Owing to resource constraints, the existing prioritization and selection techniques for software security requirements (countermeasures) find a subset of higher-priority security requirements ignoring lower-priority requirements or postponing them to the future releases. Ignoring or postponing security requirements however, may on one hand leave some of the security threats (vulnerabilities) unattended and on the other hand influence other security requirements that rely on the ignored or postponed requirements. To address this, we have proposed considering partial satisfaction of security requirements when tolerated rather than ignoring those requirements or postponing them to the future. In doing so, we have contributed a goal-based framework that enables prioritization and partial selection of security requirements with respect to security goals. The proposed framework helps reduce the number of ignored (postponed) security requirements and consequently reduce the adverse impacts of ignoring security requirements in software products.
Migration legacy systems to cloud platforms is a knowledge intensive process. There is an ever increasing body of knowledge reporting empirical scenarios of successful and problematic cloud migration. Reusing this body of knowledge, dispersed and fragmented over the academic/multi-vocal literature, has practical values to mitigate costly risks and pitfalls in further projects of legacy to-cloud and cloud-to-cloud migration. In line with this, knowledge management systems/platforms pertinent to cloud migration are a prime prerequisite and a strategic imperative for an organization. We have conducted a qualitative exploratory study to understand the benefits and challenges of developing Knowledge Management Systems (KMS) for cloud migration in real trials. Whilst our prototype system demonstration supported the importance and bene-fits of developing Cloud Migration KMS (CM-KMS), our semi-structured industry interview study with 11 participants highlighted challenging impediments against developing this class of KMS. As a result, this study proposes nine significant challenges that cause the abandon of the design and maintenance of CM-KMS, including continuous changes and updates, integration of knowledge, knowledge granularity, preservation of context, automation, deconstruction of traditional knowledge, dependency on experts, hybrid knowledge of both vendor-specific and vendor-neutral cloud platforms, and parsimony. Our results inform cloud architects to pay attention to adopt CM-KMS for the legacy-to-cloud migration in their organizations.
Software requirement selection is to find a subset of requirements (so-called optimal set) that gives the highest customer value for a release of software while keeping the cost within the budget. Several industrial studies however, have demonstrated that requirements of software projects are intricately interdependent and these interdependencies impact the values of requirements. Furthermore, the strengths of dependency relations among requirements vary in the context of real-world projects. For instance, requirements can be strongly or weakly interdependent. Therefore, it is important to consider both the existence and the strengths of dependency relations during requirement selection. The existing selection models however, have ignored either requirement dependencies altogether or the strengths of those dependencies. This research proposes an Integer programming model for requirement selection which considers both the existence and strengths of requirement dependencies. We further contribute a graph-based dependency modeling technique for capturing requirement dependencies and the their corresponding strengths. Automated/semi-automated techniques will also be devised to identify requirement dependencies and the strengths of those dependencies.
Binary Knapsack Problem (BKP) is to select a subset of an element (item) set with the highest value while keeping the total weight within the capacity of the knapsack. This paper presents an integer programming model for a variation of BKP where the value of each element may depend on selecting or ignoring other elements. Strengths of such Value-Related Dependencies are assumed to be imprecise and hard to specify. To capture this imprecision, we have proposed modeling value-related dependencies using fuzzy graphs and their algebraic structure.
Ignoring human values in software development may disadvantage users by breaching their values and introducing biases in software. This can be mitigated by informing developers about the value implications of their choices and taking initiatives to account for human values in software. To this end, we propose the notion of Value Programming with three principles: (P1) annotating source code and related artifacts with respect to values; (P2) inspecting source code to detect conditions that lead to biases and value breaches in software, i.e., Value Smells; and (P3) making recommendations to mitigate biases and value breaches. To facilitate value programming, we propose a framework that allows for automated annotation of software code with respect to human values. The proposed framework lays a solid foundation for inspecting human values in code and making recommendations to overcome biases and value breaches in software.
Large amount of (security) faults existing in software systems could be complex and hard to identify during the fault analysis. So, it is not always possible to fully mitigate the internal or external security faults (vulnerabilities or threats) within the system. On the other hand, existence of faults in the system may eventually lead to a security failure. To avoid security failure of the target system we need to make it flexible and tolerant in the presence of security faults. This paper introduces a goal-based modeling approach to develop security requirements of security-critical systems (SCSs) by explicitly factoring the faults into the requirement engineering process. Our approach establishes a model for security requirements (SRM) with respect to the formally described model of security faults (SFM). We care for fault tolerance in SRM by taking into consideration partial satisfaction of security goals. The proposed approach factors this partiality into the goals by applying proper mitigation techniques during the refinement process. This eventually contributes to a fault tolerant model for security requirements of the target system.
