Systematic Refinement of Softgoals Using a Combination of KAOS Goal Models and Problem Diagrams

  • Nelufar Ulfat-BunyadiEmail author
  • Nazila Gol Mohammadi
  • Roman Wirtz
  • Maritta Heisel
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1077)


Softgoals are goals that do not have a clear-cut criterion for their satisfaction (in contrast to so-called hardgoals). They are considered to be satisfied when there is sufficient positive and little negative evidence for this claim. Thus, they are expected to be satisfied within acceptable limits rather than absolutely. Examples of such softgoals are quality attributes such as safety, security, and trustworthiness. In a previous paper, we showed how the systematic refinement of goals can be supported by combining KAOS goal models and problem diagrams that are created based on the Six-Variable Model. Therein, we mainly focussed on hardgoals. In this paper, we show how the systematic refinement of softgoals can be supported. We mainly focus on security as a softgoal and show how it can be refined in a systematic way. However, our method can be used in the same way to systematically decompose other softgoals as well. The benefit of our method is that it results not only in detailed security requirements but helps also in making expectations to be satisfied e.g. by sensors, actuators, other systems, and users explicit.


Softgoal Goal refinement KAOS goal model Problem diagram Security goal Security concern Security requirement Assumption Expectation 



Research leading to these results received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement number 731678 (RestAssured).


  1. 1.
    van Lamsweerde, A.: Goal-oriented requirements engineering: a guided tour. In: Proceedings of RE 2001, pp. 249–263. IEEE Computer Society (2001)Google Scholar
  2. 2.
    Mylopoulos, J., Chung, L., Yu, E.: From object-oriented to goal-oriented requirements analysis. Commun. ACM 42(1), 31–37 (1999)CrossRefGoogle Scholar
  3. 3.
    Van Lamsweerde, A.: Requirements Engineering - From System Goals to UML Models to Software Specifications. Wiley, Hoboken (2009)Google Scholar
  4. 4.
    Ulfat-Bunyadi, N., Gol Mohammadi, N., Heisel, M.: Supporting the systematic goal refinement in KAOS using the Six-Variable Model. In: Proceedings of ICSOFT 2018, pp. 136–145 (2018)Google Scholar
  5. 5.
    Ulfat-Bunyadi, N., Meis, R., Heisel, M.: The six-variable model - context modelling enabling systematic reuse of control software. In: Proceedings of ICSOFT 2016, pp. 15–26 (2016)Google Scholar
  6. 6.
    Jackson, M.: Problem Frames - Analysing and Structuring Software Development Problems. Addison-Wesley, Boston (2001)Google Scholar
  7. 7.
    Zave, P., Jackson, M.: Four dark corners of requirements engineering. ACM Trans. Softw. Eng. Methodol. 6(1), 1–30 (1997)CrossRefGoogle Scholar
  8. 8.
    Parnas, D., Madey, J.: Functional documents for computer systems. Sci. Comput. Program. 25(1), 41–61 (1995)CrossRefGoogle Scholar
  9. 9.
    Haley, C.B., Laney, R.C., Moffett, J.D., Nuseibeh, B.: The effect of trust assumptions on the elaboration of security requirements. In: Proceedings of RE 2004, pp. 102–111 (2004)Google Scholar
  10. 10.
    Wirtz, R., Heisel, M., Meis, R., Omerovic, A., Stølen, K.: Problem-based elicitation of security requirements - the ProCOR method. In: Proceedings of ENASE 2018, pp. 26–38. SciTePress (2018)Google Scholar
  11. 11.
    Lund, M., Solhaug, B., Stolen, K.: Model-Driven Risk Analysis – The CORAS Approach. Springer, Heidelberg (2011). Scholar
  12. 12.
    RestAssured Consortium: Deliverable D8.1: First Validation Plan (2017).
  13. 13.
    Bleistein, S., Cox, K., Verner, J.: Requirements engineering for e-business systems: integrating Jackson problem diagrams with goal modelling and BPM. In: Proceedings of APSEC 2004, pp. 410–417. IEEE Computer Society (2004)Google Scholar
  14. 14.
    Mohammadi, N.G., Alebrahim, A., Weyer, T., Heisel, M., Pohl, K.: A framework for combining problem frames and goal models to support context analysis during requirements engineering. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES 2013. LNCS, vol. 8127, pp. 272–288. Springer, Heidelberg (2013). Scholar
  15. 15.
    Dao, T., Lee, H., Kang, K.: Problem frames-based approach to achieving quality attributes in software product line engineering. In: Proceedings of SPLC 2011, pp. 175–180. IEEE Computer Society (2011)Google Scholar
  16. 16.
    Han, D., Xing, J., Yang, Q., Li, J., Zhang, X., Chen, Y.: Integrating goal models and problem frames for requirements analysis of self-adaptive CPS. In: Proceedings of COMPSAC 2017, pp. 529–535. IEEE Computer Society (2017)Google Scholar
  17. 17.
    Elahi, G., Yu, E.: Trust trade-off analysis for security requirements engineering. In: Proceedings of RE 2009, pp. 243–248 (2009)Google Scholar
  18. 18.
    Giorgini, P., Mouratidis, H.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(2), 285–309 (2007)CrossRefGoogle Scholar
  19. 19.
    Meland, P., Paja, E., Gjære, E., Paul, S., Dalpiaz, F., Giorgini, P.: Threat analysis in goal-oriented security requirements modelling. Int. J. Secur. Softw. Eng. 5(2), 1–19 (2014)CrossRefGoogle Scholar
  20. 20.
    Faßbender, S., Heisel, M., Meis, R.: Functional requirements under security PresSuRE. In: Proceedings of ICSOFT-PT 2014, pp. 5–16 (2014)Google Scholar
  21. 21.
    Lin, L., Nuseibeh, B., Ince, D.C., Jackson, M., Moffett, J.D.: Analysing security threats and vulnerabilities using abuse frames. Technical Report No. 2003/10, October 2003, The Open University, United Kingdom (2003)Google Scholar
  22. 22.
    Haley, C., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Nelufar Ulfat-Bunyadi
    • 1
    Email author
  • Nazila Gol Mohammadi
    • 1
  • Roman Wirtz
    • 1
  • Maritta Heisel
    • 1
  1. 1.University of Duisburg-EssenDuisburgGermany

Personalised recommendations