In CAIRIS, a requirements specification is analogous to a safety case. In a safety case, a system is only considered safe if its safety goals have been satisfied. In a similar manner, requirements are leaf nodes in a goal tree and satisfying stakeholder needs is only possible if the high-level goals – stipulated by stakeholders – can be satisfied.

We define goals as prescriptive statements of system intent that are achievable by one or more agents. Goals can be refined to requirements, which are achievable by only agent. Goals and requirements may also be operationalised as tasks. Alternatively, we may decide to specify tasks and ask what goals or requirements need to hold in order that a given task can be completed successfully.

To satisfy a goal, one or more sub-goals may need to be satisfied; satisfaction may require satisfying a conjunction of sub-goals, i.e. several AND goals, or a disjunction of sub-goals, i.e. several OR goals.

Goals or requirements may be obstructed by obstacles, which are conditions representing undesired behaviour; these prevent an associated goal from being achieved. By progressively refining obstacles, we can obtain the origin of some undesired behaviour; this may be reflected as a vulnerability or a threat, and contribute to risk analysis.

Adding, updating, and deleting a goal




Goal Modelling

Goal models can be viewed by clicking on the Goal Model toolbar button, and selecting the environment to view the environment for.


By changing the environment name in the environment combo box, the goal model for a different environment can be viewed. The layout of the model can also be replaced by selecting a layout option in the Layout combo box at the foot of the model viewer window.

By clicking on a model element, information about that artifact can be viewed.

Goal models can also be filtered by goal. Applying a filter causes the selected goal to be displayed as the root goal. Consequently, goals are only displayed if they are direct or indirect leafs of the filtered goal.

Goals can also be refined from the goal model, albeit only for the environment being modified. To refine a goal, right-click on the goal in the model viewer, and select And-Goal, or Or-Goal based on the refinement desired. An simplified version of the Add Goal dialog box is displayed and, when all the necessary information has been added, a new goal will be added to the database, complete with the desired refinement. Please note, the model view needs to be refreshed to view the goal. Goals may only be refined to other goals in the model viewer; for anything more elaborate, the usual goal refinement association procedure needs to be followed.

Adding, updating, and deleting an obstacle


Obstacle Modelling

Obstacle models can be viewed by clicking on the Obstacle Model toolbar button, and selecting the environment to view the environment for.


In many ways, the obstacle model is very similar to the goal model. The main differences are goal filtering is not possible, only the obstacle tree is displayed, and obstacles refine to obstacles, as opposed to goals.

Adding, updating, and deleting requirements

Requirements are added and edited using the Requirements Editor in the main CAIRIS window. Each requirement is associated with an asset, or an environment. Requirements associated with assets may specify the asset, constrain the asset, or reference it in some way. Requirements associated with an environment are considered transient, and remain associated with an environment only until appropriate assets are identified.

Requirement history

Every time a requirement is modified, a new version of the requirement is created. To view the requirement history, right click on the requirement to view the Requirement History dialog. This dialog contains the details of each version of the requirement stored in the database.

Searching requirement text

It is possible to search for a requirement with a particular text string, by selecting the Requirement Management/Find menu option, to open the Find Requirement dialog. This Find dialog is very similar to the Find dialog found in many WYSIWYG applications. This search function only works for requirements which are currently loaded in the Requirements editor.

Requirements traceability

Normally requirements traceability is synonymous with adding a goal refinement association but, requirements may also contribute to vulnerabilities (as well as tasks), or be supported by assets or misuse cases. Consequently, requirements can be manually traced to these artifacts in the same manner as tasks.

Requirement association

A requirement associated to an environment can be associated with an asset, or a requirement associated with an asset can be associated with another asset. To re-associate a requirement, right click on the requirement, select Asset re-association, and select the asset to re-associate the requirement with.