Creadtivity: um processo que integra design thinking e técnicas de criatividadade na elicitação de requisitos de software

VALENÇA, Marcello Cysneiros Landim

10 June 2016

Submitted by Rafael Santana (rafael.silvasantana@ufpe.br) on 2017-05-04T18:50:45Z No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Dissertação - Marcello.pdf: 3678946 bytes, checksum: 257c255d9fcd97bd9f9631b0200bad58 (MD5) / Made available in DSpace on 2017-05-04T18:50:45Z (GMT). No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Dissertação - Marcello.pdf: 3678946 bytes, checksum: 257c255d9fcd97bd9f9631b0200bad58 (MD5) Previous issue date: 2016-06-10 / As soluções de Tecnologia da Informação vêm se tornando cada vez mais parte da vida cotidiana das pessoas, e com isso as exigências sobre a utilidade e a usabilidade têm crescido continuamente. Os problemas a serem resolvidos estão cada vez mais complexos, e as técnicas tradicionais utilizadas pelos engenheiros de software para encontrar oportunidades e resolver problemas nem sempre conseguem atingir o seu objetivo e, quando o fazem, nem sempre chegam a produtos que satisfaçam os usuários e tragam vantagem competitiva para a empresa. A verdade é que os produtos de TI dependem, cada vez mais, da dinâmica da vida social, que não são primariamente a preocupação da engenharia, mas do design. Nesse contexto, o Design Thinking fornece uma metodologia para elicitar as necessidades dos usuários, produzindo uma série de protótipos rápidos e simples que eventualmente convergem para soluções inovadoras. Já as técnicas de criatividade possuem uma grande capacidade de geração de novas ideias, o que pode ajudar na elicitação de requisitos. Para integrar a filosofia do Design Thinking e as técnicas de criatividade, unindo assim os conceitos do design com a exploração de novas ideias, um processo estruturado foi proposto. Este trabalho descreve esse processo, chamado de Creadtivity, que integra a metodologia do Design Thinking com técnicas de criatividade para elicitação de requisitos de software, visando promover a inovação. Espera-se que este processo possa ser utilizado para ampliar as habilidades das equipes de TI para resolver problemas de forma criativa. Uma primeira avaliação do processo foi realizada através da aplicação do processo em uma empresa de desenvolvimento de software e da utilização de um questionário para coletar os dados. Uma segunda avaliação foi feita através de um experimento para a utilização do processo por alunos de mestrado e posterior comparação dos protótipos gerados, realizada pelos stakeholders e especialistas em design. Como resultado das duas avaliações, o Creadtivity se mostrou fácil de ser aprendido e utilizado, sistemático e possível de ser integrado com outros processos e técnicas. Já o resultado da comparação dos protótipos mostrou que o protótipo gerado pela equipe que utilizou o Creadtivity possui indícios de inovação. / IT solutions are becoming more and more part of people’s everyday life, and with that the demands on usefulness and usability have been growing continuously. The problems to be solved are increasingly complex, and traditional techniques used by software engineers to find opportunities and solve problems do not always manage to achieve their goals and, when they do, the result is not always a product that satisfies users and brings competitive advantage to the company. The truth is that IT products deeply depend on social life dynamics, which are primarily not the concern of engineering but of design. In this context, Design Thinking provides a methodology to elicit user needs, producing a series of quick and simple prototypes that eventually converge to innovative solutions. In addition, creativity techniques have a great capacity to generate new ideas, which can help in the requirements elicitation. To integrate the philosophy of design thinking with creativity techniques, thus uniting concepts of design with the exploitation of new ideas, a structured process was proposed. This paper describes this process, called Creadtivity, which integrates the Design Thinking methodology with creativity techniques for software requirements elicitation, in order to reach innovation. The aim is that this process can be used to expand the skills of IT teams to solve problems creatively. A first evaluation of the process was carried out by applying the process in a software development company and by using a questionnaire to collect data. A second evaluation was performed through an experiment for the use of the process by master's students and subsequent comparison of the prototypes generated, getting the opinion of stakeholders and experts in design. As a result of the two assessments, Creadtivity proved to be easy to be learned and used, systematic and possible to be integrated with other processes and techniques. In addition, the result of the comparison of the prototypes showed that the prototype generated by the team using Creadtivity has indication of innovation.

A Framework for Security Requirements : Security Requirements Categorization and Misuse Cases / En ram för Säkerhetskrav : Säkerhetskrav kategorisering och missbruk ärenden

Bogale, Helen Yeshiwas, Ahmed, Zohaib

January 2011

Context: Security Requirements engineering is necessary to achieve secure software systems. Many techniques and approaches have been proposed to elicit security requirements in the initial phases of development. With the growing importance of security and immense increase in security breaches over the past few years, researchers and practitioners have been striving to achieve a mature process of coping with security requirements. Much of the activities in this regard are seen in academia but industry still seems to be lacking in giving the required importance to security requirements engineering. That is why, security requirements engineering is still not always considered as a central part of requirements engineering. This study is targeted to bridge this gap between academia and industry in terms of security requirements engineering and to provide a concrete approach to efficiently elicit and specify security requirements. The Misuse case technique is proposed for this purpose. However it lacks in providing guidelines for enabling scalable use. This limitation has been addressed to achieve a mature process of security requirements elicitation. Objectives: In this study, we propose a framework to elicit security requirements early in the software development using misuse case technique. Objective is to make misuse case technique scalable and applicable to the real-world projects. The proposed framework was presented to two representatives from the Swedish Armed Forces (SWAF). The feedback received from the representatives was utilized to refine, update and finalize the framework. Methods: The study involved a systematic review to gain an insight of the academic perspective in the area of study. Document extraction was adopted to observe the industrial trends in the said subject. These were the software requirements specification documents of the real-world systems. Document extraction was supported with informed brainstorming because the study revolved around misuse case technique and informed brainstorming is considered to be the most suitable technique for this purpose. A workshop was conducted with two representatives of Swedish Armed Forces followed by two subsequent asynchronous communication rounds and a facilitated session to get feedback about the proposed solution. This feedback was utilized to refine, update and finalize the proposed solution. Results: The results of the systematic review were organized in tabular forms for a clear understanding and easy analysis. A security requirements categorization was obtained as a result which was finalized after an initial validation with the help of real-world projects. Furthermore, a framework was proposed utilizing this categorization to address the limitations of misuse case technique. The framework was created and refined through workshop and different communication rounds with representatives of SWAF. Their feedback was used as input to further improve the usefulness and usability aspects of the framework. Conclusions: The significance of security requirements engineering is undisputedly accepted both in academia and industry. However, the area is not a subject of practice in industrial projects. The reasons include lack of mature processes as well as expensive and time consuming solutions. Lack of empirical evidences adds to the problems. The conducted study and proposed process of dealing with this issue is considered as a one step forward towards addressing the challenges. / Säkerhet Kravhantering är nödvändigt för att uppnå säkra programvarusystem. Många tekniker och metoder har föreslagits för att framkalla säkerhetskraven i de inledande faserna i utvecklingen. Med den växande betydelsen av säkerhet och enorma ökning av brott mot säkerheten under de senaste åren har forskare och praktiker strävat efter att uppnå en mogen process för att klara säkerhetskraven. Mycket av verksamheten i detta avseende ses i den akademiska världen, men industrin fortfarande tycks saknas i att ge den nödvändiga betydelse för säkerheten kravhantering. Därför är säkerheten kravhantering fortfarande inte alltid som en central del av kravhantering. Denna studie är inriktad att överbrygga denna klyfta mellan akademi och näringsliv när det gäller säkerhet kravhantering och att ge en konkret strategi för att effektivt få fram och specificera säkerhetskrav. Missbruk fallet tekniken föreslås för detta ändamål. Men det saknar i att ge riktlinjer för att möjliggöra skalbar användning. Denna begränsning har åtgärdats för att uppnå en mogen process av säkerhetskrav elicitation. / +46 (0) 735 84 12 97, +46 (0) 760 60 96 55

Misuse Case

Security Requirements

Categorization

Elicitation

Specification

Computer Sciences

Datavetenskap (datalogi)

Software Engineering

Programvaruteknik

Evaluating GQM+ Strategies Framework for Planning Measurement System

Asghari, Negin

January 2012

Context. Most organizations are aware of the significance of software measurement programs to help organizations assess and improve the ways they develop software. Measurement plays a vital role in improving software process and products. However, the number of failing measurement programs is high and the reasons are vary. A recent approach for planning measurement programs is GQM+Strategies, which makes an important extension to existing approaches, it links measurements and improvement activities to strategic goals and ways to achieve this goals. However, concrete guides of how to collect the information needed to use GQM+strategies is not provided in the literature yet. Objectives. The contribution of this research is to propose and assess an elicitation approach (The Goal Strategy Elicitation (GSE) approach) for the information needed to apply GQM+strategies in an organization, which also leads to a partial evaluation of GQM+strategies as such. In this thesis, the initial focus is placed on eliciting the goals and strategies in the most efficient way. Methods. The primary research approach used is action research, which allows to flexibly assess a new method or technique in an iterative manner, where the feedback of one iteration is taken into the next iteration, thus improving on the method or technique proposed. Complementary to that, we used literature review with the primary focus to position the work, explore GQM+strategies, and to determine which elicitation approach for the support of measurement programs have been proposed. Results. The Goal Strategy Elicitation (GSE) approach as a tool for eliciting goals and strategies within the software organization to contribute in planning a measurement program has been developed. The iterations showed that the approach of elicitation may not be too structured (e.g. template/notation based), but rather shall support the stakeholders to express their thoughts relatively freely. Hence, the end-result was an interview guide, not based on notations (as in the first iteration), and asking questions in a way that the interviewees are able to express themselves easily without having to e.g. distinguish definitions for goals and strategies. Conclusions. We conclude that the GSE approach is a strong tool for the software organization to be able to elicit the goals and strategies to support GQM+Strategies. GSE approach evolved in each iteration and the latest iteration together with the guideline is still used within the studied company for eliciting goals and strategies, and the organization acknowledged that they will continue to do so. Moreover, we conclude that there is a need for further empirical validation of the GSE approach in further full-scale industry trials.

Goal-based measurement program

GQM

Goal definition

Goals and Strategies elicitation

Software Engineering

Programvaruteknik

Signature-based activity detection based on Bayesian networks acquired from expert knowledge

Fooladvandi, Farzad

January 2008

The maritime industry is experiencing one of its longest and fastest periods of growth. Hence, the global maritime surveillance capacity is in a great need of growth as well. The detection of vessel activity is an important objective of the civil security domain. Detecting vessel activity may become problematic if audit data is uncertain. This thesis aims to investigate if Bayesian networks acquired from expert knowledge can detect activities with a signature-based detection approach. For this, a maritime pilot-boat scenario has been identified with a domain expert. Each of the scenario’s activities has been divided up into signatures where each signature relates to a specific Bayesian network information node. The signatures were implemented to find evidences for the Bayesian network information nodes. AIS-data with real world observations have been used for testing, which have shown that it is possible to detect the maritime pilot-boat scenario based on the taken approach.

Signature-based detection

Bayesian networks

knowledge elicitation

information fusion

maritime situation awareness

Computer Sciences

Datavetenskap (datalogi)

A Framework for Security Requirements Elicitation

Islam, Gibrail, Qureshi, Murtaza Ali

January 2012

Context: Security considerations are typically incorporated in the later stages of development as an afterthought. Security in software system is put under the category of non-functional requirements by the researchers. Understanding the security needs of a system requires considerable knowledge of assets, data security, integrity, confidentiality and availability of services. Counter measures against software attacks are also a security need of a software system. To incorporate security in the earliest stages, i.e. requirement gathering, helps building secure software systems from the start. For that purpose researchers have proposed different requirements elicitation techniques. These techniques are categorized into formal and informal techniques on the basis of finiteness and clarity in activities of the techniques. Objectives: Limitations of formal methods and lack of systematic approaches in informal elicitation techniques make it difficult to rely on a single technique for security requirements elicitation. Therefore we decided to utilize the strengths of formal and informal technique to mitigate their weaknesses by combining widely used formal and informal security requirements elicitation techniques. The basic idea of our research was to integrate an informal technique with a formal technique and propose a flexible framework with some level of formality in the steps. Methods: We conducted a systematic literature review to see “which are the widely used security requirement elicitation techniques?” as a pre-study for our thesis? We searched online databases i.e. ISI, IEEE Xplore, ACM, Springer, Inspec and compendeX. We also conducted a literature review for different frameworks that are used in industry, for security requirement elicitation. We conducted an experiment after proposing a security requirements elicitation Framework and compared the result from the Framework with that of CLASP and Misuse cases. Results:Two types of analysis were conducted on results from the experiment: Vulnerability analysis and Requirements analysis with respect to a security baseline. Vulnerability analysis shows that the proposed framework mitigates more vulnerabilities than CLASP and Misuse Cases. Requirements analysis with respect to the security baseline shows that the proposed framework, unlike CLASP and Misuse cases, covers all the security baseline features. Conclusions:The framework we have proposed by combining CLASP, Misuse cases and Secure TROPOS contains the strengths of three security requirements elicitation techniques. To make the proposed framework even more effective, we also included the security requirements categorization by Bogale and Ahmed [11]. The framework is flexible and contains fifteen steps to elicit security requirements. In addition it also allows iterations to improve security in a system

Security Requirement Engineering

Software Security

Software Engineering

Programvaruteknik

An Empirical Study On Requirements Engineering Core Practices

Bhoomgoud, Uday, P, Kiran

January 2005

Requirements engineering (RE) is the primary task (process) that is done when agreed upon to develop a software product. The success of the software product is gauged on its ability to meet the intended needs of the stakeholders. There is abundant literature emphasizing the significance of RE and its influence on the entire software project, apart from its importance as the first step for a successful development endeavor. There are several established methodologies that are acknowledged to support the RE process and assist in creating a reliable structure of creating software. Despite the availability of such techniques and solutions, it was observed that umpteen number of software product failures are attributed to unsatisfactory RE practices. In this thesis, we have conducted a study with six organizations to emphasize the gap between the state of the art and the state of the practice, and consequently identify the factors that hinder the industrial community to implement state of the art RE. As a result of this empirical research we have found that to a great extent, state of the art practices are unpopular, more specifically in small organizations. Interestingly the majority of the problems associated with RE are associated to non technical issues.

Requirements Engineering

Requirements Elicitation

Requirements management

Core Practices

Software Engineering

Programvaruteknik

Identifiering av samband mellan kravinsamling och kunskap

Oskarsson, Magdalena, Asimiadis Steindal, Natasha

January 2015

The stakeholders for requirements elicitation need to be identified at an early stage and their knowledge is the basis for what is to become a requirements specification. Just because a stakeholder holds a lot of expertise and knowledge it does not mean that the stakeholder can communicate the knowledge in a clear way. Validation of knowledge means that knowledge is valued and recognized in a structured way. People and organizations can evolve by exchanging knowledge, experience and skills.   The purpose of this study is to increase the understanding of knowledge management between requirement elicitation and external stakeholders. The following report is written based on requirements elicitation and stakeholders, knowledge, and validation of knowledge. This study has been carried out at one company as a case study to examine the context of the requirement elicitation, Nonakas knowledge model and validation of knowledge. The theories that support this study are about explicit and implicit knowledge, Nonakas knowledge model and validation of knowledge.   What emerged from this study is that communication and understanding are perceived to be key elements in the case study. The company that participated in this case also has a willingness to develop the internal knowledge and reduce the problems of knowledge. It has also emerged that the respondents perceive that there is a correlation between skills, qualifications and Nonaka's knowledge model. / Vid en kravinsamling ska intressenter identifieras i ett tidigt skede, det är deras kunskap ligger till grund för vad som sedan blir till en kravspecifikation för att utveckla en produkt. Bara för att en intressent innehar mycket kompetens och kunskap behöver det inte innebära att intressenten kan förmedla det på ett tydligt sätt. Validering av kunskap innebär att kunskap blir värderad och erkänd på ett strukturerat sätt. Människor och organisationer kan utvecklas genom att utbyta kunskap, erfarenheter och kompetens.   Syftet med studien är att öka förståelsen för kunskapshantering mellan kravinsamlare och externa intressenter. Följande rapport är skriven med utgångspunkt i kravinsamling, intressenter, kunskap och validering av kunskap. En kvalitativ studie har genomförts på ett fallföretag för att undersöka samband med mellan kravinsamling, Nonakas kunskapsmodell och validering av kunskap. Teorierna som stödjer denna undersökning handlar om explicit och implicit kunskap, Nonakas kunskapsmodell och validering av kunskap.   Vad som framkommit av denna studie är att kommunikation och förståelse upplevs vara centrala delar i fallföretagets arbete. Företaget har även en vilja om att utveckla den interna kunskapen och reducera kunskapsproblem. Det har även framkommit att respondenterna uppfattar att det finns samband mellan kompetens, kvalifikation och Nonaka’s kunskapsmodell.

Requirement elicitation

stakeholder

knowledge

Kravinsamling

intressenter

kunskap

Information Systems

Emotional Self-Regulation: Voices and Perspectives of Teachers within Diverse Socio-Cultural Contexts

Da Silva, Anna Paula Peixoto

18 August 2016

Given the importance of emotional self-regulation to a child’s ability to develop social competence and prosocial behavior, and the significant role early childhood teachers play in supporting young children’s emotional self-regulation, it is important to explore the concept from the perspective of teachers, or from the socio-cultural context through which they (i.e., teachers) make sense of the world. This study used an exploratory case study methodology to explore the understandings of emotional self-regulation among three Head Start teachers working with varying socio-cultural contexts and to identify the socio-cultural perspectives that influenced their ability to effectively apply their understandings. Findings indicate that while the participants’ definitions of emotional self- regulation were aligned with those that are commonly used in the field, it was their implementation of strategies that diverged, reflecting the influence of learning goals and varying socio-cultural contexts.

emotional self-regulation

socio-cultural theory

video elicitation

An Integrated Risk Management Framework for Carbon Capture and Storage in the Canadian Context

Larkin, Patricia Marguerite

January 2017

Climate change is a risk issue of global proportions. Human health and environmental impacts are anticipated from hazards associated with changes in temperature and precipitation regimes, and climate extremes. Increased natural hazards include storms and flooding, extreme heat, drought, and wildfires. Reduced food and water quality and quantity, reduced air quality, new geographic range of infectious diseases, and increased exposure to ultra-violet radiation are also predicted. In order to make a measurable contribution to reducing carbon dioxide emissions at point source fossil fuel and industrial process sites that contribute to climate change, estimates suggest that up to 3,000 dedicated large scale carbon capture and geological sequestration (CCS) projects will be necessary by 2050. Integrated projects include carbon dioxide capture; compression into a supercritical stream; transport, most often by pipeline; deep injection at wellheads; and sequestration in suitable saline aquifer geological formations, usually 800 metres or more below the earth’s surface. In implementing CCS as part of an overall climate change mitigation strategy, it is important to note that population health and environmental risks are associated with each of these value chain components of integrated projects. Based on an assessment of existing regulatory and non-regulatory guidance for risk assessment/risk management (RA/RM), an analysis of the application, assessment, and approval process for four large scale Canadian projects, and findings from a structured expert elicitation focused on hazard and risk issues in injection and storage and risk management of low probability high impact events, this research developed an Integrated Risk Management Framework (IRMF) for CCS in the Canadian context. The IRMF is a step-wise systematic process for RA/RM during the life of a project, including engagement with wide ranging government and non-government partners that would contribute to a determination of acceptable risk and risk control options. The execution of the IRMF is an intervention that could reduce local hazards and associated risks in terms of likelihood and consequence, as well as identify and document risk management that could underpin broad acceptance of CCS as a climate change mitigation technology. This would thereby also have an important part in protecting global population health and wellbeing in the long term. Indeed, diverse stakeholders could be unforgiving if hazard assessment and risk management in CCS is considered insufficient, leading to ‘pushback’ that could affect future implementation scenarios. On the other hand, RA/RM done right could favourably impact public perception of CCS, in turn instilling confidence, public acceptance, and ongoing support for the benefit of populations worldwide. This thesis is composed of an introduction to the research problem, including a population health conceptual framework for the IRMF, followed by five manuscripts, and concluding with a discussion about other barriers to CCS project development, and a risk management policy scenario for both the present time and during the 2017-2030 implementation period.

Carbon capture storage

Risk assessment

Risk management

Environment

Health

Expert elicitation

Canada

Climate change

Regulatory practice

Production factors for written expository texts

Van Blommestein, Erane

January 1991

Expository text writing is a task that demands high-level cognitive and linguistic skill in order to produce well-written texts. Individuals who have cognitive-communicative impairments following mild closed head injury often display difficulty in organization, recall and attention when writing texts. The purpose of this study was to investigate factors that facilitate production of coherent expository texts by two unimpaired adults, with the ultimate goal of applying the results to work with head-injured individuals. These factors were: type of texts and type of support found in the text elicitation context. It was hypothesized that Description texts would be easiest to produce, followed by Comparison, Sequence, and Response texts. It was also hypothesized that texts that were supported in the elicitation context by explicit information regarding text structure would result in more coherent texts than those written without such support. Furthermore, texts that were supported by structure plus content information were hypothesized to result in texts that were most coherent. Finally, it was questioned whether texts that were produced in the absence of support, but after the two support conditions had been completed, would exhibit a learning effect. Therefore, the effect of four elicitation contexts and four text types were examined. Each subject wrote sixteen texts. Text adequacy was measured using cohesive harmony analysis (Hasan, 1984, 1985) and a reader rating scale that was intended to measure perceived coherence. Results from Subject One were consistent with the hypothesized order of text difficulty. As well, the conditions in which text structure was provided generally resulted in more coherent texts than the texts produced without support. Evidence for a learning effect in the last condition was not found. Because the addition of content did not appear to increase text coherence when compared to texts produced with structural support alone, particularly for easier text types, it was suggested that a ceiling effect may have occurred for this subject, so that additional reduction of processing demands did not result in improved text production. The results from Subject Two were inconclusive, particularly for the effect of elicitation context. Order of text type difficulty differed from the expected order for this subject's texts. This demonstrates the variability that occurs among unimpaired writers in both text coherence and how writing tasks are approached, as well as the need for further studies using larger samples. Text ratings by a group of Speech-Langauge Pathologists did not match the results of the cohesive harmony analysis for text type. It was suggested that this disparity may be due to: inadequacies in cohesive harmony analysis that make it insensitive to features of texts readers use in order to determine coherence; or differences among texts in the readers' ability to construct text structure as they read. Texts produced in contexts with support generally received higher perceived coherence ratings than those written without such support. Inter-rater variability was marked, especially for texts low in cohesive harmony. Modifications to the procedures used in this study for both further research and clinical application are discussed. / Medicine, Faculty of / Audiology and Speech Sciences, School of / Graduate

Support

Elicitation

Learning

Injuries

Description

Comparison

Sequence

Response

Coherence

Content

Structure

Cohesive

Harmony