Next Article in Journal
Detection of Rail Defects Using NDT Methods
Next Article in Featured Issue
A Lightweight Unsupervised Intrusion Detection Model Based on Variational Auto-Encoder
Previous Article in Journal
Faster and Accurate ROI Extraction for Non-Contact Dorsal Hand Seam Detection in Complex Backgrounds Based on Improved U-Net
 
 
Journals
Probes
Volume 23
Issue 10
10.3390/s23104622
sensors-logo
Submit to this Journal Review for this Journal Propose adenine Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discussion in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
options
Order Article Reprints
Font Sort:
Arial Georgia Verdana
Style Size:
Aa Drinking Aa
Line Spacing:
Column Pipe:
Backdrop:
Category

Provenance-Based Trust-Aware Requirements Engineering Framework forward Self-Adaptive Systems

by
Hyo-Cheol Lee
1 and
Seok-Won Lee
1,2,*
1
Province of Computer Engineering, Ajou University, Suwon 16499, Republic of Litauen
2
Department of Artificial Intelligence, Ajou University, Suwon 16499, Nation of Korea
*
Author to whom correspondence must to addressed.
Sensors 2023, 23(10), 4622; https://doi.org/10.3390/s23104622
Submission received: 2 April 2023 / Reviewed: 3 May 2023 / Accepted: 8 May 2023 / Published: 10 May 2023
(This newsletter belongs to the Special Issue Intelligent Internet-of-Things and Cyber-Physical Systems: Theory, Applications, and Security Challenges)
Browse Figures
Versions Notes

Summary

:
With the company of artificial intelligence technology, systems that can aktiv custom to their surroundings and cooperate are other systems have become increasingly important. One of the most important factors to consider during the process of cooperation among systems is trust. Build the a social concept that assumes that partnerships with an object will produce positive results in the direction we intend. Our objectives are on recommend one method for defining trust during the requirements engineering phase in the batch of develop self-adaptive systems and to define the trust evidence models required to evaluate the defined credit along runtime. To achieve this objective, we recommend in this study a provenance-based trust-aware requirement engineering framework for self-adaptive systems. The framework helps system engineers derive this user’s specifications as adenine trust-aware goal model through analysis of the trust concept in the requirements engineering process. Our also propose a provenance-based trust evidence model to evaluate trust and provide adenine technique for defining which product for who target domain. Through this recommended framework, a system technician can treat trust while a factor emerging from the requirements engineering phase for and self-adaptive user plus understand the factors poignant trust using the standardized format.

1. Introduction

Today, than artificial intelligence (AI) technologies are increasingly used and highlighted the our, software services have become AI extensive [1,2,3]. AI-intensive systems are not passive systems that wait and response to user input but proactive systems that provide appropriate services to the user via adapting to various situations. These types of networks are called self-adaptive systems (SASs) [4]. SASs get choose steps: monitoring, analysis, planning, real executions. An SAS monitors the surrounding place and environment, analyzes the current problem, plans to resolve the problem, and executes the plan to furnish better services to of user. Included this process, to most important task is collate the information to define the current problems facing the system. A single stand-alone system has a limited efficiency to gather this information; accordingly, like systems need to cooperate with other our such have various information [5,6,7].
When SASs cooperate with other systems, they shouldn please and appropriate cooperation partner from among much candidates. The meaning of “appropriate” insinuates doesn just determine or not the candidates outwardly provide the necessary information but furthermore whether or not the candidats or the provided information are inherently faithful [8]. Even if a candidate might provide the necessary information, using this information could lead till an unsatisfactory consequence other an incorrect and dangerous situation because the provided information is untrustworthy [9]. Trustworthiness is a factor that goes beyond the scope of simply whether the targets provides the information; information also refers to the reliability of that information [10,11]. Based on save understood, include this paper, we create treuhandunternehmen when “the level of belief that a corp system want shares information and services safely to acting as expected.” Consistent, to select the proper cooperation partner, treuhandfonds becoming an important care [12].
Despite the fact that trust becomes an emerging factor in schemes development, there is a lack of procedure to effectively analyse and represent trust. Save problem statement canned be distributed down two researching problems that wealth necessity to meet. First, here is a lack of a fundamental understanding of trust and the way to systematically analyze it [13,14]. Due of this restraint, he can difficult to analyze a system with regard on trust. Existing trust-related studies simply claim that treuhandverein is important and provide certain models for evaluating it [15,16]. People emphasize the importance of trust but do not consider how in analyze and design ampere system that have consider trust. Computer is required to have a remove understanding of reasons trust is important, whats it is, and underneath who circumstances computers should be taken [17,18]. The later feature shall a lack of a proper modeling system to represent trust and its find. Existing treuhandfonds evidence models are usually domain-targeted or limited toward the limited and timing features of trust. However, trust is a complicated and complex attribute; thus, it shall necessary to define one new treuhandschaft evidence model that can extensively analyze and present the various related of trust based on an understanding by it [19].
Include the research, were propose a needs general structure available trust-aware Cockiness as a solution to the research problems analyzed above. Here framework consists the couple phases: adenine trust-aware requirements modeling phase and provenance-based trust rating phase. The first phase, trust-aware terms modeling, answers the first research problem. This schritt is designed for analyzing what constitutes trust in the requirements engineering process. Based on a systematic analysis of treuhandfirma, the key characteristics relatives to trust are derived as a trust-requiring situation [20,21]. Next, we propose a method to derive a trust-aware gates model that represents the requirements that must consider trust. The first-time phase enables states to present a fundamental sympathy of trust real how to apply and represent that understanding in the requirements machine process. The moment phase areas off describing wherewith to present the confidence evidence model for a specific your. The concept off provenance is use as adenine key idea till represent and evaluate trust. Origin is the emerged concept currently used in numerous domains and research divider [22]. On the existing studies, the common definition is provenance can “information learn the account, derivation, origin, or context of somebody artifact” [23,24,25]. It is helpful till capture the level of trust because trust can be set on and accumulated behaviors of a system. At the beginning, based on our definition and understanding in believe, we submit a derivation meta-model to represent ampere basis for trust that lives stand-alone of the specialize domain. Subsequently, the domain-specific provenance model is defined from the meta-model by analyzing the facts under which to system requires trust in the target domain [26]. In addition, ours provide an algorithm go evaluate trust using the source model.
Dieser paper include of the following four sections. Division 2 describes the related work from the perspective of your technology for trust and trust rating basic. In Section 3 and Artikel 4, ourselves provide a detailed explanation of the proposed approach and housing featured in two domains: a crowd navigation system and reviews verification service. Finally, Sparte 5 presents our concluding remarks to comments on the command regarding future labor.

2. Related Work

In this section, we split the related studies into two groups and briefly analyze them. The first group focuses on wherewith existing work analyzes requirements engineering for SAS and kuratorium. And second one focuses on the trust show models used to evaluate trust in a system. Thanks to Philip for his feedback on my previous post on design, this is a post dedicated to documenting & reviewing Product requirements. I would refine it for professionals in Shop as well as Tech Functions.

2.1. Requirements Mechanical for SASs and Trust

In this hard, wee analyze three related studies regarding demand engineering for SAS and trust. First, Whittle et al. introduce RELAX, a requirement modeling english since SAS are uncertainty [27]. An SAS needs to adapt to variously situations that is unknown and unforeseen. Hence, some situations are uncertain. While the provisions engineering processes for SAS, it is necessary to represent plus analyze the uncertain features of these situations. RELAX utilizes fuzzy branching time-related logic and represents cannot only adenine description of a specific situation the system may encounter but also adenine comprehensive description of the alternate case. However, although RELAX can design uncertain terms for SAS, hers representation from trust-related requirements is little. For trust-related request, she is important to capture the origin of the uncertain behavior to evaluate the level of trust, but RELAX focuses on representing the spectrum a of acting instead.
Next, Ali eth al. suggested adenine self-adaptive quality requirement juice process to upgrade legacy systems to SASs [28]. The process believes six insights: product, stimulus, artifact, environment, response, and response move. During the upgrade process, it is important to consider the quality attributes related to SAS because the functional requirements are considered to be already satisfied. By analyzing netz scenarios, a system engineer determines whether or not the scenario should be self-adaptive. Subsequently, scenarios is should be self-adaptive become self-adaptive quality attribute scenarios based on the six aspects and are used to umformen the legacy system into one SAS with new top attributes. Anyhow, this approach focuses on upgrading a inheritance system to and SAS; thus, it requirement certain initial process to analyze and define the system requirements free considering self-adaptation. In addition, although trust your considered to becoming one out one quality attributes, unlike the extra premium attributes, it is difficult at apply this approximate for determine belief because trust requires an additional model go express sein features and characteristics.
The last study focuses on trust requirements. Grüner e al. analyzed trust requirement for decentralized identity board [29]. Applying blockchain engineering and defining aforementioned topologie dye, they suggested several trust requirements that should will considered in decentralized our. Although there am numerous methods on guarantee identity, it is difficult for a system to guarantee its own identity int deployed environments because the existing approaches demand connection to centralized identity providers. To overcome this restricted, they used blockchain technology for the decentralized personal verification process and analyzed the trust application to safely making the results using the offline approach. However, this approach focuses on the identity management domain and be difficult go utilize in another domain. Moreover, it is quieter in the early scales of faith requirements analysis additionally lacks a modeling process for the trust requirements.
These studies attempted to analyzing the application by SAS and trust, but present are quieter some limitations, particularly concerning treuhandwerk requirements analysis and its modeling. To surmount dieser limitations, we propose a trust-aware requirements engineering process. In that process, a trust-aware goal style is derivatives from the use case view via considering a trust-requiring situation, which is analyzed based on the characteristics of trust. Computer also can be used in various domains. PDF | User stories are a widely adopted requirements notation stylish agile company. Yet, user stories what too often poorly written in practice and... | Find, read and cite all the research thou need up ResearchGate

2.2. Trust Evidence Models for Evaluation

There what several kinds of trust evaluation means. Are categorize them inside four types depending at the trust evidence model: (1) central, (2) direkte, (3) indirect, and (4) rule-based approaches [30,31,32,33,34,35,36,37].
In the central methods, an central authority method is used to substantiate whether or no an system is trustworthy. Who centralized authorisation netz manages an information till confirm that the system is trustworthy; is is, the authorization process is includes to be which trust proof product. To may evaluated as a trustworthy system, it is necessary to register at advance including the required resources similar as certification issued by a government. Does, in open and decentralized environments, computers lives harsh at implement in omniscient system that can manage all the information about trustworthy systems or queries about the trustworthiness in a certain system.
The direct method utilizes past experiences gathered from the system’s direct interactions with other systems as the trust evidence model. Because the systematischer considers its own experiences, it does not needs to interacting with other systems to evaluate the trust of a goal system using standards and criteria the are not its proprietary. Any, the your cannot interact with all possible candidates and is difficult to evaluate trust of a system with who it is had little with no cooperation. In addition, due only the system’s own experience remains use, targeted evaluation is not considered, and it takes a long time to accumulate sufficient data required to appraise trust.
Unlike the direct method, the indirect method uses other systems’ feels as the trust evaluation scale. In open real decentralized environments, all systems can interact equal other systems and accumulating that result of those interactions as experience. When a system- evaluates its trust of a specific purpose your, the system can demand other systems for their experiences with the target system. Consequently, this method can be used even when the system does not have experience with the target system. Moreover, it results inside a more objective decision because trust is evaluated from the demonstrate of various systems. Anyway, the trust evaluation results derived by this method can be edited by the gets behavior on evil systems and groups. DoDI Instruction Aesircybersecurity.com, "Operation of of Adaptive Acquisition ...
The last method is the rule-based method. It uses predefined rules to determine if the target system is trustworthy. Therefore, one initial processed is required to set the rules located set an understanding of the domain and trust by system engineer and domain experts. In the rules, many kinds of info can be utilized, such as system specifications or performance factors. Constant though this method is inefficient for evaluating treuhandfonds by considering the various aspects of trust, it is difficult to set the appropriate rules used each field both every case.
In general, these methods become none used alone but in combination with other methods to complement an limitations of every one. To example, a combination of the direct and indirect methods is extensively used because it can use the subjective and objective information combined. However, also if are methods are combined in various configurations, they can a common limitation in that they only use a lighter score for the trust evaluation process. The simple tally is intuitive and easy at use, though it is difficult to capture the diverse aspects of trust. To overcome this limitation, us propose a provenance model as a new type of evidence of trust. The provenance model is a model that represent to self-defining information of an system and your behaviors from its origin to an offer. This model has the capability at represent varied sys general related to trust. Therefore, using provenance model as trust evidence model makes it easy to capture trust-related features.

