20150520 phu nguyen_slr_experimentalmethodsincs

How To AVOID “Reinventing The Wheel” in Doing Research?

From Surveys to Systematic Literature Reviews in CS

Phu H. NguyenInterdisciplinary Centre for Security, Reliability and Trust (SnT),

University of Luxembourg, Luxembourg

ICTSS 2010How To AVOID “Reinventing The Wheel” in Research? Phu H. Nguyen 2

1. Group Exercise #12. An Introduction to SLR

Outline



Outline

3. Doing a SLR: From A to Z



Outline


4. Group Exercise #25. Take-Home Message


Group Exercise #1: Find the common parts in the outlines of PhD theses. (1 Point)



Outline


What & Why a Systematic Review?

www.replicatedtypo.com

http://www.google.co.th/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&docid=b9psiFLYn5fPHM&tbnid=ZP9RYmk5JWZ4wM:&ved=0CAQQjB0&url=http://www.replicatedtypo.com/systematic-reviews-101-systematic-reviews-vs-narrative-reviews/6308.html&ei=VL6cUrutJYvxrQf_34GgDw&bvm=bv.57155469,d.bmk&psig=AFQjCNGPrS7dwcPSmKIe8vXModAZmMiY1Q&ust=1386090449650919


To summarise the existing evidence concerning a treatment or technology

Why SLR?

To identify any gaps in current research in order to suggest areas for further investigation.

To provide a framework/background in order to appropriately position new research activities.

Keele Uni’s Staffs. Guidelines for performing systematic literature reviews in software engineering. Technical report, EBSE Technical Report EBSE-2007-01, 2007.



Steps


What make Systematic Literature Reviews different from normal literature surveys?




Outline


Model-Driven Security(MDS)

Article (Fernandez-Medina2009)


Research Question (RQ) 1: How are the existing MDS approaches supporting the development of secure systems?


Sub-Research Questions

RQ1.1 What kinds of security mechanisms/concerns are addressed by these MDS approaches?

RQ1.2 How do the MDS approaches specify/model security requirements together with functional requirements?

RQ1.3 How model-to-model transformations (MMTs) are leveraged and which MMT engines are used?

RQ1.4 How model-to-text transformations (MTTs) are leveraged to generate code, including complete, configured security infrastructures?



Sub-Research Questions

RQ1.5 Have any case studies been performed to evaluate the approaches? If yes, what results have been obtained? What other evaluation methods (other than case studies) have been applied to evaluate these approaches?

RQ1.6 Which application domains have been addressed in MDS approaches?



RQ3: What are the open issues to be further investigated?

RQ2: What are the current limitations of each approach?


( “model-driven” OR “model based” OR MDA OR MDE OR model* OR UML ) AND ( specify* OR design* ) AND ( transform* OR “code generation” ) AND security

Selection Criteria

IEEE Xplore ACM Digital Library

ISI Web of Knowledge

Science Direct

Springer


Evaluation Criteria - A Taxonomy of MDS

Security concerns/mechanisms

Modeling approaches

Model-to-model transformations (MMTs)

Model-to-text transformations (MTTs)

Evaluation methods

Application domains


Results

Security concerns addressed by MDS. Why is Authorization tackled the most?


Aspect-Oriented Modeling vs. Non-AOM


Results

Model-to-model transformations


Results

Model-to-code transformations


Results

Application domains


Results in details.


Primary Approaches

UMLSec

SecureUML SECTET

SECURE DATA WAREHOUSE

SecureMDD


Group Exercise #2: Let’s fake a quick SLR on the beers being sold in Luxembourg. (1 Point)



Outline


4. Group Exercise #25. Take-Home Message


• More information? Interested? => our paper is available!

• Twitter: @nguyenhongphu

The End! Q&A

20150520 phu nguyen_slr_experimentalmethodsincs

Education

Transcript of 20150520 phu nguyen_slr_experimentalmethodsincs