extending problem frames to deal with stakeholder problems: an agent- and goal-oriented approach sam...
TRANSCRIPT
Extending Problem Frames to Deal with Stakeholder Problems:
An Agent- and Goal-Oriented Approach
Sam Supakkul
Lawrence ChungThe University of Texas at Dallas
http://www.skystef.be/images/Lightning/slides/2008-06-02-1818-Kampenhout.jpg
A storm is coming…Is it a problem?
http://www.alphabetgolf.co.uk/alphabetgolf.co.uk/Outdoor%20Party%20Dance.jpg
Yes, if we want outdoor fun
http://earthfirst.com/wp-content/uploads/2008/09/egypt-drought.jpghttp://coofweb.deza.admin.ch/pictures/nepal/nrm/en_maize_farmer.jpg
No, if we’re dying for it
want healthy crops
Same phenomenon
problem blessing
http://www.batt69.com/wp-content/uploads/2008/09/little-boy-who-didnt-buy-an-eddie-bauer-umbrella-he-got-caught-in-the-rain.gif
phenomenon negatively affects someone’s goals
“Storm” causal phenomenon
“have outdoor fun”goal
negativelyaffect
“Being wet” situational phenomenon
cause
How to deal with stakeholder problems in software related applications?
London Ambulance Services (LAS)1994 manual dispatch debacle
http://www.publicrecordsguy.com/wp-content/uploads/jayci-yaeger.jpghttp://upload.wikimedia.org/wikipedia/commons/thumb/b/bc/London_Ambulance_at_Abbey_Road.jpg/800px-London_Ambulance_at_Abbey_Road.jpghttp://www.geograph.org.uk/photos/67/30/673019_1ca5dedb.jpghttp://www.lancashire.police.uk/uploads/pics/hatecrime3.jpg
Nasima Begum with liver condition
4 emergency calls
died before ambulance arrived in 53 minutes
Source:http://pro.corbis.com/images/42-15211039.jpg?size=67&uid={e94b3c3f-0338-426a-8bb8-a1289c55c307}http://www.raf-upper-heyford.org/Vehicle_Ops_Dispatch_office.jpghttp://www.dr-dude.com/images/PaperStack.jpghttp://www.royblakeley.name/roy_james_blakeley/lyndon_johnson_situation_room19680216.jpghttp://www.keepnitsimple.org/images/purestock_1574r-01116.medium.jpg
“Physical movement of incident forms”operation
“Ineffective comm. in the call center” situation
a sub-problem of
cause
“Ineffective manual dispatch”situation
negatively affect
Nasima’s “safety” goal
LAS was developing a CAD system in early 90’s
http://upload.wikimedia.org/wikipedia/commons/thumb/b/bc/London_Ambulance_at_Abbey_Road.jpg/800px-London_Ambulance_at_Abbey_Road.jpghttp://www.mobilecomms-technology.com/projects/astrid/images/new1.jpghttp://www.ukemergency.co.uk/ambulance/dsc09044.jpghttp://upload.wikimedia.org/wikipedia/commons/thumb/4/44/London_Ambulance_on_Hamilton_Terrace_.jpg/250px-London_Ambulance_on_Hamilton_Terrace_.jpg
solves?
How to ensure system solves stakeholder problem?
1992CAD
Resources
DispatchAmbulanceIncidents
Calls
d
a
b
c
d: MD!{DispatchAmbulance, DispatchHelecopter}
e
f
g
a: CA!{EmergencyCall} e: CA!{AmbulanceRequest}f: IN!{Incident}b: MD!{TrackIncident, ServiceIncident}
c: RE!{ReportStatus, ReportLoc,} g: RE!{Status, Location, Dispatch}
Requirements and specifications = software problem
Machinedomain
GivenDomain
DesignedDomain
Requirement
Requirement reference
Interface
Legend
phenomena
domains
requirementsspecifications
Software problem = what to be built by developers
software problem solves stakeholder problem?
solves?
