Pub Date : 2011-07-04DOI: 10.1109/SERVICES.2011.78
N. Racz, E. Weippl, R. Bonazzi
The integration of governance, risk, and compliance (GRC) activities has gained importance over the last years. This paper presents an analysis of the GRC integration efforts in information technology departments of three large enterprises. Action design research is used to organize the research in order to assess IT GRC activities based on a model with five dimensions. By means of semi-structured interviews key findings concerning the status quo of the three IT GRC disciplines, their integration and their relation to GRC on the corporate level are identified and rated. Five key findings explain the main commonalities and differences observed.
{"title":"IT Governance, Risk & Compliance (GRC) Status Quo and Integration: An Explorative Industry Case Study","authors":"N. Racz, E. Weippl, R. Bonazzi","doi":"10.1109/SERVICES.2011.78","DOIUrl":"https://doi.org/10.1109/SERVICES.2011.78","url":null,"abstract":"The integration of governance, risk, and compliance (GRC) activities has gained importance over the last years. This paper presents an analysis of the GRC integration efforts in information technology departments of three large enterprises. Action design research is used to organize the research in order to assess IT GRC activities based on a model with five dimensions. By means of semi-structured interviews key findings concerning the status quo of the three IT GRC disciplines, their integration and their relation to GRC on the corporate level are identified and rated. Five key findings explain the main commonalities and differences observed.","PeriodicalId":429726,"journal":{"name":"2011 IEEE World Congress on Services","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115268234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-07-04DOI: 10.1109/SERVICES.2011.74
Lingjing Wu, Guangtai Liang, S. Kui, Qianxiang Wang
Due to the benefits of cloud computing, many desktop applications have been migrated into the cloud. In order to program in the cloud, lots of IDEs are also moved into the cloud at recent years. Although online IDE can bring developers a lot of convenience for their developing process, some tough problems are still less touched. This paper summarized three main kinds of actual problems from three aspects (Function implementation, Security guarantee, Advanced utilization) encountered when using the online IDE, and proposed three solutions (Services composition, Program behavior analysis, Program behavior mining) to handle these according problems. Finally, this paper introduce a real online IDE (CEclipse) developed by our research group and apply the three solutions in this online IDE.
{"title":"CEclipse: An Online IDE for Programing in the Cloud","authors":"Lingjing Wu, Guangtai Liang, S. Kui, Qianxiang Wang","doi":"10.1109/SERVICES.2011.74","DOIUrl":"https://doi.org/10.1109/SERVICES.2011.74","url":null,"abstract":"Due to the benefits of cloud computing, many desktop applications have been migrated into the cloud. In order to program in the cloud, lots of IDEs are also moved into the cloud at recent years. Although online IDE can bring developers a lot of convenience for their developing process, some tough problems are still less touched. This paper summarized three main kinds of actual problems from three aspects (Function implementation, Security guarantee, Advanced utilization) encountered when using the online IDE, and proposed three solutions (Services composition, Program behavior analysis, Program behavior mining) to handle these according problems. Finally, this paper introduce a real online IDE (CEclipse) developed by our research group and apply the three solutions in this online IDE.","PeriodicalId":429726,"journal":{"name":"2011 IEEE World Congress on Services","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114294145","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-07-04DOI: 10.1109/SERVICES.2011.59
Xiuxia Tian, Xiaoling Wang, Aoying Zhou
Database as a Service(DaaS) is a practical and useful paradigm, in which the Database Service Provider(DSP) hosts the delegated database generated from the Source DB of Data Owner(DO). Due to the untrusted DSP, most of the proposed approaches were concentrated on using encryption to guarantee the privacy of delegated database and using partition based index to speed up the query. However, few papers were proposed to guarantee the privacy of delegated access control policies. Therefore in order to improve the usability of delegated database and guarantee the privacy of delegated access control policies, a critical problem to be addressed in DaaS is to make the DSP enforce the delegated selective authorization policies correctly, but know nothing about the privacy of users or the privacy of delegated authorization policies. In this paper, we present a privacy preserving selective authorization enforcement approach to resolve the critical problem above. By using selective encryption, Pedersen commitment and access control policy polynomial, the privacy of delegated access control policies and the privacy of users can be efficiently guaranteed. Finally we analyze the security properties of our approach from different aspects.
