Applying formal methods to standard development: the open distributed processing experience

Since their introduction, formal methods have been applied in various ways to different standards. This paper gives an account of these applications, focusing on one application in particular: the development of a framework for creating standards for Open Distributed Processing (ODP). Following an introduction to ODP, the paper gives an insight into the current work on formalising the architecture of the Reference Model of ODP (RM-ODP), highlighting the advantages to be gained. The different approaches currently being taken are shown, together with their associated advantages and disadvantages. The paper concludes that there is no one all-purpose approach which can be used in preference to all others, but that a combination of approaches is desirable to best fulfil the potential of formal methods in developing an architectural semantics for OD

Modeling the Internet of Things: a simulation perspective

This paper deals with the problem of properly simulating the Internet of Things (IoT). Simulating an IoT allows evaluating strategies that can be employed to deploy smart services over different kinds of territories. However, the heterogeneity of scenarios seriously complicates this task. This imposes the use of sophisticated modeling and simulation techniques. We discuss novel approaches for the provision of scalable simulation scenarios, that enable the real-time execution of massively populated IoT environments. Attention is given to novel hybrid and multi-level simulation techniques that, when combined with agent-based, adaptive Parallel and Distributed Simulation (PADS) approaches, can provide means to perform highly detailed simulations on demand. To support this claim, we detail a use case concerned with the simulation of vehicular transportation systems.Comment: Proceedings of the IEEE 2017 International Conference on High Performance Computing and Simulation (HPCS 2017

Service Development as Action Design Research: Reporting on a Servitized E-Recruiting Portal

In this paper we reflect retrospectively on an e-recruiting service design and development project action design research. The project itself pre-dated the publication of the Action Design Research Method by Sein, Henfridsson et al., (2011). When viewed as action design research, we find that many of the principles of ADR, such as defining the problem as an instance of a class of problem, practice inspired research, mutually influential roles and guided emergence are not only synergistic with service design, but in fact, the effective design of services embeds and requires a similar approach. To this extent, we considered ADR to be an appropriate choice for services research, development and implementation at the nexus of theory and practice. We further identified some extensions and elaborations to the ADR method in a service development context. In particular, we posit that guided emergence occurs between the theoretical foundations of a service project and the artefact development, as well as between the artefact development and the organizational context. We find that in a multi-disciplinary project, theoretical contributions may be emergent, and multiple theoretical contributions are possible using a range of different lenses. We also identify some practical difficulties with reporting the learning from service development projects. Overall, we found that ADR was likely to be a highly appropriate approach for framing and deriving learning from innovative service design projects, but may require further enhancement

Semantic verification of Behavior Conformance

This paper introduces a formal yet practical method to verify whether the behavior design of a distributed application conforms to the behavior design of the enterprise in which the application is embedded. The method allows both enterprise architects and application architects to talk about designs in their own terms, and introduces a common set of terms as the linking pin between enterprise and application designs. The formal semantics of these common terms allows us to verify the conformance between an enterprise and its applications formally and automatically

Automatic Translation of MSC Diagrams into Petri Nets

Development-engineers use in their work languages intended for software or hardware systems design, and test engineers utilize languages effective in verification, analysis of the systems properties and testing. Automatic interfaces between languages of these kinds are necessary in order to avoid ambiguous understanding of specification of models of the systems and inconsistencies in the initial requirements for the systems development. Algorithm of automatic translation of MSC (Message Sequence Chart) diagrams compliant with MSC’2000 standard into Petri Nets is suggested in this paper. Each input MSC diagram is translated into Petri Net (PN), obtained PNs are sequentially composed in order to synthesize a whole system in one final combined PN. The principle of such composition is defined through the basic element of MSC language — conditions. While translating reference table is developed for maintenance of consistent coordination between the input system’s descriptions in MSC language and in PN format. This table is necessary to present the results of analysis and verification on PN in suitable for the development-engineer format of MSC diagrams. The proof of algorithm correctness is based on the use of process algebra ACP. The most significant feature of the given algorithm is the way of handling of conditions. The direction for future work is the development of integral, partially or completely automated technological process, which will allow designing system, testing and verifying its various properties in the one frame

Software security requirements management as an emerging cloud computing service

© 2016 Elsevier Ltd. All rights reserved.Emerging cloud applications are growing rapidly and the need for identifying and managing service requirements is also highly important and critical at present. Software Engineering and Information Systems has established techniques, methods and technology over two decades to help achieve cloud service requirements, design, development, and testing. However, due to the lack of understanding of software security vulnerabilities that should have been identified and managed during the requirements engineering phase, we have not been so successful in applying software engineering, information management, and requirements management principles that have been established for the past at least 25 years, when developing secure software systems. Therefore, software security cannot just be added after a system has been built and delivered to customers as seen in today's software applications. This paper provides concise methods, techniques, and best practice requirements engineering and management as an emerging cloud service (SSREMaaES) and also provides guidelines on software security as a service. This paper also discusses an Integrated-Secure SDLC model (IS-SDLC), which will benefit practitioners, researchers, learners, and educators. This paper illustrates our approach for a large cloud system Amazon EC2 service