CRC Conference proceedings

Proceedings of the 2010 CRC PhD Student Conference

Centre for Research in Computing The Open University

Milton Keynes

June 3 and 4, 2010

Centre for Research in Computing The Open University Milton Keynes, UK

Conference organization: Marian Petre Robin Laney

Mathieu D’Aquin Paul Piwek

Debbie Briggs

May 2010 Proceedings compiled by

Paul Piwek

Table of Contents

Mihhail Aizatulin

Verifying Implementations of Security Protocols in C

.........

1

Simon Butler Analysing Semantic Networks of Identifier Names to Improve Source Code Maintainability and Quality

.........

5

Tom Collins Discovering Translational Patterns in Symbolic Representation of Music

......... 9

Joe Corneli Semantic Adaptivity and Social Networking in Personal Learning Networks

......... 12

Richard Doust Investigating narrative “effects”: the case of suspense

......... 15

Francois Dupressoir

Verifying Authentication Properties of C Security Protocol Code Using General Verifiers

......... 19

Jennifer Ferreira Agile development and usability in practice: Work cultures of engagement

.........

23

Michael A Giddings

Model Driven Architecture of Large Distributed Hard Real Time Systems

.........

26

Alan Hayes An Investigation into Design Diagrams and Their Implementations

.........

30

Robina Hetherington

An Investigation into Interoperability of Data Between Software Packages used to support the Design, Analysis and Visualisation of Low Carbon Buildings

.........

33

Chris Ireland Understanding Object-Relational Impedance Mismatch: A Framework Based Approach

.........

37

Lukasz Jedrzejczyk

“Privacy Shake”, a Haptic Interface for Managing Privacy Settings in Mobile Location Sharing Applications

.........

41

Stefan Kreitmayer

Designing a Climate Change Game for Interactive Tabletops

.........

45

Tamara Lopez Reasoning about Flaws in Software Design: Diagnosis and Recovery

.........

47

Lin Ma Presupposition Analysis in Requirements

.........

51

Lionel Montrieux Merging Verifiable and Evolving Access Control Properties

.........

55

Sharon Moyo Effective Tutoring with Affective Embodied Conversational Agents

.........

58

Brendan Murphy Evaluating a mobile learning environment in a home car domain

.........

60

Tu Anh Nguyen Generating Accessible Natural Language Explanations for OWL Ontologies

.........

65

Chwhynny Overbeeke

Supporting the Exploration of Research Spaces

.........

69

Nadia Pantidi Understanding technology-rich learning spaces

.........

74

Aleksandra Pawlik

How best to support scientific end-user software development?

.........

78

Brian Pluss Non-Cooperation in Computational Models of Dialogue

.........

82

Ivana Quinto A Debate Dashboard to Support the Adoption of On-line Argument Mapping Tools

.........

86

Adam Rae Supporting multimodal media recommendation and annotation using social network analysis

.........

91

Rien Sach The effect of Feedback

.........

95

Stefan Taubenberger

Using Business Process Security Requirements for IT Security Risk Assessment

.........

98

Keerthi Thomas Distilling Privacy Requirements for Mobile Applications

.........

102

Min Q. Tran Understanding the Influence of 3D Virtual Worlds on Perceptions of 2D E-commerce Websites

.........

104

Thomas Daniel Ullmann

Supporting Reflection about Web Resources within Mash-Up Learning Environments

.........

108

Rean van der Merwe

Local civic governance using online media – a case of consensual problem solving or a recalcitrant pluralism

.........

110

Katie Wilkie Analysis of conceptual metaphors to inform music interaction designs

.........

114

Anna Xambo Issues and techniques for collaborative music making on multi-touch surfaces

.........

118

Saad Bin Saleem A Release Planning Model to Handle Security Requirements

.........

122

Verifying Implementations of Security Protocols in C

Mihhail [email protected]

Supervisors Dr Andrew Gordon, [email protected],Dr Jan Jurjens, [email protected],Prof Bashar Nuseibeh, [email protected]

Department ComputingStatus Full-timeProbation viva PassedStarting date November 2008

Our goal is verification of cryptographic protocol implementations (such asOpenSSL or Kerberos), motivated by the desire to minimise the gap betweenverified and executable code. Very little has been done in this area. There arenumerous tools to find low-level bugs in code (such as buffer overflows and zerodivision) and there are verifiers for cryptographic protocols that work on fairlyabstract descriptions, but so far very few attempts have been done to verifycryptographic security directly on the code, especially for low-level languageslike C.

We attempt to verify the protocol code by extracting an abstract model thatcan be used in high-level cryptographic verification tools such as ProVerif orCryptoVerif. This is the first such approach that we are aware of. Currently weinvestigate the feasibility of the approach by extracting the model from runningcode, using the so called concolic (concrete + symbolic) execution. We runthe protocol implementation normally, but at the same time we record all theoperations performed on binary values and then replay those operations onsymbolic values. The resulting symbolic expressions reveal the structure of themessages sent to the network and the conditions that are checked for incomingmessages.

We are able to produce symbolic execution traces for the handshake imple-mented in the OpenSSL library. To give an example of what the extracted traceslook like, consider a simple request-response protocol, protected by hashing witha shared key:

A→ B : m|hash(‘request’|m, kAB),B → A : m′|hash(‘response’|m|m′, kAB).

We implemented the protocol in about 600 lines of C code, calling to the OpenSSLcryptographic library. Our concolic execution tool produces a trace of 8 lines

2010 CRC PhD Student Conference

Page 1 of 125

write(i39)

payload1 = payload()

key2 = key()

write(i14|7c|payload1|HMAC(sha1, i7|7c52657175657374|payload1, key2))

msg3 = read()

var4 = msg3{5,23}

branchF((memcmp(msg3{28,20},

HMAC(sha1, i8|7c526573706f6e7365|i14|7c|payload1|var4, key2)) != i0))

accept(var4)

Figure 1: An excerpt from the symbolic client trace. X{start, len} denotesthe substring of X starting at start of length len. iN is an integer with value N(width information is omitted), and branchT and branchF are the true or falsebranches taken by the code.

for the client side shown in figure 1: we see the client sending the request andchecking the condition on the server response before accepting it.

We are currently working to implement symbolic handling of buffer lengthsand sound handling of loops as well as making the extracted models compatiblewith those understood by ProVerif and CryptoVerif, in particular simplifyingaway any remaining arithmetic expressions from the symbolic trace.

One obvious drawback of concolic execution is that it only follows the singlepath that was actually taken by the code. This is enough to produce an accuratemodel when there is only one main path, however, libraries like OpenSSL containmultiple nontrivial paths. Thus, to achieve verification of those libraries, weplan to move the analysis towards being fully static in future.

Related Work One of the earliest security verification attempts directlyon code is probably CSur [Goubault-Larrecq and Parrennes, 2005] that dealsdirectly with C protocol implementations. It translates programs into a setof Horn clauses that are fed directly into a general purpose theorem prover.Unfortunately, it never went beyond some very simple implementations and hasnot been developed since.

The work [Jurjens, 2006] describes an approach of translating Java programsin a manner similar to above. In our work we try to separate reasoning aboutpointers and integers from reasoning about cryptography, in hope to achievegreater scalability.

Some work has been done on verification of functional language implementa-tions, either by translating the programs directly into π-calculus [Bhargavan etal., 2006; Bhargavan et al., 2008] or by designing a type system that enforcessecurity [Bengtson et al., 2008]. Unfortunately, it is not trivial to adapt suchapproaches to C-like languages.

ASPIER [Chaki and Datta, 2008] is using model checking for verification andhas been applied to OpenSSL. However, it does not truly start from C code: anycode explicitly dealing with pointers needs to be replaced by abstract summaries


Page 2 of 125

that presumably have to be written manually.Concolic execution is widely used to drive automatic test generation, like in

[Cadar et al., 2008] or [Godefroid et al., 2008]. One difference in our concolicexecution is that we need to assign symbols to whole bitstrings, whereas thetesting frameworks usually assign symbols to single bytes. We believe that ourwork could be adapted for testing of cryptographic software. Usual testingapproaches try to create an input that satisfies a set of equations resulting fromchecks in code. In presence of cryptography such equations will (hopefully) beimpossible to solve, so a more abstract model like ours might be useful.

A separate line of work deals with reconstruction of protocol message formatsfrom implementation binaries [Caballero et al., 2007; Lin et al., 2008; Wondraceket al., 2008; Cui et al., 2008; Wang et al., 2009]. The goal is typically toreconstruct field boundaries of a single message by observing how the binaryprocesses the message. Our premises and goals are different: we have theadvantage of starting from the source code, but in exchange we aim to reconstructthe whole protocol flow instead of just a single message. Our reconstructionneeds to be sound to enable verification — all possible protocol flows should beaccounted for.

References

[Bengtson et al., 2008] Jesper Bengtson, Karthikeyan Bhargavan, Cedric Four-net, Andrew D. Gordon, and Sergio Maffeis. Refinement types for secureimplementations. In CSF ’08: Proceedings of the 2008 21st IEEE ComputerSecurity Foundations Symposium, pages 17–32, Washington, DC, USA, 2008.IEEE Computer Society.

[Bhargavan et al., 2006] Karthikeyan Bhargavan, Cedric Fournet, Andrew D.Gordon, and Stephen Tse. Verified interoperable implementations of securityprotocols. In CSFW ’06: Proceedings of the 19th IEEE workshop on ComputerSecurity Foundations, pages 139–152, Washington, DC, USA, 2006. IEEEComputer Society.

[Bhargavan et al., 2008] Karthikeyan Bhargavan, Cedric Fournet, Ricardo Corin,and Eugen Zalinescu. Cryptographically verified implementations for TLS.In CCS ’08: Proceedings of the 15th ACM conference on Computer andcommunications security, pages 459–468, New York, NY, USA, 2008. ACM.

[Caballero et al., 2007] Juan Caballero, Heng Yin, Zhenkai Liang, and DawnSong. Polyglot: automatic extraction of protocol message format usingdynamic binary analysis. In CCS ’07: Proceedings of the 14th ACM conferenceon Computer and communications security, pages 317–329, New York, NY,USA, 2007. ACM.

[Cadar et al., 2008] Cristian Cadar, Daniel Dunbar, and Dawson Engler. Klee:Unassisted and automatic generation of high-coverage tests for complex sys-


Page 3 of 125

tems programs. In USENIX Symposium on Operating Systems Design andImplementation (OSDI 2008), San Diego, CA, december 2008.

[Chaki and Datta, 2008] Sagar Chaki and Anupam Datta. Aspier: An auto-mated framework for verifying security protocol implementations. TechnicalReport 08-012, Carnegie Mellon University, October 2008.

[Cui et al., 2008] Weidong Cui, Marcus Peinado, Karl Chen, Helen J. Wang, andLuis Irun-Briz. Tupni: automatic reverse engineering of input formats. In CCS’08: Proceedings of the 15th ACM conference on Computer and communicationssecurity, pages 391–402, New York, NY, USA, 2008. ACM.

[DBL, 2008] Proceedings of the Network and Distributed System Security Sympo-sium, NDSS 2008, San Diego, California, USA, 10th February - 13th February2008. The Internet Society, 2008.

[Godefroid et al., 2008] Patrice Godefroid, Michael Y. Levin, and David A. Mol-nar. Automated whitebox fuzz testing. In NDSS [2008].

[Goubault-Larrecq and Parrennes, 2005] J. Goubault-Larrecq and F. Parrennes.Cryptographic protocol analysis on real C code. In Proceedings of the 6thInternational Conference on Verification, Model Checking and Abstract Inter-pretation (VMCAI’05), volume 3385 of Lecture Notes in Computer Science,pages 363–379. Springer, 2005.

[Jurjens, 2006] Jan Jurjens. Security analysis of crypto-based Java programsusing automated theorem provers. In ASE ’06: Proceedings of the 21stIEEE/ACM International Conference on Automated Software Engineering,pages 167–176, Washington, DC, USA, 2006. IEEE Computer Society.

[Lin et al., 2008] Zhiqiang Lin, Xuxian Jiang, Dongyan Xu, and Xiangyu Zhang.Automatic protocol format reverse engineering through context-aware moni-tored execution. In NDSS [2008].

[Wang et al., 2009] Zhi Wang, Xuxian Jiang, Weidong Cui, Xinyuan Wang, andMike Grace. Reformat: Automatic reverse engineering of encrypted messages.In Michael Backes and Peng Ning, editors, ESORICS, volume 5789 of LectureNotes in Computer Science, pages 200–215. Springer, 2009.

[Wondracek et al., 2008] Gilbert Wondracek, Paolo Milani Comparetti, Christo-pher Kruegel, and Engin Kirda. Automatic Network Protocol Analysis. In15th Symposium on Network and Distributed System Security (NDSS), 2008.


Page 4 of 125

Analysing semantic networks of

identifier names to improve source code

maintainability and quality

Simon [email protected]

Supervisors Michel Wermelinger, Yijun Yu & Helen SharpDepartment/Institute Centre for Research in ComputingStatus Part-timeProbation viva AfterStarting date October 2008

Source code is the written expression of a software design consisting of identifiernames – natural language phrases that represent concepts being manipulatedby the program – embedded in a framework of keywords and operators providedby the programming language. Identifiers are crucial for program comprehen-sion [9], a necessary activity in the development and maintenance of software.Despite their importance, there is little understanding of the relationship be-tween identifier names and source code quality and maintainability. Neither isthere automated support for identifier management or the selection of relevantnatural language content for identifiers during software development.

We will extend current understanding of the relationship between identifiername quality and source code quality and maintainability by developing tech-niques to analyse identifiers for meaning, modelling the semantic relationshipsbetween identifiers and empirically validating the models against measures ofmaintainability and software quality. We will also apply the analysis and mod-elling techniques in a tool to support the selection and management of identifiernames during software development, and concept identification and location forprogram comprehension.

The consistent use of clear identifier names is known to aid program com-prehension [4, 7, 8]. However, despite the advice given in programming conven-tions and the popular programming literature on the use of meaningful identifiernames in source code, the reality is that identifier names are not always meaning-ful, may be selected in an ad hoc manner, and do not always follow conventions[5, 1, 2].

Researchers in the reverse engineering community have constructed mod-els to support program comprehension. The models range in complexity fromtextual search systems [11], to RDF-OWL ontologies created either solely fromsource code and identifier names [8], or with the inclusion of supporting doc-umentation and source code comments [13]. The ontologies typically focus on


Page 5 of 125

class and method names, and are used for concept identification and locationbased on the lexical similarity of identifier names. The approach, however, doesnot directly address the quality of identifier names used.

The development of detailed identifier name analysis has focused on methodnames because their visibility and reuse in APIs implies a greater need for themto contain clear information about their purpose [10]. Caprile and Tonella [3]derived both a grammar and vocabulary for C function identifiers, sufficientfor the implementation of automated name refactoring. Høst and Østvold [5]have since analysed Java method names looking for a common vocabulary thatcould form the basis of a naming scheme for Java methods. Their analysis ofthe method names used in multiple Java projects found common grammaticalforms; however, there were sufficient degenerate forms for them to be unable toderive a grammar for Java method names.

The consequences of identifier naming problems have been considered to belargely confined to the domain of program comprehension. However, Deißenbockand Pizka observed an improvement in maintainability when their rules of con-cise and consistent naming were applied to a project [4], and our recent workfound statistical associations between identifier name quality and source codequality [1, 2]. Our studies, however, only looked at the construction of theidentifier names in isolation, and not at the relationships between the meaningof the natural language content of the identifiers. We hypothesise that a rela-tionship exists between the quality of identifier names, in terms of their naturallanguage content and semantic relationships, and the quality of source code,which can be understood in terms of the functionality, reliability, and usabilityof the resulting software, and its maintainability [6]. Accordingly, we seek toanswer the following research question:

How are the semantic relationships between identifier names, in-ferred from their natural language content and programming lan-guage structure, related to source code maintainability and quality?

We will construct models of source code as semantic networks predicatedon both the semantic content of identifier names and the relationships betweenidentifier names inferred from the programming language structure. For exam-ple, the simple class Car in Figure 1 may be represented by the semantic networkin Figure 2. Such models can be applied to support empirical investigations ofthe relationship between identifier name quality and source code quality andmaintainability. The models may also be used in tools to support the manage-ment and selection of identifier names during software development, and to aidconcept identification and location during source code maintenance.

public class Car extends Vehic l e {Engine engine ;

}

Figure 1: The class Car

We will analyse identifier names mined from open source Java projects tocreate a catalogue of identifier structures to understand the mechanisms em-ployed by developers to encode domain information in identifiers. We will build


Page 6 of 125

on the existing analyses of C function and Java method identifier names [3, 5, 8],and anticipate the need to develop additional techniques to analyse identifiers,particularly variable identifier names.

Car Vehiclee x t e n d s

Eng ine

h a s a

e n g i n eh a s i n s t a n c e n a m e d

Figure 2: A semantic network of the class Car

Modelling of both the structural and semantic relationships between iden-tifiers can be accomplished using Gellish [12], an extensible controlled naturallanguage with dictionaries for natural languages – Gellish English being thevariant for the English language. Unlike a conventional dictionary, a Gellishdictionary includes human- and machine-readable links between entries to de-fine relationships between concepts – thus making Gellish a semantic network –and to show hierarchical linguistic relationships such as meronymy, an entity–component relationship. Gellish dictionaries also permit the creation of multipleconceptual links for individual entries to define polysemic senses.

The natural language relationships catalogued in Gellish can be applied toestablish whether the structural relationship between two identifiers implied bythe programming language is consistent with the conventional meaning of thenatural language found in the identifier names. For example, a field is implic-itly a component of the containing class allowing the inference of a conceptualand linguistic relationship between class and field identifier names. Any incon-sistency between the two relationships could indicate potential problems witheither the design or with the natural language content of the identifier names.

We have assumed a model of source code development and comprehensionpredicated on the idea that it is advantageous for coherent and relevant semanticrelationships to exist between identifier names based on their natural languagecontent. To assess the relevance of our model to real-world source code wewill validate the underlying assumption empirically. We intend to mine bothsoftware repositories and defect reporting systems to identify source code impli-cated in defect reports and evaluate the source code in terms of the coherenceand consistency of models of its identifiers. To assess maintainability we willinvestigate how source code implicated in defect reports develops in successiveversions – e.g. is the code a continuing source of defects? – and monitor areas ofsource code modified between versions to determine how well our model predictsdefect-prone and defect-free regions of source code.

We will apply the results of our research to develop a tool to support theselection and management of identifier names during software development, aswell as modelling source code to support software maintenance. We will evaluateand validate the tool with software developers – both industry partners andFLOSS developers – to establish the value of identifier naming support. Whileintended for software developers, the visualisations of source code presented by


Page 7 of 125

the tool will enable stakeholders (e.g. domain experts) who are not literatein programming or modelling languages (like Java and UML) to examine, andfeedback on, the representation of domain concepts in source code.

References

[1] S. Butler, M. Wermelinger, Y. Yu, and H. Sharp. Relating identifier namingflaws and code quality: an empirical study. In Proc. of the Working Conf.on Reverse Engineering, pages 31–35. IEEE Computer Society, 2009.

[2] S. Butler, M. Wermelinger, Y. Yu, and H. Sharp. Exploring the influenceof identifier names on code quality: an empirical study. In Proc. of the14th European Conf. on Software Maintenance and Reengineering, pages159–168. IEEE Computer Society, 2010.

[3] B. Caprile and P. Tonella. Restructuring program identifier names. InProc. Int’l Conf. on Software Maintenance, pages 97–107. IEEE, 2000.

[4] F. Deißenbock and M. Pizka. Concise and consistent naming. SoftwareQuality Journal, 14(3):261–282, Sep 2006.

[5] E. W. Høst and B. M. Østvold. The Java programmer’s phrase book.In Software Language Engineering, volume 5452 of LNCS, pages 322–341.Springer, 2008.

[6] International Standards Organisation. ISO/IEC 9126-1: Software engineer-ing – product quality, 2001.

[7] D. Lawrie, H. Feild, and D. Binkley. An empirical study of rules for well-formed identifiers. Journal of Software Maintenance and Evolution: Re-search and Practice, 19(4):205–229, 2007.

[8] D. Ratiu. Intentional Meaning of Programs. PhD thesis, Technische Uni-versitat Munchen, 2009.

[9] V. Rajlich and N. Wilde. The role of concepts in program comprehension.In Proc. 10th Int’l Workshop on Program Comprehension, pages 271–278.IEEE, 2002.

[10] M. Robillard. What makes APIs hard to learn? Answers from developers.IEEE Software, 26(6):27–34, Nov.-Dec. 2009.

[11] G. Sridhara, E. Hill, L. Pollock, and K. Vijay-Shanker. Identifying wordrelations in software: a comparative study of semantic similarity tools. InProc Int’l Conf. on Program Comprehension, pages 123–132. IEEE, June2008.

[12] A. S. H. P. van Renssen. Gellish: a generic extensible ontological language.Delft University Press, 2005.

[13] R. Witte, Y. Zhang, and J. Rilling. Empowering software maintainers withsemantic web technologies. In European Semantic Web Conf., pages 37–52,2007.


Page 8 of 125

Discovering translational patterns in symbolic representations of music

Tom Collins http://users.mct.open.ac.uk/tec69

Supervisors Robin Laney

Alistair Willis Paul Garthwaite

Department/Institute Centre for Research in Computing Status Fulltime Probation viva After Starting date October 2008

RESEARCH QUESTION How can current methods for pattern discovery in music be improved and integrated into an automated composition system? The presentation will address the first half of this research question: how can current methods for pattern discovery in music be improved?

INTRA-OPUS PATTERN DISCOVERY Suppose that you wish to get to know a particular piece of music, and that you have a copy of the score of the piece or a MIDI file. (Scores and MIDI files are symbolic representations of music and are the focus of my presentation, as opposed to sound recordings.) Typically, to become familiar with a piece, one listens to the MIDI file or studies/plays through the score, gaining an appreciation of where and how material is repeated, and perhaps also gaining an appreciation of the underlying structure. The literature contains several algorithmic approaches to this task, referred to as ‘intra-opus’ pattern discovery [2, 4, 5]. Given a piece of music in a symbolic representation, the aim is to define and evaluate an algorithm that discovers and returns patterns occurring within the piece. Some potential applications for such an algorithm are as follows:

• A pattern discovery tool to aid music students. • Comparing an algorithm’s discoveries with those of a music expert as a means

of investigating human perception of music. • Stylistic composition (the process of writing in the style of another composer

or period) assisted by using the patterns/structure returned by a pattern discovery algorithm [1, 3].


Page 9 of 125

TWO IMPROVEMENTS Current methods for pattern discovery in music can be improved in two ways:

1. The way in which the algorithm’s discoveries are displayed for a user can be improved.

2. A new algorithm can be said to improve upon existing algorithms if, according to standard metrics, it is the strongest-performing algorithm on a certain task.

Addressing the first area for improvement, suppose that an algorithm has discovered hundreds of patterns within a piece of music. Now these must be presented to the user, but in what order? Various formulae have been proposed for rating a discovered pattern, based on variables that quantify attributes of that pattern and the piece of music in which it appears [2, 4]. To my knowledge, none have been derived or validated empirically. So I conducted a study in which music undergraduates examined excerpts taken from Chopin’s mazurkas and were instructed to rate already-discovered patterns, giving high ratings to patterns that they thought were noticeable and/or important. A model useful for relating participants’ ratings to the attributes was determined using variable selection and cross-validation. This model leads to a new formula for rating discovered patterns, and the basis for this formula constitutes a methodological improvement. Addressing the second area for improvement, I asked a music analyst to analyse two sonatas by Domenico Scarlatti and two preludes by Johann Sebastian Bach. The brief was similar to the intra-opus discovery task described above: given a piece of music in staff notation, discover translational patterns that occur within the piece. Thus, a benchmark of translational patterns was formed for each piece, the criteria for benchmark membership being left largely to the analyst’s discretion. Three algorithms—SIA [5], COSIATEC [4] and my own, SIACT—were run on the same pieces and their performance was evaluated in terms of recall and precision. If an algorithm discovers x of the y patterns discovered by the analyst then its recall is x/y. If the algorithm also returns z patterns that are not in the analyst’s benchmark then the algorithm’s precision is x/(x + z). It was found that my algorithm, SIACT, out-performs the existing algorithms with regard to recall and, more often than not, precision. My presentation will give the definition of a translational pattern, discuss the improvements outlined above, and demonstrate how these improvements are being brought together in a user interface.

SELECTED REFERENCES 1. Collins, T., R. Laney, A. Willis, and P.H. Garthwaite, ‘Using discovered, polyphonic patterns to filter computer-generated music’, in Proceedings of the International Conference on Computational Creativity, Lisbon (2010), 1-10. 2. Conklin, D., and M. Bergeron, ‘Feature set patterns in music’, in Computer Music Journal 32(1) (2008), 60-70.


Page 10 of 125

3. Cope, D., Computational models of musical creativity (Cambridge Massachusetts: MIT Press, 2005). 4. Meredith, D., K. Lemström, and G.A. Wiggins, ‘Algorithms for discovering repeated patterns in multidimensional representations of polyphonic music’, in Cambridge Music Processing Colloquium, Cambridge (2003), 11 pages. 5. Meredith, D., K. Lemström, and G.A. Wiggins, ‘Algorithms for discovering repeated patterns in multidimensional representations of polyphonic music’, in Journal of New Music Research 31(4) (2002), 321-345.


Page 11 of 125

Semantic Adaptivity and Social Networking in PersonalLearning Environments

Joe [email protected]

Supervisors Alexander MikroyannidisPeter Scott

Department/Institute Knowledge Media InstituteStatus Fulltime Probation viva BeforeStarting date 01/01/10

Introductory Remarks

I've decided to deal with "personal learning environments" with an eye towards the context of their creation and use. This entails looking not just at ways to help supportlearning experiences, but also at the complex of experiences and behaviours of the many stakeholders who are concerned with learning. (E.g. educators, content providers, software developers, institutional and governmental organizations.)

This broad view is compatible with the idea of a personal learning environment put forward by the progenitors of the PLE model: "Rather than integrate tools within a single context, the system should focus instead on coordinating connections between the user and a wide range of services offered by organizations and other individuals." (Wilson et al., 2006)

This problem area, which otherwise threatens to become hugely expansive, invites the creation of a unified methodology and mode of analysis. A key aim of my work isto develop such a method -- a sort of dynamic cartography. In this frame, the social roles of stakeholders are to be understood through their constituent actions.

My analysis will then focus on the following question: How can mapping activity patterns in a social context help us support the learning process more effectively?

Thematic Issues

In order to understand patterns of interaction with data well enough to make useful maps, we must delve a bit into human sense-making behaviour. A small vocabulary of actions related to sense-making provides a model we can then use quite extensively.

People look for simplifying patterns. In a countervailing trend, they look for ways to become more usefully interconnected and interoperable. To negotiate betweenthese two types of behaviour, they identify or create "points of coordination" which provide mechanisms of control. They may do experiments, and then document how


Page 12 of 125

these mechanisms generate effects in a more or less predictable way. Finally, they developing explicit, shareable, practices which achieve "desirable" effects.

Simplification, interconnection, control, experiment, motivation, and praxis -- these are the thematic issues that inform my technical investigations.

Proposed Implementation Work

I plan to focus on implementation is that it is an ideal place in which to refine and test my ideas about dynamic maps. My efforts will be directed largely into implementation in the following applications.

* Etherpad and other related tools for live online interactions --

Data about social interactions is all interesting and potentially useful, but data about "live" social interactions is becoming increasingly available in forms that are suitable for large-scale computational analysis, and real-time use.

* RDF and related techniques for data management --

Marking up complex and changing relationships between objects is standard in e.g. computer animation and computer games; it is interesting to think about how theseideas can work in other domains (e.g. to assist with learning).

* Wordnet and Latent Semantic Analysis style approaches for clustering and annotating data --

There are various techniques for dividing content into thematic clusters (useful for supporting simplification behaviours needed for sense making), and for annotatingdata with new relationships (useful for supporting interconnection behaviours). I will explore these in various applications, e.g. applying them to the streams of data identified above.

* Semantic Web style patterns for interoperability --

Content may still be king, but interfaces make up the board on which the game is played. I plan to use an existing standard for mathematical documents (OMDoc) and other API-building tools to help make the PlanetMath.org collection of mathematicalresources interoperable with e.g. OU's SocialLearn platform, contributing to the development of a public service to STEM learners and practitioners worldwide.

* Documentation of technical processes --

PlanetMath.org is an example of a tool that has more content contributors than coders, and more feature requests than anyone knows what to do with. Good documentation is part of making hacking easier. Towards this end, I'm planning to build PlanetComputing.org to document the software used on PlanetMath (and many otherprojects).

Conclusion


Page 13 of 125

By the end of my Ph. D. project, I hope to have built a "PLE IDE" -- a tool offering personalized support for both learners and developers. I hope to have a robust theoryand practice of dynamical mapping that I will have tested out in several domains related to online learning.

Reference

Wilson, S., Liber, O., Johnson, M., Beauvoir, P., Sharples, P., & Milligan, C. (2006). Personal Learning Environments: Challenging The Dominant Design Of Educational Systems. Proceedings of 2nd International Workshop on Learner-Oriented Knowledge Management and KM-Oriented Learning, In Conjunction With ECTEL06. (pp. 67-76), Crete, Greece.


Page 14 of 125

Investigating narrative ‘effects’: the case of suspense

Richard Doust, [email protected]

Supervisors Richard Power, Paul Piwek

Department/Institute ComputingStatus Part-time

Probation viva BeforeStarting date October 2008

1 Introduction

Just how do narrative structures such as a Hitchcock film generate the well-known feeling known as suspense ? Ourgoal is to investigate the structures of narratives that produce various narrative effects such as suspense, curiosity,surprise. The fundamental question guiding this research could be phrased thus:

What are the minimal requirements on formal descriptions of narratives such that we can capture thesephenomena and generate new narratives which contain them ?

Clearly, the above phenomena may depend also on extra-narrative features such as music, filming angles, and soon. These will not be our primary concern here. Our approach consists of two main parts:

1. We present a simple method for defining a Storybase which for our purposes will serve to produce different‘tellings’ of the same story on which we can test our suspense modelling.

2. We present a formal approach to generating the understanding of the story as it is told, and then use theoutput of this approach to suggest an algorithm for measuring the suspense level of a given telling of a story.We can thus compare different tellings of a story and suggest which ones will have high suspense, and whichones low.

2 Suspense

2.1 Existing definitions

Dictionary definitions of the word ’suspense’ suggest that there really ought to be several different words for whatis more like a concept cluster than a single concept. The Collins English dictionary gives three definitions:

1. apprehension about what is going to happen. . .

2. an uncertain cognitive state; "the matter remained in suspense for several years" . . .

3. excited anticipation of an approaching climax; "the play kept the audience in suspense" anticipation, ex-pectancy - an expectation.

Gerrig and Bernardo (1994) suggest that reading fiction involves constantly looking for solutions to the plot-baseddilemmas faced by the characters in a story world. One of the suggestions which come out of this work is thatsuspense is greater the lower the number of solutions to the hero’s current problem that can be found by the reader.Cheong and Young’s (2006) narrative generating system uses the idea that a reader’s suspense level depends onthe number and type of solutions she can imagine in order to solve the problems facing the narrative’s preferredcharacter.

Generally, it seems that more overarching and precise definitions of suspense are wanting in order to connectsome of the above approaches. The point of view we will assume is that the principles by which literary narrativesare designed are obscured by the lack of sufficiently analytical concepts to define them. We will use as our startingpoint work on stories by Brewer and Lichtenstein (1981) which seems fruitful in that it proposes not only a view ofsuspense, but also of related narrative phenomena such as surprise and curiosity.

1


Page 15 of 125

2.2 Brewer and Lichtenstein’s approach

In Brewer and Lichtenstein (1981) propose that there are three major discourse structures which account for theenjoyment of a large number of stories: surprise, curiosity and suspense. For suspense, there must be an initiatingevent which could lead to significant consequences for one of the characters in the narrative. This event leads tothe reader feeling concern about the outcome for this character, and if this state is maintained over time, then thereader will feel suspense. As Brewer and Lichtenstein say, often ‘additional discourse material is placed betweenthe initiating event and the outcome event, to encourage the build up of suspense’ (Brewer and Lichtenstein, 1981,p.17).

Much of the current work can be seen as an attempt to formalise and make robust the notions of narrativeunderstanding that Brewer laid out. We will try to suggest a model of suspense which explains, for example, howthe placing of additional material between the initiating event and the outcome event increases the suspense felt ina given narrative. We will also suggest ways in which curiosity and surprise could be formally linked to suspense.We also hope that our approach will be able to shed some light on the techniques for creating suspense presentedin writer’s manuals.

3 The storybase

3.1 Event structure perception

Our starting point for analysing story structure is a list of (verbally described) story events. Some recent studies(Speer, 2007) claim that people break narratives down into digestible chunks in this way. If this is the case, thenthere should expect to discover commonalities between different types of narrative (literature, film, storytelling)especially as regards phenomena such as suspense. One goal of this work is to discover just these commonalities.

3.2 Storybase : from which we can talk about variants of the ’same’ story.

One of the key points that Brewer and Lichtenstein make is that the phenomena of suspense depends on the orderin which information about the story is released, as well as on which information is released and which withheld.One might expect, following this account, that telling ‘the same story’ in two different ways might produce differentlevels of suspense.

In order to be able to test different tellings of the same story, we define the notion of a STORYBASE. Thisshould consist of a set of events, together with some constraints on the set. Any telling of the events which obeysthese constraints should be recognised by most listeners as being ‘the same story’. We define four types of linkbetween the members of the set of possible events:

• Starting points, Event links, Causal constraints, Stopping points.

The causal constraints can be positive or negative. They define, for example, which events need to have beentold for others to now be able to be told. Our approach can be seen as a kind of specialised story-grammar fora particular story. The grammar generates ‘sentences’, and each ‘sentence’ is a different telling of the story. Theapproach is different to story schemas. We are not trying to encode information about the world at this stage, anystory form is possible. With this grammar, we can generate potentially all of the possible tellings of a given storywhich are recognisably the same story, and in this way, we can test our heuristics for meta-effects such as suspenseon a whole body of stories.