{"title":"A Privacy Preserving Selective Authorization Enforcement Approach in Daas","authors":"Xiuxia Tian, Xiaoling Wang, Aoying Zhou","doi":"10.1109/SERVICES.2011.59","DOIUrl":"https://doi.org/10.1109/SERVICES.2011.59","url":null,"abstract":"Database as a Service(DaaS) is a practical and useful paradigm, in which the Database Service Provider(DSP) hosts the delegated database generated from the Source DB of Data Owner(DO). Due to the untrusted DSP, most of the proposed approaches were concentrated on using encryption to guarantee the privacy of delegated database and using partition based index to speed up the query. However, few papers were proposed to guarantee the privacy of delegated access control policies. Therefore in order to improve the usability of delegated database and guarantee the privacy of delegated access control policies, a critical problem to be addressed in DaaS is to make the DSP enforce the delegated selective authorization policies correctly, but know nothing about the privacy of users or the privacy of delegated authorization policies. In this paper, we present a privacy preserving selective authorization enforcement approach to resolve the critical problem above. By using selective encryption, Pedersen commitment and access control policy polynomial, the privacy of delegated access control policies and the privacy of users can be efficiently guaranteed. Finally we analyze the security properties of our approach from different aspects.","PeriodicalId":429726,"journal":{"name":"2011 IEEE World Congress on Services","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115150936","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-07-04DOI: 10.1109/SERVICES.2011.60
S. Mallick, R. Pandey, Sanjeev Neupane, Shakti Mishra, D. S. Kushwaha
Web services are software components developed to simplify machine-to-machine interaction over the Web. Many researches are targeted towards Web service standardization, and these efforts have significantly contributed towards improving functionality of Service Oriented Architecture (SOA). However, there are number of issues yet to be resolved. Among them, one of the major challenges is the standardization of Web service composition. When a single web service cannot satisfy the given request, composition of web services need to be incorporated. In this paper, we address Web service composition problem with the signature-based service discovery and composition approach[30]. In the proposed approach, each web service is described by WSDL. Our design eliminates the need of complicated discovery agents like UDDI and also facilitates validation of the service before actually accessing it for integration. The composition problem has been modelled as a finite state machine, which means if the all the intermediate states are rightly composed then the final composition is successful. We propose a simple yet efficient algorithm DISCOMP for the discovery and composition. This paper analyses build time and runtime issues related to signature-based approach. We support our design decision with implementation and performance results obtained on a decentralized setup.
{"title":"Simplifying Web Service Discovery & Validating Service Composition","authors":"S. Mallick, R. Pandey, Sanjeev Neupane, Shakti Mishra, D. S. Kushwaha","doi":"10.1109/SERVICES.2011.60","DOIUrl":"https://doi.org/10.1109/SERVICES.2011.60","url":null,"abstract":"Web services are software components developed to simplify machine-to-machine interaction over the Web. Many researches are targeted towards Web service standardization, and these efforts have significantly contributed towards improving functionality of Service Oriented Architecture (SOA). However, there are number of issues yet to be resolved. Among them, one of the major challenges is the standardization of Web service composition. When a single web service cannot satisfy the given request, composition of web services need to be incorporated. In this paper, we address Web service composition problem with the signature-based service discovery and composition approach[30]. In the proposed approach, each web service is described by WSDL. Our design eliminates the need of complicated discovery agents like UDDI and also facilitates validation of the service before actually accessing it for integration. The composition problem has been modelled as a finite state machine, which means if the all the intermediate states are rightly composed then the final composition is successful. We propose a simple yet efficient algorithm DISCOMP for the discovery and composition. This paper analyses build time and runtime issues related to signature-based approach. We support our design decision with implementation and performance results obtained on a decentralized setup.","PeriodicalId":429726,"journal":{"name":"2011 IEEE World Congress on Services","volume":"164 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114098267","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-07-04DOI: 10.1109/SERVICES.2011.44
Walter Binder, Daniele Bonetta, C. Pautasso, A. Peternier, D. Milano, H. Schuldt, Nenad Stojnic, B. Faltings, Immanuel Trummer
Service-oriented architectures (SOAs) provide a successful model for structuring complex distributed software systems, as they reduce the cost of ownership and ease the creation of new applications by composing existing services. However, currently, the development of service-oriented applications requires many manual tasks and prevailing infrastructure is often based on centralized components that are central points of failure and easily become bottlenecks. In this paper, we promote self-organizing SOA as a new approach to overcome these limitations. Self-organizing SOA integrates research results in the areas of autonomic and service oriented computing. We consider self-organizing features for the whole life-cycle of a service-oriented application, from the creation to the execution, optimization, and monitoring.
{"title":"Towards Self-Organizing Service-Oriented Architectures","authors":"Walter Binder, Daniele Bonetta, C. Pautasso, A. Peternier, D. Milano, H. Schuldt, Nenad Stojnic, B. Faltings, Immanuel Trummer","doi":"10.1109/SERVICES.2011.44","DOIUrl":"https://doi.org/10.1109/SERVICES.2011.44","url":null,"abstract":"Service-oriented architectures (SOAs) provide a successful model for structuring complex distributed software systems, as they reduce the cost of ownership and ease the creation of new applications by composing existing services. However, currently, the development of service-oriented applications requires many manual tasks and prevailing infrastructure is often based on centralized components that are central points of failure and easily become bottlenecks. In this paper, we promote self-organizing SOA as a new approach to overcome these limitations. Self-organizing SOA integrates research results in the areas of autonomic and service oriented computing. We consider self-organizing features for the whole life-cycle of a service-oriented application, from the creation to the execution, optimization, and monitoring.","PeriodicalId":429726,"journal":{"name":"2011 IEEE World Congress on Services","volume":"91 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127283800","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-07-04DOI: 10.1109/SERVICES.2011.105
R. Bohn, J. Messina, Fang Liu, Jin Tong, Jian Mao
This paper presents the first version of the NIST Cloud Computing Reference Architecture (RA). This is a vendor neutral conceptual model that concentrates on the role and interactions of the identified actors in the cloud computing sphere. Five primary actors were identified - Cloud Service Consumer, Cloud Service Provider, Cloud Broker, Cloud Auditor and Cloud Carrier. Their roles and activities are discussed in this report. A primary goal for generating this model was to give the United States Government (USG) a method for understanding and communicating the components of a cloud computing system for Federal IT executives, Program Managers and IT procurement officials.
{"title":"NIST Cloud Computing Reference Architecture","authors":"R. Bohn, J. Messina, Fang Liu, Jin Tong, Jian Mao","doi":"10.1109/SERVICES.2011.105","DOIUrl":"https://doi.org/10.1109/SERVICES.2011.105","url":null,"abstract":"This paper presents the first version of the NIST Cloud Computing Reference Architecture (RA). This is a vendor neutral conceptual model that concentrates on the role and interactions of the identified actors in the cloud computing sphere. Five primary actors were identified - Cloud Service Consumer, Cloud Service Provider, Cloud Broker, Cloud Auditor and Cloud Carrier. Their roles and activities are discussed in this report. A primary goal for generating this model was to give the United States Government (USG) a method for understanding and communicating the components of a cloud computing system for Federal IT executives, Program Managers and IT procurement officials.","PeriodicalId":429726,"journal":{"name":"2011 IEEE World Congress on Services","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121770698","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-07-04DOI: 10.1109/SERVICES.2011.103
M. Hirzalla, A. Zisman, J. Cleland-Huang
recognized as an important paradigm for software engineering. Several organizations are in the process of adopting and evolving SOA deployments. In this paper we present IntelliTrace, an intelligent traceability framework to support impact analysis across different modeling layers of a SOA based system. The framework uses traceability links among different SOA artifacts to analyze the impact that changes in SOA-based systems can have in key performance indicators. The change impact analysis is triggered by different situations such as changes at the service level, business process level, goal level, key performance indicators, and SOA infrastructure. A prototype tool has been implemented in order to illustrate and evaluate the framework. An extensive case study built around an online airline reservation system is used to evaluate the framework.
{"title":"Using Traceability to Support SOA Impact Analysis","authors":"M. Hirzalla, A. Zisman, J. Cleland-Huang","doi":"10.1109/SERVICES.2011.103","DOIUrl":"https://doi.org/10.1109/SERVICES.2011.103","url":null,"abstract":"recognized as an important paradigm for software engineering. Several organizations are in the process of adopting and evolving SOA deployments. In this paper we present IntelliTrace, an intelligent traceability framework to support impact analysis across different modeling layers of a SOA based system. The framework uses traceability links among different SOA artifacts to analyze the impact that changes in SOA-based systems can have in key performance indicators. The change impact analysis is triggered by different situations such as changes at the service level, business process level, goal level, key performance indicators, and SOA infrastructure. A prototype tool has been implemented in order to illustrate and evaluate the framework. An extensive case study built around an online airline reservation system is used to evaluate the framework.","PeriodicalId":429726,"journal":{"name":"2011 IEEE World Congress on Services","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130564686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-07-04DOI: 10.1109/SERVICES.2011.20
Shubhashis Sengupta, Vikrant S. Kaulgud, V. Sharma
Cloud Computing is increasingly becoming popular as many enterprise applications and data are moving into cloud platforms. However, a major barrier for cloud adoption is real and perceived lack of security. In this paper, we take a holistic view of cloud computing security - spanning across the possible issues and vulnerabilities connected with virtualization infrastructure, software platform, identity management and access control, data integrity, confidentiality and privacy, physical and process security aspects, and legal compliance in cloud. We present our findings from the points of view of a cloud service provider, cloud consumer, and third-party authorities such as Govt. We also discuss important research directions in cloud security in areas such as Trusted Computing, Information Centric Security and Privacy Preserving Models. Finally, we sketch a set of steps that can be used, at a high level, to assess security preparedness for a business application to be migrated to cloud.
