Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00047
Caio Steglich, Azriel Majdenbaum, S. Marczak, R. Santos
Information security is a key topic for most organizations. With the digital revolution, smartphones have become popular not only for personal use but also within organizations where many employees use them for business purposes. As smartphones are increasingly present in organizations, it is necessary to understand what recommendations the literature provides for the safe use of such devices, helping organizations to protect themselves from threats. ISO 27000 is a well-known standard for information security in a business context. It provides a set of controls that must be observed to ensure more secure organizational information. Therefore, the goal of this study is to identify which controls presented in ISO 27000, more specifically ISO 27001, are present in the Mobile Software Ecosystem (MSECO) literature. To do so, we conducted a systematic mapping review supplemented by a snowballing process to identify studies in the field of MSECO that have addressed any subject that is present in ISO 27001. We found that 34 out of the 114 ISO 27001 controls are covered by the MSECO literature. Also, some of the ISO sections (e.g., Asset Management) have not yet been explored in the MSECO literature. Our results can inspire future and further studies on the topic of MSECO information security.
{"title":"A Study on Organizational IT Security in Mobile Software Ecosystems Literature","authors":"Caio Steglich, Azriel Majdenbaum, S. Marczak, R. Santos","doi":"10.1109/ICSA-C50368.2020.00047","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00047","url":null,"abstract":"Information security is a key topic for most organizations. With the digital revolution, smartphones have become popular not only for personal use but also within organizations where many employees use them for business purposes. As smartphones are increasingly present in organizations, it is necessary to understand what recommendations the literature provides for the safe use of such devices, helping organizations to protect themselves from threats. ISO 27000 is a well-known standard for information security in a business context. It provides a set of controls that must be observed to ensure more secure organizational information. Therefore, the goal of this study is to identify which controls presented in ISO 27000, more specifically ISO 27001, are present in the Mobile Software Ecosystem (MSECO) literature. To do so, we conducted a systematic mapping review supplemented by a snowballing process to identify studies in the field of MSECO that have addressed any subject that is present in ISO 27001. We found that 34 out of the 114 ISO 27001 controls are covered by the MSECO literature. Also, some of the ISO sections (e.g., Asset Management) have not yet been explored in the MSECO literature. Our results can inspire future and further studies on the topic of MSECO information security.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"206 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132242781","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00034
Z. Jaroucheh, B. Ghaleb, W. Buchanan
The proof-of-work consensus protocol suffers from two main limitations: waste of energy and offering only probabilistic guarantees about the status of the blockchain. This paper introduces SklCoin, a new Byzantine consensus protocol and its corresponding software architecture. This protocol leverages two ideas: 1) the proof-of-stake concept to dynamically form stakeproportionate consensus groups that represent block miners (stakeholders), and 2) scalable collective signing to efficiently commit transactions irreversibly. SklCoin has immediate finality characteristic where all miners instantly agree on the validity of blocks. In addition, SklCoin supports high transaction rate because of its fast miner election mechanism.
{"title":"SklCoin: Toward a Scalable Proof-of-Stake and Collective Signature Based Consensus Protocol for Strong Consistency in Blockchain","authors":"Z. Jaroucheh, B. Ghaleb, W. Buchanan","doi":"10.1109/ICSA-C50368.2020.00034","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00034","url":null,"abstract":"The proof-of-work consensus protocol suffers from two main limitations: waste of energy and offering only probabilistic guarantees about the status of the blockchain. This paper introduces SklCoin, a new Byzantine consensus protocol and its corresponding software architecture. This protocol leverages two ideas: 1) the proof-of-stake concept to dynamically form stakeproportionate consensus groups that represent block miners (stakeholders), and 2) scalable collective signing to efficiently commit transactions irreversibly. SklCoin has immediate finality characteristic where all miners instantly agree on the validity of blocks. In addition, SklCoin supports high transaction rate because of its fast miner election mechanism.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128150855","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00044
Matheus de L. Calache, C. D. Farias
Web services have become increasingly important for software development. In order to facilitate the search, composition, and reuse of web services, their descriptions can be semantically annotated using definitions provided by an ontology, thus creating the so-called semantic web services. A semantic web service is developed according to different approaches and standards recommended by W3C, such as OWL-S, SAWSDL, and WSMO-Lite. A limited number of tools are available to support the development of semantic annotations using SAWSDL, such as Radiant, Iridescent, and EasyWSDL. However, these tools support the annotation process at a low abstraction level, therefore requiring from users an extensive technical knowledge on XML/WSDL, among other technologies. The semantic annotation task could be facilitated if the semantic annotation process were carried at a higher abstraction level using graphical notations. Additionally, the semantic annotation could also benefit from a collaborative approach. Different people from different backgrounds could individually contribute with the semantic web services creation, regardless of their geographic locations. In that sense, this paper presents a visual notation to represent the main elements of a WSDL 2.0 especification focused on the semantic annotation using SAWSDL. The paper also describes a graphical collaborative semantic annotation support tool.
