John Mylopoulos

• University of Toronto

Goal models of the i* family have been shown to be suitable for concisely representing and analyzing goal variability. In standard i*, goal variability emerges due to the presence of OR-refinements, which describe alternative ways by which stakeholder goals can be fulfilled. On closer inspection, however, variability exists in goal models beyond wh...

New developments on Information Systems (ISs) and especially on Artificial Intelligence (AI) have been posing continuous risks to humans and societies, going beyond problems of security and safety and including many more ethical problems. In this context, ethicality becomes a major requirement for AI systems that prevents them from being biased, ma...

New developments in Information Systems (ISs) and especially in Artificial Intelligence (AI) have been posing continuous risks to humans and societies , going beyond problems of security and safety, and including many more ethical problems. In this context, ethicality becomes a major requirement for AI systems that prevents them from being biased,...

Conceptual modeling plays a central role in planning, designing, developing and maintaining software-intensive systems. One of the goals of conceptual modeling is to enable clear communication among stakeholders involved in said activities. To achieve effective communication, conceptual models must be understood by different people in the same way....

In a world where Artificial Intelligence (AI) is pervasive, humans may feel threatened or at risk by giving up control to machines. In this context, ethicality becomes a major concern to prevent AI systems from being biased, making mistakes, or going rogue. Requirements Engineering (RE) is the research area that can exert a great impact in the deve...

p>Goal models have found important applications in Requirements Engineering as models that relate stakeholder requirements with system or human tasks needed to fulfill them. Often, such task specifications constitute rather idealized plans for requirements fulfillment, where task execution always succeeds. In reality, however, there is always uncertai...

p>Goal models have found important applications in Requirements Engineering as models that relate stakeholder requirements with system or human tasks needed to fulfill them. Often, such task specifications constitute rather idealized plans for requirements fulfillment, where task execution always succeeds. In reality, however, there is always uncertai...

The aim of the research is to semi-automate the process of generating formal specifications from legal contracts in natural language text form. Towards this end, the paper presents a tool, named ContrattoA, that semi-automatically conducts semantic annotation of legal contract text using an ontology for legal contracts. ContrattoA was developed thr...

The opportunity to automate and monitor the execution of legal contracts is gaining increasing interest in Business and Academia, thanks to the advent of smart contracts, blockchain technologies and the Internet of Things. A critical issue in developing smart contract systems is the formalization of legal contracts, which are traditionally expresse...

RCIS 2022 (16th International Conference on Research Challenges in Information Science)

Legal contracts have been used for millennia to conduct business transactions world-wide. Such contracts are expressed in natural language, and usually come in written form. We are interested in producing formal specifications from such legal text that can be used to formally analyze contracts, also serve as launching pad for generating smart contr...

Goal models have been a popular subject of study by researchers in requirements engineering, due to their ability to capture and analyze alternative solutions through which a software system can achieve business objectives. A plethora of analysis methods for automated identification of optimal alternatives have been proposed. However, such methods...

The advent of socio-technical, cyber-physical and Artificial Intelligence (AI) systems has broadened the scope of requirements engineering which must now deal with new classes of requirements, concerning ethics, privacy and trust. Unfortunately, requirements engineers cannot be expected to understand the qualities behind these new classes of system...

The Requirements Engineering (RE) process starts with initial requirements elicited from stakeholders—however conflicting, unattainable, incomplete and ambiguous—and successively refines them until a consistent, complete, valid, and unambiguous specification is reached. This is achieved by balancing stakeholders’ viewpoints and preferences to reach...

Privacy has emerged as a key concern for companies that deal with Personal Information (PI) since they need to comply with certain privacy requirements. Unfortunately, these requirements are often incomplete or inaccurate due to the vagueness of the privacy concept. This paper tries to tackle this problem, contributing to the philosophical foundati...

The advent of socio-technical, cyber-physical and artificial intelligence systems has broadened the scope of requirements engineering, which must now deal with new classes of requirements, concerning ethics, privacy and trust. This brings new challenges to Requirements Engineering, in particular regarding the understanding of the non-functional req...

Nowadays, most enterprises collect, store, and manage personal information of customers to deliver their services. In such a setting, privacy has emerged as a key concern since companies often neglect or even misuse personal data. In response to multiple massive breaches of personal data, governments around the world have enacted laws and regulatio...

Smart contracts are software systems that partially automate, monitor and control the execution of legal contracts. The requirements of such systems consist of a formal specification of the legal contract whose execution is to be monitored and controlled. Legal contracts are always available as text expressed in natural language. We have been worki...

Telos is a conceptual modeling language intended to capture software knowledge, such as software system requirements, domain knowledge, architectures, design decisions and more. To accomplish this, Telos was designed to be extensible in the sense that the concepts used to capture software knowledge can be defined in the language itself, instead of...

Privacy has emerged as a key concern for business and social computing as security breaches have compromised personal data for millions. Despite this, much of existing work on privacy requirements deal with them as a special case of security requirements, thereby missing essential traits of such requirements. In this context, wrong design decisions...

We are interested in semi-automating the process of generating a formal specification from a legal contract in natural language text form. Towards this end, we present a tool, named ContracT, that annotates legal contract text using an ontology for legal contracts. In the last part of the paper, we present results from a preliminary empirical evalu...

The Requirements Engineering (RE) process starts with initial requirements elicited from stakeholders – however conflicting, unattainable, incomplete and ambiguous – and iteratively refines them into a specification that is consistent, complete, valid and unambiguous. We propose a novel RE process in the form of a calculus where the process is envi...

The advent of Artificial Intelligence (AI) technologies has made it possible to build systems that diagnose a patient, decide on a loan application, drive a car, or kill an adversary in combat. Such systems signal a new era where software-intensive systems perform tasks that were performed in the past only by humans because they require judgement t...

The advent of Artificial Intelligence (AI) technologies has made it possible to build systems that diagnose a patient, decide on a loan application, drive a car, or kill an adversary in combat. Such systems signal a new era where software-intensive systems perform tasks that were performed in the past only by humans because they require judgement t...

In their daily practice, most enterprises collect, store, and manage personal information for customers in order to deliver their services. In such a setting, privacy has emerged as a key concern as companies often neglect or even misuse personal data. In response to this, governments around the world have enacted laws and regulations for privacy p...

AI systems that offer social services, such as healthcare services for patients, driving for travellers and war services for the military need to abide by ethical and professional principles and codes that apply for the services being offered. We propose to adopt Requirements Engineering (RE) techniques developed over decades for software systems i...

AI systems that offer social services, such as healthcare services for patients, driving for travellers and war services for the military need to abide by ethical and professional principles and codes that apply for the services being offered. We propose to adopt Requirements Engineering (RE) techniques developed over decades for software systems i...

This paper contributes to the philosophical foundations of conceptual modeling by addressing a number of foundational questions such as: What is a conceptual model? Among models used in computer science, which are conceptual , and which are not? How are conceptual models different from other models used in the Sciences and Engineering? The paper ta...

Over the last two decades, much attention has been paid to the area of goal-oriented requirements engineering (GORE), where goals are used as a useful conceptualization to elicit, model, and analyze requirements, capturing alternatives and conflicts. Goal modeling has been adapted and applied to many sub-topics within requirements engineering (RE)...

In recent years, there has been a growing interest in modeling value in the context of Enterprise Architecture, which has been driven by a need to align the vision and strategic goals of an enterprise with its business architecture. Nevertheless, the current literature shows that the concept of value is conceptually complex and still causes a lot o...

Gamification is increasingly applied to engage people in performing tool-supported collaborative tasks. From previous experiences we learned that available gamification guidelines are not sufficient, and more importantly that motivational and acceptance aspects need to be considered when designing gamified software applications. To understand them,...

This paper is dedicated to Nicola Guarino, on the occasion of his 65th birthday. Nicola has made seminal contributions to Conceptual Modeling that include some of the greatest advances in this field of research over the past thirty years.The main objective of this paper is to present some of Nicola’s contributions and highlight their importance to...

Nowadays, most companies need to collect, store, and manage personal information in order to deliver their services. Accordingly, privacy has emerged as a key concern for these companies since they need to comply with privacy laws and regulations. To deal with them properly, such privacy concerns should be considered since the early phases of syste...

Security has been a growing concern for large organizations, especially financial and governmental institutions, as security breaches in the systems they depend on have repeatedly resulted in billions of dollars in losses per year, and this cost is on the rise. A primary reason for these breaches is that the systems in question are “socio-technical...

Risk analysis is traditionally accepted as a complex and critical activity in various contexts, such as strategic planning and software development. Given its complexity, several modeling approaches have been proposed to help analysts in representing and analyzing risks. Naturally, having a clear understanding of the nature of risk is fundamental f...

It is widely recognized that accurately identifying and classifying competitors is a challenge for many companies and entrepreneurs. Nonetheless, it is a paramount activity which provide valuable insights that affect a wide range of strategic decisions. One of the main challenges in competitor identification lies in the complex nature of the compet...

Many business processes (BPs) involving critical decision-making activities require good-quality information for their successful enactment. Despite this fact, existing BP approaches focus on control flow and ignore the complementary information perspective, or simply treat it as a technical issue, rather than a social and organizational one. To ta...

Self-adaptive software systems monitor their operation and adapt when their requirements fail due to unexpected phenomena in their environment. This article examines the case where the environment changes dynamically over time and the chosen adaptation has to take into account such changes. In control theory, this type of adaptation is known as Mod...

Laws and regulations impact the design of software systems, as they introduce new requirements and constrain existing ones. The analysis of a software system and the degree to which it complies with applicable laws can be greatly facilitated by models of applicable laws. However, laws are inherently voluminous, often consisting of hundreds of pages...

It is widely recognized that accurately identifying competitors is a challenge for many companies and entrepreneurs. It is one that they cannot escape from, as failing to do so is a recipe for problems. Amongst other factors, competitor identification is challenging because of the complex nature of the competitive relationships that arise in busine...

Context and motivation] Gamification is increasingly applied to engage people in performing tool-supported collaborative tasks. Previous experiences demonstrated that: i) available gamification guidelines are not sufficient; ii) motivational and acceptance aspects need to be considered; iii) stakeholders need to be involved in the design. [Question...

Privacy has been frequently identified as a main concern for systems that deal with personal information. However, much of existing work on privacy requirements deals with them as a special case of security requirements, thereby overlooking key aspects of privacy. In this paper, we address this problem by proposing an ontology for privacy requireme...

Indicator-based management enables decision makers to make decisions based on quantitative measures. This approach has been successfully applied in multiple domains beyond traditional business-related ones, including Education, Healthcare, and Smart Cities, among others. Yet, it remains a difficult and errorprone task to find suitable Key Performan...

In competitive markets, companies need well-designed business strategies if they seek to grow and obtain sustainable competitive advantage. At the core of a successful business strategy there is a carefully crafted value proposition, which ultimately defines what a company delivers to its customers. Despite their widely recognized importance, there...

The success of software systems highly depends on user engagement. Thus, to deliver engaging systems, software has to be designed carefully taking into account Acceptance Requirements, such as " 70% of users will use the system " , and the psychological factors that could influence users to use the system. Analysis can then consider mechanisms that...

Laws and regulations impact the design of software systems, as they may introduce additional requirements and possible conflicts with pre-existing requirements. We propose a systematic, tool-supported process for establishing compliance of a software system with a given law. The process elicits new requirements from the law, compares them with exis...

Gamification is a powerful paradigm and a set of best practices used to motivate people carrying out a variety of ICT–mediated tasks. Designing gamification solutions and applying them to a given ICT system is a complex and expensive process (in time, competences and money) as software engineers have to cope with heterogeneous stakeholder requireme...

Developing and analyzing business strategies is a very important and complex task, for which many theories have been developed. A core component within these strategies is the value proposition, a concept whose meaning has little agreement, despite of its increasingly wide adoption. This semantic issue leads to multiple interpretations and misuse b...

Key Performance Indicators (KPI) measure the performance of an enterprise relative to its objectives thereby enabling corrective action where there are deviations. In current practice, KPIs are manually integrated within dashboards and scorecards used by decision makers. This practice entails various shortcomings. First, KPIs are not related to the...

We present the GaiusT 2.0 framework for annotating legal documents. The framework was designed and implemented as a web-based system to semi-automate the extraction of legal concepts from text. In requirements analysis these concepts can be used to identify requirements a software system has to fulfil to comply with a law or regulation. The analysi...

We present the GaiusT 2.0 framework for annotating legal documents. The framework was designed and implemented as a web-based system to semi-automate the extraction of legal concepts from text. In requirements analysis these concepts can be used to identify requirements a software system has to fulfil to comply with a law or regulation. The analysi...

Privacy has been frequently identified as a main concern for system developers while dealing with/managing personal information. Despite this, most existing work on privacy requirements deals with them as a special case of security requirements. Therefore, key aspects of privacy are, usually, overlooked. In this context, wrong design decisions migh...

Semantic annotation technologies support the extraction of legal concepts, for example rights and obligations, from legal documents. For software engineers, the final goal is to identify compliance requirements a software system has to fulfill in order to comply with a law or regulation. That implies analyzing and annotating legal documents in pres...

Laws and regulations impact the design of software systems, as they introduce new requirements and constraint existing ones. The analysis of a software system and the degree to which it complies with applicable laws can be greatly facilitated by models of applicable laws. However, laws are inherently voluminous, often consisting of hundreds of page...

Imperative process languages, such as BPMN, describe business processes in terms of collections of activities and control flows among them. Despite their popularity, such languages remain useful mostly for structured processes whose flow of activities is well-known and does not vary greatly. For unstructured processes, on the other hand, the verdic...

Laws and regulations impact the design of software systems, as they introduce new requirements and constrain existing ones. The analysis of a software system and the degree to which it complies with applicable laws can be greatly facilitated by models of applicable laws. However, laws are inherently voluminous, often consisting of hundreds of pages...

Business strategies aim to operationalize an enterprise’s mission and visions by defining initiatives and choosing among alternative courses of action through some form of strategic analysis. However, existing analysis techniques (e.g., SWOT analysis, Five Forces Model) are invariably informal and sketchy, in sharp contrast to the formal and algori...

Key Performance Indicators (KPIs) operationalize ambiguous enterprise goals into quantified variables with clear thresholds. Their usefulness has been established in multiple domains yet it remains a difficult and error-prone task to find suitable KPIs for a given strategic goal. A careful analysis of the literature on both strategic modeling, plan...

Enterprise models are useful managerial tools for decision making and control, supporting the planning and design of enterprise strategic objectives as well as day-to-day operations. Although much research on the topic has been carried out since the 80s, most approaches offer rudimentary support for the representation of goal-related concepts, focu...

We live in the days of social software where social interactions, from simple notifications to complex business processes , are supported by software platforms such as Facebook and Twitter. But for any social software to be successful, it must be used by a sizeable portion of its intended user community. Usage requirements are usually referred to a...

Risks of software projects are often ignored and risk analysis is left for later stages of project life-cycle, resulting in serious financial losses. This paper proposes a goal-oriented risk analysis framework that includes inter-dependencies among treatments and risks in terms of likelihood and generate optimal solutions with respect to multiple o...

Users increasingly depend on mobile applications to get access to software services, social networks, and physical devices. When using mobile applications, users often want to achieve personal goals rather than merely perform individual tasks. To achieve a goal, a user often needs to combine software services, social cooperation, and possibly manua...

The requirements elicited from stakeholders suffer from various afflictions , including informality, vagueness, incompleteness, ambiguity, inconsistencies , and more. It is the task of the requirements engineering process to derive from these a formal specification that truly captures stakeholder needs. The Desiree requirements engineering framewor...

Self-adaptive software systems monitor their operation and adapt when their requirements fail due to unexpected phenomena in their environment. This paper examines the case where the environment changes dynamically over time and the chosen adaptation has to take into account such changes. In control theory, this type of adaptation is known as Model...

The requirements elicited from stakeholders are typically informal, incomplete, ambiguous, and inconsistent. It is the task of Requirements Engineering to transform them into an eligible (formal, sufficiently complete, unambiguous, consistent, modifiable and traceable) requirements specification of functions and qualities that the system-to-be need...

The requirements elicited from stakeholders suffer from various afflictions, including informality, incompleteness, ambiguity, vagueness, inconsistencies, and more. It is the task of requirements engineering (RE) processes to derive from these an eligible (formal, complete enough, unambiguous, consistent, measurable, satisfiable, modifiable and tra...

Root cause analysis for software systems is a challenging diagnostic task owing to the complex interactions between system components, the sheer volume of logged data, and the often partial and incomplete information available for root cause analysis purposes. This diagnostic task is usually performed by human experts who create mental models of th...

Analyzing security from an attacker's perspective has been accepted as an effective approach for dealing with security requirements for complex systems. However, there is no systematic approach for constructing attack scenarios. As a result, the completeness of the derived attack scenarios is subject to the expertise of analysts. In this paper, we...

The i* Framework, facilitating goal-oriented information systems modeling, has received much attention in research since its introduction. As the i* and related frameworks (e.g., GRL and Tropos) have been in existence for more than 20 years, researchers around the world have accumulated experience in teaching such languages, at both the undergradua...

Variability is essential for adaptive software systems, because it captures the space of alternative adaptations a system is capable of when it needs to adapt. In this work, we propose to capture variability for an adaptation space in terms of a three dimensional model. The first dimension captures requirements through goals and reflects all possib...

In this paper, we report on our experience in teaching conceptual modeling at a master-level course at the University of Trento. We use our experiences to argue that systematic model analysis is an important factor that influences learning and understanding of conceptual modeling techniques. In particular, we have observed this effect with the i* g...

Business strategies are intended to guide a company across the mine fields of competitive markets through the fulfilment of strategic objectives. The design of a business strategy generally considers a SWOT operating context consisting of inherent Strengths (S) and Weaknesses (W) of a company, as well as external Opportunities (O) and potential Thr...

Self-adaptive software systems are designed to support a number of alternative solutions for fulfilling their requirements. These define an adaptation space. During operation, a self-adaptive system monitors its performance and when it finds that its requirements are not fulfilled, searches its adaptation space to select a best adaptation. Two majo...

The ever-growing complexity of systems makes their protection more challenging, as a single vulnerability or exposure of any component of the system can lead to serious security breaches. This problem is exacerbated by the fact that the system development community has not kept up with advances in attack knowledge. In this demo paper, we propose a...

Protecting socio-technical systems is a challenging task, as a single vulnerability or exposure of any component of the systems can lead to serious security breaches. This problem is exacerbated by the fact that the system development community has not kept up with advances in attack tactics. In this paper, we present ongoing research on the develo...

A business process is above all else a social interaction among multiple participants. Business process modeling languages support the description of business processes in operational terms as collections of interleaved activities conducted by human and software agents. However, such descriptions do not capture adequately the richness of social int...

Requirements-driven approaches provide an effective mechanism for self-adaptive systems by reasoning over their runtime requirements models to make adaptation decisions. However, such approaches usually assume that the relations among alternative system configurations, environmental parameters and requirements are clearly understood, which is often...

A business process is first and foremost a social interaction among multiple participants. Business process modeling languages support the description of business processes in operational terms, as collections of interleaved activities conducted by human and software agents. However, such descriptions do not capture adequately the richness of socia...

Goal models have proven useful for capturing, understanding, and communicating requirements during early stages of software development. However, the utility of goal models is greatly enhanced when they can be exploited during downstream stages of the requirements analysis process (e.g. requirements elaboration, validation, planning), and can be us...