Change search
Link to record
Permanent link

Direct link
Alternative names
Publications (10 of 65) Show all publications
Saleem, Y., Sotres, P., Fricker, S., Lopez de la Torre, C., Crespi, N., Lee, G. M., . . . Sanchez, L. (2022). IoTRec: The IoT Recommender for Smart Parking System. IEEE Transactions on Emerging Topics in Computing, 10(1), 280-296
Open this publication in new window or tab >>IoTRec: The IoT Recommender for Smart Parking System
Show others...
2022 (English)In: IEEE Transactions on Emerging Topics in Computing, E-ISSN 2168-6750, Vol. 10, no 1, p. 280-296Article in journal (Refereed) Published
Abstract [en]

This paper proposes a General Data Protection Regulation (GDPR)-compliant Internet of Things (IoT) Recommender (IoTRec) system, developed in the framework of H2020 EU-KR WISE-IoT (Worldwide Interoperability for Semantic IoT) project, which provides the recommendations of parking spots and routes while protecting users' privacy. It provides recommendations by exploiting the IoT technology (parking and traffic sensors). The IoTRec provides four-fold functions. Firstly, it helps the user to find a free parking spot based on different metrics (such as the nearest or nearest trusted parking spot). Secondly, it recommends a route (the least crowded or the shortest route) leading to the recommended parking spot from the user's current location. Thirdly, it provides the real-time provision of expected availability of parking areas (comprised of parking spots organized into groups) in a user-friendly manner. Finally, it provides a GDPR-compliant implementation for operating in a privacy-aware environment. The IoTRec is integrated into the smart parking use case of the WISE-IoT project and is evaluated by the citizens of Santander, Spain through a prototype, but it can be applied to any IoT-enabled locality. The evaluation results show the citizen's satisfaction with the quality, functionalities, ease of use and reliability of the recommendations/services offered by the IoTRec.

Place, publisher, year, edition, pages
IEEE Computer Society, 2022
Keywords
GDPR, Intelligent sensors, Internet of Things (IoT), parking statistics, Prototypes, recommendations, Semantics, smart parking, Urban areas, Vehicles
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:bth-21078 (URN)10.1109/TETC.2020.3014722 (DOI)2-s2.0-85099554640 (Scopus ID)
Funder
EU, Horizon 2020, 723156
Available from: 2021-02-17 Created: 2021-02-17 Last updated: 2022-08-09Bibliographically approved
van Haastrecht, M., Golpur, G., Tzismadia, G., Kab, R., Priboi, C., David, D., . . . Spruit, M. (2021). A shared cyber threat intelligence solution for smes. Electronics, 10(23), Article ID 2913.
Open this publication in new window or tab >>A shared cyber threat intelligence solution for smes
Show others...
2021 (English)In: Electronics, E-ISSN 2079-9292, Vol. 10, no 23, article id 2913Article in journal (Refereed) Published
Abstract [en]

Small-and medium-sized enterprises (SMEs) frequently experience cyberattacks, but often do not have the means to counter these attacks. Therefore, cybersecurity researchers and practitioners need to aid SMEs in their defence against cyber threats. Research has shown that SMEs require solutions that are automated and adapted to their context. In recent years, we have seen a surge in initiatives to share cyber threat intelligence (CTI) to improve collective cybersecurity resilience. Shared CTI has the potential to answer the SME call for automated and adaptable solutions. Sadly, as we demonstrate in this paper, current shared intelligence approaches scarcely address SME needs. We must investigate how shared CTI can be used to improve SME cybersecurity resilience. In this paper, we tackle this challenge using a systematic review to discover current state-of-the-art approaches to using shared CTI. We find that threat intelligence sharing platforms such as MISP have the potential to address SME needs, provided that the shared intelligence is turned into actionable insights. Based on this observation, we developed a prototype application that processes MISP data automatically, prioritises cybersecurity threats for SMEs, and provides SMEs with actionable recommendations tailored to their context. Subsequent evaluations in operational environments will help to improve our application, such that SMEs are enabled to thwart cyberattacks in future. © 2021 by the authors. Licensee MDPI, Basel, Switzerland.

