23,460 research outputs found

    Testing in the incremental design and development of complex products

    Get PDF
    Testing is an important aspect of design and development which consumes significant time and resource in many companies. However, it has received less research attention than many other activities in product development, and especially, very few publications report empirical studies of engineering testing. Such studies are needed to establish the importance of testing and inform the development of pragmatic support methods. This paper combines insights from literature study with findings from three empirical studies of testing. The case studies concern incrementally developed complex products in the automotive domain. A description of testing practice as observed in these studies is provided, confirming that testing activities are used for multiple purposes depending on the context, and are intertwined with design from start to finish of the development process, not done after it as many models depict. Descriptive process models are developed to indicate some of the key insights, and opportunities for further research are suggested

    A model-driven method for the systematic literature review of qualitative empirical research

    Get PDF
    This paper explores a model-driven method for systematic literature reviews (SLRs), for use where the empirical studies found in the literature search are based on qualitative research. SLRs are an important component of the evidence-based practice (EBP) paradigm, which is receiving increasing attention in information systems (IS) but has not yet been widely-adopted. We illustrate the model-driven approach to SLRs via an example focused on the use of BPMN (Business Process Modelling Notation) in organizations. We discuss in detail the process followed in using the model-driven SLR method, and show how it is based on a hermeneutic cycle of reading and interpreting, in order to develop and refine a model which synthesizes the research findings of previous qualitative studies. This study can serve as an exemplar for other researchers wishing to carry out model-driven SLRs. We conclude with our reflections on the method and some suggestions for further researc

    ERIGrid Holistic Test Description for Validating Cyber-Physical Energy Systems

    Get PDF
    Smart energy solutions aim to modify and optimise the operation of existing energy infrastructure. Such cyber-physical technology must be mature before deployment to the actual infrastructure, and competitive solutions will have to be compliant to standards still under development. Achieving this technology readiness and harmonisation requires reproducible experiments and appropriately realistic testing environments. Such testbeds for multi-domain cyber-physical experiments are complex in and of themselves. This work addresses a method for the scoping and design of experiments where both testbed and solution each require detailed expertise. This empirical work first revisited present test description approaches, developed a newdescription method for cyber-physical energy systems testing, and matured it by means of user involvement. The new Holistic Test Description (HTD) method facilitates the conception, deconstruction and reproduction of complex experimental designs in the domains of cyber-physical energy systems. This work develops the background and motivation, offers a guideline and examples to the proposed approach, and summarises experience from three years of its application.This work received funding in the European Community’s Horizon 2020 Program (H2020/2014–2020) under project “ERIGrid” (Grant Agreement No. 654113)

    A Model-Driven Method for the Systematic Literature Review of Qualitative Empirical Research

    Get PDF
    This paper explores a new model-driven method for systematic literature reviews (SLRs), for use where the empirical studies found in the literature search are based on qualitative research. SLRs are an important component of the evidence-based practice (EBP) paradigm, which is receiving increasing attention in information systems (IS) but has not yet been widely-adopted. We illustrate the model-driven approach to SLRs via an example focused on the use of BPMN (Business Process Modelling Notation) in organizations. We discuss in detail the process followed in using the model-driven SLR method, and show how it is based on a hermeneutic cycle of reading and interpreting, in order to develop and refine a model which synthesizes the research findings of qualitative studies. This study can serve as an exemplar for other researchers wishing to carry out model-driven SLRs. We conclude with our reflections on the method and some suggestions for further research

