Early aspects: aspect-oriented requirements engineering and architecture design

This paper reports on the third Early Aspects: Aspect-Oriented Requirements Engineering and Architecture Design Workshop, which has been held in Lancaster, UK, on March 21, 2004. The workshop included a presentation session and working sessions in which the particular topics on early aspects were discussed. The primary goal of the workshop was to focus on challenges to defining methodical software development processes for aspects from early on in the software life cycle and explore the potential of proposed methods and techniques to scale up to industrial applications

Building in web application security at the requirements stage : a tool for visualizing and evaluating security trade-offs : a thesis presented in partial fulfilment of the requirements for the degree of Master of Information Science in Information Systems at Massey University, Albany, New Zealand

One dimension of Internet security is web application security. The purpose of this Design-science study was to design, build and evaluate a computer-based tool to support security vulnerability and risk assessment in the early stages of web application design. The tool facilitates risk assessment by managers and helps developers to model security requirements using an interactive tree diagram. The tool calculates residual risk for each component of a web application and for the application overall so developers are provided with better information for making decisions about which countermeasures to implement given limited resources tor doing so. The tool supports taking a proactive approach to building in web application security at the requirements stage as opposed to the more common reactive approach of putting countermeasures in place after an attack and loss have been incurred. The primary contribution of the proposed tool is its ability to make known security-related information (e.g. known vulnerabilities, attacks and countermeasures) more accessible to developers who are not security experts and to translate lack of security measures into an understandable measure of relative residual risk. The latter is useful for managers who need to prioritize security spending. Keywords: web application security, security requirements modelling, attack trees, threat trees, risk assessment

The Nature of Context-Sensitive Solutions, Stakeholder Involvement and Critical Issues in the Urban Context

Over the last several decades many transportation and planning agencies have experienced conflicting demands emerging from the need to develop projects in an expeditious manner while at the same time involving stakeholders in the decision-making process, which sometimes is perceived as slowing project delivery and/or increasing costs. Given this tension between apparently conflicting demands, it is important to understand how the stakeholder involvement is being carried out and what best practices may be recommended. This study examines the issue in the context of a relatively new policy framework – Context Sensitive Solutions (CSS) – which supports the early integration of stakeholders into the planning process. The report pays particular attention to stakeholders’ involvement in projects within urban centers, where there is likely to be more complexity, both in terms of the number of stakeholders and end users affected. CSS is a relatively new process and not consistently interpreted or applied across states and/or agencies. The literature suggests that an underlying assumption when applying CSS principles to community involvement processes is that stakeholders are empowered through clear policies and procedures directed towards their participation. In our research, we found that the extent to which public agencies apply the CSS framework and involve and respond to stakeholders depends on each agency\u27s interest to engage the public in the deliberation process to find the best-fit project for a community. It is likely that the increased integration of stakeholders into the planning and project development process will not become a state of practice until the benefits flowing from community involvement are clearly understood by the agency staff. The CSS literature describes many benefits associated with comprehensive stakeholder engagement, including gaining constituents\u27 buy-in and support for project financing. A movement toward standardizing CSS policies and directives across the country will facilitate a public discussion about the benefits of engaging communities into the project design phase and away from solely expert-based designs. In addition, there are a number of stakeholder involvement practices that, if adopted, could expedite the integration of communities\u27 views and values in the decision-making process, while at the same time minimizing the chances of protracted consultation processes, time delays and additional costs

Together towards improvement : pre-school education

This document has been designed to help all those involved with the provision of pre-school education to improve their current practice through a process of self-evaluation. - The materials provide guidance on: - the points to be considered by a pre-school centre that is planning to use the process of self-evaluation; - the key features of self-evaluation; - identifying the focus for self-evaluation; - indicators of quality; - carrying out the process; and - planning for action

Finding and Resolving Security Misusability with Misusability Cases

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice- versa. One way of using scenarios to bridge security and usability involves explicitly describing how design deci- sions can lead to users inadvertently exploiting vulnera- bilities to carry out their production tasks. This paper describes how misusability cases, scenarios that describe how design decisions may lead to usability problems sub- sequently leading to system misuse, address this problem. We describe the related work upon which misusability cases are based before presenting the approach, and illus- trating its application using a case study example. Finally, we describe some findings from this approach that further inform the design of usable and secure systems

Improving CE with PDM

The concept of Concurrent Engineering (CE) centers around the management of information so that the right information will be at the right place at the right time and in the right format. Product Data Management (PDM) aims to support a CE way of working in product development processes. In specific situations, however, it is hard to estimate the contribution of a particular PDM package to CE. This paper presents a method to assess the contribution to CE of a PDM package in a specific situation. The method uses the concept of information quality to identify the gap with CE information quality requirements. The contribution of PDM to bridge this gap is estimated. Decisions on improvement actions are supported to improve readiness for PDM as well as to improve CE. The method has been tested in a real-life situation

Improving the Design and Implementation of Software Systems uses Aspect Oriented Programming

A design pattern is used as a static reusable component of object oriented design in the many patterns catalogue. The regular design pattern does not show any collaboration of shared resource between patterns in the software design. But generative design pattern is a new design pattern that shows the relationship and shared resources between them. The generative design pattern is considered a dynamic and active design, which creating new design as a result of collaboration and resource usage between two designs. This paper will demonstrate benefit and the structure of generative pattern. It also demonstrates the creation of a desktop application for modeling generative design pattern. The Java language creates the desktop application. The application provides many features, for instance, users can place drawing objects such as class, Interface and Abstract Class object. The users also can draw different connection line between these objects, such as simple, inheritance, composition lines. This project shows the implementation details techniques of drawing objects and their connection. It also provides an open source code that many novice developers can understand and analysis for further development. The application source code gives the developers new ideas and skills in object oriented programming and graphical user interface in Java language

A taxonomy of asymmetric requirements aspects

The early aspects community has received increasing attention among researchers and practitioners, and has grown a set of meaningful terminology and concepts in recent years, including the notion of requirements aspects. Aspects at the requirements level present stakeholder concerns that crosscut the problem domain, with the potential for a broad impact on questions of scoping, prioritization, and architectural design. Although many existing requirements engineering approaches advocate and advertise an integral support of early aspects analysis, one challenge is that the notion of a requirements aspect is not yet well established to efficaciously serve the community. Instead of defining the term once and for all in a normally arduous and unproductive conceptual unification stage, we present a preliminary taxonomy based on the literature survey to show the different features of an asymmetric requirements aspect. Existing approaches that handle requirements aspects are compared and classified according to the proposed taxonomy. In addition,we study crosscutting security requirements to exemplify the taxonomy's use, substantiate its value, and explore its future directions