{"title":"Graphical and Collaborative Annotation Support for Semantic Web Services","authors":"Matheus de L. Calache, C. D. Farias","doi":"10.1109/ICSA-C50368.2020.00044","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00044","url":null,"abstract":"Web services have become increasingly important for software development. In order to facilitate the search, composition, and reuse of web services, their descriptions can be semantically annotated using definitions provided by an ontology, thus creating the so-called semantic web services. A semantic web service is developed according to different approaches and standards recommended by W3C, such as OWL-S, SAWSDL, and WSMO-Lite. A limited number of tools are available to support the development of semantic annotations using SAWSDL, such as Radiant, Iridescent, and EasyWSDL. However, these tools support the annotation process at a low abstraction level, therefore requiring from users an extensive technical knowledge on XML/WSDL, among other technologies. The semantic annotation task could be facilitated if the semantic annotation process were carried at a higher abstraction level using graphical notations. Additionally, the semantic annotation could also benefit from a collaborative approach. Different people from different backgrounds could individually contribute with the semantic web services creation, regardless of their geographic locations. In that sense, this paper presents a visual notation to represent the main elements of a WSDL 2.0 especification focused on the semantic annotation using SAWSDL. The paper also describes a graphical collaborative semantic annotation support tool.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125178624","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00018
Sangeeth Kochanthara, Niels Rood, L. Cleophas, Y. Dajsuren, M. Brand
In cooperative driving, vehicles coordinate their actions as part of a system. Cooperative driving capabilities in vehicles are achieved by means of software, making this software safety critical. The current safety standard for vehicles, ISO 26262, is designed for individual vehicles and their software architecture, but not for cooperative driving settings. Moreover, the guidelines from the standard can only be used for generating safety goals and checking adherence to them. The standard’s guidelines do not cover mechanisms to meet the unmet safety goals or provide designers with available architecture choices.This paper presents an extension of the ISO 26262 standard from a single vehicle setting to a cooperative vehicle setting. We also show that the use of safety tactics and design patterns, which enable designers to be aware of possible design choices, can seamlessly be integrated into the ISO 26262 process. The resulting methodology enables designers to make informed choices and cover safety goals. Our case study on the software architecture of a real-life cooperative driving prototype shows that the proposed approach can provide new insights about its safety and mechanisms to improve it.
{"title":"Semi-automatic Architectural Suggestions for the Functional Safety of Cooperative Driving Systems","authors":"Sangeeth Kochanthara, Niels Rood, L. Cleophas, Y. Dajsuren, M. Brand","doi":"10.1109/ICSA-C50368.2020.00018","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00018","url":null,"abstract":"In cooperative driving, vehicles coordinate their actions as part of a system. Cooperative driving capabilities in vehicles are achieved by means of software, making this software safety critical. The current safety standard for vehicles, ISO 26262, is designed for individual vehicles and their software architecture, but not for cooperative driving settings. Moreover, the guidelines from the standard can only be used for generating safety goals and checking adherence to them. The standard’s guidelines do not cover mechanisms to meet the unmet safety goals or provide designers with available architecture choices.This paper presents an extension of the ISO 26262 standard from a single vehicle setting to a cooperative vehicle setting. We also show that the use of safety tactics and design patterns, which enable designers to be aware of possible design choices, can seamlessly be integrated into the ISO 26262 process. The resulting methodology enables designers to make informed choices and cover safety goals. Our case study on the software architecture of a real-life cooperative driving prototype shows that the proposed approach can provide new insights about its safety and mechanisms to improve it.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122534169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00011
Alexander Krause, C. Zirkelbach, W. Hasselbring, S. Lenga, Dan Kröger
Migrating monolithic software systems into microservices requires the application of decomposition techniques to find and select appropriate service boundaries. These techniques are often based on domain knowledge, static code analysis, and non-functional requirements such as maintainability.In this paper, we present our experience with an approach that extends static analysis with dynamic analysis of a legacy software system’s runtime behavior, including the live trace visualization to support the decomposition into microservices. Overall, our approach combines established analysis techniques for microservice decomposition, such as the bounded context pattern of domain-driven design, and enriches the collected information via dynamic software visualization to identify appropriate microservice boundaries.In collaboration with the German IT service provider adesso SE, we applied our approach to their real-word, legacy lottery application $invert {FOCUS}$ to identify good microservice decompositions for this layered monolithic Enterprise Java system.