4 Inference

4.1 Inference types

To model the inferential processes which go on when we listen to or read a story, or watch a film, we define threetypes of inference:

1. Inference of basic events from sensory input : a perceived action in the narrative together with an ‘eventclassifier module’ produces a list of ordered events.

2. Inferences about the current state of the story (or deductions).

3. Inferences about the future state of the story (or predictions).


Page 16 of 125

Clearly these inferential processes also rely on general knowledge about about the world or the story domain, andeven about stories themselves.

So, for each new story event we build up a set of inferences STORYSOFAR of these three types. At each newstory event, new inferences are generated and old inferences rejected. There is a constant process of maintenanceof the logical coherence of the set of inferences as the story is told. To model this formally, we create a set of‘inferential triples’ of the form: “if X and Y then Z” or X.Y->Z, where X, Y, and Z are Deductions or Predictions.

5 Measuring suspense

5.1 A ‘suspense-grammar’ on top of the storybase

To try to capture phenomena such as suspense, curiosity and surprise, we aim to create and test different algorithmswhich take as their input the generated story, together with the inferences generated by the triples mentioned above.A strong feature of this approach is that we can test our algorithms on a set of very closely related stories whichhave been generated automatically.

5.2 Modelling conflicting predictions

Our current model of suspense is based on the existence of conflicting predictions with high salience. (This notionof the salience of a predicted conflict could be defined in terms of the degree to which whole sets of followingpredictions for the characters in the narrative are liable to change. For the moment, intuitively, it relates to howthe whole story might ‘flow’ in a different direction.) For the story domain, we construct the set INCOMP of pairsof mutually conflicting predictions with a given salience:

INCOMP = { (P1,NotP1,Salience1), (P2,NotP2,Salience2), . . . }

We can now describe a method for modelling the conflicting predictions triggered by a narrative. If at time T, P1and NotP1 are members of STORYSOFAR, then we have found two incompatible predictions in our ‘story-so-far’.

5.3 The predictive chain

We need one further definition in order to be able to define our current suspense measure for a story. For a givenprediction P1, we (recursively) define the ’prediction chain’ function C of P1:

C(P1) is the set of all predicted events P such that P.y -> P’ where P’ is a member of C(P1) for somey.

5.4 Distributing salience as a rough heuristic for modelling suspense in a narrative

Suppose we have a predicted conflict between predictionA and predictionB which has a salience of 10. In thesecircumstances, it would seem natural to ascribe the salience of 5 to each of the (at least) two predicted eventspredictionA and predictionB which produce the conflict. Now suppose that leading back from predictionA there isanother predictionC that needs to be satisfied for the predictionA to occur. How do we spread out the salience ofthe conflict over these different predicted events ?

5.5 A ’thermodynamic’ heuristic for creating a suspense measure

A predicted incompatibility as described above triggers the creation of CC(P1,P2,Z), the set of two causal chainsC(P1) and C(P2) which lead up to these incompatible predictions. Now, we have :

CC(P1,P2,Z) = C(P1) + C(P2)

To determine our suspense heuristic, we first find the size L of CC(P1,P2,Z). And at each story step we define thesuspense level S in relation to the conflicting predictions P1 and P2 as S = Z / L. Intuitively, one might say thatthe salience of the predicted incompatibility is ’spread over’ or distributed over the relevant predictions that lead upto it. We can call this a ‘thermodynamic’ model because it is as if the salience or ‘heat’ of one predicted conflictingmoment is transmitted back down the predictive line to the present moment. All events which could have a bearingon any of the predictions in the chain are for this reason subject to extra attention.


Page 17 of 125

If the set of predictions stays the same over a series of story steps, and in a first approximation, we assume thatthe suspensefulness of a narrative is equivalent to the sum of the suspense level of each story step, then we can saythat the narrative in question will have a total suspense level S-total relative to this particular predicted conflict of

S-total = Z/L + Z/(L-1) + Z/(L-2) + . . . + Z/L

as the number of predictions in CC(P1,P2,Z) decreases each time a prediction is either confirmed or annulled. Toresume we can a working definition of suspense as follows:

5.6 Definition of suspense

Definition : the suspense level of a narrative depends on the salience of predicted con-

flicts between two or more possible outcomes and on the amount of story time that these

predicted conflicts remain unresolved and ‘active’.

From this definition of suspense we would expect two results:

1. the suspense level at a given story step will increase as the number of predictions necessary to be confirmedleading up to the conflict decreases, and

2. the way to maximise suspense in a narrative is for the narrative to ‘keep active’ predicted incompatibilitieswith a high salience over several story steps.

In fact, this may be just how suspenseful narratives work. One might say,

suspenseful narratives engineer a spreading of the salience of key moments backwards in

time, thus maintaining a kind of tension over sufficiently long periods for emotional effects

to build up in the spectator.

6 Summary

We make two claims:

1. The notion of a storybase is a simple and powerful to generate variants of the same story.

2. Meta-effects of narrative can be tested by using formal algorithms on these story variants. These algorithmsbuild on modelling of inferential processes and knowledge about the world.

7 References

• Brewer, W. F. (1996). The nature of narrative suspense and the problem of rereading. In P. Vorderer,H. J. Wulff, and M. Friedrichsen (Eds.), Suspense: Conceptualizations, theoretical analyses, and empiricalexplorations. Mahwah, NJ: Lawrence Erlbaum Associates. 107-127.

• Brewer, W.F., and Lichtenstein, E. H. (1981). Event schemas, story schemas, and story grammars. In J.Long and A. Baddeley (Eds.), Attention and Performance IX. Hillsdale, NJ: Lawrence Erlbaum Associates.363-379.

• Cheong, Y.G. and Young, R.M. 2006. A Computational Model of Narrative Generation for Suspense. InComputational Aesthetics: Artificial Intelligence Approaches to Beauty and Happiness: Papers from the 2006AAAI Workshop, ed. Hugo Liu and Rada Mihalcea, Technical Report WS-06-04. American Association forArtificial Intelligence, Menlo Park, California, USA, pp. 8- 15.

• Gerrig R.J., Bernardo A.B.I. Readers as problem-solvers in the experience of suspense (1994) Poetics, 22 (6), pp. 459-472.

• Speer, N. K., Zacks, J. M., & Reynolds, J. R. (2007). Human brain activity time-locked to narrative eventboundaries. Psychological Science, 18, 449-455.


Page 18 of 125

Verifying Authentication Properties of C Security

Protocol Code Using General Verifiers

Francois Dupressoir

Supervisors Andy Gordon (MSR)Jan Jurjens (TU Dortmund)Bashar Nuseibeh (Open University)

Department ComputingRegistration Full-TimeProbation Passed

1 Introduction

Directly verifying security protocol code could help prevent major security flawsin communication systems. C is usually used when implementing security soft-ware (e.g. OpenSSL, cryptlib, PolarSSL...) because it provides control overside-channels, performance, and portability all at once, along with being easyto call from a variety of other languages. But those strengths also make it hardto reason about, especially when dealing with high-level logical properties suchas authentication.

Verifying high-level code. The most advanced results on verifying imple-mentations of security protocols tackle high-level languages such as F#. Twomain verification trends can be identified on high-level languages. The firstone aims at soundly extracting models from the program code, and using acryptography-specific tool such as ProVerif (e.g. fs2pv [BFGT06]) to verify thatthe extracted protocol model is secure with respect to a given attacker model.The second approach, on the other hand, aims at using general verification toolssuch as type systems and static analysis to verify security properties directlyon the program code. Using general verification tools permits a user with lessexpert knowledge to verify a program, and also allows a more modular approachto verification, even in the context of security, as argued in [BFG10].

Verifying C code. But very few widely-used security-oriented programs arewritten in such high-level languages, and lower-level languages such as C areusually favoured. Several approaches have been proposed for analysing C secu-rity protocol code [GP05, ULF06, CD08], but we believe them unsatisfactoryfor several reasons:

• memory-safety assumptions: all three rely on assuming memory-safety

1


Page 19 of 125

properties,1

• trusted manual annotations: all three rely on a large amount of trustedmanual work,

• unsoundness: both [CD08] and [ULF06] make unsound abstractions andsimplifications, which is often not acceptable in a security-criticial context,

• scalability issues: [CD08] is limited to bounded, small in practice, numbersof parallel sessions, and we believe [GP05] is limited to small programs dueto its whole-program analysis approach.

1.1 Goals

Our goal is to provide a new approach to soundly verify Dolev-Yao securityproperties of real C code, with a minimal amount of unverified annotations andassumptions, so that it is accessible to non-experts. We do not aim at verifyingimplementations of encryption algorithms and other cryptographic operations,but their correct usage in secure communication protocols such as TLS.

2 Framework

Previous approaches to verifying security properties of C programs did not de-fine attacker models at the level of the programming language, since they werebased on extracting a more abstract model from the analysed C code (CSur andAspier), or simply verified compliance of the program to a separate specification(as in Pistachio). However, to achieve our scalability goals, we choose to definean attacker model on C programs, that enables a modular verification of thecode.To avoid issues related to the complex, and often very informal semantics of theC language, we use the F7 notion of a refined module (see [BFG10]). In F7,a refined module consists of an imported and an exported interface, contain-ing function declarations and predicate definitions, along with a piece of type-checked F# code. The main result states that a refined module with emptyimported interface cannot go wrong, and careful use of assertions allows oneto statically verify correspondence properties of the code. Composition resultscan also be used to combine existing refined modules whilst ensuring that theirsecurity properties are preserved.We define our attacker model on C programs by translating F7 interfaces intoannotated C header files. The F7 notion of an opponent, and the correspondingsecurity results, can then be transferred to C programs that implement an F7-translated header. The type-checking phase in F7 is, in the case of C programs,replaced by a verification phase, in our case using VCC. We trust that VCC issound, and claim that verifying that a given C program correctly implementsa given annotated C header entails that there exists an equivalent (in terms ofattacks within our attacker model) F7 implementation of that same interface.

1Which may sometimes be purposefully broken as a source of randomness.


Page 20 of 125

3 Case Study

We show how our approach can be used in practice to verify a simple implemen-tation of an authenticated Remote Procedure Call protocol, that authenticatesthe pair of communicating parties using a pre-shared key, and links requestsand responses together. We show that different styles of C code can be verifiedusing this approach, with varying levels of required annotations, very few ofwhich are trusted by the verifier. We argue that a large part of the requiredannotations are memory-safety related and would be necessary to verify otherproperties of the C code, including to verify the memory-safety assumptionsmade by previous approaches.

4 Conclusion

We define an attacker model for C code by interpreting verified C programs asF7 refined modules. We then describe a method to statically prove the impos-sibility of attacks against C code in this attacker model using VCC [CDH+09],a general C verifier. This approach does not rely on unverified memory-safetyassumptions, and the amount of trusted annotations is minimal. We also believeit is as sound and scalable as the verifier that is used. Moreover, we believe ourapproach can be adapted for use with any contract-based C verifier, and couldgreatly benefit from the important recent developments in that area.

References

[BFG10] Karthikeyan Bhargavan, Cedric Fournet, and Andrew D. Gordon.Modular verification of security protocol code by typing. In Proceed-ings of the 37th annual ACM SIGPLAN-SIGACT symposium onPrinciples of programming languages - POPL ’10, pages 445—456,Madrid, Spain, 2010.

[BFGT06] Karthikeyan Bhargavan, Cedric Fournet, Andrew D. Gordon, andStephen Tse. Verified interoperable implementations of security pro-tocols. In CSFW ’06: Proceedings of the 19th IEEE workshop onComputer Security Foundations, pages 139—-152, Washington, DC,USA, 2006. IEEE Computer Society.

[CD08] Sagar Chaki and Anupam Datta. ASPIER: an automated frameworkfor verifying security protocol implementations. Technical CMU-CyLab-08-012, CyLab, Carnegie Mellon University, 2008.

[CDH+09] Ernie Cohen, Markus Dahlweid, Mark Hillebrand, Dirk Leinenbach,Micha l Moskal, Thomas Santen, Wolfram Schulte, and Stephan To-bies. VCC: a practical system for verifying concurrent C. In Pro-ceedings of the 22nd International Conference on Theorem Prov-ing in Higher Order Logics, pages 23—42, Munich, Germany, 2009.Springer-Verlag.

[GP05] Jean Goubault-Larrecq and Fabrice Parrennes. Cryptographic pro-tocol analysis on real C code. In Proceedings of the 6th International


Page 21 of 125

Conference on Verification, Model Checking and Abstract Interpre-tation (VMCAI’05), volume 3385 of Lecture Notes in Computer Sci-ence, page 363–379. Springer, 2005.

[ULF06] Octavian Udrea, Cristian Lumezanu, and Jeffrey S Foster. Rule-Based static analysis of network protocol implementations. IN PRO-CEEDINGS OF THE 15TH USENIX SECURITY SYMPOSIUM,pages 193—208, 2006.


Page 22 of 125

Agile development and usability in practice: Work cultures of engagement

Jennifer [email protected]

Supervisors Helen SharpHugh Robinson

Department/Institute ComputingStatus FulltimeProbation viva After Starting date February, 2008

Abstract. Combining usability and Agile development is a complex topic. My academic research, combined with my research into practice, suggests three perspectives from which the topic can be usefully examined. The first two (addressing focus and coordination issues) are typically the perspectives taken in the literature and are popular items for discussion. I propose that there is a third, largely unexplored perspective that requires attention, that of how developers and designers engage inthe context of their work cultures.

1 IntroductionBoth disciplines are still in a state of uncertainty about how one relates to the other — in terms of whether they are addressing the same underlying issues, whether they belong to and should be recognised as one “process”, who takes the lead and who adjusts to whom. The complexity of the problem arises from practitioner and academic contributions to the literature, as well as the varying perspectives the contributors hold. Complexity further arises from the practical settings in which the problem plays out, settings characterised by different balances of power and different levels of influence the designers and developers may have on determining how they work. What is clear, is that the solutions proposed, follow the ways in which the problem is conceptualised. It certainly matters how the problem is conceptualised, as this reflects which issues are important enough to address and the ways to go about doing that. In light of this, we can unpick from the complexity three emerging strands of discussion that deal with usability in an agile domain.

For the benefit of the following discussion, I am making the assumption that a developer constituency exists separately from a designer constituency. Further, that if questioned, a developer would not consider themselves doing the work of a designer and vice versa. Of course, this is not always the case in practice. I have encountered Agile teams with no dedicated usability person assigned to work with the team, where developers were addressing usability-related issues as part of their everyday work. This illustrates yet another layer of complexity associated with practice that must be acknowledged, but can not be adequately addressed within the limitations of this paper.

2 A question of focusIn the first perspective, the combination of usability approaches with Agile approaches helps practitioners focus on important aspects of software development. While Agile approaches focus on creating working software, usability approaches focus on creating a usable design that may or may not be in the form of working software. A central concern of this perspective is how to support the weaknesses of one with the strengths of the other. Agile approaches are seen to lack an awareness of usability issues, with little guidance for how and when designers contribute to the process. Usability approaches are seen to lack a structured approach to transforming designs into working software and, therefore, little guidance on how developers are involved. Therefore, they are seen as complementary approaches that, used together, improve the outcome of the software development effort. This often serves as the motivation for combining Agile development and usability in the first place. We find examples in the literature that combine established Agile approaches, e.g., eXtreme Programming, or


Page 23 of 125

Scrum, with established design approaches, e.g., Usage-Centered Design [6], Usability Engineering [5]. We also find examples of well-known HCI techniques such as personas [1] and scenarios [3] being used on Agile projects.

3 A question of coordinationThe second perspective on how to bring usability and Agile development together is one where it is considered a problem of coordination. That is, the central concern is how to allow the designers and developers to carry out their individual tasks, and bring them together at the appropriate points. Designers require enough time at the outset of the project to perform user research and sketch out a coherent design. To fit with the time-boxed Agile cycles, usability techniques are often adapted to fit within shorter timescales. Advice is generally to have designers remain ahead of the developers, so that they have enough time to design for what is coming ahead and evaluate what has already been implemented. In the literature we find examples of process descriptions as a way of addressing this coordination issue. They provide a way to mesh the activities of both designers and developers, by specifying the tasks that need to be performed in a temporal sequence (e.g., [4]).

4 Work cultures of engagementThe third perspective addresses practical settings and has received little attention so far. In this perspective, rather than concentrating on processes or rational plans that abstract away from the circumstances of the actions, the situatedness of the work of the developers and designers is emphasised. This perspective encompasses both of those discussed above, while acknowledging that issues of coordination and focus are inextricably linked with the setting in which practitioners work. That is, how the developers and designers coordinate their work and how focus is maintained, in practice is shaped and sustained by their work setting.

With work culture I specifically mean the “set of solutions produced by a group of people to meet specific problems posed by the situation that they face in common” [2, p.64], in a work setting. If developers and designers are brought together by an organisation, they will be working together amid values and assumptions about the best way to get the work done — the manifestations of a work culture. I combine work cultures with engagement to bring the point across that how developers and designers engage with one another depends in essential ways on the embedded values and assumptions regarding their work and what is considered appropriate behaviour in their circumstances.

My research into practice has provided evidence for how practical settings shape developers and designers engaging with one another. We find that developers and designers get the job done through their localised, contingent and purposeful actions that are not explained by the perspectives above. Further, the developers and designers can be embedded in the same work culture, such that they share values, assumptions and behaviours for getting the work done. But we have also encountered examples where developers and designers are in separate groups and embedded in distinct work cultures. Engaging in this sense requires that individuals step outside their group boundaries and figure out how to deal with each other on a daily basis — contending with very different values, assumptions and behaviours compared to their own.

This is an important perspective to consider because of the implications for practice that it brings — highlighting the role of work culture, self-organisation and purposeful work. It is also a significant perspective, since we are unlikely to encounter teams in practice who are fully self-directed and independent of other teams, individuals or organisational influences.

5 Concluding remarks5

As we work through the problems that crossing disciplinary boundaries suggest, we simultaneously need an awareness of which conception of the problem is actually being addressed. In this paper I have identified a third perspective requiring attention, where we take account of the work settings in which the combination of Agile development and usability is played out. According to this perspective, it would be unrealistic to expect that one ideal approach would emerge and successfully translate to any other work setting. Instead, it shifts attention to the work cultures involved in usability and Agile development in practice. It shows how understanding and supporting the mechanisms of the work cultures that achieve engagement in that setting, contribute to understanding and supporting the mechanisms that enable usability in an agile domain.

References

1. Haikara, J.: Usability in Agile Software Development: Extending the Interaction Design Process with Personas Approach . In: Concas, G., Damiani, E., Scotto, M., Succi, G. (eds.)


Page 24 of 125

Agile Processes in Software Engineering and Extreme Programming. LNCS, vol. 4536/2007, pp. 153–156. Springer, Berlin/Heidelberg (2007)

2. Vaughan, D.: The Challenger Launch Decision: Risky technology, culture and deviance at NASA. The University of Chicago Press, Chicago and London (1996)

3. Obendorf, H., Finck, M.: Scenario-based usability engineering techniques in agile development processes. In: CHI ’08 Extended Abstracts on Human Factors in Computing Systems (Florence, Italy, April 05 - 10, 2008), pp. 2159–2166. ACM, New York, NY (2008)

4. Sy, D.: Adapting usability investigations for Agile user-centered design. Journal of Usability Studies 2(3), 112–132 (2007)

5. Kane, D.: Finding a Place for Discount Usability Engineering in Agile Development: Throwing Down the Gauntlet. In: Proceedings of the Conference on Agile Development (June 25 - 28, 2003), pp. 40. IEEE Computer Society, Los Alamitos, CA (2003)

6. Patton, J.: Hitting the target: adding interaction design to agile software development. In: OOPSLA 2002 Practitioners Reports (Seattle, Washington, November 04 - 08, 2002), pp. 1-ff. ACM, New York, NY (2002)


Page 25 of 125

Model Driven Architecture of Large Distributed Hard Real Time Systems

Michael A Giddings [email protected]

Supervisors Dr Pat Allen

Dr Adrian Jackson Dr Jan Jürjens, Dr Blaine Price

Department/Institute Department of Computing Status Part-time Probation viva Before Starting date 1 October 2008 1. Background

Distributed Real-time Process Control Systems are notoriously difficult to develop. The problems are compounded where there are multiple customers and the design responsibility is split up between different companies based in different countries. The customers are typically users rather than developers and the domain expertise resides within organisations whose domain experts have little software expertise. Two types of Distributed real-time Process Control Systems are open loop systems and closed loop systems (with and without feedback). Typical examples are used for the display of sensor data and control of actuators based on sensor data. Typically systems contain a mixture of periodic and event driven processing with states changing much more slowly than individual periodic processing steps. In addition to the functional requirements, non functional requirements are also needed to describe the desired operation of the software system. A number of these requirements may be grouped together as performance requirements. Performance requirements are varied and depend on the particular system to which they refer. In early systems performance was managed late in the development process on a ‘fix it later’ basis. (Smith 1990). As software systems became more sophisticated it became necessary to manage performance issues as early as possible to avoid the cost impact of late detected performance failures. 2. The Problem

The need for modelling performance for the early detection of performance failures is well established. (Smith 1990). Recent surveys have shown that the adoption of the Unified Modelling Language (UML) in software systems development remains low at 16% with no expected upturn. The use of trial and error methods in embedded system development remains at 25%. (Sanchez and Acitores 2009).


Page 26 of 125

A number of summary papers exist that list the performance assessment methods and tools. (Smith 2007), (Balsamo, Di Marco et al. 2004), (Koziolek 2009) and (Woodside, Franks et al. 2007). These identify performance assessment methods suitable for event driven systems, client/server systems, layered queuing networks and systems with shared resources. Fifteen performance approaches identified to combat the ‘fix-it-later’ approach have been summarised. (Balsamo, Di Marco et al. 2004). These methods apply to a broad range of software systems and performance requirements. In particular they cover shared resources (Hermanns, Herzog et al. 2002), client/servers (Huhn, Markl et al. 2009) and event driven systems (Staines 2006) (Distefano, Scarpa et al. 2010) and mainly focus on business systems. Each of these performance methods can contribute to the performance analysis of Distributed Real-time Process Control Systems but rely on system architecture and software design being wholly or partly complete. 3. Proposed Solution

In this paper I propose modelling individual system elements, sensors, actuators, displays and communication systems as periodic processes associated with a statistical description of the errors and delays. Existing performance methods based on MARTE (OMG 2009) using the techniques described above can be used for individual elements to calculate performance. The proposed methodology, however, enables models to be developed early for systems which comprise individual processing elements, sensors, actuators, displays and controls linked by a bus structure prior to the development of UML models. System architects establish the components and component communications early in the system lifecycle. Tools based on SysML 1.1 (OMG 2008) provide a method of specifying the system architecture. These design decisions frequently occur prior to any detailed performance assessment. Early performance predictions enable performance requirements to be established for individual system elements with a greater confidence than the previous ‘fix-it-later’ approach. (Eeles 2009). It has been claimed (Lu, Halang et al. 2005; Woodside, Franks et al. 2007) that Model Driven Architecture (MDA) (OMG 2003) is able to aid in assessing performance. A periodic processing architecture may enable early assessment of performance by permitting loosely coupled functional elements to be used as building blocks of a system. A high level of abstraction and automatic translation between models can be achieved using functional elements. Platform independent models for the individual components of the system mixed with scheduling information for each component may enable the impact of functional changes and real performance to be assessed early in the development process. Models for individual elements can be combined taking into account that the iteration schedules for each element are not synchronised with each other. These models can be animated or performance calculated with established mathematical methods (Sinha 1994). One way that MDA may be used to provide early performance assessment is to develop a functional model similar to CoRE (Mullery 1979) alongside the UML (OMG 2003) models in the MDA Platform Independent Model. The functional model


Page 27 of 125

can then be developed by domain experts without any knowledge of software techniques. For central system computers it can also be used to identify classes and methods in the MDA Platform Independent Model by a simple semi-automatic process similar to the traditional noun and verb annunciation methods. It can be used to identify simple functional elements which can be implemented as part of a periodic iteration architecture. Animation of these functional elements at the requirements stage may be undertaken in a way which will reflect the actual performance of the computer. Non periodic processing elements, bus systems, sensors, actuators, displays and controls can be represented by abstractions based on an iteration schedule. This model can be used to specify the requirements for individual elements Connections between the independent functional elements which represent the notional data flow across a periodic system can be used to establish functional chains which can identify all the functional elements that relate to each specific end event. Each functional chain can then be analysed into a collection of simple sub-chains. Not all of which will have the same performance requirements when combined to meet the overall performance requirement. When each of the sub-chains has been allocated its own performance criteria individual functional elements can be appropriately scheduled within a scheduling plan with each element only being scheduled to run sufficiently frequently to meet the highest requirement of each sub-chain. This leads to a more efficient use of processing capacity than conventional periodic systems. This provides three opportunities to animate the overall system which should produce similar results. The first opportunity is to schedule algorithms defined within the definition of each functional element in the functional model associated with the MDA Platform Independent Model. The second opportunity is to animate the object oriented equivalent of the functional chain in the UML models in the MDA Platform Independent Model (PIM) for the central processing elements. These would combine sequence diagrams which represent the functional model functional elements and objects and attributes of objects to represent the notional data flow. These would be combined with the functional chains for the remaining system elements. The third opportunity is to replace the functional chains generated from the Platform PIM with implemented functional elements from the MDA Platform Specific Models PSMs. Each animation would use standard iteration architectures to execute each functional element in the right order at the correct moment in accordance with regular predictable scheduling tables. The iteration parameters can be generated in a form which can be applied to each animation opportunity and final implementation without modification. Functional chains can be extracted from the functional model and animated independently enabling full end to end models to be animated using modest computing resources.


Page 28 of 125

4. Conclusion The proposed methodology enables performance to be animated or calculated early in the design process generating models automatically focused on sections of the system which relate to individual performance end events prior to architectural and software structures being finalised. 5. References

Balsamo, S., A. Di Marco, et al. (2004). "Model-based performance prediction in software development: a survey." Software Engineering, IEEE Transactions on 30(5): 295-310.

Distefano, S., M. Scarpa, et al. (2010). "From UML to Petri Nets: the PCM-Based Methodology." Software Engineering, IEEE Transactions on PP(99): 1-1.

Eeles, P. C., Peter (2009). The process of Software Architecting, Addison Wesley Professional.

Hermanns, H., U. Herzog, et al. (2002). "Process algebra for performance evaluation." Theoretical Computer Science 274(1-2): 43-87.

Huhn, O., C. Markl, et al. (2009). "On the predictive performance of queueing network models for large-scale distributed transaction processing systems." Information Technology & Management 10(2/3): 135-149.

Koziolek, H. (2009). "Performance evaluation of component-based software systems: A survey." Performance Evaluation In Press, Corrected Proof.

Lu, S., W. A. Halang, et al. (2005). A component-based UML profile to model embedded real-time systems designed by the MDA approach. Embedded and Real-Time Computing Systems and Applications, 2005. Proceedings. 11th IEEE International Conference on.

Mullery, G. P. (1979). CORE - a method for controlled requirement specification. Proceedings of the 4th international conference on Software engineering. Munich, Germany, IEEE Press.

OMG. (2003). "MDA Guide Version 1.0.1 OMG/2003-06-01." from <http://www.omg.org/docs/omg/03-06-01.pdf>.

OMG. (2003). "UML 1.X and 2.x Object Management Group." from www.uml.org. OMG (2008). OMG Systems Modelling Language (SysML) 1.1. OMG (2009). "OMG Profile ‘UML Profile for MARTE’ 1.0." Sanchez, J. L. F. and G. M. Acitores (2009). Modelling and evaluating real-time

software architectures. Reliable Software Technologies - Ada-Europe 2009. 14th Ada-Europe International Conference on Reliable Software Technologies, Brest, France, Springer Verlag.

Sinha, N. K., Ed. (1994). Control Systems, New Age International. Smith, C. (1990). Perfomance Engineering of software systems, Addison Wesley. Smith, C. (2007). Introduction to Software Performance Engineering: Origins and

Outstanding Problems. Formal Methods for Performance Evaluation: 395-428. Staines, T. S. (2006). Using a timed Petri net (TPN) to model a bank ATM.

Engineering of Computer Based Systems, 2006. ECBS 2006. 13th Annual IEEE International Symposium and Workshop on.

Woodside, M., G. Franks, et al. (2007). The Future of Software Performance Engineering. Future of Software Engineering, 2007. FOSE '07, Minneapolis, MN


Page 29 of 125

An Investigation Into Design Diagrams and Their

Implementations

Alan Hayes

[email protected]

Supervisors Dr Pete Thomas

Dr Neil Smith

Dr Kevin Waugh

Department/Institute Computing Department

Status Part-time

Probation viva After

Starting date 1st October 2005

The broad theme of this research is concerned with the application of information

technology tools and techniques to automatically generate formative feedback based

upon a comparison of two separate, but related, artefacts. An artefact is defined as a

mechanism through which a system is described. In the case of comparing two

artefacts, both artefacts describe the same system but do so through the adoption of

differing semantic and modelling constructs. For example, in the case of a student

coursework submission, one artefact would be that of a student-submitted design

diagram (using the syntax and semantics of UML class diagrams) and the second

artefact would be that of the student-submitted accompanying implementation (using

java syntax and semantics). Both artefacts represent the student’s solution to an

assignment brief set by the tutor. The design diagram describes the solution using one

set of semantic representations (UML class diagrams) whilst the implementation

represents the same solution using an alternative set (Java source code). Both artefacts

are describing the same system and represent a solution to the assignment brief. An

alternative example would be that of a student submitting an ERD diagram with an

accompanying SQL implementation.

This research aims to identify the generic mechanisms needed for a tool to be able to

compare two different, but related, artefacts and generate meaningful formative

feedback based upon this comparison. A case study is presented that applies these

components to the case of automatically generating formative assessment feedback to

the students based upon their submission. The specific area of formative feedback

being addresses is based upon a comparison between the submitted design and the

accompanying implementation. Constituent components described within each

artefact are considered to be consistent if, despite the differing modelling constructs,

they describe features that are common to both artefacts. The design (in diagrammatic

format) is viewed as prescribing the structure and function contained within the

implementation, whilst the implementation (source code) is viewed as implementing

the design whilst adhering to its specified structure and function. There are several

major challenges and themes that feed into this issue. The first is how the consistency

between a student-submitted design and its implementation can be measured in such a

way that meaningful formative feedback could be generated. This involves being able

to represent both components of the student submission in a form that facilitates their

comparison. Thomas et al [2005] and Smith et al [2004] describe a method of

reducing a student diagram into meaningful minimum components. Tselonis et al


Page 30 of 125

[2005] adopt a graphical representation mapping entities to nodes and relationships to

arcs. Consequently, one component of this research addresses how the student

submitted design and its source code representation can be reduced to their constituent

meaningful components.

The second challenge associated with this research addresses the problem of how to

facilitate a meaningful comparison between these representations and how the output

of a comparison can be utilised to produce meaningful feedback. This challenge is

further complicated as it is known that the student submission will contain errors.

Smith et al [2004] and Thomas et al [2005] identified that the student diagrams will

contain data that is either missing or extraneous. Thomasson et al [2006] analysed the

designs of novice undergraduate computer programmers and identified a range of

typical errors found in the student design diagrams. Additionally, Bollojou et al

[2006] analysed UML modelling errors made by novice analysts and have identified a

range of typical semantic errors made. Some of these errors will propagate into the

student implementation whilst some will not.

This research investigates how such analysis and classifications can be used to

support the development of a framework that facilitates the automation of the

assessment process. This work will be complemented by an analysis of six data sets

collated for this research. Each data set is comprised of a set of student diagrams and

their accompanying implementations. It is anticipated that this work will be of interest

to academic staff engaged in the teaching, and consequently assessment, of

undergraduate computing programmes. It will also be of interest to academic staff

considering issues surrounding the prevention of plagiarism. Additionally, it will be

of interest to those engaged in the field of software engineering and in particular to

those involved in the auditing of documentation and practice.

References

[1] Higgins C., Colin A., Gray G., Symeonidis P. and Tsintsifas A. 2005 Automated

Assessment and Experiences of Teaching Programming. In Journal on

Educational Resources in Computing (JERIC) Volume 5 Issue 3, September 2005.

ACM Press

[2] Thomasson B., Ratcliffe M. and Thomas L., 2005 Identifying Novice Difficulties

in Object Oriented Design. In Proceedings of Information Technology in

Computer Science Education (ITiCSE ’06), June 2006, Bologna, Italy.

[3] Bolloju N. and Leung F. 2006 Assisting Novice Analysts in Developing Quality

Conceptual Models with UML. In Communications of the ACM June 2006, Vol

49, No. 7, pp 108-112

[4] Tselonis C., Sargeant J. and Wood M. 2005 Diagram Matching for Human-

Computer Collaborative Assessment. In Proceedings of the 9th

International

conference on Computer Assisted Assessment, 2005.


Page 31 of 125

[5] Smith N., Thomas, P. and Waugh K. (2004) Interpreting Imprecise Diagrams. In

Proceedings of the Third International Conference in Theory and Applications of

Diagrams. March 22-24, Cambridge, UK. Springer Lecture Notes in Computer

Science, eds: Alan Blackwell, Kim Marriott, Atsushi Shimomnja, 2980, 239-241.

ISBN 3-540-21268-X.

[6] Thomas P., Waugh K. and Smith N., (2005) Experiments in the Automated

Marking of ER-Diagrams. In Proceedings of 10th

Annual Conference on

Innovation and Technology in Computer Science Education (ITiCSE 2005)

(Lisbon, Portugal, June 27-29, 2005).


Page 32 of 125

An Investigation into Interoperability of Data Between Software Packages used to Support the Design, Analysis and

Visualisation of Low Carbon Buildings

Robina Hetherington [email protected]

Supervisors Robin Laney

Stephen Peake Department/Institute Computing Status Fulltime Probation viva Before Starting date January 2010

This paper outlines a preliminary study into the interoperability of building design and energy analysis software packages. It will form part of a larger study into how software can support the design of interesting and adventurous low carbon buildings. The work is interdisciplinary and is concerned with design, climate change and software engineering.

Research Methodology The study will involve a blend of research methods. Firstly the key literature surrounding the study will be critically reviewed. A case study will look at the modelling of built form, with reflection upon the software and processes used. The model used in the case study will then be used to enable the analysis of data movement between software packages. Finally conclusions regarding the structures, hierarchies and relationships between interoperable languages used in the process will be drawn. This will inform the larger study into how software can support the design of interesting and adventurous low carbon buildings.

Research questions: 1. What are the types of software used to generate building models and conduct

the analysis of energy performance? 2. What is the process involved in the movement of data from design software to

energy analysis software to enable the prediction of the energy demands of new buildings?

3. What are the potential limitations of current interoperable languages used to exchange data and visualise the built form?

Context Software has an important role in tackling climate change, it is “a critical enabling technology” [1]. Software tools can be used to support decision making surrounding climate change in three ways; prediction of the medium to long term effects, formation and analysis of adaptation strategies and support of mitigation methods. This work falls into the later category, to reduce the sources of greenhouse gases through energy efficiency and the use of renewable energy sources [2].

Climate change is believed to be caused by increased anthropogenic emissions of green house gases. One of the major greenhouse gases is carbon dioxide. In the UK


Page 33 of 125

the Climate Change Act of 2008 has set legally binding targets to reduce the emission of carbon dioxide by 80% from 1990 levels by 2050 [3]. As buildings account for almost 50% of UK carbon dioxide emissions the necessary alteration of practices related to the construction and use of buildings will have a significant role in achieving these targets [4]. In 2007 the UK Government announced the intention that all new houses would be carbon neutral by 2016 in the “Building a Greener Future: policy statement”. This is to be achieved by progressive tightening of Building Regulations legislation over a number of years [4]. Consultations are currently taking place on the practicalities of legislating for public sector buildings and all new non-domestic buildings to be carbon neutral by 2018 and 2019 respectively [5]. The changes in praxis in the next 20-30 years facing the construction industry caused by this legislation are profound [6].

Software used in building modelling Architecture has gone through significant changes since the 1980s when CAD [Computer Aided Draughting/Design] was introduced. The use of software has significantly altered working practices and enabled imaginative and inspiring designs, sometimes using complex geometries only achievable through the use of advanced modelling and engineering computational techniques. However, the advances in digital design media have created a complex web of multiple types of software, interfaces, scripting languages and complex data models [7].

The types of software used by architects can be grouped into three main categories: CAD software that can be used to generate 2D or 3D visualizations of buildings. This type of software evolved from engineering and draughting practices, using command line techniques to input geometries. This software is mainly aimed at imitating paper based practices, with designs printed to either paper or pdf. Visualization software, generally used in the early design stages for generating high quality renderings of the project. BIM [Building Information Modelling] software has been a significant development in the last few years. BIM software contains the building geometry and spatial relationship of building elements in 3D. It can also hold geographic information, quantities and properties of building components, with each component as an ‘object’ recorded in a backend database. Building models of this type are key to the calculations now required to support zero carbon designs [8]. Examples of BIM software are Revit by Autodesk[9], and ArchiCAD by Graphisoft[10] and Bentley Systems [11]

Energy analysis software Analysis software is used to perform calculations such as heat loss, solar gains, lighting, acoustics, etc. This type of analysis is usually carried out by a specialist engineer, often subsequent to the architectural design. The available tools are thus aimed at the expert engineer who have explicit knowledge to run and interpret the results of the simulation. This means that, until recent legislative changes, there was no need for holistic performance assessment to be integrated into design software [12].

Calculation of energy consumption requires a model of the proposed building to make the detailed estimates possible. Examples of expert tools that use models for the calculation are TRNSYS [13], IES Virtual Environment [14], EnergyPlus [15]. One tool that supports the architectural design process is Ecotect [16], which has a more intuitive graphical interface and support to conduct a performance analysis [12].


Page 34 of 125

Energy analysis is one-way iterative process, with geometric meshes and data transferred from the design package to the various analysis tools. Every design iteration will (or should) involve a re-run of the environmental analysis tool [17]. The mesh geometry requires manipulation for this movement into the analysis software from the modelling environment and data such as material properties needs to be re-entried, with a significant penalty in time and possible loss or corruption of data [18][19].

Key research into interoperable languages used in the AEC [Architectural Engineering and Construction] industry A number of interoperable languages, relating to building designs, have been developed since the release of version 1.0 of the XML [eXtensible Markup Languages] standard in February 1998. They include visualisation schemas mainly used for as the source for the display of models: X3D[eXtensible 3D], based on VRML [Virtual Reality Modeling Language], CityGML for the representation of 3D urban objects and COLLADA [COLLAborative Design Activity]. The ifcXML [Industry Foundation Classes eXtensible Markup Language] specification, developed by the IAI [Industrial Alliance for Interoperability], was designed to facilitate the movement of information from and between BIM software. It was designed in a “relational” manner, as a result of the BIM database concept. Accordingly there is concern about the potential file size and complexity of the standard arising from the XML format and the amount of data it can contain [20] [21]. Also, the seamless interoperability it is intended to support has proved to be elusive. Take up has been slow and incomplete with software companies not always supportive [22]. A language designed specifically for interchange of data between design modelling environments and energy analysis packages is gbXML [Green Building eXtensible Markup Language]. In comparison with ifcXML it is considerably simpler and easier to understand [23]. However, it limitations are evident in the geometric detail contained in the file which inhibits the transfer back to the design package [17].

Next stage – a case study This paper has set the case study in context and given the key research in the area of interoperability in AEC projects. In the next stage a small house will be designed in Revit and the environmental design analysed in Ecotect to gain experience in using the tools and enable reflection on the software and procedures involved. ifcXML and gbXML files will be exported and analysed.

Future work The software used in this study are all developed by commercial organizations, typically with an incremental, yearly update. New software, such as Ecotect, is often brought in from an independent developer. However, open platforms are generally considered to “promote innovation and diversity more effectively than proprietary ones” [24]. In the field of climate change, given the profound threat to humanity, a community approach is seen as potentially a better way forward [25]. Future work will look at how building design software may evolve to meet the challenge of designing interesting and beautiful low carbon buildings.

References [1] S.M. Easterbrook, “First international workshop on software research and climate change,”

Proceeding of the 24th ACM SIGPLAN conference companion on Object oriented programming systems languages and applications - OOPSLA '09, Orlando, Florida, USA: 2009, p. 1057.

[2] S. Peake and J. Smith, Climate change : from science to sustainability, Milton Keynes


Page 35 of 125

[England]; Oxford: Open University; Oxford University Press, 2009. [3] Great Britain, Climate Change Act of 2008, 2008. [4] Department for Communities and Local Government, “Building a Greener Future: policy

statement,” Jul. 2007. [5] Zero Carbon Hub, “Consultation on Zero Carbon Non-Domestic Buildings”

http://www.zerocarbonhub.org/events_details.aspx?event=3 [Accessed January 28, 2010]. [6] T. Oreszczyn and R. Lowe, “Challenges for energy and buildings research: objectives, methods

and funding mechanisms,” Building Research & Information, vol. 38, 2010, pp. 107-122. [7] R. Oxman, “Digital architecture as a challenge for design pedagogy: theory, knowledge, models

and medium,” Design Studies, vol. 29, 2008, pp. 99-120. [8] E. Krygiel and B. Nies, Green BIM : successful sustainable design with building information

modeling, Indianapolis Ind.: Wiley Pub., 2008. [9] Autodesk, “Revit Architecture Building Information Modeling Software - Autodesk,” Revit

Architecture Building Information Modeling Software - Autodesk http://usa.autodesk.com/adsk/servlet/pc/index?id=3781831&siteID=123112 [Accessed April 26, 2010].

[10] Graphisoft, “ArchiCAD 13 - Overview,” ArchiCAD 13 - Overview http://www.graphisoft.com/products/archicad/ [Accessed April 26, 2010].

[11] Bentley, “Construction Software | Architectural Software | Building Information Modeling,” Construction Software | Architectural Software | Building Information Modeling http://www.bentley.com/en-US/Solutions/Buildings/ [Accessed April 26, 2010].

[12] A. Schlueter and F. Thesseling, “Building information model based energy/exergy performance assessment in early design stages,” Automation in Construction, vol. 18, 2009, pp. 153-163.

[13] Transsolar Energietechnik GmbH, “TRANSSOLAR Software | TRNSYS Overview,” TRANSSOLAR Software | TRNSYS Overview http://www.transsolar.com/__software/docs/trnsys/trnsys_uebersicht_en.htm [Accessed April 26, 2010].

[14] IES, “IES - Sustainable 3D Building Design, Architecture Software - Integrated Environmental Solutions,” IES - Sustainable 3D Building Design, Architecture Software - Integrated Environmental Solutions http://www.iesve.com/content/default.asp?page= [Accessed April 26, 2010].

[15] U.S. Department of Energy, “Building Technologies Program: EnergyPlus,” Building Technologies Program: EnergyPlus http://apps1.eere.energy.gov/buildings/energyplus/ [Accessed April 26, 2010].

[16] Autodesk, “Autodesk - Autodesk Ecotect Analysis,” Autodesk - Autodesk Ecotect Analysis http://usa.autodesk.com/adsk/servlet/pc/index?siteID=123112&id=12602821 [Accessed April 26, 2010].

[17] N. Hamza and M. Horne, “Building Information Modelling: Empowering Energy Conscious Design,” 3rd Int’l ASCAAD Conference on Em‘body’ing Virtual Architecture, Alexandria, Egypt: .

[18] I. Pritchard and E. Willars, Climate Change Toolkit, 05 Low Carbon Design Tools, RIBA, 2007. [19] A. Lawton and D. Driver, “Autodesk Sustainable Design Curriculum 2010 – Lesson 1,” 2010. [20] V. Bazjanac, “Building energy performance simulation as part of interoperable software

environments,” Building and Environment, vol. 39, 2004, pp. 879-883. [21] R. Howard and B. Bjork, “Building information modelling – Experts’ views on standardisation

and industry deployment,” Advanced Engineering Informatics, vol. 22, 2008, pp. 271-280. [22] R. Jardim-Goncalves and A. Grilo, “Building information modeling and interoperability,”

Automation in Construction, 2009. [23] B. Dong, K. Lam, Y. Huang, and G. Dobbs, “A comparative study of the IFC and gbXML

informational infrastructures for data exchange in computational design support environments,” Tenth International IBPSA Conference, Beijing: IBPSA China: 2007.

[24] S. Johnson, “Rethinking a Gospel of the Web,” The New York Times http://www.nytimes.com/2010/04/11/technology/internet/11every.htm?pagewanted=print [Accessed April 26, 2010].

[25] A.A. Voinov, C. DeLuca, R.R. Hood, S. Peckham, C.R. Sherwood, and J.P.M. Syvitski, “A Community Approach to Earth Systems Modeling,” Eos, Transactions American Geophysical Union, vol. 91, 2010, p. 117.


Page 36 of 125

Understanding Object-Relational Impedance Mismatch: A

Framework Based Approach Chris Ireland

[email protected]

Supervisors David Bowers

Mike Newton

Kevin Waugh

Department/Institute Computing

Status 5th Year, Part-time

Probation viva Completed

Starting date 1 October 2005

Research Question

Object-relational impedance mismatch is the label used to classify the problems faced by the developer

of an object-oriented application that must use a relational database for storage. What is object-

relational impedance mismatch, how do we know if a particular strategy is the most appropriate way to

address the problems it presents and what can be done to improve the situation?

Background

In [1] I describe a framework and classification (Figure 1) that provide new insights into the object-

relational mapping (ORM) strategies used to address problems of an object-relational impedance

mismatch.

Instance

Schema

Language

Concept

Object Orientation

OOPL (e.g. Java)

Application

Object

SQL

DB Schema

Row

Representation Mismatch(Pattern)

InstanceMismatch(Transformation)

Conceptual

Mismatch

(Reconciliation)

Emphasis

Mismatch

(Mapping)

State

Structur

e

Be

ha

vio

ur

Relational

Figure 1 - My Conceptual Framework and Classification of Impedance Mismatch

What is not clear are how one uses my framework to understand an ORM strategy, where does one

start, how does one proceed, what can one expect to discover and how do we understand changes that

may improve the situation? Figure 2 provides an overview of one process for using my framework. I


Page 37 of 125

describe this process in more detail in [5]. The process and framework have been validated by

comparing and contrasting the outcomes with those possible using the classification of Fussell [6].

Figure 2 - My Framework Based Approach

The framework may also be used to understand (possible) solutions to problems of an object-relational

impedance mismatch. At the last CRC PhD Student Conference I set an objective to understand the

consequences of changes introduced in Object-Relational SQL (OR-SQL) [7] using my framework.

OR-SQL is a language level change and may be one solution to problems of an object-relational

impedance mismatch. This work is complete and the results have been published in [8]. I found that

OR-SQL does not improve the situation and that the term relational database is now overloaded.

So what…

ORM strategies are not new. There is a body of literature (e.g. Keller [2], Ambler [3], Hohenstein [4])

that provide a description and analysis of each ORM strategy. This analysis is focused on the practical

consequences of combining object and relational artefacts rather than understanding the underlying

issues with an ORM strategy. Achieving an understanding of the underlying issues is the objective of

my framework and process. Analysis using my framework asks that one thinks about an ORM strategy

in a new way. In so doing it helps to provide new insights into an ORM strategy, highlight new issues,

understand cause and effect, and suggest improvements to an ORM strategy.

In [1] (this was awarded a best paper at the conference), [5] and [8] I have shown that the framework

and process do provide new insights. These insights provide an opportunity to improve an ORM

strategy and the context in which that ORM strategy operates, and to understand how best to make use


Page 38 of 125

of new features in OR-SQL. Such information is useful to standards bodies, tools vendors and those

who define an ORM strategy using SQL or OR-SQL. Thinking about the consequences of an ORM

strategy provides information necessary to choose between alternatives. This information is invaluable

to those who implement an ORM strategy.

The Problem

The framework provides guidance on the use of my framework but there is still a need for clear

guidance on how to compare object and relational representations. What is the basis for a comparison

and how might we go about making a comparison?

Current Research Activities

I am exploring how we might explore the different kinds of impedance mismatch described in Figure

1. To that end I am developing a technique based on equivalence. Problems of an impedance mismatch

exist because object and relational representations are different, but how are they equivalent?

An object and a relational design reflect aspects of a universe of discourse ([9], p2-1). That universe of

discourse provides a point of reference common to both object and relational representations. Whilst

each design uses a different conceptual framework, language and structure(s) to describe that universe

they are representations of the same universe. So, whilst object and relational representations are

different, if we are not to lose information in a round-trip between an object-oriented application and a

relational database they must be equivalent descriptions of that universe. The problem is how do we

describe that universe without favouring one conceptual framework over another?

I introduce a third silo into the framework: the reference silo. The reference silo is currently theoretical

and artefacts within it an ideal. In this silo there is a reference concept level, a reference language level,

a reference schema level and a reference instance level. Each level provides artefacts for the description

of some aspect of a universe of discourse. This description does not need to be perfect, but as a

minimum it must be a superset of those semantics and structures that may be described using object

and relational artefacts.

Entity

ObjectSchema

RelationalSchema

Identity independent of

attributes

Identity based on value of a

tuple

Identity is implicit Identity is

explicitIdentify a particular

occurrence

Identity of an object Identity of a

row

Figure 3 - Exploring Identity Between Object and Relational Representations of an Entity


Page 39 of 125

Employing the reference silo I can then explore those semantics and structures of a reference

representation that are captured in an object and a relational representation. Each representation is

shown as a set in a Venn diagram (e.g. Figure 3) where, depending on the level of the framework, a

set may contain conceptual building blocks, language structures, design representations or data formats.

In Figure 3 I provide one example that shows that there is little in common between object and

relational representations of identity at the language level. My argument is that only those semantics

and structures that are equivalent i.e. they are captured in both representations, can form part of a no-

loss transformation between object and relational representations. It follows that current pattern

strategies to map identity between object and relational representations (e.g. Blaha [10], p420, Keller

[2], p21 and Fowler, in Ambler [11], p285), are at best misguided.

The work on equivalence will enhance my process (Figure 2) and provide a more robust approach to

exploring individual ORIM problems and ORM strategies. I expect that this will also open up new

avenues for research into the nature and development of the reference silo.

Remaining Work

I have provided a convincing and published body of evidence to support my claims for the framework.

The work on equivalence provides the final piece of work for my thesis and will open up new avenues

for future research. The work on equivalence necessary for my Thesis will be complete by the summer

of 2010. If time permits I would like to publish the work on equivalence before submitting my Thesis

in the summer of 2011.

References

1. Ireland, C., Bowers, D., Newton, M., Waugh, K.: A Classification of Object-Relational Impedance Mismatch. In: Chen, Q., Cuzzocrea, A., Hara, T., Hunt, E., Popescu, M. (eds.): The First International Conference on Advances in Databases, Knowledge and Data Applications, Vol. 1. IEEE Computer Society, Cancun, Mexico (2009) p36-43

2. Keller, W.: Mapping Objects to Tables: A Pattern Language. In: Bushman, F., Riehle, D. (eds.): European Conference on Pattern Languages of Programming Conference (EuroPLoP), Irsee, Germany (1997)

3. Ambler, S.: Mapping Objects to Relational Databases: O/R Mapping In Detail. (2006) 4. Hohenstein, U.: Bridging the Gap between C++ and Relational Databases. In: Cointe, P. (ed.): European

Conference on Object-Oriented Programming, Vol. Lecture Noted on Computer Science 1098. Springer-Verlag, Berlin (1996) 398-420

5. Ireland, C., Bowers, D., Newton, M., Waugh, K.: Understanding Object-Relational Mapping: A Framework Based Approach. International Journal On Advances in Software 2 (2009)

6. Fussell, M.L.: Foundations of Object Relational Mapping. Vol. 2007. ChiMu Corporation (1997) 7. Eisenberg, A., Melton, J.: SQL: 1999, formerly known as SQL3. SIGMOD Record 28 (1999) 119-126 8. Ireland, C., Bowers, D., Newton, M., Waugh, K.: Exploring the use of Mixed Abstractions in SQL:1999 - A

Framework Based Approach. In: Chen, Q., Cuzzocrea, A., Hara, T., Hunt, E., Popescu, M. (eds.): The Second International Conference on Advances in Databases, Knowledge and Data Applications, Vol. 1. IEEE Computer Society, Les Menuires, France (2010) TBA

9. Griethuysen, J.J.v. (ed.): Concepts and Terminology for the Conceptual Schema and the Information Base. ISO, New York (1982)

10. Blaha, M.R., Premerlani, W.J., Rumbaugh, J.E.: Relational database design using an object-oriented methodology. Communications of the ACM 31 (1988) 414-427

11. Ambler, S.W.: Agile Database Techniques - Effective Strategies for the Agile Software Developer. Wiley (2003)


Page 40 of 125

“Privacy-Shake”, a Haptic Interface for Managing Privacy

Settings in Mobile Location Sharing Applications.

Lukasz Jedrzejczyk

[email protected]

Supervisors Arosha Bandara

Bashar Nuseibeh

Blaine Price

Department/Institute Computing Dept.

Status Fulltime


Starting date June 2008

Abstract I describe the “Privacy-Shake”, a novel interface for managing coarse grained privacy

settings. I built a prototype that enables users of Buddy Tracker, an example location

sharing application, to change their privacy preferences by shaking their phone. Users

can enable or disable location sharing and change the level of granularity of disclosed

location by shaking and sweeping their phone. In this poster I present and motivate

my work on Privacy-Shake and report on a lab-based evaluation of the interface with

16 participants.

1. INTRODUCTION The proliferation of location sharing applications raises several concerns related to

personal privacy. Some solutions involving location privacy policies have been

suggested (e.g., [1]). However, prior research shows that end-users have difficulties in

expressing and setting their privacy preferences [2,3]. Setting privacy rules is a time-

consuming process, which many people are unwilling to do until their privacy is

violated. Moreover, privacy preferences vary across the context, and it is hard to

define privacy policy that reflects the dynamic nature of our lives. I see this as a

strong motivation to design interfaces that help users update their privacy settings as a

consequence of their daily tasks within the system. The underlying requirement of my

interface is to provide an efficient, heads-up interface for managing location privacy

that does not overwhelm the configuration over action [4].

In order to fulfil this requirement I developed the Privacy-Shake, a haptic interface [5]

supporting ad-hoc privacy management. To evaluate the Privacy-Shake interface I

conducted a lab-based study to examine its effectiveness and explore users‟ reactions

to that technology. I also evaluated several usability aspects of Privacy-Shake and

compared its performance against graphical user interface. My study confirmed the

potential of haptic interfaces for performing simple privacy tasks and showed that

Privacy-Shake can be faster than the GUI. However, my subjective results suggest

further work on improving the interface, such as support for individual calibration and

personalized gestures for better efficiency.


Page 41 of 125

2. THE PRIVACY-SHAKE SYSTEM The current prototype of Privacy-Shake is developed in Java and works on Android

powered mobile devices. It uses the built in accelerometer to monitor the current

position of the device. The application works in a background to save time needed for

switching the phone on.

The current prototype supports the following settings: visibility (user can

enable/disable location sharing) and granularity (changing the level of granularity of

disclosed location from exact location to city level location).

2.1 Haptic interaction Due to the dynamic nature of the mobile device, every action has to be initiated by a

dynamic, vertical shake. This is required to distinguish the action from the noise

generated by user‟s daily movements, e.g. walking, jogging, using a lift. As the

system recognizes the movement, vibrational feedback is provided to confirm that the

system is ready. Once the system is initiated, a user can change privacy settings by

performing one of the following actions:

• Vertical movement enables location sharing (Figure 1a),

• Horizontal movement (left and right) disables location sharing (Figure 1b),

• By moving the phone forward, a user can change the granularity of disclosed

location to the city level (Figure 1c),

• User instructs the system to share exact location by approximating the phone

to his body (Figure 1d).

Successful action is confirmed by short vibration (the length depends on the action)

and optional auditory message (e.g. natural language message “Anyone can see you”)

when the user enables location sharing.

Figure 1. Privacy-Shake in action. Arrows present the direction of movement

that triggers a privacy-management task.

3. In lab evaluation I conducted a lab-based trial of Privacy-Shake interface to evaluate the usability of the

interface and examine both the potential and vulnerabilities of the current prototype.

3.1 Method I recruited 16 participants aged from 23 to 45 for the study, 8 women and 8 men.

Most of them had prior experience with motion-capture interaction, mainly from

playing the Nintendo Wii. Eleven participants were graduate students, 4 were

recruited from the university‟s stuff and the remaining user was recruited outside the

university. Participants were asked to complete the following privacy management

tasks using Privacy-Shake (results presented in Figure 2):

T1. Enable location sharing,

T2. Disable location sharing,


Page 42 of 125

T3. Change the granularity of disclosed location to (a) exact location (building

level), (b) city level,

T4. Disable location sharing using the GUI.

The following measures were recorded:

Time to performing a task – from the time when user started the initiation

movement to the vibration confirming the action,

Number of successfully completed tasks,

Time of disabling location sharing using the GUI.

Participants took part in the study individually, at the beginning of each session I

introduced the Privacy-Shake concept and the purpose of the study. Users were

presented a short demo of the system and were given a chance to play with the

interface prior to performing four privacy management tasks using Privacy-Shake.

Each participant had three attempts to perform each task. At the end of each session I

asked participants to complete a questionnaire to rate the Privacy-Shake.

3.2 Results Twelve participants reported that learning how to use the Privacy-Shake was easy (2

users reported that it was difficult), 12 of them said that it is also easy to remember

how to use it, as the interaction is simple and intuitive. However, 4 users said that

they would not like to use it due to the awkwardness of the interface and potential

harm it may cause, e.g. accidentally pushing people in a crowded bus.

Figure 2. Bar chart presents the percentage of successfully completed tasks

(efficiency) during the study.

Four participants reported that using Privacy-Shake was annoying and six of them

said that it caused frustration, which is related to the problems their experienced with

the interface. Only five users managed to successfully complete each privacy

management task using Privacy-Shake. Three users could not disable their location

sharing and nine users had problems changing the granularity of disclosed location.

The biggest difficulty users experienced was with task 3b, only three users

successfully completed the task three times. More than a half of all attempts to

perform this task were unsuccessful (58%). Only task T1 was successfully completed

by all users, thirteen participants disabled location sharing using Privacy-Shake and

ten of them successfully changed the granularity of location to city level. Two users

successfully completed 11 of 12 attempts, which was the best result during the study.


Page 43 of 125

58% of all attempts were successful. I observed that females performed slightly better

at using Privacy-Shake with 64% efficiency versus 53% for males.

4. CONCLUSIONS AND FUTURE WORK I presented the concept and initial results of the evaluation of Privacy-Shake, a novel

interface for „heads-up‟ privacy management. The chosen demographic was not broad,

but the study helped me identify both social and technical issues related to the

interface. One of the main issues I found were lack of individual calibration and

support for more discreet movements, which highlights the future research agenda for

my work on Privacy-Shake. Though the actual efficiency is not ideal, the comparison

between the mean time of performing tasks T2 (6 seconds) and T4 (18 seconds)

shows that haptic interface can be successfully used to perform some basic privacy

management tasks faster than the traditional GUI. The Privacy-Shake concept

received a positive feedback, which encourages me to continue the work on

improving the interface and enhancing the user experience. Further work is also

needed to extend the functionality of Privacy-Shake by implementing new gestures

for managing group settings or expressing more fine-grained preferences.

5. REFERENCES [1] G. Myles, A. Friday, and N. Davies, “Preserving Privacy in Environments

with Location-Based Applications,” IEEE Pervasive Computing, vol. 2, 2003, pp. 56-

64.

[2] L.F. Cranor and S. Garfinkel, Security and usability: designing secure systems

that people can use, O'Reilly Media, Inc., 2005.

[3] N. Sadeh, J. Hong, L. Cranor, I. Fette, P. Kelley, M. Prabaker, and J. Rao,

“Understanding and capturing people‟s privacy policies in a people finder

application,” The Journal of Personal and Ubiquitous Computing, vol. 13, Aug. 2009,

pp. 401-412.

[4] S. Lederer, I. Hong, K. Dey, and A. Landay, “Personal privacy through

understanding and action: five pitfalls for designers,” Personal Ubiquitous Computing,

vol. 8, 2004, pp. 440-454.

[5] S. Robinson, P. Eslambolchilar, and M. Jones, “Sweep-Shake: finding digital

resources in physical environments,” Proc. of Mobile HCI'09, ACM, 2009, p.12.


Page 44 of 125

Designing a Climate Change Game for Interactive Tabletops

Stefan Kreitmayer [email protected]

Supervisors Dr. Robin Laney Department/Institute Computing Status Visiting Research Student Probation viva n.a. Starting date February – June 2010 During my 4 months visiting studentship I am developing a game that utilises the affordances of multi-user interaction with tabletop surfaces for a persuasive goal. Players' beliefs about some of the risks of man-made global climate destabilisation should be influenced in a way that supports more responsible behaviour. Persuasive games for personal computers are widespread in practice[1][2], and there is abundant literature suggesting theoretical frameworks and design guidelines[3]. Similarly, designing applications for interactive tabletops is an active field of research. However, there are currently not many persuasive games for interactive tabletops, and emerging design issues have not been fully addressed in the literature. With a growing awareness of the persuasive potential of computer games, and interactive tabletops becoming increasingly affordable, it is to be expected that more game designers will address this medium in the near future. Beyond usability questions, designers will face questions resulting from contradicting paradigms. While the affordances of tabletops to support multi-user collaboration are permanently highlighted[4], the computer game area is only just emerging out of a long tradition of single-user and competitive gameplay[5]. Currently the vast majority of persuasive games are designed for browsers and mobile phones, aimed at single users. Fogg[6] explains fundamental differences in the way persuasion works in single user interaction as opposed to group interaction, and this can be incorporated into design for tabletops. This research aims to contribute towards understanding some of the apparent points of friction between two media and two areas of research. With this in mind, my research question can be summarised as follows: Do players perceive a game's moral message differently depending on whether they engage in collaborative, cooperative, or competitive gameplay? As the single message of the game, I chose out of the vast climate change discourse a fact which is commonly accepted to be true, can be easily conveyed to a broad audience in a small amount of time, but at the same time is not over-advertised in the media. The message is as follows: Architectural designs with most of the window area facing the sun help to save heating energy, thereby supporting CO2 mitigation and lowering the risk of climate change effects.


Page 45 of 125

I am planning to develop three versions of the tabletop game which all share the same interface, aesthetic, mechanics, and message. Differences should focus on the supported gameplay: collaborative, cooperative, or competitive respectively. Here we define the three concepts according to [5]: Collaborative gameplay implies that goals, rewards, and penalties are shared among players. Cooperative gameplay differs in that each player eventually wants to reach their individual goal and reward, but they may occasionally choose to collaborate, if the collaboration supports their individual goal. Competitive gameplay means that “the goals of the players are diametrically opposed” [5]. For the sake of simplicity all three versions of the game are designed for two players. A quantitative user study will be conducted to assess the different impacts on players' opinions, depending on which version of the game they have played. Experiments could take place in a public space or in the laboratory. I am planning an experiment with 30 pairs of players, divided into 3 balanced groups, each group engaging with a different type of gameplay: 10 pairs play the collaborative game, 10 pairs play the cooperative game, and 10 pairs play the competitive game. Before and after playing, players should answer questionnaires similar in content to those in the American Climate Values Survey[7]. Using a Likert scale, results can be analysed quantitatively. For more qualitative results, a second experiment could be done with the same participants at the same place and time. After a pair has played their game and completed the questionnaires, they are invited to play the other games as well and give statements about their impressions of whether and how their opinions have changed in relation to different types of gameplay. References: [1] http://persuasivegames.com/ [2] http://www.valuesatplay.org/ [3] I. Bogost. Persuasive Games: The Expressive Power of Videogames. MIT Press, 2007 [4] E. Hornecker, P. Marshall, N. Dalton, Y. Rogers. Collaboration and interference: Awareness with mice or touch input. In: Proceedings of the ACM 2008 conference on Computer supported cooperative work, 8-12 Nov 2008, San Diego, CA, USA. [5] J. P. Zagal, J. Rick, I. Hsi. Collaborative games: Lessons learned from board games. SIMULATION & GAMING, Vol. 37 No. 1, March 2006 24-40. Sage Publications [6] B. J. Fogg. Persuasive Technology: Using Computers to Change What We Think and Do. Morgan Kaufmann, 2003 [7] ECOAMERICA.NET. The American Climate Values Survey. Available at http://www.ecoamerica.org/docs/ecoAmerica_ACVS_Summary.pdf Last Accessed 26 Mar 2010.


Page 46 of 125

REASONING ABOUT FLAWS IN SOFTWARE DESIGN:DIAGNOSIS AND RECOVERY

TAMARA LOPEZ

[email protected]

Supervisors Marian Petre, Charles Haley and Bashar NuseibehDepartment Computing

Status Full-timeProbation Viva Before

Starting Date February 2010

Since its diagnosis at the 1960’s NATO conferences as one of the key problems in

computing[1, 2], the provision of reliable software has been a core theme in software

engineering research. One strand of this research analyzes software that fails, while

a second develops and tests techniques for ensuring software success.

Despite these efforts, the threat of failure and the quest for a multivalent yet com-

prehensive ”sense” of quality[2] remain powerful drivers for research and provoca-

tive tropes in anecdotal accounts of computing[3]. However, current analytical

approaches tend to result in overly broad accounts of why software fails or in

overly narrow views about what is required to make software succeed. This sug-

gests a need for a different approach toward the study of failure that can address

the complexities of large scale ”systems-of-systems”[4, 5], while accounting for the

effects and trajectories of specific choices made within software initiatives.

To address this gap, this research asks: How does failure manifest in actual soft-

ware development practice? What constitutes a flaw, and what are the conditions

surrounding its occurrence and correction? What can adopting a situational ori-

entation tell us more generally about why some software fails and other software

succeeds?

Background

Within computing literature, failure analysis typically takes two perspectives:


Page 47 of 125

• Systemic analyses identify weak elements in complex organizational,

operational and software systems. Within these systems, individual or

multiple faults become active at a moment in time or within a clearly

bounded interval of time, and result in catastrophic or spectacular op-

erational failure[6, 7]. Alternatively, software deemed ”good enough” is

released into production with significant problems that require costly main-

tenance, redesign and redevelopment[8, 5].

• Means analyses treat smaller aspects or attributes of software engi-

neering as they contribute to the goal of creating dependable software[4].

These studies develop new or test existing techniques to strengthen all

stages of development such as requirements engineering[9], architectural

structuring[10], testing and maintenance [11] and verification and validation[12].

Systemic analyses produce case studies and often do not conclude with specific,

precise reasons for failure. Instead they retrospectively identify the system or sub-

system that failed, and provide general recommendations for improvement going

forward. Even when they do isolate weaknesses in the processes of software creation

or in particular software components, they do not produce general frameworks or

models that can be extended to improve software engineering practice.

Means analyses employ a range of methods including statistical, program analy-

sis, case study development, formal mathematical modeling and systems analysis.

Frequently, they examine a single part of the development process, with a corre-

sponding focus on achieving a single dependability mean[4]. The studies are often

experimental, applying a set of controlled techniques to existing bodies of soft-

ware in an effort to prove, verify and validate that software meets a quantifiable,

pre-determined degree of ”correctness”.

Methodology

This research will produce an analysis of the phenomenon of failure that lies some-

where between the broad, behavioral parameters of systemic analyses and the

narrowly focused goals of means analyses. To do this, it will draw upon recent

software engineering research that combines the socially oriented qualitative ap-

proaches of computer supported cooperative work(CSCW) with existing software


Page 48 of 125

analysis techniques to provide new understandings of longstanding problems in

software engineering. In one such group of studies, de Souza and collaborators

have expanded the notion of dependency beyond its technical emphasis on the

ways in which software components rely on one another, demonstrating that hu-

man and organizational factors are also coupled to and expressed within software

source code[14, 15]. In a study published in 2009, Aranda and Venolia made a case

for developing rich bug histories using qualitative analyses in order to reveal the

complex interdependencies of social, organizational and technical knowledge that

influence and inform software maintenance[16].

In the manner of this and other cooperative and human aspects of software en-

gineering(CHASE) work, the research described here will apply a combination of

analytic and qualitative methods to examine the role of failure in the software

development process as it unfolds. Studies will be designed to allow for analysis

and examination of flaws within a heterogeneous artifact universe, with particu-

lar emphasis given to the interconnections between technical workers and artifacts.

Ethnographically informed techniques will be used to deepen understanding about

how the selected environments operate, and about how notions of failure and re-

covery operate within the development processes under investigation.

References

[1] P. Naur and B. Randell, “Software engineering: Report on a conference sponsored by the

NATO Science Committee Garmisch, Germany, 7th to 11th October 1968,” NATO Science

Committee, Scientific Affairs Division NATO Brussels 39 Belgium, Tech. Rep., January

1969. [Online]. Available: http://homepages.cs.ncl.ac.uk/brian.randell/NATO/

[2] J. Buxton and B. Randell, “Software engineering techniques: Report on a conference

sponsored by the NATO Science Committee Rome, Italy, 27th to 31st October 1969,” NATO

Science Committee, Scientific Affairs Division NATO Brussels 39 Belgium, Tech. Rep.,

April 1970 1970. [Online]. Available: http://homepages.cs.ncl.ac.uk/brian.randell/NATO/

[3] R. Charette, “Why software fails,” IEEE Spectrum, vol. 42, no. 9, pp. 42–49, 2005.

[4] B. Randell, “Dependability-A unifying concept,” in Proceedings of the Conference on Com-

puter Security, Dependability, and Assurance: From Needs to Solutions. IEEE Computer

Society Washington, DC, USA, 1998.

[5] ——, “A computer scientist’s reactions to NPfIT,” Journal of Information Technology,

vol. 22, no. 3, pp. 222–234, 2007.


Page 49 of 125

[6] N. G. Leveson and C. S. Turner, “Investigation of the Therac-25 accidents,” IEEE Computer,

vol. 26, no. 7, pp. 18–41, 1993.

[7] B. Nuseibeh, “Ariane 5: Who dunnit?” IEEE Software, vol. 14, pp. 15–16, 1997.

[8] D. Ince, “Victoria Climbie, Baby P and the technological shackling of British childrens social

work,” Open University, Tech. Rep. 2010/01, 2010.

[9] T. Thein Than, M. Jackson, R. Laney, B. Nuseibeh, and Y. Yu, “Are your lights off? Using

problem frames to diagnose system failures,” Requirements Engineering, IEEE International

Conference on, vol. 0, pp. v–ix, 2009.

[10] H. Sozer, B. Tekinerdogan, and M. Aksit, “FLORA: A framework for decomposing software

architecture to introduce local recovery,” Software: Practice and Experience, vol. 39, no. 10,

pp. 869–889, 2009. [Online]. Available: http://dx.doi.org/10.1002/spe.916

[11] F.-Z. Zou, “A change-point perspective on the software failure process,” Software

Testing, Verification and Reliability, vol. 13, no. 2, pp. 85–93, 2003. [Online]. Available:

http://dx.doi.org/10.1002/stvr.268

[12] A. Bertolino and L. Strigini, “Assessing the risk due to software faults: Estimates of

failure rate versus evidence of perfection,” Software Testing, Verification and Reliability,

vol. 8, no. 3, pp. 155–166, 1998. [Online]. Available: http://dx.doi.org/10.1002/(SICI)1099-

1689(1998090)8:3¡155::AID-STVR163¿3.0.CO;2-B

[13] Y. Dittrich, D. W. Randall, and J. Singer, “Software engineering as cooperative work,”

Computer Supported Cooperative Work, vol. 18, no. 5-6, pp. 393–399, 2009.

[14] C. R. B. de Souza, D. Redmiles, L.-T. Cheng, D. Millen, and J. Patterson, “Sometimes

you need to see through walls: A field study of application programming interfaces,” in

CSCW ’04: Proceedings of the 2004 ACM conference on Computer supported cooperative

work. New York, NY, USA: ACM, 2004, pp. 63–71.

[15] C. de Souza, J. Froehlich, and P. Dourish, “Seeking the source: Software source code as a

social and technical artifact,” in GROUP ’05: Proceedings of the 2005 international ACM

SIGGROUP conference on Supporting group work. New York, NY, USA: ACM, 2005, pp.

197–206.

[16] J. Aranda and G. Venolia, “The secret life of bugs: Going past the errors and omissions in

software repositories,” in Proceedings of the 2009 IEEE 31st International Conference on

Software Engineering. IEEE Computer Society, 2009, pp. 298–308.


Page 50 of 125

Presupposition Analysis in Requirements

Lin Ma

[email protected] Supervisors Prof. Bashar Nuseibeh

Prof. Anne De Roeck Dr. Paul Piwek Dr. Alistair Willis

Department/Institute Department of Computing Status Fulltime Probation viva After Starting date 1-Feb-2009 Motivation Natural language is the most commonly used representation language in requirements engineering [1]. However, compared with formal logics, natural language is inherently ambiguous and lacks a formal semantics [2]. Communicating requirements perfectly through natural language is thus not easy. Examining the linguistic phenomena in natural language requirements can help with decoding what a person means in communication. This method was originally used in psychotherapy and then adopted in requirements engineering [3]. Presupposition is one of these linguistic phenomena. It simplifies communication by pointing to references to bits of knowledge that are taken for granted by the document writer. In requirements engineering, however, we must know exactly what information we’ve lost by simplification, or we run the risk of a misunderstanding. For instance, the requirement (1) Accessibility in the experimental hall is required for changing the piggy board

where the device will be mounted. commits the reader to the presuppositions that there is an experimental hall, there is a piggy board and there is a device. These types of implicit commitments might be misinterpreted or overlooked due to different background knowledge in the other stakeholder’s domain. More precisely, for instance, concerning the presupposition that there is a piggy board in example (1), the reader of this requirement may know a piggy board A and choose to believe A is the thing that the document writer is writing about. However, the document writer may mean piggy board B or just any new piggy board. In this research, we propose to use natural language processing techniques for automatically detecting such implicit commitments in requirements documents, and identifying which of those are not made explicit. Background Presuppositions are triggered by certain types of syntactic structures – presupposition triggers [4]. Therefore, presuppositions can be found by identifying the triggers in the


Page 51 of 125

text. The presupposition trigger types can be divided into two general classes – definite descriptions (noun phrases starting with determiners such as the piggy board in example (1)) and other trigger types (for example, cleft - It + be + noun + subordinate clause, stressed constituents - words in italic in texts). Definite descriptions differ from other trigger types because they occur very frequently in all styles of natural language [5], are easy to retrieve (because of their distinct structure with the determiner the) and they often have possible referential relations with earlier text [6]. We hence focus on presuppositions triggered by definite descriptions in this research. One major problem in the study of presupposition is presupposition projection. An elementary presupposition is a presupposition of part of an utterance. Presupposition projection, as the name suggests, is the study of whether an elementary presupposition is a presupposition of the whole utterance (termed as actual presupposition). Here two examples are given for distinct scenarios in requirements, one where an elementary presupposition projects out and one where it does not: (2) a. If funds are inadequate, the system will notify…. b. If there is a system, the system will notify… Intuitively, when a reader accepts utterance (2b), he/she does not take the presupposition that there is a system for granted. The elementary presupposition that there is a system in the consequent of the conditional somehow does not project. The same elementary presupposition that there is a system nevertheless projects out in example (2a), which signals to the reader that the document writer takes for granted that there is a system. Methodology The Binding Theory [7] of presupposition is a widely accepted formal framework for modelling presupposition, in which presupposition is viewed as anaphora (anaphora are expressions, such as a pronoun, which depends for its interpretation on a preceding expression, i.e., an antecedent). Presupposition projection is treated as looking for a path to an earlier part of the discourse which hosts an antecedent that can bind the presupposition. Whenever an antecedent is found in the discourse, the presupposition is bound, and thus does not project out. Therefore, according to the Binding Theory, the actual presuppositions in a discourse are those which do not have any antecedent existing earlier in the discourse. We adopt this view as the theoretical ground. [8] presents an automated approach for classifying definite descriptions. This approach is compatible with the Binding Theory. It classifies definite descriptions as:

Discourse new: those that are independent from previous discourse elements for the description interpretation (according to the Binding Theory, discourse new definite descriptions introduce actual presuppositions with respect to a discourse, because they do not have any antecedent);


Page 52 of 125

Anaphoric: those that have co-referential1 (co-reference is defined as multiple expressions in a sentence or document have the same referent) antecedents in the previous discourse;

Bridging [9]: those that either (i) have an antecedent denoting the same discourse

entity, but using a different head noun (e.g. a house . . . the building), or (ii) are related by a relation other than identity to an entity already introduced in the discourse (e.g. the partial relation between memory…the buffer).

Given example (3), “the experimental hall” has an antecedent in the previous sentence – “an experiment hall”, so it will be classified as anaphoric. If we somehow have the knowledge that a piggy board is a small circuit board mounted on a larger board, “the piggy board” is a bridging definite description referring to part of “PAD boards”. Finally, “the device” is a discourse new definite description which triggers the actual presupposition that there is a device with respect to the discourse. (3) An experimental hall shall be built….

PAD boards shall be used…. Accessibility in the experimental hall is required for changing the piggy board where the device will be mounted.

In [8], the authors used a set of heuristics based on an empirical study of definite descriptions [6] for performing the classification task. The heuristics include, for example:

For discourse new definite descriptions: one of the heuristics is to examine a list of special predicates (e.g. fact). If the head noun of the definite description appears in the list, it is classified as discourse new.

For anaphoric definite descriptions: matching the head noun and modifiers with earlier noun phrases. If there is a matching, it is classified as anaphoric. For example, An experimental hall…the experimental hall.

For bridging: one of the heuristics is to use WordNet [10] for identifying relations between head nouns with earlier noun phrases. If there is a relation, such as a part-of relation, it is classified as bridging. For example, PAD boards…the piggy board.

However, as stated by the authors of [8], this approach is insufficient to deal with complex definite descriptions with modifiers and lacks a good knowledge base to resolve the bridging definite descriptions (WordNet performed really poor in this case). In my research, we will further develop this approach and implement a software system that is able to analyze the projection behavior of presuppositions triggered by definite descriptions in requirements documents. The development focus is on analyzing modifiers of definite descriptions and making use of external knowledge sources (such as ontologies built upon Wikipedia [11]) for resolving bridging definite descriptions. Especially for bridging definite descriptions, if the relation can be 1 In a strict sense, the concept of anaphora is different from co-reference because the former requires the meaning of its antecedents to interpret, but the latter do not. Here they are used as synonymies as multiple expressions in a sentence or document have the same referent.


Page 53 of 125

identified in the knowledge base, it will help with making a choice between creating a new discourse entity or picking up an existing antecedent. As a result, the actual presuppositions (the discourse new definite descriptions) can be identified. The system will be evaluated through existing corpora with annotated noun phrases, such as the GNOME corpus [12]. We will also manually annotate several requirements documents and perform the evaluation on the annotation results. References [1] L. Mich and R. Garigliano, “NL-OOPS: A requirements analysis tool based on

natural language processing,” Proceedings of the 3rd International Conference on Data Mining Methods and Databases for Engineering,, Bologna, Italy: 2002.

[2] V. Gervasi and D. Zowghi, “Reasoning about inconsistencies in natural language requirements,” ACM Transactions on Software Engineering and Methodology (TOSEM), vol. 14, 2005, pp. 277–330.

[3] R. Goetz and C. Rupp, “Psychotherapy for system requirements,” Cognitive Informatics, 2003. Proceedings. The Second IEEE International Conference on, 2003, pp. 75–80.

[4] S.C. Levinson, Pragmatics, Cambridge, UK: Cambridge University Press, 2000. [5] J. Spenader, “Presuppositions in Spoken Discourse,” Phd. Thesis, Department of

Linguistics Stockholm University, 2002. [6] M. Poesio and R. Vieira, “A corpus-based investigation of definite description

use,” Computational Linguistics, vol. 24, 1998, pp. 183–216. [7] R.A. Van der Sandt and B. Geurts, “Presupposition, anaphora, and lexical

content,” Text Understanding in LILOG, O. Herzog and C. Rollinger, Eds., Springer, 1991, pp. 259-296.

[8] R. Vieira and M. Poesio, “An empirically based system for processing definite descriptions,” Computational Linguistics, vol. 26, 2000, pp. 539–593.

[9] H.H. Clark, “Bridging,” Thinking, 1977, pp. 411–420. [10] C. Fellbaum, WordNet: An Electronic Lexical Database, Cambridge, MA: MIT

press, 1998. [11] M.C. Müller, M. Mieskes, and M. Strube, “Knowledge Sources for Bridging

Resolution in Multi-Party Dialog,” Proceedings of the 6th International Conference on Language Resources and Evaluation, Marrakech, Morocco: 2008.

[12] M. Poesio, “Annotating a corpus to develop and evaluate discourse entity realization algorithms: issues and preliminary results,” Proc. of the 2nd LREC, 2000, pp. 211–218.


Page 54 of 125

Merging Verifiable and Evolving Access Control Properties

Lionel [email protected]

Supervisors Dr Charles B. Haley, [email protected] Yijun Yu, [email protected]

Department ComputingStatus Full-timeProbation viva not passedStarting date October 2009

1 Introduction

Recent years have seen a strong advance in formal methods for security [Jur05]. Many successhave been obtained: many security protocols have been proved to be flawed, and many others tobe correct in a precise sense delimiting exactly their applicability.

UMLsec is an extension of UML that allows developers to waive security aspects into a standardUML model. The UMLsec tool [Jur04] allows them to check that their models satisfy the securityproperties they want to enforce.

Yet, the growing demand to evolve systems continuously raises new questions and new researchopportunities. Not only is it necessary to make sure that a system meets security requirements,but it is also crucial to make sure that those requirements are still met by the system on eachstep of its constant evolution. Hence, it is necessary to develop processes and tools that help thedevelopers ensuring lifelong compliance to security, privacy or dependability requirements.

Specifically, access control plays an important role in protecting assets from unauthorised access.Several access control models, like Role-Based Access Control (RBAC) [SFK00] or Organization-Based Access Control (OrBAC) [ABB+03] have been defined to help administrators grant permis-sions to users in an easy and scalable way, while allowing permission changes to be easily made.With complex software, maintaining a sound access control infrastructure and ensuring propertieslike separation of duty can become a challenge. Processes and tools that can verify such propertiesagainst a given model as well as all of its evolutions are necessary to increase confidence in one’saccess control infrastructure.

2 Verification of Access Control properties in UMLsec

The verification process we propose is made of three different parts: first, we want to extendthe existing RBAC specification in UMLsec to allow one to specify more complex access controlproperties. Then, we want to verify that a given model actually enforces the UMLsec accesscontrol specification. Finally, we generate code that conforms to the access control property thathas previously been defined and verified.


Page 55 of 125

2.1 Extending the UMLsec specification of RBAC

UMLsec includes a set of properties to specify RBAC permissions, using the RBAC stereotype onan Activity diagram [Jur05]. However, it supports only a limited subset of the RBAC standard.We want to develop it to include other levels of RBAC standard compliance, as well as othersimilar access control models, like OrBAC. We also want to model authentication procedures usingUMLsec, and to allow one to automatically integrate the UMLsec property into other diagrams,like class diagrams and sequence diagrams, once the initial property has been defined on one orseveral activity diagrams.

Other approaches have been proposed to model RBAC permissions on UML models, like Se-cureUML [LBD02]. SecureUML differs from UMLsec as it focuses on RBAC only. The way RBACproperties are represented is also different: instead of using stereotypes and tagged values to an-notate the model, the SecureUML approach adds classes to a class diagram to describe users,roles and permissions, and uses OCL [OMG10] to describe additional constraints. access controldirectives, like EJB configuration files, can also be generated from a SecureUML model.

2.2 Verifying a UMLsec property

Once the UMLsec property has been defined, we want to make sure that the model actuallyenforces it. Not only do we want to make sure that the model doesn’t allow a user to performan operation s/he’s not authorised to perform, but we also want to make sure that rules likeSeparation of Duty are actually enforced. Verification of the enforcement of the access controldefinition by the model already exists for the current UMLsec RBAC property, but is limited toactivity diagrams. With the extended access control model that we propose come new challengesto verify the suitability of the model. Not only will we have to verify new properties on the activitydiagram, but we will also have to verify the other diagrams of the model that may contain accesscontrol rules: class diagrams, sequence diagrams, . . .Since the access control definition might be spread over several diagrams, we will also have toverify that it doesn’t contain any contradiction.

2.3 Code generation from a UMLsec specification

Once access control permissions have been defined for a model using UMLsec, we want togenerate code that actually enforces those. We compared two different code generation approachesfrom the existing RBAC UMLsec property. The first one produces Object-Oriented code, while thesecond one produces Aspect-Oriented code [IKL+97] to enforce the access control permissions,together with Object-Oriented code for the functional code. It seems that the second solutionprovides a better implementation, since the access control enforcement code is clearly separatedfrom the functional code. It also makes further changes to the code easier to perform, and makesthe traceability between the code and the UMLsec access control property easier to maintain.Moreover, the current implementation only generates code for the JAAS framework [jaa01]. Wewould like to offer the possibility to generate code for other frameworks as well.

3 Merging conflicting access control properties

An interesting case of evolution of a software system is merging conflicting access control prop-erties. A example might be two companies merging, each running its own software with its ownaccess control properties. Rationalising the new company’s information system will imply usingonly one system, with only one access control property.

We want to propose a framework, based on UMLsec, to allow one to merge several access controlproperties on a given model. Conflicting definition of roles are likely to arise, as well as conflicting


Page 56 of 125

Figure 1: Merging access control properties

constraints and assignations. We want to give developers the opportunity to identify possibleconflicts.

Assuming that we have two different access control properties defined using UMLsec on thesame model. If we can verify that the model enforces both definitions individually, then we wantto merge those two definitions, raise possible conflicts to the user, and, once those conflicts havebeen resolved, the resulting access control will also be enforced by the model. This process isdescribed in figure 1.

References

[ABB+03] A. Abou El Kalam, R. El Baida, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte,A. Miege, C. Saurel, and G. Trouessin. Organization Based Access Control, June 2003.

[IKL+97] John Irwin, Gregor Kiczales, John Lamping, Jean-Marc Loingtier, Chris Maeda,Anurag Mendhekar, and Cristina Videira Lopes. Aspect-oriented programming. pro-ceedings of the European Conference on Object-Oriented Programming (ECOOP), June1997.

[jaa01] Jaas tutorials, 2001. http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/ tutori-als/index.html (Last accessed September 2009).

[Jur04] Jan Jurjens. Umlsec tool, 2004. Published athttp://mcs.open.ac.uk/jj2924/umlsectool/index.html (Accessed Sept. 2008).

[Jur05] Jan Jurjens. Secure Systems Development with UML. Springer-Verlag, 2005.

[LBD02] Torsten Lodderstedt, David Basin, and Jurgen Doser. Secureuml: A uml-based mod-eling language for model-driven security, 2002.

[OMG10] OMG. Object constraint language (ocl) 2.2, February 2010.http://www.omg.org/spec/OCL/2.2/ (last accessed May 2010).

[SFK00] R. Sandhu, D. Ferraiolo, and R. Kuhn. The NIST model for role-based access control:towards a unified standard. In Proceedings of the fifth ACM workshop on Role-basedaccess control, pages 47–63, 2000.


Page 57 of 125

Effective Tutoring with Affective Embodied Conversational Agents

Sharon Moyo [email protected]

Supervisors Dr Paul Piwek

Dr Neil Smith Department/Institute Computing Status Part‐time Probation viva After Starting date Oct 2007 This natural language generation project aims to investigate the impact of affect expression using embodied conversational agents (ECAs) in computer‐based learning environments. Based on the idea that there is a link between emotions and learning, we are developing an affect expression strategy. We will implement the strategy within a tutoring system in two domains: Information Technology (IT) and Business Studies. Current research has not firmly established the impact of affect expression strategies within tutorial feedback which supports learners in computer‐based learning environments [1]. Our approach is to provide affective support through empathy. Empathy is described as expressing emotion that is based on another’s situation (target) and not merely one’s own [2]. An individual can show: parallel empathy that mirrors the target’s emotion; or reactive empathy that might be different to the target’s emotion [2]. The empathic tutor interventions will be designed to support positive emotions [3] and reduce negative learner emotions [4] using a range of verbal and non‐verbal (or multimodal) interventions. These interventions will be combined with corrective and meta‐cognitive feedback [5] and presented to users as a hint or summary. We will conduct a series of studies. Initially, we intend to develop implement and evaluate an algorithm that generates multimodal empathic behaviours using an ECA. The experiment conditions will include multimodal channels of communication: speech vs. speech and facial expression vs. speech and gesture vs. speech, facial expression and gesture. We hypothesize that participants will identify the ECA’s expression most accurately in the condition using three channels to generate affective expressions in comparison to the other conditions.


Page 58 of 125

Additionally we aim to evaluate when and how parallel or reactive empathy can be used to best effect in learning environments. Subsequently, we will integrate the algorithm into a web‐based tutoring environment and conduct an evaluation in the domain of Business Studies. Finally, in the main study we will evaluate the empathic tutoring system in a classroom setting over several weeks in the domain of Information Technology (IT). We intend to contribute to current research by describing how an ECA can effectively express multimodal [6] empathic behaviour within computer‐based learning. More specifically, we aim to create a framework to model parallel and reactive empathy and the learning contexts where they can be used in a quiz‐based web environment. We intend to validate these results through evaluations across two domains: Information Technology and Business demonstrating that the framework can be applied to other quiz‐based learning environments. References: 1. Arroyo, I., et al. Designing Affective Support to Foster Learning, Motivation

and Attribution. in AIED 2009. 2009. Brighton, UK: IOS.

2. Davis, M., Empathy: A Social Psychological Approach. 1994, Madison, WI: Brown and Benchmark.

3. Bickmore, T. and D. Schulman, Practical approaches to comforting users with relational agents, in CHI '07 extended abstracts on Human factors in computing systems. 2007, ACM: San Jose, CA, USA.

4. Burleson, W., Affective learning companions: Strategies for empathetic agents with real‐time multimodal affective sensing to foster meta‐cognitive and meta‐affective approaches to learning, motivation, and perseverance. . 2006, Massachusetts Institute of Technology: Cambridge, MA.

5. Tan, J. and G. Biswas. The Role of Feedback in Preparation for Future Learning: A Case Study in Learning by Teaching Environments. in ITS 2006. 2006: Springer‐Verlag.

6. Cassell, J., et al. Animated Conversation: Rule‐Based Generation of Facial Expression, Gesture and Spoken Intonation for Multiple Conversational Agents. . in Siggraph 94, ACM SIGGRAPH. 1994: Addison Wesley.


Page 59 of 125

Evaluating a mobile learning environment in a home care domain Brendan Murphy [email protected] Supervisors Dr Shailey Minocha

Dr Mark Woodroffe Department/Institute Computing Status Part time Probation viva After Starting date January 2008 BACKGROUND The growth in wireless mobile infrastructure and the rise in functionality of handheld smartphones has opened up opportunities for advanced use over traditional voice and limited data management. One such opportunity is for mobile learning. There has been a great deal of debate about this subject and the term itself has proved difficult to define. Substantial amounts of research has been carried out into mobile learning in the education sector however there has been significantly less carried out relating to mobile learning in the workplace, and none concerning mobile learning in a home care1 environment. RESEARCH QUESTIONS My research project sets out to investigate the success of mobile learning in a home care domain. I am interested to discover if there is a difference in successful learning outcomes when comparing learning carried out in the classroom to that carried out in a mobile environment. Understanding the drivers that encourage home care staff to engage in mobile learning as well as the role played by technology in learning activities are also of importance. My research questions are as follows:

Is learning more successful when carried out in a situated, mobile environment, than similar learning completed in the classroom?

What processes do learners go through to achieve their learning outcomes

when using mobile technology to learn?

What conclusions can be drawn from the above to influence the development and design of mobile learning environments?

1 Home care refers to a range of services provided to the elderly and those with care needs on a regular basis. Services are commissioned by local authorities and provided by qualified home care staff working in the community.


Page 60 of 125

KEY RESEARCH Research in the home care domain has been limited to the investigation of using hand held mobile computing devices for enhanced communication and for access to back-office client care plans. In Sweden, the government provided assistant nurses (home help personnel or HHPs) with PDAs containing patient information and care visit information (scheduling). This negated the need for carers to visit administrative offices regularly to pick up work and access client information. A research project looked at the navigational aspects of the software used on the PDAs and its overall ease of use. This project focussed on implementing a user interface design that presented a large data set in an easy to navigate way and made use of tabs of related information that HHPs could easily navigate. Findings concluded that ease of use was important to the care workers as was access to integrated patient detail bringing together disparate systems into a single integrated application. The requirement to use the system to record information was less important to HHPs than the availability to view information (Scandurra, Hagglund et al. 2004). A relevant example of home care research took place in the Saskatoon District Health jurisdiction in Canada. Here, care workers operate in the same loosely-coupled way that they do in my own organisation. Loose-coupling refers to carers having variability in their work schedules, few meetings with team members and a high degree of work autonomy. A study into the communication that existed between carers drew interesting conclusions. Carers were found to consider the effort required to communicate with other team members very difficult and only did so when the need was urgent; they preferred asynchronous communication routes when communication was required (allowing them the flexibility to communicate whilst maintaining total flexibility in their schedule); due to a difficulty in synchronicity of communication, care workers were judicious and prioritised any communication that required to be carried out; and learning about other care workers was done through ‘traces’ left in shared work locations such as the homes of the elderly patients they were visiting. (Pinelle and Gutwin 2003). Findings in this study provides evidence that home carers themselves chose the best ways to communicate in a loosely-coupled work environment. These findings may influence my research project in that carers may chose to learn in the same way that this study shows they communicate, essentially making personal decisions as and when to learn and whether this learning is effective. My research project considers mobile learning, and the literature identifies models that have been applied conceptually and practically to better understand this area of learning. Two models that are of relevance to my own research are discussed briefly below. Sharples asserts that current theories of learning don’t fully take advantage of the opportunities provided in a mobile environment. The opportunity that exists to take learning from the standard classroom environment and place it in the into the learner’s own environment will make it become more personal, situated, and collaborative (Sharples, Taylor et al. 2005). The task model of mobile learning considers two superimposed layers. The semiotic layer is concerned with how the learner gains new knowledge and skills mediated by the learning environment they are in, and the


Page 61 of 125

technological layer considers how the learner engages with technology to learn. These two layers enable this model to be used in a flexible way in terms of research, as it enables focus on the tools used for learning or the success of the actual learning itself. This model also considers the socio-cultural factors of control, context and communication related to mobile learning. These are important considerations as learning is rarely a singular activity, relying on interactions with educators, technologies and other learners. Frohberg explains these factors describing the portability of mobile learning as providing the means to learn in context, which in turn presents the challenge of moderating the learning in some way (control) and communication increases the success of learning when learners/educators share and learn together (communication.) (Frohberg, Goth et al. 2009). A second relevant model is Koole and Ally’s ‘framework for the rational analysis of mobile education’ (FRAME) model which can be used to help inform a better understanding of mobile learning. This model was designed to determine the effectiveness of devices used for mobile learning as well as addressing the relationship between mobile learning, human capability to learn and social interaction in learning. The FRAME model helps researchers gain a better understanding of the complex nature of mobile learning. The model considers three aspects namely; the device; the learner; and the social aspects of mobile learning. The model asserts that convergence of these aspects can lead to better collaboration amongst learners, access to information and a better understanding of learning (Koole and Ally 2006). RESEARCH METHODOLOGY Adopting a socially constructed approach to research is important where there is a requirement to be more absorbed and involved in the research process itself. In relation to this approach, Saunders determines the importance of understanding the subjective meaning that motivates actions to fully understand the actions themselves (Saunders, Lewis et al. 2003). The home care domain is rich and complex and this makes it suited to this type of approach. Table 1 shows my summary research activities and proposed methods. Phase Research Question Methods Used ONE Is learning more successful

when carried out in a situated, mobile environment, than similar learning completed in the classroom?

Survey Direct observation User profiles/personas

TWO What processes do learners go through to achieve their learning outcomes when using mobile technology to learn?

Diary study

THREE What conclusions can be drawn from the above to influence the development and design of mobile learning environments?

Focus groups

Table 1 – proposed research methods


Page 62 of 125

FINDINGS I have carried out pilot empirical research activities with a small group of home care staff and managers. Activities included a domain analysis and a user profile. The aim of these limited activities was to give me a more detailed understanding of the domain as well as the level of technology deployed and the success of this technology in the domain. Domain analysis The home care service in Glasgow is a complex one that provides a range of services delivered every day of the year, and for 24 hours each day. Over 3000 carers work in the service and they are supervised by 220 home care co-ordinators. On a daily basis, 10000 clients receive a service. Clients are largely elderly or are adults with physical or learning disabilities. Home care co-ordinators are generalists, each carrying out a full range of care duties. Previously, specialist co-ordinators provided medical tasks such as wound dressing, cream application and stoma care. These tasks are now carried out by all home carers. Home care co-ordinators carry out administrative duties in support of a team of 10 basic home carers though they also provide care services to a reduced number of clients on a daily basis. Organising learning in the home care service is difficult and this is principally due to the logistics of covering duty shifts and the requirement to provide continuity of care at all times for clients making it undesirable to replace carers on a regular basis. The organisational learning activities offered to home care staff are delivered from one purpose-built centre situated in the North of Glasgow. Due to capacity issues in this learning centre, only statutory learning required by monitoring authorities is offered to home care co-ordinators. User profile The home care user profile identified carers as being largely female, in their mid-40s with a basic secondary school education. Carers have limited IT ability though this was largely perceived by the carers themselves (and by the IT staff supporting them) – and with probing this was not necessarily the case with home carers showing some technical ability when using personal technologies such as MP3 players, digital TV and digital cameras. The principal reason for home carers working in the domain is their inherent desire to care for those who are elderly and vulnerable. Home carers adopt technology with relative ease and the use of new technologies at work has made them more disposed to their adoption. The role of informal technology champions when new technology is implemented is a critical one. ENDS


Page 63 of 125

REFERENCES Frohberg, D., C. Goth, et al. (2009). "Mobile learning projects - a critical analysis of the state of the art." Journal of Computer Assisted Learning(25): 307-331. Koole, M. and M. Ally (2006). Framework for the Rational Analysis of Mobile Education (FRAME) Model: Revising the ABCs of Educational Practices. Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies. Pinelle, D. and C. Gutwin (2003). Designing for Loose Coupling in Mobile Groups. GROUP '03. Sanibel Island, Florida, USA, ACM: 75-84. Saunders, M., P. Lewis, et al. (2003). Research Methods for Business Students. Harlow, Pearson Education Limited. Scandurra, I., M. Hagglund, et al. (2004). Integrated Care Plan and Documentation on Handheld Devices in Mobile Home Care. MobileHCI 2004, Glasgow, Scotland. Sharples, M., J. Taylor, et al. (2005). "Towards a Theory of Mobile Learning." Centre for Educational Technology and Distance Learning, University of Birmingham: 9.


Page 64 of 125

Generating Accessible Natural Language Explanations for OWLOntologies

Tu Anh [email protected]

Supervisors Richard PowerPaul PiwekSandra Williams

Department/Institute Computing Department

Status Full-time

Probation Viva Before

Starting date October 2009

Introduction

This research aims to develop a computational approach to generating accessible naturallanguage explanations for entailments in OWL ontologies. The purpose of it is to supportnon-specialists, people who are not expert in description logic and formal ontology lan-guages, in understanding why an inference or an inconsistency follows from an ontology.This would help to further improve the ability of users to successfully debug, diagnose andrepair their ontologies. The research is linked to the Semantic Web Authoring Tool (SWAT)project, the on-going project aiming to provide a natural language interface for ordinaryusers to encode knowledge on the semantic web. The research questions are:

• Do justifications for entailments in OWL ontologies conform to a relatively smallnumber of common abstract patterns for which we could generalise the problem togenerating explanations by patterns?

• For a certain entailment and its justification, how to produce an explanation in naturallanguage that is accessible for non-specialists?

An ontology is a formal, explicit specification of a shared conceptualisation [6]. An ontologylanguage is a formal language used to encode ontologies. The Web Ontology Language,OWL [8], is a widely used description logic based ontology language. Since OWL becamea W3C standard, there has been a remarkable increase in the number of people trying tobuild and use OWL ontologies. Editing environments such as Protege [15] and Swoop [13]were developed in order to support users with editing and creating OWL ontologies.

As ontologies have begun to be widely used in real world applications and more expressiveontologies have been required, there is a significant demand for editing environments thatprovide more sophisticated editing and browsing services for debugging and repairing. Inaddition to being able to perform standard description logic reasoning services namely sat-isfiability checking and subsumption testing, description logic reasoners such as FaCT++[22] and Pellet [20] can compute entailments (e.g., inferences) to improve the users com-prehension about their ontologies. However, without providing some kind of explanation,it can be very difficult for users to figure out why entailments are derived from ontologies.

The generation of justifications for entailments has proven enormously helpful for identi-fying and correcting mistakes or errors in ontologies. Kalyanpur and colleagues defined a


Page 65 of 125

justification for an entailment of an ontology as the precise subset of logical axioms fromthe ontology that are responsible for the entailment to hold [12]. Furthermore, he presenteda user study showing that the availability of justifications had a remarkable positive impacton the ability of users to debug and repair their ontologies [11]. Justifications have alsobeen recently used for debugging very large ontologies such as SNOMED [1], which size istoo large to be able to debug and repair manually.

There are several recent studies into capturing justifications for entailments in OWL ontolo-gies [12, 21, 9]. Nevertheless, OWL is a semantic markup language based on RDF and XML,languages that are oriented toward machine processability rather than human readability.Moreover, while a justification gathers together the axioms, or premises, sufficient for anentailment to hold, it is left up to the reader to work out how these premises interplay witheach other to give rise to the entailment in question. Therefore, many users may struggleto understand how a justification supports an entailment since they are either unfamiliarwith OWL syntax and semantics, or lack of knowledge about the logic underpinning theontology. In other words, the ability of users to work out how an entailment arises from ajustification currently depends on their understanding of OWL and description logic.

In recent years, the development of ontologies has been moving from “the realm of artificialintelligence laboratories to the desktops of domain experts”, who have insightful knowledgeof some domain but no expertise in description logic and formal ontology languages [14].It is for this reason that the desire to open up OWL ontologies to a wide non-specialistaudience has emerged. Obviously, the wide access to OWL ontologies depends on the devel-opment of editing environments that use some transparent medium; and natural language(e.g., English, Italian) text is an appropriate choice since it can be easily comprehended bythe public without training. Rector and colleagues observed common problems that usersfrequently encounter in understanding the logical meaning and inferences when workingwith OWL-DL ontologies, and expressed the need for a “pedantic but explicit” paraphraselanguage to help users grasp the accurate meaning of logical axioms in ontologies [18].

Several research groups have proposed interfaces to encode knowledge in semantics-basedControlled Natural Languages (CNLs) [19, 4, 10]. These systems allow users to input sen-tences conforming with a CNL then parse and tranform them into statements in formalontology languages. The SWAT project [16] introduces an alternative approach based onNatural Language Generation. In SWAT, users specify the content of an ontology by “di-rectly manipulating on a generated feedback text” rather than using text interpretation;therefore, “editing ontologies on the level of meaning, not text” [17].

Obviously, the above mentioned interfaces are designed for use by non-specialists to build upontologies without having to work directly on formal languages and description logic. How-ever, research on providing more advanced editing and browsing services on these interfacesto support the debugging and repairing process has not been investigated yet. Despite theusefulness of providing justifications in the form of sets of OWL axioms, understanding thereasons why entailments or inconsistencies are drawn from ontologies is still a key problemfor non-specialists. Even for specialists, having a more user-friendly view of ontology withaccessible explanations can be very helpful. Thus, this project seeks to develop a compu-tational approach to generating accessible natural language explanations for entailments inOWL ontologies in order to assist users in debugging and repairing their ontologies.

Methodology


Page 66 of 125

The research approach is to identify common abstract patterns of justifications for entail-ments in OWL ontologies. Having identified such patterns we will focus on generatingaccessible explanations in natural languages for most frequently used patterns. A prelim-inary study to work out the most common justification patterns has been carried out. Acorpus of eighteen real and published OWL ontologies of different expressivity has beencollected from the Manchester TONEs reposistory. In addition, the practical module devel-oped by Matthew Horridge based on the research on finding all justifications for OWL-DLontologies [12, 7] has been used. Justifications are computed then analysed to work out themost common patterns. Results from the study show that over the total 6772 justificationscollected, more than 70 percent of justifications belongs to the top 20 patterns. Study ona larger and more general ontology corpus will be carried out in next steps. Moreover, auser study is planned to investigate whether non-specialists perform better on a task whenreading accessible explanations rather than justifications in the form of OWL axioms.

The research on how to create explanations accessible for non-logicians is informed by studieson proof presentations. In Natural Deduction [5], how a conclusion is derived from a set ofpremises is represented as a series of intermediate statements linking from the premises tothe conclusion. While this approach makes it easy for users to understand how to derivefrom one step to the next, it might cause difficulty to understand how those steps linkedtogether to form the overall picture of the proof. Structured derivations [2], a top-downcalculational proof format that allows inferences to be presented at different levels of detail,seems to be an alternative approach for presenting proof. It was proposed by researchersas a method for teaching rigorous mathematical reasoning [3]. Research on whether usingstructured derivations would help to improve the accessibility of explanations as well aswhere and how intermediate inferences should be added is being investigated.

Conclusion

Since the desire to open up OWL ontologies to a wide non-specialist audience has emerged,several research groups have proposed interfaces to encode knowledge in semantics-basedCNLs. However, research on providing debugging and repairing services on these inter-faces has not been investigated yet. Thus, this research seeks to develope a computationalapproach to generating accessible explanations to help users in understanding why an entail-ment follows from a justification. Research work includes identifying common abstract jus-tification patterns and studying into generating explanations accessible for non-specialists.

References

[1] F. Baader and B. Suntisrivaraporn. Debugging SNOMED CT Using Axiom Pinpointingin the Description Logic EL+. In KR-MED, 2008.

[2] R. Back, J. Grundy, , and J. von Wright. Structured Calculational Proof. Technicalreport, The Australian National University, 1996.

[3] R.-J. Back and J. von Wright. A Method for Teaching Rigorous Mathematical Rea-soning. In ICTMT4, 1999.

[4] A. Bernstein and E. Kaufmann. GINO - A Guided Input Natural Language OntologyEditor. In ISWC, 2006.


Page 67 of 125

[5] G. Gentzen. Untersuchungen uber das logische Schließen. II. Mathematische Zeitschrift,39:405–431, 1935.

[6] T. R. Gruber. A translation approach to portable ontology specifications. KnowledgeAcquisition, 5:199–220, 1993.

[7] M. Horridge, B. Parsia, and U. Sattler. Laconic and Precise Justifications in OWL. InISWC, pages 323–338, 2008.

[8] I. Horrocks, P. F. Patel-Schneider, and F. van Harmelen. From SROIQ and RDF toOWL: The Making of a Web Ontology Language. J. Web Semantics, 1:7–26, 2003.

[9] Q. Ji, G. Qi, and P. Haase. A Relevance-Directed Algorithm for Finding Justificationsof DL Entailments. In ASWC, pages 306–320, 2009.

[10] K. Kaljurand and N. E. Fuchs. Verbalizing OWL in Attempto Controlled English. InOWLED, 2007.

[11] A. Kalyanpur. Debugging and repair of OWL ontologies. PhD thesis, University ofMaryland, 2006.

[12] A. Kalyanpur, B. Parsia, M. Horridge, and E. Sirin. Finding All Justifications of OWLDL Entailments. In ISWC, 2007.

[13] A. Kalyanpur, B. Parsia, E. Sirin, B. Cuenca-Grau, and J. A. Hendler. Swoop: A WebOntology Editing Browser. Journal of Web Semantics, 4:144–153, 2006.

[14] N. F. Noy and D. L. McGuinness. Ontology Development 101: A Guide to CreatingYour First Ontology. Technical report, Stanford University, 2001.

[15] N. F. Noy, M. Sintek, S. Decker, M. Crubezy, R. W. Fergerson, and M. A. Musen.Creating Semantic Web Contents with Protege-2000. IEEE Intell. Syst., 16:60–71,2001.

[16] R. Power. Towards a generation-based semantic web authoring tool. In ENLG, pages9–15, 2009.

[17] R. Power, R. Stevens, D. Scott, and A. Rector. Editing OWL through generated CNL.In CNL, 2009.

[18] A. Rector, N. Drummond, M. Horridge, J. Rogers, H. Knublauch, R. Stevens, H. Wang,and C. Wroe. OWL Pizzas: Practical Experience of Teaching OWL-DL: CommonErrors & Common Patterns. In EKAW, 2004.

[19] R. Schwitter and M. Tilbrook. Controlled Natural Language meets the Semantic Web.In ALTW, pages 55–62, 2004.

[20] E. Sirin, B. Parsia, B. C. Grau, A. Kalyanpur, and Y. Katz. Pellet: A practicalOWL-DL reasoner. Journal of Web Semantics, 5:51–53, 2007.

[21] B. Suntisrivaraporn, G. Qi, Q. Ji, and P. Haase. A Modularization-based Approach toFinding All Justifications for OWL DL Entailments. In ASWC, pages 1–15, 2008.

[22] D. Tsarkov and I. Horrocks. FaCT++ Description Logic Reasoner: System Description.In IJCAR, volume 4130, pages 292–297, 2006.


Page 68 of 125

Supporting the Exploration of Research Spaces

Chwhynny [email protected]

Supervisors Enrico Motta, Tom Heath, Paul MulhollandDepartment Knowledge Media InstituteStatus Full-timeProbation viva BeforeStarting date December 2009

1 Introduction

It is often hard to make sense of what exactly is going on in the research community. What topicsor researchers are new and emerging, gaining popularity, or disappearing? How does this happenand why? What are the key publications or events in a particular area? How can we understandwhether geographical shifts are occurring in a research area? There are several tools available thatallow users to explore different elements of a research area. However, making sense of the dynamicsof a research area is still a very challenging task. This leads to my research question:

How can we improve the level of support for people to explore the dynamics of a research commu-nity?

2 Framework and Background

In order to answer this question we first need to identify the different elements, relations anddimensions that define a research area and put them into a framework. We then need to findexisting tools that address these elements, and categorize them according to our framework inorder to identify gaps in the current level of support. Some elements we already identified are:people, institutions and organizations, events, activity, popularity, publications, citations, time,geography, keywords, studentships, funding, impact, and technologies.

The people element is about the researchers that are or were present in the research community,whilst the institutions and organizations element refers to the research groups, institutions, andorganizations that are active within an area of research, and the affiliations the people within thecommunity have with them. Events can be workshops, conferences, seminars, competitions, or anyother kind of research-related happening. EventSeer1 is a service that aggregates all the calls forpapers and event announcements that float around the web into one common, searchable tool. Itkeeps track of events, people, topics and organizations, and lists the most popular people, topics,and organizations per week.

1http://www.eventseer.net


Page 69 of 125

The activity element refers to how active the researchers, institutions, and organizations are withinthe field, for instance event attendance or organization, or the number and frequency of publicationsand events. A tool that can be used to explore this is Faceted DBLP2, a server interface for theDBLP server3 which provides bibliographic information on major computer science journals andproceedings [Ley 2002]. Faceted DBLP starts with some keyword and shows the result set alongwith a set of facets, e.g. distinguishing publication years, authors, venues, and publication types.The user can characterize the result set in terms of main research topics and filter it according tocertain subtopics. There are GrowBag graphs available for keywords (number of hits/coverage).

Popularity is about the interest that is displayed in a person, institution or organization, publica-tion, topic, technology, or event. WikiCFP4 is a service that helps organize and share academicinformation. Users can browse and add calls for papers per subject category, and users to add callsfor papers to their own personal user list. Each call for paper has information on the event name,date, location, and deadline. WikiCFP also provides hourly updated lists of the most popularcategories, calls for papers, and user lists.

One indicator of topic popularity is the number of publications on a topic. There are many toolsthat show the number of publications per topic per year. PubSearch is a fully automatic web miningapproach for the identification of research trends that searches and downloads scientific publicationsfrom web sites that typically include academic web pages [Tho et al. 2003]. It extracts citationswhich are stored in the tool’s Web Citation Database which is used to generate temporal documentclusters and journal clusters. These clusters are then mined to find their interrelationships, whichare used to detect trends and emerging trends for a specified research area.

Another indicator of popularity is how often a publication or researcher is cited. Citations canalso help identify relations between researchers through analysis of who is citing who and when,and what their affiliations are. Publish Or Perish is a piece of software that retrieves and analyzesacademic citations [Harzing and Van der Wal 2008]. It uses Google Scholar5 to obtain raw citations,and analyzes them. It presents a wide range of citation metrics such as the total number of papersand citations, average number of citations per paper and author, the average number of papers perauthor and year, an analysis of number of authors per paper, et cetera.

Topics, interests, and people evolve over time, and the makeup of the research community changeswhen people and organizations enter or leave certain research areas or change their direction.Some topics appear to be more established or densely represented in certain geographical areas,for instance because a prolific institution is located there and has attracted several experts on aparticular topic, or because many events on a topic are held in that area. AuthorMapper6 is anonline tool for visualizing scientific research. It searches journal articles from the SpringerLink7

and allows users to explore the database by plotting the location of authors, research topics andinstitutions on a world map. It also allows users to identify research trends through timeline graphs,statistics and regions.

Keywords are an important indicator of a research area because they are the labels that have beenput on publications or events by the people and organizations within that research area. Google

2http://dblp.l3s.de/3http://dblp.uni-trier.de/4http://www.wikicfp.com/5http://scholar.google.com/6http://www.authormapper.com/7http://www.springerlink.com/


Page 70 of 125

Scholar is a subset of the Google search index consisting of full-text journal articles, technical re-ports, preprints, thesis, books, and web sites that are deemed ’scholarly’ [Noruzi 2005, Harzing andVan der Wal 2008]. Google Scholar has crawling and indexing agreements with several publishers.The system is based on keyword search only and its results are organized by a closely guardedrelevance algorithm. The ’cited-by-x’ feature allows users to see by whom a publication was cited,and where.

The availability of new studentships indicates that a research area is trying to attract new people.This may mean that the area is hoping to expand, change direction, or become more established.The availability of funding within a research area or topic is an indicator of the interest thatis displayed in it, or the level of importance it is deemed to have at a particular time. ThePostgraduate Studentships web site8 offers a search engine as well as a browsable list of study orfunding opportunities organized by subjects, masters, PhD/doctoral and professional doctoratesand a browsable list of general funders, funding universities and featured departments. The sitealso lists open days and fairs.

The level of impact of the research carried out by a research group, institution, organization orindividual researcher leads to their establishment in the research community, which in turn couldlead to more citations and event attendance. The technologies element refers to the technologiesthat are developed within an area of research, and their impact, popularity and establishment.Research impact is on a small scale implemented into Scopus (http://www.scopus.com/), currentlya preview-only tool which, amongst other things, identifies and matches an organization with allits research output, tracks how primary research is practically applied in patents and tracks theinfluence of peer-reviewed research on web literature. It covers nearly 18,000 titles from over 5,000publishers, 40,000,000 records, scientific web pages, and articles-in-press. A tool that ranks publi-cations is DBPubs, a system for analyzing and exploring the content of database publications bycombining keyword search with OLAP-style aggregations, navigation, and reporting [Baid et al.2008]. It performs keyword search over the content of publications. The meta data (title, author,venue, year et cetera) provide OLAP static dimensions, which are combined with dynamic dimen-sions discovered from the content of the publications in the search result, such as frequent phrases,relevant phrases and topics. Based on the link structure between documents (i.e. citations) publi-cation ranks are computed, which are aggregated to find seminal papers, discover trends, and rankauthors.

Finally, we would like to discuss a more generic tool, DBLife9 [DeRose et al. 2007, Goldberg andAndrzejewski 2007, Doan et al. 2006], which is a prototype of a dynamic portal of current informa-tion for the database research community. It automatically discovers and revisits web pages andresources for the community, extracts information from them, and integrates it to present a unifiedview of people, organizations, papers, talks, et cetera. For example, it provides a chronologicalsummary, has a browsable list of organizations and conferences, and it summarizes interesting newfacts for the day such as new publications, events, or projects. It also provides community statisticsincluding top cited people, top h-indexed people, and top cited publications. DBLife is currentlyunfinished and does not have full functionality, but from the prototype alone one can conclude itwill most likely address quite a few elements from our framework.

8http://www.postgraduatestudentships.co.uk/9http://dblife.cs.wisc.edu/


Page 71 of 125

3 Methodology

In order to find out what are the key problems people encounter when trying to make sense of thedynamics of a research area we will carry out an empirical study, which consists of a task and ashort questionnaire.

The 30 to 40 minute task is to be carried out by around 10 to 12 subjects who will be asked toinvestigate a research area that is fairly new to them and write a short report on their findings.The subjects’ actions will be recorded using screen capture software and the subjects themselveswill be videoed for the duration of the task so that the entire exploration process is documented.The screen capture will show the actions the subjects take and the tools they use to reach theirgoal. The video data will show any reactions the subjects may display during their explorationprocess, for example confusion or frustration with a tool they are trying to use. The questionnairewill be filled out by as many subjects as possible, who will be asked to identify the key elementsof a research area which they would take into account when planning a PhD research. In thequestionnaire people will be made aware of the framework we created, but we will allow for openanswers and additions to the existing framework.

The technical study will consist of an overview, comparison, critical review, and gap analysis ofexisting tools that support the exploration of the research community. It will link those tools toour framework in order to find out to what extent the several elements are covered by the existingtools.

At this stage we will have highlighted the key elements that define a research area, identified gapsin the existing support for the exploration of the research community, and gathered evidence tosupport this by mapping existing tools to our framework, carrying out a practical task, and sendingout a questionnaire. We will then aim to improve support for people to explore the dynamics ofthe research community by implementing novel tools, addressing the gaps that have emerged fromthese studies. Our hypothesis is that at least some of these gaps are due to the lack of integrationbetween different types of data covering different elements of a research area.

References

Baid, A., Balmin, A., Hwang, H., Nijkamp, E., Rao, J., Reinwald, B., Simitsis, A., Sismanis, Y.,and Van Ham, F. (2008). DBPubs: Multidimensional Exploration of Database Publications.Proceedings of the VLDB Endowment, 1(2):1456–1459.

DeRose, P., Shen, W., Chen, F., Lee, Y., Burdick, D., Doan, A., and Ramakrishnan, R. (2007).DBLife: A Community Information Management Platform for the Database Research Commu-nity. In Weikum, G., Hellerstein, J., and Stonebraker, M., editors, Proceedings of the 3rd BiennialConference on Innovative Data Systems Research (CIDR 2007), Asilomar, California, USA.

Diederich, J. and Balke, W. (2008). FacetedDBLP - Navigational Access for Digital Libraries.Bulletin of the IEEE Technical Committee on Digital Libraries (TCDL), 4(1).

Diederich, J., Balke, W., and Thaden, U. (2007). Demonstrating the Semantic GrowBag: Au-tomatically Creating Topic Facets for FacetedDBLP. In Proceedings of the ACM IEEE JointConference on Digital Libraries (JCDL 2007), Vancouver, British Columbia, Canada.


Page 72 of 125

Doan, A., Ramakrishnan, R., Chen, F., DeRose, P., Lee, Y., McCann, R., Sayyadian, M., and Shen,W. (2006). Community Information Management. IEEE Data Engineering Bulletin, Special Issueon Probabilistic Databases, 29.

Goldberg, A. and Andrzejewski, D. (2007). Automatic Research Summaries in DBLife. CS 764:Topics in Database Management Systems.

Harzing, A. and Van der Wal, R. (2008). Google Scholar as a New Source for Citation Analysis.Ethics in Science and Environmental Politics, 8:61–73.

Ley, M. (2002). The DBLP Computer Science Bibliography: Evolution, Research Issues, Perspec-tives. In Proceedings of the 9th International Symposium (SPIRE 2002), pages 481–486, Lisbon,Portugal.

Noruzi, A. (2005). Google Scholar: The New Generation of Citation Indexes. Libri, 55:170–180.

Tho, Q., Hui, S., and Fong, A. (2003). Web Mining for Identifying Research Trends. In Sembok,T., Badioze Zaman, H., Chen, H., Urs, S., and Myaeng, S., editors, Proceedings of the 6th Inter-national Conference on Asian Digital Libraries (ICADL 2003), pages 290–301, Kuala Lumpur,Malaysia. Springer.


Page 73 of 125

Background

Severa

l stu

dies

of tech

nology

situated

in ed

ucatio

nal

settings

have

been

carried

out

that

focus

on

understa

nding how tech

nology a

ffects users’ everyd

ay life a

nd vice versa

; and w

heth

er the tech

nology serves

the p

urposes it w

as d

esigned

for. Fin

dings fro

m th

ese stu

dies h

ave b

een m

ixed. Fo

r example, B

rignull et a

l. [1]

implem

ented

Dyn

amo,

a

large

multi-u

ser intera

ctive surfa

ce to en

able th

e sharin

g and exch

ange

of a

wide va

riety of d

igita

l med

ia, in

the co

mmon ro

om

of a h

igh sch

ool a

nd rep

ort th

at u

sers appropria

ted th

e functio

nality o

f the d

isplay in

a w

ay th

at w

as co

nsisten

t with

the

space’s

previo

us

use.

Moreo

ver, it

did not

Copyrig

ht is h

eld by th

e author/o

wner(s).

Nad

The

Wal

Milt

k.pa

Hug

The

Wal

Milt

h.m

Ab

A n

umber o

f novel te

chnolo

gy-rich

learning sp

aces have

bee

n develo

ped over th

e last few

years. M

any cla

ims h

ave

bee

n m

ade in

term

s of h

ow th

ey can su

pport an

d en

hance

learning,

collaboratio

n,

community

particip

atio

n,

and

creativity.

This

line of research

is

investig

atin

g whether

such learning space

s are livin

g up to

such c laim

s. The

approach

is ethnographic; a

number o

f field stu

dies h

ave

bee

n co

nducte

d exa

mining how

people use th

e sp

aces in

practice

. Findings so

far h

ave sh

own th

at th

e positio

ning of

the te

chnolo

gy, fle

xibility an

d a se

nse o

f ownersh

ip and

control o

ver the te

chnolo

gy are

key issu

es.

Keywords

Tech

nology- rich

lea

rning

spaces,

ethnographic

approach, d

esigned

and actu

al u

se


Understandispaces

ia Pantid

i

Yvonne Rogers

Open

Unive

rsity, The Open

Unive

rsity,

ton Hall.

Walto

n Hall.

on Keyn

es, M

K7 6AA

Milton

Keyn

es, M

K76AA

ntid

[email protected]

k y.ro

gers@

open.ac.u

k

h Robinson

Open

Unive

rsity,

ton Hall.

on Keyn

es, M

K7 6AA

.robinson

@open

.ac.uk

stra

ct

ng technology-rich learning

Intro

ductio

n

In th

e last few

years, a

substa

ntia

l amount o

f funding

has been

allocated

to sch

ools

and universities

in the

world

, but

especia

lly the

UK,

for

creatin

g new

‘tech

nology-rich

’ lea

rning spaces.

These

new

spaces

have b

een proposed

as ex

amples o

f future p

laces fo

r supportin

g and en

hancin

g in

form

al a

nd fo

rmal lea

rning,

collaboratio

n, crea

tivity and socia

lising [4].

However,

little is

known as to wheth

er these

claim

s are

bein

g

realized

in actu

al p

ractice. T

his resea

rch is exa

mining

how and wheth

er they

are

used

, focusin

g on the

interd

epen

den

ce of

physica

l space,

furnitu

re and

technology co

nfig

uratio

n.

Page 74 of 125

mailto:[email protected]



2

support

other

uses

that

the

research

ers exp

ected.

Sim

ilarly, M

cDonald et a

l. [3], situ

ated

three p

roactive

disp

lays

in an academ

ic conferen

ce to augmen

t the

particip

ants’

intera

ctions;

specifica

lly to en

hance

the

feeling o

f community, fa

cilitate so

cial n

etworkin

g an

d

future co

llaboratio

ns. Fin

dings fro

m th

is study sh

owed

that p

eople a

ppropria

ted th

e technology b

y extending

its use in

an in

nova

tive and fu

n w

ay w

hich

conflicted

with

the

common practices

and socia

l conven

tions

alrea

dy in

place a

nd th

us, led

to n

egative co

mmen

ts about

the

applica

tion.

More

dramatica

lly, a stu

dy

evaluatin

g the

use

of intera

ctive whiteb

oards

in UK

schools

found no

significa

nt

impact

on the

pupils’

perfo

rmance

relatin

g

to

the

use

of

intera

ctive whiteb

oards [2

].

Much resea

rch to

date h

as focused

on sin

gle tech

nology

interven

tions,

where

a public

disp

lay

or

intera

ctive whiteb

oard has b

een placed

in a pre-existin

g sp

ace to

serve a sp

ecific purpose/fu

nctio

nality. H

owever, th

ere are

learning spaces

that have

been

desig

ned

fro

m

scratch

to be ‘tech

nology-rich

’ and w

here th

eir spatia

l and tech

nologica

l desig

n is

inten

ded

to be

much

broader (e.g

. Saltire C

enter, C

ILASS). A

n asso

rtmen

t of new

technologies a

nd fu

rnitu

re have b

een co

nfig

ured

to

create n

ew lea

rning sp

aces. T

his resea

rch fo

cuses o

n

how su

ccessful th

ese multi-p

urpose sp

aces h

ave b

een

in supportin

g what

they

were

desig

ned

for.

The

questio

ns a

ddressed

are:

§ What a

re the d

ifferences b

etween

anticip

ated

and actu

al u

se (if any)?

§ What is th

e nature o

f the in

teractio

nal w

ork in

these n

ovel sp

aces?

§ How do peo

ple

beh

ave

and intera

ct with

the

space?

§ How do peo

ple in

teract w

ith ea

ch other a

nd th

e tech

nology?

§ What

insig

hts

emerg

e for

the

use

of

the

technology

by

understa

nding the

use

of the

physica

l space?

To address

these

questio

ns,

in situ

eth

nographic

studies h

ave b

een ca

rried out o

n th

ree multi-p

urpose

technology-rich

settin

gs,

called

Dspace,

Qspace,

Cspase.

Dspace

was

desig

ned

as

a tech

nology-rich

space set in

a library o

n a u

niversity ca

mpus. It w

as crea

ted as

a crea

tive play

area

for

visitors

to exp

erimen

t with

and exp

lore

new

idea

s and share

knowled

ge;

a

space

that

brin

gs

togeth

er new

tech

nologies a

nd id

eas o

n how th

ey could be u

sed fo

r lea

rning and tea

ching now or in

the fu

ture. Q

space, is a

large sp

ace th

at w

as d

esigned

to su

pport a

variety o

f planned

learning activities (e.g

. worksh

ops) to

enable

groups of individ

uals

to come

togeth

er with

in a high

technology

enviro

nmen

t to communica

te their

idea

s and g

enera

te their d

esigns in

a crea

tive way. It is a

blank

space

that

can be

re-shaped

physica

lly and

technologica

lly dep

ending on the

activity

that takes

place.

The

space

was

delib

erately

desig

ned

to be

technologica

lly-rich as a m

eans o

f promotin

g crea

tivity and supportin

g collaboratio

n in innova

tive ways.

Cspace, w

as d

esigned

as a

study sp

ace fo

r studen

ts to work to

geth

er both durin

g la

b sessio

ns a

nd in

their o

wn

time.

It is

a

flexible

technology-rich

workin

g

enviro

nmen

t that

allows

multip

le ‘stu

dy’

activitie

s inclu

ding

teaching,

programming,

hardware

experim

entatio

n, a

nd fa

cilitated

discu

ssions.

Methodology

The m

ethod used

is ethnographic in

volvin

g particip

ant

observa

tion and sem

i-structu

red in

terviews. A

series of

ethnographic

studies

was carried

out in the

differen

t settin

gs

throughout

the

last

18 months

and will


Page 75 of 125

3

contin

ue

for

another

6 months.

The

collected

data

consist

of

fieldnotes

(made

durin

g or

after

the

observa

tional sessio

ns),

audio and vid

eo reco

rdings,

still pictu

res and documen

ts. The d

ata is a

nalyzed

and

interp

reted in

terms o

f preva

iling th

emes a

nd ten

sions

occu

rring betw

een desired

, actu

al an

d anticip

ated

use.

Findings

As

a resu

lt of

the

ethnographic

approach,

a rich

descrip

tion has

been

achieved

providing a unique

understa

nding of th

e three

settings’ everyd

ay u

se. In

gen

eral,

findings

from all

settings

show how peo

ple

appropria

te tech

nology-rich

lea

rning

spaces

quite

differen

tly from w

hat th

e desig

ners o

r managers h

ave

planned

or anticip

ated

. Additio

nally,

a more

in dep

th

examinatio

n of the

findings

provid

es a selectio

n of

interd

epen

den

t vignettes th

at o

ffer insig

hts o

n critica

l issu

es such as th

e use o

f technology, th

e appropria

tion

of th

e physica

l space, g

roupwork a

nd in

divid

ual w

ork,

priva

te and public

aspects

of

intera

ction and the

community o

f users.

Reg

arding the

use

of

the tech

nology,

the

insig

hts

emerg

ing so far

suggest

that

for

technology-rich

lea

rning spaces

to be

successfu

l, they

need

to be

flexible

(supportin

g flu

id tra

nsitio

ns

from individ

ual

work to

group w

ork a

nd fro

m p

ublic to

priva

te use),

lightweig

ht (users

movin

g betw

een the

spaces’

and

their

own devices)

and accessib

le (providing to the

users

the

optio

n to contro

l, take

ownersh

ip over

the

technology). Fo

r insta

nce, field

work d

ata sh

owed

that

Cspace w

as set u

p in

a way th

at o

ffered th

e studen

ts the freed

om to

choose h

ow a

nd w

hen

to u

se it. The

technology in

the sp

ace co

nsisted

both of la

ptops/ta

blet

PCs

and SmartB

oards

provid

ing users

the

optio

n to

switch

betw

een in

dividual a

nd group w

ork, a

nd also

to

share (p

ublic) o

r not (p

rivate) th

eir work w

ith others.

Moreo

ver, the tech

nology w

as ‘o

ut th

ere’ for a

nyo

ne to

walk in

and use it a

nd stu

den

ts were a

llowed

to ‘p

lug

and play’

with

their

perso

nal devices

(laptops,

mp3

players, m

obiles) a

nd co

mbine th

em w

ith th

e existing

technology o

f the sp

ace (fig

ure 1

). This tech

nologica

l flexib

ility, among other

things,

contrib

uted

to the

Cspace b

ecoming a

‘hot sp

ot’; a

cosy lea

rning sp

ace

where

studen

ts feel

comforta

ble

experim

entin

g with

tech

nology

and at

the

same

time

engaging in their

everyday so

cial a

nd work a

ctivities.

Figure 1. O

n th

e le

ft studen

ts are collab

oratin

g by u

sing th

e SmartB

oard

for sh

ared con

tent a

nd th

e la

ptops an

d ta

blet P

Cs

for p

rivate use; on

the rig

ht, on

e of th

e stu

den

ts is usin

g his

iPhone an

d his

perso

nal tablet

PC in com

binatio

n with

the

existin

g te

chnolo

gy.

In con

trast, Q

space p

roved

to be ra

ther tech

nologica

lly

inflexib

le. The

majority

of

activities

invo

lving

technology, d

urin

g th

e event o

bserved

, were lim

ited to

the m

anagers o

f the sp

ace m

anipulatin

g th

e lights via

a

disp

lay in

terface. T

he a

ctual u

sers did not a

ppropria

te

or intera

ct with

the

technology,

as they

didn’t

have

direct a

ccess to it. T

he rea

son fo

r this is th

at b

efore a

ny

use o

f the sp

ace th

e managers a

re pre-settin

g how th

e tech

nology ca

n be u

sed dep

ending on th

e need

s of th

e even

t or th

e users. In

additio

n, u

sers are d

iscouraged

fro

m usin

g their

own laptops

or

other

devices

in

combinatio

n w

ith th

e spaces’ existin

g tech

nology. In

a


Page 76 of 125

4

way,

the

technology

was patro

lled and used

by

the

managers, a

nd it w

as o

nly ‘p

ost h

oc’ a

vailable to

the

actu

al u

sers.

Another critica

l elemen

t for su

ccessful tech

nology-rich

lea

rning sp

aces seem

s to be th

e physica

l arra

ngem

ent

of the

technology

in the

space;

specific

spaces

or

physica

l layo

uts

bea

r esta

blish

ed asso

ciatio

ns

and

etiquettes th

at can

affect th

e way u

sers intera

ct with

or

appropria

te the tech

nology. Fo

r example, in

Dspace it

was found that desp

ite the

abundance

of tech

nology

and th

e many m

otiva

ting cu

es and clu

es, its use w

as lim

ited.

The

technology

was

not

experim

ented

or

played

with

in the

ways

planned

for [5].

A plausib

le exp

lanatio

n fo

r this, b

ased

on th

e collected

data, h

as to

do w

ith th

e positio

ning of th

e technology in

the sp

ace;

most o

f the d

evices were p

laced

on sh

elves (Figure 2),

creatin

g th

e impressio

n th

at th

ey were fo

r disp

lay o

nly,

thus d

iscouraging poten

tial u

sers from in

teractin

g w

ith

them

.

Figure 2

. A colle

ction of m

obile p

hon

es for u

sers to in

teract

with

and exp

erim

ent a

re disp

layed on sh

elves.

Conclu

sion

This

paper

discu

sses briefly

a selectio

n of fin

dings

emerg

ing fro

m a series o

f ethnographic stu

dies ca

rried

out in

three n

ove

l technology-rich

learning sp

aces. O

ur

findings so

far su

ggest th

at fo

r these sp

aces to

support

inform

al and form

al lea

rning, collaboratio

n, crea

tivity

and so

cialisin

g, issu

es such as th

e spatia

l arra

ngem

ent,

flexibility a

nd accessib

ility of th

e technology n

eed to b

e consid

ered. Fu

ture w

ork in

volves fu

rther in

situ stu

dies

to a va

riety of sim

ilar settin

gs w

ith th

e aim

to develo

p a

set of d

esign guidelin

es and co

ncern

s for th

ose invo

lved

in develo

ping ‘lea

rning sp

aces’ a

nd ‘cla

ssrooms o

f the

future’.

References

[1] B

rignull, H

., Izadi, S

., Fitzpatrick, G

., Rogers, Y

., and Rodden

, T. T

he in

troductio

n of a sh

ared

intera

ctive surfa

ce into a co

mmunal sp

ace. P

roc. C

SCW 2004, A

CM

Press (2

004).

[2]

Hen

nessy,

S.,

Dea

ney,

R.,

Ruthven

, K.,

and

Winterb

otto

m, M

. Ped

agogica

l strateg

ies for u

sing th

e

intera

ctive whiteb

oard to

foster lea

rner p

articip

atio

n in

sch

ool scien

ce. Lea

rning, Media and Tech

nology,

32

(3), (2

007), 2

83–301.

[3]

McD

onald,

D.W

., McC

arth

y, J.F.,

Sorocza

k, S.,

Nguyen

, D.H.,

and Rashid, A.M

. Proactive

disp

lays:

Supportin

g awaren

ess in flu

id so

cial en

vironmen

ts. ACM

Transactio

ns on

Computer- H

uman In

teractio

n, 1

4 (4

), Article 1

6, (2

008).

[4] O

blinger, D

. Learning Spaces. E

ducause, 2

006.

[5] Pantid

i, N.,

Robinson, H.M

., and Rogers,

Y. Can

technology-rich

spaces

support

multip

le uses?.

Proc.

British

CHI G

roup Annual C

onferen

ce on HCI (2

), BCS

(2008), 1

35-138.


Page 77 of 125

How best to support scientific end-user software

development? Aleksandra Pawlik

[email protected]

Supervisors Dr. Judith Segal

Prof. Marian Petre

Prof. Helen Sharp


Status Full-time

Probation viva Before


Introduction

End-user software development has received substantial amounts of attention within

both the academic and software engineering communities [1-3]. One of the sub-

groups that can be distinguished amongst end-user developers is that of scientific end-

user developers [4]. A particular set of characteristics differentiates scientists from

other end-user developers. Firstly, working in the field of science often necessitates

the use of various software packages on a daily basis. Secondly, scientists are familiar

with and utilize formal languages as well as particular modelling techniques.

Additionally, the majority of science degree curriculums offered by universities

contain at least one course in programming. Thus, many scientists have some

experience with coding at a relatively early stage of their academic and professional

career. In many cases, conducting a scientific research project means developing a

tailor-made software tool which will address a particular scientific problem. Therefore,

it may seem that scientists are “predisposed” to being effective and successful end-

user software developers more likely to produce a sustainable end-product software.

However, numerous problematic issues related to scientific end-user software

development have been reported by researchers in computing [5, 6], software

engineers [7] and scientists themselves [8]. For the purpose of my research project, I

will make the distinction between two different contexts within scientific end-user

software development:

- Limited Context: when software is developed (usually in a purely academic

environment) in order to address a specific problem within a particular project

which is being run by a limited group of anticipated users;

- Extended Context: when it is expected that the software will be reusable,

maintainable and flexible (i.e. potentially used by an extended group of as yet

undetermined users).

Scientific end-user software development needs, therefore, relevant and effective

support from the software development professionals’ community. Despite the fact

that some related help exists and is available [9], scientists who develop software and

software engineers who collaborate with them at various levels may find scientific

software development problematic. This indicates that the assistance and support

provided may need adjustments and improvements, an objective that may be

approached from different angles. First of all, it is essential to identify and examine

difficulties which may crop up during scientific end-user software development. The

second approach is to investigate and understand the origins of these problems.


Page 78 of 125

Finally, we need to comprehend why the support available for scientific end-users

provided by the software development professionals’ community does not seem to be

working effectively and what steps should be taken to attempt to remedy this. I argue

that these steps need to involve observing the practices applied during scientific

software development in a number of different contexts.

In my PhD research project, I intend to focus on exploring the tools and methods

which scientific end-user developers employ in their work. The answer to the

question ”What techniques do scientific end-user developers use?” should allow me

to identify the ways in which scientists address issues that emerge during software

development. Additionally, I will pay special attention to the methods which scientific

end-user developers find successful. By “successful” I mean those that were

introduced and maintained during part or indeed the whole cycle of software

development, and which resulted in sustainable software. Thus, my second research

question is “What are the problematic and successful applications of tools and

techniques for supporting end-user software developers?". The results of my study

may potentially provide sufficient information which could be used to tailor and

improve ways of assisting scientific end-user development.

Background

A number of researchers investigated the characteristics and issues related to

scientific end-user development. For example, Segal [10] notes that the software

development process consists of short cycles and proposes an “iterative and

incremental” model of scientific software development which is a result of the fact

that the majority of scientific work remains experimental and is based on

approximation models. Moreover, some scientific projects involve tacit knowledge,

something which creates difficulties in establishing requirements and designing

software packages [11]. The experimental nature of these scientific projects, the

application of tacit knowledge and the approximations generated by mathematical

models create a further problem, that of software testing [12] [13].

Some problems are generated by the fact that many scientific end-user developers

make software within a very limited context of usage. The main aim of scientific

projects is to advance science, deliver and publish the findings. The resources (time,

finances and people) allocated to software development within the framework of a

scientific project tend to be insufficient [14]. Therefore, scientists’ reluctance to

apprehend, for example, object-oriented programming languages, and their preference

to implement code in Fortran seems justified. Moreover, by sticking with familiar

programming languages, scientific end-user developers reduce the risk of errors that

might result from the use of languages which are new or unfamiliar to them [6]. Since,

within the scientific working culture [5], software development is not made a high

priority, scientists who develop software packages do not, as a result, receive relevant

credit, something which tends to discourage them from putting more effort into

creating sustainable software [14]. Other factors which contribute to problems with

scientific end-user software development, such as lack of effective project

management or problems with the labour division, may dissuade developers from

making use of any version control systems or configuration management tools [15].


Page 79 of 125

In fact, tailor-made resources relating directly to software engineering techniques and

methods supporting scientific end-user software development are available and being

continuously developed, mainly by software development professionals [16].

However, these resources only receive rather a poor uptake from the scientific

community, as scientists prefer to teach themselves from, for example, generic

textbooks, colleagues, the Internet, and so on [17] [6]. Additionally, as described by

Kelly [18], the chasm that divides the different approaches to software development

between the communities of scientific end-user developers and software development

professionals only serves to cause further discrepancies in the overall communication

between the two groups.

Methodology

I intend to investigate case studies of scientific end-user software development in

which various software engineering techniques and methods were used in covering

the following:

- The transition of turning purely academic (Limited Context) scientific software

packages into commercial ones;

- The transition of turning purely academic (Limited Context) scientific software

packages into open source (Extended Context) ones;

- The development of scientific software which directly involves software

development professionals (Extended Context).

Since this PhD research project is exploratory in nature, qualitative research methods

would seem to be the most appropriate. Moreover, studies in information systems are

highly context-dependent and interpretative [19], something which requires making

use of methods that allow researchers to investigate issues in depth. I will use

interviews and participant observation as the main methods of data collection. The

interviews will be conducted with both scientific end-user developers and software

development professionals who are directly involved, together with scientists, in

scientific software development teams. The former will constitute the majority of the

respondent group whilst interviews with software development professionals will aim

to provide additional information about the application of methods and techniques for

supporting scientific end-user development. Ideally the interviews will be combined

with participant observation enabling me to obtain a fuller picture of the process and

to perceive any issues related to scientific end-user development. Two things will be

crucial in the sampling of the case studies: being able to obtain maximum variation

within the sample, but also the ability to include convenient sampling (e.g. contacting

respondents, access to the fieldwork etc.), something which will doubtless have an

impact on the final construction of the set of case studies.

References

[1] B. A. Myers, M. M. Burnett, S. Wiedenbeck, A. J. Ko, and M. B. Rosson,

"End user software engineering: CHI: 2009 special interest group meeting," in

Proceedings of the 27th international conference extended abstracts on

Human factors in computing systems Boston, MA, USA: ACM, 2009.

[2] H. Lieberman, Paternò, F., Wulf, V., "End user development," Dordrecht, The

Netherlands: Springer, 2006.


Page 80 of 125

[3] M. F. Costabile, P. Mussio, L. P. Provenza, and A. Piccinno, "End users as

unwitting software developers," in Proceedings of the 4th international

workshop on End-user software engineering Leipzig, Germany: ACM, 2008.

[4] J. Segal and S. Clarke, "Point/Counterpoint: Software Engineers Don't Know

Everything about End-User Programming," Software, IEEE, vol. 26, pp. 54-57,

2009.

[5] J. Segal, "Software Development Cultures and Cooperation Problems: A field

Study of the Early Stages of Development of Software for a Scientific

Community," Computer Supported Cooperative Work (CSCW), vol. 18, pp.

581-606, 2009.

[6] R. Sanders and D. Kelly, "Dealing with risk in scientific software

development," Software, IEEE, pp. 21-28, 2008.

[7] V. R. Basili, D. Cruzes, J. C. Carver, L. M. Hochstein, J. K. Hollingsworth, M.

V. Zelkowitz, and F. Shull, "Understanding the high-performance-computing

community: A software engineer's perspective," Software, IEEE, vol. 25, pp.

29-36, 2008.

[8] C. Rickett, S. Choi, C. Rasmussen, and M. Sottile, "Rapid prototyping

frameworks for developing scientific applications: A case study," The Journal

of Supercomputing, vol. 36, pp. 123-134, 2006.

[9] G. Wilson, "Those Who Will Not Learn From History," Computing in Science

and Engineering, vol. 10, p. 5, 2008.

[10] J. Segal, "Models of scientific software development," in Workshop on

Software Engineering in Computational Science and Engineering, Leipzig,

Germany, 2008

[11] S. Thew, A. Sutcliffe, R. Procter, O. de Bruijn, J. McNaught, C. C. Venters,

and I. Buchan, "Requirements Engineering for E-science: Experiences in

Epidemiology," Software, IEEE, vol. 26, pp. 80-87, 2009.

[12] D. Hook and D. Kelly, "Testing for trustworthiness in scientific software," in

Proceedings of the 2009 ICSE Workshop on Software Engineering for

Computational Science and Engineering: IEEE Computer Society, 2009.

[13] S. Easterbrook and T. Johns, "Engineering the Software for Understanding

Climate Change," Computing in Science and Engineering, vol. 26, 2009.

[14] "Reporting Back - Open Middleware Infrastructure Institute Collaboration

Workshops 2010," http://www.omii.ac.uk/wiki/CW10ReportingBack, 2010.

[15] M. Vigder, "End-user software development in a scientific organization," in

Proceedings of the 2009 ICSE Workshop on Software Engineering

Foundations for End User Programming: IEEE Computer Society, 2009.

[16] "Software Carpentry - an intensive introduction to basic software development

practices for scientists and engineers," http://software-carpentry.org/.

[17] G. Wilson, "How Do Scientists Really Use Computers?," American Scientist,

vol. 97, pp. 360-362, 2009.

[18] D. Kelly, "A software chasm: Software engineering and scientific computing,"

Software, IEEE, p. 120, 2007.

[19] H. K. Klein and M. D. Myers, "A set of principles for conducting and

evaluating interpretive field studies in information systems," MIS Quarterly,

vol. 23, p. 67(2), 1999.


Page 81 of 125

Non-Cooperation in Computational Models of Dialogue

Brian Plü[email protected]

Supervisors Paul PiwekRichard Power

Department/Institute Computing DepartmentStatus FulltimeProbation viva AfterStarting date 01/10/08

This research is aimed at finding a computable description (i.e., a computational model) of non-cooperative conversational behaviour in political interviews.

Most approaches to finding computational models of dialogue behaviour are based on a strong notion of cooperation between the dialogue participants (DPs). Researchers have proposed models based on DP's intentions (Cohen and Levesque, 1991), regarded dialogue as a game with strict rules guiding the speaker's actions and the hearer's interpretation of those actions (Power, 1979), or addressed conversation as the joint construction of goal-oriented plans that are shared by DPs (Grosz and Sidner, 1990). These models successfully explain dialogue situations in which DPs recognise each other's intentions and, at least to a certain extent, accept each other's goals when deciding on their actions. These assumptions are theoretically grounded (Grice, 1975; Clark and Shaefer, 1989) and also practically sound: dialogue models are usually implemented in the form of dialogue systems, built for the purpose of providing a service to their users. Take, for instance, the following exchange from the TRAINS dialogue system (Ferguson et al. 1996):

User I need to get to Detroit, Syracuse, and Montreal.

System Ok.

User Let's send the trains from Chicago to Detroit.

System Ok. [draws route from Chicago to Detroit via Toledo] But the terminal at Toledo is delaying traffic due to bad weather. Trains will take an additional five hours to move through there. [highlights Toledo red]

User That's ok. Now let's go from Atlanta up to Syracuse.

System Please tell me a route to use to get from Atlanta to Syracuse.

User Go via Charleston and Pittsburgh.

(...)

System No problem. [draws route]

User That's great.

System I hope it was helpful.

In this scenario, failure to cooperate, either on the side of the system or of the user, is against the premises on which the system is conceived and used. In everyday


Page 82 of 125

conversation, however, a great many situations escape these arguments. Consider as an example the following fragment1:

Paxman We're joined now from his count in Bethnal Green and Bow by George Galloway. Mr Galloway, are you proud of having got rid of one of the very few black women in Parliament?

Galloway What a preposterous question. I know it's very late in the night, but wouldn't you be better starting by congratulating me for one of the most sensational election results in modern history?

Paxman Are you proud of having got rid of one of the very few black women in Parliament?

Galloway I'm not, Jeremy move on to your next question.

Paxman You're not answering that one?

Galloway No because I don't believe that people get elected because of the colour of their skin. I believe people get elected because of their record and because of their policies. So move on to your next question.

Paxman Are you proud...

Galloway Because I've got a lot of people who want to speak to me.

Paxman You...

Galloway If you ask that question again, I'm going, I warn you now.

Paxman Don't try and threaten me Mr Galloway, please.

This research is aimed at shedding light on the nature of non-cooperation in dialogue, by capturing the intuitions that allow us to differentiate between both conversations in terms of participant behaviour; and at reproducing such conversational behaviour involving software agents. In other words, we are looking for an answer to the following question:

What properties are needed in a computational model of conversational agents so that they can engage in non-cooperative as well as in cooperative dialogue, in particular in the domain of political interviews?

Computational models of conversational agents are abstract, computable descriptions of autonomous agents that are able to engage in conversation (i.e., to participate in a dialogue displaying adequate conversational behaviour). Developing these models and their implementation would allow for a better understanding of the workings of dialogue. This approach is know as analysis-by-synthesis (Levinson, 1982).

Prior to the development of a computational model, it is necessary to identify precisely the situations under study and the phenomena defining them. We achieved this by carrying on empirical studies of naturally-occurring data. In our case, we analysed broadcast political interviews with two main participants.

Our distinction between cooperative and non-cooperative dialogue is based on the occurrence of particular phenomena, that we call non-cooperative features (NCFs). Intuitively, they refer to whether participants behave as is expected for the type of dialogue in which they engage, i.e., whether they follow the obligations imposed upon their conversational behaviour by the social context in which the exchange takes place (Traum and Allen, 1994).

1 BBC presenter Jeremy Paxman interviews MP George Galloway, shortly after his victory in the UK 2005 General Election (http://www.youtube.com/watch?v=tD5tunBGmDQ, last access May 2010).


Page 83 of 125

http://www.youtube.com/watch?v=tD5tunBGmDQ

We have chosen political interviews as the the domain for our study, because it provides a well-defined set of scenarios, scoping the research in a way that is suitable for a PhD project. At the same time, a wealth of interesting conversational situations arise in political interviews. In the English-speaking world, journalists are well-known for their incisive approach to public servants, while politicians are usually well trained to deliver a set of key messages when speaking in public, and to avoid issues unfavourable to their image.

For the empirical analysis, we collected a corpus of political interviews with different levels of conflict between the dialogue participants. We proposed a technique for measuring non-cooperation in this domain using NCFs The number of occurrences of these features determines the degree of non-cooperation (DNC) of an exchange.

NCFs are grouped following three aspects of conversation: turn-taking (Sacks et al., 1974), grounding (Clark and Schaefer, 1989) and speech acts (Searle, 1979). As we said above, they constitute departures from expected behaviour according to the social context of the exchange. Examples of NCFs include, among others, interruptions, overlapped speech, failure to acknowledge each other's contributions, the interviewer expressing a personal opinion or criticising the interviewee's positions on subjective grounds and the interviewee asking questions (except for clarification requests) or making irrelevant comments. The DNC was computed for all the political interviews in the corpus and preliminary results are encouraging. Adversarial interviews have a large number of NCFs, thus a high value for the DNC. On the other hand, collaborative exchanges have low occurrence of NCFs (or none at all).

At the time of writing, we are designing two studies to evaluate the DNC measure. The first is structured as an annotation exercise in which 6 annotators will code dialogues from the corpus. The inter-annotator agreement (Krippendorf, 2004) will indicate whether or not we are describing NCFs to an acceptable level of precision. In the second study, participants will watch or listen to the dialogues in the corpus and provide a judgement based on their perception of the DPs behaviour with respect to what is expected from them in a political interview. The correlation between results from these studies will provide a level of confidence on the DNC measure.

As for designing the model, dialogue games supporters could say that there is a game that describes the interaction in which Paxman and Galloway engaged in our second example. While this might be true, such an approach would force us, in the limit, to define one game for each possible conversation that would not fit a certain standard. Walton and Krabbe (1995) attempt a game-based approach in their study of natural argumentation. They claim that a rigorous model of conversational interaction is useful, but accept that most of the huge variety of every day conversation escapes it.

Nevertheless, the rules and patterns captured by game models are useful, as they describe the expected behaviour of the DPs under a certain conversational scenario. In devising our model, we aim at reconciling two worlds, using the insights from dialogue games to provide a description of expected behaviour in the form of social obligations, but looking at naturally occurring cases that deviate from the norm. Our hypothesis is that non-cooperative behaviour emerges from decisions DPs make based on conversational obligations and individual goals, with a suitable configuration of priorities associated with each of them.

The construction of the model will be a formalization of the our hypothesis, including rules for political interviews, goals, obligations, priorities and a dialogue management


Page 84 of 125

component with the deliberation mechanism. We are currently investigating the line of research on obligation-driven dialogue modelling, initiated by Traum and Allen (1994) and developed further by Poesio and Traum (1998) and Kreutel and Matheson (2003). We are also implementing a prototype simulator based on the EDIS dialogue system (Matheson et al, 2000).

References

H.H. Clark and E.F. Schaefer. 1989. Contributing to discourse. Cognitive science, 13(2):259–294.

P.R. Cohen and H.J. Levesque. 1991. Confirmations and joint action. In Proceedings of the 12 th International Joint Conference on Artificial Intelligence, pages 951–957.

G. Ferguson, J.F. Allen, and B. Miller. 1996. Trains-95: Towards a mixed-initiative planning assistant, pages 70-77. AAAI Press.

H.P. Grice. 1975. Logic and conversation. Syntax and Semantics, 3:41–58.

B.J. Grosz and C.L. Sidner. 1990. Plans for discourse. Intentions in communication, pages 417–444.

J. Kreutel and C. Matheson. 2003. Incremental information state updates in an obligation-driven dialogue model. Logic Journal of IGPL, 11(4):485.

Krippendorff, Klaus. 2004. Content Analysis: An Introduction to Its Methodology, second edition. Sage, Thousand Oaks, CA.

S. C. Levinson. 1983. Pragmatics. Cambridge University Press.

C. Matheson, M. Poesio, and D. Traum. 2000. Modelling grounding and discourse obligations using update rules. In Proceedings of the 1st NAACL conference, pages 1–8. San Francisco, CA, USA.

M. Poesio and D. Traum. 1998. Towards an axiomatization of dialogue acts. In Proceedings of the Twente Workshop on the Formal Semantics and Pragmatics of Dialogues, pages 207–222.

R. Power. 1979. The organisation of purposeful dialogues. Linguistics, 17:107–152.

H. Sacks, E.A. Schegloff, and G. Jefferson. 1974. A simplest systematics for the organization of turntaking for conversation. Language, pages 696–735.

J.R. Searle. 1979. A Taxonomy of lllocutionary Acts. Expression and meaning: studies in the theory of speech acts, pages 1–29.

D.R. Traum and J.F. Allen. 1994. Discourse obligations in dialogue processing. In Proceedings of the 32nd annual meeting of ACL, pages 1–8. Morristown, NJ, USA.

D. Walton and E. Krabbe. 1995. Commitment in dialogue: Basic concepts of interpersonal reasoning. State University of New York Press.


Page 85 of 125

A Debate Dashboard to Support the Adoption of On-line Argument Mapping Tools

Ivana Quinto [email protected]

Supervisors Zollo Giuseppe

Iandoli Luca Department/Institute Department of Business and Managerial Engineering Status Fulltime Probation viva After Starting date February, 2009 Purpose – The literature affirms that an argument map is a representation of reasoning in which the evidential relationships among claims are made wholly explicit using graphical or other non-verbal techniques. Several web tools, also known as argument mapping tools, have been developed so far, which apply an organizational and visualization approach based on argument mapping (see i.e. Cohere, Deliberatorium, Debategraph, Truthmapping, etc). Argument mapping provides a logical rather than time-based debate representation of users’ contributions. This representation model has proved to provide organizations with several advantages in knowledge sharing and deliberation, such as: i. encouraging evidence-based reasoning and critical thinking (Buckingham Shum and Hammond, 2004); ii. improving the understanding of wide amount of knowledge; iii. driving conversation toward effective deliberation (van Gelder, 2003); iv. expanding our capacity to grasp more complex discussions (Conklin, 2006). Nevertheless those technologies still do not have widespread diffusion and the level of adoption both in small and large scale organizations is low. The aim of this paper is to investigate new technological solutions to support the adoption of argument mapping tools as technology able to foster online knowledge sharing and deliberation processes among remote workers and/or suppliers and customers. Literature suggests that the main barrier to adoption of mapping tools is, as for many mediating tool, the loss of information and feedback during conversation. During a conversation participants exchange, in addition to information, also evidences and/or requests for evidences, which help them understanding if listeners have understood or have not understood what the speakers have said (e.g., head nods or facial expressions). Ones understood, information will be used to update participants’ shared information (common ground). This process of making the understood information part of their common ground is called grounding process (Clark and Brennan, 1991).The grounding process is crucial for the success of a conversation, because it helps people to increasingly understand each other. Clark and Brennan claim that a cognitive effort is required by people in order to ground what speakers have said during a conversation. A possible way to measure this effort is the evaluation of grounding costs, which may vary on the basis of the medium used to converse.


Page 86 of 125

Online argument mapping tools leave users blind to a range of information that is readily available in face-to-face interaction (Smith and Fiore, 2001) and this hamper the level of acceptance by users. This suggests that any mediated conversation has a higher grounding cost compared to face-to-face conversation. Clark and Brennan (1991) and Kraut et al. (2002) identify ten constraints that a medium can impose on conversation among people. These constraints are desirable to reduce the ambiguity and grounding costs in conversation. Indeed, when one of them is missing, there will be a higher grounding cost, since people will be forced to use alternative grounding techniques. Argumentation technology adds a further constraint to the conversation because it forces users to respect pre-established communication formats and rules. Therefore, the loss of immediacy, due to the formalization, coupled with the lack of information about users, interaction processes, and generated content, entails the users a higher cognitive effort and time consuming to learn how to use the tool. This makes the benefit/cost ratio too low for the average user, thus causing limited adoption (Davis, 1989). As the Technology Acceptance Model (TAM) suggests, in order a technology to be adopted, it is necessary that the benefits are higher than the costs deriving from the use of it. To tackle this problem, we propose a Debate dashboard in order to provide users with visual feedback about the interaction between users and the content generated by them. This feedback aims at reducing grounding costs and making the benefits associated with using of arguments maps more evident. The dashboard will be composed of visualization tools which deliver such feedback. We will distil the Dashboard features by building on results of a literature review on Web 2.0 tools for data visualization. In particular we will select those tools that have proved to help effectively representing huge amounts of data and to facilitate human understanding so that salient information becomes apparent (Nguyen & Zhang, 2006).

Design/methodology/approach – We propose a literature review of existing visualization tools. We analysed thirty visualization tools, which have been classified on the basis of the kind of feedback they are able to provide. We identify three classes of feedback: Community feedback (identikit of users), Interaction feedback (about how users interact) and Absorption feedback (about generated content and its organization). We have to clarify that we focused on visualization tools already implemented and in use in real online communities and not on those that were only defined and projected “on the paper”. We analysed each of them to understand what are their key features, how they work, what kind of feedback they provide, and if there are any “best practices”; in other words, we used them to “inspire” the design and the implementation of the Debate Dashboard. As output of literature review, we selected the following six visualization tools (see table 1): As main criteria for the selection of the visualization tools, we considered: • the number of feedback that each of them provides, in order to reduce the number of

used visualization tools; • the combination of feedback, in order to provide all individualized ones.


Page 87 of 125

Table 1: Selected visualization tools

As we have already mentioned, we consider these selected tools as a sort of starting point. Indeed, our aim is the improvement of them through the addition of further features and functions in order to make them more effective in providing feedback. On the basis of these six visualization tools, we set up an early visual prototype of the Debate Dashboard. We will test the Debate dashboard both through mapping tool expert interviews and through a survey with a semi-structured questionnaire. The tests aim at verifying if, providing feedback about users, interaction process and generated content, effectively reduces the grounding and sense-making costs; in other words, we want to corroborate that this feedback reduces the users’ cognitive effort of using online argument mapping tools.

Originality/value – Our paper enriches the debate about computer mediated conversation and visualization tools. We propose a Dashboard prototype to augment collaborative argument mapping tools by providing visual feedback on conversations. The Dashboard will provide at the same time three different kinds of feedback about: details of the participants to the conversation, interaction processes and generated content. This will allow the improvement of the benefits and reduce the costs deriving from the use of argument mapping tools. Moreover, another important novelty is that visualization tools will be integrated to argument mapping tools, as until now they have been used only to visualize data contained in forums (as Usenet or Slash.dot), chat or email archives.

Practical implications – The Dashboard provides feedback about participants, interaction processes and generated contents, thus supporting the adoption of online argument mapping tools as technologies able to foster knowledge sharing among remote workers or/and customers and supplier. Based on this assumption several achievable advantages can be identified: • Improvement of the coherence of discussion (Donath, 2002) - this feedback helps

users to participate the conversation in the right way, as it allows users to understand participation rules, the structure of discussion and its evolution;

Visualization Tool

Chat Circles

II

Comment Flow

Conversation Map

Exhibit PeopleGarden Wordle

Copresence X Cotemporality X Mobility X Simultaneity X Sequentiality X Visibility X Relevance X Structuring X Profile X Activity Level X Social/organizational structure

X


Page 88 of 125

• Easy individualization of workers’ knowledge, skills and competencies - this happens because in every moment we can know who is talking about what and therefore who has that information. This allows one to identify who are the “right” people, who have the skills and knowledge to help co-workers and managers achieve their goals (Danis, 2000);

• Development/Increase of awareness of presence and activity of other workers (Erickson, 2000) - the awareness of activity of collaborators enables people to guide their individuals efforts and contribute towards reaching a collaborative goal. This plays an important role in enabling effective collaboration among distributed work group members;

• Reduction of misunderstanding; • Reduction of cognitive effort required to use mapping tools; • Improvement of the exploration and the analysis of the maps - this feedback

improves the usability of the object (the map) improves, thus allowing users to pitch into the conversation in the right place.

Keywords: Debate dashboard, On-Line knowledge sharing, Visualization tools, grounding cost.


Page 89 of 125

References Buckingham Shum, Simon and Hammond, Nick. 1994. “Argumentation-based design

rationale: What use at what cost?”. International Journal of Human-Computer Studies, 40(4):603-652.

Clark, Herbert H. and Brennan, Susan E., 1991, “Grounding in communication”. In Resnick, Lauren B. Levine, John M. Teasley, Stephanie D. (Ed), Perspectives on socially shared cognition, Washington, DC, US: American PsychoKieslerlogical Association, pp. 127-149.

Danis, Catalina M., 2000, Extending the Concept of Awareness to include Statistic and Dynamic Person Information. SIGGROUP Bulletin, 21(3), pp.59-62.

Davis, Fred. 1989. "Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology," MIS Quarterly, 13(3): 319-340.

Donath, Judith, 2002. “A Semantic Approach to Visualizing Online conversation”, Communication of the ACM, 45(4):45-49.

Conklin, Jeff, 2006. Dialogue Mapping: Building Shared Understanding of Wicked Problems. Chichester: Wiley.

Erickson, Thomas, and Kellogg, Wendy A. 2000. “Social translucence: an approach to designing systems that support social processes”. ACM Trans. Computer-Human Interaction,7(1):59-83.

Kraut, Robert E., Fussell, Susan R., Brennan, Susan E., and Siegel, Jane, 2002, “Understanding Effects of Proximity on Collaboration: Implications for Technology to Support Remote Collaborative Work”. In Pamela Hinds and Sara Kiesler (Eds), Distributed Work, Massachusetts Institute of Technology, pp.137-162.

Nguyen, Tien N. and Zhang Jin. 2006. “A Novel Visualization Model for Web Search Results”. IEEE Transaction On Visualization and Computer Graphics, 12(5):981-988.

van Gelder, Tim, 2003, Enhancing deliberation through computer supported argument mapping. In Visualizing Argumentation, eds P.A. Kirschner, S.J. Buckingham Shum, and C.S. Carr, pp. 97-115. London:Routledge.


Page 90 of 125

Supporting multimodal media recommendationand annotation using social network analysis

Adam Rae

[email protected]

Supervisors Stefan Rüger, Suzanne Little, Roelof van ZwolDepartment The Knowledge Media InstituteStatus Full TimeProbation Viva AfterStarting Date October 2007

Research Hypothesis

By analysing and extracting information from the social graphs de-scribed by both explicit and implicit user interactions, like thosefound in online media sharing systems like Flickr1, it is possibleto augment existing non-social aware recommender systems andthereby significantly improve their performance.

Large scale web based systems for sharing media continue to tackle the problemof helping their users find what they are looking for in a timely manner. To dothis, lots of good quality metadata is required to sift through the data collectionto pick out exactly those documents that match the information need of theuser. In the case of finding images from the online photo sharing website Flickr,this could be from over 4 billion examples. How can we help both the systemand the user in enriching the metadata of the media within the collection inorder to improve the experience for the user and to reduce the burden on theunderlying data handling system? Can modelling users, by themselves andwithin the context of the wider online community help? Can this modeling beused to improve recommender systems that improve the experience and reducecognitive burden on users?

Existing approaches tend to treat multimedia in the same way they havedealt with text documents in the past, specifically by treating the textual meta-data associated with an image as a text document, but this ignores the inherentlydifferent nature of the data the system is handling. Images are visual data, andwhile they can be described well by textual metadata, they cannot be describedcompletely by it. Also, the user cannot be ignored in the retrieval process, andlearning more about a user provides information to the system to tailor results totheir specific requirements. Users interact online, and these interactions form a

1http://www.flickr.com/


Page 91 of 125

new type of data that has yet to be fully explored nor exploited when modellingusers.

The work presented here combines the mining of social graphs that occur inFlickr with visual content and metadata analysis to provide better personalisedphoto recommender mechanisms and the following experiment and its analysisare a major component in my overall thesis.

Interaction ScenarioIn order to address this research question, multiple experiments have been car-ried out, one of which I present here:

Envisage an incoming stream of photos made available to a user. Insystems of a scale similar to Flickr, this could be thousands of im-ages per second. Can a system that uses cues from the social, visualand semantic aspects of these images perform better than one thatuses the more traditional approach of using only semantic informa-tion, according to specifically defined objective metrics? How doesperformance vary between users?

An experiment was carried out that mines data from the social communities inFlickr, from the visual content of images and from the text based metadata anduses a machines learning mechanism to merge these signals together to form aclassifier that, given a candidate image and prospective viewing user, decideswhether the user would label that image as a ‘Favourite’2 - see Figure 1.

Related Work

The significant influence that our peers can have on our behaviour online hasbeen studied by researchers such as Lerman and Jones[3], and the particularinteraction that occurs between users and visual media in particular in thework of Nov et al.[4]and Kern et al[2]. Their insights into the importance ofunderstanding more about a user in order to best fulfil their information needsupports the hypothesis that this kind of information can be usefully exploitedto improve systems that try to match that need to a data set supported by socialinteraction. Here I extend their ideas by incorporating this valuable social datainto a complementary multimodal framework that takes advantage of multipletypes of data.

The use of social interaction features in the work of Sigurbjörnsson and vanZwol[7] and Garg and Weber[1] inspired my more comprehensive feature setand its analysis. Their findings that aggregating data generated from onlinecommunities is valuable when suggesting tags is important and I believe alsotransfers to recommendation in general as well as to the specific task of recom-mending images. In fact, I demonstrated this in previous work on social mediatag suggestion[6].

I use some of the human perception based visual features outlined in thework of San Pedro and Siersdorfer[5], as these have been shown to work wellin similar experimental scenarios and cover a range of visual classes. I extendthem further with a selection of other high performing visual features.

2A binary label Flickr users can use to annotate an image they like.


Page 92 of 125

User BMember of urban animals group

User AHas tagged beaches before

Incoming stream of previously unseen candidate images

Potential Favourite Imagesfor User A

Potential Favourite Imagesfor User B

TextualUser information User information

Social

Trained Classifier

Feature Extraction

Visual

Figure 1: Diagram of the image classification system used with Flickr data.

Experimental Work

400 users of varying levels of social activity were selected from Flickr and their‘Favourite’ labelled images collected. This resulted in a collection of hundredsof thousands of images. To train my classifier, these images were treated aspositive examples of relevant images. I generated a variety of negative examplesets to reflect realistic system scenarios. For all photo examples we extractedvisual and semantic features, and social features that described the user, theowner of the photo, any connection between them as well as other behaviourmetrics. We then tested our classifier using previously unseen examples andmeasured the performance of the system with a particular emphasis on theinformation retrieval metric of precision at 5 and 10 to reflect our envisaged usecase scenario.

Results

An extract of the results from the experiment are shown in Table 1. They canbe summarised thus:

• It is possible to achieve high levels of precision in selecting our positiveexamples, especially by using social features. This performance increaseis statistically significantly higher than the baseline Textual run. Thesesocial signals evidently play a significant rôle when a user labels an imagea ‘Favourite’ and can be usefully exploited to help them.

• The value of individual types of features is complex, but complementary.The combined systems tend to perform better than the individual ones.

• It is far easier to classifier photos that are not ‘Favourites’ than those thatare, as shown by the high negative values. This can be used to narrowdown the search space for relevant images by removing those that areobviously not going to interest the user, thus reduing load on both theuser and the system.


Page 93 of 125

System Accuracy + Prec. + Rec. - Prec. - Rec.Textual 0.87 0.48 0.18 0.88 0.97Visual 0.88 1.00 0.09 0.88 1.00Social 0.92 0.80 0.56 0.94 0.98

Textual+Visual 0.88 0.62 0.27 0.90 0.97Textual+Social 0.92 0.77 0.62 0.94 0.97Visual+Social 0.93 0.89 0.56 0.94 0.99

Text+Vis.+Soc. 0.93 0.84 0.62 0.94 0.98

Table 1: Accuracy, precison and recall for various combinations of features usingthe experiments most realistic scenario data set. Photos labelled as ‘Favourites’are positive examples, and those that are not are negative examples. Highernumbers are better.

• As is typical in this style of information retrieval experiment, we can trade-off between precision and recall depending on our requirements. As we areinterested in high precision in this particular experiment, we see that thecombination of the Visual+Social and Text+Visual+Social runsgive good precision without sacrificing too much recall.

References

[1] Nikhil Garg and Ingmar Weber. Personalized, interactive tag recommenda-tion for flickr. In Proceedings of the 2008 ACM Conference on Recommender

Systems, pages 67–74, Lausanne, Switzerland, October 2008. ACM.

[2] R. Kern, M. Granitzer, and V. Pammer. Extending folksonomies for imagetagging. In Workshop on Image Analysis for Multimedia Interactive Services,

2008, pages 126–129, May 2008.

[3] Kristina Lerman and Laurie Jones. Social browsing on flickr. In Proceedings

of ICWSM, December 2007.

[4] Oded Nov, Mor Naaman, and Chen Ye. What drives content tagging: thecase of photos on flickr. In Proceeding of the twenty-sixth annual SIGCHI

conference on Human factors in computing systems, pages 1097–1100, Flo-rence, Italy, 2008. ACM.

[5] Jose San Pedro and Stefan Siersdorfer. Ranking and classifying attractive-ness of photos in folksonomies. In WWW, Madrid, Spain, April 2009.

[6] Adam Rae, Roelof van Zwol, and Börkur Sigurbjörnsson. Improving tagrecommendation using social networks. In 9th International conference on

Adaptivity, Personalization and Fusion of Heterogeneous Information, April2010.

[7] Roelof van Zwol. Flickr: Who is looking? In IEEE/WIC/ACM Inter-

national Conference on Web Intelligence, pages 184–190, Washington, DC,USA, 2007. IEEE Computer Society.


Page 94 of 125

The effect of Feedback on the Motivation of Software

Engineers

Rien Sach

[email protected]

Supervisors Helen Sharp

Marian Petre


Status Fulltime



Motivation is reported as having an effect on crucial aspects of software engineering

such as productivity (Procaccino and Verner 2005), software quality (Boehm 1981),

and a project’s overall success (Frangos 1997). Feedback is a key factor in the most

commonly used theory in reports published on the motivation of software engineers

(Hall et al. 2009), and it is important that we gain a greater understanding of the effect

it has on the motivation of software engineers.

My research is grounded in the question “What are the effects of feedback on the

motivation of software engineers?”, and focuses on feedback conveyed in human

interactions. I believe that before I can focus my question further I will need to begin

some preliminary work to identify how feedback occurs, what types of feedback

occur, and the possible impact of this feedback.

Motivation can be understood in different ways. For example, as a manager you might

consider motivation as something you must maintain in your employees to ensure

they complete work for you as quickly as possible. As an employee you might

consider motivation as the drive that keeps you focused on a task, or it might simply

be what pushes you to get up in the morning and go to work.

Herzberg (1987) describes motivation as “a function of growth from getting intrinsic

rewards out of interesting and challenging work”. That’s quite a nice definition; and

according to Herzberg motivation is intrinsic to one’s self. Ryan and Deci (2000)

describe intrinsic motivation as “the doing of activity for its inherent satisfaction

rather than for some separable consequence” (Page 60).

Herzberg (1987) defines extrinsic factors as movement and distinguishes it from

motivation, stating that “Movement is a function of fear of punishment or failure to

get extrinsic rewards”. Ryan and Deci (2000) state that “Extrinsic motivation is a

construct that pertains whenever an activity is done in order to attain some separable

outcome”.

There are 8 core motivational theories (Hall et al. 2009) and some of the theories

focus on motivation as a “a sequence or process of related activities” (Hall et al. 2009)

called process theories, while others focus on motivation “at a single point in time”

(Couger and Zawacki 1980) called content theories.


Page 95 of 125

As reported in a systematic literature review conducted by Beecham et al (2007), and

their published review of the use of theory inside this review in 2009 (Hall et al 2009),

the three most popular theories used in studies of motivation in Software Engineering

were Hackman and Oldman’s Job Characteristics Theory (68%), Herzberg’s

Motivational Hygiene Theory (41%), and Maslow’s Theory of Needs (21%)1.

Hackman and Oldman’s Job Characteristics Theory focuses on the physical job, and

suggests five characteristics (skill variety, task identity, task significance, autonomy,

and feedback) that lead to three psychological states which in turn lead to higher

internal motivation and higher quality work. Herzberg’s Hygiene Theory suggests that

the only true motivation is intrinsic motivation, and this leads to job satisfaction,

where extrinsic factors are only useful in avoiding job dissatisfaction.

One of the five key job characteristics in Hackman and Oldman’s theory is feedback.

Feedback is not explicitly mentioned in Herzberg’s Motivational Hygiene Theory, but

he notes that it is a part of job enrichment, which he states is “key to designing work

that motivates employees” (Herzberg 1987). However this is a managerial view point.

Software Engineers are considered to be current practitioners working on active

software projects within the industry. This includes programmers, analysts, testers,

and designers who actively work and produce software for real projects in the real

world.

From a management perspective, gaining a greater understanding of what motives

employees could prove invaluable in increasing productivity and software quality, and

from an individual perspective the prospect of being given feedback that motivates

you and makes your job more enjoyable and improves the quality of your work

experience could lead to a more successful and enjoyable work life.

My proposed research is divided into stages. In the first stage I plan to conduct

interviews and diary studies to identify the types of feedback in software engineering

and how feedback is experienced by software engineers. I then plan to conduct

additional studies to identify what impact this feedback has on software engineers and

how that impact is evident. Finally, I plan to observe software engineers at work to

see feedback in context, and to compare those observations to the information

gathered during the first two stages.

At the end of my PhD I hope to accomplish research that leads to a greater

understanding of what feedback is inside software engineering and how it is given or

received. Subsequently I wish to gain an understanding of how this feedback alters the

motivation of software engineers and how this manifests as something such as

behaviour, productivity or attitude.

1 The percentages are a representative of how many of 92 papers the theories were found to be

explicitly used in. There can be multiple theories used in any one paper, and the 92 papers were part of

a systematic literature review conducted by Hall et al (2007) sampling over 500 players.


Page 96 of 125

References

B.W. Boehm, Software Engineering Economics, Prentice-Hall, 1981.

COUGER, J. D. AND ZAWACKI, R. A. 1980. Motivating and Managing Computer Personnel.

John Wiley & Sons.

S.A. Frangos, “Motivated Humans for Reliable Software Products,” Microprocessors and

Microsystems, vol. 21, no. 10, 1997, pp. 605–610.

Frederick Herzberg, One More Time: How Do You Motivate Employees? (Harvard Business

School Press, 1987).

J. Procaccino and J.M. Verner, “What Do Software Practitioners Really Think about Project

Success: An Exploratory Study,” J. Systems and Software, vol. 78, no. 2, 2005, pp. 194–203.

Richard M. Ryan and Edward L. Deci, “Intrinsic and Extrinsic Motivations: Classic Definitions

and New Directions,” Contemporary Educational Psychology 25, no. 1 (January 2000): 54-67.

Tracy Hall et al., “A systematic review of theory use in studies investigating the motivations of

software engineers,” ACM Trans. Softw. Eng. Methodol. 18, no. 3 (2009): 1-29.

Sarah Beecham et al., “Motivation in Software Engineering: A systematic literature review,”

Information and Software Technology 50, no. 9-10 (August 2008): 860-878.


Page 97 of 125

Using Business Process Security Requirements for IT Security Risk Assessment

Stefan Taubenberger [email protected]

Supervisors Bashar Nuseibeh

Jan Jürjens Charles Haley

Department/Institute Computing Status Part-time Probation viva After Starting date October 2007

Companies and governmental organizations are suffering from information technology (IT) risks caused by malicious or negligent events and by inappropriate process designs related to authorization, access control or segregation of duties. Examples of such events are the loss of two data discs of 25 million child benefit records in the UK or the trading losses at Société Générale. Many quantitative and qualitative methods and toolkits for IT security risk analysis have been developed using e.g. Bayesian probability, Fuzzy theories, Courtney, the Livermore risk analysis methodology (LRAM)… all of which are based on probabilities and events as risk is defined e.g. in ISO 27002 as a “combination of the probability of an event and its consequence” ([3], p. 2). But with these traditional risk analysis approaches, IT risks often cannot be determined reliably and with precision. Because security events are difficult to identify in a way that guarantees correctness and completeness of this process, since the methods provide only general descriptions how to identify them [7]. Probabilities in practice are difficult to estimate with sufficient degree of precision and reliability as statistical data is missing or outdated [6] and influenced by perception [5].

IT security risk assessment approaches using business process models and security requirements provide a way which may overcome these limitations. The usage of security requirements as well as business or critical assets for risk assessment is not new and in general described in the ISO 27000 series as well as implemented in approaches like Octave Allegro [1].

However, existing standards and approaches like the ISO 27000 series or Octave Allegro referring to or utilizing security requirements are based on events/threats and probabilities. Threat based approaches face limitations regarding precision and reliability as they base on probabilities/impact estimates as well as on correct event identification. Furthermore, these approaches do not determine the risk of non-adherence or correct implementation of requirements. Other approaches using security requirements without threats determine best security solutions for processes [2] or analyse process security [4] but do not determine risks. Approaches that determine security solutions or analyze process security are limited as they do not evaluate the security risk of the current implementation. In addition, most risk assessment approaches omit risks originating from the business process design and data flow as well as do not consider any security dependencies as the all evaluate single


Page 98 of 125

decomposed model elements. Additionally, the assessment results are dependent of a point in time and do not consider the changing environment.

In contrast to existing approaches we suggest to base a IT security risk assessment approach on business process security requirements and evaluating corresponding security controls as well as security processes. We evaluate process security requirements for a process business object including system, personnel, physical and execution requirements, we consider security dependencies between processes and evaluate IT standard security processes. An advantage of such an approach would be that events and probabilities have not to be determined, business activities sequences as well as security dependencies are considered and risk results more independent of a point in time. Furthermore, such an approach would support the understanding and definition of security requirements from a process and risk view. Research objective The objective of our research is to provide insights and knowledge how to conduct a risk assessment solely based on security requirements verification and implemented security controls. The main focus of our research is the link between security requirements and security controls and whether a risk assessment can be based completely on security requirements rather than identifying risk with events and probabilities. With our work we like to address the following research questions to achieve our objective:

1) Can IT security risks be evaluated only with security requirements without using threats and probabilities with the same quality/precision as in traditional approaches?

2) If we use a security requirements based risk assessment approach: a) How can the evaluation of security requirements be better supported

helping to identify risks and evaluate risks? b) How can we consider dependencies between security objectives or security

requirements influencing the risk assessment result? c) Can we provide a more time-independent risk assessment results by

checking security process? Problems with risk assessments The issues of traditional risk assessments approaches are related to the definition of risk consisting of events, probabilities and impact. To identify and to determine each parameter in a risk assessment we must have comprehensive knowledge about the direct environment of the risk - e.g. a company - as well as the outside environment - all others. In reality comprehensive knowledge about the direct and outside environment is not available, may be compromised and cannot be modelled as the real world is too complex and unpredictable. Even if it would be possible to get comprehensive knowledge we currently do not know how to achieve or how to verify this knowledge. Another fallacy is that we attempt to determine risk exactly with probabilities. This would require that all parameters, corresponding probabilities as well as correlations are known, are immediately updated, base on enough statistic data and could be modelled. In practice this is not the case rather we have to deal with uncertainty which is not considered in current approaches, incomplete data and unverified data. Furthermore, risk is about people. Their behaviour is not objective or rational and may follow personal interests. Especially, in the risk estimation, evaluation and mitigation phase behavioural biases influence the assessment and decisions because of knowledge, perception, personal objectives as well as herd


Page 99 of 125

instincts. Therefore, risk results are biased without any indication in what direction. In addition, risk is taken by people and not by a company or institution. Therefore people are at risk and not companies. Not the company is at risk rather than managers or shareholders of that company. For all this various reasons developed methods can only be attempts to determine risk that we believe are imprecise, biased and never be accurate. Our approach

The objective of our approach is to identify critical risks of a company based on business process models and security requirements. We assume that business process models are available as well as up-to-date and use standard methods/concepts of the software engineering domain. Our approach probably won’t be able to identify all possible risks as it concentrates on critical ones.

Figure 1. SR risk assessment approach.

Our approach follows in general the risk management and security requirements elicitation process: to identify assets, to identify requirements and to assess them (fig. 1). The business process model assessment (left side of figure 1) has three stages, the identification of critical business processes and business objects out of existing business process models, the definition of the business process security requirements and the assessment of the security requirements for each data process point. The second stage of the assessment stage can be restarted and is therefore iterative. The IT process assessment (right side of figure 1) consists also of three stages: the definition of the used IT security standard process model, the selection of the assessed security processes and the assessment of the process. There is a link between the requirements and the process assessment. Because results of the IT security process assessment can influence the requirements results as security objectives or requirements might be violated.

Current work Currently, we are completing the validation of our approach. We have chosen to

validate our approach by testing and applied our approach to several real world examples within a reinsurance company. Our results support our assertion that risks can be determined by evaluating security requirements. Further work will concentrate on discussing validation issues as well as describing how our approach could be integrated and utilized in traditional approaches.


Page 100 of 125

References

[1] Richard Caralli, James Stevens, Lisa Young, and William Wilson. Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process. The Software Engineering Institute, 2007.

[2] Peter Herrmann and Gaby Herrmann. Security requirement analysis of business processes. Electron Commerce Research, 6:305– 335, 2006.

[3] International Organization of Standardization (ISO). ISO 27002 Information technology - Security techniques - Code of practice for information security management, International Organization of Standardization (ISO), 2005.

[4] Alexander W. Roehm, Guenther Pernul, and Gaby Hermann. Modelling secure and fair electronic commerce. In Proceeding 14th Annual Computer Security Applications Conference, Phoenix, Arizona, Dec. 7-11, 1998. IEEE Computer Society Press, 1998.

[5] Andrew Stewart. On risk: perception and direction. Computers & Security, 23:362–370, 2004.

[6] Lili Sun, Rajendra Srivastava, and Theodore Mock. An information systems security risk assessment model under Dempster-Shafer theory of belief functions. Journal of Management Information Systems, 22(4):109 –142, 2006.

[7] Stilianos Vidalis. A critical discussion of risk and threat analysis methods and methodologies. Technical Report CS-04-03, University of Glamorgan, Pontypridd, 2004.


Page 101 of 125

Distilling Privacy Requirements for Mobile Applications

Keerthi Thomas [email protected]

Supervisors Prof. Bashar Nuseibeh

Dr. Arosha Bandara Mr. Blaine Price

Department/Institute Computing Status Part-time Probation viva After Starting date Oct. 2008

As mobile computing applications become commonplace, eliciting and analysing users’ privacy requirements associated with these applications is increasingly important. Such mobile privacy requirements are closely linked to both the physical and socio-cultural context in which the applications are used.

Previous research by Adams and Sasse [1] has highlighted how system designers, policy makers and organisations can easily become isolated from end-users’ perceptions of privacy in different contexts. For mobile applications, end-users’ context changes frequently and Mancini et al.’s observations of such users [2] suggest that changes in users’ context result in changes in the users’ privacy requirements. Omitting these privacy requirements not only affects the user’s privacy but also has an impact on how well the system is adopted or utilised. Moreover, the design of technologies influencing privacy management is often considered and addressed as an afterthought [3], when in fact the guarantees and assurances of privacy should have been included in the design right from the outset. The aim of my research is therefore to ensure that privacy requirements of mobile systems are captured early, together with the specification of the possible variations in these systems’ operating context.

Privacy requirements have been analysed from different perspectives by the requirements engineering community. Anton et al. [4] explored the role of policy and stakeholder privacy values, Breaux and Anton [5] modelled requirements based on privacy laws such as HIPAA, and Cranor et al. [6] represented her requirements using privacy policies of various online organisations. Some researchers have modelled privacy as part of a wider modelling effort. For example, Yu and Cysneiros [7] characterised privacy as a non-functional requirement in i* using OECD guidelines [8], and Kalloniatis et al. [9] described a security engineering method to incorporate privacy requirements early in the system development process. However, I am not aware of any work that specifically focuses on the challenges of understanding the privacy requirements associated with mobile computing applications.

Eliciting end-user privacy requirements for mobile applications is both sensitive and difficult. Questionnaires do not reveal the ‘real’ choices end-users make because the decisions are influenced by the emerging context in a particular situation. Shadowing users for long hours is neither practical nor useful as the experience of being under observation is likely to change the behaviour of the users in ways that invalidate any observed behaviours that relate to privacy. Mancini et al.’s prior work [2] showed that privacy preferences and behaviours in relation to mobile applications are closely linked to socio-cultural, as well as to physical, boundaries that separate different contexts in which the applications are used. From the literature survey carried out earlier, I am not aware of any requirements engineering process that specifically supported the elicitation of privacy requirements for mobile or context-aware systems. Given the complexities and the need to elicit privacy requirements for mobile systems, the aim of my research is therefore to address the following questions:


Page 102 of 125

(i) What are the end-user privacy requirements for mobile applications? (ii) How can privacy requirements be elicited for mobile applications? What elicitation techniques, requirement models and analysis methods are needed in the privacy requirements engineering process?

To address these research questions, I present a systematic approach to modelling privacy requirements for mobile computing applications where I demonstrate how requirements are derived (“distilled”) from raw empirical data gathered from studying users of mobile social networking applications. I propose the use of a user-centric privacy requirements model that combines relevant contextual information with the users’ interaction and privacy perceptions of the mobile application. The development of this model was informed by empirical data gathered from my previous studies of mobile privacy [2]. Finally, I validate my work by using the model as the basis for extending existing requirements modelling approaches, such as Problem Frames. I show how the extended Problem Frames approach can be applied to capture and analyse privacy requirements for mobile social networking applications.

References [1] Adams, A. and Sasse, M.A., Privacy issues in ubiquitous multimedia environments: Wake sleeping

dogs, or let them lie? in Proc. of INTERACT ’99, Edinburgh, 1999, pp. 214-221J.

[2] Mancini, C., et al., From spaces to places: emerging contexts in mobile privacy. in Proc. of the 11th Int, Conf. on Ubiquitous computing, Orlando, FL, 2009, pp. 1-10.

[3] Anton, A.I. and Earp, J.B., Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems. in 1st ACM Workshop on Security and Privacy in E-Commerce, Athens, Greece, 2000, pp. unnumbered pages.

[4] Anton, A.I., Earp, J.B., Alspaugh, T.A., and Potts, C., The Role of Policy and Stakeholder Privacy Values in Requirements Engineering. in Proc. of the 5th IEEE Int. Symp, on Requirements Engineering, 2001, pp.138.

[5] Breaux, T.D. and Anton, A.I., Mining rule semantics to understand legislative compliance. in Proc. of the 2005 ACM workshop on Privacy in the electronic society, Alexandria, VA, USA, 2005, pp. 51 - 54

[6] Cranor, L.F., 1998. The platform for privacy preferences. Communications of ACM 42 (2), 48–55.

[7] Yu, E. and L.M. Cysneiros. Designing for Privacy and Other Competing Requirements. in 2nd Symp. on Requirements Engineering for Information Security (SREIS'02). 2002. Raleigh, North Carolina.

[8] “Inventory of instruments and mechanisms contributing to the implementation and enforcement of the OCDE privacy guidelines on global networks” Head of Publications Services, OECD, 2 rue-André-Pascal, 75775 Paris Cedex 16, France.

[9] Kalloniatis, C., Kavakli, E., and Gritzalis, S. Addressing privacy requirements in system design: the PriS method Requirements Engineering, Springer London, 13 (3). pp. 241-255.


Page 103 of 125

Understanding the Influence of 3D Virtual Worlds on Perceptions of

2D E-commerce Websites

Minh Q. Tran

Centre for Research in Computing

The Open University

[email protected]

Supervisors

Dr. Shailey Minocha Centre for Research in Computing

The Open University

[email protected]

Dr. Darren Langdridge Department of Psychology

The Open University

[email protected]

Prof. Angus Laing Business School

Loughborough University

[email protected]

Mr. Dave Roberts

Centre for Research in Computing

The Open University

[email protected]

Department: Computing

Status: Full-time

Probation viva: Passed July 2009

Starting date: October 2008

Introduction

The aim of our research is to understand consumers’ experiences in 3D virtual worlds (VWs) and how

those experiences influence consumers' expectations of 2D e-commerce websites. As consumers

become familiar with the affordances and capabilities of 3D VWs, do their expectations of 2D e-

commerce websites change? The outcome of this research project will be an understanding of

consumers’ experiences in 3D VWs and 2D e-commerce websites. Furthermore, design guidelines will

be developed for e-commerce in 3D VWs and for the integration of 3D VWs with 2D e-commerce

websites.

3D Virtual Worlds

3D VWs are online, persistent, multi-user environments where users interact through avatars [2].

Avatars are digital self-representations of users. Through avatars, users can walk in simulated physical

spaces, talk to other avatars and interact with the environment. This opens up different possibilities for

interaction; both in terms of human-computer interaction (HCI) and also business-to-consumer (B2C)

interactions. Users may be able to browse through virtual markets, shop with their friends and interact

in real-time with vendors [10]. These features suggest shopping in 3D VWs may be more immersive

compared to shopping on websites [7].

E-commerce in Second Life

Second Life (SL) is a 3D VW. SL does not cost any money to use. It is also an open-ended platform;

users of SL are encouraged to create their own content and design their own activities. Users can sell

any content (objects, scripts, animations) that they make. Content can also be bought from others. As a

consequence, SL has developed its own virtual economy [6], including having virtual stores to shop

from (Figure 1).

Figure 1. Stores in Second Life.


Page 104 of 125

Currently, the economy in SL mainly involves virtual items, such as virtual clothes, avatar models,

homes and land. However, there is potential for real business, involving real world items. Some

companies, such as Coca-Cola and Adidas, have already used SL to advertise their products [12]. As

the popularity of 3D VWs grows, more companies will likely make use of 3D VWs for their e-

commerce beyond marketing and advertising. 3D VWs has the potential to become a platform for

buying and selling real items, just as websites are today. However, successful implementation of e-

commerce in 3D VWs will require an understanding of what influences the user experience [11].

Research Objectives

The goal of this research is to investigate affordances of 3D VWs and their influence on consumer’s

perceptions and expectations of 2D e-commerce websites. This understanding will be used to develop

guidelines for designing positive e-commerce experiences in 3D VWs and 2D e-commerce websites.

The research questions are:

RQ1: What are consumers’ experiences in 3D VWs?

RQ2: What are consumers’ perceptions and expectations of 2D e-commerce websites who

have experience in VWs?

RQ3: What are the differences in expectations and behaviours between consumers in 3D VWs

and 2D e-commerce websites?

Online Service Encounter

Consumers’ experiences are based on what occurs during the service encounter. The service encounter

refers to all interactions between a consumer and a service provider for the exchange of a product or

provision of a service. According to the service encounter model, a full understanding of the experience

involves looking at what happens before, during and after a purchase (Figure 1).

Figure 2. Model of the service encounter [3].

Furthermore, consumers now have the option between different commerce channels (websites, high

street, telephone, etc.). Therefore, consumers’ experiences are not based only on the performance of

individual channels, but also how well the channels are integrated to provide a positive and seamless

experience. This research focuses on two commerce channels in particular, 3D VWs and 2D websites.

Affordances of 3D VWs

3D VWs support the service encounter in different ways compared to 2D websites. For example,

having products rendered in 3D can improve product ‘diagnosticity’ [8]. Diagnosticity refers to how

easily a consumer can judge a product to fit their needs. An interactive 3D model of products gives

users more information about its form and function. Therefore, users may be able to make informed

purchase decisions when shopping in VWs because they have a better idea of what the product is like.

Another advantage is the multi-user and synchronous environment. VWs produce the sense ‘being

there’, also referred to as ‘presence’ [13]. A sense of ‘being there’ with others is also possible because

avatars are located in the same virtual space; users can ‘see’ each other. As a result, the e-commerce

experience has a social dimension that is not experienced when shopping on websites.

Affordances of 2D Websites

Websites have their own advantages that VWs do not. Presently, websites can provide more

information compared to VWs as they use text effectively [5]. The advantage of text is that it can

describe many details about a product, such as specifications and warranties, which cannot be easily

conveyed through images or 3D models. The web also has the advantage of being faster than 3D VWs

because of its low bandwidth and CPU requirements.


Page 105 of 125

Methodology

The methodology of this research project is empirical and qualitative. Three studies involving users are

planned (Figure 3). The first two studies are based on in-depth interviews. The interviews will be

conducted in SL. During the interviews, participants are encouraged to describe their own shopping

experiences in detail and from their own subjective viewpoint. The interview technique is based on

phenomenology [4]. Phenomenological interviews, and subsequent phenomenological analysis, allow

the researcher to obtain the structure and content of experience. During the interviews, each participant

is asked to describe the pre-purchase, purchase and post-purchase interactions from a service encounter.

The data consists of descriptions of shopping experiences, including behaviours, thoughts and feelings.

For this project, data analysis includes both descriptive phenomenological analysis [4] and a general

thematic analysis [1]. A descriptive phenomenological analysis of each interview produces use cases

(or individually structured narratives). Thematic analysis produces a set of themes relating to

affordances and user experience. The use cases and themes provide grounding to reason about design

implications and design guidelines. Design guidelines will be validated through a third study. The

guidelines will be evaluated by users who have experience creating content in 3D VWs and websites.

Part of the validation study will involve making the guidelines usable for the intended audience of

designers and marketers.

Figure 3. Project methodology

Preliminary Findings

The first study is now complete. A list of themes based on affordances and use cases are being

compiled. The aim is to provide a comprehensive list of affordances in 3D VWs for designers to think

about when designing e-commerce systems. The long-term goal is to provide guidance on how to best

use these affordances to create positive experiences. Some affordances identified so far are the ability

to:

• navigate through 3D environments facilitated by the spatial metaphor in a 3D VW

• browse pre-arranged displays similar to a real-world store

• interact with others in real-time as avatars

• blend the 3D virtual world experience with 2D websites

Through further analysis, a set of use qualities and their design implications will be derived. Use

qualities relate to emotional aspects (sensations, feelings, meaning-making) [9]. For example, some use

qualities that characterize the 3D virtual world experience are:


Page 106 of 125

• Disembodied presence: presence and interaction in VWs requires a combination of interaction

metaphors, some from avatar-centred (or game-based) interactions and some from pointer-based

(WIMP-desktop) interactions.

• Touristy shopping: VWs are still a relatively new technology. Consumers are open to the idea of

simply enjoying the sights and sounds through visiting new store. The element of discovery and

wonder partly contributes to the positive feelings associated with the shopping experience.

• Effortful: consumers perceive the shopping experience as requiring non-trivial effort. This may be

due to the difficulty of finding stores or the time required to travel through the virtual world

because of ‘lag’. The way that consumers describe shopping experience in 3D VWs suggests

shopping is more difficult in VWs compared to shopping on websites.

• Socially situated: consumers are not alone in VWs. The motivation and consequence of

consumer’s actions are influenced by their social network and activity. For example, consumers

often choose to buy products because they see someone else with the product. Or, they buy

products so that they can share it with others in the virtual world.

Further Work

The second and third empirical studies will be completed within the next year. The final outcome will

be design guidelines for usability of e-commerce in VWs and on websites. Additionally, the guidelines

will address how to integrate 3D and 2D e-commerce environments for a positive and seamless

consumer experience. The outcome of this research will benefit designers and marketers by providing

guidance and a framework for designing positive e-commerce experiences. Consumers will also benefit

by having e-commerce systems that meet their requirements and address their expectations.

References

1. Braun, V. and Clarke, V. Using thematic analysis in psychology. Qualitative research in

psychology 3(2), 2006, 77–101.

2. Castronova, E. Synthetic Worlds - The Business and Culture of Online Games. University of

Chicago Press, London, 2005.

3. Gabbott, M. and Hogg, G. Consumers and Services. Wiley UK, 1998.

4. Giorgi, A. P. and Giorgi, B. Phenomenological psychology. In Willig, C. and Rogers. W.S. eds.

The SAGE Handbook of Qualitative Research in Psychology. SAGE Ltd, London, 2008.

5. Goel, L. and Prokopec, S. If you build it will they come?—An empirical investigation of consumer

perceptions and strategy in VWs. Electronic Commerce Research, 9(2), 115-134.

6. Hale, T. 2009 End of Year Second Life Economy Wrap up (including Q4 Economy in Detail).

Retrieved March 10, 2010, from Second Life Official Blog:

http://blogs.secondlife.com/community/features/blog/2010/01/19/2009-end-of-year-second-life-

economy-wrap-up-including-q4-economy-in-detail.

7. Hemp, P. Are You Ready for E-tailing 2.0? Harvard Business Review 84, 1028-29.

8. Jiang, Z. and Benbasat, I. Virtual Product Experience: Effects of Visual and Functional Control of

Products on Perceived Diagnosticity and Flow in Electronic Shopping. Journal of Management

Information Systems, 21(3), 111-147.

9. Löwgren, J. and Stolterman, E. Thoughtful Interaction Design. The MIT Press, Cambridge, MA,

2004.

10. Maamar, Z. Commerce, E-Commerce, and M-Commerce: What Comes Next? Communications of

the ACM 46, 12, 2003, 251-257.

11. Petre, M., Minocha, S. and Roberts, D. Usability Beyond the Website: an Empirically-Grounded

E-commerce Evaluation Instrument for the Total Customer Experience. Behaviour and

Information Technology, 25(2), 189-203.

12. Rymaszewski, M., Au, W. J., Ondrejka, C., Platel, R., Gorden, S. V., Cezanne, J., Batston-

Cunningham, B., Krotoski, A., Trollop, C. and Rossignol, J. Second Life: The Official Guide

(Second Ed.). Wiley Publishing Inc, Indiana, 2008.

13. Taylor, T. Living Digitally: Embodiment in VWs. In R. Schroeder, The Social Life of Avatars:

Presence and Interaction in Shared Virtual Environments. Springer-Verlag London Ltd., London,

2002, 40–62.

Note: All studies involving participants has been approved by The Open University’s Human

Participants and Materials Ethics Committee (HPMEC). The study protocol is consistent with

guidelines from the British Psychological Association (http://www.bps.org.uk) and Second Life

Community Standards (http://secondlife.com/corporate/cs.php).


Page 107 of 125

Supporting Reflection about Web Resources within Mash-

Up Learning Environments

Thomas Daniel Ullmann

[email protected]

Supervisors Peter Scott

Fridolin Wild

Department/Institute Knowledge Media Institute – The Open University

Status Fulltime

Probation viva Before


The proposed PhD thesis addresses the problem of how to empower users to reflect

about resources, helping them to make informed decisions. The goal of the PhD is to

develop a framework of a mash-up learning environment that takes into account the

reflection of users about resources.

Mashups are usually seen as software applications that merge separate APIs or data

sources (Zang, Rosson, and Nasser 2008). They compose new applications based on

existing data services and user interfaces. Mashups are “a combination of pre-existing,

integrated units of technology, glued together to achieve new functionality, as

opposed to creating that functionality from scratch” (Hartmann, Doorley, and

Klemmer 2006). They are the manifestation of the programmable web (Maximilien,

Ranabahu, and Gomadam 2008).

Learners looking at the wealth of available learning resources need strategies to deal

with its complexity. The abilities to reflect about information, to rate, and to review it,

seem to be important skills to cope with this. Many tools are available on the web

addressing these challenges. For example, search engines, one of the major backbones

of the web, deliver a ranked result set of more or less relevant information.

Recommendation services aggregate opinions of users to top lists of items or use

collaborative filtering mechanisms to make predictions about future interests of users.

While these services lack connectivity and do not explicitly address reflective practice,

Mashup Personal Learning Environments (MUPPLEs) (Wild, Mödritscher, and

Sigurdarson 2008) enable learners to construct their own learning space through

facilities to mash up services and tools from different sources to support collaborative

and individual learning activities.

Research carried out in the context of reflection (e.g. (Dewey 1933); (Boud, Keogh,

and Walker 1985); (Schön 1983); (Moon 1999)(Moon 2004)) finds its application in

mash-up personal learning environments in form of indicators (Glahn 2009).

Indicators are usually small widgets embedded in a learning system, which represents

information for the learners for example about their activity level or performance

measure. While indicators focus on the visualization of interaction footprints, methods


Page 108 of 125

coming from evaluation research (Thierau and Wottawa 1990), especially of

qualitative (Stake, Denzin, and Lincoln 2005) and quantitative (Neuman 2005)

research are considered as possible reflection points about (web) resources.

The goal is to provide users these functionalities in a mash-up environment. In order

to reflect about a topic the proposed system takes into account manually added

indicators as well as automatically added criteria fostering reflection. The later are

partly derived from the data services and tools of the Science 2.0 infrastructure ((Wild

and Ullmann 2010) and (Wild and Ullmann 2009)) for researchers in technology-

enhanced learning.

References:

Boud, David, Rosemary Keogh, and David Walker. 1985. Reflection: Turning

Experience into Learning. Routledge, April 1.

Dewey, J. 1933. How we think: A restatement of the relation of reflective thinking to

the educative process. DC Heath Boston.

Glahn, Christian. 2009. Contextual support of social engagement and reflection on the

Web. http://dspace.ou.nl/handle/1820/2062.

Hartmann, Björn, Scott Doorley, and Scott R Klemmer. 2006. Hacking, Mashing,

Gluing: A Study of Opportunistic Design and Development.

http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.66.1603.

Maximilien, E.M., A. Ranabahu, and K. Gomadam. 2008. An Online Platform for

Web APIs and Service Mashups. Internet Computing, IEEE 12, no. 5: 32-43.

doi:10.1109/MIC.2008.92.

Moon, Jennifer A. 1999. Reflection in learning & professional development.

Routledge.

———. 2004. A handbook of reflective and experiential learning. Routledge, June 15.

Neuman, W. L. 2005. Social research methods: Quantitative and qualitative

approaches. Allyn and Bacon.

Schön, D. A. 1983. The reflective practitioner. Basic Books New York.

Stake, R. E, N. K. Denzin, and Y. S. Lincoln. 2005. The Sage handbook of qualitative

research. Sage Thousand Oaks, CA.

Thierau, H., and H. Wottawa. 1990. Lehrbuch Evaluation. Bern, Stuttgart, Toronto:

Huber.

Wild, Fridolin, Felix Mödritscher, and Steinn Sigurdarson. 2008. Designing for

Change: Mash-Up Personal Learning Environments. eLearning Papers 9.

http://www.elearningeuropa.info/files/media/media15972.pdf.

Wild, Fridolin, and T. D. Ullmann. 2009. Science 2.0 Mash-Ups. STELLAR

Deliverable 6.3.

http://www.stellarnet.eu/kmi/deliverables/20100120_stellar___d6-3.pdf.

———. 2010. The STELLAR Science 2.0 Mash-Up Infrastructure. In Accepted paper

for the 10th IEEE International Conference on Advanced Learning

Technologies. Sousse, Tunisia.

Zang, Nan, Mary Beth Rosson, and Vincent Nasser. 2008. Mashups: who? what?

why? In CHI '08 extended abstracts on Human factors in computing systems,

3171-3176. Florence, Italy: ACM. doi:10.1145/1358628.1358826.

http://portal.acm.org/citation.cfm?id=1358826.


Page 109 of 125

Local civic governance using online media – a case of consensual problem solving or a recalcitrant pluralism?

Rean van der Merwe [email protected]

Supervisors Anthony Meehan

Engin Isin Department/Institute Computing, HCI

Centre for citizenship, identities and governance Status Full time Probation viva After Starting date October 2008 This presentation reports on a component of a PhD research project exploring the role of online social media in local governance. It discusses the investigation and analysis of distinct patterns of 'governance conversation' observed on a discussion list that was developed and maintained to support local governance. One interesting finding is that making ‘binding decisions’, which has been seen as a key attribute of deliberative democratic processes (Gutmann & Thompson, 2004), is almost entirely absent from the observed online interactions. Nonetheless, the interactions appear to be relevant and useful to the more broadly deliberative process of local governance. The investigation makes a case study of a small, geographically co-located community - where residents make use of simple online tools to discuss issues of local importance. In this sense, the case study presents an example of "neighbourhood democracy" (Leighninger, 2008). However, it should be distinguished from other examples of online neighbourhood democracy, or more broadly online deliberative governance, where the research focus is on the interaction of citizens with government, and where policy formulation in its various forms is both key object and output of communication. In this instance, the online discussion spaces were conceived, set up and are maintained entirely as a spontaneous volunteer effort by members of the community; formal government, e.g. the city municipality, are neither the object of, nor significant participant in the conversations. Dialogue is between residents and largely concerns how they and their Residents Association might directly resolve local issues. Accordingly, residents understand the problems under discussion well and are often personally affected - and so highly motivated to participate in governance action. Case selection logic follows two principles discussed by Yin (2003) which may initially appear contradictory – the case is both typical of villages and neighbourhoods of a given size that exist throughout the world, and relatively unusual in what appears to be a successful ‘bottom up’ implementation of online media to support local, direct governance. The scope of this study is to investigate the sorts of interaction that practically occur as a result, the relationship between online tools and social action, and the potential impact that the online interactions have on local governance.


Page 110 of 125

The study draws on a combination of online discussion archives, field notes and interviews with key participants, and follows an approach based on the Structured Case methodological framework (Carroll & Swatman, 2000). The development of theory has much in common with the grounded theory methodology (Heath & Cowley, 2004), though structured case in particular makes provision for an initial conceptual framework, to be refined, extended and tested through grounded observation. The initial framework employed here has two significant components: an understanding of deliberative governance as much broader process than rational decision making dialogue; and the recognition of deliberation that may equally be valued as instrumental or expressive, a process potentially leading to consensual decision making or to the accommodation of pluralism (Gutmann & Thompson, 2004). Analysis of discussion archives presents five patterns of ‘governance conversation’ which all play a significant role in local governance within the case community. Considering the size and nature of the sample, the analysis does not propose anything near a comprehensive typology. In stead, the patterns are used as a mechanism to be able to analyse and discuss this particular case and the range of contributions therein. Briefly, the five patterns are: • Announcement – participants share governance information or advertise an event. • Feedback – participants provide or request information in response to a governance

initiative. • Coordination – participants coordinate a local response to an externally initiated

governance process. • Deliberative mediation – participants informally mediate the direct resolution of

local governance problems. • Deliberative management – participants engage in sustained, pluralist discussion of

a complex governance problem. In reference to the initial theoretical, the ‘announcement,’ feedback’, ‘coordination, and ‘deliberative mediation’ patterns make the most evident instrumental contributions, but also provide less overt expressive contributions. ‘Deliberative management’ most clearly supports expressive dialogue. In turn, the expressiveness of deliberation appears to be instrumental to the shared understanding required to manage inherently pluralist, complex governance problems. The evidence proposes that the online discussions are driven by a combination of the two modes of interaction, the instrumental and expressive. The findings support Guttman and Thompson (2004), that a complete framework of deliberative governance must integrate the two perspectives. Though the investigation does not show evidence of overt decision-making, there is a strong case that the online conversations significantly support governance action. It appears that the online discussions rarely “create” consensus, but are effective to support action where some level of implicit consensus exists - as we observed in the ‘feedback’, ‘coordination’ and ‘deliberative mediation’ patterns. Furthermore, online deliberation appeared to be particularly suited to manage the sometimes unavoidable pluralism that complex issues introduce to local governance (Cohen, 1998). The case analysis supported not only that expressive communication online creates mutual respect (Guttman & Thompson, 2004), but that it potentially allows participants to


Page 111 of 125

identify shared interests with respect to an issue, which makes a mutually acceptable management solution possible. There is further a case that, in the context of local governance, the asynchronous and responsive nature of the online medium (Wellman et al., 2003) seems particularly suited to supporting such an ad hoc, pluralist management process. While this single case study presents a very specific context of deliberation, the patterns of “governance conversation” observed are recognisable in, and the issues they pertain to have underlying themes that are very possibly common to the deliberations of communities the world over. Further, the online tools used by the case community are relatively unsophisticated, widely used and easily adopted. The case proposes the potential value of an infrequently investigated context of online deliberation – that of citizen-to-citizen deliberation pertaining to geographically local issues; and additionally of a broader conception of the role of the ‘online’ in particularly local deliberation, where formal decision making is frequently over privileged in existing research. Where the evolved theoretical frame is applied to the technology supporting governance interaction, it seems that an instrumental view of deliberation predisposes to an instrumental view of technology - as a "tool" primarily to reduce the coordinative overheads (Cordella, 1997) associated with direct deliberative decision making, and potentially to assist in the process of forming consensus. An expressive view in stead encourages the researcher to consider the extent to which technology fulfils a broader social function by "extending" the public sphere (Klein & Huynh, 2004), creating an environment where the plural values and meaning underlying issues can be understood. Rather than proposing one or the other as "ideal," this project sets out to understand how interaction practically happens, given the theoretical perspective we have outlined, and what this means for the toolsets we design to support the process. References Carroll, J. M., & Swatman, P. A. (2000). Structured-case: a methodological

framework for building theory in information systems research. Eur. J. Inf. Syst., 9(4), 235-242.

Cohen, J., & Sabel, C. (1997). Directly Deliberative Polyarchy. European Law Journal, 3(4), 313-340.

Cordella, A., Simon, K.A. (1997). The Impact of Information Technology on Transaction and Coordination Cost. Paper presented at the Conference on Information Systems Research in Scandinavia

Gutmann, A., & Thompson, D. F. (2004). Why deliberative democracy? : Princeton University Press.

Heath, H., & Cowley, S. (2004). Developing a grounded theory approach: a comparison of Glaser and Strauss. International Journal of Nursing Studies, 41, 141-150.

Klein, H. K., & Huynh, Q. H. (2004). The critical social theory of Jürgen Habermas and its implications for IS research. In J. Mingers & L. P. Willcocks (Eds.), Social Theory and Philosophy for Information Systems (pp. 157-237): Wiley.


Page 112 of 125

Leighninger, M. (2008). The promise and challenge of Neighbourhood Democracy: Deliberative Democracy Consortium. (D. D. Consortium o. Document Number)

Wellman, B., Quan-Haase, A., Boase, J., Chen, W., Hampton, K., DÌaz, I., et al. (2003). The Social Affordances of the Internet for Networked Individualism. Journal of Computer-Mediated Communication, 8(3), 0-0.

Yin, R. K. (2003). Case study research: Design and methods. London: Sage Publications.


Page 113 of 125

Analysis of conceptual metaphors to inform music interaction designs

Katie Wilkie

[email protected] Supervisors Dr Simon Holland

Dr Paul Mulholland Department/Institute Music Computing Status Part-time Probation viva After Starting date April 2008 Music is interwoven through many facets of our daily lives and experiences, from the deep to the trivial. It can be both an art form providing a conduit by which emotions and ideas can be communicated, and a means to communicate personal tastes through, for example, the choice of a mobile ringtone. Despite the ubiquity of music, opportunities for non-experts to interact with music in meaningful ways, to understand it and to affect it by, for example creating and manipulating melodies and harmonic progressions, are limited. Popular and pervasive though music is, understanding and analysing the structural properties of musical artifacts often requires knowledge of domain terminology and notation. Such specialist knowledge is generally restricted to highly trained domain experts who have pursued a path of detailed academic study. In particular, musical concepts such as harmonic progression and voice leading, which make use of a number of different terms and notations to describe various parameters and aspects, can be difficult to understand and describe. Furthermore, providing ways of interacting with music that are sufficiently expressive for experts whilst still being usable by non-experts remains an open challenge. We hypothesise that if we can represent this specialist knowledge in a form that exploits pre-existing and universally held sensory-motor experiences, we will be able to lower some of the barriers to musical expression. Thus we believe that music interactions designed in this manner would lessen the requirement for specialist domain knowledge and be more intuitive to both domain experts and novices alike. The identification of image schemas, exposed through linguistic constructs, provides a promising foundation for this work. Image schemas are defined by Johnson (2005) as “recurring patterns of our sensory-motor experience” where the experiences Johnson is referring to are those of interacting with other bodies, space and forces within our environment. Johnson further hypothesises that these image schemas can be applied to other, often abstract, domains through the creation of conceptual metaphors, enabling us to develop our understanding of more complex abstract concepts. Image schema and conceptual metaphor theories have already been applied to a number of different domains such as arithmetic (Lakoff, Nunez 2007), musical concepts (Saslaw 1996, 1997, Zbikowski 1997a, 1997b, Brower 2000, Larson 1997, Johnson 1997, Johnson, Larson 2003, Eitan, Granot 2006, Eitan, Timmers 2006), user interface design (Hurtienne, Blessing 2007) and music


Page 114 of 125

interaction design (Antle et al. 2008, 2009). In the domain of user interface design for example, Hurtienne and Blessing (2007) carried out experiments attempting to determine whether user interface controls which were configured to support simple conceptual metaphors such as MORE IS UP, a metaphorical extension of the UP-DOWN image schema, would be more intuitive to use. Their results do appear to support this hypothesis to an extent, however only a small number of user interface controls and conceptual metaphors were tested. In the domain of music theory, work by Saslaw (1996, 1997), Zbikowski (1997a, 1997b), Brower (2000), Larson (1997), Johnson (1997, Johnson, Larson 2003) and Eitan et al. (Eitan, Granot 2006, Eitan, Timmers 2006) has used image schemas and conceptual metaphors in an attempt to increase our theoretical understanding of musical concepts. This has yielded promising results indicating that musical concepts can be understood in terms of image schemas and conceptual metaphors. Antle et al. (2008, 2009) designed an interactive sound generation system based on embodied metaphors that allowed users to generate sounds and modify simple sound parameters through body movement. They ran a series of experiments attempting to establish whether this approach to interaction design enhanced the ability of children to learn about sound concepts. Although the results were inconclusive, they did highlight the importance of discoverability of the embodied metaphors used in the interaction model. This research draws upon these works, aiming to establish if the conceptual metaphors elicited from dialogues between musicians discussing various musical concepts can be used to inform interaction designs for communicating information about, expressing and manipulating complex musical concepts such as harmony and melody. Thus, the specific questions this research aims to address are as follows:

1. How can conceptual metaphors aid our understanding of the musical concepts of pitch, melody and harmony?

2. How can the conceptual metaphors identified be used to inform and evaluate the design of music interactions for communicating information about and manipulating pitch, melody and harmony?

Methodology In order to address the question of the ways in which conceptual metaphors aid our understanding of the musical concepts of pitch, melody and harmony, we must first identify the conceptual metaphors that experienced musicians use to understand, define and describe such phenomena. A series of studies have been planned involving musicians from both classical and popular traditions. The participants will be provided with musical artifacts in different representation formats (e.g. musical score, audio file and piano roll) and asked to discuss aspects of the artifacts in order to elicit a dialogue which can then be analysed to identify the conceptual metaphors in use. Once a collection of commonly used musical conceptual metaphors has been identified, it is planned to validate these with a wider audience through the use of an online questionnaire. The second research question, regarding the use of conceptual metaphors to evaluate and inform music interaction designs, will be addressed by firstly evaluating a number of existing music interaction designs using the identified


Page 115 of 125

musical conceptual metaphors. The results of these evaluations will be used to generate a series of guidelines for designing music interactions. In order to validate the guidelines, example music interactions will be developed based on the guidelines and subsequently evaluated with participants to establish their suitability. A summary of the work plan for these tasks is provided in the table below. Dates Task May 2010 – Dec 2010 Identify and validate the musical conceptual

metaphors used by musicians through a series of studies and an online questionnaire.

Jan 2011 – Apr 2011 Evaluate existing music interaction designs using the identified musical conceptual metaphors and establish a series of design guidelines/patterns for designing future music interactions.

May 2011 – Dec 2011 Implement a number of small-scale solutions based on the defined design guidelines and evaluate these solutions to further improve the guidelines.

Jan 2012 – Jun 2013 Write-up. At this stage, one study has already been completed (Wilkie, Holland and Mulholland 2009) and further studies are in the process of planning. Contributions It is envisaged that this research will provide the following contributions to the field:

1. Increase knowledge of how conceptual metaphors aid understanding of musical concepts such as pitch, melody and harmony. This will be achieved through identifying and validating the conceptual metaphors used by musicians when discussing various aspects of music.

2. Some preliminary indication of how different musical representation formats affect and align with the conceptual metaphors elicited during discussions.

3. Improve knowledge of how musical conceptual metaphors can be used to evaluate and inform the designs of intuitive music interactions. This will be achieved through the development of a series of design guidelines aimed at assisting designers to make decisions about the most appropriate manner for communicating information about and manipulating specific musical parameters.

References ANTLE, A.N., CORNESS, G. and DROUMEVA, M., 2009. Human-computer-intuition? Exploring the cognitive basis for intuition in embodied interaction. International Journal of Arts and Technology, 2(3), 235-254. ANTLE, A.N., DROUMEVA, M. and CORNESS, G., 2008. Playing with the


Page 116 of 125

sound maker: do embodied metaphors help children learn? Proceedings of the 7th international conference on Interaction design and children, 2008, ACM pp178-185. BROWER, C., 2000. A cognitive theory of musical meaning. Journal of Music Theory, 44(2), 323-379. EITAN, Z. and GRANOT, R.Y., 2006. How Music Moves: Musical Parameters and Listeners' Images of Motion. Music Perception, 23(3), 221-247. EITAN, Z. and TIMMERS, R., 2006. Beethoven’s last piano sonata and those who follow crocodiles: Cross-domain mappings of auditory pitch in a musical context, Proceedings of the 9th International Conference on Music Perception and Cognition, 2006, pp875-882. HURTIENNE, J. and BLESSING, L., 2007. Design for Intuitive Use - Testing Image Schema Theory for User Interface Design, Proceedings of the 16th International Conference on Engineering Design, 2007, pp1-12. JOHNSON, M., 2005. The philosophical significance of image schemas. In: B. HAMPE and J. GRADY, eds, From Perception to Meaning: Image Schemas in Cognitive Linguistics. Berlin: Walter de Gruyter, pp. 15-33. JOHNSON, M., 1997. Embodied Musical Meaning. Theory and Practice, 22-23, 95-102. JOHNSON, M.L. and LARSON, S., 2003. Something in the Way She Moves-Metaphors of Musical Motion. Metaphor and Symbol, 18(2), 63-84. LAKOFF, G. and NUNEZ, R.E., 2000. Where Mathematics Comes From. Basic Books. LARSON, S., 1997. Musical forces and melodic patterns. Theory and Practice, 22-23, 55-71. SASLAW, J., 1996. Forces, Containers, and Paths: The Role of Body-Derived Image Schemas in the Conceptualization of Music. Journal of Music Theory, 40(2), 217-243. SASLAW, J.K., 1997. Life Forces: Conceptual Structures in Schenker’s Free Composition and Schoenberg's The Musical Idea. Theory and Practice, 22-23, 17-34. WILKIE, K., HOLLAND, S. and MULHOLLAND, P., 2009. Evaluating Musical Software Using Conceptual Metaphors, Proceedings of the 23rd British Computer Society Conference on Human Computer Interaction, 2009, British Computer Society pp232-237. ZBIKOWSKI, L.M., 1997a. Conceptual Models and Cross-Domain Mapping: New Perspective on Theories of Music and Hierarchy. Journal of Music Theory, 41(2), 193-225. ZBIKOWSKI, L.M., 1997b. Des Herzraums Abschied: Mark Johnson's Theory of Embodied Knowledge and Music Theory. Theory and Practice, 22-23, 1-16.


Page 117 of 125

Issues and techniques for collaborative music making on multi-touch surfaces

Anna Xambó[email protected]

Supervisors Robin LaneyDepartment/Institute Department of ComputingStatus Visiting research student (4 months)Probation viva -Starting date -

A range of applications exist for collaborative music making on multi-touch surfaces. Some of them have been highly successful, but currently there is no systematic way of designing them, to maximize collaboration for a particular user group. We are specially interested in applications that will engage novices and experts. Traditionally the challenge in collaborative music instruments is to satisfy the needs of both [1]. For that purpose, we developed a collaborative music making prototype for multi-touch surfaces and evaluated its creative engagement.

Applications for musical multi-touch surfaces are not new. A pioneering work is the ReacTable [2, 3], which allows a group of people to share control of a modular synthesizer by manipulating physical objects on a round table. Iwai’s Composition on the Table [4] allows users to create music and visuals by interacting with four tables which display switches, dials, turntables and sliders. Stereotronic Multi-Synth Orchestra [5] uses a multi-touch interface based on a concentric sequencer where notes can be placed. What is less addressed is the evaluation of creative engagement in these applications. There are numerous theoretical accounts of the nature of emotional engagements with art and artefacts. Current models are based on a pragmatist view, which conceptualises the aesthetic and affective value of an object as lying not in the object itself, but in an individual’s or a group’s rich set of interactions with it [6, 7]. In the context of pleasurable creative engagement and the collective composition of music, Bryan-Kinns et al. [8] see attunement to others’ contributions as the central principle of creative engagement. The phenomena of personal full immersion in an activity, also known as ’fow’ [7], has been extended to groups as means of heightening group productivity [9].

Our approach is, frst, to study the issues and techniques of multi-user instruments and multi-touch applications in general, second, to design a simple application in an initial attempt to clearly analyse some of these issues, and third, to evaluate its creative engagement. For that purpose, a prototype was built which allowed groups of up to four users to express themselves in collaborative music making using pre-composed materials. Bykeeping the prototype minimal, we were able to investigate the essential aspects of engaging interaction.

Case studies were video recorded and analysed using two techniques derived from Grounded Theory (GT) and Content Analysis (CA). For the GT, which is a qualitative research method employed in the social sciences that derives theoretical explanations from the data without having hypotheses in mind [10], we adopted an open coding strategy of identifying key moments of the video


Page 118 of 125

interactions; grouping the codes by concepts and generating general explanations from the categorization of the concepts. Given that this approach is based on creative interpretation, we added more evidence by complementing GT with CA. Content Analysis (CA) is defned by Holsti (1969) as ”any technique for making inferences by objectively and systematically identifying specifed characteristics of messages” [10]. This defnition includes content analysis of text, videos, music or drawings. There are varied approaches to CA using quantitative, qualitative or both techniques. Our approach is derived from ethnographic content analysis or qualitative content analysis [11], an approach to documents that emphasises the role of the investigator in the construction of the meaning of texts. We took same steps as in the open coding, but in the frst step we used instead structured codes to help us identify key points of the video-recorded interactions.

The case study protocol was the following: The users were expected to perform three musical tasks of different character as well as an informal discussion in order to generate suffcient data to analyse several aspects of behaviours using the prototype. A questionnaire was also conducted and evaluated. The main focus of the analysis was on the evaluation of the collaborative interactions enabled by the prototype. The questions we wanted to address were:

1. What were the modes participants found to collaborate with oneanother;

2. What were the diffculties that participants encountered and the extentto which they found the exercise engaging;

3. What was the degree of satisfaction at the end result.

From transcription of the video speech and behaviours, and then the process of open coding, we identifed the following concepts: collaboration, musical aesthetics, learning process and system design. After that, we analysed the same data using the nomenclature chosen from two existing theoretical frameworks. The frst one is a general framework of tangible social interaction which includes the concepts of tangible manipulation, spatial interaction, embodied facilitation or expressive representation [12]. The second one is focused on the engagement between participants in music collaboration, which considers the following features: mutual awareness, shared and consistent representations, mutual modifability and annotation [8]. We found that some of the content analysed was already discussed in the open coding process, which provides consistency. Data was also collected using a questionnaire, which was designed to probe such issues as how aware each participant had been of other instruments; the diffculty of the tasks, and how much they felt they had enjoyed and concentrated on them; and the extent to which they considered they had operated as a team and felt part of a collaborative process. Responses were recorded using numerical scores, but the questionnaire also asked for qualitative feedback on how participants organised themselves as a group and the nature of any rules they created. We also recorded anonymously the participants age, gender, previous experience, love of music, and the instrument they had been allocated on the table.

Within a user-centered design approach of active participation of users in the process of designing the prototype, the most prominent aspects that have emerged as enhancements of multi-touch applications in music collaboration are:

• Responsiveness. The responsiveness determines the perceived emotiveness. This parameter should be adequately related to the


Page 119 of 125

application performance in terms of time and computer resources used. A consistent audiovisual feedback will enhance the perceived response of the application.

• Shared vs. individual controls. Both shared and individual spaces are needed. Shared features would strength mutual awareness and mutual modifability. Individual spaces would strength personal opinion, musical identity and musical expression.

The fndings of this study help us understand engagement in music collaboration. Qualitative video analysis and the questionnaires provide indication of participants having mutual engaging interaction in terms of being engaged with the music collaboratively produced and also being engaged with others in the activity. High degree of satisfaction at the end result is evidenced mostly by the gestural mode. The evidence found of participants exchanging ideas constantly indicates that the prototype strongly facilitates conversation, which, as noted earlier, is important in terms of group productivity.

In the future, we are interested in how many, and what type of, affordances such applications should offer in order to maximise engagement. We are also interested in validating our evaluation method. To that end, there is scope to improve the responsiveness of the prototype and to redesign the distribution of shared and individual controls. Furthermore, there is a plan to add individual continuous controls for sound parameter modifcations in order to encourage a process-oriented composition. The mutual experience might be enhanced and collaboration deepened, by adding common controls, as well. A balance between adding more features and keeping simplicity must be kept in order to attract both novices and experts alike.

[1] T. Blaine and S. Fels, “Collaborative musical experiences for novices,” Journal of New Music Research, vol. 32, no. 4, pp. 411–428, 2003.

[2] S. Jordà, M. Kaltenbrunner, G. Geiger, and R. Bencina, “The reacTable*,” in Proceedings of the International Computer Music Conference (ICMC 2005), (Barcelona, Spain), 2005.

[3] S. Jordà, G. Geiger, M. Alonso, and M. Kaltenbrunner, “The reacTable: Exploring the synergy between live music performance and tabletop tangible interfaces,” in TEI ’07: Proceedings of the 1st international conference on Tangible and embedded interaction, (New York, NY, USA), pp. 139–146, ACM, 2007.

[4] T. Iwai, “Composition on the table,” in International Conference on Computer Graphics and Interactive Techniques, SIGGRAPH: ACM Special Interest Group on Computer Graphics and Interactive Techniques, ACM, 1999.

[5] http://www.fashionbuddha.com/, 15/3/2010.

[6] M. Blythe and M. Hassenzahl, The semantics of fun: differentiating enjoyable experiences, pp. 91–100. Norwell, MA, USA: Kluwer Academic Publishers, 2004.

[7] M. Csikszentmihalyi, Beyond Boredom and Anxiety: Experiencing Flow in Work and Play. Jossey-Bass, 1975.


Page 120 of 125

[8] N. Bryan-Kinns and F. Hamilton, “Identifying mutual engagement,” Behaviour and Information Technology, 2009.

[9] K. Sawyer, Group Genius: The Creative Power of Collaboration. Basic Books, 2007.

[10] J. Lazar, J. Feng, and H. Hochheiser, Research Methods in Human-Computer Interaction. Wiley, 2010.

[11] D. L. Altheide, “Ethnographic content analysis,” Qualitative Sociology, vol. 10, pp. 65–77, 1987.

[12] E. Hornecker and J. Buur, “Getting a grip on tangible interaction: A framework on physical space and social interaction,” in CHI ’06: Proceedings of the SIGCHI conference on Human Factors in computing systems, (New York, NY, USA), pp. 437–446, ACM Press, 2006.


Page 121 of 125

A Release Planning Model to Handle Security Requirements

Saad Bin Saleem Center of Research in Computing, Open University

[email protected]

Basic information Supervisors:

Dr. Charles Haley Dr. Yijun Yu Professor Bashar Nuseibeh Professor Anne De Roeck

Department: Computing Status: Full-time Research Student Probation Viva: Probably in November, 2010 Starting Date: Joined OU at 1st February 2010

Background Nowadays usage of computer technology is growing rapidly and almost everybody in the world is depending on computer systems [1]. More and more people and organizations are using computer systems to process, store and manage their highly sensitive data [2]. Any loss, theft and alteration of this data from computer systems can cause a serious incident, which may consequently cause to human disasters. Therefore, proper security of computer systems is very important to avoid any kind of unlikely events. Software is an important component of any computer system and a software security failure can cause malfunction of overall system [1]. It is reported by many scientists and engineers that software security related problems are increasing over the years and secure software development is still a challenging area for software community [3, 4]. For the development of secure software, an early inclusion of security concerns in the Software Development Life Cycle (SDLC) is suggested by many researchers [1, 4]. They consider that it will be very helpful to improve overall software security and can be useful to solve common security threats at design and architecture level [1, 4]. For this purpose, understanding of security requirements at early stages of SDLC is very important, as security requirements are ignored in most of the cases [5, 6]. It is also considered that software security is much related to confidentiality, availability and integrity [7]. But in some cases security is much more than that and depends on many other constraints like stakeholders, etc [6, 7]. To elicit all kinds of security requirements, a systematic procedure named Security Requirements Engineering (SRE) is suggested in the literature [5]. This process insures that elicited security requirements should be complete, consistent and easy to understand [5]. A Requirement Engineering (RE) process consists of many stages from elicitation to requirements validation and Release Planning (RP). RP is considered an important phase of RE in bespoke and market driven software development. RP is divided into two major subtypes named as strategic RP and operational RP [9, 12]. The idea of selecting an optimum set of features or requirements to deliver in a release is called strategic RP or road-mapping and it is performed at product level [9, 10]. On the other hand allocation of resources for realization of a product is called operational RP and performed to decide when a product release should be delivered [10]. In the RP process, it is a common phenomenon to select as much functional requirements or features in a release and deliver to customer or market as soon as possible [11]. In this way, there is a chance


Page 122 of 125

to compromise some quality requirements in general and security requirements in particular which consequently lead to compromise with many threats to software [15]. Some existing models of RP deals with quality requirements as technical constraints in general (hard constraints) but not specifically consider these requirements for prioritization with other functional requirements [11, 12, 9 and 15]. Therefore, identifying and fixing any security concerns during selection of requirements for a release, and before deciding time to delivery, can make software less prone to security failures. It can also help in delivering incremental security as organizations cannot hundred percent claim about the security of software product and always need to improve further. Based on the above discussion, it is observed that security requirements needs to be consider in RP for better product strategies and delivery of secure software to customer. So, there is a need to align security requirements with RP by developing a model which treats security requirements separately for strategic and operational RP to release secure software Current research in SRE is aiming to improve existing methods to elicit, analyze, specify, validate and manage security requirements [3, 13]. Like Charles et al have proposed a framework for eliciting security requirements and highlighted some further research directions in the area [3]. Similarly in RP, Ruhe et al have extended the existing approach Evolve+ with three parameters (time dependent value functions, flexible release dates, and adjusted time dependent resource capacities) for more improved planning. Saad & Usman had identified the need to improve existing models of RP according to the needs of Industry [8]. So, this study will contribute in the SRE & RP research, as purpose of this study is to develop a model which treats security requirements in conjunction with functional requirement for strategic and operational RP. The research will be conducted in three phases. In first phase, impact of security requirements on strategic and operational RP will be analyzed. In second phase of research a model will be developed based on the results of first phase. In third phase, the developed model will be validated to verify model’s effectiveness.

Research Questions Following are preliminary research questions based on the purpose of study. RQ1. What existing practices are in the literature to deal security requirements for strategic and

operational RP? RQ2. What are implications of security requirements on strategic and operational RP as compare to

functional requirements and/or other quality requirements? RQ3. Which is an appropriate mechanism for developing a model to treat security requirements as separate requirements instead constraints for prioritization of functional requirements?

RQ4. What kind of other constraints the model should consider for developing strategic and operational RP?

RQ5. To what extent the proposed model is effective?

Research Methodology Qualitative and quantitative research methodologies will be selected to conduct the research in two different stages [14]. The literature review and Industrial Interviews will be used as strategies of inquiry in first stage of research. For example, literature review will be used to know existing practices to deal security requirements during strategic and operational RP, to analyze existing models of strategic and operational RP and to identify any constraints that should be consider for strategic and operational RP based on security and all other kinds of requirements. Similarly, industrial interviews will be used beside with literature review to know any implications of security requirements on strategic and operational RP. In second stage of research, Industrial Interviews and experiments will be adopted as strategies of inquiry to validate the model’s functionality.


Page 123 of 125

References [1] Mc-Graw, G “Software Security”, IEEE Computer Society (Privacy and Security), 2004

[2] C. Irvine, T. Levin, J. Wilson, D. Shifflet, & B. Peireira, “An Approach to Security Requirements Engineering for a High Assurance System”, Journal of Requirements Engineering Journal, Vol. 7, No. 4, pp.192-206, 2002

[3] Haley, B. C., Laney, R., Moffett, J., Nuseibeh, B., "Security Requirements Engineering: A Framework for Representation and Analysis," IEEE Transactions on Software Engineering, vol.34, no.1, pp.133-153, 2008

[4] Hassan, R., Bohner, S., and El-Kassas, S., “Formal Derivation of Security Design Specifications From Security Requirements”, In Proceedings of the 4th Annual Workshop on Cyber Security and information intelligence Research: Developing Strategies To Meet the Cyber Security and information intelligence Challenges Ahead, pp.1-3, 2008 [5] Mellado, D., Fernández-Medina, E., & Piattini, M., “Applying a Security Requirements Engineering Process”, Computer Security–ESORICS, Springer, pp. 192-206, 2006 [6] B. H. Cheng and J. M. Atlee, "Research Directions in Requirements Engineering," Future of Software Engineering, (FOSE07), pp. 285-303, 2007 [7] A. Avizienis, J. C. Laprie, B. Randell, and C. Landwehr, "Basic Concepts and Taxonomy of Dependable and Secure Computing," IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 1, pp. 11-33, 2004 [8] Saleem, B. S., Shafique. M.U., “A Study on Strategic Release Planning Models of Academia & Industry”, Master Thesis, Blekinge Institute of Technology, Sweden, pp.1-81, 2008 [9] Al-Emran, A., Pfahl, D., “Operational Planning, Re-planning and Risk Analysis for Software Releases”, Proceedings of the 8th International Conference on Product Focused Software Process Improvement (PROFES), pp. 315-329, 2007 [10] Ruhe, G., Momoh, J., "Strategic Release Planning and Evaluation of Operational Feasibility, "In Proceedings of the 38th Annual Hawaii International Conference on System Sciences (HICSS), vol.9, pp. 313b, 2005 [11] Tondel, I.A.; Jaatun, M.G.; Meland, P.H., "Security Requirements for the Rest of Us: A Survey", IEEE Software, vol.25, no.1, pp.20-27, 2008 [12] Ngo-The, A., and Ruhe, G., “A Systematic Approach for Solving the Wicked Problem of Software Release Planning”, Soft Comput, vol. 12, no.1, pp. 95-108, 2007 [13] Jing-Song Cui; Da Zhang, "The Research and Application of Security Requirements Analysis Methodology of Information Systems”, 2nd International Conference on Anti-counterfeiting, Security and Identification, pp.30-36, 2008 [14] Creswell, W. J., Research Design: Qualitative, Quantitative, and Mixed Method Approaches, Second Edition, Thousand Oaks: Sage, pp.1-246, 2003


Page 124 of 125

[15] Svahnberg, M., Gorschek, Feldt, R., Torkar, R., Saleem, B. S., and Shafique, U. M., “A systematic review on strategic release planning models,” Information and Software Technology, vol. 52, no.3, pp. 237-248, 2010 [16] Elroy, J., and Ruhe, G., “When-to-release decisions for features with time-dependent value functions,” To be Appeared in Journal of Requirements Engineering, 2010


Page 125 of 125