Powered by
Conference Publishing Consulting

2014 IEEE 4th International Workshop on Empirical Requirements Engineering (EmpiRE), August 25, 2014, Karlskrona, Sweden

EmpiRE 2014 – Proceedings

Contents - Abstracts - Authors

2014 IEEE 4th International Workshop on Empirical Requirements Engineering (EmpiRE)

Frontmatter

Title Page

Preface
Welcome to the fourth International Workshop on Empirical Requirements Engineering (EmpiRE 2014) at RE’14!

Evidence of State of the Art RE Practices

A Review of Practice and Problems in Requirements Engineering in Small and Medium Software Enterprises in Thailand
Supha Khankaew and Stephen Riddle
(Newcastle University, UK)
This paper reports on a study investigating the current state of requirements engineering problems and practice amongst small and medium software companies in Thailand. The main objective of the study was to determine areas to improve in requirements engineering processes. Data was collected through semi-structured interviews with eleven small and medium enterprises (SMEs). Results show that software firms in Thailand encounter common problems such as clarity, correctness, completeness, change management, and customer communication. The result also shows the development needs in SMEs such as software process improvement, RE knowledge, requirements management tools, training, and knowledge transfer.
Article Search
Systematic Reviews in Requirements Engineering: A Tertiary Study
Muneera Bano, Didar Zowghi, and Naveed Ikram
(University of Technology Sydney, Australia; Riphah International University, Pakistan)
There has been an increasing interest in conducting Systematic Literature Reviews (SLR) among Requirements Engineering (RE) researchers in recent years. However, so far there have been no tertiary studies conducted to provide a comprehensive overview of these published SLR in RE. In this paper we present a tertiary study of SLR that focus solely on RE related topics by following the guidelines of Evidence Based Software Engineering. We have conducted both automated search of major online sources and manual search of the RE and SLR related conferences and journals. Our tertiary study has identified 53 distinct systematic reviews published from 2006 to 2014 and reported in 64 publications. We have assessed the resulting SLR for their quality, and coverage of specific RE related topics thus identifying some gaps. We have observed that the quality of SLR in RE has been decreasing over the recent years. There is a strong need to replicate some of these SLR to increase the reliability of their results for future RE research.
Article Search
How Smartphone Users Assess the Value/Risk Trade-Off of Apps: An Observational Study
Mariano Ceccato, Alessandro Marchetto, Anna Perini, and Angelo Susi
(Fondazione Bruno Kessler, Italy)
The rapid and worldwide diffusion of applications for smartphones (apps hereafter) has produced a complex ecosystem composed by users, apps, developers and vendors with sometimes contrasting and sometimes matching interests. In the literature, this ecosystem has been investigated from multiple perspectives with different kinds of empirical approaches, however some crucial dimensions are still unexplored. In this paper we adopt the perspective of Requirements Engineering. We are interested in collecting empirical observations on users' perception of the risks associated to apps when they decide about which app to select and install on their smartphone. Which apps' requirements do users consider? How do they evaluate them with respect to benefits, security and privacy risks? How users decide about this is still unclear. We think that relevant variables and underlying dynamics must be identified before we can successfully conduct large-scale controlled experiments, as it is already done in other fields of software engineering. This paper presents the design of an observational study proposed to explore how users assess features and costs/risks when installing apps. The experimental design is then validated and adopted in a feasibility study with a limited set of participants. Preliminary findings are summarised in a set of observations and then discussed in terms of their potential impacts on the app ecosystem.
Article Search

