An OMG model-based approach for aligning information systems requirements and architectures with business

Tese de Doutoramento (Programa Doutoral em Tecnologias e Sistemas de Informação)The challenges involved in developing information systems (which are able to adapt to rapidly changing business and technological conditions) are directly related to the importance of their alignment with the business counterpart. These challenges comprise issues that cross management and information systems domains, relating and aligning them in order to attain superior performance for the organization, while identifying its strategy and tailoring its business processes. As this relation is increasingly intertwined its concepts are conducted to pragmatic methods, incorporating both management and information systems components, for how, when and where this alignment really matters. The related topics of the alignment between business and information systems comprise diverse paths of research, though with little common ground established inside the community, where problems arouse due to the fast moving business and technological environments. According to these circumstances, the process of developing information systems to support the alignment benefits from incorporating the use of structured and model-based approaches. So, as the development of evermore complex information systems presents a challenge for the currently available methods, the use of models to support the alignment with business stands as an increasingly important issue. Following those challenges, we set out to question how to develop solutions aligning information systems with business in a model-based approach. Accordingly, we support our research on the need to understand what are the perspectives involved in aligning information systems with business, and, moreover, to comprehend in what sense model adoption drives information systems development. So, the proposed goals for this thesis are: (1) set the basis for the elicitation of business requirements in order to support a well-grounded development of information systems; (2) provide for the generation of business models based on the business requirements, while assuring their alignment and traceability; and (3) arrange for the derivation of information system architectures from the business requirements, while attaining alignment and traceability for their mutual transformation and adaptation. Several issues surrounding these goals have already been described and approached in diverse ways by other researchers, where existing approaches and associated methods achieved good results. Nevertheless, these approaches are not without their shortfalls, sometimes failing to present a complete solution, others being unable to adapt to new challenges, or even incapable of reacting to recent trends. In order to tackle these issues we propose to build upon those approaches by adapting, evolving and innovating on solutions in each of the three proposed goals, respectively intertwining with perspectives from related standards and reference models. Answering the first goal, in what regards the main contributions of this thesis, we propose to broaden the elicitation of requirements by relating functional and nonfunctional requirements from business processes. So, we present a unified metamodel representation for those requirements, accompanied by a customizable method for their joint elicitation, based-on business-driven use-cases, goals and rules. This approach adopts the Rational Unified Process (RUP) development methodology and the Business Motivation Model (BMM) standard model language representation for business requirements. Moreover, the metamodel representation and method operationalization are accompanied by a prototype support tool that completes this first contribution. For the second goal, a more business-oriented one correlated to the higher-level requirements, we propose to generate business models directly from the inferred functional and nonfunctional requirements. So, we present a three-dimensional approach built on the relation of the referred requirements with the Balanced Scorecard (BSC) reference model, where an additional mapping to the Business Model Canvas (BMC) is also made available. This proposal provides an associated metamodel representation for the relation between the elements involved and a customizable method for their operationalization, all accompanied by a prototype support tool. On the third goal, focused on system architectures and connected to the lower-level requirements, we propose to derive service-oriented participants from the functional requirements, while aligning the nonfunctional requirements with the quality characteristics of the solution to-be. First, we present an evolution of an existing method for the derivation of a logical architecture, in order to adapt it to a service-oriented approach (SOA). Then, following on the existing relation between the nonfunctional and functional side of the low-level requirements, our approach is able to associate these last with its related services on the derived architecture, in another three-dimensional approach. Additionally, a mapping of the nonfunctional requirements with the system quality characteristics (CISQ) is made available. Once more, an associated metamodel, a customizable method and a prototype support tool are also provided. The development of these three approaches is supported through the execution of tasks which originate artifacts and lead to publications associated to their respective research and development efforts, all according to the Design Science Research (DSR) methodology. These are applied in ongoing projects involving experimental scenarios in industrial settings and associated to established research reference patterns, balancing the interests of both researchers and practitioners while focused both on technology and management audiences. The results obtained from their evaluation reflect the quality and depth of our findings, helping to validate the scientific contribution of this work.Os desafios implicados no desenvolvimento de sistemas de informação (que sejam capazes de se