    Development of Secure Software : Rationale, Standards and Practices

    Get PDF
    The society is run by software. Electronic processing of personal and financial data forms the core of nearly all societal and economic activities, and concerns every aspect of life. Software systems are used to store, transfer and process this vital data. The systems are further interfaced by other systems, forming complex networks of data stores and processing entities.This data requires protection from misuse, whether accidental or intentional. Elaborate and extensive security mechanisms are built around the protected information assets. These mechanisms cover every aspect of security, from physical surroundings and people to data classification schemes, access control, identity management, and various forms of encryption. Despite the extensive information security effort, repeated security incidents keep compromising our financial assets, intellectual property, and privacy. In addition to the direct and indirect cost, they erode the trust in the very foundation of information security: availability, integrity, and confidentiality of our data. Lawmakers at various national and international levels have reacted by creating a growing body of regulation to establish a baseline for information security. Increased awareness of information security issues has led to extend this regulation to one of the core issues in secure data processing: security of the software itself. Information security contains many aspects. It is generally classified into organizational security, infrastructure security, and application security. Within application security, the various security engineering processes and techniques utilized at development time form the discipline of software security engineering. The aim of these security activities is to address the software-induced risk toward the organization, reduce the security incidents and thereby lower the lifetime cost of the software. Software security engineering manages the software risk by implementing various security controls right into the software, and by providing security assurance for the existence of these controls by verification and validation. A software development process has typically several objectives, of which security may form only a part. When security is not expressly prioritized, the development organizations have a tendency to direct their resources to the primary requirements. While producing short-term cost and time savings, the increased software risk, induced by a lack of security and assurance engineering, will have to be mitigated by other means. In addition to increasing the lifetime cost of software, unmitigated or even unidentified risk has an increased chance of being exploited and cause other software issues. This dissertation concerns security engineering in agile software development. The aim of the research is to find ways to produce secure software through the introduction of security engineering into the agile software development processes. Security engineering processes are derived from extant literature, industry practices, and several national and international standards. The standardized requirements for software security are traced to their origins in the late 1960s, and the alignment of the software engineering and security engineering objectives followed from their original challenges to the current agile software development methods. The research provides direct solutions to the formation of security objectives in software development, and to the methods used to achieve them. It also identifies and addresses several issues and challenges found in the integration of these activities into the development processes, providing directly applicable and clearly stated solutions for practical security engineering problems. The research found the practices and principles promoted by agile and lean software development methods to be compatible with many security engineering activities. Automated, tool-based processes and the drive for efficiency and improved software quality were found to directly support the security engineering techniques and objectives. Several new ways to integrate software engineering into agile software development processes were identified. Ways to integrate security assurance into the development process were also found, in the form of security documentation, analyses, and reviews. Assurance artifacts can be used to improve software design and enhance quality assurance. In contrast, detached security engineering processes may create security assurance that serves only purposes external to the software processes. The results provide direct benefits to all software stakeholders, from the developers and customers to the end users. Security awareness is the key to more secure software. Awareness creates a demand for security, and the demand gives software developers the concrete objectives and the rationale for the security work. This also creates a demand for new security tools, processes and controls to improve the efficiency and effectiveness of software security engineering. At first, this demand is created by increased security regulation. The main pressure for change will