将单片软件系统迁移到微服务需要应用分解技术来查找和选择适当的服务边界。这些技术通常基于领域知识、静态代码分析和非功能需求(如可维护性)。在本文中,我们介绍了我们使用一种方法的经验,该方法通过对遗留软件系统运行时行为的动态分析来扩展静态分析,包括支持分解为微服务的实时跟踪可视化。总体而言,我们的方法结合了微服务分解的现有分析技术,如领域驱动设计的有界上下文模式,并通过动态软件可视化丰富收集的信息,以识别适当的微服务边界。在与德国IT服务提供商adesso SE的合作中,我们将我们的方法应用到他们的实时遗留彩票应用程序$ In vert {FOCUS}$中,为这个分层的单片企业Java系统识别良好的微服务分解。
{"title":"Microservice Decomposition via Static and Dynamic Analysis of the Monolith","authors":"Alexander Krause, C. Zirkelbach, W. Hasselbring, S. Lenga, Dan Kröger","doi":"10.1109/ICSA-C50368.2020.00011","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00011","url":null,"abstract":"Migrating monolithic software systems into microservices requires the application of decomposition techniques to find and select appropriate service boundaries. These techniques are often based on domain knowledge, static code analysis, and non-functional requirements such as maintainability.In this paper, we present our experience with an approach that extends static analysis with dynamic analysis of a legacy software system’s runtime behavior, including the live trace visualization to support the decomposition into microservices. Overall, our approach combines established analysis techniques for microservice decomposition, such as the bounded context pattern of domain-driven design, and enriches the collected information via dynamic software visualization to identify appropriate microservice boundaries.In collaboration with the German IT service provider adesso SE, we applied our approach to their real-word, legacy lottery application $invert {FOCUS}$ to identify good microservice decompositions for this layered monolithic Enterprise Java system.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133037330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00037
L. Vianna, R. Wazlawick
Growing demand for hospital healthcare services has brought significant challenges for their managers. Variables with high uncertainty degree, such as the number of patients and the duration of their treatments, hinders the planning processes and make it difficult to properly comply with the established strategies. Controlling and identifying factors that affect the hospital management process depends on health database analysis. Therefore, it is important to consider the possibility of prospecting useful knowledge from the stored data. The objective of this research is to evaluate the hospital morbidity prediction through different data mining methods on ambulatory and hospital procedure records obtained from Brazilian public health databases. The research method consists of performing a predictive data mining by applying supervised learning algorithms on a regression problem. The highest Pearson correlation coefficient individually obtained in the three-month prediction time interval, through the data mining method that applied random forest associated with an attribute selection algorithm on the disease group of the ICD10 chapter XVI (Certain Conditions originating in the Perinatal Period), was 0.9682. Different results were achieved depending on the method applied, the group of diseases analyzed, and the proposed prediction time interval, which led to the conclusion that data mining on ambulatory and hospital records allowed the prediction of hospital morbidity. The hospital morbidity predictions obtained can minimize the undesired effect of the demand randomness for health services in the decision-making process.
