Développement d'un système de gestion de workflows distribué

Les nouvelles générations de systèmes d'information intègrent les systèmes d'applications aux systèmes de gestion de workflows. La modélisation de procédures d'affaires ou de workflows est un domaine récent.Les chercheurs dans ce domaine visent à développer des méta-modèles de workflows, à intégrer différentes implémentations de workflows et à augmenter la flexibilité des systèmes de gestion de workflows. Le travail de recherche présenté dans ce mémoire porte sur le développement d'un système de gestion de workflows distribué. Dans ce travail, nous appliquons une méthode orientée objets (OMT) pour l'analyse et la conception d'un tel système. Puis, nous construisons le système suivant une architecture client/serveur à base d'objets distribués. En plus, nous réalisons un client workflows et un serveur workflows. Ces deux modules sont développés avec le langage de programmation Java. La communication entre les objets distants est gérée par le bus RMI. La base de données est construite à l'aide du SGBD d'Oracle et les accès aux données sont réalisés en utilisant JDBC

Mindset for Software Architecture Students

Software architecture students need to believe that they can change their abilities in order to become proficient with software architecture design. Addressing students’ beliefs about their capabilities introduces the realm of mindset. This paper reports about a survey that we conducted in a large university to study a set of factors associated with the students’ mindset. The study found that the students’ mindsets weakly correlates with their cognitive levels and are associated with their expectations from the course. In addition, it found that the students who prefer practicing software architecture have more open mindset than the ones who prefer quizzes. The findings provide new knowledge about the connections between the mindsets of the students, their perception of software architecture, and their approach to learning software architecture practices. The results could be used to design intervention strategies to improve the ability of the students to learn software architecture

Identification of the Impacts of Code Changes on the Security of Software

Companies develop their software in versions and iterations. Ensuring the security of each additional version using code review is costly and time consuming. This paper investigates automated tracing of the impacts of code changes on the security of a given software. To this end, we use call graphs to model the software code, and security assurance cases to model the security requirements of the software. Then we relate assurance case elements to code through the entry point methods of the software, creating a map of monitored security functions. This mapping allows to evaluate the security requirements that are affected by code changes. The approach is implemented in a set of tools and evaluated using three open-source ERP/E-commerce software applications. The limited evaluation showed that the approach is effective in identifying the impacts of code changes on the security of the software. The approach promises to considerably reduce the security assessment time of the subsequent releases and iterations of software, keeping the initial security state throughout the software lifetime

EPICS: A Framework for Enforcing Security Policies in Composite Web Services

With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of their data and have to rely on service providers which offer limited selection of security and privacy preferences. This lack of awareness and loss of control over data sharing increases threats to a client's data and diminishes trust in these systems. We propose EPICS, an efficient and effective solution for enforcing security policies in composite Web services that protects data privacy throughout the service interaction lifecycle. The solution ensures that the data are distributed along with the client policies that dictate data access and an execution monitor that controls data disclosure. It empowers data owners with control of data disclosure decisions during interactions with remote services and reduces the risk of unauthorized access. The paper presents the design, implementation, and evaluation of the EPICS framework

“I Am Because We Are”: Developing and Nurturing an African Digital Security Culture

Technical solutions fail if people experience difficulties using them. Sometimes these difficulties force people to work around the security solutions in order to achieve legitimate goals. Improving usability undoubtedly helps, but this has not improved the situation as much as anticipated. In this paper we consider a variety of other reasons for non-uptake. We argue that this situation can only be addressed by considering the person as a member of the wider community and not as a solitary agent. This aligns with the traditional African wisdom of Ubuntu: I am because we are. We propose improving the African Digital Security Culture (ADSC): collective knowledge, common practices, and intuitive common security and privacy behaviour, in a particular society. We suggest a set of approaches f or developing and sustaining ADSC in a society, for as members of a society we learn most effectively from each other, not from books, the media or by carrying out searches using search engines

EPICS: A Framework for Enforcing Security Policies in Composite Web Services

With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of their data and have to rely on service providers which provide limited selection of security and privacy preferences. This lack of awareness and loss of control over data sharing increases threats to a client\u27s data and diminishes trust in these systems