emanate from the people and organizations utilizing the software: security is a mandatory requirement, and software must provide it. This dissertation addresses these new challenges. Software security continues to gain importance, prompting for new solutions and research.Ohjelmistot ovat keskeinen osa yhteiskuntamme perusinfrastruktuuria. MerkittÀvÀ osa sosiaalisesta ja taloudellisesta toiminnastamme perustuu tiedon sÀhköiseen kÀsittelyyn, varastointiin ja siirtoon. NÀitÀ tehtÀviÀ suorittamaan on kehitetty merkittÀvÀ joukko ohjelmistoja, jotka muodostavat mutkikkaita tiedon yhteiskÀytön mahdollistavia verkostoja. Tiedon suojaamiseksi sen ympÀrille on kehitetty lukuisia suojamekanismeja, joiden tarkoituksena on estÀÀ tiedon vÀÀrinkÀyttö, oli se sitten tahatonta tai tahallista. Suojausmekanismit koskevat paitsi ohjelmistoja, myös niiden kÀyttöympÀristöjÀ ja kÀyttÀjiÀ sekÀ itse kÀsiteltÀvÀÀ tietoa: nÀitÀ mekanismeja ovat esimerkiksi tietoluokittelut, tietoon pÀÀsyn rajaaminen, kÀyttÀjÀidentiteettien hallinta sekÀ salaustekniikat. Suojaustoimista huolimatta tietoturvaloukkaukset vaarantavat sekÀ liiketoiminnan ja yhteiskunnan strategisia tietovarantoj ettÀ henkilökohtaisia tietojamme. Taloudellisten menetysten lisÀksi hyökkÀykset murentavat luottamusta tietoturvan kulmakiviin: tiedon luottamuksellisuuteen, luotettavuuteen ja sen saatavuuteen. NÀiden tietoturvan perustusten suojaamiseksi on laadittu kasvava mÀÀrÀ tietoturvaa koskevia sÀÀdöksiÀ, jotka mÀÀrittÀvÀt tietoturvan perustason. LisÀÀntyneen tietoturvatietoisuuden ansiosta uusi sÀÀnnöstö on ulotettu koskemaan myös turvatun tietojenkÀsittelyn ydintÀ,ohjelmistokehitystÀ. Tietoturva koostuu useista osa-alueista. NÀitÀ ovat organisaatiotason tietoturvakÀytÀnnöt, tietojenkÀsittelyinfrastruktuurin tietoturva, sekÀ tÀmÀn tutkimuksen kannalta keskeisenÀ osana ohjelmistojen tietoturva. TÀhÀn osaalueeseen sisÀltyvÀt ohjelmistojen kehittÀmisen aikana kÀytettÀvÀt tietoturvatekniikat ja -prosessit. Tarkoituksena on vÀhentÀÀ ohjelmistojen organisaatioille aiheuttamia riskejÀ, tai poistaa ne kokonaan. Ohjelmistokehityksen tietoturva pyrkii pienentÀmÀÀn ohjelmistojen elinkaarikustannuksia mÀÀrittÀmÀllÀ ja toteuttamalla tietoturvakontrolleja suoraan ohjelmistoon itseensÀ. LisÀksi kontrollien toimivuus ja tehokkuus osoitetaan erillisten verifiointija validointimenetelmien avulla. TÀmÀ vÀitöskirjatutkimus keskittyy tietoturvatyöhön osana iteratiivista ja inkrementaalista ns. ketterÀÀ (agile) ohjelmistokehitystÀ. Tutkimuksen tavoitteena on löytÀÀ uusia tapoja tuottaa tietoturvallisia ohjelmistoja liittÀmÀllÀ tietoturvatyö kiinteÀksi osaksi ohjelmistokehityksen prosesseja. Tietoturvatyön prosessit on johdettu alan tieteellisestÀ ja teknillisestÀ kirjallisuudesta, ohjelmistokehitystyön vallitsevista kÀytÀnnöistÀ sekÀ kansallisista ja kansainvÀlisistÀ tietoturvastandardeista. Standardoitujen tietoturvavaatimusten kehitystÀ on seurattu aina niiden alkuajoilta 1960-luvulta lÀhtien, liittÀen ne ohjelmistokehityksen tavoitteiden ja haasteiden kehitykseen: nykyaikaan ja ketterien menetelmien valtakauteen saakka. Tutkimuksessa esitetÀÀn konkreettisia ratkaisuja ohjelmistokehityksen tietoturvatyön tavoitteiden asettamiseen ja niiden saavuttamiseen. Tutkimuksessa myös tunnistetaan ongelmia ja haasteita tietoturvatyön ja ohjelmistokehityksen menetelmien yhdistÀmisessÀ, joiden ratkaisemiseksi tarjotaan toimintaohjeita ja -vaihtoehtoja. Tutkimuksen perusteella iteratiivisen ja inkrementaalisen ohjelmistokehityksen kÀytÀntöjen ja periaatteiden yhteensovittaminen tietoturvatyön toimintojen kanssa parantaa ohjelmistojen laatua ja tietoturvaa, alentaen tÀten kustannuksia koko ohjelmiston yllÀpitoelinkaaren aikana. Ohjelmistokehitystyön automatisointi, työkaluihin pohjautuvat prosessit ja pyrkimys tehokkuuteen sekÀ korkeaan laatuun ovat suoraan yhtenevÀt tietoturvatyön menetelmien ja tavoitteiden kanssa. Tutkimuksessa tunnistettiin useita uusia tapoja yhdistÀÀ ohjelmistokehitys ja tietoturvatyö. LisÀksi on löydetty tapoja kÀyttÀÀ dokumentointiin, analyyseihin ja katselmointeihin perustuvaa tietoturvan todentamiseen tuotettavaa materiaalia osana ohjelmistojen suunnittelua ja laadunvarmistusta. ErillisinÀ nÀmÀ prosessit johtavat tilanteeseen, jossa tietoturvamateriaalia hyödynnetÀÀn pelkÀstÀÀn ohjelmistokehityksen ulkopuolisiin tarpeisiin. Tutkimustulokset hyödyttÀvÀt kaikkia sidosryhmiÀ ohjelmistojen kehittÀjistÀ niiden tilaajiin ja loppukÀyttÀjiin. Ohjelmistojen tietoturvatyö perustuu tietoon ja koulutukseen. Tieto puolestaan lisÀÀ kysyntÀÀ, joka luo tietoturvatyölle konkreettiset tavoitteet ja perustelut jo ohjelmistokehitysvaiheessa. Tietoturvatyön painopiste siirtyy torjunnasta ja vahinkojen korjauksesta kohti vahinkojen rakenteellista ehkÀisyÀ. KysyntÀ luo tarpeen myös uusille työkaluille, prosesseille ja tekniikoille, joilla lisÀtÀÀn tietoturvatyön tehokkuutta ja vaikuttavuutta. TÀllÀ hetkellÀ kysyntÀÀ luovat lÀhinnÀ lisÀÀntyneet tietoturvaa koskevat sÀÀdökset. PÀÀosa muutostarpeesta syntyy kuitenkin ohjelmistojen tilaajien ja kÀyttÀjien vaatimuksista: ohjelmistojen tietoturvakyvykkyyden taloudellinen merkitys kasvaa. Tietoturvan tÀrkeys tulee korostumaan entisestÀÀn, lisÀten tarvetta tietoturvatyölle ja tutkimukselle myös tulevaisuudessa