Place, publisher, year, edition, pages
MDPI, 2021
Keywords
Cyber threat intelligence, Cybersecurity, Information sharing, MISP, SME
National Category
Computer Sciences
Identifiers
urn:nbn:se:bth-22608 (URN)10.3390/electronics10232913 (DOI)2-s2.0-85119677844 (Scopus ID)
Funder
EU, Horizon 2020, 883588
Note

A correction to this paper has been published:

DOI: 10.3390/electronics11030349

Available from: 2022-02-11 Created: 2022-02-11 Last updated: 2023-11-14Bibliographically approved
Schmid, R. & Fricker, S. (2021). Evaluation of a Stakeholder Satisfaction-oriented Method for Prioritising Change Requests. In: Moreira, A, Schneider, K, Vierhauser, M, ClelandHuang, J (Ed.), Proceedings of the IEEE International Conference on Requirements Engineering: . Paper presented at 29th IEEE International Requirements Engineering Conference, RE 2021, Virtual, Notre Dame, 20 September 2021 through 24 September 2021 (pp. 291-301). IEEE Computer Society
Open this publication in new window or tab >>Evaluation of a Stakeholder Satisfaction-oriented Method for Prioritising Change Requests
2021 (English)In: Proceedings of the IEEE International Conference on Requirements Engineering / [ed] Moreira, A, Schneider, K, Vierhauser, M, ClelandHuang, J, IEEE Computer Society , 2021, p. 291-301Conference paper, Published paper (Refereed)
Abstract [en]

The prioritisation of change requests for an evolving software is an important and complex activity in the continuous requirements engineering and release planning of an evolving product. We have explored such prioritisation with an organisation consisting of several business units appearing as stakeholders that compete for the same development resources. The challenge lay in taking objective factors like the cost-benefit ratio and technical dependencies of the requests into account while creating a high level of stakeholder satisfaction with the defined release scope. Together with the organisation, we have designed and implemented a tailored method that uses the stakeholders' satisfaction as a structured means for validating the criteria-based prioritisation results. The paper extends prior work by taking the perspective of the organisational stakeholders and describing the method design from the organisation's perspective, reports the use of the method in the organisation, and summarises the lessons learned from using the method in the organisation. The results are useful to increase the maturity of prioritisation in industrialpractice. © 2021 IEEE.

Place, publisher, year, edition, pages
IEEE Computer Society, 2021
Series
International Requirements Engineering Conference, ISSN 2332-6441
Keywords
Case Study, Prioritisation, Stakeholder Satisfaction, Cost benefit analysis, Business units, Case-studies, Complex activity, Cost benefit ratio, Development resources, Engineering planning, Prioritization, Release planning, Requirement engineering, Stakeholder satisfactions, Requirements engineering
National Category
Computer Sciences
Identifiers
urn:nbn:se:bth-22599 (URN)10.1109/RE51729.2021.00033 (DOI)000788292800026 ()2-s2.0-85123191308 (Scopus ID)9781665428569 (ISBN)
Conference
29th IEEE International Requirements Engineering Conference, RE 2021, Virtual, Notre Dame, 20 September 2021 through 24 September 2021
Available from: 2022-02-08 Created: 2022-02-08 Last updated: 2022-05-20Bibliographically approved
Fotrousi, F., Fricker, S., Fiedler, M. & Wüest, D. (2020). A Method for Gathering Evidence from Software in Use to Support Software Evolution.
Open this publication in new window or tab >>A Method for Gathering Evidence from Software in Use to Support Software Evolution
2020 (English)Manuscript (preprint) (Other academic)
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-19474 (URN)
Available from: 2020-05-18 Created: 2020-05-18 Last updated: 2022-11-18Bibliographically approved
Shojaifar, A., Fricker, S. & Gwerder, M. (2020). Automating the Communication of Cybersecurity Knowledge: Multi-case Study. In: Drevin L.,Von Solms S.,Theocharidou M. (Ed.), IFIP Advances in Information and Communication Technology: . Paper presented at 13th IFIP WG 11.8 World Conference on Information Security Education, WISE 2020, Maribor, Slovenia, 21 September 2020 through 23 September 2020; (pp. 110-124). Springer Science and Business Media Deutschland GmbH, 579
Open this publication in new window or tab >>Automating the Communication of Cybersecurity Knowledge: Multi-case Study
2020 (English)In: IFIP Advances in Information and Communication Technology / [ed] Drevin L.,Von Solms S.,Theocharidou M., Springer Science and Business Media Deutschland GmbH , 2020, Vol. 579, p. 110-124Conference paper, Published paper (Refereed)
Abstract [en]

Cybersecurity is essential for the protection of companies against cyber threats. Traditionally, cybersecurity experts assess and improve a company’s capabilities. However, many small and medium-sized businesses (SMBs) consider such services not to be affordable. We explore an alternative do-it-yourself (DIY) approach to bringing cybersecurity to SMBs. Our method and tool, CYSEC, implements the Self-Determination Theory (SDT) to guide and motivate SMBs to adopt good cybersecurity practices. CYSEC uses assessment questions and recommendations to communicate cybersecurity knowledge to the end-user SMBs and encourage self-motivated change. In this paper, the operationalisation of SDT in CYSEC is presented and the results of a multi-case study shown that offer insight into how SMBs adopted cybersecurity practices with CYSEC. Effective automated cybersecurity communication depended on the SMB’s hands-on skills, tools adaptedness, and the users’ willingness to documenting confidential information. The SMBs wanted to learn in simple, incremental steps, allowing them to understand what they do. An SMB’s motivation to improve security depended on the fitness of assessment questions and recommendations with the SMB’s business model and IT infrastructure. The results of this study indicate that automated counselling can help many SMBs in security adoption. © 2020, IFIP International Federation for Information Processing.

Place, publisher, year, edition, pages
Springer Science and Business Media Deutschland GmbH, 2020
Series
IFIP Advances in Information and Communication Technology, ISSN 1868-4238
Keywords
Capability assessment and improvement, Cybersecurity, Do-it-yourself, Multi-case study, Small and medium-sized businesses, Information technology, Business modeling, Confidential information, Cyber security, Cyber threats, Do it yourself, IT infrastructures, Self-determination theories, Small and medium sized business, Security of data
National Category
Computer Sciences
Identifiers
urn:nbn:se:bth-20561 (URN)10.1007/978-3-030-59291-2_8 (DOI)2-s2.0-85092115002 (Scopus ID)9783030592905 (ISBN)
Conference
13th IFIP WG 11.8 World Conference on Information Security Education, WISE 2020, Maribor, Slovenia, 21 September 2020 through 23 September 2020;
Funder
EU, Horizon 2020, 740787
Note

open access

Available from: 2020-10-19 Created: 2020-10-19 Last updated: 2022-05-04Bibliographically approved
Fotrousi, F., Stade, M., Seyff, N., Fricker, S. & Fiedler, M. (2020). How do Users Characterise Feedback Features of an Embedded Feedback Channel?.
Open this publication in new window or tab >>How do Users Characterise Feedback Features of an Embedded Feedback Channel?
Show others...
2020 (English)Manuscript (preprint) (Other academic)
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-19475 (URN)
Available from: 2020-05-18 Created: 2020-05-18 Last updated: 2022-11-18Bibliographically approved
Maksimov, Y. & Fricker, S. (2020). Licensing in Artificial Intelligence Competitions and Consortium Project Collaborations. In: Martini A.,Wimmer M.,Skavhaug A. (Ed.), Proceedings - 46th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2020: . Paper presented at 46th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2020, Kranj, Slovenia, 26 August 2020 through 28 August 2020 (pp. 292-301). Institute of Electrical and Electronics Engineers Inc., Article ID 9226354.
Open this publication in new window or tab >>Licensing in Artificial Intelligence Competitions and Consortium Project Collaborations
2020 (English)In: Proceedings - 46th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2020 / [ed] Martini A.,Wimmer M.,Skavhaug A., Institute of Electrical and Electronics Engineers Inc. , 2020, p. 292-301, article id 9226354Conference paper, Published paper (Refereed)
Abstract [en]

Platforms are emerging that allow data scientists, software and hardware engineers to collaborate through organisational boundaries to develop systems of Artificial Intelligence (AI). Such collaboration involves the exchange of assets representing Intellectual Property (IP) of the collaborators. The tension between permitting access and protecting IP is thus one of the critical challenges faced by organisations willing to innovate through collaboration. Licensing is a common way to address the issue, but the influence of the licensing rules on the intended form of collaboration is still unclear.In this paper, we identify and analyse the rules that are used to regulate IP exchanges in two common forms of collaboration: a) competitions where one customer benchmarks and selects among multiple suppliers and b) consortium projects where multiple parties collaborate to product joint results. Due to our interest in AI, we have chosen to analyse the terms and conditions of competitions hosted on KaggleTM a leading online platform for Competitions. For consortium projects, we have analysed the DESCA Consortium Agreement template. DESCA is often used for European projects, an increasing number of which are used to fund AI innovation projects. We have applied In Vivo Coding and Concept Coding coding techniques to highlight rules applicable to IP exchange. We structured the findings in the form of tree graphs consisting of interdependent textual phrases to extract, group and compare the terms and conditions of IP sharing in each collaboration form and how they relate to the characteristics of the studied collaborations.The results indicate that each form of collaboration has its own set of rules that address comparable concerns but have different content. Practitioners, both platform providers and collaborators, can utilise our results to implement licensing for IP exchange that fits the desired type of collaboration. For researchers, our results represent a step towards the automation of license generation and enforcement. © 2020 IEEE.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2020
Keywords
artificial intelligence, licensing, software collaboration, Application programs, Copyrights, Trees (mathematics), Coding techniques, Critical challenges, European project, Innovation projects, Online platforms, Organisational boundaries, Project collaboration, Software and hardwares
National Category
Computer Sciences Business Administration
Identifiers
urn:nbn:se:bth-20818 (URN)10.1109/SEAA51224.2020.00056 (DOI)000702094100045 ()2-s2.0-85096596560 (Scopus ID)9781728195322 (ISBN)
Conference
46th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2020, Kranj, Slovenia, 26 August 2020 through 28 August 2020
Funder
EU, Horizon 2020, 732204
Available from: 2020-12-08 Created: 2020-12-08 Last updated: 2021-10-21Bibliographically approved
Zisman, A., Breaux, T., Fricker, S. & Glinz, M. (Eds.). (2020). Proceedings of the 28th IEEE International Requirements Engineering Conference (RE20). Paper presented at 28th IEEE International Requirements Engineering Conference, RE 2020, Zurich, Switzerland, 31 August 2020 through 4 September 2020. IEEE Computer Society
Open this publication in new window or tab >>Proceedings of the 28th IEEE International Requirements Engineering Conference (RE20)
2020 (English)Conference proceedings (editor) (Refereed)
Place, publisher, year, edition, pages
IEEE Computer Society, 2020
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-21077 (URN)10.1109/RE48521.2020 (DOI)9781728174389 (ISBN)
Conference
28th IEEE International Requirements Engineering Conference, RE 2020, Zurich, Switzerland, 31 August 2020 through 4 September 2020
Available from: 2021-02-17 Created: 2021-02-17 Last updated: 2021-02-22Bibliographically approved
Karras, O., Schneider, K. & Fricker, S. (2020). Representing software project vision by means of video: A quality model for vision videos. Journal of Systems and Software, 162, Article ID 110479.
Open this publication in new window or tab >>Representing software project vision by means of video: A quality model for vision videos
2020 (English)In: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 162, article id 110479Article in journal (Refereed) Published
Abstract [en]

Establishing a shared software project vision is a key challenge in Requirements Engineering (RE). Several approaches use videos to represent visions. However, these approaches omit how to produce a good video. This missing guidance is one crucial reason why videos are not established in RE. We propose a quality model for videos representing a vision, so-called vision videos. Based on two literature reviews, we elaborate ten quality characteristics of videos and five quality characteristics of visions which together form a quality model for vision videos that includes all 15 quality characteristics. We provide two representations of the quality model: (a) a hierarchical decomposition of vision video quality into the quality characteristics and (b) a mapping of these characteristics to the video production and use process. While the hierarchical decomposition supports the evaluation of vision videos, the mapping provides guidance for video production. In an evaluation with 139 students, we investigated whether the 15 characteristics are related to the overall quality of vision videos perceived by the subjects from a developer's the point of view. Six characteristics (video length, focus, prior knowledge, clarity, pleasure, and stability) correlated significantly with the likelihood that the subjects perceived a vision video as good. These relationships substantiate a fundamental relevance of the proposed quality model. Therefore, we conclude that the quality model is a sound basis for future refinements and extensions. © 2019 Elsevier Inc.