The emotional impact of the COVID-19 pandemic and ensuing social restrictions has been profound, with widespread negative effects on mental health. We made use of the natural language processing and large-scale Twitter data to explore this in depth, identifying emotions in COVID-19 news content and user reactions to it, and how these evolved over the course of the pandemic. We focused on major UK news channels, constructing a dataset of COVID-related news tweets (tweets from news organisations) and user comments made in response to these, covering Jan 2020 to April 2021. Natural language processing was used to analyse topics and levels of anger, joy, optimism, and sadness. Overall, sadness was the most prevalent emotion in the news tweets, but this was seen to decline over the timeframe under study. In contrast, amongst user tweets, anger was the overall most prevalent emotion. Time epochs were defined according to the time course of the UK social restrictions, and some interesting effects emerged regarding these. Further, correlation analysis revealed significant positive correlations between the emotions in the news tweets and the emotions expressed amongst the user tweets made in response, across all channels studied. Results provide unique insight onto how the dominant emotions present in UK news and user tweets evolved as the pandemic unfolded. Correspondence between news and user tweet emotional content highlights the potential emotional effect of online news on users and points to strategies to combat the negative mental health impact of the pandemic.
'/%3e%3c/defs%3e%3cpath fill='%23012169' d='M0 0h10080v5040H0z'/%3e%3cpath stroke='%23fff' stroke-width='.6' d='m0 0 6 3m0-3L0 3' clip-path='url(%23b)' transform='scale(840)'/%3e%3cpath stroke='%23e4002b' stroke-width='.4' d='m0 0 6 3m0-3L0 3' clip-path='url(%23c)' transform='scale(840)'/%3e%3cpath stroke='%23fff' stroke-width='840' d='M2520 0v2520M0 1260h5040'/%3e%3cpath stroke='%23e4002b' stroke-width='504' d='M2520 0v2520M0 1260h5040'/%3e%3cg fill='%23fff'%3e%3cuse xlink:href='%23d' x='2520' y='3780'/%3e%3cuse xlink:href='%23a' x='7560' y='4200'/%3e%3cuse xlink:href='%23a' x='6300' y='2205'/%3e%3cuse xlink:href='%23a' x='7560' y='840'/%3e%3cuse xlink:href='%23a' x='8680' y='1869'/%3e%3cuse xlink:href='%23e' x='8064' y='2730'/%3e%3c/g%3e%3c/svg%3e)
'/%3e%3cuse xlink:href='%23a' transform='translate(0 -400)'/%3e%3cuse xlink:href='%23a' transform='translate(0 -600)'/%3e%3cuse xlink:href='%23a' transform='translate(0 -800)'/%3e%3cuse xlink:href='%23a' transform='translate(0 -1000)'/%3e%3cuse xlink:href='%23a' transform='translate(0 -1200)'/%3e%3cpath d='M0 0h1400v800H0z' style='fill:%23010066'/%3e%3cpath d='M576 100c-166.146 0-301 134.406-301 300s134.854 300 301 300c60.027 0 115.955-17.564 162.927-47.783-27.353 9.44-56.71 14.602-87.271 14.602-147.327 0-266.897-119.172-266.897-266.01 0-146.837 119.57-266.01 266.897-266.01 32.558 0 63.746 5.815 92.602 16.468C696.217 118.91 638.305 100 576 100z' style='fill:%23fc0'/%3e%3cpath d='m914.286 471.429-99.538-53.25 29.43 108.982-66.575-91.165-20.77 110.96-20.428-111.024-66.857 90.96L699.314 418l-99.701 52.943 74.065-85.192-112.8 4.441 103.694-44.62-103.555-44.94L673.8 305.42 600 220l99.538 53.25-29.43-108.982 66.575 91.165 20.77-110.96 20.428 111.023 66.857-90.959L814.97 273.43l99.702-52.944-74.065 85.193 112.8-4.441-103.694 44.62 103.555 44.94-112.785-4.79z' style='fill:%23fc0' transform='matrix(1.2738 0 0 1.2423 -89.443 -29.478)'/%3e%3c/svg%3e)
'%3e%3cg id='e'%3e%3cg id='c' fill='none' stroke='%23fff' stroke-width='2'%3e%3cpath id='b' d='M0 1h26M1 10V5h8v4h8V5h-5M4 9h2m20 0h-5V5h8m0-5v9h8V0m-4 0v9' transform='scale(1.4)'/%3e%3cpath id='a' d='M0 7h9m1 0h9' transform='scale(2.8)'/%3e%3cuse xlink:href='%23a' y='120'/%3e%3cuse xlink:href='%23b' y='145.2'/%3e%3c/g%3e%3cg id='d'%3e%3cuse xlink:href='%23c' x='56'/%3e%3cuse xlink:href='%23c' x='112'/%3e%3cuse xlink:href='%23c' x='168'/%3e%3c/g%3e%3c/g%3e%3cuse xlink:href='%23d' x='168'/%3e%3cuse xlink:href='%23e' x='392'/%3e%3c/g%3e%3cg fill='%23da0000' transform='matrix(45 0 0 45 315 180)'%3e%3cg id='f'%3e%3cpath d='M-.548.836A.912.912 0 0 0 .329-.722 1 1 0 0 1-.548.836'/%3e%3cpath d='M.618.661A.764.764 0 0 0 .422-.74 1 1 0 0 1 .618.661M0 1l-.05-1L0-.787a.31.31 0 0 0 .118.099V-.1l-.04.993zM-.02-.85 0-.831a.144.144 0 0 0 .252-.137A.136.136 0 0 1 0-.925'/%3e%3c/g%3e%3cuse xlink:href='%23f' transform='scale(-1 1)'/%3e%3c/g%3e%3c/svg%3e)