Business Process Modeling in Software Requirements Engineering for Small and Medium Software Projects

Vaatimusmäärittelyn tavoitteena on luoda halutun järjestelmän kokonaisen, yhtenäisen vaatimusluettelon vaatimusten määrittämiseksi käsitteellisellä tasolla. Liiketoimintaprosessien mallintaminen on varsin hyödyllinen vaatimusmäärittelyn varhaisissa vaiheissa. Tämä työ tutkii liiketoimintaprosessien mallintamista tietojärjestelmien kehittämistä varten. Nykyään on olemassa erilaisia liiketoimintaprosessien mallintamiseen tarkoitettuja tekniikoita. Tämä työ tarkastaa liiketoimintaprosessien mallintamisen periaatteet ja näkökohdat sekä eri mallinnustekniikoita. Uusi menetelmä, joka on suunniteltu erityisesti pienille ja keskisuurille ohjelmistoprojekteille, on kehitetty prosessinäkökohtien ja UML-kaavioiden perusteella.

Computational support for the process of software requirement specification

The software industry has become more and more concerned with the appropriate application of activities that composes requirement engineering as a way to improve the quality of its products. In order to support these activities, several computational tools have been available in the market, although it is still possible to find a lack of resources related to some activities. In this context, this paper proposes the inclusion of a module to aid in the requirements specification to a tool called Requirements Elicitation Support Tool. This module allows to specify requirements in accordance with IEEE 830 standard, thus contributing to the documentation of the requirements established for a software system, besides supporting the learning of concepts related to the requirements specification, which improves the skills of users of the tool. © 2012 IEEE.

Requirement Risk Level Forecast Using Bayesian Networks Classifiers

Requirement engineering is a key issue in the development of a software project. Like any other development activity it is not without risks. This work is about the empirical study of risks of requirements by applying machine learning techniques, specifically Bayesian networks classifiers. We have defined several models to predict the risk level for a given requirement using three dataset that collect metrics taken from the requirement specifications of different projects. The classification accuracy of the Bayesian models obtained is evaluated and compared using several classification performance measures. The results of the experiments show that the Bayesians networks allow obtaining valid predictors. Specifically, a tree augmented network structure shows a competitive experimental performance in all datasets. Besides, the relations established between the variables collected to determine the level of risk in a requirement, match with those set by requirement engineers. We show that Bayesian networks are valid tools for the automation of risks assessment in requirement engineering.

Usability and Security in Medication Administration Applications

The traditional process of filling the medicine trays and dispensing the medicines to the patients in the hospitals is manually done by reading the printed paper medicine chart. This process can be very strenuous and error-prone, given the number of sub-tasks involved in the entire workflow and the dynamic nature of the work environment. Therefore, efforts are being made to digitalise the medication dispensation process by introducing a mobile application called Smart Dosing application. The introduction of the Smart Dosing application into hospital workflow raises security concerns and calls for security requirement analysis. This thesis is written as a part of the smart medication management project at Embedded Systems Laboratory, A° bo Akademi University. The project aims at digitising the medicine dispensation process by integrating information from various health systems, and making them available through the Smart Dosing application. This application is intended to be used on a tablet computer which will be incorporated on the medicine tray. The smart medication management system include the medicine tray, the tablet device, and the medicine cups with the cup holders. Introducing the Smart Dosing application should not interfere with the existing process carried out by the nurses, and it should result in minimum modifications to the tray design and the workflow. The re-designing of the tray would include integrating the device running the application into the tray in a manner that the users find it convenient and make less errors while using it. The main objective of this thesis is to enhance the security of the hospital medicine dispensation process by ensuring the security of the Smart Dosing application at various levels. The methods used for writing this thesis was to analyse how the tray design, and the application user interface design can help prevent errors and what secure technology choices have to be made before starting the development of the next prototype of the Smart Dosing application. The thesis first understands the context of the use of the application, the end-users and their needs, and the errors made in everyday medication dispensation workflow by continuous discussions with the nursing researchers. The thesis then gains insight to the vulnerabilities, threats and risks of using mobile application in hospital medication dispensation process. The resulting list of security requirements was made by analysing the previously built prototype of the Smart Dosing application, continuous interactive discussions with the nursing researchers, and an exhaustive stateof- the-art study on security risks of using mobile applications in hospital context. The thesis also uses Octave Allegro method to make the readers understand the likelihood and impact of threats, and what steps should be taken to prevent or fix them. The security requirements obtained, as a result, are a starting point for the developers of the next iteration of the prototype for the Smart Dosing application.