adaptar a condições tecnológicas e de negócios em rápida mutação) estão diretamente relacionados à importância do seu alinhamento com a contraparte do negócio. Esses desafios envolvem questões que cruzam os domínios da gestão e dos sistemas de informação, relacionando-os e alinhando-os com o intuito de alcançar um desempenho superior para a organização, ao mesmo tempo que identificam a sua estratégia e adequam os seus processos de negócio. Como esta relação está cada vez mais interligada, os seus conceitos são canalizados para métodos pragmáticos, incorporando ambos os componentes de sistemas de informação e de gestão, para saber como, quando e onde este alinhamento realmente interessa. Os tópicos relacionados com o alinhamento entre negócio e sistemas de informação abrangem diversos caminhos de pesquisa, embora com poucos alicerces em comum estabelecidos dentro da comunidade, onde os problemas surgem devido às rápidas mudanças nos negócios e nos ambientes tecnológicos. De acordo com estas circunstâncias, o processo de desenvolvimento de sistemas de informação para apoiar o alinhamento beneficia de incorporar o uso de abordagens estruturadas e baseadas em modelos. Assim, dado que o desenvolvimento de sistemas de informação cada vez mais complexos apresenta um desafio para os métodos atualmente disponíveis, o uso de modelos para apoiar o alinhamento com o negócio destaca-se como uma questão cada vez mais importante. Em linha com esses desafios, estabelecemos a questão de como desenvolver soluções para alinhar sistemas de informações com o negócio numa abordagem baseada em modelos. Neste sentido, apoiamos a nossa pesquisa na necessidade de compreender quais são as perspetivas envolvidas no alinhamento dos sistemas de informação com o negócio, e, além disso, de compreender em que sentido a adoção de modelos capacita o desenvolvimento desses sistemas. Assim, os objetivos propostos para esta tese são: (1) definir as bases para o levantamento de requisitos de negócio a fim de suportar um desenvolvimento bem fundamentado de sistemas de informação; (2) disponibilizar a geração de modelos de negócio baseados nos requisitos de negócio, garantindo o alinhamento e a rastreabilidade entre ambos; e (3) estruturar a derivação de arquiteturas de sistema de informação a partir dos requisitos de negócio, preservando o alinhamento e rastreabilidade para a sua mútua transformação e adaptação. Várias questões envolvendo estes objetivos foram já descritas e tratadas de diversas maneiras por outros investigadores, tendo as abordagens existentes e os métodos associados alcançado bons resultados. No entanto, essas abordagens têm as suas lacunas, umas vezes falham em apresentar uma solução completa, noutras são ineficientes ao se adaptarem a novos desafios, ou mesmo incapazes de reagir às novas tendências. Para lidar com estas questões, propomo-nos apoiar nessas abordagens, adaptando, evoluindo e inovando em soluções para cada um dos três objetivos propostos, intersetando-as, respetivamente, com perspetivas de modelos de referência e padrões relacionados. Relativamente ao primeiro objetivo, no que concerne aos principais contributos desta tese, propomos alargar o levantamento de requisitos, relacionando os requisitos funcionais e nãofuncionais dos processos de negócios. Assim, apresentamos um meta-modelo para a representação unificada desses requisitos, acompanhado por um método personalizável para o seu levantamento conjunto, baseada em casos-de-uso, metas e regras orientadas a negócio. Esta abordagem adota a metodologia de desenvolvimento do Rational Unified Process (RUP) e a representação padrão do modelo de linguagem do Business Motivation Model (BMM), para os requisitos de negócio. Além disso, a representação meta-modelo e a operacionalização do método são acompanhados por um protótipo de uma ferramenta de suporte que completa esta primeira contribuição. Quanto ao segundo objetivo, mais orientado ao negócio e correlacionado com os requisitos de nível superior, propomos gerar modelos de negócio a partir dos requisitos funcionais e não-funcionais inferidos. Assim, apresentamos uma abordagem tridimensional, construída sobre a relação dos referidos requisitos com o modelo de referência do Balanced Scorecard (BSC), em que um mapeamento adicional para o Business Model Canvas (BMC) é também disponibilizado. Esta proposta inclui um meta-modelo para representação da relação entre os elementos envolvidos e um método personalizável para a sua operacionalização, tudo acompanhado por um protótipo de uma ferramenta de suporte. No terceiro objetivo, focado em arquiteturas de sistema e ligado aos requisitos de nível inferior, propomos derivar participantes orientados-a-serviços desde os requisitos funcionais, alinhando os requisitos não-funcionais com as características de qualidade da solução a obter. Primeiro, apresentamos uma evolução de um método existente para a derivação de uma arquitetura lógica, adaptando-o a uma abordagem-orientada-a-serviços (SOA). Assim, prosseguindo a relação existente entre o lado não-funcional e funcional dos requisitos de baixo nível, a nossa abordagem associa estes últimos com os serviços relacionados na arquitetura derivada, numa outra abordagem tridimensional. Além disso, um mapeamento dos requisitos não-funcionais com as características de qualidade do sistema (CISQ) é disponibilizado. Mais uma vez, um meta-modelo associado, um método personalizável e um protótipo da ferramenta de suporte são disponibilizados. O desenvolvimento destas três abordagens é suportado pela execução de tarefas, as quais dão origem a artefatos e levam a publicações associadas aos seus esforços de pesquisa e desenvolvimento respetivamente, tudo de acordo com a metodologia DSR. Estas são aplicadas a projetos em andamento, os quais envolvem cenários experimentais em ambientes industriais e associados a padrões de investigação de referência, equilibrando os interesses de investigadores e profissionais assim como dos diferentes públicos de tecnologia e gestão. Os resultados obtidos na sua avaliação refletem a qualidade e a profundidade dos nossos resultados, ajudando a validar a contribuição científica deste trabalho

