System security assurance: A systematic literature review

System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber–physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.     

Promoting the development of secure mobile agent applications

In this paper, we present a software architecture and a development environment for the implementation of applications based on secure mobile agents. Recent breakthroughs in mobile agent security have unblocked this technology, but there is still one important issue to overcome: the complexity of programming applications using these security solutions. Our proposal aims to facilitate and speed up the process of implementing cryptographic protocols, and to allow the reuse of these protocols for the development of secure mobile agents. As a result, the proposed architecture and development environment promote the use of mobile agent technology for the implementation of secure distributed applications.     

Persistent problems and practices in information systems development: a study of mobile applications development and distribution

The widespread uptake of mobile technologies has witnessed a re‐structuring of the mobile market with major shifts in the predominance of particular firms and the emergence of new business models. These sociotechnical trends are significant in the ways that they are influencing and shaping the working lives of software professionals. Building on prior research investigating the persistent problems and practices of systems development, this paper examines mobile applications development and distribution. A qualitative study of 60 developers based in Sweden, the UK and the USA was analysed around the interrelated problems of diversity, knowledge and structure. The analysis revealed how platform‐based development in an evolving mobile market represents significant changes at the business environment level. These changes ripple through and accentuate ongoing trends and developments, intensifying the persistent problems and challenges facing software developers.     

A tool environment for quality assurance based on the Eclipse Modeling Framework

The paradigm of model-based software development has become more and more popular since it promises an increase in the efficiency and quality of software development. Following this paradigm, models become primary artifacts in the software development process. Therefore, software quality and quality assurance frequently leads back to the quality and quality assurance of the involved models. In our approach, we propose a model quality assurance process that can be adapted to project-specific and domain-specific needs. This process is based on static model analysis using model metrics and model smells. Based on the outcome of the model analysis, appropriate model refactoring steps can be performed. In this paper, we present a tool environment conveniently supporting the proposed model quality assurance process. In particular, the presented tools support metrics reporting, smell detection, and refactoring for models being based on the Eclipse Modeling Framework, a widely used open source technology in model-based software development.     

Streaming linked data: A survey on life cycle compliance

Data streams are becoming omnipresent on the Web. The Stream Reasoning (SR) paradigm, which combines Stream Processing with Semantic Web techniques, has been successful in processing these data streams. The progress in SR research has led to several applications in domains such as the Internet of Things, social media analysis, Smart Cities, and many others. Each of these applications produces and consumes data streams, however, there are no fixed guidelines on how to manage data streams on the Web, as there are for their static counterparts. More specifically, there is no fixed life cycle for Streaming Linked Data (SLD) yet. Tommasini et al. (2020) introduced an initial proposal for a SLD life cycle, however, it has not been verified if the proposed life cycle captures existing applications and no guidelines were given for each step.In this paper, we survey existing SR applications and identify if the life cycle proposed by Tommasini et al. fully captures the surveyed applications. Based on our analysis, we found that some of the steps needed reordering or being split up. This paper proposes an update of the life cycle and surveys the existing literature for each life cycle step while proposing a number of guidelines and best practices. Compared to the initial proposal by Tommasini et al., we drill down into the details of the processing step which was previously neglected. The updated life cycle and guidelines serves as a blueprint for future SR applications. A life cycle for SLD that allows to efficiently manage data streams on the web, brings us a step closer to the realization of the SR vision.     

Internetware: An Emerging Software Paradigm for Internet Computing

The Internet is undergoing a tremendous change towards the globalized computing environment.Due to the open,dynamic and uncontrollable natures of the Internet,software running in the Internet computing environment has some new features,which bring challenges to current software technologies in terms of software model,software operating platform,software engineering approaches and software quality.Researchers in China have proposed the term "Internetware" to present the emerging software paradigm.Sponsored by the National Basic Research 973 Program,several research practices have been done on the Internetware in the past decade.This paper summarizes the progress and status of the Internetware researches.A technical solution framework for the Internetware paradigm is proposed from four aspects:the Internetware software model defines what the Internetware is to be;the Internetware middleware determines how to run the Internetware applications;the engineering methodology determines how to develop the Internetware applications;the Internetware quality assurance determines how well the Internetware applications can perform.The paper also discusses the ongoing research issues and future trends of Internetware.     

