Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00047
Caio Steglich, Azriel Majdenbaum, S. Marczak, R. Santos
Information security is a key topic for most organizations. With the digital revolution, smartphones have become popular not only for personal use but also within organizations where many employees use them for business purposes. As smartphones are increasingly present in organizations, it is necessary to understand what recommendations the literature provides for the safe use of such devices, helping organizations to protect themselves from threats. ISO 27000 is a well-known standard for information security in a business context. It provides a set of controls that must be observed to ensure more secure organizational information. Therefore, the goal of this study is to identify which controls presented in ISO 27000, more specifically ISO 27001, are present in the Mobile Software Ecosystem (MSECO) literature. To do so, we conducted a systematic mapping review supplemented by a snowballing process to identify studies in the field of MSECO that have addressed any subject that is present in ISO 27001. We found that 34 out of the 114 ISO 27001 controls are covered by the MSECO literature. Also, some of the ISO sections (e.g., Asset Management) have not yet been explored in the MSECO literature. Our results can inspire future and further studies on the topic of MSECO information security.
{"title":"A Study on Organizational IT Security in Mobile Software Ecosystems Literature","authors":"Caio Steglich, Azriel Majdenbaum, S. Marczak, R. Santos","doi":"10.1109/ICSA-C50368.2020.00047","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00047","url":null,"abstract":"Information security is a key topic for most organizations. With the digital revolution, smartphones have become popular not only for personal use but also within organizations where many employees use them for business purposes. As smartphones are increasingly present in organizations, it is necessary to understand what recommendations the literature provides for the safe use of such devices, helping organizations to protect themselves from threats. ISO 27000 is a well-known standard for information security in a business context. It provides a set of controls that must be observed to ensure more secure organizational information. Therefore, the goal of this study is to identify which controls presented in ISO 27000, more specifically ISO 27001, are present in the Mobile Software Ecosystem (MSECO) literature. To do so, we conducted a systematic mapping review supplemented by a snowballing process to identify studies in the field of MSECO that have addressed any subject that is present in ISO 27001. We found that 34 out of the 114 ISO 27001 controls are covered by the MSECO literature. Also, some of the ISO sections (e.g., Asset Management) have not yet been explored in the MSECO literature. Our results can inspire future and further studies on the topic of MSECO information security.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"206 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132242781","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00044
Matheus de L. Calache, C. D. Farias
Web services have become increasingly important for software development. In order to facilitate the search, composition, and reuse of web services, their descriptions can be semantically annotated using definitions provided by an ontology, thus creating the so-called semantic web services. A semantic web service is developed according to different approaches and standards recommended by W3C, such as OWL-S, SAWSDL, and WSMO-Lite. A limited number of tools are available to support the development of semantic annotations using SAWSDL, such as Radiant, Iridescent, and EasyWSDL. However, these tools support the annotation process at a low abstraction level, therefore requiring from users an extensive technical knowledge on XML/WSDL, among other technologies. The semantic annotation task could be facilitated if the semantic annotation process were carried at a higher abstraction level using graphical notations. Additionally, the semantic annotation could also benefit from a collaborative approach. Different people from different backgrounds could individually contribute with the semantic web services creation, regardless of their geographic locations. In that sense, this paper presents a visual notation to represent the main elements of a WSDL 2.0 especification focused on the semantic annotation using SAWSDL. The paper also describes a graphical collaborative semantic annotation support tool.
{"title":"Graphical and Collaborative Annotation Support for Semantic Web Services","authors":"Matheus de L. Calache, C. D. Farias","doi":"10.1109/ICSA-C50368.2020.00044","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00044","url":null,"abstract":"Web services have become increasingly important for software development. In order to facilitate the search, composition, and reuse of web services, their descriptions can be semantically annotated using definitions provided by an ontology, thus creating the so-called semantic web services. A semantic web service is developed according to different approaches and standards recommended by W3C, such as OWL-S, SAWSDL, and WSMO-Lite. A limited number of tools are available to support the development of semantic annotations using SAWSDL, such as Radiant, Iridescent, and EasyWSDL. However, these tools support the annotation process at a low abstraction level, therefore requiring from users an extensive technical knowledge on XML/WSDL, among other technologies. The semantic annotation task could be facilitated if the semantic annotation process were carried at a higher abstraction level using graphical notations. Additionally, the semantic annotation could also benefit from a collaborative approach. Different people from different backgrounds could individually contribute with the semantic web services creation, regardless of their geographic locations. In that sense, this paper presents a visual notation to represent the main elements of a WSDL 2.0 especification focused on the semantic annotation using SAWSDL. The paper also describes a graphical collaborative semantic annotation support tool.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125178624","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00034
Z. Jaroucheh, B. Ghaleb, W. Buchanan
The proof-of-work consensus protocol suffers from two main limitations: waste of energy and offering only probabilistic guarantees about the status of the blockchain. This paper introduces SklCoin, a new Byzantine consensus protocol and its corresponding software architecture. This protocol leverages two ideas: 1) the proof-of-stake concept to dynamically form stakeproportionate consensus groups that represent block miners (stakeholders), and 2) scalable collective signing to efficiently commit transactions irreversibly. SklCoin has immediate finality characteristic where all miners instantly agree on the validity of blocks. In addition, SklCoin supports high transaction rate because of its fast miner election mechanism.