Characterizing and Diagnosing Architectural Degeneration of Software Systems from Defect Perspective

The architecture of a software system is known to degrade as the system evolves over time due to change upon change, a phenomenon that is termed architectural degeneration. Previous research has focused largely on structural deviations of an architecture from its baseline. However, another angle to observe architectural degeneration is software defects, especially those that are architecturally related. Such an angle has not been scientifically explored until now. Here, we ask two relevant questions: (1) What do defects indicate about architectural degeneration? and (2) How can architectural degeneration be diagnosed from the defect perspective? To answer question (1), we conducted an exploratory case study analyzing defect data over six releases of a large legacy system (of size approximately 20 million source lines of code and age over 20 years). The relevant defects here are those that span multiple components in the system (called multiple-component defects - MCDs). This case study found that MCDs require more changes to fix and are more persistent across development phases and releases than other types of defects. To answer question (2), we developed an approach (called Diagnosing Architectural Degeneration - DAD) from the defect perspective, and validated it in another, confirmatory, case study involving three releases of a commercial system (of size over 1.5 million source lines of code and age over 13 years). This case study found that components of the system tend to persistently have an impact on architectural degeneration over releases. Especially, such impact of a few components is substantially greater than that of other components. These results are new and they add to the current knowledge on architectural degeneration. The key conclusions from these results are: (i) analysis of MCDs is a viable approach to characterizing architectural degeneration; and (ii) a method such as DAD can be developed for diagnosing architectural degeneration

Technical Debt: An empirical investigation of its harmfulness and on management strategies in industry