嵌入式机载软件安全性分析标准、方法及工具研究综述

嵌入式软件在安全关键系统中的应用,使得保障软件安全性成为软件工程领域的研究热点之一.以典型嵌入式软件系统机载软件为基础,对机载软件安全性保障的标准、方法及工具进行综述.首先,对机载软件领域所采用的软件安全性相关的标准进行简介,并给出机载软件安全性分析框架;其次,从机载软件安全性分析框架出发,将机载软件安全性保障方法划分为3个方面,即,机载软件安全需求的提取与规约、面向标准的机载软件开发、机载软件安全需求验证.对这3个方面的现有研究工作以及工业应用进行了综述;然后,针对当前适航标准的要求对机载软件安全性保证过程中软件安全证据的收集方面的研究工作进行了总结;最后,提出机载软件安全性领域存在的挑战和未来的研究方向.     

A review of open source software solutions for developing water resources web applications

Water resources web applications or “web apps” are growing in popularity as a means to overcome many of the challenges associated with hydrologic simulations in decision-making. Water resources web apps fall outside of the capabilities of standard web development software, because of their spatial data components. These spatial data needs can be addressed using a combination of existing free and open source software (FOSS) for geographic information systems (FOSS4G) and FOSS for web development. However, the abundance of FOSS projects that are available can be overwhelming to new developers. In an effort to understand the web of FOSS features and capabilities, we reviewed many of the state-of-the-art FOSS software projects in the context of those that have been used to develop water resources web apps published in the peer-reviewed literature in the last decade (2004–2014).     

基于成熟度的开源软件立项评估方法

随着智能移动设备和社交媒体的发展,出现了越来越多面向最终用户的应用软件.如何充分了解最终用户的需求,从而减少软件项目的风险,成为亟待解决的问题.在各类软件项目中,开源软件项目的开发具有特殊性,体现在参与人员的广泛性、多层次性,以及用户需求的多面性和不稳定性等方面.在项目成熟度评估的基础上,提出了开源软件项目的立项评估模型,并详细介绍了成熟度评估的方法及基于成熟度的开源软件项目立项评估流程,通过一个项目实例分析了在该模型基础上的立项评估过程.     

Inclusion of Functional and Non-Functional Parameters for the Prediction of Overall Efforts of Mobile Applications.

Size is a major and main parameter for the estimation of efforts and cost of software applications in general and mobile applications in particular and estimating effort, cost and time has been a key step in the life cycle of the software project. In order to create a sound schedule for the project, it is therefore important to have these estimates as soon as possible in the software development life cycle. In past years, many methods have been employed to estimate size and efforts of mobile applications but till now these methods do not meet the expected needs from customer. In this paper, we present a new size measurement method i.e., Mobile COSMIC Function Points (MCFP) based on the COSMIC approach, which is a primary factor for estimation of efforts in mobile application development. This paper analyzes the possibility of using a combination of Functional and Non-functional parameters including both Mobile Technical Complexity Factors (MTCF) and Mobile Environmental Complexity Factors (MECF) for the purpose of mobile application sizing prediction and hence effort estimation. For the purpose of this study, thirty six mobile applications were analyzed and their size and efforts were compared by applying the new effort estimation approach. In this context of a mobile application, few investigations have been performed to compare the effectiveness of COSMIC, FP's and the proposed approach “COSMIC Plus Effort Estimation Model (CPEEM)”. The main goal of this paper is to investigate if the inclusion of Non functional parameters imposes an effect on the functional size of mobile application development. Upon estimating efforts using the proposed approach, the results were promising for mobile applications when compared the results of our approach with the results of the other two approaches     

Making Software Visible, Operational, and Maintainable in a Small Project Environment

Practical suggestions are presented for effectively managing software development in small-project environments (i.e., no more than several million dollars per year). The suggestions are based on an approach to product development using a product assurance group that is independent from the development group. Within this check-and-balance management/development/product assurance structure, a design review process is described that effects an orderly transition from customer needs statement to software code. The testing activity that follows this process is then explained. Finally, the activities of a change control body (called a configuration control board) and supporting functions geared to maintaining delivered software are described. The suggested software management practices result from the experience of a small (approximately 100 employees) software engineering company that develops and maintains computer systems supporting real-time interactive commercial, industrial, and military applications.     

