Software Development in the Cloud: Exploring the Affordances of Platform-as-a-Service

Software development teams increasingly adopt platform-as-a-service (PaaS), i.e., cloud services that make software development infrastructure available over the internet. Yet, empirical evidence of whether and how software development work changes with the use of PaaS is difficult to find. We performed a grounded-theory study to explore the affordances of PaaS for software development teams. We find that PaaS enables software development teams to enforce uniformity, to exploit knowledge embedded in technology, to enhance agility, and to enrich jobs. These affordances do not arise in a vacuum. Their emergence is closely interwoven with changes in methodologies, roles, and norms that give rise to self-organizing, loosely coupled teams. Our study provides rich descriptions of PaaS-based software development and an emerging theory of affordances of PaaS for software development teams

Implementation of a data virtualization layer applied to insurance data

This work focuses on the introduction of a data virtualization layer to read and consolidate data from heterogeneous sources (Hadoop system, a data mart and a data warehouse) and provide a single point of data access to all data consumers

An Access Control Model for NoSQL Databases

Current development platforms are web scale, unlike recent platforms which were just network scale. There has been a rapid evolution in computing paradigm that has created the need for data storage as agile and scalable as the applications they support. Relational databases with their joins and locks influence performance in web scale systems negatively. Thus, various types of non-relational databases have emerged in recent years, commonly referred to as NoSQL databases. To fulfill the gaps created by their relational counter-part, they trade consistency and security for performance and scalability. With NoSQL databases being adopted by an increasing number of organizations, the provision of security for them has become a growing concern. This research presents a context based abstract model by extending traditional role based access control for access control in NoSQL databases. The said model evaluates and executes security policies which contain versatile access conditions against the dynamic nature of data. The goal is to devise a mechanism for a forward looking, assertive yet flexible security feature to regulate access to data in the database system that is devoid of rigid structures and consistency, namely a document based database such as MongoDB

Implanting Life-Cycle Privacy Policies in a Context Database

Ambient intelligence (AmI) environments continuously monitor surrounding individuals' context (e.g., location, activity, etc.) to make existing applications smarter, i.e., make decision without requiring user interaction. Such AmI smartness ability is tightly coupled to quantity and quality of the available (past and present) context. However, context is often linked to an individual (e.g., location of a given person) and as such falls under privacy directives. The goal of this paper is to enable the difficult wedding of privacy (automatically fulfilling users' privacy whishes) and smartness in the AmI. interestingly, privacy requirements in the AmI are different from traditional environments, where systems usually manage durable data (e.g., medical or banking information), collected and updated trustfully either by the donor herself, her doctor, or an employee of her bank. Therefore, proper information disclosure to third parties constitutes a major privacy concern in the traditional studies

label-based security enforcement for web applications

This paper presents SELinks, a programming language focused on building secure multi-tier web applications. SE-Links provides a uniform programming model, in the style of LINQ and Ruby on Rails, with language syntax for accessing objects residing either in the database or at the server. Object-level security policies are expressed as fullycustomizable, first-class labels which may themselves be subject to security policies. Access to labeled data is mediated via trusted, user-provided policy enforcement functions. SELinks has two novel features that ensure security policies are enforced correctly and efficiently. First, SELinks implements a type system called Fable that allows a protected object’s type to refer to its protecting label. The type system can check that labeled data is never accessed directly by the program without first consulting the appropriate policy enforcement function. Second, SELinks compiles policy enforcement code to database-resident user-defined functions that can be called directly during query processing. Database-side checking avoids transferring data to the server needlessly, while still allowing policies to be expressed in a customizable and portable manner. Our experience with two sizable web applications, a model health-care database and a secure wiki with fine-grained security policies, indicates that cross-tier policy enforcement in SELinks is flexible, relatively easy to use, and, when compared to a single-tier approach, improves throughput by nearly an order of magnitude. SELinks is freely available

D1.1 DEMAND ASSESSMENT FRAMEWORK

This report proposes the initial draft of the LeADS ADS Framework composed by three major elements; identification and definition of technologies in scope; skills included under those technologies, and definition of job roles, where other skills frameworks are considered for comparison and alignment. The report summarises the first workshop held by the project with external constituencies even though the feedback will be incorporated in the final version of the framework, where the layer of job roles will be completed, and the others revised according to additional input. This framework serves as reference for the next step in LeADS: the assessment of the demand and the supply

A unified view of data-intensive flows in business intelligence systems : a survey

Data-intensive flows are central processes in today’s business intelligence (BI) systems, deploying different technologies to deliver data, from a multitude of data sources, in user-preferred and analysis-ready formats. To meet complex requirements of next generation BI systems, we often need an effective combination of the traditionally batched extract-transform-load (ETL) processes that populate a data warehouse (DW) from integrated data sources, and more real-time and operational data flows that integrate source data at runtime. Both academia and industry thus must have a clear understanding of the foundations of data-intensive flows and the challenges of moving towards next generation BI environments. In this paper we present a survey of today’s research on data-intensive flows and the related fundamental fields of database theory. The study is based on a proposed set of dimensions describing the important challenges of data-intensive flows in the next generation BI setting. As a result of this survey, we envision an architecture of a system for managing the lifecycle of data-intensive flows. The results further provide a comprehensive understanding of data-intensive flows, recognizing challenges that still are to be addressed, and how the current solutions can be applied for addressing these challenges.Peer ReviewedPostprint (author's final draft

Cyber Supply Chain Risk Management: Toward an Understanding of the Antecedents to Demand for Assurance

Recognizing the need for effective cyber risk management processes across the supply chain, the AICPA issued a new SOC in March 2020 for assuring cyber supply chain risk management (C-SCRM) processes. This study examines supply chain relationship factors and cyber risk issues to better understand the demand for C-SCRM assurance. Resource-Advantage Theory of Competition provides the conceptual foundation for assessing the dual drivers of relationship building and cyber risk management on demand for assurance. We use a field survey to collect data from 205 professionals enabling evaluation of the complex relationships in the theoretical model. Results support all hypotheses, provide satisfactory model fit, and support the underlying theory. Trust and cyber supply chain risk both positively influence demand for assurance over C-SCRM processes. This study expands the literature on cyber assurance by auditors and elaborates on overall supply chain processes that help drive value from auditors providing such assurance

A software architecture for electro-mobility services: a milestone for sustainable remote vehicle capabilities

To face the tough competition, changing markets and technologies in automotive industry, automakers have to be highly innovative. In the previous decades, innovations were electronics and IT-driven, which increased exponentially the complexity of vehicle’s internal network. Furthermore, the growing expectations and preferences of customers oblige these manufacturers to adapt their business models and to also propose mobility-based services. One other hand, there is also an increasing pressure from regulators to significantly reduce the environmental footprint in transportation and mobility, down to zero in the foreseeable future. This dissertation investigates an architecture for communication and data exchange within a complex and heterogeneous ecosystem. This communication takes place between various third-party entities on one side, and between these entities and the infrastructure on the other. The proposed solution reduces considerably the complexity of vehicle communication and within the parties involved in the ODX life cycle. In such an heterogeneous environment, a particular attention is paid to the protection of confidential and private data. Confidential data here refers to the OEM’s know-how which is enclosed in vehicle projects. The data delivered by a car during a vehicle communication session might contain private data from customers. Our solution ensures that every entity of this ecosystem has access only to data it has the right to. We designed our solution to be non-technological-coupling so that it can be implemented in any platform to benefit from the best environment suited for each task. We also proposed a data model for vehicle projects, which improves query time during a vehicle diagnostic session. The scalability and the backwards compatibility were also taken into account during the design phase of our solution. We proposed the necessary algorithms and the workflow to perform an efficient vehicle diagnostic with considerably lower latency and substantially better complexity time and space than current solutions. To prove the practicality of our design, we presented a prototypical implementation of our design. Then, we analyzed the results of a series of tests we performed on several vehicle models and projects. We also evaluated the prototype against quality attributes in software engineering