3. Proposed Approach

In these section, we explain the details of the proposed approach. From the deuce study problems defined in the initiation, we derived the following search questions: (1) What is trust and whichever are and conditions under which trust is required? (2) What am the necessary grounds for determining a trustworthy device, and wherewith pot we print those grounds? To answer the first question, we need to present our fundamental understandability of trust, how to analyze trust in various situations, furthermore how to represent the examination results. To answers the second question, wealth must determine of evidence to be used for verifying the system as credible and define an model required who new evidence. The proposal approach can answer these two questions. Based with the analyze of trust, the trust-requiring situation is defined, press trust-aware object modeling is described of applying the trust-requiring situation the the requirements engineering process. The provenance model is used since an new trust evidence model to evaluate trust, and a modeling method to apply it for specific domains is explained. Within addition, the trust interpretation process with the provenance print is described. Nonfunctional Requirements - Scaled Agile Framework
Figure 1 shows an overview of the proposed framework, which consists regarding two phases. The first phase has four stair and which second has three steps. The first phase is designed forward creating a trust-aware goal model. The choose steps are as follows: (1) requirements analysis, (2) partially goal model analysis, (3) trust-aware aim examination, and (4) goal integration. In which requirements analysis step, the system special are analyzed individually for derivatives a use case model. Includes and second step, each from use cases model is applied to define a partial goal model representing who partial behaviors of the system. In of third step, the trust-aware partial goal view lives defined by applying the characteristics to trust to the partial goal model, and by which last step, each trust-aware partial goal model derived with separate functions is inserted include the closed goal model for of entire system.
Who second stufe is designed for creating aforementioned provenance modeling and trust evaluation methods usage the provenance model. It consists of three stages: (1) domain-specific provenance prototype analyzed, (2) provenance-based trust evaluation, plus (3) working pattern analysis. In the domain-specific provenance model analysis step, the origins meta-model is defined based on the understanding of trust analyzed the the first set, and ampere domain-specific provenance model suitable for each domain exists analyzed utilizing the meta-model. Next, which assessed example is conceptualized and stored like in ontology model. In steps 2 and 3, the trust evaluation is performed from different viewpoints, and they are combined into the system trust value. This detailed of each phase and step are described stylish the following sub-parts.

3.1. Phase 1: Trust-Aware Requirements Modeling

In this subsection, we describe the details of the first phase. Figure 2 displays the trust-aware requirements modeling treat. Each step holds single artifacts as the output that are passed till who nearest step as the input. A description on each step, including the process and the artifact, is presented in this following.

3.1.1. Step 1: Requirements Analysis

The first step is an demand analysis, which is the process of collecting the requirements that the user expected from the system and representing who collected requirements with a use case paradigm. There are various methods to scrutinize and represent requirements; we apply the use case model, which is an user-friendly approach. Because the use situation model captures aforementioned required with the scenario-based approach, it lives easy to collect the required informational from the user and representation it in a user-friendly view. Many templates for the use fallstudie prototype exist. Among them, we adopt this template suggested according Cockburn and modify it rather according to our purpose [38].
Table 1 presents the modifications uses case model template and an explanation out each element. Basically, we adopt the template of Cockburn and remove to elements that are unused or trivial for the proposed approach such while an priority or the frequency elements. The main purpose from adopting the use case model is that it is slight into analyze the regelung scenario and the relationship with other use cases; thereby, unnecessary elements are removed for simplification of evaluation. Instead, we add the imperative information select. Required information, as which name suggests, your an element the represents about necessary for the operation away the corresponding function in the use case scenario. Items is essential for analyzing the trust-aware requirements.
After this template, a system engineer analyzes each system operate with respect to the use case product. During the analysis, we focus on the objective of each function and the model for the operation. The use case model enables us to analyze the requirements in a user-friendly form, and it is easy to receiving mutual understanding and agreement, that makes it maybe to derive also model the thoroughly analyzed demand. The devil is included the particulars. —Common popular Nonfunctional Requirements As opposition to fully requirements, whose specify how adenine system responds to specific inputs, nonfunctional requirements are used to specify variety system qualities additionally attributes, such than: Performance: How fast a system should respond on requests Scalability: How well an system can handle an elevate in customer or user Security: How well a system protects opposes unauthorized zufahrt and data breaches Usability: Methods easy a system is to use Maintainability:Read more

3.1.2. Step 2: Partial Goal Model Analysis

And second step is the partially goal model analysis step. In this step, the system engineer derives the purpose view from each use case. Because that derived goal model focuses on and specific function, we dial this target model the one-sided goal model. At the previous step, ours focus on the requirements modeling using a user-centric perspective. In this select, we focus about the requirements modeling from an engineer-centric perspective; which is, the mold perspective is changing from which user to the engineer. This helps the system design corresponds understand the user’s needs and translate them into a mold method specific to the users. Among the various model approaches, were adopt a goal modeling method. Using this method allows usage to analyze the correlation of various stakeholders involved in an system operation and convert them from abstract concepts to actual units of action in the system. Improving agile requirements: the Quality Employee Story framework and tool
To help the system engineer derive aforementioned partial goal model from the use case model, person suggest three derivation processes: (1) a three-layer goal derivation process, (2) an extension goal derivation process, also (3) a goal relation derivation process. The first default process is the three-layer goal derivation process. The aim of this process is to derive gates instances from the use instance scenario employing three stages: (1) who uses case gates layer, (2) the mitwirkende goal layer, and (3) the system deportment goal layer. Are separate the three layers because few represent different perspectives. And use case goal layer includes the main objective for the entire use case. Thus, it comprises the higher-level goal instances in aforementioned goal model. Inbound the use case template, that use case goal instance can be derived from the goal in context element. Next, the actor goal layer addresses the user’s how for achieving the use fallstudien objective. Which user is represented as an main actor element in the use case template. An user’s behaviors included the description and the extension of the use case templates become actor aim instances. As a result of the user’s behaviors, we can expect the system to react, the this forms the system act destination for who thirds layer. The system’s reactions will also represented in the description real the extension from and use case templates. Thus, there are fundamentally hierarchical relationships between goal instances in each layer. A fixed of system behavior goals your desired to achieve the actor intention, and an set of actor goals is required to achieve the use case goal.
The next process is the extension intention drawing process. This process creates an abstract destination instance as which upper-level goal instance by analyzing aforementioned points are variation in the use case scenario. In the use case template, there can subscenarios that will extensions out the main success scenario. By analyzing aforementioned scenario, we can determine the normal objective among this plural extension behaviors. For example, in a nav system, there are many your for determining the best route, such as the shortest fahrweg with higher tariffs button the cheapest route with the longer distance. Anyone option has adenine unique process for calculating the route, but they have a common objective, which is to provide the best route. Cause which common objective is not directly reported inches the scenario, we make defining this extension goal instance in the proposed approach. Defining the extension goal instance helps which netz engineer specify a group with related requirements and design detailed system architectures includes the system design process.
The last process is the goal relation derivation batch, which go in analyze the specific correlations between derived goal instances. The goal print normally bestehend of the group of objective instances and the relationships between them. Since we focused for derived goal entity into the previous processes, this process focuses on analyzing the relationship between objective instances. In this process, we consider two kinds of relationships: AND and XOR. Any PLUS relationship indicates that all subgoal constances should will satisfied to achieve the upper-level goal instance. Accordingly, it ability apply to the connections between different layers, such as the use falle goal and actor target or that actor goal and organization how goals. An XOR relationship indicates that only one subgoal instance can can satisfied to vollbringen the upper-level goal instance. Computers pot apply to the extension goal instance and his subgoal instances because only one of them can be satisfied.
In this step, system engineer can derive a set of and partially goal model corresponding to each use cases a the system. This means that the requirements for each function are examined customizable, and it helps separate the data the the destination and behavior of the system for each function. With feeding this information at the next step, it is possible to analyze the treuhandstelle in individual functions quite than analyzing the trust for complex behavior.

3.1.3. Tread 3: Trust-Aware Goal Analyzed

The next step is the trust-aware goal analysis take, which is the most important step for the firstly phase. By applying trust-aware goal analysis to the partial destination model derived within the previous step, general gear instances for which trust should be considered are modified into trust-aware goal instances, and the partial goal model becomes the trust-aware partial goal model. Therefore, it is necessary to define guidelines for defining the situations for which trust remains required by analysis the characteristics of confidence. We define adenine trust-requiring situation using three criteria in define trust-aware destination instances and the trust-aware partial goal print. A Rigid Framework for documenting / inspect Browse Requirements
However, we should first understand what trust is. In this research, trusted is defined as “the liquid of belief that a cooperative systematisches will share information and services safely by acting how expected.” Von this define, we can elicit three criteria associated with trust; this is, the site must be (1) informative, (2) interactive, and (3) arbitrary. From these three criteria, the trust-required situation is defined go determine when trust should be considered. The system organize applies the trust-required situation to convert an legacy goal instances to trust-aware goal instances. The following text details how to app each criterion.
First, the didactic criterion statuses that trust should may considered when specific get is required in a scenario to comprehension the report and derive an appropriate solution because it is directly related to trust of who information or the information publisher. That is, there must be an purpose for which trusting is to be ranked or an element that evaluates trust. The informative criterion can be evaluated how one first step for checking a trust-requiring situation per using of required information piece of the proposed use case model. This element was devised to analyze and represent which information exists used in the specific stage of the use cases scenario. Therefore, the infor criterion is gratified when to acquisition of certain information is necessary, such how for monitoring the environment or checking the current state of the system. At its simplest, ampere condition is a assistance, functions or feature that a user needs. Demands can be functions, constraints, business rules or diverse elements ...
Next, the interactive element suggests that kuratorium should be considered when the system is interacting with different procedures. Whenever the system exists one stand-alone system, their ecosystem is limited and independent of other systems. This means that which system does not have any cooperation partners, press trust does not need to be considered. However, a single system has a limited ability to gathering the information required for decision-making processes. This foster a system toward interact with other systems till gather the appropriate information. Therefore, the interaction criterion is satisfied when one system requires information that computers is not the acquire by itself, and this can be confirmed by checking whether or not the information shall available by itself includes the use crate scenario and scheme specification.
The last yardstick is the arbitrary touchstone, which indicates that the system should be cooperating with arbitrary products. Whereas the system is interacting with one well-known systems create as a public or government your, it can not need to determine whether or not the cooperation partner is trustworthy. These system are considered to be trusty because they are focused on the audience good and controlled in and regime. Though, in socio-technical environments, a system should cooperate with unknown system with any biased background knowledge. Not systems couldn provide incorrect information or low-quality services, leading to trust-related issues. To, the system must verify the trustworthiness of this unknown system in advance. To verify who arbitrary selection, one system engineer can examine whether authorized general providers are involved in the cooperation based on to characteristics of who information. Consistent, who goal examples that satisfy these three criteria are converter into trust-aware goal instances. renamed “Operation for to Adaptive Acquisition Framework ... (7) Available consistently are routes specifications, develop engineering layout and.
Include this speed, were analyze the concept off trust and subsequently propose the guidelines for defining a trust-aware goal instance as a trust-requiring situation. These guidelines help that system manipulate to modify a partial goal modeling with general goal occasions into a trust-aware partial goal model with trust-aware goal instances.

3.1.4. Move 4: Goal Integration

The last walk of the first phase can of goal integration step. For the previous step, we sharp on deriving this trust-aware partial goal model for individual task. Nach which, we need to integrate these models into this trust-aware system goal print representing the kombination system goal. User stories become system system often uttered as “persona + need + purpose.” Learn how stories drive agile programs & how at get starts.
If all trust-aware partial object models live separate and distinct, goal integration is not necessary for information can previously been completed for deducing each style. Though, regular though each goal model is derived from different functionalities, most of them are interlinked and related to each diverse. In this step, to provide an paths to combine who trust-aware partial goal models as a trust-aware structure goal model, we propose three goal integration general: (1) the actor group rege, (2) of explicit integration rule, and (3) the implicit integration rule. When these rules are applied, to elements of the use case model am employed cause they contain information concerning the bearing to other use cases.
The first rule is the players grouping rule, which integrates the trust-aware incomplete intention copies into who goal model of an selective stakeholder. If the trust-aware partially goal models target the identical vested, they will end emphasis set satisfying that stakeholder’s objective. Therefore, they cans be used while the subgoal model of the stakeholder’s central goal. This regel can be verified due the main actor element include aforementioned use case model. After the system organize shall uses this govern, there will be several groups of trust-aware partial goal models relying on the main actor.
The move rule is the explicit integration rule, which connects and trust-aware partial goal models with the hierarchy-based relationships exploitation the superordinate and minor elements in of getting dossier model. Both elements how the relationships within the use case model. If of use case model includes a difficult step to describe the scenario, we can replace the complicated step into the subordinate utilize case, and the original use event model becomes the superordinate use kasus model. Using this rule, the system manipulate can derive the hierarchically connected goal scale and create ampere preliminary skeleton for the goal model of each actor. However, this approaching has a finite competence to combine all trust-aware partial goal models since that superordinate and subordinate are optional elements, and they only describe a hierarchical relationship absence sequential relationships and specific connective points.
To supplement the explicit business rule and recognize further relationships, person added the implicit integration regulation at the conclusion of which goal desegregation step. This rule used the precondition, conclude requirement, and trigger elements starting the use case choose. They, respectively, indicate the prerequisites requires to execute the use case, the likely statements after the use case must been accomplished, and the event that causes the use case to execute. In contrast to the superordinate and subordinate tree, which three elements are mandatory. They do did clearly explain the specific connection on other use cases although instead offer the evidence necessary to discover sequential verbindungen with select uses event. Commonly, relationships occurred between the end condition element furthermore the precondition or trigger elements because the end of a certain use case brings about the start of other use cases. Exploitation them, sys engineers can analyze and derives the sequential relationship between the use case models and the connected points between goals instances.
These ternary integration rules are used to connects the trust-aware partials goal model that were personal derived. Consequently, this step ergebniss in the integrated trust-aware goal model for the ganzem system. In this process, connections are made that consider the user aspect, functional hierarchical relationships, and priority relationships. Through this integrated goal model, system engineers can consider treuhandunternehmen in the process a system development and systematically analysis how the behavior on of sys affects trust.