{"title":"SklCoin: Toward a Scalable Proof-of-Stake and Collective Signature Based Consensus Protocol for Strong Consistency in Blockchain","authors":"Z. Jaroucheh, B. Ghaleb, W. Buchanan","doi":"10.1109/ICSA-C50368.2020.00034","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00034","url":null,"abstract":"The proof-of-work consensus protocol suffers from two main limitations: waste of energy and offering only probabilistic guarantees about the status of the blockchain. This paper introduces SklCoin, a new Byzantine consensus protocol and its corresponding software architecture. This protocol leverages two ideas: 1) the proof-of-stake concept to dynamically form stakeproportionate consensus groups that represent block miners (stakeholders), and 2) scalable collective signing to efficiently commit transactions irreversibly. SklCoin has immediate finality characteristic where all miners instantly agree on the validity of blocks. In addition, SklCoin supports high transaction rate because of its fast miner election mechanism.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128150855","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00018
Sangeeth Kochanthara, Niels Rood, L. Cleophas, Y. Dajsuren, M. Brand
In cooperative driving, vehicles coordinate their actions as part of a system. Cooperative driving capabilities in vehicles are achieved by means of software, making this software safety critical. The current safety standard for vehicles, ISO 26262, is designed for individual vehicles and their software architecture, but not for cooperative driving settings. Moreover, the guidelines from the standard can only be used for generating safety goals and checking adherence to them. The standard’s guidelines do not cover mechanisms to meet the unmet safety goals or provide designers with available architecture choices.This paper presents an extension of the ISO 26262 standard from a single vehicle setting to a cooperative vehicle setting. We also show that the use of safety tactics and design patterns, which enable designers to be aware of possible design choices, can seamlessly be integrated into the ISO 26262 process. The resulting methodology enables designers to make informed choices and cover safety goals. Our case study on the software architecture of a real-life cooperative driving prototype shows that the proposed approach can provide new insights about its safety and mechanisms to improve it.
{"title":"Semi-automatic Architectural Suggestions for the Functional Safety of Cooperative Driving Systems","authors":"Sangeeth Kochanthara, Niels Rood, L. Cleophas, Y. Dajsuren, M. Brand","doi":"10.1109/ICSA-C50368.2020.00018","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00018","url":null,"abstract":"In cooperative driving, vehicles coordinate their actions as part of a system. Cooperative driving capabilities in vehicles are achieved by means of software, making this software safety critical. The current safety standard for vehicles, ISO 26262, is designed for individual vehicles and their software architecture, but not for cooperative driving settings. Moreover, the guidelines from the standard can only be used for generating safety goals and checking adherence to them. The standard’s guidelines do not cover mechanisms to meet the unmet safety goals or provide designers with available architecture choices.This paper presents an extension of the ISO 26262 standard from a single vehicle setting to a cooperative vehicle setting. We also show that the use of safety tactics and design patterns, which enable designers to be aware of possible design choices, can seamlessly be integrated into the ISO 26262 process. The resulting methodology enables designers to make informed choices and cover safety goals. Our case study on the software architecture of a real-life cooperative driving prototype shows that the proposed approach can provide new insights about its safety and mechanisms to improve it.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122534169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00011
Alexander Krause, C. Zirkelbach, W. Hasselbring, S. Lenga, Dan Kröger
Migrating monolithic software systems into microservices requires the application of decomposition techniques to find and select appropriate service boundaries. These techniques are often based on domain knowledge, static code analysis, and non-functional requirements such as maintainability.In this paper, we present our experience with an approach that extends static analysis with dynamic analysis of a legacy software system’s runtime behavior, including the live trace visualization to support the decomposition into microservices. Overall, our approach combines established analysis techniques for microservice decomposition, such as the bounded context pattern of domain-driven design, and enriches the collected information via dynamic software visualization to identify appropriate microservice boundaries.In collaboration with the German IT service provider adesso SE, we applied our approach to their real-word, legacy lottery application $invert {FOCUS}$ to identify good microservice decompositions for this layered monolithic Enterprise Java system.
