Analysis of the peculiarity of the japanese software development style in offshore software development

Offshore software development (OSD) is now becoming a global trend. While western companies are using OSD effectively, Japanese companies have not yet used it effectively. Several studies have concluded that this is due to the peculiarity of the Japanese software development style in OSD and have pointed out the problems of Japanese OSD. However, the peculiarity of the Japanese software development style has not been identified yet. Therefore, this paper attempts to identify it. Most previous studies have described the problems of Japanese OSD without considering the software development method. We have focused on agile methods and attempted to analyze the problems pointed out previous studies in accordance with the features of agile methods. It was found that the Japanese software development style is agile‐like. In addition, a survey was conducted to find out what kind of software development method is being used in Japanese OSD projects. It was found that the waterfall method is mainly used. It is concluded that the peculiarity of the Japanese software development style and problems come from the conflict between the software development methods used and their actual implementations. IEEJ Trans 2010 DOI: 10.1002/tee.20605     

Effects of risks on the performance of business process outsourcing projects: The moderating roles of knowledge management capabilities

Although business process outsourcing (BPO) can reduce cost and enhance the competitiveness of firms, the implementation of BPO projects is unsatisfactory. By integrating knowledge management capability theory and risk-based view, we develop a model of how different types of BPO risks affect project satisfaction and how knowledge management capability changes the influences of BPO risks. A survey of 121 BPO projects was conducted among BPO client department manager and project manager through a pairwise design. Empirical evidence reveals that social system, technical system, and project management risks negatively affect BPO project satisfaction. However, cultural, technological, and structural levels of knowledge management capabilities weaken the negative risk effects of social system, technical system, and project management, respectively. Different types of risks and knowledge management capabilities should be matched to achieve effective risk management.     

To outsource or not: The impact of information leakage risk on information security strategy

Emerging studies advocate that firms shall completely outsource their information security for cost and technical advantages. However, the risk of information leakage in outsourcing to managed security service providers (MSSPs) is overlooked and poses a confidentiality threat. We develop analytical models to describe several strategies for firms to consider when they decide to outsource to MSSPs. Based on our results, we suggest partial outsourcing as an alternative strategy when the firm faces information leakage risk. Besides, we suggest that in-house information security strategy is the optimal solution when the risk of being attacked is low regardless of the risk of information leakage. We then extend scenarios to the competitive environment where firms that are in the same market are highly likely to choose the same strategy.     

Efficient revocable ID‐based encryption with cloud revocation server

The capability to efficiently revoke compromised/misbehaving users is important in identity‐based encryption (IBE) applications, as it is not a matter of if but of when that one or more users are compromised. Existing solutions generally require a trusted third party to update the private keys of nonrevoked users periodically, which impact on scalability and result in high computation and communication overheads at the key generation center. Li et al proposed a revocable IBE scheme, which outsources most of the computation and communication overheads to a Key Update Cloud Service Provider (KU‐CSP). However, their scheme is lack of scalability since the KU‐CSP must maintain a secret value for each user. Tseng et al proposed another revocable IBE scheme with a cloud revocation authority, seeking to provide scalability and improve both performance and security level. In this paper, we present a new revocable IBE scheme with a cloud revocation server (CRS). The CRS holds only one secret time update key for all users, which provides the capability to scale our scheme. We demonstrate that our scheme is secure against adaptive‐ID and chosen ciphertext attacks under the k‐CAA assumption and outperforms both schemes mentioned above, in terms of having lower computation and communication overheads.     

云计算中的轻量级查询结果验证机制

存储在云计算服务器上的数据可能被篡改或删除,查询完整性验证的作用是确保查询用户能够验证查询结果中的数据是真实的,且包含所有满足条件的数据。提出了一种基于签名链结构的查询完整性验证机制。方案使用代数签名机制替代数字签名实现校验值的计算,从而有效降低计算和查询验证开销。此外,通过维护一种新的、简单的索引结构实现了仅需下载少量数据即可实现校验值的更新。实验结果表明,所提方案比基于数字签名的签名链方案具有更小的更新开销和更高的验证效率。     

