SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators

Although Cloud Computing promises to lower IT costs and increase users' productivity in everyday life, the unattractive aspect of this new technology is that the user no longer owns all the devices which process personal data. To lower scepticism, the project SensorCloud investigates techniques to understand and compensate these adoption barriers in a scenario consisting of cloud applications that utilize sensors and actuators placed in private places. This work provides an interdisciplinary overview of the social and technical core research challenges for the trustworthy integration of sensor and actuator devices with the Cloud Computing paradigm. Most importantly, these challenges include i) ease of development, ii) security and privacy, and iii) social dimensions of a cloud-based system which integrates into private life. When these challenges are tackled in the development of future cloud systems, the attractiveness of new use cases in a sensor-enabled world will considerably be increased for users who currently do not trust the Cloud.Comment: 14 pages, 3 figures, published as technical report of the Department of Computer Science of RWTH Aachen Universit

AGILE AND SECURE SOFTWARE DEVELOPMENT: AN UNFINISHED STORY

Given the widespread adoption of agile methods and the rising number of software vulnerabilities, we analyze the literature with an interest in the effect of security practices on software development agility. We propose a novel taxonomy to systematize the body of knowledge around secure agile development and then organize and summarize the selected research using the new taxonomy. At a high-level we create two categories, Phase Focused and Phase Independent. The Phase Focused category is then subdivided along the traditional SDLC phases. The Phase Independent category spans all phases of the SDLC or is phase independent. We conclude that, although there is a significant body of literature on the topic, the story is unfinished. There is further investigation needed to ensure agility as secure development practices are adopted and in regard to empirical evaluations of the proposed agile and secure software development integration approaches

Qualitative software engineering research -- reflections and guidelines

Researchers are increasingly recognizing the importance of human aspects in software development and since qualitative methods are used to, in-depth, explore human behavior, we believe that studies using such techniques will become more common. Existing qualitative software engineering guidelines do not cover the full breadth of qualitative methods and knowledge on using them found in the social sciences. The aim of this study was thus to extend the software engineering research community's current body of knowledge regarding available qualitative methods and provide recommendations and guidelines for their use. With the support of an epistemological argument and a literature review, we suggest that future research would benefit from (1) utilizing a broader set of research methods, (2) more strongly emphasizing reflexivity, and (3) employing qualitative guidelines and quality criteria. We present an overview of three qualitative methods commonly used in social sciences but rarely seen in software engineering research, namely interpretative phenomenological analysis, narrative analysis, and discourse analysis. Furthermore, we discuss the meaning of reflexivity in relation to the software engineering context and suggest means of fostering it. Our paper will help software engineering researchers better select and then guide the application of a broader set of qualitative research methods.Comment: 30 page

Proceedings of International Workshop "Global Computing: Programming Environments, Languages, Security and Analysis of Systems"

According to the IST/ FET proactive initiative on GLOBAL COMPUTING, the goal is to obtain techniques (models, frameworks, methods, algorithms) for constructing systems that are flexible, dependable, secure, robust and efficient. The dominant concerns are not those of representing and manipulating data efficiently but rather those of handling the co-ordination and interaction, security, reliability, robustness, failure modes, and control of risk of the entities in the system and the overall design, description and performance of the system itself. Completely different paradigms of computer science may have to be developed to tackle these issues effectively. The research should concentrate on systems having the following characteristics: • The systems are composed of autonomous computational entities where activity is not centrally controlled, either because global control is impossible or impractical, or because the entities are created or controlled by different owners. • The computational entities are mobile, due to the movement of the physical platforms or by movement of the entity from one platform to another. • The configuration varies over time. For instance, the system is open to the introduction of new computational entities and likewise their deletion. The behaviour of the entities may vary over time. • The systems operate with incomplete information about the environment. For instance, information becomes rapidly out of date and mobility requires information about the environment to be discovered. The ultimate goal of the research action is to provide a solid scientific foundation for the design of such systems, and to lay the groundwork for achieving effective principles for building and analysing such systems. This workshop covers the aspects related to languages and programming environments as well as analysis of systems and resources involving 9 projects (AGILE , DART, DEGAS , MIKADO, MRG, MYTHS, PEPITO, PROFUNDIS, SECURE) out of the 13 founded under the initiative. After an year from the start of the projects, the goal of the workshop is to fix the state of the art on the topics covered by the two clusters related to programming environments and analysis of systems as well as to devise strategies and new ideas to profitably continue the research effort towards the overall objective of the initiative. We acknowledge the Dipartimento di Informatica and Tlc of the University of Trento, the Comune di Rovereto, the project DEGAS for partially funding the event and the Events and Meetings Office of the University of Trento for the valuable collaboration

Flexible Global Software Development (GSD): Antecedents of Success in Requirements Analysis

Globalization of software development has resulted in a rapid shift away from the traditional collocated, on-site development model, to the offshoring model. Emerging trends indicate an increasing interest in offshoring even in early phases like requirements analysis. Additionally, the flexibility offered by the agile development approach makes it attractive for adaptation in globally distributed software work. A question of significance then is what impacts the success of offshoring earlier phases, like requirements analysis, in a flexible and globally distributed environment? This article incorporates the stance of control theory to posit a research model that examines antecedent factors such as requirements change, facilitation by vendor and client site-coordinators, control, and computer-mediated communication. The impact of these factors on success of requirements analysis projects in a “flexible” global setting is tested using two quasi-experiments involving students from Management Development Institute, India and Marquette University, USA. Results indicate that formal modes of control significantly influence project success during requirements analysis. Further, facilitation by both client and vendor site coordinators positively impacts requirements analysis success

Investigating Secure Agile Requirements Engineering Practices in Software Development

The aim of this research study was to assess Agile RE practices in the South African software development industry and investigate secure Agile RE initiatives towards developing secure products. This qualitative research study was contextualized in seventeen South African software development companies. The researchers used structured interviews and document reviews as the primary data collection instruments. Qualitative data was analyzed inductively using content analysis. Emanating from the research were recommendations to guide a regular software developer on good Agile RE practices. The study concluded that although Agile Software Development is practiced in the South African software industry, there needs to be stricter adherences to the Agile Manifesto and Agile Security Manifesto in requirements engineering