35,619 research outputs found
Data-Driven Selection of Security Application Frameworks During Architectural Design
The selection of application frameworks is an important aspect of architectural design. Selection often requires satisficing, that is, searching a potentially large space of design alternatives until an acceptable solution is found. There is, however, little help for architects in selecting software frameworks. In this paper we investigate the criteria used by practicing software architects in selecting security frameworks. We also propose how information associated with some of the criteria that are important to architects can be obtained manually or in an automated way from online sources such as GitHub. Our ultimate goal is to identify measures associated with these criteria that can be helpful in providing support for architects to select software frameworks
Early aspects: aspect-oriented requirements engineering and architecture design
This paper reports on the third Early Aspects: Aspect-Oriented Requirements Engineering and Architecture Design Workshop, which has been held in Lancaster, UK, on March 21, 2004. The workshop included a presentation session and working sessions in which the particular topics on early aspects were discussed. The primary goal of the workshop was to focus on challenges to defining methodical software development processes for aspects from early on in the software life cycle and explore the potential of proposed methods and techniques to scale up to industrial applications
Recommended from our members
Designing a consulting services architecture model
textDuring my years of experience in the technology industry, it has become obvious that standard processes and methodologies within the engineering discipline are at a mature state. The realization though is that software engineering specifically lags behind. Most software engineering methodologies that I have studied focus on the mission of software development. It is this realization and the need for structure that led me to review existing methodologies used within my company's software services organization. The definition of what a successful software services methodology entails is rather limited. This report will provide a history of existing software engineering methodologies that I have studied, describe an initial services method that was being developed within my organization, develop a new model that addresses previous shortcomings and identify additional components required to further define a strong software services-oriented delivery methodology.Electrical and Computer Engineerin
Connected systems in smart cities: use-cases of integration of buildings information with smart systems
Realisation of smart cities is highly dependent on innovative connections between the deployed systems in the cities. This implies that successfully deployment of individual smart systems which meet citizensâ needs, is not sufficient to make a city smart. Indeed, the smart cities require to innovate and connect establish infrastructures for the citizens and organisations. To enable connected systems in smart cities, the possibilities to exchange and integration information between different systems is essential. Construction industry is one of the domains which owns huge amount of valuable information asset. Buildings information can be utilised to create initiatives associated with various domains like, urban and infrastructure planning, maintenance/facility management, and energy monitoring. However, there are some barriers to realise these initiatives. This paper introduces and elaborates the details about three use-cases which need to utilise buildings information to present innovative smart services. The three use cases are: 1) Energy Usage Monitoring for positive energy usage district areas in Smart Cities (a use case from River City-anonymous name of the city); 2) Services for Facility Management Industry (a use-case from Estates office in Quay University); 3) Safety & risk management for buildings in 3D Hack event in Dublin. Each use-case considers various stakeholdersâ perspectives. Also they include elaborated details related to the barriers and challenges associated with utilisation and integration of buildings information. This paper concludes by the detailed barriers to benefit from valuable buildings information to create innovative smart services. Further, recommendations are provided to overcome the presented challenges
Ontology-based patterns for the integration of business processes and enterprise application architectures
Increasingly, enterprises are using Service-Oriented Architecture (SOA) as an approach to Enterprise Application Integration (EAI). SOA has the potential to bridge
the gap between business and technology and to improve the reuse of existing applications and the interoperability with new ones. In addition to service architecture
descriptions, architecture abstractions like patterns and styles capture design knowledge and allow the reuse of successfully applied designs, thus improving the quality of
software. Knowledge gained from integration projects can be captured to build a repository of semantically enriched, experience-based solutions. Business patterns identify the interaction and structure between users, business processes, and data.
Specific integration and composition patterns at a more technical level address enterprise application integration and capture reliable architecture solutions. We use an
ontology-based approach to capture architecture and process patterns. Ontology techniques for pattern definition, extension and composition are developed and their
applicability in business process-driven application integration is demonstrated
Towards Automating the Construction & Maintenance of Attack Trees: a Feasibility Study
Security risk management can be applied on well-defined or existing systems;
in this case, the objective is to identify existing vulnerabilities, assess the
risks and provide for the adequate countermeasures. Security risk management
can also be applied very early in the system's development life-cycle, when its
architecture is still poorly defined; in this case, the objective is to
positively influence the design work so as to produce a secure architecture
from the start. The latter work is made difficult by the uncertainties on the
architecture and the multiple round-trips required to keep the risk assessment
study and the system architecture aligned. This is particularly true for very
large projects running over many years. This paper addresses the issues raised
by those risk assessment studies performed early in the system's development
life-cycle. Based on industrial experience, it asserts that attack trees can
help solve the human cognitive scalability issue related to securing those
large, continuously-changing system-designs. However, big attack trees are
difficult to build, and even more difficult to maintain. This paper therefore
proposes a systematic approach to automate the construction and maintenance of
such big attack trees, based on the system's operational and logical
architectures, the system's traditional risk assessment study and a security
knowledge database.Comment: In Proceedings GraMSec 2014, arXiv:1404.163
- âŠ