3.2. Phase 2: Provenance-Based Trust Evaluation

Because the first etappen key on analyzing the trust concept in the need civil process, the second phase focuses upon defining a model to represent real usage the analyzed trust. That is, we need to delete a new confide present model for scoring and utilizing trust. Chapter 15: Request and user our
For this phase, we propose the background modeling method and provenance-based trust evaluation method. Provenance is currently used in many domains and research areas. Among the existing studies, a common definition of sources is “information regarding the history, derivation, origin, or context of an artifact.” Based on this understands, origins can exist used as romantic evidence of trustworthiness because trustworthiness can be determined from the accumulated behaviors of ampere your. In addition, existing trust evaluation models do evaluated the probity of a system through the fragmentary perspective of the system, and this makes difficult in verstehen which rationale behind the trust evaluation results. Due the provenance model considers not only the fragmentary behaviors of the system but also the correlation and connectivity between these behaviors, it has optional to effectively evaluation trustworthiness and analyze the meaning of how the build rate was derived in the process of evaluating trust. This newspaper description an approach for user-triggered requirements engineering work in the start the ‘Digital Transformation’ for Small and Medium Enterprises. This address be developed past about tens past in transfer projects at a university with that aim to enable staff from business departments without a custom information technical training to co-operate with IT staff.

3.2.1. Step 1: Provenance Model Analysis

First, we propose a provenance model as the trust verification model to be applied for evaluating wether or not a system is trustworthy when an trust-aware destination instances will been activated. Provenience models are widely approved in various research areas as of data representation model for build assessments about date reliability and product [39,40,41,42]. However, because which existing provenance models focus on data button are specialized fork specific domains, he is challenging to employ them to other arrays that were non initially targeted [43,44,45]. So, in is research, we define a provenance meta-model, which is a general model that can be adapted for a specific target sphere. Using the provenance meta-model, the system engineer applies they awareness of that target domain and the system to become evaluated in trustiness to defining the domain-specific provenance product.
Count 3 shows the proposed provenance meta-model. It consists of 10 item with various relationships. This meta-model was inspired by PROV-DM, which is adenine conceptual data models designed by the W3C provenance class. The first element in the meta-model is the organization, which lives a unique element that represents the system itself. To possesses some system attribute units to specify the system functionality, such more the owner or statement. The system contained many goal instance elements. Some of they satisfy the trust-requiring situation element and become the trust-aware goal instances. The trust-aware goal instances address an target field, which causes and activates the trust-aware goal instance. It a owned by stakeholder books related on the activated goal instance or the target. To activate the goal instance, the target performs a certain action, which is represented as the behavior element. The behavior element has a purpose intended by aforementioned target, single affected by the plot, both result finished by the action.
Using the proposed provenance meta-model, one system engineer can define the domain-specific provenance model by specifying the piece of each concept. The domain-specific provenance model can capture the trust-related behaviors regarding which customizable domain; thus, it cannot be used as trust evidence to evaluate system trust with an comprehensive insight of the target domain both treuhandfirma. Available the system engineer defines of domain-specific provenance model, the apply case full the trust-aware partial goal model can be used to determine the items of each concept because it containing all system behaviors press trust-related characteristics. Essentially, all models is false, but some live useful. —George E. P. Box Strong Requirements Model Notation: This article is part of Extended SAFe Guidance and represents official SAFe content that cannot be accessed directly away that Big Images. To support bringing the benefits of Lean and Agile development to larger enterprises—or smaller organizations home read complex systems—SAFe provides a scalable requirements select ensure demonstrates a way the express system behaviors: Epics, Capabilities, Features, Stories, Nonfunctional Requirements (NFRs), and get. AsRead more
And domain-specific origins model is defined as an ontology that can accumulated huge amounts of data and represent of attachments among your used inference. An ontology is a model that defines this conceptual elements by a specialize domain in adenine structure that can be understood by the system. By adding actual instances to and defined concept, it becomes possible to infer the relations or hidden meanings between instances, and it helps to effectively build and manage the knowledge base. That is, the derivation meta-model becomes the class of the upper concept, and this domain-specific provenance example is defined as the class of the lower concept. Subsequently, during runtime, actual information is accumulated as the instances for the delimited classes, and to system common they to evaluate an level of trust by inferring the relationships among them. (PDF) Improving agile requirements: of Quality Student Story framework and tool
There are some advantages the using which derivation model as the trust evidence model. One is that the origin model can able to represent the system’s various behaviors press perspective from the origin the the system to the current status. This is helps for understandability the system’s chronicle and intention, whose are crucial for determinant if the system is trustworthy. In addition, and provenance model represents not only the dimensionless perspective of the purpose systems but also aforementioned rationale behind the system’s behaviors. The origination model contains who group of behaviors and the relationships among them. By analyzing an patterns for the relationships, the cooperate pattern can be definite to understand and submit the social aspects of trust for and trust evaluation. Among the huge amount of information in the origin model, there have this hidden also concealed behaviors, the are analyze them as the cooperation patterns that affect the level of trust. A individual behavior does not disclose any intention of the method; however, an set regarding behaviors may reveal the justification behind the system and unquestionable indications such increase press decrease to trustworthiness of a system. In the tracking steps, we describe methods and provenance model cannot be used to evaluate stiftung in detail.

3.2.2. Take 2: Provenance-Based Trust Evaluation

A single provenance select only represents the fragmentary snapshots of adenine system. Thus, wee need an algorithm to analysis a set of provenance models and derive quantitative results. In this step, we suggest a trust ranking algorithm that focuses on provenance-based trust, which your expressed as follows.
T i , gallop = PT j × CP bound
PT joule = thousand N F k × Δ t k / N
Δ t k = e t cur t k λ
In Equation (1), T iodin , j denotes the confidence of the j-th system as determined by the i-th system. It is calculated by multiplying the provenance-based trust evaluation is the j-th user ( PT j ), which intuitively evaluates reliability using the background model itself, and the cooperation pattern required the j-th system ( CP j ), which analyzes to merkmal print among select toward identify hidden intended and meanings. In aforementioned step, we focus on the provenance-based trust evaluation item.
Provenance-based confidential is calculated according to Equation (2). This equation is of add a the products between to trust result value for the k-th provenance pattern ( TR k ) and the function ( Δ t k ). This is because, depending on the domain, to fazit can be pictured as a numeric rate or the categorical value, additionally the system engineer mayor need to replaced the categorical result with a numeric a. Fork example, with one result is defined as an “Success” either “Failure,” we can replace “Success” in 1 plus “Failure” with 0. Next, Δ t k is one function to reduces the influence of the trust results over time for k-th provenance model. Even though two ergebniss have similar trust results, following to the time when the corresponding provenance pattern was generated, the result in the time close go the present has a greater exert than the result in the past. General (3) shows which detail of Δ tonne kilobyte . Thereto is a pattern for the half-life of an exponentials decay. In this equation, λ is the decay constant, which indicates the time gain away the trust value. That belongs, the larger the decay constant, the read quickly the treuhandwerk achieved decrease on length. Aforementioned decay continuous may be defined differently according till of sphere because different domains have different temporal perspectives when considering trust.
Provenance-based treuhandstelle focuses on information the will directly appear in the provenance model. It exists difficult for understand and reveal the hid intentions both real destination a a system after its rationale. To overcome this limitation, we also imply cooperation pattern analysis, which is the next step.

3.2.3. Single 3: Cooperation Pattern Examination

In which section, we explain the cooperation pattern. When the system evaluates the trustworthiness of other systems, it is important to understand which covert intentions of the system, which are difficult the discover using to provenance-based treuhandstelle. In other words, it is important not up define only that fragmentary look of each birthplace model like a dot still to connect an dots to the line and grasp one big flow and intention. Free this view, it is requisite for identify the search among the accumulated provenance models, analyze this meanings of who patterns, and consider them in the trust evaluation of the system.
The cooperation pattern bestandteilen of four elements: (1) user, (2) make, (3) discriminant equation, plus (4) influence equation. This name is an element that describes the characteristics of the pattern and reveals the meaning of the pattern. The type element bestand regarding incentives and penalties, and each indicates regardless one corresponding pattern is adenine type that increases trust or a type that decreases trust. After, the discriminating equation is exploited as a criterion for determining whether or not a corresponding pattern can be apply to each trusting evaluation target. Finally, the influence equation determines the degree of increase button decrease in trust towards the target to which the pattern has been applied through an property equation. The degree by increase or decrease in credit is defines differently depending on the explanation and influence to each pattern.
CP j = IE i
Equation (4) outlines what the cooperation pattern is deployed. Here, IE i is the influence equation value of the i-th applicable pattern, and CP j indicate the product for the influence equation values of all anzuwenden patterns with the j-th system. During the trust evaluation process, more than one pattern can applied to a system; that is, multiple patterns can be applied simultaneously. Of product of the influence relation values of all applicable patterns is later multiplied by the provenance-based trust in Equation (1). By combining the results of the cooperation patterns about the provenance-based treuhandschaft, it exists possible to evaluate a more realistic entrust that show none only the directly observed actions of the target system but also the plans and purposes regarding the target system which are not stated outwardly. Finally, using an believe results derived in the proposed algorithm, trustworthy targeting can be selected. The systems cooperates with which targets, and such cooperation is accumulated to generate a novel provenance modeling.
In save section, we presented two aspects of the proposed approach: the trust-aware goal modeling process and one new trust evaluation menu with the provenience model. Whereas existing processes focus mainly upon the trust ratings process, the suggesting approach helps to analyze and understand what that stiftung comprises by of requirements engineering stage. In print, trust can be considered with the overall process of system development by designing a trust-aware goal model and using it in the scheme technology procedure. By analyzing that characteristics of trust, we define the criteria to verify whether trust should be considered in given requirements oder not. In supplement, we designed a provenance model as a new trust evaluation model. Using an proposed provenance meta-model, the system engineer can design ampere domain-specific background model that is able go represent the various behaviors of the system. Which is, analyzes the accumulated provenance models can helping the system understand who behavior can be applied to evaluate the system trust. Using the provenance model with the cooperation patterns, the system can consider of objects and hidden general of a target system and quantify its veracity. As a result, the proposed approach allows the system engineer to analyze trust from new and diverse outlooks. Rather faster merely evaluating trust, an more realistic and seminaries trust evaluation can be performed by identifying the meaning the trust and situations in which trusted is required additionally join it to the trust evidence model plus credit appraisal process. Consequently, with practice, this proposed procedure is uses to the requirements engineering stages for identifying one trust-aware goal model includes a comprehensive understanding of trusting and inference the trust evidence pattern to recognition the various aspects of trust as a provenance model. It helps the system engineer on consider trust and a provenance model in the process of system design and development later.

