Click on each topic to see its description
Software ecosystems can be defined as large software systems that consist of various, constantly interacting,
and partly autonomous subsystems as well as stakeholders of the overall system [1,2].
Although the concept of a software ecosystem is relatively new [3], it has developed into a new area of research covering almost all essential domains in our lives such as medical, accommodation, transportation, music, and retail [4].
Despite active research concerning software ecosystems with special emphasis on their requirements (e.g., [5]) and architecture (e.g., [1]), there is a lack of prescriptive design knowledge guiding the design of successful software ecosystems [6].
More importantly, there is a lack of guidelines for practitioners on how they can engineer software ecosystems.
The objective of this thesis is to fill the aforementioned gap by developing a practical human-centered design approach [7]
for engineering software ecosystems. The approach will cover key phases of the ecosystem development lifecycle considering the
best practices that have been followed in a real industrial project.
References
[1] Bosch, J. (2009). From Software Product Lines to Software Ecosystems. Proceedings of the 13th International Software Product Line Conference, SPLC, 111-119.
[2] Knauss, A., Borici, A., Knauss, E., & Damian, D. (2012). Towards understanding requirements engineering in IT ecosystems. 2012 2nd IEEE International Workshop on Empirical Requirements Engineering, EmpiRE 2012 - Proceedings, 33-36.
[3] Messerschmitt, D. G., & Szyperski, C. (2005). Software Ecosystem: Understanding an Indispensable Technology and Industry.
[4] Parker, G. G., Alstyne, M. W. Van, & Choudary, S. P. (2016). Platform Revolution: How Networked Markets Are Transforming the Economy. In W. W. Norton & Company.
[5] Maiden, N. (2012). Exactly How are Requirements Written? IEEE Software, 29(1), 26-27.
[6] Wulfert, T., Woroch, R., Strobel, G., Seufert, S., & Möller, F. (2022). Developing design principles to standardize e-commerce ecosystems: A systematic literature review and multi-case study of boundary resources. Electronic Markets, 1-30.
[7] ISO. (2019). Ergonomics of human-system interaction — Part 210: Human-centred design for interactive systems. International Standard.
Conceptual Models (CMs) are central in almost every Information System (IS) as the quality of the end-system depends on the quality of the CMs [1],
i.e., CMs are being used for ISs analysis, design, and facilitate the development of such ISs to meet stakeholders' requirements.
Despite this, there are no generally accepted guidelines/practices for evaluating the quality of CMs [2], nor generally agreed-on quality
measures for such evaluation [3]. Accordingly, it is still not clear what constitutes a ``high-quality'' CM [3,4]. That is why conceptual
modeling is still considered an ``art'' rather than a mature engineering discipline [2]. Although there is an international standard for
evaluating software systems [5], no equivalent standard for evaluating the quality of CMs has been proposed. However, several frameworks
(e.g., [1,2,4,6]) have suggested various aspects (e.g., simplicity, relevance, completeness) that can be used for evaluating the quality of a CM.
This thesis aims to tackle this problem by proposing an approach for evaluating the quality of conceptual models.
This will be achieved by (1) reviewing and analyzing relevant literature to identify key quality aspects/attributes
(e.g., simplicity, relevance, completeness) of CMs; (2) specifying appropriate criteria for the assessment of each of them;
(3) evaluating the proposed approach with CM experts and by applying it to a real/realistic case study/scenario.
References
[1] Mehmood, K., & Cherfi, S. S.-S. (2009). Evaluating the functionality of conceptual models. In Advances in Conceptual Modeling-Challenging Perspectives (pp. 222-231). Springer.
[2] Cherfi, S. S., Akoka, J., & Comyn-Wattiau, I. (2007). Perceived vs. Measured Quality of Conceptual Schemas: An Experimental Comparison BT - Tutorials, posters, panels and industrial contributions at the 26th International Conference on Conceptual Modeling - ER 2007. Hal.Archives-Ouvertes.Fr, 83, 185–190.
[3] Maes, A., & Poels, G. (2006). Evaluating quality of conceptual models based on user perceptions. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 4215 LNCS, 54–67.
[4] Qi, Y. D., Qu, N., & Xie, X. F. (2010). Towards a preliminary ontology for conceptual model quality evaluating. Proceedings - 2010 International Conference on Web Information Systems and Mining, WISM 2010, 1, 329–334.
[5] ISO—International Organization for Standardization. (2001). ISO/IEC 9126-Software Engineering-Product Quality.
[6] Chidamber, S. R., & Kemerer, C. F. (1991). Towards a metrics suite for object oriented design. ACM SIGPLAN Notices, 26(11), 197-211.
Despite a growing number of individuals expressing heightened concerns about their privacy amid negative publicity regarding privacy breaches,
they paradoxically continue to disclose more information than ever before [1]. This discrepancy between privacy concern (an attitude) and information disclosure (a behavior)
is well known among privacy researchers and often referred to as the “privacy paradox” [2,3]. However, assessing privacy attitude is usually done relying on some existing privacy
scales (e.g., Westin's privacy index [4], Privacy Behavior Scale (PBS) [5], Internet Users' Information Privacy Concerns (IUIPC) Scale [6], Privacy Concerns Scale (PCS) [7],
and Online Privacy Concerns Scale (OPCS) [8]), which might be subject to some construct bias, they are not measuring what is supposed to measure. More specifically, these scales
provide valuable insights into individuals' attitudes and actions regarding the protection of their personal information, yet they seem to fail to accurately measure individuals'
privacy attitudes.
This thesis aims to tackle this problem by investigating existing privacy behavior scales/indexes, identifying their strengths and weaknesses, and proposing a novel privacy behavior
scale (PrBeS). The scale will be evaluated by privacy experts and by an experiment with potential end users.
References
[1] Beke, F. T., Eggers, F., Verhoef, P. C., & Wieringa, J. E. (2022). Consumers' privacy calculus: The PRICAL index development and validation. International Journal of Research in Marketing, 39(1), 20-41.
[2] Norberg, P. A., Horne, D. R., & Horne, D. A. (2007). The privacy paradox: Personal information disclosure intentions versus behaviors. Journal of Consumer Affairs, 41(1), 100-126.
[3] Acquisti, A., & Grossklags, J. (2005). Privacy and rationality in individual decision making. IEEE Security and Privacy, 3(1), 26-33.
[4] Kumaraguru, P., & Cranor, L. F. (2005). Privacy indexes: a survey of Westin's studies.
[5] Milne, G. R., & Gordon, M. E. (1993). Direct Mail Privacy-Efficiency Trade-offs within an Implied Social Contract Framework. Journal of Public Policy & Marketing, 12(2), 206-215.
[6] Malhotra, N. K., Kim, S. S., & Agarwal, J. (2004). Internet users' information privacy concerns (IUIPC): The construct, the scale, and a causal model. Information Systems Research, 15(4), 336-355.
[7] Phelps, J., Nowak, G., & Ferrell, E. (2000). Privacy concerns and consumer willingness to provide personal information. Journal of Public Policy and Marketing, 19(1), 27-41.
[8] Jafarkarimi, H., Saadatdoost, R., Sim, A. T. H., & Hee, J. M. (2016). Behavioral intention in social networking sites ethical dilemmas: An extended model based on Theory of Planned Behavior. Computers in Human Behavior, 62, 545-561.
In response to the excessive collection and misuse of Personal Information (PI), many privacy regulations that govern such collection and use have been enacted [1]. Consequently, privacy compliance has become a main concern for companies dealing with PI as failing to comply with these regulations results in huge fines [2]. These regulations rely heavily on the concept of informational self-determination [3]. Accordingly, companies are required to provide privacy protection mechanisms and inform data subjects (DSs) how their PI will be processed, leaving the burden of understanding relevant information and the use of protection mechanisms on the side of DSs. However, a considerable number of studies have demonstrated that most of these mechanisms fail to safeguard users because users do not understand how to use them properly [4]. This problem could be solved if the solution is designed with respect to the DS's capability for making informed decisions. However, it is not always easy to design a system that fits the needs of DSs with different experiences. A potential solution is the use of heuristics that can be defined as mental shortcuts or rules of thumb, which can be employed to decrease the cognitive burden and speed up the process of decision-making [5,6]. Specifically, privacy heuristics can be used to assist users in making informed decisions and acting accordingly. However, privacy heuristics are complex to design, and they are subject to bias [6], i.e., they may influence the DS judgments or decisions in a manner that is considered unethical, immoral, or socially responsible.
This thesis aims to tackle this problem by developing, testing, and validating design principles for responsible privacy heuristic.
References
[1] Gharib, M., Mylopoulos, J., & Giorgini, P. (2020). COPri - A Core Ontology for Privacy Requirements Engineering. Research Challenges in Information Science, 385, 472-489.
[2] Gharib, M., Giorgini, P., & Mylopoulos, J. (2017). Towards an Ontology for Privacy Requirements via a Systematic Literature Review. Lecture Notes in Computer Science, 10650 LNCS, 193-208.
[3] Gharib, M. (2022). Toward an architecture to improve privacy and informational self-determination through informed consent. Information and Computer Security, 30(4), 549-561.
[4] Jacobs, D., & McDaniel, T. (2022). A Survey of User Experience in Usable Security and Privacy Research. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13333 LNCS, 154-172.
[5] Hertwig, R., & Pachur, T. (2015). Heuristics, History of. International Encyclopedia of the Social and Behavioral Sciences: Second Edition, 829-835.
[6] Hjeij, M., & Vilks, A. (2023). A brief history of heuristics: how did research on heuristics evolve? Humanities and Social Sciences Communications, 10(1).
Microservices architecture has become an increasingly popular choice for big companies (e.g., Netflix, Amazon, and Spotify), especially in industry [1]. Specifically, microservice architecture offers several advantages to monolithic architecture such as resilience, flexibility, easier refactoring, scalability, etc., and many big companies have followed this trend and migrated their systems to microservice [2]. However, such migration from monolith to microservice has revealed drawbacks of adopting microservice architectures [3], which might not fit all types of companies. This has triggered a reverse migration from microservices back to monolithic architecture, and Amazon Prime Video is a good example of such companies. Consequently, it is not always clear which architecture could be the right choice for a company, and whether migration to microservices is required in the first place, and when the migration back to monolithic is a must.
This thesis aims to investigate current practices concerning system architectures in Estonian companies. Using Estonia as a case study is particularly interesting due to its high level of digitization, strong emphasis on adopting state-of-the-art system architectures, and the diverse domains that such companies are active in. More specifically, this thesis aims to answer the following research questions:
References
[1] Taibi, D., Lenarduzzi, V., & Pahl, C. (2017). Processes, Motivations, and Issues for Migrating to Microservices Architectures: An Empirical Investigation. IEEE Cloud Computing, 4(5), 22–32.
[2] Taibi, D., Lenarduzzi, V., & Pahl, C. (2018). Architectural patterns for microservices: A systematic mapping study. CLOSER 2018 - Proceedings of the 8th International Conference on Cloud Computing and Services Science, 2018-Janua, 221–232.
[3] Soldani, J., Tamburri, D. A., & Van Den Heuvel, W. J. (2018). The pains and gains of microservices: A Systematic grey literature review. Journal of Systems and Software, 146, 215–232.
Artificial intelligence (AI)/Machine learning (ML) can be described as the art and science of letting computers learn to perform complex tasks without being explicitly programmed to [1]. This has led to a dramatic increase in AI/ML adoption in almost all the main domains of our lives. One main advantage of using AI/ML systems is making or assisting in making [critical] decisions. Unlike humans, who might have various biases that can influence their objective decisions, AI/ML systems were expected to make precise and objective decisions [2]. However, AI/ML systems have been proven to suffer from bias and discriminative behavior just like humans [3]. Examples of such biased behavior cover many AI/ML applications [4][5], and may have serious consequences when they occur in sensitive domains, where AI/ML decisions may influence essential human rights (e.g., the right to equality). That is why assuring AI/ML fairness has emerged as an important area for research within the ML community [6]. This has led to a growing interest among AI/ML researchers on the issue of fairness metrics, and vast number of metrics have been developed to quantify AI/ML. However, many recent works have identified limitations, inadequacies, and insufficiencies in almost all existing fairness metrics [7], given that there are no universal means to measure fairness, i.e., there are no clear criteria to assess which measure is the ``best'''.
The aim of this thesis is to: (1) critically review available AI/ML fairness literature; (2) identify the strengths and weaknesses of the best current approaches to measure fairness in AI/ML; (3) specify the requirements for developing new metric(s) that address inadequacies/insufficiencies in existing fairness metrics; and (4) implementing and testing adequate fairness metric(s) that satisfy the aforementioned requirements.
Note: for a comprehensive survey of fairness in machine learning, you can refer to [8].
References
[1] M. Gharib, P. Lollini, M. Botta, E. Amparore, S. Donatelli, A. Bondavalli, On the Safety of Automotive Systems Incorporating Machine Learning Based Components: A Position Paper, in: Proc. - 48th Annu. IEEE/IFIP Int. Conf. Dependable Syst. Networks Work. DSN-W 2018, 2018: pp. 271–274. https://doi.org/10.1109/DSN-W.2018.00074.
[2] G. Sheshasaayee, Ananthi and Thailambal, Comparison of classification algorithms in text mining, Int. J. Pure Appl. Math. 116 (2017) 425–433.
[3] P. Molnar, L. Gill, Bots at the Gate: a human rights analysis of automated decision-making in Canada's immigration and refugee system, 2018.
[4] L. Sweeney, Discrimination in online Ad delivery, Commun. ACM. 56 (2013) 44–54
[5] S.L. Blodgett, B. O'Connor, Racial Disparity in Natural Language Processing: A Case Study of Social Media African-American English, in: Fairness, Accountability, Transpar. Mach. Learn., 2017.
[6] A. Agarwal, A. Beygelzimer, M. Dudfk, J. Langford, W. Hanna, A reductions approach to fair classification, in: 35th Int. Conf. Mach. Learn. ICML 2018, 2018: pp. 102–119.
[7] Yao, Sirui, and Bert Huang. "New fairness metrics for recommendation that embrace differences."
[8] Caton, Simon, and Christian Haas. "Fairness in machine learning: A survey." arXiv preprint arXiv:2010.04053 (2020).
Citizens Science (CS) is a research technique that enlists the public in gathering data. Although citizens themselves can be the source of such data, most of their participation in CS so far focused on furnishing data concerning almost everything except themselves. In particular, citizens can participate as data donors (CaDD), where they allow professionals to collect and/or have access to their Personal Data (PD) for the purposes of the public good. However, PD cannot be used without citizens' consent, therefore, citizens need to be well-motivated to participate as PD donors.
This thesis aims at proposing and validating a method for maximizing citizens' participation as data donors by understanding and addressing their privacy requirements taking into consideration the perceived benefits and ease of the donation behavior. The method will be based on the Theory of Planned Behavior (TPB) [1], which has been proven to be a useful tool in explaining, predicting and changing many human behaviors. Moreover, the TPB was a foundation for the Technology Acceptance Model (TAM) [2] that models how individuals come to accept and use a certain new technology.
Note: If you want to have a look at a preliminary version of this work including the types of techniques to be used for developing the method, please check this paper [3].
References
[1] Ajzen, I.: The Theory of Planned Behavior. Organizational Behavior & Human Decision Processes 50(2) (91) 179
[2] Davis, F.D., Bagozzi, R.P., Warshaw, P.R.: User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science 35(8) (2008) 982–1003
[3] Gharib, M.. Citizens as Data Donors: Maximizing Participation Through Privacy Assurance and Behavioral Change. In Data Privacy Management, Cryptocurrencies and Blockchain Technology (2020). Springer, Cham. pp. 229-239
Web accessibility refers to making web applications usable for people with disabilities, ensuring equal access to information and functionality. The Web Content Accessibility Guidelines (WCAG), developed by the World Wide Web Consortium (W3C), provide a set of standards for developers to follow to create accessible content. These guidelines focus on making web applications perceivable (i.e., users must be able to perceive all relevant UI components), operable (i.e., users must be able to navigate and correctly interact with the application), understandable (i.e., users must be able to read and comprehend the content), and robust (i.e., the content must work reliably across various technologies and assistive devices) for all users, including those with visual, auditory, and cognitive impairments.
The main aim of this thesis is offering an approach for designing Web Application compliant with the WCAG standards by answering the following Research Questions (RQ):
Personalization in web applications refers to tailoring the user experience to meet individual preferences, needs, and behaviors. With the rise of artificial intelligence (AI), personalization has moved from basic customization to a complex data-driven experiences. AI can analyze vast amounts of data, learn from user behavior, and make real-time adjustments, providing users with relevant content, recommendations, and interactions.
This thesis will explore the role of AI in enhancing user personalization in web applications, focusing on techniques, models, and frameworks used to create personalized user experiences (UX). Specifically, this thesis will aim to answer the following Research Questions (RQ):
Click on each topic to see its description
``I have read and agree to the Privacy Policy''. This can be described as one of the biggest lies in the current times, and that is all what a service provider needs to acquire what can be called ``informed consent'', which allows it to do as it pleases with your Personal Information (PI). Although many developed countries have enacted privacy laws and regulations to govern the collection and use of PI as a response to the increased misuse of PI, these laws and regulations rely heavily on the concept of informational self-determination through the ``notice'' and ``consent/choice'' model. This model is inefficient for acquiring informed consent simply because current mechanisms for presenting the notice and obtaining the consent are deeply flawed as indicated by many researchers because they are neither useful nor usable. More specifically, most notices are long and complex [1]; hard to be understood by ordinary people [2], and do not help much in assessing the consequences and risks related to consenting [3]. Consequently, most data subjects (DSs), usually, blindly accept such notices [4].
However, if a data subject did not read, understand and comprehend the consequences and risks of consenting, such consent cannot be informed [5], accordingly, it is not valid.
The challenge of providing ``usable'' privacy notice has been recognized as an open challenge [6], and suggestions to improve it are scattered over the literature.
