Security Issues in a SOA-based Provenance System

Recent work has begun exploring the characterization and utilization of provenance in systems based on the Service Oriented Architecture (such as Web Services and Grid based environments). One of the salient issues related to provenance use within any given system is its security. Provenance presents some unique security requirements of its own, which are additionally dependent on the architectural and environmental context that a provenance system operates in. We discuss the security considerations pertaining to a Service Oriented Architecture based provenance system. Concurrently, we outline possible approaches to address them

CREOLE: a Universal Language for Creating, Requesting, Updating and Deleting Resources

In the context of Service-Oriented Computing, applications can be developed following the REST (Representation State Transfer) architectural style. This style corresponds to a resource-oriented model, where resources are manipulated via CRUD (Create, Request, Update, Delete) interfaces. The diversity of CRUD languages due to the absence of a standard leads to composition problems related to adaptation, integration and coordination of services. To overcome these problems, we propose a pivot architecture built around a universal language to manipulate resources, called CREOLE, a CRUD Language for Resource Edition. In this architecture, scripts written in existing CRUD languages, like SQL, are compiled into Creole and then executed over different CRUD interfaces. After stating the requirements for a universal language for manipulating resources, we formally describe the language and informally motivate its definition with respect to the requirements. We then concretely show how the architecture solves adaptation, integration and coordination problems in the case of photo management in Flickr and Picasa, two well-known service-oriented applications. Finally, we propose a roadmap for future work.Comment: In Proceedings FOCLASA 2010, arXiv:1007.499

Application of advanced on-board processing concepts to future satellite communications systems

An initial definition of on-board processing requirements for an advanced satellite communications system to service domestic markets in the 1990's is presented. An exemplar system architecture with both RF on-board switching and demodulation/remodulation baseband processing was used to identify important issues related to system implementation, cost, and technology development

A Semi-Automated Approach for the Co-Refinement of Requirements and Architecture Models

Requirements and architecture specifications are strongly related as the second provides a solution to a problem stated by the first. This coupling is typically realized by traceability links and maintaining such links becomes extremely difficult as both requirements and architecture specifications frequently evolve, and in particular when the architecture is refined providing an increasing level of details. In such case, not only the traceability must evolve but the requirements must be refined as well. We present a novel semi-automated approach to evolve non-functional requirements and their traceability links following system's architecture refinement in the context of design space exploration and automated code generation. The approach has been prototyped for AADL models refined with the RAMSES tool and for model transformations implemented as Story Diagrams

Deploying Virtual Machines on Shared Platforms

In this report, we describe mechanisms for secure deployment of virtual machines on shared platforms looking into a telecommunication cloud use case, which is also presented in this report. The architecture we present focuses on the security requirements of the major stakeholders’ part of the scenario we present. This report comprehensively covers all major security aspects including different security mechanisms and protocols, leveraging existing standards and state-of-the art wherever applicable. In particular, our architecture uses TCG technologies for trust establishment in the deployment of operator virtual machines on shared resource platforms. We also propose a novel procedure for securely launching and cryptographically binding a virtual machine to a target platform thereby protecting the operator virtual machine and its related credentials

Next-generation optical access seamless Evolution: concluding results of the European FP7 project OASE

Increasing bandwidth demand drives the need for next-generation optical access (NGOA) networks that can meet future end-user service requirements. This paper gives an overview of NGOA solutions, the enabling optical access network technologies, architecture principles, and related economics and business models. NGOA requirements (including peak and sustainable data rate, reach, cost, node consolidation, and open access) are proposed, and the different solutions are compared against such requirements in different scenarios (in terms of population density and system migration). Unsurprisingly, it is found that different solutions are best suited for different scenarios. The conclusions drawn from such findings allow us to formulate recommendations in terms of technology, strategy, and policy. The paper is based on the main results of the European FP7 OASE Integrated Project that ran between January 1, 2010 and February 28, 2013

About Designing an Observer Pattern-Based Architecture for a Multi-objective Metaheuristic Optimization Framework

Multi-objective optimization with metaheuristics is an active and popular research field which is supported by the availability of software frameworks providing algorithms, benchmark problems, quality indicators and other related components. Most of these tools follow a monolithic architecture that frequently leads to a lack of flexibility when a user intends to add new features to the included algorithms. In this paper, we explore a different approach by designing a component-based architecture for a multi-objective optimization framework based on the observer pattern. In this architecture, most of the algorithmic components are observable entities that naturally allows to register a number of observers. This way, a metaheuristic is composed of a set of observable and observer elements, which can be easily extended without requiring to modify the algorithm. We have developed a prototype of this architecture and implemented the NSGA-II evolutionary algorithm on top of it as a case study. Our analysis confirms the improvement of flexibility using this architecture, pointing out the requirements it imposes and how performance is affected when adopting it.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tech

A MDE-based process for the design, implementation and validation of safety critical systems

Distributed Real-Time Embedded (DRE) systems have critical requirements that need to be verified. They are either related to functional (e.g. stability of a furnace controller) or non-functional (e.g. meeting deadlines) aspects. Model-Driven Engineering (MDE) tools have emerged to ease DRE systems design. These tools are also capable of generating code. However, these tools either focus on the functional aspects or on the runtime architecture. Hence, the development cycle is partitioned into pieces with heterogeneous modeling notations and poor coordination. In this paper, we propose a MDE-based process to create DRE systems without manual coding. We show how to integrate functional and architecture concerns in a unified process. We use industry-proven modeling languages to design functional elements of the system, and automatically integrate them using our AADL toolchain

Using Microservices to Customize Multi-Tenant SaaS: From Intrusive to Non-Intrusive

Customization is a widely adopted practice on enterprise software applications such as Enterprise resource planning (ERP) or Customer relation management (CRM). Software vendors deploy their enterprise software product on the premises of a customer, which is then often customized for different specific needs of the customer. When enterprise applications are moving to the cloud as mutli-tenant Software-as-a-Service (SaaS), the traditional way of on-premises customization faces new challenges because a customer no longer has an exclusive control to the application. To empower businesses with specific requirements on top of the shared standard SaaS, vendors need a novel approach to support the customization on the multi-tenant SaaS. In this paper, we summarize our two approaches for customizing multi-tenant SaaS using microservices: intrusive and non-intrusive. The paper clarifies the key concepts related to the problem of multi-tenant customization, and describes a design with a reference architecture and high-level principles. We also discuss the key technical challenges and the feasible solutions to implement this architecture. Our microservice-based customization solution is promising to meet the general customization requirements, and achieves a balance between isolation, assimilation and economy of scale