一种轻量级的雾计算属性基外包加密算法

为减少属性基加密算法占用的资源,在安全数据访问控制的属性基加密算法的基础上提出了一种改进的属性基外包加密算法。改进算法将加密算法中的复杂双线性对计算外包给雾节点以减少用户的计算开销;同时通过简化系统参数,减少属性中心为属性生成的随机因子以缩短密文和密钥长度,降低了用户和雾节点的存储和通信开销。同时对提出的改进算法进行了安全性证明,证明了该改进算法是安全的。     

An iterative mathematical decision model for cloud migration: A cost and security risk approach

This paper presents an iterative mathematical decision model for organizations to evaluate whether to invest in establishing information technology (IT) infrastructure on‐premises or outsourcing IT services on a multicloud environment. This is because a single cloud cannot cover all types of users’ functional/nonfunctional requirements, in addition to several drawbacks such as resource limitation, vendor lock‐in, and prone to failure. On the other hand, multicloud brings several merits such as vendor lock‐in avoidance, system fault tolerance, cost reduction, and better quality of service. The biggest challenge is in selecting an optimal web service composition in the ever increasing multicloud market in which each provider has its own pricing schemes and delivers variation in the service security level. In this regard, we embed a module in the cloud broker to log service downtime and different attacks to measure the security risk. If security tenets, namely, security service level agreement, such as availability, integrity, and confidentiality for mission‐critical applications, are targeted by cybersecurity attacks, it causes disruption in business continuity, leading to financial losses or even business failure. To address this issue, our decision model extends the cost model by using the cost present value concept and the risk model by using the advanced mean failure cost concept, which are derived from the embedded module to quantify cloud competencies. Then, the cloud economic problem is transformed into a bioptimization problem, which minimizes cost and security risks simultaneously. To deal with the combinatorial problem, we extended a genetic algorithm to find a Pareto set of optimal solutions. To reach a concrete result and to illustrate the effectiveness of the decision model, we conducted different scenarios and a small‐to‐medium business IT development for a 5‐year investment as a case study. The result of different implementation shows that multicloud is a promising and reliable solution against IT on‐premises deployment.     

Pre-positioning inventory and service outsourcing of relief material supply chain

Service outsourcing is very common in a commercial supply chain, and in humanitarian relief area, the transportation service is usually outsourced. To practice relief supply more effectively, it seems essential to enlarge outsourcing from shipping to more areas, and private enterprises could play a vital role. This paper examines the optimal pre-disaster order quantity of a certain relief commodity, based on a two-stage coordinated approach. Our findings show that the delay cost, shortage penalty cost, risk of supply shortage, salvage value, expected perishable rate, unit inventory cost and reactive price have significant impacts on the optimal amount of propositioned inventory. Moreover, the outsourcing strategies differ by types of relief commodities. For perishable supplies, proactive or reactive outsourcing would improve the benefits of buyer and supplier simultaneously. As for imperishable supplies, it is better to combine proactive insourcing approach and reactive outsourcing strategy. In view of some supplies whose monitoring cost is high, the insourcing approach is much better than the outsourcing approach.     

单服务器上的双线性配对安全外包方案

双线性配对运算在密码学领域具有广泛的应用,同时双线性配对运算也是密码算法中最耗时的运算之一。随着云计算的发展,将本地计算耗时的双线性配对运算外包给计算能力强的云服务器是一种可行的解决办法。提出一个基于单服务器的双线性配对运算安全外包新方案,本地不需提前执行预计算,节省了存储空间,且本地仅需计算2次点加运算和10次模幂运算,执行效率得到提高。同时用户几乎能够以概率1检测到云服务器的恶意行为。     

线上零售商主导下供应链结构选择及演化

围绕线上零售商的特点,立足产品类型与物流外包两个维度,设计了四种类型供应链结构,研究了线上零售商主导下不同供应链结构的最优决策及选择策略;进而分析了制造商边际生产成本变化对供应链结构选择的影响。研究显示：承接物流二次外包的物流服务提供商不应作为线上零售商主导下供应链结构的主要参与主体;期初,线上零售商会面向功能型产品构建由零售商与物流服务集成商组成的供应链结构;后期,随着制造商边际生产成本的下降,其会优先选择创新型产品,构建由制造商、零售商以及物流服务集成商组成的供应链结构。在此基础上,为实现整个供应链效益及客户价值的最大化,线上零售商会逐步整合物流服务集成商,有效集成零售及物流资源,形成由制造商与零售商组成的供应链结构。通过数值分析验证了主要的研究结论。