Security Requirements

Security Triage: A Report of a Lean Security Requirements Methodology for Cost-Effective Security Analysis
Matteo Giacalone, Rocco Mammoliti, Fabio Massacci, Federica Paci, Rodolfo Perugino, and Claudio Selli
(Poste Italiane, Italy; University of Trento, Italy)
Poste Italiane is a large corporation offering integrated services in banking and savings, postal services, and mobile communication. Every year, it receives thousands of change requests for its ICT services. Applying to each and every request a security assessment ``by the book'' is simply not possible. We report the experience by Poste Italiane of a lean methodology to identify security requirements that can be inserted in the production cycle of a normal company. The process is based on surveying the overall IT architectures (Security Survey) and then a lean dynamic process (Security Triage) to evaluate individual change requests, so that important changes get the attention they need, minor changes can be quickly implemented, and compliance and security obligations are met.
Article Search
An Experiment on Comparing Textual vs. Visual Industrial Methods for Security Risk Assessment
Katsiaryna Labunets, Federica Paci, Fabio Massacci, and Raminder Ruprai
(University of Trento, Italy; National Grid, UK)
Many security risk assessment methods have been proposed both from academia and industry. However, little empirical evaluation has been done to investigate how these methods are effective in practice. In this paper we report a controlled experiment that we conducted to compare the effectiveness and participants' perception of visual versus textual methods for security risk assessment used in industry. As instances of the methods we selected CORAS, a method by SINTEF used to provide security risk assessment consulting services, and SecRAM, a method by EUROCONTROL used to conduct security risk assessment within air traffic management. The experiment involved 29 MSc students who applied both methods to an application scenario from Smart Grid domain. The dependent variables were effectiveness of the methods measured as number of specific threats and security controls identified, and perception of the methods measured through post-task questionnaires based on the Technology Acceptance Model. The experiment shows that while there is no difference in the actual effectiveness of the two methods, the visual method is better perceived by the participants.
Article Search
Security Requirement Elicitation Techniques: The Comparison of Misuse Cases and Issue Based Information Systems
Naveed Ikram, Surayya Siddiqui, and Naurin Farooq Khan
(Riphah International University, Pakistan; International Islamic University, Pakistan)
There are myriads of security elicitation techniques reported in the literature, but their industrial adoption is inadequate. Furthermore there is a shortage of empirical and comparative evaluations which can aid the software industry in this respect. This paper compares two security elicitation techniques – Misuse cases (MUC) and Issue based information systems (IBIS) by carrying out controlled experiments. A 2*2 factorial design was used with 30 undergraduate students selected randomly who solved security goal identification tasks on an individual basis using the two techniques. Two dependent variables chosen were; effectiveness of the techniques in terms of number of security goals identified and coverage of the techniques in terms of number of types of security goals, time taken to learn, execute and interpret results by each technique in three different situations. The main finding was that in a situation of low level of detail, the time taken to interpret results was lower in IBIS while in medium and high level of detail MUC is more effective for finding security goals and provides better coverage by taking less learning time. The generality of the results is limited due to the fact that undergraduate students participated in the experiment. The study provides guideline for the software industry about the choice of security elicitation technique in three different situations. The study can be extended by adding multiple techniques for comparison and a framework can be developed.
Article Search

Validation Studies

An Experiment Design for Validating a Test Case Generation Strategy from Requirements Models
Maria Fernanda Granda
(University of Cuenca, Ecuador; Universidad Politécnica de Valencia, Spain)
Currently, in a Model-Driven Engineering environment, it is a difficult and challenging task to fully automate model-driven testing because this demands complete and unambiguous models as input. Although some approaches have been developed to generate test cases from models, they require rigorous assessment of the completeness of the derivation rules. This paper proposes the plan and design of a controlled experiment that analyses a test case generation strategy for the purpose of evaluating its completeness from the viewpoint of those testers who will use a Communication Analysis-based requirements model. We will compare the abstract test cases obtained by applying (i) manual derivation without derivation rules with (ii) manual derivation with transformation rules; and both these strategies against a case of automated generation using transformation rules.
Article Search
A Framework for Understanding Collaborative Creativity in Requirements Engineering: Empirical Validation
Martin Mahaux, Lemai Nguyen, Luisa Mich, and Alistair Mavin
(University of Namur, Belgium; Deakin University, Australia; University of Trento, Italy; Rolls Royce, UK)
Requirements engineering (RE) often needs creativity in a form where interactions among stakeholders are particularly important: collaborative creativity. However, few studies have explicitly concentrated on understanding collaborative creativity in RE, resulting in a lack of well-founded advice for practitioners on how to support this aspect of RE. Through an online survey, this paper seeks empirical validation for a framework of factors characterising collaborative creative processes in RE. Within the limits of the validity of the study, the results show support for the utility of the framework: collaborative creativity seems to be a linear function of the mean score to all factors in the framework. Factors can be grouped, and the specific impact of each group on collaboration, value and novelty can be assessed.
Article Search
Eliciting Contextual Requirements at Design Time: A Case Study
Alessia Knauss, Daniela Damian, and Kurt Schneider
(University of Victoria, Canada; Leibniz Universität Hannover, Germany)
The need to consider context in order to understand requirements is established in requirements engineering. Recently, this has been discussed more intensively for socio-technical systems, which offer a rich spectrum of different operating contexts. Contextual requirements proved valuable to model requirements together with the context they are valid in, but there is a lack of research on how to derive them from stakeholder needs. Our goal in this paper is to explore the usefulness of existing requirements elicitation techniques for the identification of contextual requirements early, i.e. at design time. In a case study we investigate end-user viewpoints, together with interviews, scenarios, prototyping, goal-based analysis, and groupwork as a means to elicit and clarify contextual requirements already at design time. In our case study a certain combination of the applied requirements elicitation techniques stood out as most beneficial for the identification of contextual requirements. In addition, we discovered valuable indicators of differences in the operative context, for example when end-users cannot agree on refinements of specific requirements. Designers and operators of adaptive systems might benefit by taking such conflicts and resulting contextual requirements into account.
Article Search

Stakeholders and User Involvement

What Stakeholders Need to Know about Requirements
Walid Maalej, Zijad Kurtanović, and Alexander Felfernig
(University of Hamburg, Germany; Graz University of Technology, Austria)
Working with requirements is a knowledge-intensive task. Stakeholders need various information, e.g., for understanding or negotiating the requirements. To understand the information needs of stakeholders we conducted two case studies and interviewed 6 stakeholders. We identified 26 unique information needs, which we represented as questions asked by stakeholders such as “Are there redundant requirements?” or “How did other stakeholders prioritize the requirements“. We grouped the needs into five situations in which they were encountered. These were defining, understanding, evaluating, negotiating, and planning requirements. We then surveyed 307 practitioners to quantify the frequencies of these needs and assess how well current tools satisfy them. About 60% of the respondents confirmed that they frequently encounter the needs while their tool support was poor or absent. Requirements engineers and experienced stakeholders were particularly unsatisfied with their tools. The largest gap between the importance of the information and the degree of tool support could be detected for information about the opinions of other stakeholders and conflicting preferences while understanding and negotiating requirements.
Article Search
A Framework to Resolve Requirements Engineering Issues in Software Development Outsourcing
Javed Iqbal, Rodina Ahmed, and Sabrina Marczak
(University of Malaya, Malaysia; PUCRS, Brazil)
The outsourcing of software development processes has become a common practice in the IT market due to its reported benefits in terms of cost reduction, process improvement, and optimal resource usage. However, a considerable proportion of outsourcing projects fail to materialize the anticipated results. The failure reasons are often traced back to Requirements Engineering (RE) processes. This establishes the importance of RE for software development outsourcing. We aim to help reducing RE issues in software development outsourcing by proposing a literature and empirically-based framework that maps RE issues to relevant best practices. We intend to perform a literature review, employ questionnaire-based surveys, and conduct semi-structured interviews with practitioners to identify RE issues and best practices to resolve these issues. In this paper we present our research plan to achieve our goal and briefly present our preliminary findings.
Article Search
Users’ Voice and Service Selection: An Empirical Study
Muneera Bano and Didar Zowghi
(University of Technology Sydney, Australia)
Service Oriented software development saves time by reusing existing services and integrates them to create a new system. But selecting a service that satisfies the requirements of all concerned stakeholders is a challenging task. The situation has been exacerbated within the past few years with huge number of services available that offer similar functionalities where the analysts require additional information for making better decision for service selection. User feedback analysis has recently gained a lot of attention for its potential benefits in various areas of requirements engineering. The aim of this research is to evaluate the impact of feedback provided by the end users of the services, on the decision making process for the service selection. In this paper we present an empirical study that utilizes user feedback analysis for selection of a service among 92 available services with similar functionalities. The results show that in scenarios with significant number of services, it is helpful for analysts to consider additional information to select optimally best matched service to the requirements.
Article Search

proc time: 0.24