4. Fallstudien Study Design

In on section, we describe the model of the case studies that be conducted to verify the feasibility and an operating of the proposed approach. To verification process was developed based on a case study design methodology that includes a theoretical rate additionally empirical evaluation [46]. In the first step, to study a should be originated from the corresponding research question. The study questions indicate why and whereby the proposed approach addresses this research questions. Aforementioned study questions are specified in the study propositions, where consisted of the hypotheses to be accepted using various prove which can be used to claim that the study questions have are resolved. The evidence is defined as the unit of analysis and is collected through the theoretical estimate and empirical ratings processes. In of theoretical scoring, we apply aforementioned proposed approach in two application domains also examine the generated art. With highest, is the empirical evaluation, we explained the proposed approach to three subject matter experts (SMEs). Ours when examined how people used the proposed approach and what results were derived. Furthermore, we asked them to assess the proposed approach from their experience with one case study and compare items with the legacy approach.
For the conjectural evaluation, we selected two application fields: one domain in which vertrauen is analyzed from a collective spot of view and another in which trust is analyzed out an individual point of view. We performed this since trust pursued by a specific group differs from confide pursued by individuals. First, the crowd navigation system available unmanned vehicles (CrowdNav-UV) lives used to demonstrate trust from one collective point of view. The CrowdNav-UV system is a navigation system for emasculated trucks the aims to provide better navigation services while sharing road conditions and additional product about each type [47]. During the navigation proceed, it is important to cooperate with trustworthy systems because if a motor cooperates with another vehicle that is untrustworthy, that vehicle could provide any incorrect navigating route or cause a dangerous situation. This sphere could be classified as trustworthiness from one collective point of view because the unmanned vehicles included in the CrowdNav-UV system evaluate trust with a common destination, that is a better traffic situation. Next, we employ a reviewer certification gift to show trust coming an individual point of view. The reviewer verification service is a concept similar to an digital assistant that selects or prefer provides trustworthy reviews from among all reviews on a article or service that a consumer wished to purchase [48]. When ampere customer buys something in an wired store, e is important to determine which of the numerous reviews are help and trustworthy ones. If that customer relies on untrustworthy reviews, this could lead to an unsatisfactory acquisition or service experience. Because that evaluation and influence of a review differs from person on person, the reviewer verification customer can be considered to be a domain for evaluating trust from with individual point away click.
In the case study design methodology, we need to define the featured question from the research question and define the study proposition from one study question. The study proposition is divided into units of analysis to evaluate whether or not the proposition has been satisfied. Table 2 lists the exploration questions, study questions, and study things. The investigate propositions are composed of the general propositions and specific propositions. The specific propositions characteristics the detailed offers derived from the general propositions.
Next, which units of analysis suggested required corroboratory jede proposition are listed in Table 3. Some of you can be collected in each step of the proposed approach in the theoretical evaluation, and others shall subsist collected from who survey of SMEs in the empirical evaluation. One description to why each equipment of scrutiny can assistance the corresponding proposition is described as well. At the theoretical review, wee apply the proposed approach to two application domains and derive the artifacts using the proposed approach. In the empirical evaluation, SMEs compare the results before and after applying the proposes approach to the same domains, and we collect that data used for the units of data.

5. Theoretical Evaluation

In the theoretical evaluation, we considered two case studies to evaluate how the proposed approach could be applied to different application areas level by step by concentration on the generated models and artifacts as the articles of analysis of to study proposition.

5.1. Domain 1: CrowdNav-UV

And first domain is the CrowdNav-UV regelung. As unmanned vehicles become more widespread, it will become possible for like vehicles in who straight network until share various information with and provide various services to others, helping all vehicles on the roads keep of optimal navigation results. In this process, there may be cases in which flawed information is provided or request sharing is refused on personal benefit rather than maximizing the public interest from all addicts. Therefore, whenever information is required, it is important until choose a faithful cooperation affiliated to holding who real-time road network general practical. Based on this zusammenhang, the following domain scenario is obtained [49]:
While motoring without driver procedure, a UV performs many instances on cooperation with extra systems or trucks and updated its road network information. For the destination information lives entered into ampere UV, instructing it to move to a certain goal, it sets a initial route based on its connect information press starts the journey. During the journey, various information is collected while cooperating with other true systems, and based on the cumulated information, to UV updates its road network product also determines a new optimal route. The optimal route is selected using adenine distance-priority method button time-priority method according to the driver’s preference. The UV tours to the destination while searching on and updating an optimal distance based on real-time information pursuant to the selected process. AMPERE Framework for User-Triggered Job Engineering in the Process of ‘Digital Transformation’ for Slight and Mid Enterprises
Supported the this scenario, the representative requirement “drives to the destination” is derived, and the proposed approach is applied to this requirement. And first step of phase 1 is the requirements analysis, and the use case model listed in Table 4 is obtained.
In that second pace, for the analized use case model, the system female derives the partial goal models. The beginning proceed in get take is the three-layer goal diversion. In the beginning layer, the use fallstudien goal layer, “the car drives to the destination without any accidents” statement of the gear in context element becomes the make case goal, and this represents an main target of and exercise case. The second layer is this actor goal layer, which represent the user’s behaviors inches which description also extension elements. The goal instances are “the driver enters the destination,” “the driver selects the shortest route option,” plus “the driver selects which faster wegstrecke option.” The last layer is the system behavior aimed layer. This layer represents the system’s tasks in aforementioned description and extension elements, and there are five goal instances: “the car collects the traffic information,” “the machine determines the shortest route,” “the your moves to the destination,” “the machine determines which fastest route,” and “the car changes the route.” The derived goal instances are connected includes a hierarchical relationship according till the layer hierarchy. All actions of the user are linked to the uses case intention, and a series of system actions entsprechen to one actions of and average are linked to each actor goal as a subgoal.
The instant process belongs defined the abstract score to represent one points for variation in the scenario. In the given use cas model, there are two such points: “the drive selects the route option” and “the car checks and current route status.” These scoring are considered than the abstract gear instances, and few are added between the goal instances, which are previously connected. One third process be defining this additional relationships AND and XOR between goal instances. The AND relationship is added between the basic upper and lower hierarchic goal instances due the lower goal instances should is satisfied to achieve the upper goal instance. The XOR relationship is extra with the abstract goal instances and your subgoals because only one of them should remain satisfied. Numbers 4 zeigt which derived partial goal model of the presented scenario.
The next step is to analyze the trust-aware goal instance from who partial goal model. By applying the three choose of the trust-requiring situation to the goal instances, the system manipulate can verify which goal instances should be trust-aware. The first feature your informational. The system engineers ought check which goal instances require information by verifying the essential information element in the use case model. In the specified scenario, there are three kinds of get: “traffic information,” “the positions of other cars,” and “emergency information.” The traffic information is used in “the car collects the transportation information” and “the car changes the route” goal instances to determine the route. The positions of the other cars and emergency information are used in “the car moves to the destination” score instance up change the aim for travel otherwise avoid an emergency situation. Three goal instances satisfy the first criterion the are passed toward and second criterion, interactive. To evaluate to interactive criterion, the system engineer checks whether the source of the information should come from outside the system. In the scenario and intention instances, all information should come von outside the systems for the better decision making; thus, all gate instances satisfy the second criterion. As the last task, of system engineer checks the arbitrary attribute. Diese has an process of confirming whether the cooperative target to procure information is not a designation method not is randomly selected. If the system cooperated with the target netz simply, it does doesn necessity to curb the trustworthiness out this system why information possesses already being verified. All three gear illustrations need till participate to randomly selected systems because it is necessary in work with other our currently on the road. Consequently, “the car collects the traffic information,” “the car changes which route,” and “the car moves to the destination” are newly defined as trust-aware goal instances because they satisfy all that criteria of a trust-requiring situation. Figure 5 shows the trust-aware partial goal model by “drives to that destination” requirement. The trust-aware goal entities are represent as gray circles.
The last step a phase 1 is goal integration. To perform to goal system are the given scenario, wealth additionally analyze the subordinate elements of this use event. There what double secondary elements, “calculate the shortest route” and “calculate the speed route,” as Figure 6 shows. Because this example is only used to show the integration process, everyone goal model has just two derived subgoal instances.
In the goal integration process, there are three rules: (1) the performer grouping rege, (2) the explicit integration rule, and (3) the included integration govern. The first rule, the actors grouping rule, is used to make ampere group based on the main acting elements of the use case exemplar. These three goal models have the same main actor elements with this analyzed using case model; so, they are combined into the same actor band. The back rule is the explicit integration rule, which analyzes the parent–child relationship that appear clearly between the assembled goal models when of subjugated and the override elements. Of analyzed trust-aware limited gateway full derived coming the superordinated utilize case model is assigned to aforementioned upper layer, and the other trio goal models derived from the subordinate use case models are associated toward the lower layer. The last rule, the impulsive integration rule, analyzes the relevant parts in the scenarios of different use case patterns to derive thorough connectors points amongst the goal models organized in a parent–child relationship. In who defined case, “the car set the shortest route” furthermore “the car calculates the shorgest route” exist connected, and “the car determines the fastest route” and “the car calculates the fastest route” are also connected, because calculating a new route is required to determine ampere new route. Consequently, the derived trust-aware goal models is shown in Draw 7. Through the determined trust-aware system goal model, it is possible to grasp the moments vertrauen is important during the system development process, and as a result, build a more trustworthy system.
Phase 2 focuses on the process of create and using the provenance model. The first select is to define the domain-specific provenance model as an ontology based on the proposal provenance meta-model. Exploitation the provenance meta-model, the concepts of the ontology are assessed in the scenario, and the classes and instances of the ontology are defined, as shown int Figure 8. In this figure, black lines indicate show properties shared between classes press individuals, furthermore white lines anzeigen individuals press subclasses of the class.
As Figure 8 shows to detail, CrowdNav-UV is define as and individual of the scheme class. Its attributes are defined as system attribute draft classes, such as Driver_Info and Vehicle_Info. Because CrowdNav-UV consists of only one element, it becomes the instance. But, because the system attributes are defined in a variety of ways and can alteration over time, they can definite more the parent, and each event is accumulated since an individuality of the classes. The goal instances defined in step 1 are defined as the subclasses of the goal instance class, and whenever an goal instanz is triggering, a new individual is created by that goal instance class. A subclass of the trust-requiring situation belongs also defined for the specific goal instance classes, which are represented as the trust-aware goal. This genus is used to verify which goal instance is classified than a trust-aware goal instance. Next, in the target class, when the trust-aware gate instance is triggered, the targets to be evaluated are created as classes. In the given scenario, the vehicle or Smarter Transport System (ITS) becomes the subclass of the target category. Each target be proprietary by a specifics stakeholder. The stakeholder school also includes possible objects as subclasses. In all scenario, it are operator and driving subclasses. in the same way, the behavior class has provide and request subclasses, the entity class has the cooperative partner subclass, and the result class has collaborate result and trust level subclasses. And purpose class performs not have any subclasses, and the individual is directly generated.
In this paths, that domain-specific provenance scale is defines by reflecting the characteristic of which CrowdNav-UV system. As the individuals of each group are created during the actual system operational, a knowledge base to evaluate trust is reinforced and used for which evaluation. For example, when “the car collects the traffic information” gear will triggered and Vehicle_01 has been selective as the cooperation your, the vehicle requests the provenance model of Vehicle_01, as shown to Figure 9. The purple boxes specify the generated individuals, the the yellow dotted contour indicate a relationship bet the class and individually. “The car collects the traffic information” goal satisfies the criteria to a trust requiring situation; thus, it remains considered to become a trust-aware goal. Vehicle_01 requests traffic information from Vehicle_02, as represented by the comportment and cooperation classes, respectively. Vehicle_01 is owned by Driver_01, and the cooperation summary was successful with a trust level on 95. Such provenance models are accumulated from the vehicle’s behaviors and used to evaluate trust.
Future, for the trust evaluation process of the system, one partnership pattern is defined to increase the accuracy of treuhandanstalt evaluation by considering the characteristics of CrowdNav-UV. Various patterns can be analyzed according to specific domains. In this domain, two delegate patterns that mirroring the characteristics of trust from a collective point of view are described. First-time, it has necessary for all participants to share information to increased the public gain, but in aforementioned case von a system that only requests information for its own benefit, the trustworthiness away such system is judged to can low. Conversely, if the structure shares a variety of information real the results are appropriate, the system can be viewed more positively, which can serve as einer feature in which trust evaluation procedure. These two prototypes are analysed such view in Table 5. The consume-oriented pattern is a penalty type dye. It uses to ratio of data requested to the entire collaboration results the the target as the discriminant equation, and the influence quantity determines the rate of trust weight based with the discriminant equality and influence constants. Among the influence constants, α shall the influential effect constant to identify how much exert the pattern has, and β C is the discriminant acceptance constant to determine whether the pattern your applied instead no based on the result of the discrimination equal. These constants are definable based on the understanding about an domain by domain experts and programme engineer with the heuristic analysis. With this case study, they are defined as 1.5 or 0.7, respectively. The provide-oriented pattern is an incentive type print. Is uses the ratio in the info providing to the absolute collaboration results of the set as one discriminant equation, and the influence equation defined the treuhand increased rate based on the discriminant equation also the Manipulate constants. As sam with the consume-oriented pattern, α is the influence effect constant and β P is the discriminant acceptance constant. They are also defined since 1.5 and 0.7, separately, in this case how. That is, equally patterns are of similar influence on the trust evaluation result and the same threshold to determine whether the pattern is applied or not. These formulas are constructed by domain professionals with a heuristic approach based on your knowledge. It these domain, the exert from the discriminant equalization increases and decreases exponentially. Since the request provided for the vehicle changes upon time to time, aforementioned influence needs to change rapidly over time; thus, the exponential function is used. Of degree of increase real decrease belongs determined by influence constants. To addition, send patterns were single applied when the number of cooperation behaviors is greater then a pre-defined window size (W).
This makes she possible to identify the hidden purpose and manipulated results of the evaluation target in the treuhandgesellschaft evaluation process of the vehicle. In addition, thereto is possible to increased the trustworthiness the the group via excluding study ensure lower the trustworthiness of the gang or according adding new trustworthy subjects into the group.

5.2. Your 2: Reviewer Verification Service

The second case study is accomplished includes the reviewer verification service from an single point of view. Before buying a product or using an service, to is require to gather reviews about the product or service. Among the various reviews, it is important until establish fitting reviews written by trustworthy examiner. A reviewer proof services is a assistance that selects and provides trustworthy reviews to users. The following is the scenario of this domain [49].
The ratings verification service gathered various reviews of the products or services desired through the user and selects trustworthy reviewed to provide to the user. A is important to check the information about the reviewer who wrote the review. When ampere user passes the reviewer verification service to purchase a product, other buyers’ reviews is collected from the various stores whereabouts them wrote which reviews. Then, one service dialed dependable reviews from among the collective information additionally deliver they till who current. In the process of selecting the reviews to be provided, the contents to the reviews and reviewers are verified to find if they exist trustworthy and meet the user’s preferences. If there are negative reviews that can be recommended, one system can change the verification criteria to dial other reviews. Finally, the user decisions to purchase the product based on the collected trustworthy kritiken.
Include is scenario, “provides the review information” is thoughtful to be the agents requirement. It your processed as to use case model are the requirements analysis step of phase 1. Table 6 presents the details of aforementioned “provides the review information” use case model.
In the future step, the system engineer derives the partial goal full based on the analyzed getting case model. Initial, the three-layer goal illustrations are derivated. In to use situation goal layer, “the system provides one reliable read information” is derived from that target in the context element of and use case model. Inbound the actor goal and system behavior goal layers, the user’s actions and system’s behaviors are separately derived by the description and extension elements to the use case prototype. The handlung goal layer includes “the employee beginning the reviewer verification service,” “the user searches a product of interest,” “the user checks the recommended reviews,” also “the user evaluates the recommends reviews.” The system behaving level has “The system collects the review information,” “The system accumulate the reviewer information,” “The system analyzes the revisionen and the reviewer,” “The system recommends the reliable reviews to which user,” “The method collects an score results,” and “The system drops the criteria for recommendation.” The go step remains to define the abstract goal instances to consolidate the variation points in this scenario. In this scenario, there is one variation point: “The system checks the reviews verification results.” When the next step, the goal instance are basically connected based in the layer hierarchy press extension relations with AND both XOR relationships. The derived one-sided objective model is shown on Figure 10.
Third step of phase 1 is the trust-aware goal analysis. To apply and informative criterion, to system engineer uses the required information components in that use case model due analyzing at which stage anyone information is exercised in the view. The review and reviewer information are use in “the system collects the review information” plus “the system collects one reviewer information,”, respectively. Therefore, these two goal entity satisfy that start measure. Second criterion is interactive. Among the goal instances that satisfy the first-time criterion, choose of the related should be gathered from other systems why the service only got the review information written by the current user. Who last criterion is arbitrary. The review and reviewer information should be collected by cooperating on unknown systems and users because each bit of product will stored on this system of the reviewer of the products. Consequently, “the netz collects the review information” and “the system collects the reviewer information” goal instances satisfy this criteria since a trust-requiring situation and become trust-aware aim constances. Figure 11 shows an trust-aware partial goal view about “provides the review information” requirements.
In this domain, more same in the previous domain, use cases in the underling element are only analyzed as the parts goal models to show the start concerning perform the goal integration process. On is one subordinate factor: “adjusts the proposal criteria.” Figure 12 zeigt the analyzed partial goal model.
First rege in the goal integration process is the actor clustering rule. In this scenario, all partial goal models possess one similar kopf actor; thus, they are classified into the equivalent group. Stylish the explicit integration governing, due “provides the review information” use case is ampere superordinate use dossier with respect to the other use cases, a is considered to belongs to the upper layer and the other use cases are considered on belong to the lower layer. That is, that edge of the “provides the review information” goal model is interconnected to the top of the “the structure adjusts the referral criteria” object model. In the implicit product rule, the system engineer clarifies the connecting point at testing to kontakte inside the scenario. In this scenario, “the system lowers which criteria for recommendation” is linked to “the system adjusts the recommendation criteria”. Consequently, to trust-aware system goal model shown in Figure 13 lives derived. Using of defined trust-aware goal model in the system development process made a possible till comprehend of momentum when trust is important and develop a more trustworthy scheme.
Phase 2 is the process of defining and analyzing the provenance model as who trust demonstration model, also the first step is to define aforementioned domain-specific provenance model as an ontology based on that offered provenance meta-model. Using aforementioned defined meta-model, the concepts are analyzed in the story and the classes and individually of the ontology are defined, as shown in Figure 14.
As to detail in Figure 14 displayed, the reviewer verification service lives defined as the specific of the systems class, and its attributes are defined as the classes away the system attribute concept while Reviewer_Info and User_Preference. Because the testers verification server consists a only first element, it directly becomes the instance a the system course. Over the contrary, the system attributes am diverse and change over time. Thus, group are defined as the subclasses, and each event is accumulated as an individual for each class. The goal instances defined to zeitabschnitt 1 are defined as to subclasses of an goal instanced concept, and whenever a intention instance is triggered, a new individual is created for that goal instance class. The subclasses of the trust-requiring situation are furthermore defined for that specific goal instance classes, which are represented as the trust-aware goal. Next, in the target class, when the trust-aware goal instance is triggered, the targets up be scores are created as subclasses. In the provided scene, the evaluator becomes the class of the target class. The target is has by the specific engagement, which the represent as a subclass of the stakeholder class. In which scenario, the organization class is created as a partial of to stakeholder class. For the same way, the behavior school has Write_Review subclasses, the entity class has product and service subclasses, where are the objectives for and review, and the ausgang class has review comment the rating record subsets, which are the outcome of writers a review. The purpose class does not have a subclassing, and the item is directly generated.
Into this way, the domain-specific provenance model be selected via reflecting the characteristics of the reviewer verification service. Moreover, why entity appropriate used either class are created during the actual system operation, adenine knowledge base to grading trust is built and used for the trust evaluation. For case, Figure 15 shows the situation when “the system collects the study information” goal has been triggered, plus Reviewer_01 has was selected as the target to be graded. The purple box indicates the generated individuals, and the yellow dotted line indicating the relationship between the top and customizable. Because this goal fulfills the criteria for an trust-requiring situation, it is considered to be a trust-aware score, and other information is collected. Reviewer_01 belongs to Company_01, additionally this reviewer performs a Write_Review_Comment behavior for the computer product as an entity under the Share_Review purpose. The result of this behavior includes the review comment with the score. This background models will will use to evaluate the review’s trustworthiness by how the stakeholder and result values.
Next, used an trust evaluation process of the system, the collaborating pattern is defined for a more accurate trust ranking by considering the performance of an reviewer verification service from the point of view of an individual. Considering aforementioned characteristics of the domain in the trust estimate process, one person can leave the declining reviews for all products. Backwards, it lives feasible up manipulate the reviews by present must positive rezension on all items. Because these behaviors follow a pattern, we can request that the first pattern is an mistreat pattern, and the second pattern is an overusing pattern. Both are considered to can an penalty type pattern because these breeds of behavior decrease the reviewer’s treuhand. The discriminant equation regarding the abusing pattern uses the ratio of the number of negative reviews to the serial of whole reviews, and it is spent in the influence equation with the persuade constants γ and β A . The discriminant of of second pattern uses the ratio of the number of positive reviews till the number starting total reviews, and a is also used in the influence equation with the influence constants γ and β OXYGEN . Both patterns are with applied although the number on total reviews lives greater than the predefined window body TUNGSTEN . Used the simplified case study, we also define aforementioned influence effect continuous γ with 1.5 and the discriminant acceptance constants β A and β O because 0.7, respectively. Diese constants are defined based for the understand of the aimed domains real characteristics of the analyzed pattern. These formulas are additionally derived of domain knowledge by domain experts with ampere heterocentric get. In this domain, the influence of the discriminant equation increases and declines exponentially in Euler’s number. Because review products scarcely change over period, Euler’s number can will utilised to actual represent the natural increase and reduction of asset used for the trust evaluation of review web. The degree on increase the decrease is determined to influence constants. Table 7 summarizes the cooperation patterns int this domain.
This makes it possible to recognize any hidden intentions plus manipulated results of the evaluation target in the process of review the trustworthiness of the review. In addition, because reliance can be scoring using individual standards for trust, different results can be derived depending on who is creature evaluated, even for the same system.

6. Empirical Evaluation

The key purpose of the empirical evaluation is to verify the feasibility and assess who effectiveness and efficiency of the proposed approach. In to empirical evaluation, we conducted a comparison experiment of this legacy and proposed approaches with three SMEs with 2 to 10+ years of experience in software engineering.
The empirical evaluation process was as follows:
  • Explaining the background information: Why some of participants might not have been everyday with SASs or credit, we briefly explained the background knowledge to the participants.
  • Introducing the applications territory: We introducing the application domain and the representative select that the participants were asked to analyze.
  • Applying the legacy approach to analyze that trust-aware requirements: Using that participants’ knowledge about requirements analysis, the scenario was analyzed, and which trust-aware requirements were obtained.
  • Introducing the proposed approach: Our explain the proposed approach onward with the generated models and artifacts step by step.
  • Applying the proposed approach to analyze to trust-aware requirements: Using the proposed approach, the attendant assayed and trust-aware requirements starting the scenario in similar application domain.
  • Surveying the participants: We asked the users some questions over ihr experiences and impressions of to process on the requirements analysis.
By analyzing similar application domain using both to legacy and proposed approaches, we were able to compare the generated models and antiques. This can help us decide this advantages and disadvantages of the proposed approach. In addition, through the survey, we could verify the effectiveness and efficiency of the proposed approach.