How to make sure
1992CAD
Resources
DispatchAmbulanceIncidents
Calls
d
a
b
c
d: MD!{DispatchAmbulance, DispatchHelecopter}
e
f
g
a: CA!{EmergencyCall} e: CA!{AmbulanceRequest}f: IN!{Incident}b: MD!{TrackIncident, ServiceIncident}
c: RE!{ReportStatus, ReportLoc,} g: RE!{Status, Location, Dispatch}
“A problem unstated is a problem unsolved”-- Douglas Ross, 1977
Concepts to represent
negatively affect
Sub-problem of
cause
Nasima’s “safety” goal“Ineffective manual dispatch” situation
“Ineffective comm. in the call center” situation
“Physical movement of incident forms” operation
softgoalsoft-problem
UndesirableSituation
UndesirableMechanism
sub-problem
Legend
UndesirableSituation
UndesirableMechanism
Agent NFRsoftgoal
Opera.softgoal And
++Make
+Help Contrib. Correlation
Legend
– ––BreakHurt
Claim
stakeholder problem = Phenomenon…negatively affects someone’s goalsIneffective manual dispatch breaks patient’s safety
Safety
– –
Ineffectiveness
wanttopic
topic
Patient
ManualDispatch
AmbulanceDispatch
Type[Topic]
Patient Safety[Patient]
SafetyPatient
want
i*/Tropos
Extension
topic
Legend
UndesirableSituation
UndesirableMechanism
Agent NFRsoftgoal
Opera.softgoal And
++Make
+Help Contrib. Correlation
Legend
– ––BreakHurt
Claim
stakeholder problem = phenomenon…hurts someone’s goalsIneffective manual dispatch breaks patient’s safety
Safety
InjurySickness
– –
EmergencyCare
Ineffectiveness
–Timeliness
want
topic
topic
want
topic
++topic
Patient
ManualDispatch
AmbulanceDispatch
– –
Safety
InjurySickness
– –
EmergencyCare
Ineffectiveness
–Timeliness
want
topic
topic
want
topic
++topic
Patient
ManualDispatch
AmbulanceDispatch
Ineffectiveness[CommInCallCenter] ++
PhysicalMovement[IncidentForms]
– –
Ineffectiveness[StatusLocationCommWithAmbulance]
...Legend
UndesirableSituation
UndesirableMechanism
Agent NFRsoftgoal
Opera.softgoal And
++Make
+Help Contrib. Correlation
Legend
– ––BreakHurt
Claim
stakeholder problem = phenomenon…affects someone’s goalsIneffective manual dispatch affects patient’s safety
Root-cause analysis
Ineffectiveness[ManualDispatch]
Ineffectiveness[CommWihtinDispatchCenter]
Ineffectiveness[CommWithAmbulance]
VerbalComm[WithAmbulance]
++
VerbalComm[TrackLocation]
VerbalComm[TrackStatus]
++
++
PhysicalMovement[IncidentForm]
CrewForgetsToCall[StatusReport]
CrewForgetsToCall[StatusReport]
++
Problem Interdependency Graph(PIG)
Solving stakeholder problems
negatively affect
Sub-problem of
cause
Nasima’s “safety” goal“Ineffective manual dispatch” situation
“Ineffective comm. in the call center” situation
“Physical movement of incident forms” operation
Prevent
Detect
Contain/quarantine
Recover
Solving stakeholder problem
Ineffectiveness[ManualDispatch]
Ineffectiveness[CommWihtinDispatchCenter]
Ineffectiveness[CommWithAmbulance]
++
PhysicalMovement[IncidentForm]
SoftwareBasedInformation
– –
FasterConveyerBelt
–
Timeliness[EmergencyCare]
– –
VerbalComm
– –
– – Accuracy
–
Integrated Problem Interdependency Graph (PIG)and Softgoal Interdependency Graph (SIG)
CreditCardTheft
Stolen[CreditCards]
UnauthorizedAccess[WebSite]
...
SecurityMeasures
want
Hacker
Stakeholder problem sufficiently addressed?
^ (AND)
Ineffectiveness
Ineffectiveness[CommInCallCenter]
Ineffectiveness[StatusLocationCommWithAmbulance]
...
SoftwareBasedForms
MobileTrackingDevice
1992 Computer Aided Dispatch (CAD) System
...
PhysicalMovement[IncidentForms]
VerbalComm
OR
AND
v (OR)
AND
OR
software problem solves stakeholder problem?
solves?
How to make sure
ManualDispatch
Resources
AmbulanceDispatch
Incidents
SafetyInjurySickness
– –
recover
EmergencyCare
Ineffectiveness
++
–
1992CAD
IneffectivenessPIG(Fig. 7)
wantTimeliness
want
topic
topic
Performance(ORCON)
want
CADResources
topic
– –
ComputerAidedDispatch
++
++
– –
topic
a
b
topic
+
c ++
Patient
Caller
Bystander
Government
ef
a
c
b
g
«refine»
d
d: MD!{DispatchAmbulance, DispatchHelecopter}
a: CA!{EmergencyCall} e: CA!{AmbulanceRequest}f: IN!{Incident}b: MD!{TrackIncident, ServiceIncident}
c: RE!{ReportStatus, ReportLoc,} g: RE!{Status, Location, Dispatch}
Ineffectiveness[ManualDispatch]
Ineffectiveness [IncidentLocationIdentifaction]
Ineffectiveness[Communication]
Ineffectiveness[DuplicateCallHandling]
Ineffectiveness[CallHandling]
Ineffectiveness[CallbackHandling]
Ineffectiveness[SpecialIncidentIdentification]
Incomplete [IncidentLocation]
Inaccurate[IncidentLocation]
Ineffectiveness[CommWihtinDispatchCenter]
Ineffectiveness[StatusLocCommWithAmbulance]
Unfamilarity[IncidentLoc]
++ ++
PhysicalMovement[IncidentForm]
VerbalComm[WithAmbulance]
++++
++
HumanJudgement[DuplicateCallHandling]
CallerLeavingPostToConsultAllocator
HumanJudgement[SpecialIncidentIdentification]
++
++
CallerUnfamilarity[IncidentLoc]
CallTakerUnfamilarity[IncidentLoc]
VerbalComm[TrackLocation]
VerbalComm[TrackStatus]
HaveCallerRefertoPhoneBoxID
ComputerBasedGazetteerWithPhoneBoxID
– –
SoftwareBasedInformation
RadioBasedAutomatedTrackingDevice
– –
RadioBasedStatusInputDevice
SoftwareBasedDupCallDetection
AutomaticVehicleLocationSystem
MobileDataTerminal
++ ++
– – – –
Timeliness
– – – – – –
– –
AutomateResourceAllocation
ComputerAidedDispatch
Integrated PIG - SIGExtended problem diagram
Ineffectiveness[ManualDispatch]
Ineffectiveness [IncidentLocationIdentifaction]
Ineffectiveness[Communication]
Ineffectiveness[DuplicateCallHandling]
Ineffectiveness[CallHandling]
Ineffectiveness[CallbackHandling]
Ineffectiveness[SpecialIncidentIdentification]
Incomplete [IncidentLocation]
Inaccurate[IncidentLocation]
Ineffectiveness[CommWihtinDispatchCenter]
Ineffectiveness[StatusLocCommWithAmbulance]
Unfamilarity[IncidentLoc]
++ ++
PhysicalMovement[IncidentForm]
VerbalComm[WithAmbulance]
++++
++
HumanJudgement[DuplicateCallHandling]
CallerLeavingPostToConsultAllocator
HumanJudgement[SpecialIncidentIdentification]
++
++
CallerUnfamilarity[IncidentLoc]
CallTakerUnfamilarity[IncidentLoc]
VerbalComm[TrackLocation]
VerbalComm[TrackStatus]
HaveCallerRefertoPhoneBoxID
ComputerBasedGazetteerWithPhoneBoxID
– –
SoftwareBasedInformation
RadioBasedAutomatedTrackingDevice
– –
RadioBasedStatusInputDevice
SoftwareBasedDupCallDetection
AutomaticVehicleLocationSystem
MobileDataTerminal
++ ++
– – – –
potential missing solution
Timeliness
– – – – – –
– –
AutomateResourceAllocation
ComputerAidedDispatch
potential overlooked problem or gold-plating solution
Benefits of integrated problem- and goal-oriented analysis
Ineffectiveness[ManualDispatch] problem vs. 1992 CAD solution
ManualDispatch
Resources
AmbulanceDispatch
Incidents
SafetyInjurySickness
– –
recover
EmergencyCare
Ineffectiveness
++
–
1992CAD
IneffectivenessPIG(Fig. 7)
wantTimeliness
want
topic
topic
Performance(ORCON)
want
CADResources
topic
– –
ComputerAidedDispatch
++
++
– –
topic
a
b
topic
+
c ++
Patient
Caller
Bystander
Government
e f
a
c
b
g
«refine»
d
d: MD!{DispatchAmbulance, DispatchHelecopter}
a: CA!{EmergencyCall} e: CA!{AmbulanceRequest}f: IN!{Incident}b: MD!{TrackIncident, ServiceIncident}
c: RE!{ReportStatus, ReportLoc,} g: RE!{Status, Location, Dispatch}
Ineffectiveness[ManualDispatch]
Ineffectiveness [IncidentLocationIdentifaction]
Ineffectiveness[Communication]
Ineffectiveness[DuplicateCallHandling]
Ineffectiveness[CallHandling]
Ineffectiveness[CallbackHandling]
Ineffectiveness[SpecialIncidentIdentification]
Incomplete [IncidentLocation]
Inaccurate[IncidentLocation]
Ineffectiveness[CommWihtinDispatchCenter]
Ineffectiveness[StatusLocCommWithAmbulance]