Background: In order to survive in today\u27s fast-growing and ever fast-changing business environment, software companies need to continuously deliver customer value, both from a short- and long-term perspective. However, the consequences of potential long-term and far-reaching negative effects of shortcuts and quick fixes made during the software development lifecycle, described as Technical Debt (TD), can impede the software development process.Objective: The overarching goal of this Ph.D. thesis is twofold. The first goal is to empirically study and understand in what way and to what extent, TD influences today’s software development work, specifically with the intention to provide more quantitative insight into the field. Second, to understand which different initiatives can reduce the negative effects of TD and also which factors are important to consider when implementing such initiatives.Method: To achieve the objectives, a combination of both quantitative and qualitative research methodologies are used, including interviews, surveys, a systematic literature review, a longitudinal study, analysis of documents, correlation analysis, and statistical tests. In seven of the eleven studies included in this Ph.D. thesis, a combination of multiple research methods are used to achieve high validity.Results: We present results showing that software suffering from TD will cause various negative effects on both the software and the developing process. These negative effects are illustrated from a technical, financial, and a developer’s working situational perspective. These studies also identify several initiatives that can be undertaken in order to reduce the negative effects of TD.Conclusion: The results show that software developers report that they waste 23% of their working time due to experiencing TD and that TD required them to perform additional time-consuming work activities. This study also shows that, compared to all types of TD, architectural TD has the greatest negative impact on daily software development work and that TD has negative effects on several different software quality attributes. Further, the results show that TD reduces developer morale. Moreover, the findings show that intentionally introducing TD in startup companies can allow the startups to cut development time, enabling faster feedback and increased revenue, preserve resources, and decrease risk and thereby contribute to beneficial\ua0effects. This study also identifies several initiatives that can be undertaken in order to reduce the negative effects of TD, such as the introduction of a tracking process where the TD items are introduced in an official backlog. The finding also indicates that there is an unfulfilled potential regarding how managers can influence the manner in which software practitioners address TD

wContact: improving social communication

Contact management today is ubiquitous and multi‐channel: phone, IM, email, VOIP  to name but a few. However, the contact management technology commonly in use today has  not changed significantly in many years. It remains far from an ideal service, falling down on  issues  such  as  its  utility,  ease  of  interaction,  the  efforts  required  to  maintain  it  and  its  reliability.  Another important factor relies how mobile communication devices have become  more commonplace increasing the potential to be interrupted by them. Indeed, it has been  argued that technologies such as the mobile phone have “reconfigured time and space”. They  have also fundamentally altered notions of availability, promoting a vision in which users are  always‐on and continually connected. While this confers many advantages it also increases the  potential for disruption to users engaged in other activities or seeking rest  This  document  describes  wContact,  a  system  that  provides  a  unified  service  of  synchronized contact profiles (incorporating privacy controls) that contain all contact info. This  is  held  in  a  distributed  system  (a  cloud  computing  service)  and  broadcast  over  a  data  connection to address book clients. Ultimately this takes the form of a minimal social network  where adding or removing contacts is equivalent to adding or removing a friend in a more  conventional service such as Facebook.  The wContact is complemented with a system which automatically manages status on  a mobile device. Its contribution lies in the adoption of a number of recent technological  advances to create a realistic framework for a sophisticated mobile context‐sensitive tool to  capture activity and infer and share availability. It does so by proposing a context model based  on the integration of multiple sensor inputs (e.g. microphone and accelerometer) and internal  device state (e.g. battery level) which is broadcasted.  In summary, wContact represents a substantial improvement over today’s systems in  how contacts are treated and managed. It focuses on simplifying the way they are exchanged,  increasing the quantity and quality of contact details and providing awareness clues to better  mediate engagement with contacts. Finally, to ensure the durability of contacts the system  provides a seamless automatic update process.

