Belgian Francqui Chair: Engineering Requirements for Mission-Critical Software Systems


The Computer Science Department of the Vrije Universiteit Brussel is proud to announce the Belgian Francqui Chair which was awarded to Prof. Dr. Axel van Lamsweerde. The Chair consists of six lectures concerning the engineering of requirements for mission-critical systems.


Requirements engineering (RE) embodies a wide range of concerns. The objectives to be achieved by the system-to-be have to be elicited and analyzed within some organizational or physical context; such objectives are to be operationalized into specifications of services, constraints, and assumptions; and the responsibilities for such specifications need to be assigned among the humans, devices, or software components forming the system. Requirements emerge from this process as prescriptive assertions on the software-to-be, formulated in the vocabulary of the environment. Getting high-quality requirements is difficult and critical. The system stakeholders in general have diverse, partial, and often conflicting concerns. Poor requirements have been recurrently recognized to be the major cause of project cost overruns, delivery delays, failure to meet expectations, or severe degradations in the environment controlled by the software. The course overviews a systematic, goal-oriented approach to requirements engineering for high-assurance systems. The target of this approach is a complete, consistent, adequate, and structured set of software requirements and environment assumptions. The approach is model-based and partly relies on the use of formal specifications, when and where needed, for specific kinds of analyses.

The course first introduces basic principles of goal-oriented requirements engineering. Key notions such as “goal”, “requirement”, “domain property”, and “environmental assumption” are defined and related to each other. A multi-view modeling framework is then introduced in the specific context of engineering requirements for complex, large-scale systems. Different kinds of models are used to integrate different kinds of facets of the system-to-be: goals and their refinements; hazards and threats to safety and security goals, respectively; conceptual objects referenced by goals together with their inter-relationships; operations that ensure the goals; agents, their responsibilities, behaviors, and interaction scenarios. The emphasis here is on a method for constructing such multi-view models in a systematic way. Critical model items need to be formalized to enable their formal analysis for higher assurance. We briefly review some rudiments of real-time linear temporal logic for specifying goals, domain properties, hazards, and threats; goal-structured pre-/postconditions for specifying operations; fluents for linking goals to operations; and specification patterns for lightweight specification. The course then presents a variety of formal techniques supporting the following RE-specific tasks:

  • refining goals, operationalizing fine-grained goals, and checking the correctness of refinements;
  • animating goal-oriented models for checking their adequacy;
  • analyzing safety hazards by generating obstacles to goal satisfaction and resolving them;
  • analyzing security threats by generating malicious plans to break security goals, and counter-measures to address these;
  • analyzing conflicts among stakeholder goals, and resolving them;
  • generating agent behavior models inductively from interaction scenarios and goal specifications;
  • assessing alternative goal refinements and responsibility assignments based on quality goals refined in the model.

The presentation will be illustrated through representative examples and tool demonstrations.


Inaugural lecture on Thursday April 26, 04:00 PM. Following lectures on Apr 27, May 3, 4, 10 and 11, 2:00 PM.

More information

The description of the course as well as the main documents are available on the GRASCOMP website, from which you can visit the iCampus course website where you should register to the course. (You will first need to register yourself to the iCampus site, after which you will need to select the appropriate course and register to that.)

The lectures are free of charge, but please register by sending an email to Dirk Deridder. To obtain the participation certificate (2 credits), it’s important to inform the lecturer of your presence.


courses/grascomp035.txt · Last modified: 2007/03/19 18:14 by charles.pecheur