A Security Pattern for Cloud service certification

Cloud computing is interesting from the economic, operational and even energy consumption perspectives but it still raises concerns regarding the security, privacy, governance and compliance of the data and software services offered through it. However, the task of verifying security properties in services running on cloud is not trivial. We notice the provision and security of a cloud service is sensitive. Because of the potential interference between the features and behavior of all the inter-dependent services in all layers of the cloud stack (as well as dynamic changes in them). Besides current cloud models do not include support for trust-focused communication between layers. We present a mechanism to implement cloud service certification process based on the usage of Trusted Computing technology, by means of its Trusted Computing Platform (TPM) implementation of its architecture. Among many security security features it is a tamper proof resistance built in device and provides a root of trust to affix our certification mechanism. We present as a security pattern the approach for service certification based on the use TPM.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tec

Competence Monitoring in Project Teams by using Web based portfolio management systems

This paper reports a learning experience related to the acquisition of project management competences. Students from three different universities and backgrounds, cooperate in a common project that drives the learning-teaching process. Previous related works on this initiative have already evaluated the goodness of this multidisciplinary, project-based learning approach in the context of a new educative paradigm. Yet the innovative experience has allowed the authors to define a rubric in order to measure specific competences in project management. The study shows the rubric’s main aspects as well as competence acquisition evaluation alternatives, based in the metrics defined. Key indicators and specific reports obtained from data base fields in the web tool will support this work. As a result, new competences can be assessed, such ones like teamwork, problem solving, communication and leadership. Final goal is to provide an overall competence map to the students at the same time they improve their skills

BEAT: An Open-Source Web-Based Open-Science Platform

With the increased interest in computational sciences, machine learning (ML), pattern recognition (PR) and big data, governmental agencies, academia and manufacturers are overwhelmed by the constant influx of new algorithms and techniques promising improved performance, generalization and robustness. Sadly, result reproducibility is often an overlooked feature accompanying original research publications, competitions and benchmark evaluations. The main reasons behind such a gap arise from natural complications in research and development in this area: the distribution of data may be a sensitive issue; software frameworks are difficult to install and maintain; Test protocols may involve a potentially large set of intricate steps which are difficult to handle. Given the raising complexity of research challenges and the constant increase in data volume, the conditions for achieving reproducible research in the domain are also increasingly difficult to meet. To bridge this gap, we built an open platform for research in computational sciences related to pattern recognition and machine learning, to help on the development, reproducibility and certification of results obtained in the field. By making use of such a system, academic, governmental or industrial organizations enable users to easily and socially develop processing toolchains, re-use data, algorithms, workflows and compare results from distinct algorithms and/or parameterizations with minimal effort. This article presents such a platform and discusses some of its key features, uses and limitations. We overview a currently operational prototype and provide design insights.Comment: References to papers published on the platform incorporate

Enforcement in Dynamic Spectrum Access Systems

The spectrum access rights granted by the Federal government to spectrum users come with the expectation of protection from harmful interference. As a consequence of the growth of wireless demand and services of all types, technical progress enabling smart agile radio networks, and on-going spectrum management reform, there is both a need and opportunity to use and share spectrum more intensively and dynamically. A key element of any framework for managing harmful interference is the mechanism for enforcement of those rights. Since the rights to use spectrum and to protection from harmful interference vary by band (licensed/unlicensed, legacy/newly reformed) and type of use/users (primary/secondary, overlay/underlay), it is reasonable to expect that the enforcement mechanisms may need to vary as well.\ud \ud In this paper, we present a taxonomy for evaluating alternative mechanisms for enforcing interference protection for spectrum usage rights, with special attention to the potential changes that may be expected from wider deployment of Dynamic Spectrum Access (DSA) systems. Our exploration of how the design of the enforcement regime interacts with and influences the incentives of radio operators under different rights regimes and market scenarios is intended to assist in refining thinking about appropriate access rights regimes and how best to incentivize investment and growth in more efficient and valuable uses of the radio frequency spectrum

CHORUS Deliverable 3.4: Vision Document

The goal of the CHORUS Vision Document is to create a high level vision on audio-visual search engines in order to give guidance to the future R&D work in this area and to highlight trends and challenges in this domain. The vision of CHORUS is strongly connected to the CHORUS Roadmap Document (D2.3). A concise document integrating the outcomes of the two deliverables will be prepared for the end of the project (NEM Summit)

Experience in using a typed functional language for the development of a security application

In this paper we present our experience in developing a security application using a typed functional language. We describe how the formal grounding of its semantic and compiler have allowed for a trustworthy development and have facilitated the fulfillment of the security specification.Comment: In Proceedings F-IDE 2014, arXiv:1404.578

Grand Challenges of Traceability: The Next Ten Years

In 2007, the software and systems traceability community met at the first Natural Bridge symposium on the Grand Challenges of Traceability to establish and address research goals for achieving effective, trustworthy, and ubiquitous traceability. Ten years later, in 2017, the community came together to evaluate a decade of progress towards achieving these goals. These proceedings document some of that progress. They include a series of short position papers, representing current work in the community organized across four process axes of traceability practice. The sessions covered topics from Trace Strategizing, Trace Link Creation and Evolution, Trace Link Usage, real-world applications of Traceability, and Traceability Datasets and benchmarks. Two breakout groups focused on the importance of creating and sharing traceability datasets within the research community, and discussed challenges related to the adoption of tracing techniques in industrial practice. Members of the research community are engaged in many active, ongoing, and impactful research projects. Our hope is that ten years from now we will be able to look back at a productive decade of research and claim that we have achieved the overarching Grand Challenge of Traceability, which seeks for traceability to be always present, built into the engineering process, and for it to have "effectively disappeared without a trace". We hope that others will see the potential that traceability has for empowering software and systems engineers to develop higher-quality products at increasing levels of complexity and scale, and that they will join the active community of Software and Systems traceability researchers as we move forward into the next decade of research