An Empirical Investigation of the Utility of ‘pre-CIM’ models

that, by allowing a variety of stakeholders to take part in modelling, projects will be both more efficient than traditional approaches and will produce software that meets the needs of those stakeholders. This will be facilitated by transforming initial (CIM), models to design (PIM) and implementation (PSM). However, it follows that to gain fully from this strategy the initial models, which are the major driver for communication and validation of requirements and business needs, must be appropriate to this usage. The VIDE project was an EC funded project which produced a successful model driven development tool-set, incorporating a variety of modelling capabilities, at each stage of the MDA process. Aside from support for model transformations, one of the motivations for VIDE was to provide accessible models for those stakeholders representing the client (or business) who may not share the modelling perspective and experience of software engineers. This paper reports upon an empirical study which attempts to assess whether our proposed ‘pre-CIM’ models provide a more palatable starting point for users. In brief, our results suggest that the pre-CIM notation provides an accessible starting point for modelling, and enhance the modeller’s experience whilst also suggesting that the use of the notation may have a positive impact on the quality of subsequent models

The Derivation of a pragmatic requirements framework for web development.

Web-based development is a relatively immature area of Software Engineering, producing often complex applications to many different types of end user and stakeholders. Web Engineering as a research area, was created to introduce processes that enable web based development to be repeatable and to avoid potential failure in the fast changing landscape that is the current ubiquitous Internet. A survey of existing perspectives from the literature highlights a number of points. Firstly, that web development has a number of subtle differences to Software Engineering and that many web development methods are not used. Further, that there has been little work done on what should be in a web development method. A full survey of 50 web development methods finds that they do not give enough detail to be used in their entirety; they are difficult for a non-computer scientist to understand in the techniques they use and most do not cover the lifecycle, particularly in the area of requirements, implementation and testing. This thesis introduces a requirements framework for novice web developers. It is created following an in-depth case study carried out over two years that investigates the use of web development methods by novice developers. The study finds that web development methods are not easy to understand, there is a lack of explanation as to how to use the techniques within the method and the language used is too complex. A high level method is derived with an iterative process and with the requirements phase in the form of a framework; it addresses the problems that are discussed and provides excellent support for a novice web developer in the requirements phase of the lifecycle. An evaluation of the method using a group of novice developers who reflect on the method and a group who use it for development finds that the method is both easy to understand and use

Exploring the requirements process for a complex, adaptive system in a high risk software development environment

This work ties together research from a number of different areas to show how the develop-ment of a complex adaptive system for an industrial company has a number of difficulties given the current state of the art. The INFER system which is a Complex Adaptive System (CAS) has a number of attributes which mean that current requirements and indeed develop-ment processes are not able to cope with them adequately. A CAS can be recognised by the fact that it consists of a number of agents acting together dynamically resulting in emergent behaviour. This emergent behaviour cannot be predicted and thus, along with other phenom-ena such as reaction to and with the environment and deciding the different responsibilities of the components means that the requirements process for such a system is a current research area. A retrospective case study is underway to capture the rich data available from the ex-periences of building such a syste

Comprehension, Use Cases and Requirements

Within requirements engineering it is generally accepted that in writing specifications (or indeed any requirements phase document), one attempts to produce an artefact which will be simple to comprehend for the user. That is, whether the document is intended for customers to validate requirements, or engineers to understand what the design must deliver, comprehension is an important goal for the author. Indeed, advice on producing ‘readable’ or ‘understandable’ documents is often included in courses on requirements engineering. However, few researchers, particularly within the software engineering domain, have attempted either to define or to understand the nature of comprehension and it’s implications for guidance on the production of quality requirements. In contrast, this paper examines thoroughly the nature of textual comprehension, drawing heavily from research in discourse process, and suggests some implications for requirements (and other) software documentation. In essence, we find that the guidance on writing requirements, often prevalent within software engineering, may be based upon assumptions which are an oversimplification of the nature of comprehension. Furthermore, that these assumptions may lead to rules which detract from the quality of the requirements document and, thus, the understanding gained by the reader. Finally the paper suggests lessons learned which may be useful in formulating future guidance for the production of requirements documentation

Re-Identification Attacks – A Systematic Literature Review

The publication of increasing amounts of anonymised open source data has resulted in a worryingly rising number of successful re-identification attacks. This has a number of privacy and security implications both on an individual and corporate level. This paper uses a Systematic Literature Review to investigate the depth and extent of this problem as reported in peer reviewed literature. Using a detailed protocol ,seven research portals were explored, 10,873 database entries were searched, from which a subset of 220 papers were selected for further review. From this total, 55 papers were selected as being within scope and to be included in the final review. The main review findings are that 72.7% of all successful re-identification attacks have taken place since 2009. Most attacks use multiple datasets. The majority of them have taken place on global datasets such as social networking data, and have been conducted by US based researchers. Furthermore, the number of datasets can be used as an attribute. Because privacy breaches have security, policy and legal implications (e.g. data protection, Safe Harbor etc.), the work highlights the need for new and improved anonymisation techniques or indeed, a fresh approach to open source publishing

