Model-Based Security Testing

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582

A requirements engineering framework for integrated systems development for the construction industry

Computer Integrated Construction (CIC) systems are computer environments through which collaborative working can be undertaken. Although many CIC systems have been developed to demonstrate the communication and collaboration within the construction projects, the uptake of CICs by the industry is still inadequate. This is mainly due to the fact that research methodologies of the CIC development projects are incomplete to bridge the technology transfer gap. Therefore, defining comprehensive methodologies for the development of these systems and their effective implementation on real construction projects is vital. Requirements Engineering (RE) can contribute to the effective uptake of these systems because it drives the systems development for the targeted audience. This paper proposes a requirements engineering approach for industry driven CIC systems development. While some CIC systems are investigated to build a broad and deep contextual knowledge in the area, the EU funded research project, DIVERCITY (Distributed Virtual Workspace for Enhancing Communication within the Construction Industry), is analysed as the main case study project because its requirements engineering approach has the potential to determine a framework for the adaptation of requirements engineering in order to contribute towards the uptake of CIC systems

ERIGrid Holistic Test Description for Validating Cyber-Physical Energy Systems

Smart energy solutions aim to modify and optimise the operation of existing energy infrastructure. Such cyber-physical technology must be mature before deployment to the actual infrastructure, and competitive solutions will have to be compliant to standards still under development. Achieving this technology readiness and harmonisation requires reproducible experiments and appropriately realistic testing environments. Such testbeds for multi-domain cyber-physical experiments are complex in and of themselves. This work addresses a method for the scoping and design of experiments where both testbed and solution each require detailed expertise. This empirical work first revisited present test description approaches, developed a newdescription method for cyber-physical energy systems testing, and matured it by means of user involvement. The new Holistic Test Description (HTD) method facilitates the conception, deconstruction and reproduction of complex experimental designs in the domains of cyber-physical energy systems. This work develops the background and motivation, offers a guideline and examples to the proposed approach, and summarises experience from three years of its application.This work received funding in the European Community’s Horizon 2020 Program (H2020/2014–2020) under project “ERIGrid” (Grant Agreement No. 654113)