Usability and Security in Medication. Administration Applications

The traditional process of filling the medicine trays and dispensing the medicines to the patients in the hospitals is manually done by reading the printed paper medicinechart. This process can be very strenuous and error-prone, given the number of sub-tasksinvolved in the entire workflow and the dynamic nature of the work environment.Therefore, efforts are being made to digitalise the medication dispensation process byintroducing a mobile application called Smart Dosing application. The introduction ofthe Smart Dosing application into hospital workflow raises security concerns and callsfor security requirement analysis. This thesis is written as a part of the smart medication management project at EmbeddedSystems Laboratory, A˚bo Akademi University. The project aims at digitising the medicine dispensation process by integrating information from various health systems, and making them available through the Smart Dosing application. This application is intended to be used on a tablet computer which will be incorporated on the medicine tray. The smart medication management system include the medicine tray, the tablet device, and the medicine cups with the cup holders. Introducing the Smart Dosing application should not interfere with the existing process carried out by the nurses, and it should result in minimum modifications to the tray design and the workflow. The re-designing of the tray would include integrating the device running the application into the tray in a manner that the users find it convenient and make less errors while using it. The main objective of this thesis is to enhance the security of the hospital medicine dispensation process by ensuring the security of the Smart Dosing application at various levels. The methods used for writing this thesis was to analyse how the tray design, and the application user interface design can help prevent errors and what secure technology choices have to be made before starting the development of the next prototype of the Smart Dosing application. The thesis first understands the context of the use of the application, the end-users and their needs, and the errors made in everyday medication dispensation workflow by continuous discussions with the nursing researchers. The thesis then gains insight to the vulnerabilities, threats and risks of using mobile application in hospital medication dispensation process. The resulting list of security requirements was made by analysing the previously built prototype of the Smart Dosing application, continuous interactive discussions with the nursing researchers, and an exhaustive state-of-the-art study on security risks of using mobile applications in hospital context. The thesis also uses Octave Allegro method to make the readers understand the likelihood and impact of threats, and what steps should be taken to prevent or fix them. The security requirements obtained, as a result, are a starting point for the developers of the next iteration of the prototype for the Smart Dosing application.

Ohjelmistolisenssien hallintaprosessin suunnittelu

Varsinkin suurissa yrityksissä ohjelmistolisenssien hallinta on erittäin vaikeaa, ellei sen hoitamiseen ole käytössä toimivaa menetelmää. Nykyisin markkinoilla on useita valmissovelluksia helpottamaan ohjelmistolisenssien hallintaa, mutta pelkkä ohjelmisto ei yleensä riitä. Ohjelmistolisenssien hallinnan järkevöittämiseksi, tarvitaan lisäksi suunniteltu prosessi, jota voidaan tarvittaessa tukea valmissovelluksella. Tässä työssä keskitytään ohjelmistolisenssien hallintaprosessin suunnitteluun. Suunnittelu aloitetaan selvittämällä lähtötilanne sekä prosessin todellinen tarve. Nykyisen toimintatavan ongelmien ja käyttäjien asettamien vaatimusten perusteella luodaan prosessille tarvelauseet, jotka pyritään toteuttamaan suunnitellun prosessin avulla. Prosessia tukemaan voidaan tarpeen mukaan hankkia ohjelmistolisenssien hallintajärjestelmä markkinoilla olevista vaihtoehdoista. Työn tuloksena annetaan jatkotoimenpidesuositus viemään eteenpäin Lappeenrannan teknillisen yliopiston ohjelmistolisenssien hallintaprosessia. Jatkotoimenpidesuositus sisältää perustelut ehdotetulle prosessille sekä järjestelmäsuosituksen. Näiden tarkoituksena on helpottaa ohjelmistolisenssien hallintaprosessin ja -järjestelmän lopullista valintaa sekä käyttöönottoa.

Achieving Traceability

Tämä diplomityö käsittelee vaatimusmäärittelyä. Erityinen keskittymisalue on vaatimusten jäljitettävyys. Vaatimusmäärittely on osa ohjelmistokehitysprosessia. Insinöörit tietävät, että ymmärtääkseen ongelmaa on sen lähtökohdat ymmärrettävä. Tästä huolimatta määrittelyvaihe epähuomioidaan helposti. Diplomityössä kartoitetaan ensin vaatimusmäärittelyä järjestelmäprojektin osana. Vaatimusmäärittelyn rakennetta tarkennetaan ja sen sisältöä tuodaan esille. Olemassaolevana projektina analysoidaan, kuinka Soneran Mobile Pay osaston suorittama vaatimusmäärittely on toteutunut Mobile Payment Platform projektin alkuvaiheessa. Lähinnä keskitytään näyttämään, kuinka vaatimukset on kirjattu ylös. Tämän jälkeen tarkastellaan jäljitettävyyden olemusta. Työssä kartoitetaan lukijalle, mitä jäljitettävyys tarkoittaa. Kartoituksen jälkeen käydään läpi jäljitettävyyttä tukevia toimenpiteitä Sonera Mobile Payn tuotekehitysprosessissa.

Tietojohtaminen vaatimusmäärittelyn tukena ICT-alan yrityksen toimintaympäristön muutoksessa

Työn lähtökohtana on ICT-alan yrityksen AinaCom Oy:n toimintaympäristön muutos, ja siihen toteutettava vaatimusmäärittely. Vaatimusmäärittelyn toteutukseen otetaan tueksi tietojohtaminen, jonka avulla saadaan syvyyttä perinteiseen vaatimusmäärittelyyn. Sekä vaatimusmäärittelyä että toimintaympäristön muutosta, tarkemmin ERP (Enteprise Resource Planning) toiminnanohjausjärjestelmä-projektia, tehostetaan tietojohtamisen keinoin. Työn tavoitteena on selvittää miten tietojohtaminen voidaan ottaa vaatimusmäärittelyn tueksi toimintaympäristön muutoksessa. Sekä kirjallisuuskatsauksen että AinaCom Oy:n vaatimusmäärittelyprojektin perusteella voidaan todeta, että tietojohtamisen ja tiedon spiraalin (SECI-malli) avulla voidaan edesauttaa tiedon hallitsemista mittavissa ohjelmistoprojekteissa, kuten ERP-projektissa, sekä vaatimusmäärittelyssä. Näin tietojohtamisen avulla voidaan saavuttaa hallittavampia aikatauluja, kohtuullisempia kustannuksia, sekä menestyksekkäämpiä projekteja.

Parasitic Order Machine. A Sociology and Ontology of Information Securing

This study examines information security as a process (information securing) in terms of what it does, especially beyond its obvious role of protector. It investigates concepts related to ‘ontology of becoming’, and examines what it is that information securing produces. The research is theory driven and draws upon three fields: sociology (especially actor-network theory), philosophy (especially Gilles Deleuze and Félix Guattari’s concept of ‘machine’, ‘territory’ and ‘becoming’, and Michel Serres’s concept of ‘parasite’), and information systems science (the subject of information security). Social engineering (used here in the sense of breaking into systems through non-technical means) and software cracker groups (groups which remove copy protection systems from software) are analysed as examples of breaches of information security. Firstly, the study finds that information securing is always interruptive: every entity (regardless of whether or not it is malicious) that becomes connected to information security is interrupted. Furthermore, every entity changes, becomes different, as it makes a connection with information security (ontology of becoming). Moreover, information security organizes entities into different territories. However, the territories – the insides and outsides of information systems – are ontologically similar; the only difference is in the order of the territories, not in the ontological status of entities that inhabit the territories. In other words, malicious software is ontologically similar to benign software; they both are users in terms of a system. The difference is based on the order of the system and users: who uses the system and what the system is used for. Secondly, the research shows that information security is always external (in the terms of this study it is a ‘parasite’) to the information system that it protects. Information securing creates and maintains order while simultaneously disrupting the existing order of the system that it protects. For example, in terms of software itself, the implementation of a copy protection system is an entirely external addition. In fact, this parasitic addition makes software different. Thus, information security disrupts that which it is supposed to defend from disruption. Finally, it is asserted that, in its interruption, information security is a connector that creates passages; it connects users to systems while also creating its own threats. For example, copy protection systems invite crackers and information security policies entice social engineers to use and exploit information security techniques in a novel manner.