{"title":"Data Mining for Hospital Morbidity Forecasting","authors":"L. Vianna, R. Wazlawick","doi":"10.1109/ICSA-C50368.2020.00037","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00037","url":null,"abstract":"Growing demand for hospital healthcare services has brought significant challenges for their managers. Variables with high uncertainty degree, such as the number of patients and the duration of their treatments, hinders the planning processes and make it difficult to properly comply with the established strategies. Controlling and identifying factors that affect the hospital management process depends on health database analysis. Therefore, it is important to consider the possibility of prospecting useful knowledge from the stored data. The objective of this research is to evaluate the hospital morbidity prediction through different data mining methods on ambulatory and hospital procedure records obtained from Brazilian public health databases. The research method consists of performing a predictive data mining by applying supervised learning algorithms on a regression problem. The highest Pearson correlation coefficient individually obtained in the three-month prediction time interval, through the data mining method that applied random forest associated with an attribute selection algorithm on the disease group of the ICD10 chapter XVI (Certain Conditions originating in the Perinatal Period), was 0.9682. Different results were achieved depending on the method applied, the group of diseases analyzed, and the proposed prediction time interval, which led to the conclusion that data mining on ambulatory and hospital records allowed the prediction of hospital morbidity. The hospital morbidity predictions obtained can minimize the undesired effect of the demand randomness for health services in the decision-making process.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117340062","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00009
Alessio Bucaioni, John Lundbäck, Patrizio Pelliccione, S. Mubeen
This tutorial focuses on the vehicular domain, which is living a very interesting moment due to the many challenges the domain is experiencing, including autonomy of vehicles, vehicles that are becoming constituent systems in the system-of-systems context and many more. The ever-increasing software complexity in vehicles requires software architecture descriptions, which enable the software developers to compare and relate different products across different vehicle programs, development units, and organisations (in the vehicular ecosystem). Many vehicular functions are constrained by stringent timing requirements. The developers of these functions are required to analyse and verify these requirements at the software architecture level and often very early during the development process [1], [2]. In this context, the tutorial focuses on the design and timing predictability verification of vehicular software architectures for different Electrical and Electronic (E/E) architectures in connected and autonomous vehicles. The key takeaways of the tutorial are: i) an overview of the software development for various vehicular E/E architectures; ii) an overview of state of the art in the area; iii) understanding rudiments and value of timing analysis for this domain; iv) experience an industrial process for architecting and analysing the vehicle software via hands-on practice and demonstration.
{"title":"Architecting and Analysing Connected Autonomous Vehicles","authors":"Alessio Bucaioni, John Lundbäck, Patrizio Pelliccione, S. Mubeen","doi":"10.1109/ICSA-C50368.2020.00009","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00009","url":null,"abstract":"This tutorial focuses on the vehicular domain, which is living a very interesting moment due to the many challenges the domain is experiencing, including autonomy of vehicles, vehicles that are becoming constituent systems in the system-of-systems context and many more. The ever-increasing software complexity in vehicles requires software architecture descriptions, which enable the software developers to compare and relate different products across different vehicle programs, development units, and organisations (in the vehicular ecosystem). Many vehicular functions are constrained by stringent timing requirements. The developers of these functions are required to analyse and verify these requirements at the software architecture level and often very early during the development process [1], [2]. In this context, the tutorial focuses on the design and timing predictability verification of vehicular software architectures for different Electrical and Electronic (E/E) architectures in connected and autonomous vehicles. The key takeaways of the tutorial are: i) an overview of the software development for various vehicular E/E architectures; ii) an overview of state of the art in the area; iii) understanding rudiments and value of timing analysis for this domain; iv) experience an industrial process for architecting and analysing the vehicle software via hands-on practice and demonstration.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128851915","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00028
A. Abreu, E. Coutinho
Blockchain is an emerging technology that is attracting a lot of attention from both academia and industry. Blockchain when used as a decentralized technology could be utilized in various useful applications, such as healthcare, logistics, supply chain management, education, among others. However, there is the integration factor between technologies and environments, which have their own characteristics and challenges. A pattern is a solution with reusable fetures for a problem that commonly occurs in a given context during software design phases. Usually, when adopting a design pattern, there are trade-offs among quality attributes. In this context, using patterns can promote a better use for blockchain in traditional application and system development, and disseminate best practices. The aim of this paper is to analyze a traditional web application that uses blockchain features from the viewpoint of some patterns, specifically patterns that describe the blockchain integration with the outside world. As a result, we found that applying blockchain patterns can benefit systems, especially those that require integration with other systems, such as legacy or existing.
{"title":"A Pattern Adherence Analysis to a Blockchain Web Application","authors":"A. Abreu, E. Coutinho","doi":"10.1109/ICSA-C50368.2020.00028","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00028","url":null,"abstract":"Blockchain is an emerging technology that is attracting a lot of attention from both academia and industry. Blockchain when used as a decentralized technology could be utilized in various useful applications, such as healthcare, logistics, supply chain management, education, among others. However, there is the integration factor between technologies and environments, which have their own characteristics and challenges. A pattern is a solution with reusable fetures for a problem that commonly occurs in a given context during software design phases. Usually, when adopting a design pattern, there are trade-offs among quality attributes. In this context, using patterns can promote a better use for blockchain in traditional application and system development, and disseminate best practices. The aim of this paper is to analyze a traditional web application that uses blockchain features from the viewpoint of some patterns, specifically patterns that describe the blockchain integration with the outside world. As a result, we found that applying blockchain patterns can benefit systems, especially those that require integration with other systems, such as legacy or existing.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127788259","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: