Requirements Engineering Aspects of a Geographically Distributed
Architecture
Maria Spichkova and Heinz Schmidt
RMIT University, Melbourne, Australia
Keywords:
Requirements Engineering, Geographically Distributed Development, Software and Systems Engineering.
Abstract:
We present our ongoing work on requirements specification and analysis for the geographically distributed
software and systems. Developing software and systems within/for different countries or states or even
within/for different organisations means that the requirements to them can differ in each particular case. These
aspects naturally impact on the software architecture and on the development process as a whole. The chal-
lenge is to deal with this diversity in a systematic way, avoiding contradictions and non-compliance. In this
paper, we present a formal framework for the analysis of the requirements diversity, which comes from the
differences in the regulations, laws and cultural aspects for different countries or organisations. The frame-
work also provides the corresponding architectural view and the methods for requirements structuring and
optimisation.
1 INTRODUCTION
Globalisation of the software and systems develop-
ment offer great opportunities for the development
industry. However, they also mean new challenges
coming from the diversity of requirements on dif-
ferent locations, especially in the sense of legal re-
quirements and regulatory compliance. The reasons
for the differences in software and systems require-
ments within different countries, states and organisa-
tions are the cultural and economics diversity, as well
as the diversity in standards, legal regulations and
laws. These challenges have some similarities with
the problems of product customisation and the devel-
opment of product lines, but the core of the architec-
ture requirements is different due the specific nature
of the relations between the requirements for the geo-
graphically and organisationally distributed develop-
ment and application of software.
Requirements engineering (RE), i.e., require-
ments elicitation, evaluation, specification, and de-
sign producing the functional and non-functional re-
quirements, is one of the key disciplines in the soft-
ware development domain. It has a critical impact on
the product’s quality. Requirements-related errors are
often a major cause of the delays in the product de-
livery and development costs overruns, cf. e.g., (van
Lamsweerde, 2008; Pretschner et al., 2007; Rinke and
Weyer, 2007). There are several methodologies on
development of software systems from requirements,
also enclosing CASE tools support, e.g., (Broy and
Slotosch, 2001; H
¨
olzl et al., 2010; Spichkova, 2011;
Spichkova et al., 2012). The RE task is challeng-
ing even in the case of a local (non-distributed) de-
velopment of a product for application within/for a
single country or organisation, i.e. where the sys-
tem acts within an environment with a uniform set
of standards, legal regulations, etc. Thus, in the case
of global development we need to have an approach
that deals the corresponding issues in a systematic
and scalable way. There are several approaches that
check requirements for compliance (Breaux et al.,
2008; Maxwell and Anton, 2009; Siena et al., 2009b)
or ensuring the compliance of the outcomes of busi-
ness processes against outcome-focused regulations
(Yin et al., 2013). We are going a step further, aiming
to cover the RE aspects for the geographically dis-
tributed development and application. To minimise
the overall effort while specifying and also ensuring
required software and system requirements in a global
development context, we elaborated a logical frame-
work. The framework provides methodological struc-
turing the requirements for the geographically dis-
tributed product development and application, as well
as developing of the corresponding global architec-
ture requirements. The purposed approach will help
to analyse the relations between requirements and to
trace requirements’ changes in a global context.
276
Spichkova M. and Schmidt H..
Requirements Engineering Aspects of a Geographically Distributed Architecture.
DOI: 10.5220/0005465802760281
In Proceedings of the 10th International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE-2015), pages 276-281
ISBN: 978-989-758-100-7
Copyright
c
2015 SCITEPRESS (Science and Technology Publications, Lda.)
Outline. The rest of the paper is structured as fol-
lows: Section 2 overviews related work on integration
architecture and RE as well as on regulatory com-
pliance within the field of software engineering. In
Section 3 we present our view on the architectural
dependencies for the requirements for a global de-
velopment and geographically distributed product ap-
plication. In Section 4 we introduce the core ideas
of requirements structuring process and requirements
analysis in a global context. Section 5 concludes the
paper by highlighting the main contributions of the
paper and describing the future work directions.
2 RELATED WORK
Glinz (2007) surveyed the existing definitions of
non-functional requirements (NFR), highlights and
discusses the problems with the current definitions,
and contributes concepts for overcoming these prob-
lems. In our work, we are mainly focusing on NFR in
the sense of legal aspects and regulatory compliance,
also taking into account human factor aspects of the
requirement modelling (Spichkova, 2012).
Integrating Architecture and Requirements En-
gineering. The main purpose of the requirements
specification (RS) is to elicit and to document the
given problem (product/software/system) using con-
cepts from the problem domain, i.e. on the RE phase
we are speaking only on the problem statement. In
contrast to this, the aim of a software architecture
(SA) is to design a draft of the solution for the prob-
lem described in the RS, at a high level of abstrac-
tion. Thus, there are tight interdependencies between
functional/non-functional requirements and architec-
tural elements, which makes the integration of the RE
and architecture crucial (In et al., 2001; Egyed et al.,
2001). The results of the empirical study conducted
by Ferrari and Madhavji (2007) also have shown that
the software architects with the knowledge and expe-
rience on RE perform better, in terms of architectural
quality, than those without these knowledge end ex-
perience.
Nuseibeh (2001) described a spiral model-like de-
velopment cycle of requirements and architecture.
Pohl and Sikora (2007) went further and have pro-
vided methodical guidance for the co-design. An
experience-based approach for integration architec-
ture and RE is presented by Paech et al. (2003).
This approach that supports the elicitation, specifica-
tion and design activity by providing experience in
terms of questionnaires, checklists, architectural pat-
terns and rationale that have been collected in earlier
successful projects and that are presented to develop-
ers to support them in their task.
The REMseS approach (Braun et al., 2014) aims
at supporting RE processes for software-intensive em-
bedded systems. The authors introduced fundamen-
tal principles of the approach and gave a structural
overview over the guide and the tool support.
In contrast to these approaches, our research cov-
ers the regulatory compliance aspects and is oriented
on legal requirements representation and analysis in
the scope of the global software development.
Regulatory Compliance. A survey of efforts to sup-
port the analysis of legal texts in the context of soft-
ware engineering is presented in (Otto and Anton,
2007). The authors discuss the role of law in require-
ments and identify several key elements for any sys-
tem to support the analysis of regulatory texts for re-
quirements specification, system design, and compli-
ance monitoring. Nekvi et al. (2011) also identified
key artefacts, relationships and challenges in the com-
pliance demonstration of the systems requirements
against engineering standards and government regu-
lations, also providing This work provides a basis for
developing compliance meta-model.
Kiyavitskaya et al. (2008) investigated the prob-
lem of designing regulation-compliant systems and,
in particular, the challenges in eliciting and manag-
ing legal requirements. Breaux et al. (2006) reported
on an industry case study in which product require-
ments were specified to comply with the U.S. federal
laws. Maxwell and Anton (2009) performed a case
study using our approach to evaluate the iTrust Medi-
cal Records System requirements for compliance with
the U.S. Health Insurance Portability and Account-
ability Act. Siena et al. (2009a) presented the guiding
rules and a framework for for deriving compliant-by-
construction requirements, also focusing on the U.S.
federal laws.
In contrast to these approaches, our research is ori-
ented on global software development, dealing with
diversity in standards, legal regulations, etc. within
different countries and organisations.
3 GEOGRAPHICALLY
DISTRIBUTED
ARCHITECTURE
Suppose that we have to develop M products (soft-
ware components/systems) P
1
,...,P
M
. We denote the
set of products by P. Each product P
i
, 1 ≤ i ≤ M has
the corresponding set of requirements R
P
i
. However,
RequirementsEngineeringAspectsofaGeographicallyDistributedArchitecture
277
in the case the legal requirements and the regulatory
compliance are taken into account, the set of require-
ments will depend on the regulations and laws of the
country/state the product is developed for.
In the case of global and remote develop-
ment (Spichkova et al., 2013), we have to deal with
cultural and economics diversity, which also has an
influence on the software and system requirements.
Suppose the products P
1
,...,P
M
are developed for
application in N countries C
1
,...,C
N
with the corre-
sponding
• regulations/laws RegulC
1
,...,RegulC
N
and
• cultural/economics, i.e., human factor (Borchers,
2003), influences HFC
1
,...,HFC
N
.
We denote the set of requirements to the product P
i
valid for the country C
j
by R
C
j
P
i
. The complete set of
requirements to the product P
i
is then defined by
R
P
i
=
N
[
j=1
R
C
j
P
i
(1)
The sets of requirements R
P
i
might be different for
each product P
i
in different countries, i.e. R
C
j1
P
i
is not
necessary equal to R
C
j2
P
i
for the case j1 6= j2.
Figure 1 presents the corresponding architectural
dependencies for the requirements based on the regu-
lations and laws of the country C
j
. We divide the set
of requirements R
P
i
in two (disjoint) subsets. For each
of these subsets, we have to distinguish two separate
parts: general and country-specific:
• RL
C
j
P
i
denotes the requirements based or depend-
ing on the regulations and laws, which could
be country/state/organisation-specific. Require-
ments of this kind does not depend on the human
factor related aspects.
RL
C
j
P
i
= RLgeneral
C
j
P
i
∪ RLspeci f ic
C
j
P
i
(2)
RLgeneral
C
1
P
i
= · · · = RLgeneral
C
N
P
i
(3)
• RFN
C
j
P
i
denotes the functional and non-functional
requirements that are independent from the regu-
lations and laws, but may depend on the human
factor related aspects, which could be country-
specific.
RFN
C
j
P
i
= RFNgeneral
C
j
P
i
∪ RFNspeci f ic
C
j
P
i
(4)
RFNgeneral
C
1
P
i
= · · · = RFNgeneral
C
N
P
i
(5)
For simplicity, we denote the general subsets by
RLgeneral
P
i
and RFNgeneral
P
i
respectively.
Cj
RPM
RP1
P
P1
...
RCj
RLCj* RLCj
min
PM
RegulCj
RFNP1 RFNPM
RLCj
RFNgeneralP1
RFNspecificPM
RFNspecificP1
RFNgeneralPM
HFCj
RLP1
RLgeneralP1
RLspecificP1
RLPM
RLgeneralPM
RLspecificPM
Cj
Cj
CjCj
Cj
Cj
Cj
CjCj
Cj
Figure 1: Architectural dependencies for the requirements
based on the regulations and laws of the country C
j
.
Given the set RL
C
j
ALL
be the set of all legal require-
ments of the country C
j
, we can see the set RL
C
j
P
i
as a
projection of RL
C
j
ALL
to the product P
i
:
RL
C
j
P
i
= RL
C
j
ALL
|
P
i
(6)
On this basis, we can say that the set of legal re-
quirements for the country C
j
related to the develop-
ment of products P
1
,...,P
M
is defined as a union over
the corresponding requirements sets:
RL
C
j
=
M
[
i=1
RL
C
j
P
i
(7)
However, it is not efficient to base the requirements
analysis for the geographically distributed develop-
ment on the sets RL
C
j
:
• The sets RegulC
1
,...,RegulC
N
could have a joint
subset Regul of the regulations/laws that are equal
for all countries C
1
,...,C
N
:
Regul = RegulC
1
∩ ··· ∩ RegulC
N
(8)
We denote for each RegulC
j
the corresponding
compliment to Regul (i.e. the country-specific
subset) by RegulC
1
0
= RegulC
1
\ Regul.
It it is important to identify these subsets as well
as the corresponding subsets of RL
C
1
,...,RL
C
N
, as
this helps to trace the RL-requirements’ changes
more efficiently.
ENASE2015-10thInternationalConferenceonEvaluationofNovelSoftwareApproachestoSoftwareEngineering
278
• Some requirements in RL
C
j
can be stronger ver-
sions of another requirements from this set. For
example, if req
1
∈ RL
C
i1
and req
2
∈ RL
C
i2
are not
equal, they both will belong to RL
C
j
, even if req
1
is a refinement of req
2
. In this case, we call
req
2
a weaker version of req
1
and denote it by
req
1
req
2
.
Thus we need to have a structured architecture for the
legal requirements on the products P
1
,...,P
M
. For
this reason we build the corresponding sets RL
C
j
min
and RL
C
j
∗
, where RL
C
j
∗
denotes the strongest set of
legal requirements for the country C
j
(related to the
concrete products development), and RL
min
C
j
denotes
the set of legal requirements that should be fulfilled
by all the products P
1
,...,P
M
developed in the coun-
try C
j
:
RL
C
j
min
= RL
C
j
P
1
∩ ··· ∩ RL
C
j
P
M
(9)
RL
C
j
∗
is an optimisation of RL
C
j
, where all the weaker
versions of the requirements are removed using the
algorithm presented in Section 4.
4 REQUIREMENTS
STRUCTURING AND
ANALYSIS
In our framework, we perform the analysis based
on the optimised views on the requirements sets,
focusing on the regulatory/legal aspects. First of
all, we analyse the sets of relevant regulations
RegulC
1
,...,RegulC
N
. Three cases are possible:
• In the case Regul =
/
0, we have the situation when
the regulations are completely different for all
C
1
,...,C
N
. This also implies that RLgeneral
P
i
=
/
0
for all P
i
, 1 ≤ i ≤ M, i.e., RL
C
j
P
i
= RLspeci f ic
C
j
P
i
.