Desenvolvimento de semicubos de roda aeronáuticos: uma contribuição metalúrgica em liga ultra-leve magnésio AZ-91C à Força Aérea Brasileira

Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES)

A power system control scheme based on security visualisation in parameter space

Power system real time security assessment is one of the fundamental modules of the electricity markets. Typically, when a contingency occurs, it is required that security assessment and enhancement module shall be ready for action within about 20 minutes’ time to meet the real time requirement. The recent California black out again highlighted the importance of system security. This paper proposed an approach for power system security assessment and enhancement based on the information provided from the pre-defined system parameter space. The proposed scheme opens up an efficient way for real time security assessment and enhancement in a competitive electricity market for single contingency case

Supporting requirement elicitation and ontology testing in knowledge graph engineering

Knowledge graphs and ontologies are closely related concepts in the field of knowledge representation. In recent years, knowledge graphs have gained increasing popularity and are serving as essential components in many knowledge engineering projects that view them as crucial to their success. The conceptual foundation of the knowledge graph is provided by ontologies. Ontology modeling is an iterative engineering process that consists of steps such as the elicitation and formalization of requirements, the development, testing, refactoring, and release of the ontology. The testing of the ontology is a crucial and occasionally overlooked step of the process due to the lack of integrated tools to support it. As a result of this gap in the state-of-the-art, the testing of the ontology is completed manually, which requires a considerable amount of time and effort from the ontology engineers. The lack of tool support is noticed in the requirement elicitation process as well. In this aspect, the rise in the adoption and accessibility of knowledge graphs allows for the development and use of automated tools to assist with the elicitation of requirements from such a complementary source of data. Therefore, this doctoral research is focused on developing methods and tools that support the requirement elicitation and testing steps of an ontology engineering process. To support the testing of the ontology, we have developed XDTesting, a web application that is integrated with the GitHub platform that serves as an ontology testing manager. Concurrently, to support the elicitation and documentation of competency questions, we have defined and implemented RevOnt, a method to extract competency questions from knowledge graphs. Both methods are evaluated through their implementation and the results are promising.

Comparison of BR and QR Eigenvalue Algorithms for Power System Small Signal Stability Analysis

The BR algorithm is a novel and efficient method to find all eigenvalues of upper Hessenberg matrices and has never been applied to eigenanalysis for power system small signal stability. This paper analyzes differences between the BR and the QR algorithms with performance comparison in terms of CPU time based on stopping criteria and storage requirement. The BR algorithm utilizes accelerating strategies to improve its performance when computing eigenvalues of narrowly banded, nearly tridiagonal upper Hessenberg matrices. These strategies significantly reduce the computation time at a reasonable level of precision. Compared with the QR algorithm, the BR algorithm requires fewer iteration steps and less storage space without depriving of appropriate precision in solving eigenvalue problems of large-scale power systems. Numerical examples demonstrate the efficiency of the BR algorithm in pursuing eigenanalysis tasks of 39-, 68-, 115-, 300-, and 600-bus systems. Experiment results suggest that the BR algorithm is a more efficient algorithm for large-scale power system small signal stability eigenanalysis.

MDA-based re-engineering with Object-Z

This paper describes a practical application of MDA and reverse engineering based on a domain-specific modelling language. A well defined metamodel of a domain-specific language is useful for verification and validation of associated tools. We apply this approach to SIFA, a security analysis tool. SIFA has evolved as requirements have changed, and it has no metamodel. Hence, testing SIFA’s correctness is difficult. We introduce a formal metamodelling approach to develop a well-defined metamodel of the domain. Initially, we develop a domain model in EMF by reverse engineering the SIFA implementation. Then we transform EMF to Object-Z using model transformation. Finally, we complete the Object-Z model by specifying system behavior. The outcome is a well-defined metamodel that precisely describes the domain and the security properties that it analyses. It also provides a reliable basis for testing the current SIFA implementation and forward engineering its successor.