Embedding Requirements within the Model Driven Architecture

The Model Driven Architecture (MDA) brings benefits to software development, among them the potential for connecting software models with the business domain. This paper focuses on the upstream or Computation Independent Model (CIM) phase of the MDA. Our contention is that, whilst there are many models and notations available within the CIM Phase, those that are currently popular and supported by the Object Management Group (OMG), may not be the most useful notations for business analysts nor sufficient to fully support software requirements and specification. Therefore, with specific emphasis on the value of the Business Process Modelling Notation (BPMN) for business analysts, this paper provides an example of a typical CIM approach before describing an approach which incorporates specific requirements techniques. A framework extension to the MDA is then introduced; which embeds requirements and specification within the CIM, thus further enhancing the utility of MDA by providing a more complete method for business analysis

The derivation of a pragmatic requirements framework for web development

Web-based development is a relatively immature area of Software Engineering, producing often complex applications to many different types of end user and stakeholders. Web Engineering as a research area, was created to introduce processes that enable web based development to be repeatable and to avoid potential failure in the fast changing landscape that is the current ubiquitous Internet. A survey of existing perspectives from the literature highlights a number of points. Firstly, that web development has a number of subtle differences to Software Engineering and that many web development methods are not used. Further, that there has been little work done on what should be in a web development method. A full survey of 50 web development methods finds that they do not give enough detail to be used in their entirety; they are difficult for a non-computer scientist to understand in the techniques they use and most do not cover the lifecycle, particularly in the area of requirements, implementation and testing. This thesis introduces a requirements framework for novice web developers. It is created following an in-depth case study carried out over two years that investigates the use of web development methods by novice developers. The study finds that web development methods are not easy to understand, there is a lack of explanation as to how to use the techniques within the method and the language used is too complex. A high level method is derived with an iterative process and with the requirements phase in the form of a framework; it addresses the problems that are discussed and provides excellent support for a novice web developer in the requirements phase of the lifecycle. An evaluation of the method using a group of novice developers who reflect on the method and a group who use it for development finds that the method is both easy to understand and use.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Using IT Support to improve the quality of Peer Assisted Learning

Peer assisted learning (PAL) is one way to increase the empowerment of students through their learning practices and, hence, enhance their learning journey. PAL involves students mentoring groups of academically less experienced students; develops the quality and diversity of student learning, and enables students to become active partners in their learning experience. PAL supports student transition into higher education and there is evidence that it can aid retention in the early weeks of degree study. Retention is becoming a key issue for universities and one of the key performance indicators (KPIs) of quality education under the strategy for higher education set out by the current government. The PAL³ project is funded by Learn Higher and is an on going project investigating the use of IT support to improve the quality of Peer Assisted Learning. The project has set up a learning environment for students, and a knowledge base for PAL student mentors and PAL and other academic staff. This paper reports on initial findings from the project which can be divided into two strands. Firstly, the compilation of a staff knowledge base has highlighted the fact that PAL is known by different names and has different meanings in different places. We provide an initial classification. Secondly, the PAL student environment, which has been implemented and used by the student cohort and their PAL student mentors, has highlighted issues that were not envisaged at the beginning of the study and this has implications for future work

DPIA in Context: Applying DPIA to Assess Privacy Risks of Cyber Physical Systems

Cyber Physical Systems (CPS) seamlessly integrate physical objects with technology, thereby blurring the boundaries between the physical and virtual environments. While this brings many opportunities for progress, it also adds a new layer of complexity to the risk assessment process when attempting to ascertain what privacy risks this might impose on an organisation. In addition, privacy regulations, such as the General Data Protection Regulation (GDPR), mandate assessment of privacy risks, including making Data Protection Impact Assessments (DPIAs) compulsory. We present the DPIA Data Wheel, a holistic privacy risk assessment framework based on Contextual Integrity (CI), that practitioners can use to inform decision making around the privacy risks of CPS. This framework facilitates comprehensive contextual inquiry into privacy risk, that accounts for both the elicitation of privacy risks, and the identification of appropriate mitigation strategies. Further, by using this DPIA framework we also provide organisations with a means of assessing privacy from both the perspective of the organisation and the individual, thereby facilitating GDPR compliance. We empirically evaluate this framework in three different real-world settings. In doing so, we demonstrate how CI can be incorporated into the privacy risk decision-making process in a usable, practical manner that will aid decision makers in making informed privacy decisions