Aida Omerovic

Risk-Driven Framework for Decision Support in Cloud Service Selection

The growth in the number of cloud computing users has led to the availability of a variety of cloud based services provided by different vendors. This has made the task of selecting suitable set of services quite difficult. There has been a lot of research towards the development of suitable decision support system (DSS) to assist users in making an optimal selection of cloud services. However, existing decision support systems cannot address two crucial issues: firstly, the involvement of both business and technical perspectives in decision making simultaneously and, secondly, the multiple-clouds services based selection using single DSS. In this paper, we tackle these issues in the light of solving the problem of cloud service discovery. In particular, we present the following novel contributions: Firstly, we present critical analysis of the state-of-the-art in decision support systems. Based on our analysis, we identify critical shortcomings in the existent tools and develop the set of requirements which should be met by a potential DSS. Secondly, we present a new holistic framework for the development of DSS which allows a pragmatic description of user requirements. Additionally, the data gathering and analysis is studied as an integral part of the proposedDSS and therefore, we present concrete algorithms to assess the data for an optimal service discovery. Thirdly, we assess our framework for applicability to cloud service selection using an industrial case study. We also demonstrate the implementation and performance of our proposed framework using a prototype which serves as a proof of concept. Overall, this paper provides novel and holistic framework for development of a multiple cloud service discovery based decision support system.

Idea: a feasibility study in model based prediction of impact of changes on system quality

We propose a method, called PREDIQT, for model based prediction of impact of architecture design changes on system quality. PREDIQT supports simultaneous analysis of several quality attributes and their trade-offs. This paper argues for the feasibility of the PREDIQT method based on a comprehensive industrial case study targeting a system for managing validation of electronic certificates and signatures worldwide. We give an overview of the PREDIQT method, and present an evaluation of the method in terms of a feasibility study.

Elicitation of Quality Characteristics for AAL Systems and Services

Ambient Assisted Living (AAL) is a promising and fast growing area of technologies and services to assist people with special needs (e.g. elderly or disabled) in managing more independently their everyday life. AAL is founded on increasing needs for welfare technologies, as well as on significant effort from many scientific disciplines, the society, and the industry. The research has so far been primarily concentrated on elicitation of the functional aspects and on providing the technical solutions for the AAL systems and services. The problem of eliciting non-functional requirements and quality characteristics that are specific and critical for AAL, however, has been addressed to a much lesser extent. Failing to ensure the necessary system and service quality regarding critical characteristics may represent a significant obstacle to the wider acceptance of AAL in the society. There is hence a need to increase awareness of quality of AAL systems and services by providing the necessary supplement to the established state of the art. This paper reports on the process and the results from elicitation of AAL specific quality characteristics. The approach is based on established reference architectures and roadmapping material, as well as the ISO/IEC 9126 software product quality standard. The paper demonstrates how to do the elicitation in practice, and proposes the set of quality characteristics that are most important in the AAL context.

Simplifying Parametrization of Bayesian Networks in Prediction of System Quality

Bayesian Networks (BNs) are a powerful means for modelling dependencies and predicting impacts of architecture design changes on system quality. The extremely demanding parametrization of BNs is however the main obstacle for their practical application, in spite of the extensive tool support. We have promising experiences from using a treestructured notation, that we call Dependency Views (DVs), for prediction of impacts of architecture design changes on system quality. Compared to BNs, DVs are far less demanding to parametrize and create. DVs have shown to be sufficiently expressive, comprehensible and feasible. Their weakness is however limited analytical power. Once created, BNs are more adaptable to changes, and more easily refined than DVs. In this paper we argue that DVs are fully compatible with BNs, in spite of different estimation approaches and concepts. A transformation from a DV to a BN preserves traceability and results in a complete BN. By defining a transformation from DVs to BNs, we have enabled reliable parametrization of BNs with significantly reduced effort, and can now exploit the strengths of both the DV and the BN approach.

Assessing practical usefulness and performance of the PREDIQT method: An industrial case study

Context: When adapting a system to new usage patterns, processes or technologies, it is necessary to foresee the implications of the architectural design changes on system quality. Examination of quality outcomes through implementation of the different architectural design alternatives is often unfeasible. We have developed a method called PREDIQT with the aim to facilitate model-based prediction of impacts of architectural design changes on system quality. A recent case study indicated feasibility of the PREDIQT method when applied on a real-life industrial system. The promising results encouraged further and more structured evaluation of PREDIQT. Objective: This paper reports on the experiences from applying the PREDIQT method in a second and more recent case study - on a real-life industrial system from another domain and with different system characteristics, as compared to the previous case study. The objective was to evaluate the method in a fully realistic setting and with respect to carefully defined criteria. Method: The case study conducted the first two phases of PREDIQT in their entirety, while the last (third) phase was partially covered. In addition, the method was assessed through a thought experiment-based evaluation of predictions and a postmortem review. All prediction models were developed during the analysis and the entire target system was analyzed in a fully realistic setting. Results: The evaluation argues that the prediction models are sufficiently expressive and comprehensible. It is furthermore argued that PREDIQT: facilitates predictions such that informed decisions can be made; is cost-effective; and facilitates knowledge management. Conclusion: The experiences and results obtained indicate that the PREDIQT method can be carried out with limited resources, on a real-life system, and result in useful predictions. Furthermore, the observations indicate that the method, particularly its process, facilitates understanding of the system architecture and its quality characteristics, and contributes to structured knowledge management.

Evaluation of Experiences from Applying the PREDIQT Method in an Industrial Case Study

We have developed a method called PREDIQT for model-based prediction of impacts of architectural design changes on system quality. A recent case study indicated feasibility of the PREDIQT method when applied on a real-life industrial system. This paper reports on the experiences from applying the PREDIQT method in a second and more recent case study -- on an industrial ICT system from another domain and with a number of different system characteristics, compared with the previous case study. The analysis is performed in a fully realistic setting. The system analyzed is a critical and complex expert system used for management and support of numerous working processes. The system is subject to frequent changes of varying type and extent. The objective of the case study has been to perform an additional and more structured evaluation of the PREDIQT method and assess its performance with respect to a set of success criteria. The evaluation argues for feasibility and usefulness of the PREDIQT-based analysis. Moreover, the study has provided useful insights into the weaknesses of the method and suggested directions for future research and improvements.

Towards feature-driven goal fulfillment analysis a feasibility study

Design of a system architecture normally refers to a pre-defined goal. We consider the goal as the desired (functional or non-functional) aspect that is achieved by providing functionalities or mechanisms that support it. For example, a security goal is supported by a set of security mechanisms. However, there are often several ways towards (partially or completely) achieving a goal, which we refer to as design alternatives. Each design alternative is composed of a subset of the mechanisms needed. Some mechanisms are more important than others, and it is not obvious to what degree the different design alternatives fulfill the goal. It can moreover often be difficult to see what combinations of the design alternatives would result in maximum coverage of the goal. We propose an approach to modeling and analysis of the goals of a system. The approach supports specification of the goal, specification of the design alternatives, a quantification of the degree of fulfillment, as well as a quantification of the degree of overlap with respect to the goal fulfillment across design alternatives. We also propose a visual representation of the degrees of fulfillment and the degrees of overlap. We have evaluated the approach on a case study, and the initial results indicate its feasibility. This paper presents the approach and the evaluation results. It also summarizes experiences and suggestions for further improvements.

Problem-based Elicitation of Security Requirements - The ProCOR Method.

Security is of great importance for many software systems. The security of a software system can be compromised by threats, which may harm assets with a certain likelihood, thus constituting a risk. All such risks should be identified, and unacceptable risks should be reduced, which gives rise to security requirements. The relevant security requirements should be known right from the beginning of the software development process. Eliciting security requirements should be done in a systematic way. We propse a method to elicit security requirements that address unacceptable risks. They require a reduction of the risk to an acceptable level. Our method combines the CORAS risk management method with Jackson’s problem-based requirements analysis approach. Based on the functional requirements for a software system, security risks are identified and evaluated. Unacceptable risks give rise to high-level security requirements. To reduce the risk, treatments are selected. Based on the selected treatments, concretized security requirements are set up and represented in a similar way as functional requirements. Thus, both functional and security requirements can then drive the software development process.

SikkerhetsLøypa - Knowledge Toward Sustainable and Secure Paths of Creative and Critical Digital Skills

Children spend numerous hours on the Internet daily. While online, they meet a great number of opportunities as well as risks. Of these risks, cyber bullying and privacy violations are of major concern, in addition to exploitation and child pornography. Our hypothesis is that the solution is not to keep children and teens away from the Internet, but to ensure that young citizens are empowered with the necessary knowledge and skill set to become critical consumers and creators of new secure and sustainable digital services and products. Our objective is to develop a knowledge and skill set base and offer learning through playful solutions for empowering children and young people with creative and critical digital skills, in an engaging and motivating way. The aim is to build on the method and lessons learns of Kodeloypa, one of the scientific offerings for children at the Norwegian University of Science and Technology (NTNU), and the related scientific efforts made to empower a new generation of online users to avoid risks in the modern digital society. The project, SikkerhetsLoypa, is highly inter-disciplinary and spans across the fields of information security, user experience, software engineering, and computer science education. The scientific results of this project aims at strengthen education methods and practices in secure and privacy-aware behavior in the digital world.

Towards Transparent Real-Time Privacy Risk Assessment of Intelligent Transport Systems

There are many privacy concerns within Intelligent Transport Systems (ITS). On the one hand, end-users are concerned about their privacy risk exposure, while on the other hand, ITS providers need to claim privacy awareness and document compliance with regulations or otherwise face devastating fines. One approach to address these concerns is to use methods specifically developed to assess privacy risks of ITS. The literature lacks such methods, and the complex and dynamic nature of ITS introduces challenges that need to be properly addressed when assessing privacy risks. The main challenges are related to real-time assessment of privacy risks to (1) inform end-users about exposed privacy risks, and (2) help providers asses privacy-compliance risks. We propose a method to privacy risk assessment addressing these challenges. The method is exemplified on an ITS-example. The initial results indicate feasibility of the method and propose directions for future work.