The process to build the requirements has been as follows:

  • The international regulation on air transportation security has been analysed and the conerned agents have been interviewed all across Europe: pilots, people responsible for airport security and security managers from airline companies, delegates of the cabin attendants, authorities, sky marshals, ... A first requirements model has been built according to those collected data; the model describes the security objectives to be reached, how they are implemented and who is responsible for achieving them.
  • A second model identifies a set of threats on air transportation security. Those threats aim to jeopardise the security goals of the first model by exploiting potential vulnerabilities in the current security systems.
  • A third model has been elaborated on top of the two first ones in order to identify how SAFEE can provide progress to more air transportation security.
  • These three models have provided raw material to elicit a first set of stakeholder requirements.

Then a second modelling phase has been started. This phase has focused on the TARMS subsystem for which Respect-IT was responsible with Onera. The work has mainly consisted in identifiying the goals to be assigned to TARMS in order to satisfy the stakeholder requirements. Simultaneously, the model has been used to highlight the expectations on the other subsystems, which TARMS needs to fulfil its mission. The elication of these expectations has allowed the teams responsible for the other subsystem to make the interfaces between subsystems more precise: some expectations on some subsystems have been shifted to other subsystems; other expectations have been postponed to a later version, and other ones have been modified because they cannot be implemented.
Besides the goals and responsibilities, the requirements model for the TARMS system contains also conceptual modelling of the domain and of TARMS (object model).

The requirements document derived from the model follows the IEEE-830 standard for requirements documents. A glossary derived from the object model is included as well as (i) the goals to achieve from the most abstract level to the most concrete one, that is, requirements and expectations on the subsystems, (ii) the responsibilities assigned to each subsystem, (iii) the conceptual model for the domain and the system (actually a first system architecture based on the problem statement), and (iv) a definition of the interfaces between the subsystems in terms of controlled and monitored objects.

The resulting model contains about 1400 concepts:

  • 25 agents (grouped according to a hierarchy of roles)
  • about 100 objects
  • about 500 objectives (150 at the user level, 350 for TARMS appearing in 45 diagrams)
  • about 300 threats (anti-goals and vulnerabilities), 150 requirements on TARMS and 300 expectations on the other susbsystems.

The requirements document for TARMS has been generated from the Objectiver tool and is 200 pages long, of wihch 8 pages are dedicated to the glossary.