workings 62 3.4.1 List hierarchy algorithm 64 3.4.2 Techniques for natural language content 69 3.5 Comparison to other tools 72 3.6 Applying this tool to other documents 74 3.7 EN 50128 tool qualification 76 4 Outlook 77 5 Conclusion 79 A Appendices 83 A.1 Postprocessing statistics data 83 A.1.1 Clean up spurious external links 83 A.1.2 Merge data of several tool runs 84 A.2 Subset-026 keywords 85 A.2.1 Legal obligation 85 A.2.2 Weak words 85 A.2.3 Other keywords for the implementerEnhanced-field 86 Lists of Figures, Tables and Listings 87 Glossary 89 Terms specific to this thesis 92 Bibliography 93

Page generated in 0.2299 seconds