Unfamilarity[IncidentLoc]
++ ++
PhysicalMovement[IncidentForm]
VerbalComm[WithAmbulance]
++++
++
HumanJudgement[DuplicateCallHandling]
CallerLeavingPostToConsultAllocator
HumanJudgement[SpecialIncidentIdentification]
++
++
CallerUnfamilarity[IncidentLoc]
CallTakerUnfamilarity[IncidentLoc]
VerbalComm[TrackLocation]
VerbalComm[TrackStatus]
HaveCallerRefertoPhoneBoxID
ComputerBasedGazetteerWithPhoneBoxID
– –
SoftwareBasedInformation
RadioBasedAutomatedTrackingDevice
– –
RadioBasedStatusInputDevice
SoftwareBasedDupCallDetection
AutomaticVehicleLocationSystem
MobileDataTerminal
++ ++
– – – –
Timeliness
– – – – – –
– –
AutomateResourceAllocation
ComputerAidedDispatch
Limitations
• behavioral solutions not traceable todomain and phenomena
• non- behavioral solutions not traceable
UndesirableSituation NFR Softgoal
UndesirableMechanism
OperationalizingSoftgoal
mirror image
mirror image
Observations
Syntactic Semantic
Soft-problem Softgoal
Problem ≠ negated goal
Solution ≠ negated problem
not the same
Ineffective[ManualDispatch]
Unsafety
not solution for
StormNo Storm
Conclusion
• Contributions– stakeholder problems representation
Soft-problem (Undesirable Situation, Undesirable Mechanism)
– Integrated root-cause and solution analysisPIG - SIG
– Traceability: agents, goals, stakeholder problems, s/w problemsExtended problem diagram
• Future Work– Detailed traceability solutions and domains/phenomena– Integration with negative models
e.g. anti-goal and abuse frames
Ineffectiveness
Ineffectiveness[CommInCallCenter]
Ineffectiveness[StatusLocationCommWithAmbulance]
...
SoftwareBasedForms
MobileTrackingDevice
1992 Computer Aided Dispatch (CAD) System
...
PhysicalMovement[IncidentForms]
VerbalComm
PIG – Problem Interdependency Graph
noproblem
Thank you
Proposition
Goal
ContributionClaim
SoftProblemSoftgoal
Decomposition SatisficingOperationalizingSoftgoal
NFRSoftgoal
UndesirableSituation
UndesirableMechanism
Eql And Or
CorrelationSatisficing
DirectSatisficing
Make Help
Hurt Break
Requirement
ReferencedPhenomenon
RefInterfaceEndPoint
RequirementReference
MachineDomain
DesignedDomain
GivenDomain
Domain
InterfaceConstrainReference
ReferReference
ControlledPhenomenon
parent
offspring
Agent
Hardgoal
Topic
SomePlus
SomeMinus
1..*
1..*
1..*
generalize
Problem
HardProblem
Stakeholder Adversary
TopicEndPointType
0..*
controller
1
SharedPhenomenon
1
1..*
1
1 1
1
1
11
1
1..*
1..*
Want
1
1..*
Impact
1
SatisficingLabel
Undecided
Denied
Satisficed
WeaklySatisficed
WeaklyDenied
0..*
1
1..*
1..*
0..* 0..*
StakeholderWant
AdversaryWant
Conflict
realize
ProblemFramePhenomenon
Phenomenon
0..1
Phenomenon
...Individual
Relation
Softgoal
Stakeholder
Specification
Design
MachineDomain
[11]
Legend
adoptedmeta-element
extendedmeta-element
proxy of existing meta-element
caused by
Prevent the cause
Detect
Benefits of using goal-oriented reasoning
caused by
Crew’s “safe return” goal“Loss of power and oxygen” situation
“explosion of fuel cells” phenomenon
affect
Contain/quarantine
Recover
http://www.diegm.uniud.it/create/Handbook/techniques/List/Immagini/FishboneDiagram.gif
Fishbone Diagram
http://www.qualitytrainingportal.com/resources/problem_solving/images/fault_tree.gif
Fault Tree
Lin Liu, Eric Yu, and John Mylopoulos, “Security and Privacy Requirements Analysis within a Social Setting“, RE’03
The i* Framework
Axel van Lamsweerde, “Elaborating Security Requirements by Construction of Intentional Anti-Models”, ICSE’04
Anti-goal
Guttorm Sindre and Andreas L. Opdahl, “Eliciting security requirements with misuse cases”, RE Journal, 2005
Misuse Cases
L.Lin, et. al, “Analysing Security Threats and Vulnerabilities Using Abuse Frames”, Technical Report, October 2003
Abuse Frames
Steven J. Bleistein, Karl Cox, and June Verner, “Validating strategic alignment of organizational IT requirements using goal modeling and problem diagrams”, Journal of Systems and Software, 2005
An integration of goals and problem frames