We have to trace all the sets RLspeci f ic
C
j
P
i
sepa-
rately: changes in RegulC
j
do not influence on the
global development process.
• The regulations are not completely identical for
C
1
,...,C
N
, but Regul 6=
/
0. If we can rely
on the statical nature of this requirements (i.e.
that these requirements do not change over the
time of the development and the application),
it would be beneficial to apply the component-
based development paradigm (Crnkovi
´
c et al.,
2007): the requirements RLgeneral
P
i
or at
least the major part of them should corre-
spond to architectural components(s) that are
separate from the components corresponding to
RLspeci f ic
C
1
P
i
,...,RLspeci f ic
C
N
P
i
. However, if any
of regulations sets RegulC
j
has some changes, this
would influence on the development process as a
whole.
• In the case Regul = RegulC
1
= ··· = RegulC
N
,
we have the situation when the regulations are
completely identical for all C
1
,...,C
N
, which also
means RL
C
j
P
i
= RLgeneral
P
i
. If we can rely on
the statical nature of this requirements, we have
the simplest case for the development process:
we develop a single component (system) from
RLgeneral
P
i
to apply if for all C
1
,...,C
N
.
Thus, RL
C
j
min
is defined on basis of Regul. The
corresponding product-centred view on the architec-
tural dependencies is presented on Figure 2. The al-
gorithm of constructing R
C
j
min
is trivial: we check all
the requirements in R
C
j
P
1
,...,R
C
j
P
M
to find out those ele-
ments, which belong to each of the sets.
Pi
C1
RPi
RPi
CN
RPi
...
RegulC1' RegulCN'
HFC1
HFCN
RLgeneralPi
RNFgeneralPi
Regul
C1 CN
RPi*
RLspecificPi
CN
RNFspecificPi
CN
RLspecificPi
C1
RNFspecificPi
C1
Figure 2: Architectural dependencies for requirements
specified for the product P
i
.
Our approach is based on the ideas of refinement-
based specification and verification. On the formal
level, we need to define which exactly kind of a refine-
ment we mean, e.g., behavioural, interface or condi-
tional refinement (Spichkova, 2008; Broy and Stølen,
2001). However, on the level of the logical architec-
ture and modelling of the dependencies between the
(sets of) requirements, we can abstract from these de-
tails.
In this paper, we present a simplified version of
the optimisation algorithm. It can be applied to build
the set RL
C
j
∗
on the basis of RL
C
j
(cf. Figure 1
for the country-centred view), to build the set R
P
i
∗
(cf. Figure 2 for product-centred view) as well as to
build the strongest global set of requirements R
∗
over
C
1
,...,C
N
(cf. Figure 3). We start the algorithm with
an empty set and build it up iteratively from the ele-
ments of the corresponding set.
RequirementsEngineeringAspectsofaGeographicallyDistributedArchitecture
279
P
P1
...
C1
RP1
RPM...
RC1
RC1* RC1
min
PM
CN
RP1
RPM...
RCN
RCN* RCN
R
R* R
min
min
...
RegulC1 RegulCN
HFC1 HFCN
C1
CN
C1
CN
RP1 RPM
Figure 3: Requirements structuring for the distributed de-
velopment of products P
1
,... ,P
M
.
Step 0: RL
C
j
∗
=
/
0, X = RL
C
j
.
Step 1: If X 6=
/
0, the RL
C
j
∗
is complete, otherwise
choose a requirement req ∈ X:
• If a copy of req already belongs to RL
C
j
∗
or r is
a weaker version of any requirement from RL
C
j
∗
,
the set should not be updated on this iteration:
(req ∈ RL
C
j
∗
∨ ∃y ∈ RL
C
j
∗
: req y) ⇒
RL
C
j
∗
is unchanged
• If r is a stronger version of any requirement(s)
from RL
C
j
∗
, we add r to RL
C
j
∗
and remove all the
weaker requirements:
∃y
1
,...,y
K
∈ RL
C
j
∗
: y
1
req ∧ ··· ∧ y
K
req) ⇒
RL
C
j
∗
= (RL
C
j
∗ ∪ req)\ {y
1
,...,y
k
}
• If r does not belong to RL
C
j
∗
and is neither
weaker nor stronger version of any requirement
from RL
C
j
∗
, we add it to RL
C
j
∗
and proceed the
procedure with the next requirement from RL
C
j
:
(req /∈ RL
C
j
∗
∧
6 ∃y ∈ RL
C
j
∗
: (req y ∨ y req) ⇒
RL
C
j
∗
= (RL
C
j
∗
∪ req)
Step 2: The req element is deleted from the set X:
X = X \ req.
Steps 1 and 2 are then repeated until X =
/
0.
While identifying RL
min
we will analyse which
products’ subcomponents can be build once and then
reused for the whole product set P
1
,...,P
M
. On
this basis, we will have more efficient process for
the global software and systems development, also
having an efficient tracing of requirements changes
that might come from the changes in the regula-
tions and laws for countries C
1
,...,C
N
. For example,
changes in RegulC
1
0
imply changes in RLspeci f ic
1
only, which means that only the country-specific part
of the architectural components for C
1
is affected,
where any changes in Regul might influence the
global architecture.
While identifying RL∗ we will obtain the global
view on the the products’ requirements, which is not
overloaded with the variants of the similar require-
ments, where some requirements are just weaker ver-
sions of other.
5 CONCLUSIONS
This paper introduces our ongoing work on require-
ments specification and analysis for the geographi-
cally distributed software and systems. Developing
software and systems within/for different countries or
states or even within/for different organisations means
that the requirements to them can differ in each partic-
ular case, which naturally impacts on the software ar-
chitecture and on the development process as a whole.
Dealing with this diversity and avoiding contradic-
tions and non-compliance, is a very challenging and
complicated task. A systematic approach is required.
For this reason, we created a formal framework for
the analysis of the software requirements diversity,
which comes from the differences in the regulations
for different countries or organisations. In this paper,
we (i) presented our architectural dependency model
for the requirements on the distributed development
and application, (ii) introduced the core ideas of the
corresponding requirements structuring process and
requirements analysis in a global context. (iii) dis-
cussed the the research and industrial challenges in
this field, as well as discussed our solutions and how
they are related to the existing approaches.
Future Work. In our future work we will investigate
how to extend the presented ideas to the software and
systems development that involves hierarchical de-
pendencies between the sets of regulations/laws. This
could be the case if see the set C
1
,...,C
N
not only as
the set of countries/states, but also as a set of organ-
isations having different internal regulations. Then
we have to deal with hierarchical dependencies with
many levels, e.g., (1) organisational regulations, (2)
state’s regulations and laws, (3) country’s regulations
and laws, where we also need to check which of the
regulations are applicable in each particular case.
ENASE2015-10thInternationalConferenceonEvaluationofNovelSoftwareApproachestoSoftwareEngineering
280
REFERENCES
Borchers, G. (2003). The software engineering impacts
of cultural factors on multi-cultural software develop-
ment teams. In International Conference on Software
Engineering, pages 540–545. IEEE Computer Soci-
ety.
Braun, P., Broy, M., Houdek, F., Kirchmayr, M., Mller,
M., Penzenstadler, B., Pohl, K., and Weyer, T.
(2014). Guiding requirements engineering for
software-intensive embedded systems in the automo-
tive industry. Computer Science - Research and De-
velopment, 29(1):21–43.
Breaux, T., Anton, A., Boucher, K., and Dorfman, M.
(2008). Legal requirements, compliance and practice:
An industry case study in accessibility. In IEEE Conf.
on Requirements Engineering, pages 43–52.
Breaux, T., Vail, M., and Anton, A. (2006). Towards regula-
tory compliance: Extracting rights and obligations to
align requirements with regulations. In IEEE Interna-
tional Conf. on Requirements Engineering, pages 49–
58.
Broy, M. and Slotosch, O. (2001). From requirements to
validated embedded systems. In Henzinger, T. A. and
Kirsch, C. M., editors, Embedded Software, volume
2211 of LNCS, pages 51–65. Springer.
Broy, M. and Stølen, K. (2001). Specification and Develop-
ment of Interactive Systems: Focus on Streams, Inter-
faces, and Refinement. Springer.
Crnkovi
´
c, I., Schmidt, H., Stafford, J., Heineman, G., and
Wallnau, K. (2007). Component-based software engi-
neering of trustworthy embedded systems. Journal of
Systems and Software, 80(5):641–642.
Egyed, A., Grnbacher, P., and Medvidovic, N. (2001). Re-
finement and Evolution Issues in Bridging Require-
ments and Architecture - The CBSP Approach. In
From Software Requirements to Architectures, pages
42–47.
