65 research outputs found
Security in a Distributed Processing Environment
Distribution plays a key role in telecommunication and computing systems today. It
has become a necessity as a result of deregulation and anti-trust legislation, which has
forced businesses to move from centralised, monolithic systems to distributed systems
with the separation of applications and provisioning technologies, such as the service
and transportation layers in the Internet. The need for reliability and recovery requires
systems to use replication and secondary backup systems such as those used in ecommerce.
There are consequences to distribution. It results in systems being implemented in
heterogeneous environment; it requires systems to be scalable; it results in some loss
of control and so this contributes to the increased security issues that result from
distribution. Each of these issues has to be dealt with. A distributed processing
environment (DPE) is middleware that allows heterogeneous environments to operate
in a homogeneous manner. Scalability can be addressed by using object-oriented
technology to distribute functionality. Security is more difficult to address because it
requires the creation of a distributed trusted environment.
The problem with security in a DPE currently is that it is treated as an adjunct service,
i.e. and after-thought that is the last thing added to the system. As a result, it is not
pervasive and therefore is unable to fully support the other DPE services. DPE
security needs to provide the five basic security services, authentication, access
control, integrity, confidentiality and non-repudiation, in a distributed environment,
while ensuring simple and usable administration.
The research, detailed in this thesis, starts by highlighting the inadequacies of the
existing DPE and its services. It argues that a new management structure was
introduced that provides greater flexibility and configurability, while promoting
mechanism and service independence. A new secure interoperability framework was
introduced which provides the ability to negotiate common mechanism and service
level configurations. New facilities were added to the non-repudiation and audit
services.
The research has shown that all services should be security-aware, and therefore
would able to interact with the Enhanced Security Service in order to provide a more
secure environment within a DPE. As a proof of concept, the Trader service was
selected. Its security limitations were examined, new security behaviour policies
proposed and it was then implemented as a Security-aware Trader, which could
counteract the existing security limitations.IONA TECHNOLOGIES PLC & ORANG
PABRE: Pattern-Based Requirements Elicitation
This paper presents our PABRE method for
facilitating Requirements Elicitation on the basis of Requirement Patterns with the goal of saving time and reducing errors during
this activity. The process presented applies for elicitation in Off-The-Shelf selection projects driven by call for tenders processes
and uses a Requirement Patterns Catalogue. The process selects patterns from the catalogue that apply to the particular selection project, and convert them into the real requirements that finally configure the project Requirements Book. We show some
benefits of the pattern approach for requirements engineers and IT consultants, as well as for customers. Finally we discuss the
strengths and weaknesses of the proposal and identify some future work.Peer ReviewedPostprint (published version
A pattern-based method for building requirements documents in call-for-tender processes
This paper presents our PABRE method for facilitating Requirements Elicitation on the basis of Requirement Patterns with the goal of saving time and reducing errors during this activity. The process presented applies for elicitation in Off-The-Shelf selection projects driven by call-for-tender processes and uses a Requirement Patterns Catalogue. The process selects patterns from the catalogue that apply to the particular selection project, and convert them into the real requirements that finally configure the project Requirements Document. We show some benefits of the pattern approach for requirements engineers and IT consultants, as well as for customers. Finally we discuss
the strengths and weaknesses of the proposal and identify some future work.Postprint (published version
- …