将单片软件系统迁移到微服务需要应用分解技术来查找和选择适当的服务边界。这些技术通常基于领域知识、静态代码分析和非功能需求(如可维护性)。在本文中,我们介绍了我们使用一种方法的经验,该方法通过对遗留软件系统运行时行为的动态分析来扩展静态分析,包括支持分解为微服务的实时跟踪可视化。总体而言,我们的方法结合了微服务分解的现有分析技术,如领域驱动设计的有界上下文模式,并通过动态软件可视化丰富收集的信息,以识别适当的微服务边界。在与德国IT服务提供商adesso SE的合作中,我们将我们的方法应用到他们的实时遗留彩票应用程序$ In vert {FOCUS}$中,为这个分层的单片企业Java系统识别良好的微服务分解。
{"title":"Microservice Decomposition via Static and Dynamic Analysis of the Monolith","authors":"Alexander Krause, C. Zirkelbach, W. Hasselbring, S. Lenga, Dan Kröger","doi":"10.1109/ICSA-C50368.2020.00011","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00011","url":null,"abstract":"Migrating monolithic software systems into microservices requires the application of decomposition techniques to find and select appropriate service boundaries. These techniques are often based on domain knowledge, static code analysis, and non-functional requirements such as maintainability.In this paper, we present our experience with an approach that extends static analysis with dynamic analysis of a legacy software system’s runtime behavior, including the live trace visualization to support the decomposition into microservices. Overall, our approach combines established analysis techniques for microservice decomposition, such as the bounded context pattern of domain-driven design, and enriches the collected information via dynamic software visualization to identify appropriate microservice boundaries.In collaboration with the German IT service provider adesso SE, we applied our approach to their real-word, legacy lottery application $invert {FOCUS}$ to identify good microservice decompositions for this layered monolithic Enterprise Java system.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133037330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00037
L. Vianna, R. Wazlawick
Growing demand for hospital healthcare services has brought significant challenges for their managers. Variables with high uncertainty degree, such as the number of patients and the duration of their treatments, hinders the planning processes and make it difficult to properly comply with the established strategies. Controlling and identifying factors that affect the hospital management process depends on health database analysis. Therefore, it is important to consider the possibility of prospecting useful knowledge from the stored data. The objective of this research is to evaluate the hospital morbidity prediction through different data mining methods on ambulatory and hospital procedure records obtained from Brazilian public health databases. The research method consists of performing a predictive data mining by applying supervised learning algorithms on a regression problem. The highest Pearson correlation coefficient individually obtained in the three-month prediction time interval, through the data mining method that applied random forest associated with an attribute selection algorithm on the disease group of the ICD10 chapter XVI (Certain Conditions originating in the Perinatal Period), was 0.9682. Different results were achieved depending on the method applied, the group of diseases analyzed, and the proposed prediction time interval, which led to the conclusion that data mining on ambulatory and hospital records allowed the prediction of hospital morbidity. The hospital morbidity predictions obtained can minimize the undesired effect of the demand randomness for health services in the decision-making process.
{"title":"Data Mining for Hospital Morbidity Forecasting","authors":"L. Vianna, R. Wazlawick","doi":"10.1109/ICSA-C50368.2020.00037","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00037","url":null,"abstract":"Growing demand for hospital healthcare services has brought significant challenges for their managers. Variables with high uncertainty degree, such as the number of patients and the duration of their treatments, hinders the planning processes and make it difficult to properly comply with the established strategies. Controlling and identifying factors that affect the hospital management process depends on health database analysis. Therefore, it is important to consider the possibility of prospecting useful knowledge from the stored data. The objective of this research is to evaluate the hospital morbidity prediction through different data mining methods on ambulatory and hospital procedure records obtained from Brazilian public health databases. The research method consists of performing a predictive data mining by applying supervised learning algorithms on a regression problem. The highest Pearson correlation coefficient individually obtained in the three-month prediction time interval, through the data mining method that applied random forest associated with an attribute selection algorithm on the disease group of the ICD10 chapter XVI (Certain Conditions originating in the Perinatal Period), was 0.9682. Different results were achieved depending on the method applied, the group of diseases analyzed, and the proposed prediction time interval, which led to the conclusion that data mining on ambulatory and hospital records allowed the prediction of hospital morbidity. The hospital morbidity predictions obtained can minimize the undesired effect of the demand randomness for health services in the decision-making process.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117340062","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00051
Emilia Cioroaica, Stanislav Chren, Barbora Buhnova, T. Kuhn, D. Dimitrov
Formation of digital ecosystems enables a multitude of actors like organisations, users and developers to achieve different goals in cooperations. The achievement of operational, tactical and strategic goals of involved actors relies on trustworthy cooperation of systems that operate in open environments and might meet for the first time at runtime. Thus the evaluation of a potential collaborator’s trustworthiness also needs to be performed at runtime.In this paper, we enhance our work on trust prediction in digital ecosystems, based on digital twins evaluation, with a supporting reference architecture that enables the creation of such a digital twin for automatic computation of trust.