Ferrari, R. and Madhavji, N. (2007). The impact of re-
quirements knowledge and experience on software
architecting: An empirical study. In The Work-
ing IEEE/IFIP Conference on Software Architecture,
pages 16–16.
Glinz, M. (2007). On non-functional requirements. In IEEE
Conf. on Requirements Engineering, pages 21–26.
H
¨
olzl, F., Spichkova, M., and Trachtenherz, D. (2010). Aut-
oFocus Tool Chain. Technical Report TUM-I1021,
TU M
¨
unchen.
In, H., Boehm, B., Rodger, T., and Deutsch, M. (2001). Ap-
plying winwin to quality requirements: a case study.
In Int. Conf. on Software Engineering, pages 555–564.
Kiyavitskaya, N., Krausova, A., and Zannone, N. (2008).
Why eliciting and managing legal requirements is
hard. In Workshop on Requirements Engineering and
Law, pages 26–30.
Maxwell, J. and Anton, A. (2009). Checking existing re-
quirements for compliance with law using a produc-
tion rule model. In Workshop on Requirements Engi-
neering and Law, pages 1–6.
Nekvi, R., Ferrari, R., Berenbach, B., and Madhavji, N.
(2011). Towards a compliance meta-model for system
requirements in contractual projects. In Workshop on
Requirements Engineering and Law, pages 74–77.
Nuseibeh, B. (2001). Weaving together requirements and
architectures. Computer, 34(3):115–117.
Otto, P. and Anton, A. (2007). Addressing legal require-
ments in requirements engineering. In IEEE Conf. on
Requirements Engineering, pages 5–14.
Paech, B., von Knethen, A., Drr, J., Bayer, J., Kerkow,
D., Kolb, R., Trendowicz, A., Punter, T., and Dutoit,
A. (2003). An experience-based approach for inte-
grating architecture and requirements engineering. In
Workshop on Software Requirements to Architectures,
pages 142–149.
Pohl, K. and Sikora, E. (2007). Structuring the co-design of
requirements and architecture. In Requirements Engi-
neering: Foundation for Software Quality, pages 48–
62. Springer.
Pretschner, A., Broy, M., Kruger, I. H., and Stauner, T.
(2007). Software engineering for automotive systems:
A roadmap. In Future of Software Engineering, pages
55–71. IEEE Computer Society.
Rinke, T. and Weyer, T. (2007). Defining reference mod-
els for modelling qualities: How requirements engi-
neering techniques can help. In Sawyer, P., Paech,
B., and Heymans, P., editors, Requirements Engineer-
ing: Foundation for Software Quality, pages 335–340.
Springer.
Siena, A., Perini, A., Susi, A., and Mylopoulos, J. (2009a).
A meta-model for modelling law-compliant require-
ments. In Workshop on Requirements Engineering
and Law, pages 45–51.
Siena, A., Perini, A., Susi, A., and Mylopoulos, J. (2009b).
Towards a framework for law-compliant software re-
quirements. In International Conference on Software
Engineering. Companion Volume, pages 251–254.
Spichkova, M. (2008). Refinement-based verification of
interactive real-time systems. ENTCS, 214(0):131 –
157. BAC-FACS Refinement Workshop.
Spichkova, M. (2011). Architecture: Requirements + De-
composition + Refinement. Softwaretechnik-Trends,
31(4).
Spichkova, M. (2012). Human Factors of Formal Methods.
In IADIS Interfaces and Human Computer Interaction
(IHCI 2012), pages 307–310. IADIS Press.
Spichkova, M., H
¨
olzl, F., and Trachtenherz, D. (2012).
Verified system development with the autofocus tool
chain. In Workshop on Formal Methods in the Devel-
opment of Software, EPTCS, pages 17–24.
Spichkova, M., Schmidt, H., and Peake, I. (2013). From
abstract modelling to remote cyber-physical integra-
tion/interoperability testing. In Improving Systems
and Software Engineering Conference.
van Lamsweerde, A. (2008). Requirements engineering:
From craft to discipline. In International Symposium
on Foundations of Software Engineering, SIGSOFT
’08/FSE-16, pages 238–249. ACM.
Yin, Q., Madhavji, N., and Pattani, M. (2013). Eros: an ap-
proach for ensuring regulatory compliance of process
outcomes. In Workshop on Requirements Engineering
and Law, pages 21–24.
RequirementsEngineeringAspectsofaGeographicallyDistributedArchitecture
281