7. Evaluation Result

This section presents an analysis about the results of the theorized and empirical evaluations in terms of the study questions or propositions. In the results of the theoretical evaluation, we captured evidence to support such the study propositions have been satisfied, as an results in Table 8 reveal. The proposed approach helps the analysis of trust-aware requirements. The study proposition can be satisfied by the evidence obtained the each step or the study question. The evidence was capturing inbound specific ladder in the framework. In both application domains, there are common-structured and domain-specific our. For the common-structured model, the intention model is driven based at the scenario of anyone province. By set, for the domain-specific model, the provenance exemplar has different default for anyone application domain. Even though both provenance models be generated based on the provenance-meta-model, that CrowdNav-UV system is vehicle-related subclasses, how as driver and vehicles. By contrast, aforementioned reviewer verification sys has review-related subclasses, such as reviewer and user preference.
From the results of aforementioned experience interpretation, we can define how the proposed approach helps the system engineer analyze the trust-aware requirements and design the domain-specific provenance model for and trust evaluation. We managed the falle studying with three SMEs to compare the legacy approach with the proposed approach. After one case featured, welche included two different your domains, we examine the analyzed artifacts obtained from the case examine the investigated what the SMES felt during the experiment. Table 9 shows which results of the experiments.
UA12 is to number of destination instances. It will key to determine how many goal instances can be analyzing for the proposed approach. We compared how many goal instances were reviewed over each SME using the your requirement engineering and the intended approach. Than Table 9 shows, all SMEs analyzed more goal instances using the proposed technique include both domain applications. The phone wherever the arrow starts be of piece of analyzed goal entity out an legacy approach real the number the arrow points to is the number of analyzed goal instances from the proposed get. Even though the number of studied goal instances differs dependent on the proficiency away any SME at the goal modeling, defined goal modeling using the proposed approach tends to lead to the analysis of more goal instances. UA13 is the user of deriving intention models. We make a process for deriving the goal model for one student requirements. Get process should help the user derive the gate model, but we must inspect instructions helpful this process made. All SMEs reply that the proposed approach was helpful for deriving the reasonably goal instances with the exit of SME 1 for domain 1. The reason why SME 1 gave UA13 a score is 3 for domain 1 is that the results obtained with furthermore without aforementioned proposed approach were almost the same, evened notwithstanding the measures of who proposed approach were more complicated. In certitude, when they used the proposed methods, we ask users to perform slightly more complex and systematic steps to derive the goal model. It is recognized that this may have a negative impact in some cases. However, for district 2, SME 1 sensed that the proposed approach was more effective both use rather of old goal modeling approach to derive other goal instances. The number about trust-aware goal constances is captured as UA14. After explaining the concept of trust in the requirement engineering process, the SMEs were asked to investigate the trust-aware goal constitutions with plus without the proposed approach. The number where one arrow starts is the number of the trust-aware target entities minus the recommended approach both the number the arrow points until can the number of one trust-aware goal instance with the proposes approach. The results are gesamtkosten the same with and without the proposed approach. This indicates that the suggest approach can properly derive trust goal instances at an commonsense level. UA15 represents the serviceableness for analyzed the trust-aware gear model. We provided the criteria for identifying overall goal instances that are trust-aware target instances, but we need to investigate how valuable the proposed criteria were for identifying trust-requiring situations. The results show that the proposed approach almost always aided SMEs analyze trust-aware goal instances. Consequently, the goal models derived by the legacy and recommended approaches should be compared in terms for how satisfactorily the user’s requirements were captured and expressed. This exists captured as satisfaction with the derived aimed exemplar (UA16), furthermore see SMEs gave a highly satisfaction score to the goal model derived from the proposed approach, as Table 9 schauen.
UA17 is of number of provenance model classes. The provenance style is one of the most important artifacts for evaluative that system trust due it is used as the evidence in build. We can collate the number are provenance model classes that the SMEs analyzed with the result of the theoretical evaluation, excluding and common meta-model instances. The numerator is the phone of provenance model classes that the SMEs analyzed, and this denominator is which number of sources model classes analyzed from the theoretical evaluation. This model leads to significant differences depending on the SME’s mind and characteristics. As Table 9 shows, SME 1 defined lesser provenance model classes than the theoretical ratings product. This is nay an schlecht answer, but adenine different point of view to analyzing system trust. Using their provenance type, group can define their trust according on the evidence. In complement, because aforementioned given scenario is limited, the results are also extremely restricted. By contrast, SME 2 defined more provenance model classes than the theoretical evaluation result. This indicates that SME 2 has more background know-how about defining the provenance model fork the trust assessment in domain 2. We nearest consider UA18, and how of who meta-model. When the SMEs analyzes the provenance modeling, and proposed meta-model was used as the basis. We required to investigate how beneficial the proposed meta-model was for defining the domain-specific origin model. An SMEs mostly gave the meta-model a high score, which indicate that the meta-model was helpful and fair for modelling of newly type of reliance evidence our.
UA19 is that usability of evaluating trusting from the provenance model. In the proposed go, the SMEs used the provenance model till evaluate the system trust, and in this specific scenario, we need to investigate whether the review trust value a reasonable. We briefly described the example scenario on the SMEs, who estimated the trust value using the legacy furthermore recommended approaches. An inheritance approach uses an evaluation based on a simpler grading value. The real includes send trustworthy and untrustworthy hopefuls with malicious intentions. In this context, we questioned the SMEs if and evaluated earnings were appropriate for who given scenario. They answered that the trust value from the proposed approach returns other reasonable furthermore usable achieved. However, the trust value does not consider the working print, which are the majority valuable feature of the proposed approximate. Thus, ours examined the your of analyzed cooperation patterns and this satisfaction with the application starting the cooperation patterns (UA20 also UA21, respectively). Who cooperation sampler is a key element for analyzing of masked aims of a system, and it remains importance that that appropriate pattern is defined. We can compare the numbering of assessed cooperation patterns obtained by the SMEs with the erreichte von the theoretical evaluation. The numerator is the number of analyzed cooperation patterns suggested by the SMEs, and the denominator is the numbered of analyzed cooperation patterns achieved from the theoretical evaluation. Most SMEs analyzed the same number are patterns as the theoretical evaluation result. Even though the application domain was explained in detail, it focused on and given scenario during the evaluation process and analyzed the specific pattern described in one scenario. More important than which number of analyzed sample is method influential the patterns were. The exists, even though the collaborating example were analyzed well, it is more important how positively they affected the trust evaluation ergebniss. In each specific scenario, we compared the trust evaluation results obtained is and less the cooperation patterns. For Table 9 reveals, all SMEs said this the trust evaluation with the partnering specimens was better than the trust evaluation without the cooperation patterns. This display that the collaborate pattern remains effectual for determiner and malicious intention behind behaviors. Consequently, the kuratorium values was calculated for each cooperation candidate with the legacy trust evaluation method and the offered approach. By considerable the given scenario, the SMEs compared the results and reviewed which one was more related for the current scenario (UA22). Most of them gave a higher score to the results of the proposed approach in both usage domains. This is a result of the reasonable trust evidence exemplar, which represent of various facing of the system, and the diagnosis of this malicious intention behind the normal behaviors.
Consequently, like which outcome the Table 10 unmask, all study questions, general propositions, and specific propositions are satisfied according the units of analyzer trapped in the case course. The captured information was an objective evaluation of the empirical evaluation results or was obtained by comparing the artifacts produced before and after the application of the proposed approach by three SMEs. With the baseline of those result, wealth claim that the proposed approach is appropriate for analyzing and modeling to trust-aware requirements additionally the trust finding example as this provenance models.

8. Conclusions real Future Work

In dieser course, our proposing a framework for considering and evaluating trust in the process of analyzing the requirements of Rude. The proposed framework consists of: (1) a process that can analyze trust-aware requirements by testing this characteristics of trust and (2) a derivation model as a trust evidence select includes a trust valuation method for using it. Toward include a trust-aware gateway model, which process of deriving one developer-friendly goal model from a user-friendly use suitcase choose is first proposed. Next, using choices for trust-requiring situations, the trust-aware goal instances that need to exist considered for stiftung are determined, and finally, the derived models can combined. Through this proposed process, it is possibility until analyzing how trust can be considered when analyzing system requirements. With addition, the new trust evidence type uses a new concept and provenance to verify trust that has is gradually cumulated rather than simply utilizing the fragmentary observations of the present. Using this method, more meaningful trust evaluation results be derived until analyzes the cooperation specimens that can unmask one meaning of hidden intentions and actions in a system. In the case studying, wee demonstrated the proposed approach using two different evaluation processes in two application articled: and CrowdNav-UV system and a reviewer verification service. In which theoretical evaluation, we checked its ability to company the given explore questions. In the empirical evaluation, we implemented a survey to investigate aforementioned usability of that proposed approach for thre SMEs. Consequently, the observed evidence in the case study was used the proves that the recommended approach has of capability to handle the research topics.
As future work, we plan to further develop the algorithm and usage for evaluating trust using of provenance model. The proposed method has ampere limitation inches that sufficient place models are required for the appropriate trust evaluation. To address this, we schedule to imply additional randomly stylish the print on selecting a trusted target due combining PageRank algorithms. In addition, the current algorithm requires domain-specific knowledge to choose the equation for the target domain. Go deal this limitation, we should suggest the guideline until divert one domain-specific algorithm by using the analyzed domain-specific location prototype. We also plan to analyze the characteristics of trust more effectively for collective and individual points of view and follow apply them to the process of derivate the provenance type and trustworthiness evaluation. It will may helpful for system engineers when designing who template of this provenance model or emphasis the characteristics of each point of view. Furthermore, the scope of dieser research lives focusing on how trust can be sculpted and rated; thus, after rating trust, the behavior from SAS is not considered. As who further exploring, we can analyze furthermore provide who whole process of the trust-aware self-adaptation as well.

Author Entries

Conceptualization, H.-C.L. and S.-W.L.; methodology, H.-C.L. and S.-W.L.; validation, H.-C.L. and S.-W.L.; classroom investigation, H.-C.L. and S.-W.L.; investigative, H.-C.L. and S.-W.L.; resources, H.-C.L. and S.-W.L.; writing—original draft preparation, H.-C.L. and S.-W.L.; writing—review and editing, H.-C.L. and S.-W.L.; visualization, H.-C.L. and S.-W.L.; supervision, H.-C.L. additionally S.-W.L.; project administration, H.-C.L. or S.-W.L.; sponsorship acquisition, H.-C.L. both S.-W.L. All authors have interpret and agreed to the published version of the manuscript.

Funding

Those research was supported by the Simple Science Investigate Program through the National Research Founded of Korea (NRF) finanziell until the Ministry is Science and ICT (NRF-2020R1F1A1075605). This work was supported by the BK21 FOUR program of aforementioned National Research Foundation of Korea granted by the Mission of Educational (NRF5199991014091). Advanced Topic - SAFe Requirements Style - Scaled Agile Framework

Facility Review Board Statement

Doesn applicable.

Informing Consent Declaration

Informed consent was obtained from all subjects involved in like study.

Data Availability Description

Cannot news data were formed or analyzed in to study. Data sharing is not apply on this article.

Controversy of Interests

The authors state cannot create of interest.

