Integrating security and usability into the requirements and design process

According to Ross Anderson, 'Many systems fail because their designers protect the wrong things or protect the right things in the wrong way'. Surveys also show that security incidents in industry are rising, which highlights the difficulty of designing good security. Some recent approaches have targeted security from the technological perspective, others from the human–computer interaction angle, offering better User Interfaces (UIs) for improved usability of security mechanisms. However, usability issues also extend beyond the user interface and should be considered during system requirements and design. In this paper, we describe Appropriate and Effective Guidance for Information Security (AEGIS), a methodology for the development of secure and usable systems. AEGIS defines a development process and a UML meta-model of the definition and the reasoning over the system's assets. AEGIS has been applied to case studies in the area of Grid computing and we report on one of these

Modeling functional requirements using tacit knowledge: a design science research methodology informed approach

The research in this paper adds to the discussion linked to the challenge of capturing and modeling tacit knowledge throughout software development projects. The issue emerged when modeling functional requirements during a project for a client. However, using the design science research methodology at a particular point in the project helped to create an artifact, a functional requirements modeling technique, that resolved the issue with tacit knowledge. Accordingly, this paper includes research based upon the stages of the design science research methodology to design and test the artifact in an observable situation, empirically grounding the research undertaken. An integral component of the design science research methodology, the knowledge base, assimilated structuration and semiotic theories so that other researchers can test the validity of the artifact created. First, structuration theory helped to identify how tacit knowledge is communicated and can be understood when modeling functional requirements for new software. Second, structuration theory prescribed the application of semiotics which facilitated the development of the artifact. Additionally, following the stages of the design science research methodology and associated tasks allows the research to be reproduced in other software development contexts. As a positive outcome, using the functional requirements modeling technique created, specifically for obtaining tacit knowledge on the software development project, indicates that using such knowledge increases the likelihood of deploying software successfully

Integrating knowledge accross disciplines. Experiences from the NeWater project

The starting question for this deliverable was how to create a new adaptive management concept that can integrate insights from various disciplines and connect people from different institutional backgrounds. From literature research and empirical research on the NeWater project we identified challenges for cross-disciplinary knowledge integration, we evaluated interventions for connecting multiple knowledge frames, we analyzed the process of group model building with UML and formulated recommendations. Cross-disciplinary research has arisen from a growing number of complex problems for which knowledge of a single scientific discipline or societal field is insufficient, but presents important challenges: (1) collaboration and integration of knowledge requires in depth discussions that are timeconsuming; (2) the recursive process of problem structuring and restructuring is often at odds with the sequential planning of project activities; (3) participation and mutual learning are crucial but need to be carefully structured and sequenced; and (4) management and leadership faces the difficult challenge of balancing in depth exploration with timely delivery of tangible results. We conclude with the following general recommendations for large cross-disciplinary projects: (1) including a preparatory proposal phase for thorough exploration of opportunities of between researchers and stakeholders (2) flexible funding, planning and operational arrangements to allow for a recursive research process; (3) a project size that allows frequent interaction opportunities between researchers and between researchers and stakeholders to allow for mutual learning and in depth exploration; and (4) enhancing learning opportunities from one project to the next

Object-oriented modelling with unified modelling language 2.0 for simple software application based on agile methodology

Unified modelling language (UML) 2.0 introduced in 2002 has been developing and influencing object-oriented software engineering and has become a standard and reference for information system analysis and design modelling. There are many concepts and theories to model the information system or software application with UML 2.0, which can make ambiguities and inconsistencies for a novice to learn to how to model the system with UML especially with UML 2.0. This article will discuss how to model the simple software application by using some of the diagrams of UML 2.0 and not by using the whole diagrams as suggested by agile methodology. Agile methodology is considered as convenient for novices because it can deliver the information technology environment to the end-user quickly and adaptively with minimal documentation. It also has the ability to deliver best performance software application according to the customer's needs. Agile methodology will make simple model with simple documentation, simple team and simple tools.Comment: 15 pages, 30 figure

Automatic assessment of sequence diagrams

In previous work we showed how student-produced entity-relationship diagrams (ERDs) could be automatically marked with good accuracy when compared with human markers. In this paper we report how effective the same techniques are when applied to syntactically similar UML sequence diagrams and discuss some issues that arise which did not occur with ERDs. We have found that, on a corpus of 100 student-drawn sequence diagrams, the automatic marking technique is more reliable that human markers. In addition, an analysis of this corpus revealed significant syntax errors in student-drawn sequence diagrams. We used the information obtained from the analysis to build a tool that not only detects syntax errors but also provides feedback in diagrammatic form. The tool has been extended to incorporate the automatic marker to provide a revision tool for learning how to model with sequence diagrams