Taming the cloud: Safety, certification and compliance for software services - Keynote at the Workshop on Engineering Service-Oriented Applications (WESOA) 2011

The maturity of IT processes, such as software development, can be and is often certified. Current trends in the IT industry suggest that software systems in the future will be very different from their counterparts today, with an increasing adoption of the Service-Oriented Architecture (SOA) design pattern and the deployment of Software-as-a-Service (SaaS) on Cloud infrastructures. In this talk we discuss some issues surrounding engineering Software Services for Cloud infrastructures and highlight the need for enhanced control, service-level agreement and compliance mechanisms for Software Services. Cloud Infrastructures and Service Mash-ups

Report from GI-Dagstuhl Seminar 16394: Software Performance Engineering in the DevOps World

This report documents the program and the outcomes of GI-Dagstuhl Seminar 16394 "Software Performance Engineering in the DevOps World". The seminar addressed the problem of performance-aware DevOps. Both, DevOps and performance engineering have been growing trends over the past one to two years, in no small part due to the rise in importance of identifying performance anomalies in the operations (Ops) of cloud and big data systems and feeding these back to the development (Dev). However, so far, the research community has treated software engineering, performance engineering, and cloud computing mostly as individual research areas. We aimed to identify cross-community collaboration, and to set the path for long-lasting collaborations towards performance-aware DevOps. The main goal of the seminar was to bring together young researchers (PhD students in a later stage of their PhD, as well as PostDocs or Junior Professors) in the areas of (i) software engineering, (ii) performance engineering, and (iii) cloud computing and big data to present their current research projects, to exchange experience and expertise, to discuss research challenges, and to develop ideas for future collaborations

Evolution of Software Engineering in the Changing Scenario of Modern Hardware Architecture, Semantic Web and Cloud Computing Platform

Traditional way of software engineering is no longer fully suitable in the changing scenario of modern hardwareand software architecture of parallel and distributed computing on Semantic web and Cloud computing platform. A parallelhardware architecture can support high performance computing but needs changes in programming style. Also the capabilityof Semantic web can link everything on the internet making an interoperable intelligent system. And with this capabilitymany beneficial business models like Web services and Cloud computing platform have been conceptualized. Cloudcomputing is the most anticipated future trend of computing. These changes in hardware and software architecture means weneed to re-visit the traditional software engineering process models meant for a single computer system. This paper firstsurveys the evolution of hardware architecture, newer business models, newer software applications and then analyses theneed for changes in software engineering process models to leverage all the benefits of the newer business models. Thispaper also emphasizes the vulnerability of the web applications and cloud computing platform in terms of risk managementof web applications in general and privacy and security of customer information in shared cloud platform which maythreaten the adoption of the cloud platform.Keywords/Index Terms— Agile Process Model , Cloud Computing Platform, Privacy and Security Issues, RiskManagement, Semantic Web, Software Evolution

A comparative study of cloud services use by prospective IT professionals in five countries

Individuals and organizations utilise the cloud technology and its services in various ways. Cloud-based services are becoming increasingly popular, while there is no adequate knowledge offered for their secure use in the education for future IT professionals. It is important to understand how security and privacy issues are perceived and handled by male/female users and IT professionals of different cultures. The authors aim at presenting and scrutinizing information about cloud services’ use by prospective IT professionals in five countries, namely China, Finland, Greece, Nepal, and the UK. In particular the authors, wanting to find out what are the future IT professionals’ conceptualisations and awareness, collected data from male and female IT students in higher education, who use (or not) cloud services. The authors further illustrate the research findings by proceeding to a comparative analysis considering different perspectives such as: gender, education background, national culture (values and culture), and IT-related knowledge. The final research outcomes reveal attention-grabbing information for future IT professionals’ skills, knowledge, and digital competencies. For the IT professionals and software quality engineering communities the latter comprise a body of realistic knowledge, worthy of note when designing curricula for security technology by accommodating practical and accessible solutions (e.g., cryptography-based cloud security) for developing and enhancing the IT professionals’ role

PaaSword: A Data Privacy and Context-aware Security Framework for Developing Secure Cloud Applications - Technical and Scientific Contributions

Most industries worldwide have entered a period of reaping the benefits and opportunities cloud offers. At the same time, many efforts are made to address engineering challenges for the secure development of cloud systems and software.With the majority of software engineering projects today relying on the cloud, the task to structure end-to-end secure-by-design cloud systems becomes challenging but at the same time mandatory. The PaaSword project has been commissioned to address security and data privacy in a holistic way by proposing a context-aware security-by-design framework to support software developers in constructing secure applications for the cloud. This chapter presents an overview of the PaaSword project results, including the scientific achievements as well as the description of the technical solution. The benefits offered by the framework are validated through two pilot implementations and conclusions are drawn based on the future research challenges which are discussed in a research agenda

definitions, concepts, approaches, requirements, characteristics and evaluation models

FAPESP (processes 2012/24487-3 and 2012/04549-4) and Brazil-Europe Erasmus Mundus project (process BM13DM0002) partially funded this researchAmong research opportunities in software engineering for cloud computing model, interoperability stands out. We found that the dynamic nature of cloud technologies and the battle for market domination make cloud applications locked-id, i.e, proprietary, non-portable and non-interoperable. In general context of cloud computing, interoperability goes beyond communication between systems like in other fields, it goes in direction of more dynamic, heterogeneous, complex and composed applications that take advantage of best features from different providers and services simultaneously. Interoperability in cloud constitutes a great challenge that must be overcome for that, in the future, software be more dynamic and improved.publishersversionpublishe

On Evaluating Commercial Cloud Services: A Systematic Review

Background: Cloud Computing is increasingly booming in industry with many competing providers and services. Accordingly, evaluation of commercial Cloud services is necessary. However, the existing evaluation studies are relatively chaotic. There exists tremendous confusion and gap between practices and theory about Cloud services evaluation. Aim: To facilitate relieving the aforementioned chaos, this work aims to synthesize the existing evaluation implementations to outline the state-of-the-practice and also identify research opportunities in Cloud services evaluation. Method: Based on a conceptual evaluation model comprising six steps, the Systematic Literature Review (SLR) method was employed to collect relevant evidence to investigate the Cloud services evaluation step by step. Results: This SLR identified 82 relevant evaluation studies. The overall data collected from these studies essentially represent the current practical landscape of implementing Cloud services evaluation, and in turn can be reused to facilitate future evaluation work. Conclusions: Evaluation of commercial Cloud services has become a world-wide research topic. Some of the findings of this SLR identify several research gaps in the area of Cloud services evaluation (e.g., the Elasticity and Security evaluation of commercial Cloud services could be a long-term challenge), while some other findings suggest the trend of applying commercial Cloud services (e.g., compared with PaaS, IaaS seems more suitable for customers and is particularly important in industry). This SLR study itself also confirms some previous experiences and reveals new Evidence-Based Software Engineering (EBSE) lessons