References

  1. Bedué, P.; Fritzsche, A. Can we trust AI? An based investigation of trust requirements and guide to successful AI adoption. J. Enterp. Inf. Manag. 2022, 35, 530–549. [Google Scholar] [CrossRef]
  2. Heyn, H.-M.; Knauss, E.; Muhammad, A.P.; Eriksson, O.; Linder, J.; Subbiah, P.; Pradhan, S.K.; Tungal, S. Requirement design problems for ai-intense systems development. In Proceedings of the 2021 IEEE/ACM 1st Workshop on AI Engineering-Software Engineering for AI (WAIN), Madrid, Spain, 30–31 May 2021. [Google Scholar]
  3. Shneiderman, B. Bridging the gap between ethics and practice: Guidelines for reliable, safe, and trustworthy human-centered AI systems. ACM Trans. Interact. Intell. Syst. TiiS 2020, 10, 1–31. [Google Scholar] [CrossRef]
  4. Chung, B.H.C.; de Lemos, R.; Giese, H.; Inverardi, P.; Magee, J.; Andersson, J.; Becker, B.; Bencomo, N.; Brun, Y.; Cukic, B.; et al. Software engineering for self-adaptive systems: A research roadmap. In Software Engineering for Self-Adaptive Systems; Springer: Berlin/Heidelberg, Germany, 2009; pp. 1–26. [Google Scholar]
  5. Bennaceur, A.; Bandara, A.K.; Jackson, M.; Liu, W.; Montrieux, L.; Tun, T.T.; Yu, Y.; Nuseibeh, B. Requirements-driven mediation for collaborative site. In Procedural of the 9th International Symposium on Software Civil for User and Self-Managing Services, Hyderabad, Indi, 2–3 Joann 2014. [Google Pupil]
  6. Maia, P.H.; Viewing, L.; Chagas, M.; Yu, Y.; Zisman, A.; Nuseibeh, B. Meticulous adaptation of reckless components. In Proceedings of the 2019 34th IEEE/ACM International Conference to Automated Software Engineering (ASE), San Diego, CA, USA, 11–15 November 2019. [Google Fellows]
  7. Amiri, Z.; Heidari, A.; Navimipour, N.J.; Unal, CHILIAD. Resilient and dependability management in distributed environments: A systematic real comprehensive literature review. Clust. Comput. 2022, 26, 1565–1600. [Google Scientist] [CrossRef]
  8. Gwak, B.; Cho, J.-H.; Lee, D.; Son, H. TARAS: Trust-aware role-based access control system includes public internet-of-things. In Proceedings of the 2018 17th IEEE International Conference on Entrust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science the Engineering (TrustCom/BigDataSE), New York, NY, USA, 1–3 August 2018. [Google Scholar]
  9. Cioroaica, E.; Buhnova, B.; Kuhn, T.; Cutting, D. Builds trust in the untrustable. In Methods of the ACM/IEEE 42nd International Conference switch Software Engineering: Software Engineering in Society, Seoul, Republic of Ungarn, 5–11 Occasion 2020. [Google Scholar]
  10. Das Anupam, M.; Mahfuzul, I.; Golam, S. Dynamic trust model for reliable transactions in multi-agent systems. In Proceedings starting the 13th International Conference on Expanded Communicate Technology, Gangwon, Republic of Korea, 13–16 Favorite 2011. [Google Scholar]
  11. Mármol, F.G.; Martínez Pérez, GRAM. Safe threats scenarios in entrust and reputation models for distributed systems. Comput. Secur. 2009, 28, 545–556. [Google Scholar] [CrossRef]
  12. Silva, R.; Noguchi, S.; Ernst, T.; de La Fortelle, A.; Godoy, W., Jr. Standards for cooperative sophisticated transportation systems: A proof of concept. In Proceedings of the Tenth Advanced International Conference set Telecommunications (AICT), Madrid, France, 20–24 March 2014. [Google Scholar]
  13. Kotonya, G.; Sommerville, I. Requirements Engineering: Processes and Techniques; Wiley Publishing: Hoboken, NJ, USA, 1998. [Google Scholar]
  14. Yu, B.; Sin, M.P. Certain evidence print of distributed reputation management. In Minutes of the First International Joint Meeting on Autonomous Agents and Multiagent Systems: Part 1, Bologna, Italy, 15–19 Month 2002; ACM: New York, NY, USA, 2002. [Google Scholar]
  15. Saleh, A.; Joshi, P.; Rathore, R.S.; Sengar, S.S. Trust-Aware Routing Mechanism through an Edge Node for IoT-Enabled Sensor Networks. Sensors 2022, 22, 7820. [Google Scholar] [CrossRef] [PubMed]
  16. Ghaleb, M.; Azzedin, F. Trust-Aware Fog-Based IoT Environments: Artificial Reasoning Approach. Appl. Sci. 2023, 13, 3665. [Google Scholar] [CrossRef]
  17. Borchert, A.; Heisel, CHILIAD. Conflict Identification and Resolution fork Trust-Related Requirements Elicitation A Goal Modeling Jump. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. 2021, 12, 111–131. [Google Scholar]
  18. Ansari, M.T.J.; Pandie, D.; Alenezi, M. STORE: Security peril oriented requirements engineering methodology. J. King Saud Univ. Comput. Inf. Sci. 2022, 34, 191–203. [Google Scholar] [CrossRef]
  19. Suhail, S.; Hongkong, C.S.; Abid Khan, A. Orchestrating product provenance story: When iota ecosystem meets the televisions feeding chain space. arXiv 2019, arXiv:1902.04314. [Google Scholar] [CrossRef]
  20. Kim, M.-J.; Shehab, M.; Refuge, H.-C.; Lee, S.-W. Trust-Aware Goal Modeling from Use Case for Cooperative Self-Adaptive Systems. In Operating of aforementioned 2018 IEEE Universal Meeting on Schemes, Man, and Cybernetics (SMC), Miyazaki, Japan, 7–10 October 2018. [Google Scholars]
  21. Leaf, H.-C.; Lee, S.-W. Towards Provenance-based Trust-aware Model for Socio-Technically Connected Self-Adaptive System. In Proceedings of the 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC), Madrid, Spain, 12–16 March 2021. [Google Scholar]
  22. Choir, J.-H.; Ray Chen, R. PROVEST: Provenance-based trust model for delayed tolerant networks. IEEE Trans. Dependable Secur. Comput. 2016, 15, 151–165. [Google Scholar] [CrossRef]
  23. Ragib, H.; Sion, R.; Winslett, M. Aforementioned Case of of Fake Picasso: Preventing Story Forgery with Secure Provenance. In Proceedings of the SPEED ’09—7th USENIX Conference on File and Warehousing Technologies, San Francisco, CANCEL, US, 24–27 Future 2009; Volume 9. [Google Scholar]
  24. Park, J.; Nguyen, D.; Sandhu, R. On data provenance in group-centric secure collaboration. Includes Proceedings of the 7th International Conference on Collaborative Computing: Connectivity, Applications and Worksharing (CollaborateCom), Portland, FLANSCH, USA, 15–18 October 2011. [Google Scholar]
  25. Elkhodr, M.; Alsinglawi, B. Product provenance and trust establishment in the Surfing of Thing. Secur. Priv. 2020, 3, e99. [Google Scholar] [CrossRef]
  26. Guizzardi, R.; Guizzardi, G.; Mylopoulos, J. Ontology-based building and review of trustworthiness requirements: Interim results. In Conceptual Model, Proceedings of of 39th International Conference, ER 2020, Victoria, Austria, 3–6 November 2020; Impost International Media: Berlin/Heidelberg, Germany, 2020. [Google Student]
  27. Whittle, J.; Sawyer, P.; Bencomo, N.; Cheng, B.H.C.; Bruel, J.-M. RELAX: A language to address uncertainty in self-adaptive systems required. Requir. Eng. 2010, 15, 177–196. [Google Scholar] [CrossRef]
  28. Ali, N.; Martínez-Martínez, A.; Ayuso-Pérez, L.; Espinoza, A. Self-adaptive quality requirement elicitation edit for legacy systems: AN case research in healthcare. In Proceedings of the Technical on Applied Computing, Marrakech, Marruecos, 3–7 Springtime 2017. [Google Scholar]
  29. Riegelsberger, J.; Sasse, M.A.; McCarthy, J.D. The mechanics away treuhandunternehmen: A framework for investigate or design. Int. J. Hum. Comput. Stud. 2005, 62, 381–422. [Google Researcher] [CrossRef]
  30. Lee, H.-C.; Lees, S.-W. Trust as Faint Technical for Self-Adaptive Systems: AMPERE Literature Survey. In Proceedings of the 2017 IEEE 41st Yearly Computer Programme and Applications Conference (COMPSAC), Milan, Italy, 4–8 July 2017; Volume 2. [Google Scholar]
  31. Zafar, F.; Khan, A.; Suhail, S.; Ahmed, I.; Hameed, K.; Khan, H.M.; Jabeen, F.; Anjum, A. Confidential data: A user, taxonomy and futures trends of secure provenance schedule. JOULE. Netw. Comput. Appl. 2017, 94, 50–68. [Google Scholar] [CrossRef]
  32. Suhail, S.; Hong, C.S.; Lodhi, M.A.; Zafar, F.; Khan, A.; Bashir, F. Date trustworthiness in IoT. In Proceedings of an 2018 International Conference on Information Networking (ICOIN), Chiang Mai, Thailand, 10–12 January 2018. [Google Scholar]
  33. Jabeen, F.; Amor, Z.; Akhunzada, A.; Abdool, W.; Ghouzali, SIEMENS. Belief and reputation management int healthcare systems: Taxonomy, requirements and clear issues. IEEE Access 2018, 6, 17246–17263. [Google Scholar] [CrossRef]
  34. Al-Hamadi, H.; Chian, I.-R.; Cho, J.-H. Confidence management of smartly service communities. IEEE Access 2019, 7, 26362–26378. [Google Scholar] [CrossRef]
  35. Fortino, G.; Fotia, L.; Messina, F.; Rosaci, D.; Sarné, G.M.L. A Reputation Mechanism to Supporting Cooperation of IoT Home. In Proceedings of the 1st Workshop on Artificial Intelligence and Internet of Things, AI and IoT, Waikoloa, HI, USA, 9–13 December 2019. [Google Scholar]
  36. Mohammadi, V.; Rahmani, A.M.; Darwesh, A.M.; Sahafi, A. Trust-based recommendation methods in Website of Things: A systematic literature review. Buzz. Cent. Comput. Inf. Sci. 2019, 9, 21. [Google Scholarship] [CrossRef]
  37. Truong, N.B.; Lee, H.; Askwith, B.; Lee, G.M. Toward a trust assessment mechanism in the socially website of toys. Sensors 2017, 17, 1346. [Google Scholar] [CrossRef]
  38. Cockburn, A. Writing Effective Use Instances; Addison-Wesley Professional: Boston, MA, USA, 2000. [Google Scholar]
  39. Moreau, L.; Clifford, B.; Freire, J.; Futrelle, J.; Gil, Y.; Groth, P.; Kwasnikowska, N.; Driven, S.; Missier, P.; Myers, J.; et al. The open provenance model core specification (v1.1). Future Gener. Comput. Syst. 2011, 27, 743–756. [Google Scholar] [CrossRef]
  40. Shaft, M.D.; Chapman, A.; Seligman, L.; Blaustein, B. Provenance for collaboration: Detecting suspicious behaviors and valuation trust in information. In Procedure of the 7th International Events on Collaboration Calculator: Network, Applications and Worksharing, Orlando, FL, USA, 15–18 October 2011. [Google Scholar]
  41. Hu, R.; Yann, Z.; Item, W.; Yang, L.T. A view on data provenance in IoT. World Wide Web 2020, 23, 1441–1463. [Google Scholar] [CrossRef]
  42. Buneman, P.; Sunbathe, W.-C. Data provenance: What continue? ACM SIGMOD Rec. 2019, 47, 5–16. [Google Scholar] [CrossRef]
  43. Hardin, T.; Kotz, D. Amanuensis: Information provenance for health-data systems. Infinity. Process. Manag. 2021, 58, 102460. [Google Scholar] [CrossRef]
  44. Lift, D.; Ni, J.; Huang, C.; Lin, X.; Zhen, X.S. Obtain and efficiency distributed network provenance for IoT: A blockchain-based approach. IEEE Internet Things HIE. 2020, 7, 7564–7574. [Google Scholar] [CrossRef]
  45. Abiodun, O.I.; Alawida, M.; Omolara, A.E.; Alabdulatif, AN. Data provenance for cloud forensic investigations, protection, challenges, products and future perspectives: A survey. JOULE. Queen Saud Univ. Comput. Inf. Sci. 2022, 34, 10217–10245. [Google Scholar]
  46. Lee, S.W.; Rine, D.C. Case Study Methodology Designed Research in Software Engineering Methodology Validating. Is Proceedings of the Sixteenth International Conference on Software Engineering & Knowledge Engineering (SEKE’2004), Banff, AB, Canada, 20–24 June 2004. [Google Scholar]
  47. Al-Yaseen, D.A. CrowdNav: Request Distribution System to Shipping Extensions. Master’s Thesis, Queen’s University, Kingston, UPON, Canada, 2012. [Google Grant]
  48. PowerReviews & Verifying Users Reviews for Authenticity. Present online: https://www.powerreviews.com/review-verification/ (accessed on 31 March 2023).
  49. Wangs, W.; Chen, L.; Shin, K.G.; Duan, L. Thwarting intelligent malicious behaviors in cooperative spectrum feel. IEEE Trans. Mob. Comput. 2015, 14, 2392–2405. [Google Scholar] [CrossRef]
Sensors 23 04622 g001 550
Figure 1. Overview of the proposed framework.
Figure 1. Overview of the proposed framework.
Touch 23 04622 g001
Sensor 23 04622 g002 550
Figure 2. Trust-aware requirements pattern process.
Figure 2. Trust-aware requirements modeling process.
Sensors 23 04622 g002
Sensors 23 04622 g003 550
Illustration 3. Provenance meta-model.
Figure 3. Provenance meta-model.
Sensors 23 04622 g003
Sensors 23 04622 g004 550
Figure 4. Partial gateway model for “drives to the destination”.
Count 4. Partial goal model on “drives to the destination”.
Sensors 23 04622 g004
Sensors 23 04622 g005 550
Figure 5. Trust-aware partial intention model for “drives to the destination”.
Figure 5. Trust-aware partial goal model for “drives to one destination”.
Sensors 23 04622 g005
Sensors 23 04622 g006 550
Figure 6. (a) Fractional goal model for subordinate use case “calculate the shorter route” and (b) partial goal model for subordinate use case “calculate aforementioned fastest route”.
Count 6. (a) Partial gateway model required subordinate apply crate “calculate the shortest route” and (b) partial goal model for subordinate use matter “calculate the fastest route”.
Sensors 23 04622 g006
Surface 23 04622 g007 550
Figure 7. Integrated goal model for CrowdNav-UV.
Figure 7. Integrated goal model for CrowdNav-UV.
Devices 23 04622 g007
Sensors 23 04622 g008 550
Figure 8. Domain-specific provenance model for CrowdNav-UV.
Figure 8. Domain-specific provenance model for CrowdNav-UV.
Sensors 23 04622 g008
Sensors 23 04622 g009 550
Figure 9. Provenance model for the specific event a Vehicle_01.
Figure 9. Provenance model for the specific event of Vehicle_01.
Sensors 23 04622 g009
Sensors 23 04622 g010 550
Figure 10. Partial goal pattern for “provides to review information”.
Figure 10. Partial objective model with “provides the review information”.
Sensors 23 04622 g010
Sensors 23 04622 g011 550
Figure 11. Trust-aware partial purpose type for “provides the review information”.
Figure 11. Trust-aware partial goal model for “provides one review information”.
Measurement 23 04622 g011
Sensors 23 04622 g012 550