Requirements engineering for computer integrated environments in construction

A Computer Integrated Environment (CIE) is the type of innovative integrated information system that helps to reduce fragmentation and enables the stakeholders to collaborate together in business. Researchers have observed that the concept of CIE has been the subject of research for many years but the uptake of this technology has been very limited because of the development of the technology and its effective implementation. Although CIE is very much valued by both industrialists and academics, the answers to the question of how to develop and how to implement it are still not clear. The industrialists and researchers conveyed that networking, collaboration, information sharing and communication will become popular and critical issues in the future, which can be managed through CIE systems. In order for successful development of the technology, successful delivery, and effective implementation of user and industry-oriented CIE systems, requirements engineering seems a key parameter. Therefore, through experiences and lessons learnt in various case studies of CIE systems developments, this book explains the development of a requirements engineering framework specific to the CIE system. The requirements engineering process that has been developed in the research is targeted at computer integrated environments with a particular interest in the construction industry as the implementation field. The key features of the requirements engineering framework are the following: (1) ready-to-use, (2) simple, (3) domain specific, (4) adaptable and (5) systematic, (6) integrated with the legacy systems. The method has three key constructs: i) techniques for requirements development, which includes the requirement elicitation, requirements analysis/modelling and requirements validation, ii) requirements documentation and iii) facilitating the requirements management. It focuses on system development methodologies for the human driven ICT solutions that provide communication, collaboration, information sharing and exchange through computer integrated environments for professionals situated in discrete locations but working in a multidisciplinary and interdisciplinary environment. The overview for each chapter of the book is as follows; Chapter 1 provides an overview by setting the scene and presents the issues involved in requirements engineering and CIE (Computer Integrated Environments). Furthermore, it makes an introduction to the necessity for requirements engineering for CIE system development, experiences and lessons learnt cumulatively from CIE systems developments that the authors have been involved in, and the process of the development of an ideal requirements engineering framework for CIE systems development, based on the experiences and lessons learnt from the multi-case studies. Chapter 2 aims at building up contextual knowledge to acquire a deeper understanding of the topic area. This includes a detailed definition of the requirements engineering discipline and the importance and principles of requirements engineering and its process. In addition, state of the art techniques and approaches, including contextual design approach, the use case modelling, and the agile requirements engineering processes, are explained to provide contextual knowledge and understanding about requirements engineering to the readers. After building contextual knowledge and understanding about requirements engineering in chapter 2, chapter 3 attempts to identify a scope and contextual knowledge and understanding about computer integrated environments and Building Information Modelling (BIM). In doing so, previous experiences of the authors about systems developments for computer integrated environments are explained in detail as the CIE/BIM case studies. In the light of contextual knowledge gained about requirements engineering in chapter 2, in order to realize the critical necessity of requirements engineering to combine technology, process and people issues in the right balance, chapter 4 will critically evaluate the requirements engineering activities of CIE systems developments that are explained in chapter 3. Furthermore, to support the necessity of requirements engineering for human centred CIE systems development, the findings from semi-structured interviews are shown in a concept map that is also explained in this chapter. In chapter 5, requirements engineering is investigated from different angles to pick up the key issues from discrete research studies and practice such as traceability through process and product modelling, goal-oriented requirements engineering, the essential and incidental complexities in requirements models, the measurability of quality requirements, the fundamentals of requirements engineering, identifying and involving the stakeholders, reconciling software requirements and system architectures and barriers to the industrial uptake of requirements engineering. In addition, a comprehensive research study measuring the success of requirements engineering processes through a set of evaluation criteria is introduced. Finally, the key issues and the criteria are comparatively analyzed and evaluated in order to match each other and confirm the validity of the criteria for the evaluation and assessment of the requirements engineering implementation in the CIE case study projects in chapter 7 and the key issues will be used in chapter 9 to support the CMM (Capability Maturity Model) for acceptance and wider implications of the requirements engineering framework to be proposed in chapter 8. Chapter 6 explains and particularly focuses on how the requirements engineering activities in the case study projects were handled by highlighting strengths and weaknesses. This will also include the experiences and lessons learnt from these system development practices. The findings from these developments will also be utilized to support the justification of the necessity of a requirements engineering framework for the CIE systems developments. In particular, the following are addressed. • common and shared understanding in requirements engineering efforts, • continuous improvement, • outputs of requirement engineering • reflections and the critical analysis of the requirements engineering approaches in these practices. The premise of chapter 7 is to evaluate and assess the requirements engineering approaches in the CIE case study developments from multiple viewpoints in order to find out the strengths and the weaknesses in these requirements engineering processes. This evaluation will be mainly based on the set of criteria developed by the researchers and developers in the requirements engineering community in order to measure the success rate of the requirements engineering techniques after their implementation in the various system development projects. This set of criteria has already been introduced in chapter 5. This critical assessment includes conducting a questionnaire based survey and descriptive statistical analysis. In chapter 8, the requirements engineering techniques tested in the CIE case study developments are composed and compiled into a requirements engineering process in the light of the strengths and the weaknesses identified in the previous chapter through benchmarking with a Capability Maturity Model (CMM) to ensure that it has the required level of maturity for implementation in the CIE systems developments. As a result of this chapter, a framework for a generic requirements engineering process for CIE systems development will be proposed. In chapter 9, the authors will discuss the acceptance and the wider implications of the proposed framework of requirements engineering process using the CMM from chapter 8 and the key issues from chapter 5. Chapter 10 is the concluding chapter and it summarizes the findings and brings the book to a close with recommendations for the implementation of the Proposed RE framework and also prescribes a guideline as a way forward for better implementation of requirements engineering for successful developments of the CIE systems in the future

Interoperability with CAA: does it work in practice?

IMS has been promising question and test interoperability (QTI) for a number of years. Reported advantages of interoperability include the avoidance of “lock in” to one proprietary system, the ability to integrate systems from different vendors, and the facilitation of an exchange of questions and tests between institutions. The QTI specification, while not yet an international standard for the exchange of questions, tests and results, now appears to be stable enough for vendors to have developed systems which implement such an exchange in a fairly sophisticated way. The costs to software companies of implementing QTI “compliance” in their existing CAA systems, however, are high. Allowing users to move their data to other systems may not seem to make commercial sense either. As awareness of the advantages of interoperability increases within education, software companies are realising that adding QTI import and export facilities to their products can be a selling point. A handful of vendors have signed up to the concept of interoperability and have taken part in the IMS QTI Working Group. Others state that their virtual learning environments or CAA systems are “conformant” with IMS QTI but do these assertions stand up when the packages are tested together? The CETIS Assessment Special Interest Group has been monitoring developments in this area for over a year and has carried out an analysis of tools which exploit the QTI specifications. This paper describes to what extent the tools genuinely interoperate and examines the likely benefits for users and future prospects for CAA interoperability

Task-based language assessment

status: publishe

Quality criteria for multimedia

The meaning of the term quality as used by multimedia workers in the field has become devalued. Almost every package is promoted by its developers as being of the ‘highest quality’. This paper draws on practical experience from a number of major projects to argue, from a quality‐assurance position, that multimedia materials should meet pre‐defined criteria relating to their objectives, content and incidence of errors