This thesis aims at answering an important Research Question (RQ) ``How can we identify potential risks and/or consequences of consenting and make DSs aware of them'', which will result in a more ``usable'' privacy notice.
This thesis will use the ontology proposed in [7] as a baseline, aiming at extending and refining its concepts to properly answering the RQ. The developed ontology will be evaluated with the help of some software tools, lexical semantics experts, and privacy and security researchers.
References
[1] Alfssandro Acquisti and Jens Grossklags. Privacy and rationality in individual decision making. IEEE Security and Privacy, 3(1):26–33, 2005.
[2] Frederik Zuiderveen Borgesius. Informed consent: We can do better to defend privacy. IEEE Security and Privacy, 13(2):103–107, 2015.
[3] Bart Custers, Francien Dechesne, Wolter Pieters, Bart Schermer, and Simone van der Hof. Consent and privacy. Technical report, 2018.
[4] Bart W. Schermer, Bart Custers, and Simone van der Hof. The crisis of consent: How stronger legal protection may lead to weaker consent in data protection. Ethics and Information Technology, 16(2):171–182, 2014.
[5] Ra´ul Pardo and Daniel Le M´etayer. Analysis of privacy policies to enhance informed consent. In IFIP Annual Conference on Data and Applications Security and Privacy, volume 11559 LNCS, pages 177–198. Springer Verlag, 2019.
[6] Schaub, Florian, et al. "A design space for effective privacy notices." Eleventh symposium on usable privacy and security. 2015.
[7] Gharib, Mohamad. "Toward an architecture to improve privacy and informational self-determination through informed consent." Information & Computer Security 30.4 (2022): 549-561.
Unlike traditional monolith systems, microservice-based architecture is a comparatively new architectural style that structures a system/application into a set of small, independent microservices [1].
More specifically, microservice architecture is characterized by building a system/application through the composition of independent functional units, running its own process, and communicating via message exchange [2].
Although this new architecture offers new advantages to overcome current issues with monolith systems like the difficulties of maintenance, scalability, and system evolvement [3], it results in new challenges such as increased complexity, and typically high release frequency [4].
This makes adopting a microservice architecture a very challenging decision. What is more challenging is assessing/evaluating how successful a microservices-based system is when adopted/implemented since existing approaches for evaluating service-oriented systems are difficult to apply within microservice architectures [4], and there is no agreed-upon approach for assessing/evaluating microservices-based systems [4,5].
This thesis aims at tackling this problem by proposing a metrics-based approach for assessing/evaluating microservices-based systems. This will be achieved by (1) critically reviewing and analyzing relevant literature to identify key attributes/principles (e.g., scalability, independence, maintainability) of microservices-based systems architecture; (2) specifying appropriate metric(s)/measure(s) for each selected attributes/principles; (3) evaluating the proposed approach with experts and by applying it to a real/realistic case study/scenario.
References
[1] Engel, Thomas, et al. "Evaluation of microservice architectures: A metric and tool-based approach." Information Systems in the Big Data Era: CAiSE Forum 2018, Tallinn, Estonia, June 11-15, 2018, Proceedings 30. Springer International Publishing, 2018.
[2] Dragoni, N., Giallorenzo, S., Lafuente, A. L., Mazzara, M., Montesi, F., Mustafin, R., & Safina, L. (2017). Microservices: yesterday, today, and tomorrow. Present and ulterior software engineering, 195-216.
[3] Alshuqayran, Nuha, Nour Ali, and Roger Evans. "A systematic mapping study in microservice architecture." 2016 IEEE 9th International Conference on Service-Oriented Computing and Applications (SOCA). IEEE, 2016.
[4] Bogner, Justus, Stefan Wagner, and Alfred Zimmermann. "Towards a practical maintainability quality model for service-and microservice-based systems." Proceedings of the 11th European Conference on Software Architecture: Companion Proceedings. 2017.
[5] Zdun, Uwe, Elena Navarro, and Frank Leymann. "Ensuring and assessing architecture conformance to microservice decomposition patterns." Service-Oriented Computing: 15th International Conference, ICSOC 2017, Malaga, Spain, November 13–16, 2017, Proceedings. Springer International Publishing, 2017.
Web applications become more complex consisting of various software components, languages, and interfaces that not only provide stand-alone functions to the end user, but are also integrated with corporate databases and business applications [1]. Although web applications, like traditional software, require development processes/ methodologies, existing traditional software methodologies are not efficient for the development of web applications because they leave out relevant features that this kind of system has [2]. Specifically, web applications have distinguished characteristics that cannot be captured properly by existing traditional methods including: volatile requirements, multiple end-users and stakeholders, short deadlines, and limited resources, etc. [3]. As a result, various development methodologies have emerged, such as Object-Oriented hypermedia (OO–H method) [4], Scenario-based object-oriented hypermedia design methodology (SOHDM) [5], Object-oriented hypermedia design model (OOHDM) [6], UML-based web engineering (UWE) [7], and Web modeling language (WebML) [8] to mention a few. However, these methodologies did not see the level of adoption that their counterparts in traditional software applications have seen. A main drawback in most of these methodologies is their proposed modeling languages that are either too complex to be used, or very abstract to be practically useful.
To this end, a novel modeling language for web application design is required, and the main aim of this thesis is to propose it. This will be achieved by (1) critically reviewing available modeling language for designing web applications; (2) identifying their strength and weaknesses, (3) deriving a set of key requirements that the modeling language to be developed needs to meet, and (4) developing the modeling language according to the previously mentioned requirements. The developed modeling language will be evaluated by peer experts, and validated by applying it to a real/realistic case study/scenario.
References
[1] Huang, Yen-Chieh, and Chih-Ping Chu. "Developing web applications based on model driven architecture." International Journal of Software Engineering and Knowledge Engineering 24.02 (2014): 163-182.
[2] Molina-Ríos, Jimmy, and Nieves Pedreira-Souto. "Comparison of development methodologies in web applications." Information and Software Technology 119 (2020): 106238.
[3] Al-Salem, Lana S., and Ala Abu Samaha. "Eliciting Web application requirements–an industrial case study." Journal of Systems and Software 80.3 (2007): 294-313.
[4] Muller, Pierre-Alain, et al. "Platform independent Web application modeling and development with Netsilon." Software & Systems Modeling 4 (2005): 424-442.
[5] Escalona, M. José, and Nora Koch. "Requirements engineering for web applications–a comparative study." Journal of web Engineering (2003): 193-212.Escalona, M. José, and Nora Koch. "Requirements engineering for web applications–a comparative study." Journal of web Engineering (2003): 193-212.
[6] Schwabe, Daniel, and Gustavo Rossi. "The object-oriented hypermedia design model." Communications of the ACM 38.8 (1995): 45-46.
[7] Koch, Nora, and Andreas Kraus. "The expressive power of uml-based web engineering." Second International Workshop on Web-oriented Software Technology (IWWOST02). Vol. 16. CYTED, 2002.
[8] Ceri, Stefano, Piero Fraternali, and Aldo Bongio. "Web Modeling Language (WebML): a modeling language for designing Web sites." Computer Networks 33.1-6 (2000): 137-157.
The success of any software system is determined based on whether it meets its users’ and stakeholders' needs and expectations, where these needs and expectations serve as a key source for specifying the requirements for the system [1]. In the Requirements Engineering (RE) community, requirements are, traditionally, classified into functional and non-functional (quality) requirements, and a successful system should satisfy both types of these requirements [2]. While engineering methodologies have matured to handle functional and various types of quality requirements (e.g., usability, reliability) [3], emotional requirements have received relatively less attention from the RE community. Emotional requirements capture how users should feel when using the system [4]. Consequently, inadequate consideration of such requirements can result in end-users' reluctance to use the system [5]. Therefore, capturing and addressing the emotional requirements of end users during the system design is essential for a successful system as it improves its acceptance and usability. However, this is not an easy task as existing approaches for dealing with emotional requirements (e.g., motivational goal modeling (MMs) [3, 4]) are relatively scarce, they capture emotional requirements at a high abstraction level, they lack a systematic process for the refinement of emotional requirements, and, most importantly, they do not provide any formal semantics that allows any kind of automated analysis.
The aim of this research is tackling this problem by proposing a model-based approach for modeling and analyzing emotional requirements. The contributions of this research include: (1) A UML profile [6] for modeling emotional requirements along with other requirements (functional and quality) of the system to be. (2) An automated analysis support that allows for verifying emotional requirements models. More specifically, several properties of the design, represented as OCL (Object Constraint Language [7]), will be formulated to verify the models. (3) A tool that allows emotional requirements models to be generated and verified depending on OCL constraints. (4) An engineering methodology to assist designers while dealing with emotional requirements.
The approach will follow a Design Science Research (DSR) approach [8], which identifies the problem that needs to be solved, motivates the development of the solution as a design artifact, and evaluates the application of the developed solution through a relevant scenario.
References
[1] Sommerville, Ian. "Software engineering (ed.)." America: Pearson Education Inc (2011).
[2] Chung, Lawrence, et al. Non-functional requirements in software engineering. Vol. 5. Springer Science & Business Media, 2012.
[3] Miller, Tim, et al. "Emotion-led modelling for people-oriented requirements engineering: the case study of emergency systems." Journal of Systems and Software 105 (2015): 54-71.
[4] Iqbal, T., Anwar, H., Filzah, S., Gharib, M., Mooses, K., & Taveter, K. (2023, May). Emotions in Requirements Engineering: A Systematic Mapping Study. In 2023 IEEE/ACM 16th International Conference on Cooperative and Human Aspects of Software Engineering (CHASE) (pp. 111-120). IEEE.
[5] Mendoza, Antonette, et al. "The role of users’ emotions and associated quality goals on appropriation of systems: two case studies." (2013).
[6] Fuentes-Fernández, Lidia, and Antonio Vallecillo-Moreno. "An introduction to UML profiles." UML and Model Engineering 2.6-13 (2004): 72.
[7] Cabot, Jordi, and Martin Gogolla. "Object constraint language (OCL): a definitive guide." International school on formal methods for the design of computer, communication and software systems. Berlin, Heidelberg: Springer Berlin Heidelberg, 2012. 58-90.
[8] Hevner, Alan R., et al. "Design science in information systems research." Management Information Systems Quarterly 28.1 (2008): 6.
Over the past decades, Enterprise Systems (ESs) (also called Enterprise Information Systems (EISs)) have emerged as a promising tool for integrating and extending functionalities and services at both intra-organizational and inter-organizational levels [1]. In particular, ESs are, usually, the result of integrating two or more existing organizational systems into broader intra/inter-organizational ES [2]. The software engineering community has always been faced with different challenges in designing and developing larger complex systems such as ESs. One of these challenges is specifying the requirements for ESs, especially, the requirements related to the integration aspects of the ES (integration requirements), e.g., they may not be easily identified because they may manifest themselves in a vague way within the overall set of the ES requirements, they might be overlooked, ignored or considered irrelevant, they might exist in different forms (e.g., functional or non-functional requirements), etc. However, integration requirements are a vital success factor for any ES, they may have an impact on the overall performance of the ES since if they are incorrect, incomplete, and/or inconsistent; the ES-to-be is likely to suffer from serious issues [3]. Although much effort has been devoted to engineering requirements for ESs (e.g., [1, 4, 5]) with a particular focus on “architecturally significant requirements” (e.g., [2, 6]), no specialized approach has been developed for dealing with "integration requirements". This results in dealing with such important requirements in an ad-hoc manner.
The objective of this thesis is to fill the aforementioned gap by developing an approach for identifying (e.g., eliciting, specifying, and/or deriving), analyzing, and validating integration requirements for ESs. This objective will be achieved by (1) critically reviewing available literature on ES’s requirements; (2) reviewing available requirements engineering practices, identifying their strength and weaknesses for dealing with integration requirements; and based on best practices (3) proposing approach for identifying, analyzing and validating integration requirements. The approach will be validated by applying it to a real/realistic case study/scenario.
References
[1] L. D. Xu, “Enterprise systems: State-of-the-art and future trends,” IEEE Trans. Ind. Informat., vol. 7, no. 4, pp. 630–640, Nov. 2011.
[2] Niu, N., Da Xu, L., Cheng, J.R.C. and Niu, Z., 2013. Analysis of architecturally significant requirements for enterprise systems. IEEE Systems Journal, 8(3), pp.850-857.
[3] B. Nuseibeh and S. Easterbrook, “Requirements engineering: A roadmap,” in Proc. Future Softw. Eng., Limerick, Ireland, 2000.
[4] H. M. Kim, S. Lu, J. S. Kim, and B.-D. Kim, “Parallel, multistage model for enterprise system planning and design,” IEEE Syst. J., vol. 4, no. 1, pp. 6–14, Mar. 2010.
[5] M. Fonoage, I. Cardei, and R. Shankar, “Mechanisms for requirements driven component selection and design automation,” IEEE Syst. J., vol. 4, no. 3, pp. 396–403, Sep. 2010.
[6] Chen, L., Babar, M.A. and Nuseibeh, B., 2012. Characterizing architecturally significant requirements. IEEE Software, 30(2), pp.38-45.
It is well acknowledged in Requirements Engineering (RE) community that most requirements are related to one another [1]. According to Carlshamre et al., [2], only a fifth of the requirements are not related to or influenced by any other requirements. Requirements interdependencies capture how requirements relate to and affect each other [3], and it is one of the main problems to be handled for delivering quality requirements, and in turn, quality system/software. This said, requirements interdependencies cannot be overlooked or ignored and must be properly handled. In particular, requirements dependencies influence several design, development, and implementation decisions [4], and inappropriate handling of such interdependency can lead to software/system development failures [5].
Although various interdependencies among requirements have been considered in the literature (e.g., requires, refines, similar, or conflicts [6]), they are not able to cope with the advancement on the requirements side. More specifically, systems are becoming more complex, leading to more complex interdependencies among their requirements, which available interdependencies might not be able to capture them. Moreover, different types of requirements (e.g., emotional, awareness) have been introduced in the last two decades, and their dependencies cannot be appropriately captured with available dependencies types. Finally, research on dependencies is mainly focused on general dependencies overlooking the special types of some requirements.
The objective of this study is to synthesize existing knowledge in available literature concerning requirements interdependencies to answer the following three research questions (RQs):
RQ1: What are the available types of requirements interdependencies?
RQ2: How available types of requirements interdependencies are used among the different types of requirements?
RQ3: Which key aspects of requirements interdependencies (e.g., traceability, prioritization) cannot be captured by available types of requirements interdependencies?
Based on the answers to the aforementioned three questions, a new taxonomy of requirements interdependencies will be developed.
References
[1] Dahlstedt, Åsa G., and Anne Persson. "Requirements interdependencies: state of the art and future challenges." Engineering and managing software requirements (2005): 95-116.
[2] Carlshamre, Pär, et al. "An industrial survey of requirements interdependencies in software product release planning." International Symposium on Requirements Engineering. IEEE, 2001.
[3] Tabassum, Mirza Rehenuma, et al. "Determining interdependency among non-functional requirements to reduce conflict."International Conference on Informatics, Electronics & Vision (ICIEV). IEEE, 2014.
[4] Robinson, William N., Suzanne D. Pawlowski, and Vecheslav Volkov. "Requirements interaction management." ACM Computing Surveys (CSUR) 35.2 (2003): 132-190.
[5] Noviyanto, Fiftin, Rozilawati Razali, and Mohd Zakree Ahmad Nazree. "Understanding requirements dependency in requirements prioritization: a systematic literature review." International Journal of Advances in Intelligent Informatics 9.2 (2023): 249-272.
[6] Gharib, Mohamad, et al. "Privacy requirements: findings and lessons learned in developing a privacy platform." International Requirements Engineering Conference (RE). IEEE, 2016.
"If the user can't use it, it doesn't work" - Susan Dray
Research in the field of usable security has shown that the success of any security mechanism relies heavily on its usability by its intended users.
In other words, a security mechanism has to be simple, practical, time-saving, and plausible [1], otherwise, users will try to avoid its use.
However, it is not always easy to determine whether a security mechanism is usable or not as some of these mechanisms are difficult for the average user to understand [2], and there is no agreed-upon tool for such assessment.
More specifically, designing a realistic experience for a laboratory or online study of security is difficult [3], thus, practitioners, usually, rely on User Experience (UX) measures to perform such assessments even though such measures partially capture usability aspects [4], and most of the available UX measures are a self-reporting questionnaire (e.g., user experience questionnaire (UEQ, UEQ+) [5]), which can be highly subjective depending on the participants and open to the risk of human bias.
This thesis aims at tackling this problem by proposing a cyber-security-aware user experience measure. This will be achieved by (1) reviewing and analyzing relevant UX and Usability measures to identify key items to be considered; (2) providing automated means to capture and analyze each of these items; (3) evaluating the proposed measure with experts and by testing it with end users considering a commonly used security mechanism (e.g., user authentication).
References
[1] Jacobs, Danielle, and Troy McDaniel. "A survey of user experience in usable security and privacy research." International Conference on Human-Computer Interaction. Cham: Springer International Publishing, 2022.
[2] Reuter, Christian, Luigi Lo Iacono, and Alexander Benlian. "A quarter century of usable security and privacy research: transparency, tailorability, and the road ahead." Behaviour & Information Technology 41.10 (2022): 2035-2048.
[3] Cranor, Lorrie Faith, and Norbou Buchler. "Better together: Usability and security go hand in hand." IEEE Security & Privacy 12.6 (2014): 89-93.
[4] Distler, Verena, et al. "Security–visible, yet unseen? how displaying security mechanisms impacts user experience and perceived security." Proceedings of ACM CHI Conference on Human Factors in Computing Systems (CHI2019). 2019.
[5] Laugwitz, Bettina, Theo Held, and Martin Schrepp. "Construction and evaluation of a user experience questionnaire." HCI and Usability for Education and Work: 4th Symposium of the Workgroup Human-Computer Interaction and Usability Engineering of the Austrian Computer Society, USAB, Graz, Austria, November 20-21. Proceedings Springer Berlin Heidelberg, 2008.