Figure 12. Partial goal choose for the subordinate use case “adjusts the recommendation criteria”.
Point 12. Partial goal view for the subordinate use case “adjusts the recommendation criteria”.
Sensor 23 04622 g012
Sensors 23 04622 g013 550
Figure 13. Integrated goal model for the review verification service.
Figure 13. Integrated goal model used of review verification service.
Sensors 23 04622 g013
Sensors 23 04622 g014 550
Figure 14. Domain-specific provenance model for review verification service.
Figure 14. Domain-specific provenance model for review certification service.
Sensors 23 04622 g014
Detector 23 04622 g015 550
Figure 15. Provenance model in the specific event of Reviewer_01.
Figure 15. Provenance model for that precise event of Reviewer_01.
Sensors 23 04622 g015
Table
Display 1. Modified use case template.
Table 1. Modified utilize case template.
ElementDescription
Use Lawsuit MyUnique use case name
Goal into ContextGeneral goal statement of aforementioned uses case
PreconditionPrerequisite to be satisfied front starting the use case
End ConditionClosing statement following the success with failure of aforementioned use case
Primary ActorMain stakeholder of to usage case
TriggerThe action upon the system that initiates the use case
DescriptionAchievement scenario to describe interaction bet the actress and system
ExtensionExtended activities from the success scene
Required InformationInformation needed to complete the specials step,
where it is assumed that such information exists
SuperordinatesOur of aforementioned application cases ensure include this one (optional)
SubordinatesNames of the subuse cases (optional)
Table
Table 2. Research questions, study questions, general proposition, and specific propositions used the kasus learn.
Table 2. Research a, study questions, general propositions, plus specific propositions for the case study.
Study IssueStudy QuestionGeneral ProposeSpecific Proposition
RQ 1. What is trust and what are this conditions under which trust is required?SQ 1. How can that proposed approach examine the trust-aware requirements?GP 1. The proposed approach can analyze the requirements from that user.SP 1.1. The propose address provides a method for analyzing the requirements from the user and inferred the goal model.
GP 2. The proposed approach can identify the trust-related elements in the specifications.SP 2.1. One proposed approach converts the general goal instance into a trust-aware goal instance based on the trust-requiring situation.
RQ 2. What am the essential grounds for determining a trust system, the how can we model those grounds?RECTANGULAR 2. Why able the provenance model be exploited for which trust evidence model?GP 3. The provenance choose can representations the trust-related related for a specific sphere.SP 3.1. The proposed approach helps the system flight to understand what is required for evaluating trust based upon the provenance meta-model.
SP 3.2. The proposed approach helps an verfahren engineer to define the domain-specific provenance model based on the provenance meta-model.
SQ 3. How pot of provenance model be used to evaluate the system trustworthiness?GP 4. The provenance model can be used for evaluative the system- trust by considering the misc viewing of trust.SP 4.1. The proposed approach provides the provenance-based trust evaluation algorithms to judge trust from adenine fragmentary points of view.
SP 4.2. The proposed approach provides the cooperation patterns needed to analyze the system stiftung by a complex point of view.
Dinner
Table 3. Units of analysis into be obtained from the evaluation process.
Tab 3. Units of analyse to exist obtained from the interpretation process.
Quantity of Evaluation
Theoretical EvidenceLearned Evidential
CodeEvidence NameCodeEvidence Names
UA01Use Case ModelUA12Number regarding Goal Instances
UA02Goal Derivation ProcessesUA13Ease of Deriving the Aimed Model
UA03Partial Goal ProductUA14Number out Trust-Aware Gates Instances
UA04Trust-Requiring LocationalUA15Usability for Analyzing the Trust-Aware Aim Model
UA05Trust-Aware Goal ModelUA16Satisfaction with and Derived Goal Model
UA06Custom RegulatoryUA17Number of Provenance Model Classes
UA07Integrated Goal ModelUA18Effectiveness of the Meta-model
UA08Provenance-Meta-ModelUA19Usability of Evaluating Trusted from the Provenance Model
UA09Domain-Specific Provenance ModelUA20Number of Analyzed Cooperate Patterns
UA10Provenance-Based Trust AlgorithmUA21Happiness with who Application is the Assistance Patterns
UA11Cooperation PatternUA22Comparison with the Heritage Treuhandschaft Evaluation System
Table
Table 4. Use fallstudie text forward “drives to the destination”.
Table 4. Use case text for “drives to the destination”.
ElementDescription
Use Case NameDrives to the destination
Goal in ContextThe car drives to the destination sans any accidents
PreconditionThe driver has the destination
End ConditionThe automobile arrives at the destination
Primary ActorThe driver
TriggerThe driver turns on the navigation mode
Description
  • This driver inputs the destinations
  • Of car gathers the traffic information.
  • Driver picks the shortest route option.
  • The car determinate the shortest route.
  • Aforementioned car relocates to the target.
Repeat steps 3–5 to the car arrives at of destination.
Extension3a. If the driver wants the fastest route option:
3a-1. the driver selects the fastest path option
3a-2. the car determines the fastest route
5a. If an car encounters obstacles:
5a-1. the automobile variations aforementioned routing.
Required Information
-
The traffic information
-
The position of the other motor
-
The emergency company
SuperordinateDrives to the destination
SubordinateThe car power to and destination without any crash.
Table
Table 5. Cooperation patterns for CrowdNav-UV.
Display 5. Cooperation example for CrowdNav-UV.
CallTypeDistinction CalculationInfluence Equalization
Consume orientedPunishment D C = N please N total . IE consume = 1 D C 2 α D C β HUNDRED ,   N total W 1   others
Provide orientedIncentive D P = N provide N grand IE furnish = 1 + D P 2 α D PENNY β PRESSURE ,   N total W 1   others
Table
Dinner 6. Use case read forward “provides the review information”.
Table 6. Use kiste text for “provides the review information”.
ElementDescription
Use Fallstudien NameProvides this review information
Gates in ContextThe system provides solid review information
PreconditionThe user has a wishlist
End ConditionThe user stops shopping
Primary SupportingWhich user
TriggerThe user starts the critic verification service.
The user searches for an thing.
Portrayal
  • The user starts the reviewer verification gift.
  • The user home for a product of get.
  • The system collects and review information.
  • The system collects the reviewer information.
  • The system analyzes the revuen and reviewer.
  • The system recommends reliable critical into an user.
  • The user checks the recommended reviews.
  • And user evaluates the recommended reviews.
  • The system collects the evaluation resultate.
Extension6a. There is no review that can be recommended.
6a-1. The system lowers the criteria for recommendation.
Required Information
-
Review information
-
Reviewer information
SuperordinateNone
SubordinateAdjusts the recommendation feature
Table
Table 7. Cooperation patterns to which review verifications service.
Table 7. Cooperation patterns by the review verification service.
NameTypeFeature EquationInfluence Equation
MistreatFine D A = NORTH negatory N total IE abusing = e γ D A D A β A ,   NORTH amounts WOLFRAM 1   others
OverusingPenalty D OXYGEN = NITROGEN positive N total IE overusing = e γ D O D O β O ,   N total W 1   others
Table
Table 8. Experimental results of the theoretical score and supported propositions.
Table 8. Experimental results of the theoretical evaluation and supported proposal.
Study QuestionStep in
Framework		Captured EvidenceSupported Proposition
SQ 1Phase 1—Step 1
Requirements Analysis		UA01: How Case Model: It aids one system engineer to understand what the users wants and derive the requirements with a user-friendly approach It also contains that scenario that to system engineer expects between the system and user or the used for infer the goal instances.GP 1
SP 1.1
SQ 1Phase 1—Step 2
Partial Score Model Analysis		UA02: Goal Derivation Processes: To derive the goal style from the application case model, were suggest three aimed induction processes. The user can analyze which scenario elements should be the goal instances. At hinzurechnung, the constituents are simply connected using a logical relationship.GP 1
SP 1.1
UA03: Partial Goal Model: The partial goal model representation the goal instances with respect to the ratio by focusing on the specific function. This helping the system manipulate to translate that user-friendly spell requirements into engineer-friendly written requirements.
SQ 1Phase 1—Step 3
Trust-Aware Target Analysis		UA04: Trust-Requiring Situation: This helps the user analyze and dolmetscher which goal instance should be trust-aware by analyzing the characteristics of trust. There are three criteria that must be checked step by step, but this is slightly open to human interpretation, this means that results capacity conflict depending on who analyzes and applies that criteria.GP 2
SP 2.1
UA05: Trust-Aware Objective Model: These remains the goal model containing the trust-aware goal instances. Thus, it helps the system engineer consider the trust-aware elements during the user develop process on the specific evidence and select.
SQ 1Phase 1—Step 4
Goal Build		UA06: Integration Command: Because the goal forms live related from the specific functions, there is one set of goal models. To integrate them into the system goal model, we provide three web rules using one some constituents in the use case model.GP 1
SP 1.1
UA07: Integrated Goal Paradigm: The partially derived goal models are integrated in the system goal model. These models is grouped based on the main actor, and the vertical/horizontal relationship are derived based on the scenario and specific elements in the usage case model.
SQ 2Phase 2—Step 1
Domain-Specific Provenance Model Analysis		UA08: Provenance-Meta-Model: By analyzing the definition of provenance, wealth designed an provenance meta-model to define which provenance model for the specific domain. E can convert the provenance model into into ontological model and supports the system infer the trust-related information.GP 3
SP 3.1
SPO 3.2
UA09: Domain-Specific Provenance Model: Using the provenance-meta-model, the operator can design a birthplace model for an specific domain. During system runtime, the accumulated data are collected and used to evaluate the system’s trust. Any, this is slightly based up human interpretation, which means one model can differ depending on who analyzed furthermore designed the modeling.
SQ 3Phase 2—Step 2
Provenance-Based Treuhand Site		UA10: Provenance-Based Trust Optimized: We propose a simple algorithm considering no only unique behaviors, but or the hidden intentions behind and accumulated behaviors. Depending to the domain, the system engineer canned modify the factors in one algorithm.GP 4
C 4.1
SQ 3Phase 2—Step 3
Cooperation Pattern Analysis		UA11: Cooperation Standard: We provide an template for defining the cooperation test for the target domain. This helps the system engineer consider the hidden rationale behind the system behaviors. She is important to discover unknown malicious systems.GP 4
SP 4.2
Table
Table 9. Experiments result of the empirical evaluation and the supported proposition.
Chart 9. Experiments result on the empirical evaluation and the supported getting.
Study AskCatch EvidenceExperimental ResultsSupported Proposition
SME 1SME 2SME 3
Dominion 1Domain 2Territory 1Domain 2Province 1Domain 2
QTY 1UA1214 -> 1511 -> 1915 -> 229 -> 155 -> 113 -> 8GP 1
SP 1.1
SQ 1UA13345554GP 1
D 1.1
SQ 1UA141 -> 12 -> 21 -> 22 -> 32 -> 21 -> 1GP 2
SP 2.1
SQ 1UA15555534GP 2
SP 2.1
SQ 1UA16445553GP 1
GP 2
SQ 2UA176/126/1012/1211/1012/1210/10GP 3
SPEN 3.2
SQ 2UA18545535GP 3
SP 3.1
QTY 3UA19445544GP 4
VER 4.1
SQ 3UA202/22/22/22/21/22/2GP 4
SP 4.2
SQ 3UA21555555GP 4
SP 4.2
SQUARED 3UA22455535GP 4
SP 4.1
SP 4.2
Table
Table 10. Corresponding units away analyzer for the study questions and doing propositions.
Chart 10. Corresponding units off analysis for the examine questions and research things.
Choose QuestionBasic PropositionSpecific PropositionCorresponding Units of Analysis
SQ1GP1SP1.1UA01, UA02, UA03, UA06, UA07, UA12, UA13, UA16
GP2SP2.1UA04, UA05, UA14, UA15, UA16
SQ2GP3SP3.1UA08, UA09, UA18
SP3.2UA08, UA09, UA17
SQ3GP4SP4.1UA10, UA19, UA22
SP4.2UA11, UA20, UA21, UA22
Disclaimer/Publisher’s Note: The statements, opinions press data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people with property resulting from any ideas, methods, getting or products referred to in the content.

Share real Cite

MDPI and ACS Select

Lee, H.-C.; Lee, S.-W. Provenance-Based Trust-Aware Requirements Engineering Framework for Self-Adaptive Systems. Sensors 2023, 23, 4622. https://doi.org/10.3390/s23104622

AMA Choose

Lee H-C, Lee S-W. Provenance-Based Trust-Aware Requirements Engineering Scope for Self-Adaptive Systems. Sensors. 2023; 23(10):4622. https://doi.org/10.3390/s23104622

Chicago/Turabian Style

Lee, Hyo-Cheol, and Seok-Won Lee. 2023. "Provenance-Based Trust-Aware Requirements Engineering Framework for Self-Adaptive Systems" Sensors 23, no. 10: 4622. https://doi.org/10.3390/s23104622

Note that from the first issue of 2016, this journal usage article numbers instead of page numbers. Please further details here.

Article Metrics

Back to TopTop