A secure virtualization model for cloud computing to defend against distributed denial-of service attacks

Cloud computing is based on three principles which are distributed systems, grid computing and utility computing. It provides high performance infrastructure according usage of Virtualization to offer capabilities such as on demand self-service, pay per use, highly scalable, rapid elasticity and huge amount of resource pools through the Internet. Everything in cloud environment is used as a service. The cloud technology transformed the desktop computing into service based computing by getting advantages of using data centers and server cluster technology. Even with all advantages which could bring for both Cloud Providers and Cloud consumers still security is one of the most significant concerns in this environment such as Confidentiality, Integrity, Availability, Authenticity, and privacy. A lack of security in Infrastructure as a Service (IaaS) as a fundamental delivery layer in cloud computing has an effective impact on the others delivery layers which are built on top of this layer. One of the most serious threats against the availability of cloud resources comes from Distributed Denial-of Service (DDoS) attack. This kind of attack is a large scalable and organized attack against availability of services and resources of the victim. This attack is launched by getting usage of sending tremendously large volumes of request to the target through the huge number of distributed compromised systems. The purpose of this study is to propose a new model for preventing disruption of available resources in terms of attack period. Based on previous research there is not a proper model that completely defense against DDoS attack, so the aim of this model is proposed to enhance the availability of cloud resources

Computer Science's Digest Volume 3

This series of textbooks was created for the students of the Systems Engineering Program at the University of Nariño. They have been intentionally written in English to promote reading in a foreign language. The textbooks are a collection of reflections and workshops on specific situations in the field of computer science, based on the authors’ experiences. The main purpose of these textbooks is essentially academic. The way in which the reflections and workshops were constructed follows a didactic structure, to facilitate teaching and learning, making use of English as a second language. This book covers Professional Issues in Computing and Programming the Interne

Um modelo de capacidade e maturidade para melhoria de processo de software para SaaS colaborativo

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Engenharia de Automação e Sistemas, Florianópolis, 2013.Atualmente, o cenário de desenvolvimento e disponibilização de software se mostra altamente exigente e dinâmico. SaaS (Software-as-a-Service) traz consigo uma série de vantagens que atraem provedores e clientes para tirarem proveito do cloud computing. Esses novos paradigmas permitem (com mais facilidade) a terceirização das soluções de TI e a colaboração entre provedores de serviços de software, tentando buscar novas oportunidades se beneficiando das alianças. As formas como as novas tecnologias e conceitos se relacionam, mudam e surgem, são muito dinâmicas, gerando grande cobrança nas empresas provedoras de serviço de software, para que elas acompanhem essas mudanças. A confiança na contratação dos serviços SaaS é uma necessidade que surge junto a essa mudança de paradigma computacional. Existem diversas frentes que vêem apoiar uma possível resolução deste problema, e uma delas é a adoção de melhoria de processo de software nesses provedores de serviços, cujas premissas da Engenharia de Software já são bastante difundidas, como fazem a norma ISO/IEC 15504 e o CMMI-DEV. Porém, os atuais modelos de referência e normas que norteiam essa necessidade são voltadas para o desenvolvimento de software tradicional, não cobrindo totalmente um ambiente de desenvolvimento SaaS e colaboração. Alguns modelos voltados para serviços também já estão disponíveis, como o CMMI for services e o MPS.br guia geral de serviços, porém, eles apresentam "serviços" como sendo um serviço atendimento ao cliente, e não como serviço de software, como é trazido nesta tese. Com isso, nesta tese de doutorado foi desenvolvido um Modelo de Capacidade e Maturidade para Melhoria de Processo de Software para Software-as-a-Service e para Colaboração. Esse Modelo é um repositório de boas práticas de processos (de desenvolvimento de serviços de software e colaboração), baseados na engenharia de software e princípios de gestão do processo. Ele é organizado em níveis de capacidade e maturidade, projetado para melhorar os processos. Esse Modelo vem oferecer uma possibilidade de adequação às exigências de qualidade para os provedores, oferecendo mais argumentos positivos em sua contratação e potencializando a colaboração entre os provedores. Abstract : Nowadays, the scenario of software development and availability hasshown highly demanding and dynamic. Software-as-a-Service (SaaS)brings a lot of advantages that is attracting providers and customers whoare already familiar with the facility coming from cloud computing.These new paradigms allow (more easily) outsourcing of IT solutionsand collaboration among providers (trying to reach new opportunities tobenefit from alliances). The ways in which this new technologies andconcepts are related, emerge and change are very dynamic, generating ahuge demand to software development providers. Trustworthiness in thehiring of SaaS services is a necessity that comes close to this paradigmshift. There are several options that support this problem, and one ofthem is implement software process improvement of services providers,whose premises the Software Engineering are already known, likeISO/IEC 15504 standard and CMMI-DEV. However, current referencemodels and standards available are geared towards the development oftraditional software, do not completely covering SaaS developmentenvironment. Some models focused to services are available like CMMIfor services and MPS.br general guide for services, but they introducethe term ?service? like a customer service, differently that term softwareservice that is assumed in this thesis. Thus, in this doctoral thesis wasdeveloped a Capability and Maturity Model for Software ProcessImprovement for Collaborative Software-as-a-Service. This Model is arepository of best practices to Services Development Processes (SaaS)and Collaboration. Based on software engineering and managementprinciples of the process, it is organized into capability and maturitylevels, designed to improve processes. This Model can offer a chance toadapt to the quality demands for providers, offering more positivearguments in its hiring and supporting the collaboration among providers

Managing application integration capabilities

Majority of application integration projects fail to accomplish their goal. One of the main reasons for these failures is the lack of management and governance within the organization implementing the application integrations. Strategic and effective utilization of application integrations provides organizations with operational benefits by adding flexibility and reducing complexity of the information system landscape. Such advantages can be critical in current rapidly changing business environment. This thesis studies existing literature and research on application integration implementation and management and compares them with current practice of application integration work. Prior application integration research presents Enterprise Application Integration (EAI) as a prominent solution for organizations application integration problems. EAI is a mere technical solution but rather an organizational integration scenario or a connecting layer between business and technical layers. Few methodologies and frameworks for application integration implementation exist. Articles presenting these approaches have practical implications and recommendations for implementing and managing application integrations within an organization. They include lots of organizational and managerial aspects and observations. Specific frameworks or methodologies for application integration management on the organizational level were not found. An empirical study was carried out as a qualitative study by interviewing nine application integration professionals from five different software providers. Interviews considered three main themes: integration challenges, organizational integration capabilities and integration management. Respondents were asked to reflect their work experience and customer knowledge especially within application integration implementation projects. Most of the challenges and observations from the previous research were present in the results of this study. Management issues were seen having an impact for application integrations from the design phase until the maintenance phase. Five categories of general application integration management categories were presented to help outlining the complex and wide nature of application integration capability management.Suurin osa ohjelmistojen integrointihankkeista ei saavuta tavoitteitaan. Yksi tärkeimmistä syistä näihin epäonnistumisiin on puutteellinen integraatiotyön johtaminen ja hallinta integraatiota toteuttavassa organisaatiossa. Ohjelmistointegraatioiden strateginen ja tehokas hyödyntäminen mahdollistaa organisaatioille toiminnallisia etuja lisäämällä joustavuutta ja vähentämällä tietojärjestelmien monimutkaisuutta. Tällaiset edut voivat olla kriittisiä nykyisessä nopeasti muuttuvassa liiketoimintaympäristössä. Tämä opinnäytetyö tutkii olemassa olevaa kirjallisuutta ja tutkimusta ohjelmistointegraatioiden toteuttamisesta ja hallinnasta sekä vertaa niitä tämänhetkisiin sovellusten integrointityökäytäntöihin. Aiemmat ohjelmistointegraatiotutkimukset erilaisia integraatioratkaisuja vastauksena organisaatioiden sovellusten integrointiongelmiin. Enterprise Application Integration eli EAI ei ole pelkkä tekninen ratkaisu, vaan pikemminkin integraatioskenaario tai yhdistävä kerros liiketoiminnan ja teknisten kerrosten välillä. Ohjelmistointegraatioiden toteuttamiseen on muutamia menetelmiä ja viitekehyksiä. Näitä lähestymistapoja kuvaavissa artikkeleissa on käytännön esimerkkejä ja suosituksia ohjelmistointegraatioiden toteuttamiseen ja hallintaan organisaatiossa. Ne sisältävät erityisesti organisaatioon ja johtamiseen keskittyviä näkökulmia ja havaintoja. Varsinaisia viitekehyksiä tai menetelmiä ohjelmistointegraatioiden johtamiseen organisaatiotasolla ei löytynyt. Empiirinen tutkimus tehtiin laadullisena tutkimuksena haastattelemalla yhdeksää ohjelmistointegraatiotyön ammattilaista viidestä eri ohjelmistotoimittajayrityksestä. Haastatteluissa käsiteltiin kolmea pääteemaa: integraatiohaasteet, organisaation integraatiokyvykkyyttä ja integraatioiden johtamista. Vastaajia pyydettiin pohtimaan työ- ja asiakaskokemuksiaan erityisesti ohjelmistointegraatioiden käyttöönottoprojekteissa. Suurin osa aiemman tutkimuksen haasteista ja havainnoista kävi ilmi myös tämän tutkimuksen tuloksista. Johtamiseen liittyvien ongelmien havaittiin vaikuttavan ohjelmistointegraatioiden käyttöönoton kaikissa vaiheissa, suunnitteluvaiheesta ylläpitovaiheeseen. Tutkimuksen tuloksena esitetään viisi yleistettävää ohjelmistointegraatioiden johtamisen kategoriaa, joiden tarkoituksena oli auttaa hahmottamaan ohjelmistointegraatiokyvykkyyden johtamisen monimutkaista ja organisaation laajuista luonnetta

Business models for software-based services in complex systems

Manufacturing industry has evolved towards the delivery of complex systems, involving equipment, services and software components. Traditional industrial services are connected to the physical equipment, limiting the possibilities of service offering and thus, the financial benefits of them. It is not rare that services are focused on the maintenance of the customer’s equipment or on selling spare parts. Despite this, fiercer competition calls for new differentiation methods and increased customer value. Software-based services enabled by equipment lifecycle data represent a key business opportunity for manufacturing firms in a globalized world. Previous studies on servitization in the manufacturing industry enabled by product lifecycle data have considered the software tools needed to deliver the services, but the conditions and network tasks in the delivery chain are often overlooked. In the manufacturing industry, the increased centrality of information technology calls for cooperation with more specialized suppliers, and this cooperation is poorly understood. Thus this thesis explores alternative business models for software-based services and the tasks related to the service delivery network, considering the cooperation between manufacturing and software firms. The conditions to enable and successfully promote industrial services based on equipment lifecycle data are also described. An exploratory study was conducted with four software firms and two manufacturing companies. Interviews took place with employees with diverse managerial positions in different areas, revealing unexploited opportunities for software-based services enabled by equipment lifecycle data. A framework for a triadic cooperation is presented, clarifying the task division between manufacturing and software firms in service delivery. The customers’ participation specifics were set aside as this thesis had no access to them and their role specification was limited to the firms’ interpretation. It is suggested that a future study is conducted applying the presented suggestions and involving the customer in the process

Proceedings of the Fifth Mediterranean Conference on Information Systems: Professional Development Consortium

Collection of position statements of doctoral students and junior faculty in the Professional Development Consortium at the the Fifth Mediterranean Conference on Information Systems, Tel Aviv - Yafo

A decision framework to mitigate vendor lock-in risks in cloud (SaaS category) migration.

Cloud computing offers an innovative business model to enterprise IT services consumption and delivery. However, vendor lock-in is recognised as being a major barrier to the adoption of cloud computing, due to lack of standardisation. So far, current solutions and efforts tackling the vendor lock-in problem have been confined to/or are predominantly technology-oriented. Limited studies exist to analyse and highlight the complexity of vendor lock-in problem existing in the cloud environment. Consequently, customers are unaware of proprietary standards which inhibit interoperability and portability of applications when taking services from vendors. The complexity of the service offerings makes it imperative for businesses to use a clear and well understood decision process to procure, migrate and/or discontinue cloud services. To date, the expertise and technological solutions to simplify such transition and facilitate good decision making to avoid lock-in risks in the cloud are limited. Besides, little research investigations have been carried out to provide a cloud migration decision framework to assist enterprises to avoid lock-in risks when implementing cloud-based Software-as-a-Service (SaaS) solutions within existing environments. Such decision framework is important to reduce complexity and variations in implementation patterns on the cloud provider side, while at the same time minimizing potential switching cost for enterprises by resolving integration issues with existing IT infrastructures. Thus, the purpose of this thesis is to propose a decision framework to mitigate vendor lock-in risks in cloud (SaaS) migration. The framework follows a systematic literature review and analysis to present research findings containing factual and objective information, and business requirements for vendor-neutral interoperable cloud services, and/or when making architectural decisions for secure cloud migration and integration. The underlying research procedure for this thesis investigation consists of a survey based on qualitative and quantitative approaches conducted to identify the main risk factors that give rise to cloud computing lock-in situations. Epistemologically, the research design consists of two distinct phases. In phase 1, qualitative data were collected using open-ended interviews with IT practitioners to explore the business-related issues of vendor lock-in affecting cloud adoption. Whereas the goal of phase 2 was to identify and evaluate the risks and opportunities of lock-in which affect stakeholders’ decision-making about migrating to cloud-based solutions. In synthesis, the survey analysis and the framework proposed by this research (through its step-by-step approach), provides guidance on how enterprises can avoid being locked to individual cloud service providers. This reduces the risk of dependency on a cloud provider for service provision, especially if data portability, as the most fundamental aspect, is not enabled. Moreover, it also ensures appropriate pre-planning and due diligence so that the correct cloud service provider(s) with the most acceptable risks to vendor lock-in is chosen, and that the impact on the business is properly understood (upfront), managed (iteratively), and controlled (periodically). Each decision step within the framework prepares the way for the subsequent step, which supports a company to gather the correct information to make a right decision before proceeding to the next step. The reason for such an approach is to support an organisation with its planning and adaptation of the services to suit the business requirements and objectives. Furthermore, several strategies are proposed on how to avoid and mitigate lock-in risks when migrating to cloud computing. The strategies relate to contract, selection of vendors that support standardised formats and protocols regarding data structures and APIs, negotiating cloud service agreements (SLA) accordingly as well as developing awareness of commonalities and dependencies among cloud-based solutions. The implementation of proposed strategies and supporting framework has a great potential to reduce the risks of vendor lock-in

A theory and model for the evolution of software services.

Software services are subject to constant change and variation. To control service development, a service developer needs to know why a change was made, what are its implications and whether the change is complete. Typically, service clients do not perceive the upgraded service immediately. As a consequence, service-based applications may fail on the service client side due to changes carried out during a provider service upgrade. In order to manage changes in a meaningful and effective manner service clients must therefore be considered when service changes are introduced at the service provider's side. Otherwise such changes will most certainly result in severe application disruption. Eliminating spurious results and inconsistencies that may occur due to uncontrolled changes is therefore a necessary condition for the ability of services to evolve gracefully, ensure service stability, and handle variability in their behavior. Towards this goal, this work presents a model and a theoretical framework for the compatible evolution of services based on well-founded theories and techniques from a number of disparate fields.

ERP implementation methodologies and frameworks: a literature review

Enterprise Resource Planning (ERP) implementation is a complex and vibrant process, one that involves a combination of technological and organizational interactions. Often an ERP implementation project is the single largest IT project that an organization has ever launched and requires a mutual fit of system and organization. Also the concept of an ERP implementation supporting business processes across many different departments is not a generic, rigid and uniform concept and depends on variety of factors. As a result, the issues addressing the ERP implementation process have been one of the major concerns in industry. Therefore ERP implementation receives attention from practitioners and scholars and both, business as well as academic literature is abundant and not always very conclusive or coherent. However, research on ERP systems so far has been mainly focused on diffusion, use and impact issues. Less attention has been given to the methods used during the configuration and the implementation of ERP systems, even though they are commonly used in practice, they still remain largely unexplored and undocumented in Information Systems research. So, the academic relevance of this research is the contribution to the existing body of scientific knowledge. An annotated brief literature review is done in order to evaluate the current state of the existing academic literature. The purpose is to present a systematic overview of relevant ERP implementation methodologies and frameworks as a desire for achieving a better taxonomy of ERP implementation methodologies. This paper is useful to researchers who are interested in ERP implementation methodologies and frameworks. Results will serve as an input for a classification of the existing ERP implementation methodologies and frameworks. Also, this paper aims also at the professional ERP community involved in the process of ERP implementation by promoting a better understanding of ERP implementation methodologies and frameworks, its variety and history