4,822 research outputs found
Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security
assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security
mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps
framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include
the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any)
and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security
level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received
funding from the European Union’s Horizon 2020 research
and innovation programme under grant agreement No 644429
and No 780351, MUSA project and ENACT project,
respectively. We would also like to acknowledge all the
members of the MUSA Consortium and ENACT Consortium
for their valuable help
Safety-Critical Systems and Agile Development: A Mapping Study
In the last decades, agile methods had a huge impact on how software is
developed. In many cases, this has led to significant benefits, such as quality
and speed of software deliveries to customers. However, safety-critical systems
have widely been dismissed from benefiting from agile methods. Products that
include safety critical aspects are therefore faced with a situation in which
the development of safety-critical parts can significantly limit the potential
speed-up through agile methods, for the full product, but also in the
non-safety critical parts. For such products, the ability to develop
safety-critical software in an agile way will generate a competitive advantage.
In order to enable future research in this important area, we present in this
paper a mapping of the current state of practice based on {a mixed method
approach}. Starting from a workshop with experts from six large Swedish product
development companies we develop a lens for our analysis. We then present a
systematic mapping study on safety-critical systems and agile development
through this lens in order to map potential benefits, challenges, and solution
candidates for guiding future research.Comment: Accepted at Euromicro Conf. on Software Engineering and Advanced
Applications 2018, Prague, Czech Republi
Report from GI-Dagstuhl Seminar 16394: Software Performance Engineering in the DevOps World
This report documents the program and the outcomes of GI-Dagstuhl Seminar
16394 "Software Performance Engineering in the DevOps World".
The seminar addressed the problem of performance-aware DevOps. Both, DevOps
and performance engineering have been growing trends over the past one to two
years, in no small part due to the rise in importance of identifying
performance anomalies in the operations (Ops) of cloud and big data systems and
feeding these back to the development (Dev). However, so far, the research
community has treated software engineering, performance engineering, and cloud
computing mostly as individual research areas. We aimed to identify
cross-community collaboration, and to set the path for long-lasting
collaborations towards performance-aware DevOps.
The main goal of the seminar was to bring together young researchers (PhD
students in a later stage of their PhD, as well as PostDocs or Junior
Professors) in the areas of (i) software engineering, (ii) performance
engineering, and (iii) cloud computing and big data to present their current
research projects, to exchange experience and expertise, to discuss research
challenges, and to develop ideas for future collaborations
DevOps model in practice: Applying a novel reference model to support and encourage the adoption of DevOps in a software development company as case study
DevOps has emerged as an approach to help organizations automate, cost optimization, increase profitability, improve the stability of the software development process and the responsiveness of organizations, and create a more agile development and release pipeline. However, its adoption, maintenance and evaluation continue to be a challenge for software organizations, due to the absence of solutions that formalize process elements in a detailed way, such as: practices, roles, artifacts, objectives, among others. This paper presents a DevOps Model, this model to support the adoption of DevOps, which provides a set of fundamental and complementary values, principles, dimensions, and practices. The practices suggest a set of items such as purpose, specific objectives and expected artifacts. The elements defined in proposed DevOps Model arise from the elements found in the studies analyzed through a systematic mapping study. Model evaluation was carried out through a software development company as case study. The results obtained have allowed the case study company to evaluate, diagnose and identify improvement opportunities to be carried out in the processes and projects where a DevOps-based approach is used, the above in a practical, useful, and adequate way that allows this type of companies and with a low use of resources, both economic investment and time. This is how the DevOps Model could guide professionals and organizations towards a better understanding of DevOps, in addition to minimizing the subjectivity and error of its interpretation, adoption and evaluation
A mapping study on documentation in Continuous Software Development
Context: With an increase in Agile, Lean, and DevOps software methodologies over the last years (collectively referred to as Continuous Software Development (CSD)), we have observed that documentation is often poor. Objective: This work aims at collecting studies on documentation challenges, documentation practices, and tools that can support documentation in CSD. Method: A systematic mapping study was conducted to identify and analyze research on documentation in CSD, covering publications between 2001 and 2019. Results: A total of 63 studies were selected. We found 40 studies related to documentation practices and challenges, and 23 studies related to tools used in CSD. The challenges include: informal documentation is hard to understand, documentation is considered as waste, productivity is measured by working software only, documentation is out-of-sync with the software and there is a short-term focus. The practices include: non-written and informal communication, the usage of development artifacts for documentation, and the use of architecture frameworks. We also made an inventory of numerous tools that can be used for documentation purposes in CSD. Overall, we recommend the usage of executable documentation, modern tools and technologies to retrieve information and transform it into documentation, and the practice of minimal documentation upfront combined with detailed design for knowledge transfer afterwards. Conclusion: It is of paramount importance to increase the quantity and quality of documentation in CSD. While this remains challenging, practitioners will benefit from applying the identified practices and tools in order to mitigate the stated challenges
Towards the measurement of Enterprise Information Systems agility to support EIS improving projects
International audienceEnterprise information systems (EIS) are directly implied in the global performance of an organisation. Nevertheless, their potential rigidity in comparison with the required fast evolution of the supported organisation remains an important open research question. The proposed research work aims to define and evaluate the agility of an EIS, in order to assist both software engineers and business managers in EIS improvement projects. In particular, a framework is proposed to structure the different existing metrics on agility according to the improvements needs and the intrinsic characteristics of an information system
Towards Self-Protective Multi-Cloud Applications: MUSA – a Holistic Framework to Support the Security-Intelligent Lifecycle Management of Multi-Cloud Applications
The most challenging applications in heterogeneous cloud ecosystems are those that are able to maximise the benefits of the combination of the cloud resources in use: multi-cloud applications. They have to deal with the security of the individual components as well as with the overall application security including the communications and the data flow between the components. In this paper we present a novel approach currently in progress, the MUSA framework. The MUSA framework aims to support the security-intelligent lifecycle management of distributed applications over heterogeneous cloud resources. The framework includes security-by-design mechanisms to allow application self-protection at runtime, as well as methods and tools for the integrated security assurance in both the engineering and operation of multi-cloud applications. The MUSA framework leverages security-by-design, agile and DevOps approaches to enable the security-aware development and operation of multi-cloud applications.European Commission's H202
A Quality Model for Actionable Analytics in Rapid Software Development
Background: Accessing relevant data on the product, process, and usage
perspectives of software as well as integrating and analyzing such data is
crucial for getting reliable and timely actionable insights aimed at
continuously managing software quality in Rapid Software Development (RSD). In
this context, several software analytics tools have been developed in recent
years. However, there is a lack of explainable software analytics that software
practitioners trust. Aims: We aimed at creating a quality model (called
Q-Rapids quality model) for actionable analytics in RSD, implementing it, and
evaluating its understandability and relevance. Method: We performed workshops
at four companies in order to determine relevant metrics as well as product and
process factors. We also elicited how these metrics and factors are used and
interpreted by practitioners when making decisions in RSD. We specified the
Q-Rapids quality model by comparing and integrating the results of the four
workshops. Then we implemented the Q-Rapids tool to support the usage of the
Q-Rapids quality model as well as the gathering, integration, and analysis of
the required data. Afterwards we installed the Q-Rapids tool in the four
companies and performed semi-structured interviews with eight product owners to
evaluate the understandability and relevance of the Q-Rapids quality model.
Results: The participants of the evaluation perceived the metrics as well as
the product and process factors of the Q-Rapids quality model as
understandable. Also, they considered the Q-Rapids quality model relevant for
identifying product and process deficiencies (e.g., blocking code situations).
Conclusions: By means of heterogeneous data sources, the Q-Rapids quality model
enables detecting problems that take more time to find manually and adds
transparency among the perspectives of system, process, and usage.Comment: This is an Author's Accepted Manuscript of a paper to be published by
IEEE in the 44th Euromicro Conference on Software Engineering and Advanced
Applications (SEAA) 2018. The final authenticated version will be available
onlin
A Model-Driven Approach for Business Process Management
The Business Process Management is a common mechanism recommended by a high number of standards for the management of companies and organizations. In software companies this practice is every day more accepted and companies have to assume it, if they want to be competitive. However, the effective definition of these processes and mainly their maintenance and execution are not always easy tasks. This paper presents an approach based on the Model-Driven paradigm for Business Process Management in software companies. This solution offers a suitable mechanism that was implemented successfully in different companies with a tool case named NDTQ-Framework.Ministerio de Educación y Ciencia TIN2010-20057-C03-02Junta de Andalucía TIC-578
- …