{"title":"Cloud Computing Security--Trends and Research Directions","authors":"Shubhashis Sengupta, Vikrant S. Kaulgud, V. Sharma","doi":"10.1109/SERVICES.2011.20","DOIUrl":"https://doi.org/10.1109/SERVICES.2011.20","url":null,"abstract":"Cloud Computing is increasingly becoming popular as many enterprise applications and data are moving into cloud platforms. However, a major barrier for cloud adoption is real and perceived lack of security. In this paper, we take a holistic view of cloud computing security - spanning across the possible issues and vulnerabilities connected with virtualization infrastructure, software platform, identity management and access control, data integrity, confidentiality and privacy, physical and process security aspects, and legal compliance in cloud. We present our findings from the points of view of a cloud service provider, cloud consumer, and third-party authorities such as Govt. We also discuss important research directions in cloud security in areas such as Trusted Computing, Information Centric Security and Privacy Preserving Models. Finally, we sketch a set of steps that can be used, at a high level, to assess security preparedness for a business application to be migrated to cloud.","PeriodicalId":429726,"journal":{"name":"2011 IEEE World Congress on Services","volume":"186 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122220587","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-07-04DOI: 10.1109/SERVICES.2011.109
Xinfeng Ye, Lei Zhong
This paper proposes a scheme that allows the webservice providers to carry out fine-grained access control onthe data hosted by them. Through data tracking, the schemealso automatically detects the data flows that might lead toattacks on online services. Compared with existing schemes,the proposed scheme is more flexible in managing the data onthe service provider. The scheme relieves the programmersfrom enforcing access control and detecting data flow violationin their applications.
{"title":"Improving Web Service Security and Privacy","authors":"Xinfeng Ye, Lei Zhong","doi":"10.1109/SERVICES.2011.109","DOIUrl":"https://doi.org/10.1109/SERVICES.2011.109","url":null,"abstract":"This paper proposes a scheme that allows the webservice providers to carry out fine-grained access control onthe data hosted by them. Through data tracking, the schemealso automatically detects the data flows that might lead toattacks on online services. Compared with existing schemes,the proposed scheme is more flexible in managing the data onthe service provider. The scheme relieves the programmersfrom enforcing access control and detecting data flow violationin their applications.","PeriodicalId":429726,"journal":{"name":"2011 IEEE World Congress on Services","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131637592","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-07-04DOI: 10.1109/SERVICES.2011.26
Parastoo Mohagheghi, Thorbjørn Sæther
This paper presents on-going work in a research project on defining methodology and tools for model-driven migration of legacy applications to a service-oriented architecture with deployment in the cloud, i.e. the Service Cloud paradigm. We have performed a comprehensive state of the art analysis and present some findings here. In parallel, the two industrial participants in the project have specified their requirements and expectations regarding modernization of their applications. The SOA paradigm implies the breakdown of architecture into high-grain components providing business services. For taking advantage of the services of cloud computing technologies, the clients' architecture should be decomposed, decoupled and be made scalable. Also requirements regarding servers, data storage and security, networking and response time, business models and pricing should be projected. We present software engineering challenges related to these aspects and examples of these in the context of one of the industrial cases in the project.
{"title":"Software Engineering Challenges for Migration to the Service Cloud Paradigm: Ongoing Work in the REMICS Project","authors":"Parastoo Mohagheghi, Thorbjørn Sæther","doi":"10.1109/SERVICES.2011.26","DOIUrl":"https://doi.org/10.1109/SERVICES.2011.26","url":null,"abstract":"This paper presents on-going work in a research project on defining methodology and tools for model-driven migration of legacy applications to a service-oriented architecture with deployment in the cloud, i.e. the Service Cloud paradigm. We have performed a comprehensive state of the art analysis and present some findings here. In parallel, the two industrial participants in the project have specified their requirements and expectations regarding modernization of their applications. The SOA paradigm implies the breakdown of architecture into high-grain components providing business services. For taking advantage of the services of cloud computing technologies, the clients' architecture should be decomposed, decoupled and be made scalable. Also requirements regarding servers, data storage and security, networking and response time, business models and pricing should be projected. We present software engineering challenges related to these aspects and examples of these in the context of one of the industrial cases in the project.","PeriodicalId":429726,"journal":{"name":"2011 IEEE World Congress on Services","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130675417","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: