Software prozesuen hobekuntzarako ekimenen biziraupen-analisia eta sailkapen-ikasketa, eta horien ondorioak enpresa txikietan

116 p.Softwareak funtsezko papera dauka negozio gehienetan. Hain zuzen ere, edozein negozioren abantaila lehiakorraren gako nagusietako bat dela esan daiteke. Software hori enpresa handi, ertain edo txikiek sor dezakete. Testuinguru horretan, erakunde mota horiek prozesuak hobetzeko ekimenak martxan jartzeko hautua egiten dute, merkatuan eskaintzen dituzten zerbitzuen edo azken produktuen kalitatea hobetzeko helburuarekin. Hortaz, ohikoa izaten da enpresa handi eta ertainek azken produktuen garapen-prozesuak zehaztea, are eredugarriak diren kalitate-ereduak erabiltzea, industriatik eratorritako jardunbide egokiekin. Izan ere, hobekuntza-ekimen bat aurrera eramaten laguntzeko erreferentziazko eredu eta estandar asko daude. Hortaz, erakundeek hainbat eredutako eskakizunak bete behar izaten dituzte aldi berean. Estandar horien barruan antzekoak diren praktika edo eskakizunak egon ohi dira (bikoiztasunak), edo neurri handiko erakundeentzat pentsatuta daudenak. Erakunde txikien esparruan, bikoiztasun horiek gainkostua eragiten dute ekimen hauetan. Horren ondorioz, erreferentziazko ereduekin loturiko prozesuak zehazteko orduan, burokrazia-lana handitu egiten da. Horrez gain, eredu hauen bikoiztasunak ezabatzera eta bere prozesuak hainbat arau aldi berean aintzat hartuta berraztertzera behartzen ditu. Egoera hori bereziki delikatua da 25 langiletik behera dituzten erakunde txikientzat, Very Small Entities (VSE) izenez ere ezagunak direnak. Erakunde mota hauek ahal duten modurik onenean erabiltzen dituzte haien baliabideak, eta, haien ikuspegitik, erreferentziazko eredu hauek gastu bat dira inbertsio bat baino gehiago. Hortaz, ez dute prozesuak hobetzeko ekimenik martxan jartzen. Ildo horretatik, erakunde horiei VSE-en beharretara egokituko zen eredu bat eskaintzeko sortu zen ISO/IEC 29110.ISO/IEC 29110 arauaren lehen edizioa 2011n sortu zen eta, ordutik, zenbait ikerketa-lan eta industria-esperientzia garatu dira testuinguru horren barruan. Batetik, ez dago VSE-ekin loturik dauden nahikoa industria-esperientzia, eta, beraz, ez da erraza jakitea zein den VSE-en portaera. 2011tik, ISO/IEC29110 arauarekin zerikusia duten hainbat lan argitaratu dira, baina, orain arte, lan horien tipologia oso desberdina izan da. Horrenbestez, ezinbestekoa da lehen esperientzia hauek aztertu eta ezagutzea, egindako lehen lan horiek sailkatu ahal izateko. Bestetik, prozesuak hobetzeko ekimenek ez dute beti arrakastarik izaten, eta mota honetako ekimen baten iraupena zein izango den ere ez da gauza ziurra izaten. Hartara, ekimen hauek testuinguru hauetan daukaten biziraupen maila zein den aztertu behar da, bai eta VSE-etan prozesuak hobetzeko ekimenak garatu eta ezarri bitartean eman daitezkeen lan-ereduak identifikatzea ere. Azkenik, garatzen dituzten produktuen segurtasun-arloarekin kezka berezia izan ohi dute VSEk. Hortaz, segurtasun-alderdi nagusiak kudeatzeko mekanismoak ezarri behar izaten dituzte.Lehenik eta behin, lan honetan, ISO/IEC 29110 arauarekin loturiko artikuluen azterketa metodiko bat egin dugu, eta ikerketa-esparru nagusiak eta egindako lan mota garrantzitsuenak jaso ditugu. Bigarrenik, VSEk prozesuak hobetzeko martxan jarritako mota honetako ekimenen biziraupena aztertzeko marko bat proposatu dugu. Hirugarrenik, haien portaeraren ezaugarriak zehazteko, ekimen hauetan ematen diren ereduak identifikatzeko ikuspegia landu dugu. Laugarrenik, VSEn softwarearen garapenaren bizi-zikloan segurtasun-arloko alderdiak gehitzeko eta zor teknikoa kudeatzeko proposamena egin dugu

A Service based Development Environment on Web 2.0 Platforms

Governments are investing on the IT adoption and promoting the socalled e-economies as a way to improve competitive advantages. One of the main government’s actions is to provide internet access to the most part of the population, people and organisations. Internet provides the required support for connecting organizations, people and geographically distributed developments teams. Software developments are tightly related to the availability of tools and platforms needed for products developments. Internet is becoming the most widely used platform. Software forges such as SourceForge provide an integrated tools environment gathering a set of tools that are suited for each development with a low cost. In this paper we propose an innovating approach based on Web2.0, services and a method engineering approach for software developments. This approach represents one of the possible usages of the internet of the future

Actor-critic continuous state reinforcement learning for wind-turbine control robust optimization

[EN] The control of Variable-Speed Wind-Turbines (VSWT) extracting electrical power from the wind kinetic energy are composed of subsystems that need to be controlled jointly, namely the blade pitch and the generator torque controllers. Previous state of the art approaches decompose the joint control problem into independent control subproblems, each with its own control subgoal, carrying out separately the design and tuning of a parameterized controller for each subproblem. Such approaches neglect interactions among subsystems which can introduce significant effects. This paper applies Actor-Critic Reinforcement Learning (ACRL) for the joint control problem as a whole, carrying out the simultaneous control parameter optimization of both subsystems without neglecting their interactions, aiming for a globally optimal control of the whole system. The innovative control architecture uses an augmented input space so that the parameters can be fine-tuned for each working condition. Validation results conducted on simulation experiments using the state-of-the-art OpenFAST simulator show a significant efficiency improvement relative to the best state of the art controllers used as benchmarks, up to a 22% improvement in the average power error performance after ACRL training.This work has been partially supported by FEDER funds through MINECO project TIN2017-85827-P, MCIN project PID2020-116346 GB-I00, and project KK-202000044 of the Elkartek 2020 funding program of the Basque Government

Continuous Quantitative Risk Management in Smart Grids Using Attack Defense Trees

Although the risk assessment discipline has been studied from long ago as a means to support security investment decision-making, no holistic approach exists to continuously and quantitatively analyze cyber risks in scenarios where attacks and defenses may target different parts of Internet of Things (IoT)-based smart grid systems. In this paper, we propose a comprehensive methodology that enables informed decisions on security protection for smart grid systems by the continuous assessment of cyber risks. The solution is based on the use of attack defense trees modelled on the system and computation of the proposed risk attributes that enables an assessment of the system risks by propagating the risk attributes in the tree nodes. The method allows system risk sensitivity analyses to be performed with respect to different attack and defense scenarios, and optimizes security strategies with respect to risk minimization. The methodology proposes the use of standard security and privacy defense taxonomies from internationally recognized security control families, such as the NIST SP 800-53, which facilitates security certifications. Finally, the paper describes the validation of the methodology carried out in a real smart building energy efficiency application that combines multiple components deployed in cloud and IoT resources. The scenario demonstrates the feasibility of the method to not only perform initial quantitative estimations of system risks but also to continuously keep the risk assessment up to date according to the system conditions during operation.This research leading to these results was funded by the EUROPEAN COMMISSION, grant number 787011 (SPEAR Horizon 2020 project) and 780351 (ENACT Horizon 2020 project)

Continuous Quantitative Risk Management in Smart Grids Using Attack Defense Trees

Although the risk assessment discipline has been studied from long ago as a means to support security investment decision-making, no holistic approach exists to continuously and quantitatively analyze cyber risks in scenarios where attacks and defenses may target different parts of Internet of Things (IoT)-based smart grid systems. In this paper, we propose a comprehensive methodology that enables informed decisions on security protection for smart grid systems by the continuous assessment of cyber risks. The solution is based on the use of attack defense trees modelled on the system and computation of the proposed risk attributes that enables an assessment of the system risks by propagating the risk attributes in the tree nodes. The method allows system risk sensitivity analyses to be performed with respect to different attack and defense scenarios, and optimizes security strategies with respect to risk minimization. The methodology proposes the use of standard security and privacy defense taxonomies from internationally recognized security control families, such as the NIST SP 800-53, which facilitates security certifications. Finally, the paper describes the validation of the methodology carried out in a real smart building energy efficiency application that combines multiple components deployed in cloud and IoT resources. The scenario demonstrates the feasibility of the method to not only perform initial quantitative estimations of system risks but also to continuously keep the risk assessment up to date according to the system conditions during operation.This research leading to these results was funded by the EUROPEAN COMMISSION, grant number 787011 (SPEAR Horizon 2020 project) and 780351 (ENACT Horizon 2020 project)

Towards the Improvement of the Software Quality: An Enterprise 2.0 Architecture for Distributed Software Developments.

Software development is tightly dependent on the tools available for supporting its processes. Organizational and sociotechnical peculiarities such as indefinition of roles, geographically distributed development teams, new business models and diverse cultural interactions steer these tools. Software development supported by web-based services, built on top of Web 2.0 technologies, is emerging as a new paradigm for distributed software development. New generation software forges (web-based development environments) such as EzForge are becoming the infrastructure that provides the required features for hosting collections of software development projects. They are composed of an integrated set of tools, interacting in a mashup-like environment, each one suited for a specific task, and therefore simple enough to keep total complexity low. An adequate selection of tools helps developers to focus on the implementation of the requirements, while at the same time they cope with complex information coming from many individuals and organizations. The complexity of distributed software development requires a controlled and a strong collaboration amongst developers, which has to be supported by the selected architecture. Moreover, an increased demand on quality assurance is required by the many organizations aiming to achieve a certain quality level. A new architecture based on the Web 2.0 core ideas and methods overcomes these challenges in software development, representing a cornerstone to achieve satisfactory results in this ambitious environment