A review on the computation offloading approaches in mobile edge computing: A game-theoretic perspective

In recent years, novel mobile applications such as augmented reality, virtual reality, and three-dimensional gaming, running on handy mobile devices have been pervasively popular. With rapid developments of such mobile applications, decentralized mobile edge computing (MEC) as an emerging distributed computing paradigm is developed for serving them near the smart devices, usually in one hop, to meet their computation, and delay requirements. In the literature, offloading mechanisms are designed to execute such mobile applications in the MEC environments through transferring resource-intensive tasks to the MEC servers. On the other hand, due to the resource limitations, resource heterogeneity, dynamic nature, and unpredictable behavior of MEC environments, it is necessary to consider the computation offloading issues as the challenging problem in the MEC environment. However, to the best of our knowledge, despite its importance, there is not any systematic, comprehensive, and detailed survey in game theory (GT)-based computation offloading mechanisms in the MEC environment. In this article, we provide a systematic literature review on the GT-based computation offloading approaches in the MEC environment in the form of a classical taxonomy to recognize the state-of-the-art mechanisms on this important topic and to provide open issues as well. The proposed taxonomy is classified into four main fields: classical game mechanisms, auction theory, evolutionary game mechanisms, and hybrid-base game mechanisms. Next, these classes are compared with each other according to the important factors such as performance metrics, case studies, utilized techniques, and evaluation tools, and their advantages and disadvantages are discussed, as well. Finally, open issues and future uncovered or weakly covered research challenges are discussed and the survey is concluded.     

Generic support for distributed applications

In the late 1980s, software designers introduced middleware platforms to support distributed computing systems. Since then, the rapid evolution of technology has caused an explosion of distributed-processing requirements. Application developers now routinely expect to support multimedia systems and mobile users and computers. Timely response to asynchronous events is crucial to such applications, but current platforms do not adequately meet this need. Another need of existing and emerging applications is the secure interoperability of independent services in large-scale, widely distributed systems. Information systems serving organizations such as universities, hospitals, and government agencies require cross-domain interaction. To meet the needs of these applications, Cambridge University researchers developed middleware extensions that provide a flexible, scalable approach to distributed-application development. This article details the extensions they developed, explaining their distributed software approach and the support it has provided for emerging applications     

Software quality assurance in practice

This paper presents the key findings of a survey of a representative sample of the Australian software industry as to the actual use and application of quality assurance techniques in the development of software. The survey aims to confirm previous survey findings through a management questionnaire and to investigate the software development practices at the screen face through a developer questionnaire. The separate responses are analysed to rate the extent to which quality management practices have penetrated the information systems department. The project commenced in July 1994 and the results of this initial survey support the hypothesis that software quality assurance programmes have not yet penetrated to the systems developers at lower levels of organizations.     

Trustworthiness of Internet-based software

Recent years see an increasing concern over the trustworthiness of Inter- net-based software. By analyzing the trustworthiness of Internet-based software and the nature of the Internet applications, we point out that, on the one hand, due to the open- ness and dynamic nature of the Internet, the identity trustworthiness and the capability trustworthiness of the software are facing serious challenges; on the other hand, in order to ensure the trustworthiness of the whole system, emerging computing paradigms based on the collaboration of autonomous software need some impacts on the behavior of the software. Here we put forward a conceptual model for the trustworthiness of Inter- net-based software, and propose a trustworthy assurance framework for Internet-based virtual computing environment (iVCE). This framework deals with the trustworthy proper- ties of software on identity, capability and behavior in a combinated way. The authorization management in inter-domain computing environment, assurance on high availability of service and incentive mechanism for autonomic collaboration are taken as three core mechanisms of iVCE trustworthy assurance.     

Requirements model driven adaption and evolution of Internetware

Today’s software systems need to support complex business operations and processes.The development of the web-based software systems has been pushing up the limits of traditional software engineering methodologies and technologies as they are required to be used and updated almost real-time,so that users can interact and share the same applications over the internet as needed.These applications have to adapt quickly to the diversified and dynamic changing requirements in the physical,technological,economical and social environments.As a consequence,we are expecting a major paradigm shift in software engineering to reflect such changes in computing environment in order to better address the fundamental needs of organisations in this new era.Existing software technologies,such as model driven development,business process engineering,online(re-)configuration,composition and adaptation of managerial functionalities are being repurposed to reduce the time taken for software development by reusing software codes.The ability to dynamically combine contents from numerous web sites and local resources,and the ability to instantly publish services worldwide have opened up entirely new possibilities for software development.In retrospect to the ten years applied research on Internetware,we have witnessed such a paradigm shift,which brings about many changes to the developmental experience of conventional web applications.Several related technologies,such as cloud computing,service computing,cyber-physical systems and social computing,have converged to address this emerging issue with emphasis on different aspects.In this paper,we first outline the requirements that the Internetware software paradigm should meet to excel at web application adaptation;we then propose a requirement model driven method for adaptive and evolutionary applications;and we report our experiences and case studies of applying it to an enterprise information system.Our goal is to provide high-level guidelines to researchers and practitioners to meet the challenges of building adaptive industrial-strength applications with the spectrum of processes,techniques and facilities provided within the Internetware paradigm.     

