Project Management for Enterprise Architecture Evaluation

The Enterprise Architecture (EA) describes overarching designs ofindividual physical and logical components, so that they assembly resultsin a complete and working product. The designs are developed within anyprojects. The designs concern computer systems and network implementation, software development and installation, data migration and businessprocesses reengineering. The paper supports the thesis that EA is acomplex of information communication technology (ICT) projects and as suchshould be evaluated by deployment of cost-benefit investment evaluationmethods usually applied for project management. The main goal of the paperis to present opportunities of enterprise architecture evaluation byproject evaluations. In the paper, different projects, i.e., multiproject, project portfolio, project programme, roll-out projects, large project, are discussed in the aspect of their value creation in the EnterpriseArchitecture development process

Managing risks and opportunities in cyber-physical systems with software architecture assessments

Peer reviewe

Sustainability evaluation of software architectures

Long-living software systems are sustainable if they can be cost-efficiently maintained and evolved over their entire life-cycle. The quality of software architectures determines sus-tainability to a large extent. Scenario-based software archi-tecture evaluation methods can support sustainability anal-ysis, but they are still reluctantly used in practice. They are also not integrated with architecture-level metrics when evaluating implemented systems, which limits their capabil-ities. Existing literature reviews for architecture evaluation focus on scenario-based methods, but do not provide a criti-cal reflection of the applicability of such methods for sustain-ability evaluation. Our goal is to measure the sustainabil-ity of a software architecture both during early design us-ing scenarios and during evolution using scenarios and met-rics, which is highly relevant in practice. We thus provide a systematic literature review assessing scenario-based meth-ods for sustainability support and categorize more than 40 architecture-level metrics according to several design prin-ciples. Our review identifies a need for further empirical research, for the integration of existing methods, and for the more efficient use of formal architectural models. 1

Implementing Reliability: The Interaction of Requirements, Tactics and Architecture Patterns

An important way that the reliability of a software system is enhanced is through the implementation of specific run-time measures called runtime tactics. Because reliability is a system-wide property, tactic implementations affect the software structure and behavior at the system, or architectural level. For a given architecture, different tactics may be a better or worse fit for the architecture, depending on the requirements and how the architecture patterns used must change to accommodate the tactic: different tactics may be a better or worse fit for the architecture. We found three important factors that influence the implementation of reliability tactics. One is the nature of the tactic, which indicates whether the tactic influences all components of the architecture or just a subset of them. The second is the interaction between architecture patterns and tactics: specific tactics and patterns are inherently compatible or incompatible. The third is the reliability requirements which influence which tactics to use and where they should be implemented. Together, these factors affect how, where, and the difficulty of implementing reliability tactics. This information can be used by architects and developers to help make decisions about which patterns and tactics to use, and can also assist these users in learning what modifications and additions to the patterns are needed.</p

An interpretive case study into the application of software engineering theory

Even before software engineering was formally defined as a discipline, software projects were notorious for being behind schedule and over budget. The resulting software systems were also often described as unreliable. Researchers in the field have, over the years, theorised and proposed many standards, methods, processes and techniques to improve software project outcomes. Based on allegorical evidence, however, it would seem that these proposals are often not applied in practice. This study was inspired by a desire to probe this general theme, namely of the extent to which (if at all) software engineering theory is adopted in practice. The core of this research is an interpretive case study of a software project in the financial services industry that ran from end 2006 to mid 2008. I was one of a team of approximately 20 developers, analysts and development managers working on the project, until I left the company in 2009. Results are reported in a two-phase fashion over several themes. Firstly, the literature of recommended software engineering practices relating to a particular theme is reviewed. This is regarded as the "theory". Thereafter, the observations and evidence collected from the interpretive study in regard to the relevant theme is presented and discussed. The first theme investigated is the notion of "project outcome". Definitions of successful and failed software projects are considered from the perspective of the various stakeholders. Also considered are factors that contribute to project success or failure. After examining how case study participants viewed the project’s outcome, it is argued that the project could neither be labelled as a complete success nor as a complete failure. Two areas were identified as problematic: the requirements gathering process; and the system architecture that had been chosen. Improvements in these areas would arguably have most benefitted the project’s outcome. For this reason, recommended practices were probed in the literature relating both to requirements engineering and also to software architecture design. The case study project was then evaluated against these recommended practices to determine the degree to which they were implemented. In cases where the recommended practices were not implemented or only partially implemented, a number of reasons for the lack of adoption are considered. Of course, the conclusions made in this study as to why the recommended practices were not implemented cannot be naïvely generalized to the software engineering field as a whole. Instead, in line with the interpretive nature of the study, an attempt was made to gain in depth knowledge of a particular project, to show how that project’s individual characteristics influenced the adoption of software engineering theory, and to probe the consequences of such adoption or lack thereof. The study suggested that the complex and individual nature of software projects will have a substantial influence on the extent to which theory is adopted in practice. It also suggested that the impact such adoption will have on a project’s outcome will be critically influenced by the nature of the software project. CopyrightDissertation (MSc)--University of Pretoria, 2012.Computer Scienceunrestricte

Anomalous behaviour detection for cyber defence in modern industrial control systems

A thesis submitted in partial fulfilment of the requirements of the University of Wolverhampton for the degree of Doctor of Philosophy.The fusion of pervasive internet connectivity and emerging technologies in smart cities creates fragile cyber-physical-natural ecosystems. Industrial Control Systems (ICS) are intrinsic parts of smart cities and critical to modern societies. Not designed for interconnectivity or security, disruptor technologies enable ubiquitous computing in modern ICS. Aided by artificial intelligence and the industrial internet of things they transform the ICS environment towards better automation, process control and monitoring. However, investigations reveal that leveraging disruptive technologies in ICS creates security challenges exposing critical infrastructure to sophisticated threat actors including increasingly hostile, well-organised cybercrimes and Advanced Persistent Threats. Besides external factors, the prevalence of insider threats includes malicious intent, accidental hazards and professional errors. The sensing capabilities create opportunities to capture various data types. Apart from operational use, this data combined with artificial intelligence can be innovatively utilised to model anomalous behaviour as part of defence-in-depth strategies. As such, this research aims to investigate and develop a security mechanism to improve cyber defence in ICS. Firstly, this thesis contributes a Systematic Literature Review (SLR), which helps analyse frameworks and systems that address CPS’ cyber resilience and digital forensic incident response in smart cities. The SLR uncovers emerging themes and concludes several key findings. For example, the chronological analysis reveals key influencing factors, whereas the data source analysis points to a lack of real CPS datasets with prevalent utilisation of software and infrastructure-based simulations. Further in-depth analysis shows that cross-sector proposals or applications to improve digital forensics focusing on cyber resilience are addressed by a small number of research studies in some smart sectors. Next, this research introduces a novel super learner ensemble anomaly detection and cyber risk quantification framework to profile anomalous behaviour in ICS and derive a cyber risk score. The proposed framework and associated learning models are experimentally validated. The produced results are promising and achieve an overall F1-score of 99.13%, and an anomalous recall score of 99% detecting anomalies lasting only 17 seconds ranging from 0.5% to 89% of the dataset. Further, a one-class classification model is developed, leveraging stream rebalancing followed by adaptive machine learning algorithms and drift detection methods. The model is experimentally validated producing promising results including an overall Matthews Correlation Coefficient (MCC) score of 0.999 and the Cohen’s Kappa (K) score of 0.9986 on limited variable single-type anomalous behaviour per data stream. Wide data streams achieve an MCC score of 0.981 and a K score of 0.9808 in the prevalence of multiple types of anomalous instances. Additionally, the thesis scrutinises the applicability of the learning models to support digital forensic readiness. The research study presents the concept of digital witness and digital chain of custody in ICS. Following that, a use case integrating blockchain technologies into the design of ICS to support digital forensic readiness is discussed. In conclusion, the contributions of this research thesis help towards developing the next generation of state-of-the-art methods for anomalous behaviour detection in ICS defence-in-depth