An Approach for Guiding Developers to Performance and Scalability Solutions

This thesis proposes an approach that enables developers who are novices in software performance engineering to solve software performance and scalability problems without the assistance of a software performance expert. The contribution of this thesis is the explicit consideration of the implementation level to recommend solutions for software performance and scalability problems. This includes a set of description languages for data representation and human computer interaction and a workflow

An interpretive case study into the application of software engineering theory

Even before software engineering was formally defined as a discipline, software projects were notorious for being behind schedule and over budget. The resulting software systems were also often described as unreliable. Researchers in the field have, over the years, theorised and proposed many standards, methods, processes and techniques to improve software project outcomes. Based on allegorical evidence, however, it would seem that these proposals are often not applied in practice. This study was inspired by a desire to probe this general theme, namely of the extent to which (if at all) software engineering theory is adopted in practice. The core of this research is an interpretive case study of a software project in the financial services industry that ran from end 2006 to mid 2008. I was one of a team of approximately 20 developers, analysts and development managers working on the project, until I left the company in 2009. Results are reported in a two-phase fashion over several themes. Firstly, the literature of recommended software engineering practices relating to a particular theme is reviewed. This is regarded as the "theory". Thereafter, the observations and evidence collected from the interpretive study in regard to the relevant theme is presented and discussed. The first theme investigated is the notion of "project outcome". Definitions of successful and failed software projects are considered from the perspective of the various stakeholders. Also considered are factors that contribute to project success or failure. After examining how case study participants viewed the project’s outcome, it is argued that the project could neither be labelled as a complete success nor as a complete failure. Two areas were identified as problematic: the requirements gathering process; and the system architecture that had been chosen. Improvements in these areas would arguably have most benefitted the project’s outcome. For this reason, recommended practices were probed in the literature relating both to requirements engineering and also to software architecture design. The case study project was then evaluated against these recommended practices to determine the degree to which they were implemented. In cases where the recommended practices were not implemented or only partially implemented, a number of reasons for the lack of adoption are considered. Of course, the conclusions made in this study as to why the recommended practices were not implemented cannot be naïvely generalized to the software engineering field as a whole. Instead, in line with the interpretive nature of the study, an attempt was made to gain in depth knowledge of a particular project, to show how that project’s individual characteristics influenced the adoption of software engineering theory, and to probe the consequences of such adoption or lack thereof. The study suggested that the complex and individual nature of software projects will have a substantial influence on the extent to which theory is adopted in practice. It also suggested that the impact such adoption will have on a project’s outcome will be critically influenced by the nature of the software project. CopyrightDissertation (MSc)--University of Pretoria, 2012.Computer Scienceunrestricte