Place, publisher, year, edition, pages
Elsevier Inc., 2020
Keywords
Production, Quality characteristic, Quality model, Video, Vision, Vision video, Mapping, Video recording, Hierarchical decompositions, Literature reviews, Overall quality, Quality modeling, Software project, Video production, Quality control
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-19139 (URN)10.1016/j.jss.2019.110479 (DOI)000515427800006 ()2-s2.0-85077532554 (Scopus ID)
Note

open access

Available from: 2020-01-23 Created: 2020-01-23 Last updated: 2021-10-08Bibliographically approved
Shojaifar, A. & Fricker, S. (2020). SMEs’ Confidentiality Concerns for Security Information Sharing. In: Clarke N.,Furnell S. (Ed.), IFIP Advances in Information and Communication Technology: . Paper presented at 14th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2020, Mytilene, Greece; 8 July 2020 through 10 July 2020 (pp. 289-299). Springer Science and Business Media Deutschland GmbH, 593
Open this publication in new window or tab >>SMEs’ Confidentiality Concerns for Security Information Sharing
2020 (English)In: IFIP Advances in Information and Communication Technology / [ed] Clarke N.,Furnell S., Springer Science and Business Media Deutschland GmbH , 2020, Vol. 593, p. 289-299Conference paper, Published paper (Refereed)
Abstract [en]

Small and medium-sized enterprises (SME) are considered an essential part of the EU economy; however, highly vulnerable to cyber-attacks. SMEs have specific characteristics which separate them from large companies and influence their adoption of good cybersecurity practices. To mitigate the SMEs’ cybersecurity adoption issues and raise their awareness of cyber threats, we have designed a self-paced security assessment and capability improvement method, CYSEC. CYSEC is a security awareness and training method that utilises self-reporting questionnaires to collect companies’ information about cybersecurity awareness, practices, and vulnerabilities to generate automated recommendations for counselling. However, confidentiality concerns about cybersecurity information have an impact on companies’ willingness to share their information. Security information sharing decreases the risk of incidents and increases users’ self-efficacy in security awareness programs. This paper presents the results of semi-structured interviews with seven chief information security officers (CISOs) of SMEs to evaluate the impact of online consent communication on motivation for information sharing. The results were analysed in respect of the Self-Determination Theory (SDT). The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing. This allows many SMEs to participate in security information sharing activities and supports security experts to have a better overview of common vulnerabilities. © 2020, IFIP International Federation for Information Processing.

Place, publisher, year, edition, pages
Springer Science and Business Media Deutschland GmbH, 2020
Series
IFIP Advances in Information and Communication Technology
Keywords
Confidentiality concerns, Cybersecurity, Information sharing, Online consent, Small and medium-sized enterprises, Information analysis, Motivation, Network security, Surveys, Capability improvement, Chief information security officers, Security assessment, Self-determination theories, Semi structured interviews, Small- and medium-sized enterprise, Willingness to share, Information dissemination
National Category
Computer Sciences Other Civil Engineering
Identifiers
urn:nbn:se:bth-20903 (URN)10.1007/978-3-030-57404-8_22 (DOI)2-s2.0-85098143343 (Scopus ID)9783030574031 (ISBN)
Conference
14th International Symposium on Human Aspects of Information Security and Assurance, HAISA 2020, Mytilene, Greece; 8 July 2020 through 10 July 2020
Funder
EU, Horizon 2020, 740787, 883588
Note

open access

Available from: 2021-01-11 Created: 2021-01-11 Last updated: 2021-01-11Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0001-7368-4448

Search in DiVA

Show all publications