{"title":"Reference Architecture for Trust-Based Digital Ecosystems","authors":"Emilia Cioroaica, Stanislav Chren, Barbora Buhnova, T. Kuhn, D. Dimitrov","doi":"10.1109/ICSA-C50368.2020.00051","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00051","url":null,"abstract":"Formation of digital ecosystems enables a multitude of actors like organisations, users and developers to achieve different goals in cooperations. The achievement of operational, tactical and strategic goals of involved actors relies on trustworthy cooperation of systems that operate in open environments and might meet for the first time at runtime. Thus the evaluation of a potential collaborator’s trustworthiness also needs to be performed at runtime.In this paper, we enhance our work on trust prediction in digital ecosystems, based on digital twins evaluation, with a supporting reference architecture that enables the creation of such a digital twin for automatic computation of trust.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126921216","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-03-01DOI: 10.1109/ICSA-C50368.2020.00053
Markus böbel, I. Gerostathopoulos, T. Bures
Software architecture practice relies more and more on data-driven decision-making. Data-driven decisions are taken either by humans or by software agents via analyzing streams of timeseries data coming from different running systems. Since the quality of sensed data influences the analysis and subsequent decision-making, detecting data anomalies is an important and necessary part of any data analysis and data intelligence pipeline (such as those typically found in smart and self-adaptive systems). Although a number of data science libraries exist for timeseries anomaly detection, it is both time consuming and hard to plug realtime anomaly detection functionality in existing pipelines. The problem lies with the boilerplate code that needs to be provided for common tasks such as data ingestion, data transformation and preprocessing, invoking of model re-training when needed, and persisting of identified anomalies so that they can be acted upon or further analysed. In response, we created a toolbox for realtime anomaly detection that automates the above common tasks and modularizes the anomaly detection process in a number of clearly defined components. This serves as a plug-in solution for architecting and development of smart systems that have to adapt their behavior at runtime. In this paper, we describe the microservice architecture used by our toolbox and explain how to deploy it for obtaining an out-of-the-box solution for realtime anomaly detection out of ready-to-use components. We also provide an initial assessment of its performance.
{"title":"A Toolbox for Realtime Timeseries Anomaly Detection","authors":"Markus böbel, I. Gerostathopoulos, T. Bures","doi":"10.1109/ICSA-C50368.2020.00053","DOIUrl":"https://doi.org/10.1109/ICSA-C50368.2020.00053","url":null,"abstract":"Software architecture practice relies more and more on data-driven decision-making. Data-driven decisions are taken either by humans or by software agents via analyzing streams of timeseries data coming from different running systems. Since the quality of sensed data influences the analysis and subsequent decision-making, detecting data anomalies is an important and necessary part of any data analysis and data intelligence pipeline (such as those typically found in smart and self-adaptive systems). Although a number of data science libraries exist for timeseries anomaly detection, it is both time consuming and hard to plug realtime anomaly detection functionality in existing pipelines. The problem lies with the boilerplate code that needs to be provided for common tasks such as data ingestion, data transformation and preprocessing, invoking of model re-training when needed, and persisting of identified anomalies so that they can be acted upon or further analysed. In response, we created a toolbox for realtime anomaly detection that automates the above common tasks and modularizes the anomaly detection process in a number of clearly defined components. This serves as a plug-in solution for architecting and development of smart systems that have to adapt their behavior at runtime. In this paper, we describe the microservice architecture used by our toolbox and explain how to deploy it for obtaining an out-of-the-box solution for realtime anomaly detection out of ready-to-use components. We also provide an initial assessment of its performance.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"101 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124057085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: