Murphy: a Framework for Identifying Risks for Collaborative Systems During Requirements Engineering


August 2023

Journal Title

Journal ISSN

Volume Title



A risk is an undesirable event that can result in mishaps if not identified early on during requirements engineering adequately. However, requirements engineers may not always be aware if important/critical risks are ignored. For instance, in building a smartphone appli- cation to help blind people navigate indoors, it may not be too evident to the requirements engineer that a blind person may not be able to walk in a straight line, or may not be able to turn at a right angle at the right spot, etc. Similarly, for an Autonomous Vehicle run- ning on the Autodrive System (ADS), it may not be too evident that the driver may ignore instructions from the system or the ADS may not be able to identify obstacles accurately or may not be able to identify any obstacles at all. These are a few examples of many such risks that can occur with collaborative systems, where the (semi-)automated systems and the agents in their environments need to collaborate with each other to achieve the intended goals of the stakeholders. However, identifying risks can be challenging, and there is a lack of systematic risk identification and analysis approaches to identifying risks for collaborative systems. This dissertation presents Murphy and Murphy+G frameworks for identifying and analysing risks. Murphy is an Ontology-based framework that adopts the Reference Model to sys- tematically identify risks by generating a Risk Analysis Graph (RAG). Murphy+G is a goal-oriented framework that extends Murphy Framework for identifying risks, facilitating the requirements for engineers/developers to devise risk-mitigation strategies by adopting the NFR Framework and extending it with the Reference Model to identify risks and perform risk analysis qualitatively. We propose five main technical contributions: 1. The domain-independent, activity-oriented ontology and processes for both Murphy and Murphy+G are presented explicitly for de- scribing categories of essential concepts and relationships and constraints related to agent, action, risk, requirements, specification, domain, etc. The ontology ensures that there are no omissions and commissions of risks. 2. An Augmented Reference Model is obtained by adopting the Reference Model and extending it with risks to perform risk generation and identification. 3. Rules for systematically generating risks and thereby facilitating the devel- opment of risk mitigation strategies later. 4. A Risk Analysis Graph (RAG) shows a bigger picture of all the risks possible for a requirement and its corresponding specification and domain assumptions. 5. The (SIG-PIG)+ RM (Reference Model) graph, which considers NFRs, identifies risks and corresponding mitigation strategies for achieving user goals by us- ing the Reference Model. To see the strengths and weaknesses of Murphy and Murphy+G, we have used the Murphy Assistant tool to identify a set of risks from a requirement. These risks are categorized based on their criticality, and these results are compared against the risks identified by students from team projects. We feel that the proposed framework helps identify the most important and critical risks and devise risk-mitigation strategies for those risks, which would help users to avoid risks to some extent and feel confident about using the system.



Engineering, System Science