UNIVERSITY OF MAURITIUS

FACULTY OF ENGINEERING

PAPER NO EXAMINATION DATE

First Semester 2004/2005

MScCs/04F/1 MSc Computer Science Tuesday

7 December 2004
Level 1

SERIES PAPER TIME

Nov/Dec 2004 Software Requirements 9:30 – 12:30 Hours

Engineering & Research
Methods

(CSE 6101)

This paper contains FIVE (5) Questions. Candidates are required to

answer ALL Questions.

Begin your answer for each question on a fresh page.

Case Study : Outline Description of University of Mauritius Information
System (UMIS)

A computerised system (UMIS) comprising of an information system and a

lock control system is to be procured by the University of Mauritius (UoM)
for providing access to buildings and to course-related information. One of
the main goals of UMIS is to provide network/internet connectivity to system
users wherever they are on campus. A combination of wired/wireless
networks and portable computing devices (laptops, PDAs, etc.) will be used
to achieve this. Students will then be able to access course material or course-
related information (schedule, coursework, results, announcements, email,
etc.) from the network.

Though the system will mainly be oriented towards pedagogical ends, other
key objectives include :

?? Lock control based on user identity to only allow authorised users into
buildings and labs.

?? Eliminate the ubiquitous use of paper through electronic transactions.

UMIS is intended to replace an existing system which makes use of the

departmental server for dispensing course content and course-related
information to students (list of projects, project selection forms, test marks,
etc.) Other information such as CPA grade, exam results, though managed by
an MIS, are only available in paper format at the end of each semester from
the Exams Dept.

The new system will provide a personalised HTML interface to students.

Using popular browsers such as Internet Explorer and Netscape
Communicator, students will log into the system to :

?? access course content, course-related information, CPA grades and exam

results
?? search for documents e.g. exam papers, tutorials
?? register online for course modules
?? access personal and exam schedules
?? receive notifications about specific events and announcements
?? contact their buddy groups and classmates
?? participate in discussion forums and live chat sessions.

…/continued on next page

Page 1 of 9
/Continued

Lecturers will be provided with the following services :

?? Receive and send personal/departmental memos

?? Post course material onto UMIS
?? Schedule meetings with colleagues
?? Search for local publications
?? Hold discussion forums and chat sessions with students.

UMIS will be primarily an end-user system. Users will use the system within
the constraints of the permissions assigned by the administrator to identify,
locate, and receive documents. UMIS output to the user will be via the html
interface, email and print. The print output will mainly be documents
supplied which, because of copyright restrictions, must be printed and
deleted immediately upon receipt. The email output will be documents,
messages from the system and other output.

There is no current regulation of access to buildings. In labs, however, a

number of lab assistants currently admit students upon presentation for their
student ID, if the lab has not been booked for tutor-led practicals. Only
students currently registered for courses at the department are allowed access
to the lab. UMIS will make use of fingerprint matching to control the lock
mechanism of doors of buildings and labs. Each user will have to place his
hand for scanning at scanning devices placed next to entrances of buildings.
The same procedure must be performed for both entering and leaving
buildings. To enable this, UMIS will have to provide for identity
management for all its users. The Faculty Office staff will be responsible of
maintaining the identity of users (fingerprints, user data). The system
administrator may control access to rooms by assigning permissions to users.

The same identity validation technique will be used in applications for

managing printing paper quotas and for paying items at the university
cafeteria. Users will replenish their accounts through credit-card payments
and make payments for university services.

Since access to the network and internet access will be provided through
wireless networks, security features must be built into the system for user
authentication and to prevent parking-lot attacks. All information in UMIS
must also be encrypted using a 128-bit key prior to transmission.

Page 2 of 9
UMIS Requirements Specification

Identifier Requirement

1. System Administration
SAD01 UMIS will provide a range of services available only to the system
administrator. These are primarily:
(i) Management of access permissions for users to services of UMIS
(ii) Remote administration of security features built-into the system

2. User Interface
UI01 The user interface shall be in HTML. Users will access UMIS via
standard web browsers such as Netscape and Internet Explorer.
When the user logs in, he will be presented with a personalised
interface with only the services accessible to him displayed.

3. User Accounts
… … [requirements not included]
… …

4. Lock Control
… … [requirements not included]
… …

5. User Services
… … [requirements not included]
… …

6. Communication
C01 Users shall communicate with UMIS via the HTML interface over an
Ethernet or WiFi network connection
C02 Users input to UMIS will be via the HTML interface
For the lock control system, the user input shall be a fin gerprint image
from a scanning device
C03 UMIS output to the user will be via the HTML interface, email and
print. The print output will be mainly documents which because of
copyright restrictions must be printed and deleted immediately upon
receipt. Email output shall be messages from the system with the
possibility of attached documents. The system shall maintain the
confidentiality of messages.

7. Security
S01 UMIS shall provide for user authentication to prevent unauthorised
access
S02 Since UMIS will also be accessible over wireless networks, the system
shall encrypt all data before transmission to prevent parking-lot
attacks.

Page 3 of 9
Question 1

(a) Why should a number of system stakeholders be consulted during the

requirements engineering process for a computer-based system? List at
least SIX principal stakeholders that might be a source of system
requirements for the UMIS system.
[1 + 3 marks]

(b) (i) Write down the requirements for the User Accounts, Lock Control, User
Services dimensions. Please use an appropriate numbering scheme.
[8 marks]

(ii) Why is classification of requirements using a multi-dimensional

approach a good practice when eliciting and analysing requirements?
[2 marks]

(iii)Which other dimension could be used for classifying the same set of
requirements?
[2 marks]

(c) Why is it important to record the source and rationale of requirements?

[3 marks]

(d) (i) What are the advantages and disadvantages of interviewing as a

requirements elicitation technique?
[3 marks]

(ii) Explain how observation of work processes can be used to supplement

the information gained from interviews.
[3 marks]

Page 4 of 9
Question 2

(a) (i) Using a pseudo-code approach, write TWO plausible scenarios for
some of the activities in UMIS.
[3 + 3 marks]

(ii) Discuss the merits of using the technique in part (i) for eliciting
requirements.
[3 marks]

(b) After discovering requirements from various stakeholders, these

requirements must be analysed and a number of checks made on them.
State and briefly describe what types of checks should be performed on
requirements.
[4 marks]

(c) Consider the following requirements taken from the UMIS requirements
specification :

C01: Users shall communicate with UMIS via the HTML interface
over an Ethernet or WiFi network connection

UI01: The user interface shall be in HTML. Users will access UMIS via
standard web browsers such as Netscape and Internet Explorer.
When the user log in, he will be presented with a personalised interface
with only the services accessible to him displayed.

What problems (if any) might analysis checks on requirements C01 and
UI01 reveal? Rewrite the requirements to correct these problems.
[4 marks]

(d) Using your rewritten (and renumbered) requirements from part (c) and
the ones given in the UMIS Requirements Specification on page 3, build an
interaction matrix to show how these requirements interact with each
other. Do not include your requirements for the User Accounts, Lock
Control and User Services dimensions.
[4 marks]

(e) (i) Which problems with the elicited requirements can be uncovered by an
interaction matrix?
[2 marks]

(ii) What should then be done with the problematic requirements you
found (if any) using your interaction matrix in (d)?
[2 marks]

Page 5 of 9
Question 3

(a) Explain why it is useful to involve people from different technical

backgrounds in a requirements review process.
[2 marks]

(b) Give four examples of problem types which may be discovered in a

pre-review check of a requirements document.
[4 marks]

(c) Using the checklist suggested below, review the requirements grouped
under the ‘Lock Control’ dimension and discover possible problems with
them.

Check Description
1. Understandability Can readers of the document understand what the requirements
mean?
2. Redundancy Is information unnecessarily repeated in the requirements
document?
3. Completeness Does the checker know of any missing requirements or is there
any information missing from individual requirement
descriptions?
4. Ambiguity Are the requirements expressed using terms which are clearly
defined? Could readers from different backgrounds make
different interpretations of the requirements?
5. Consistency Do the descriptions of different requirements include
contradictions? Are there contradictions between individual
requirements and overall system requirements?
6. Organisation Is the document structured in a sensible way? Are the
descriptions of requirements organised so that related
requirements are grouped?
7. Conformance to Does the requirements document and individual requirements
standards conform to defined standards? Are departures from the
standards, justified?
8. Traceability Are requirements unambiguously identified, include links to
related requirements and to the reasons why these
requirements have been included?

[4 marks]

(d) Explain the notion of viewpoints used in the VORD method. Why are
indirect viewpoints very important? Illustrate your answer with an
example.
[3 + 2 + 2 marks]

(e) Suggest possible viewpoints for UMIS.

[4 marks]

(f) For each of the viewpoints identified, determine which services must be
provided by UMIS.
Page 6 of 9
 [4 marks]

Question 4

(a) Explain why there is a great deal of variability in the requirements

engineering processes used in different organisations.
[3 marks]

(b) Explain why both coarse-grain and fine-grain activity models of a process
should be produced in an organisation.
[4 marks]

(c) Suggest FOUR good practices which might be incorporated into

requirements engineering processes.
[4 marks]

(d) Distinguish between the use of prototyping during requirements analysis

and requirements validation. Can the same prototype developed for
eliciting and analysing requirements be used for validating requirements
as well?
[3 + 2 marks]

(e) Some people are against including a system architecture diagram because
they argue that the system architecture is a design model and no design
information should be in the Requirements Specification document. What
reasons would you forward to counter their argument?
[3 marks]

(f) (i) What are non-functional requirements? Explain the differences

between process, product and external requirements. Give an
example of each.

(ii) Explain how the following non-functional requirements may conflict :

security vs. flexibility.
security vs. performance.
usability vs. efficiency.
maintainability vs. efficiency.
Illustrate your answers with examples.
[3 + 3 marks]

Page 7 of 9
Question 5

(a) Using examples to support your answer, explain why domain knowledge
is important in the requirements elicitation process.
[3 marks]

(b)
Borrow

? Library
book?. Book
reader?. Borrower

book? ? stock
book? ? dom onLoan
onLoan’ = onLoan ? {(book?, reader?)}
stock’ = stock

Figure 1

(i) With reference to the Z schema for a Borrow operation shown in

Figure 1, explain the three primary components of a formal
specification la nguage.
[3 marks]

(ii) What are the advantages of formal methods over informal methods
for describing requirements?
[3 marks]

(iii) Explain why formal methods are not widely used in industrial
software development.
[3 marks]

(c) Suggest THREE reasons why the requirements for the UMIS system might
change.
[3 marks]

(d) Classify the following requirements from UMIS as stable or volatile

requirements. Justify your answer.

…./continued on next page

Page 8 of 9
Question 5 (continued)

SAD01 UMIS will provide a range of services available only to the

system administrator. These are primarily :
(i) Management of access permissions for users to services of UMIS
(ii) Remote administration of security features built-into the system

UI01 The user interface shall be in HTML. Users will access UMIS via
standard web browsers such as Netscape and Internet Explorer.
When the user log in, he will be presented with a personalised interface with
only the services accessible to him displayed.

C01 Users shall communicate with UMIS via the HTML interface over an
Ethernet or WiFi network connection

C02 Users input to UMIS will be via the HTML interface

For the lock control system, the user input shall be a fingerprint image from a
scanning device

C03 UMIS output to the user will be via the HTML interface, email and
print. The print output will be mainly documents which because of copyright
restrictions must be printed and deleted immediately upon receipt. Email
output shall be messages from the system with the possibility of attached
documents. The system shall maintain the confidentiality of messages.

[10 marks]

END OF QUESTION PAPER

/sf

Page 9 of 9
Page 10 of 9