    New Product Development Processes for IOT-Enabled Home Use Medical Devices: A Systematic Review

    Get PDF
    Background: In the new forefront of healthcare at patients’ homes, medical devices developed to use at home setting by lay users are essential. The adoption of home-use medical devices will benefit both patients and public healthcare services in terms of quality of life, enhanced outcomes, and reduced cost of care. Home use medical devices associated with Internet-Of-Things (IOT) technology assists patients in performing self-care as well as providing health information remotely to health care professionals. However, adopting technology requires understanding the nature of the medical device and medical device development (MDD). Existing studies concerning the new product development (NPD) processes or design processes were systematically reviewed to explore knowledge and expertise to provide a framework for IOT engineers or designers to adopt IOT technology to home use medical devices. Objective: This study aimed to review the published literature to explore the current studies in the field of the NPD process, design process, design methodology, and outcome of the device affecting user acceptance. Methods: A systematic review following PRISMA guidelines of the English language literature from four electronic databases and academic search engines published from 2007 to 2018 was conducted. The papers were screened and assessed following predefined inclusive and exclusive criteria. The results were analyzed according to the research questions. Results: The findings revealed state-of-the-art in the NPD process and design process (n=4), the design methodology (n=23), and the resultant outcomes of empirical or clinical research in the validation stage (n=14) of medical device development (MDD). The findings also delineated existing studies in NPD, design process, and design methodologies aimed to ensure that medical devices would be effective and safe. Human factor engineering (HFE), cognitive method, ethnographic, and other methodologies were proposed to understand users, uses and context of use. Barriers, constraints, and multidisciplinary communication were addressed. Tools, processes, and methodologies were proposed to overcome the barriers. Conclusion: As home-use medical device development (MDD) and the adoption of IOT technology is now at a crossroads. This study addresses the necessity for future academic studies related to IOT adoption to MDD, including unique risks, multidisciplinary problems, emerging from IOT technology. Finally, future studies aimed at fabricating the NPD process or design process for IOT home-use medical devices to gain user acceptance were outlined

    Overcoming Language Dichotomies: Toward Effective Program Comprehension for Mobile App Development

    Full text link
    Mobile devices and platforms have become an established target for modern software developers due to performant hardware and a large and growing user base numbering in the billions. Despite their popularity, the software development process for mobile apps comes with a set of unique, domain-specific challenges rooted in program comprehension. Many of these challenges stem from developer difficulties in reasoning about different representations of a program, a phenomenon we define as a "language dichotomy". In this paper, we reflect upon the various language dichotomies that contribute to open problems in program comprehension and development for mobile apps. Furthermore, to help guide the research community towards effective solutions for these problems, we provide a roadmap of directions for future work.Comment: Invited Keynote Paper for the 26th IEEE/ACM International Conference on Program Comprehension (ICPC'18

    Big Data Testing Techniques: Taxonomy, Challenges and Future Trends

    Full text link
    Big Data is reforming many industrial domains by providing decision support through analyzing large data volumes. Big Data testing aims to ensure that Big Data systems run smoothly and error-free while maintaining the performance and quality of data. However, because of the diversity and complexity of data, testing Big Data is challenging. Though numerous research efforts deal with Big Data testing, a comprehensive review to address testing techniques and challenges of Big Data is not available as yet. Therefore, we have systematically reviewed the Big Data testing techniques evidence occurring in the period 2010-2021. This paper discusses testing data processing by highlighting the techniques used in every processing phase. Furthermore, we discuss the challenges and future directions. Our findings show that diverse functional, non-functional and combined (functional and non-functional) testing techniques have been used to solve specific problems related to Big Data. At the same time, most of the testing challenges have been faced during the MapReduce validation phase. In addition, the combinatorial testing technique is one of the most applied techniques in combination with other techniques (i.e., random testing, mutation testing, input space partitioning and equivalence testing) to find various functional faults through Big Data testing.Comment: 32 page

    Applying the proto-theory of design to explain and modify the parameter analysis method of conceptual design

    Get PDF
    This article reports on the outcomes of applying the notions provided by the reconstructed proto-theory of design, based on Aristotle’s remarks, to the parameter analysis (PA) method of conceptual design. Two research questions are addressed: (1) What further clarification and explanation to the approach of PA is provided by the proto-theory? (2) Which conclusions can be drawn from the study of an empirically derived design approach through the proto-theory regarding usefulness, validity and range of that theory? An overview of PA and an application example illustrate its present model and unique characteristics. Then, seven features of the proto-theory are explained and demonstrated through geometrical problem solving and analogies are drawn between these features and the corresponding ideas in modern design thinking. Historical and current uses of the terms analysis and synthesis in design are also outlined and contrasted, showing that caution should be exercised when applying them. Consequences regarding the design moves, process and strategy of PA allow proposing modifications to its model, while demonstrating how the ancient method of analysis can contribute to better understanding of contemporary design-theoretic issues
    • 

    corecore