Modeling Deception for Cyber Security

In the era of software-intensive, smart and connected systems, the growing power and so- phistication of cyber attacks poses increasing challenges to software security. The reactive posture of traditional security mechanisms, such as anti-virus and intrusion detection systems, has not been sufficient to combat a wide range of advanced persistent threats that currently jeopardize systems operation. To mitigate these extant threats, more ac- tive defensive approaches are necessary. Such approaches rely on the concept of actively hindering and deceiving attackers. Deceptive techniques allow for additional defense by thwarting attackers’ advances through the manipulation of their perceptions. Manipu- lation is achieved through the use of deceitful responses, feints, misdirection, and other falsehoods in a system. Of course, such deception mechanisms may result in side-effects that must be handled. Current methods for planning deception chiefly portray attempts to bridge military deception to cyber deception, providing only high-level instructions that largely ignore deception as part of the software security development life cycle. Con- sequently, little practical guidance is provided on how to engineering deception-based techniques for defense. This PhD thesis contributes with a systematic approach to specify and design cyber deception requirements, tactics, and strategies. This deception approach consists of (i) a multi-paradigm modeling for representing deception requirements, tac- tics, and strategies, (ii) a reference architecture to support the integration of deception strategies into system operation, and (iii) a method to guide engineers in deception mod- eling. A tool prototype, a case study, and an experimental evaluation show encouraging results for the application of the approach in practice. Finally, a conceptual coverage map- ping was developed to assess the expressivity of the deception modeling language created.Na era digital o crescente poder e sofisticação dos ataques cibernéticos apresenta constan- tes desafios para a segurança do software. A postura reativa dos mecanismos tradicionais de segurança, como os sistemas antivírus e de detecção de intrusão, não têm sido suficien- tes para combater a ampla gama de ameaças que comprometem a operação dos sistemas de software actuais. Para mitigar estas ameaças são necessárias abordagens ativas de defesa. Tais abordagens baseiam-se na ideia de adicionar mecanismos para enganar os adversários (do inglês deception). As técnicas de enganação (em português, "ato ou efeito de enganar, de induzir em erro; artimanha usada para iludir") contribuem para a defesa frustrando o avanço dos atacantes por manipulação das suas perceções. A manipula- ção é conseguida através de respostas enganadoras, de "fintas", ou indicações erróneas e outras falsidades adicionadas intencionalmente num sistema. É claro que esses meca- nismos de enganação podem resultar em efeitos colaterais que devem ser tratados. Os métodos atuais usados para enganar um atacante inspiram-se fundamentalmente nas técnicas da área militar, fornecendo apenas instruções de alto nível que ignoram, em grande parte, a enganação como parte do ciclo de vida do desenvolvimento de software seguro. Consequentemente, há poucas referências práticas em como gerar técnicas de defesa baseadas em enganação. Esta tese de doutoramento contribui com uma aborda- gem sistemática para especificar e desenhar requisitos, táticas e estratégias de enganação cibernéticas. Esta abordagem é composta por (i) uma modelação multi-paradigma para re- presentar requisitos, táticas e estratégias de enganação, (ii) uma arquitetura de referência para apoiar a integração de estratégias de enganação na operação dum sistema, e (iii) um método para orientar os engenheiros na modelação de enganação. Uma ferramenta protó- tipo, um estudo de caso e uma avaliação experimental mostram resultados encorajadores para a aplicação da abordagem na prática. Finalmente, a expressividade da linguagem de modelação de enganação é avaliada por um mapeamento de cobertura de conceitos

Integrative Sonic Urbanism: Artist-Led Strategies for Urban Sound Design in the Contemporary City

This doctoral research advances the fields of urban sound design and acoustic planning, presenting new ways of exploring the interrelationship between individual and collective sonic experience, the dynamic potential of the urban sound environment and the complex evolution of the contemporary cityscape. It links urban sound art practices with larger urban design processes, revealing how sound contributes to the production of urban space. The research progresses by crafting a dynamic, integrative methodology that activates contrasting sonic perspectives to critically reassess the role of sound in the public realm. As it discloses this methodology, the research navigates the tension between new modes of urban sound design guided by critical artistic practice and more conventional strategies rooted in the paradigm of environmental noise. Efforts to address urban sonic conditions through quantifiable metrics are contextualised within a wider transition in which urban form is increasingly influenced by data capture, analysis and governance. Within this transition, the critical potential of sound as an active component of urban space is obscured by remedial strategies established to improve what are construed as unfavourable conditions. This research analyses the relationship between these remedial strategies, the emergence of the ISO soundscape standard and the concepts of urban ambiances, urban atmospheres and acoustic territories. It postulates that these centralising conceptual models can serve to limit as well as to advance the critical potential of this field, pursuing instead a more tactical, performative and pluralistic methodology. The articulation of this methodology is substantiated through the exposition of three major public artworks developed by the author, including: Continuous Drift (2015–), a permanent sound installation in a public urban square; The Manual for Acoustic Planning and Urban Sound Design (2013–2020), an artist placement exploring the role of the acoustic planner within a local authority; and The Office for Common Sound (2016–), a project space that fosters dialogue concerning sound within specific regional and institutional contexts. These projects expand the role of artistic practice within the context of urban design and spatial planning by activating the field of urban sound design within diverse spatial, administrative and social contexts. These projects extend established methodologies drawn from sound art, site-specific art and sound installation practices with tactics inherited from public, participatory and socially engaged art, demonstrating how artist-led strategies for urban sound design can advance new forms of spatial production through collaboration with diverse urban actors