A systematic mapping study on best practices for domain-specific modeling

Model-driven software development comes in different styles. While standard-based approaches leverage existing language standards (e.g., UML), tooling, and development processes, domain-specific modeling (DSM) requires languages and tool support to be created prior to the actual software development. The design, implementation, and testing of languages and tool support require a wide spectrum of methods and techniques which introduce complexity and new challenges. To tackle these DSM-specific challenges, best practices have been collected from various application domains and published in literature to guide the development and application of DSM solutions. It is the goal of this paper to identify studies reporting best practices on domain-specific modeling. Moreover, a systematic and comprehensive compilation of best practices should act as a starting point to identify literature that facilitates industrial adoption of DSM. To search for literature and classify identified studies, we conduct a systematic mapping study (SMS). Furthermore, we perform an in-depth analysis of the identified studies to answer how practices overlap, complement, or contradict each other. The systematic search resulted in 21 studies reporting 321 best practices. From these 321 practices, we compiled 192 unique best practices. We found that the DSM community created a substantial corpus of best practices for DSM. The large majority of practices (75%) are only reported once. The top best practices by number of reports contain only practices that are reported at least four times. However, the frequency of reports does not necessarily imply a high importance of practice, as the application of practices is always context specific.     

移动边缘网络中计算迁移与内容缓存研究综述

随着移动设备数量的爆炸性增长以及许多新兴应用的出现,移动网络的流量呈指数级增长.传统的集中式网络架构由于回程链路负载过重、时延较长,无法满足移动用户的需求.因此,提出了将网络能力从核心网开放至边缘网的新体系结构,即移动边缘计算（MEC）.移动边缘计算能够在移动蜂窝网络的边缘提供轻量级的云计算和存储能力.对移动边缘计算相关的最新研究成果进行了详尽的回顾：首先,概述了移动边缘计算的发展历程、关键问题和支撑技术;然后,针对MEC架构、计算迁移、边缘缓存和服务编排这4个关键研究问题进行了全面的综述,并讨论了增强现实、虚拟现实、动态内容交付、车联网和物联网等移动边缘计算中的典型应用案例;最后,从移动边缘计算功能增强、服务质量保障和安全可用性这3个方面展望了移动边缘计算的开放式研究挑战和未来的发展趋势.     

A Process Framework for Global Software Engineering Teams

ContextGlobal Software Engineering (GSE) continues to experience substantial growth and is fundamentally different to collocated development. As a result, software managers have a pressing need for support in how to successfully manage teams in a global environment. Unfortunately, de facto process frameworks such as the Capability Maturity Model Integration (CMMI®) do not explicitly cater for the complex and changing needs of global software management.ObjectiveTo develop a Global Teaming (GT) process area to address specific problems relating to temporal, cultural, geographic and linguistic distance which will meet the complex and changing needs of global software management.MethodWe carried out three in-depth case studies of GSE within industry from 1999 to 2007. To supplement these studies we conducted three literature reviews. This allowed us to identify factors which are important to GSE. Based on a gap analysis between these GSE factors and the CMMI®, we developed the GT process area. Finally, the literature and our empirical data were used to identify threats to software projects if these processes are not implemented.ResultsOur new GT process area brings together practices drawn from the GSE literature and our previous empirical work, including many socio-technical factors important to global software development. The GT process area presented in this paper encompasses recommended practices that can be used independently or with existing models. We found that if managers are not proactive in implementing new GT practices they are putting their projects under threat of failure. We therefore include a list of threats that if ignored could have an adverse effect on an organization’s competitive advantage, employee satisfaction, timescales, and software quality.ConclusionThe GT process area and associated threats presented in this paper provides both a guide and motivation for software managers to better understand how to manage technical talent across the globe.