Nabil El Ioini

Open Source Systems Security Certification

Open Source Advances in Computer Applications book series provides timely technological and business information for: Enabling Open Source Systems (OSS) to become an integral part of systems and devices produced by technology companies; Inserting OSS in the critical path of complex network development and embedded products, including methodologies and tools for domain-specific OSS testing (lab code available), plus certification of security, dependability and safety properties for complex systems; Ensuring integrated systems, including OSS, meet performance and security requirements as well as achieving the necessary certifications, according to the overall strategy of OSS usage on the part of the adopter. The first attempt to create a standard for security certification of software dates back to 1985 with the creation of the TCSEC standard, commonly referred to as Orange Book (USDoD 1985) in the US. In the following years, the need of such a certification also emerged in other countries, leading to the creation of similar local security certification such as ITSEC in Europe (ITSEC 1991) and CTCPEC in Canada (CSE 1993). Since these certifications are totally independent from each other, the cost of certifying software at an international level was obviously high. This was one of the key factors that led to the creation of an international standard for software security certification. Open Source Systems Security Certification discusses Security Certification Standards and establishes the need to certify open source tools and applications. This includes the international standard for the certification of IT products (software, firmware and hardware) Common Criteria (ISO/IEC 15408) (CC 2006), a certification officially adopted by the governments of 18 nations, including United States, Germany, France, UK and Italy. Without security certification, open source tools and applications are neither secure nor trustworthy. Open Source Systems Security Certification also addresses and analyzes the urgency of security certification for security-sensible markets, such as telecommunications, government and the military through provided case studies. Open Source Systems Security Certification is designed for professionals, consultants and companies trying to implement an OSS-aware IT governance strategy, SMEs looking for a way to attract new markets traditionally held by proprietary products (e.g., network security and operation centers, Linux-based network switching systems) or to reduce costs. OSS development communities wishing to ensure their products become part of dynamically composed complex systems will find this volume invaluable. This book is also suitable for researchers and advanced-level students in computer science.

WS-Certificate

Assessing the correct operation of individual web services or of entire business processes hosted on a Service Oriented Architecture (SOA) is one of the major challenges of SOA research. The unique features of WS/SOA require new quality assessment approaches, including novel testing and monitoring techniques. In this paper, we present a framework for assessing the correct functioning of WS/SOA systems by introducing a third party certifier as a trusted authority that checks and certifies WS/SOA systems. Our certifications are based on signed test cases and their respective results and operate at different level of granularity, providing a sound basis for run-time service selection and process orchestration decisions.

Open Source Software: Quality Verification

This book constitutes the refereed proceedings of the 9th International IFIP WG 2.13 Conference on Open Source Systems, OSS 2013, held in Koper-Capodistria, Slovenia, in June 2013. The 18 revised full papers and 3 short papers presented were carefully reviewed and selected. The papers are organized in topical sections on innovation and sustainability; practices and methods; FOSS technologies; security and open standards; and business models and licensing.

An Auto-Scaling Cloud Controller Using Fuzzy Q-Learning - Implementation in OpenStack

Auto-scaling, i.e., acquiring and releasing resources automatically, is a central feature of cloud platforms. The key problem is how and when to add/remove resources in order to meet agreed service-level agreements. Many commercial solutions use simple approaches such as threshold-based ones. However, providing good thresholds for auto-scaling is challenging. Recently, machine learning approaches have been used to complement and even replace expert knowledge. We propose a dynamic learning strategy based on a fuzzy logic algorithm, which learns and modifies fuzzy scaling rules at runtime without requiring prior knowledge. The proposed algorithm is implemented and evaluated as an extension to the OpenStack cloud platform, integrating it with the Heat and Ceilometer components for orchestration and monitoring, respectively, using Heat Orchestration Templates. We specifically focus on implementation and experimentation aspects here. Our auto-scaling approach can handle various load traffic situations, delivering resources on demand while reducing infrastructure and management costs. The experimentals show promising performance in terms of resource adjustment to optimize SLA compliance (response time) while reducing cloud provider’s costs.

Teaching Computational Thinking Using Agile Software Engineering Methods: A Framework for Middle Schools

Computational Thinking (CT) has been recognized as one of the fundamental skills that all graduates should acquire. For this reason, motivational concerns need to be addressed at an early age of a child, and reaching students who do not consider themselves candidates for science, technology, engineering, and mathematics disciplines is important as well if the broadest audience possible is to be engaged. This article describes a framework for teaching and assessing CT in the context of K-12 education. The framework is based on Agile software engineering methods, which rely on a set of principles and practices that can be mapped to the activities of CT. The article presents as well the results of an experiment applying this framework in two sixth-grade classes, with 42 participants in total. The results show that Agile software engineering methods are effective at teaching CT in middle schools, after the addition of some tasks to allow students to explore, project, and experience the potential product before using the software tools at hand. Moreover, according to the teachers’ feedback, the students reached all the educational objectives of the topics involved in the multidisciplinary activities. This result can be taken as an indicator that it is possible to use computing as a medium for teaching other subjects, besides computer science.

An assurance model for OSS adoption in next-generation telco environments

The open source paradigm is giving rise to new methodologies, competences and processes that need to be investigated both from the technical and the organizational point of view. Many organizations are investigating the possibility to adopt open source software or migrate their systems to open frameworks also in critical environments. In this paper, we shows how the assurance has been elevated as a primary design requirement for organizations wishing to adopt open source products, and we describe the experience of a big telecommunication player in the process of implementing an assurance evaluation platform.

A Decision Framework for Blockchain Platforms for IoT and Edge Computing

Blockchains started as an enabling technology in the area of digital currencies with the introduction of Bitcoin. However, blockchains have emerged as a technology that goes beyond financial transactions by providing a platform supporting secure and robust distributed public ledgers. We think that the Internet of Things (IoT) can also benefit from blockchain technology, especially in the areas of security, privacy, fault tolerance, and autonomous behavior. Here we present a decision framework to help practitioners systematically evaluate the potential use of blockchains in an IoT context.

Computational Thinking Through Mobile Programming

Computational Thinking (CT) is considered a fundamental skill for everyone. Therefore, research has focused on defining age and grade-appropriate curricula for teaching CT. In this context, mobile programming can be a good means to foster CT. Indeed, the growing adoption of mobile devices, also among females, minorities, and all economic groups, provides a powerful opportunity for engaging students. Nevertheless, further issues need to be addressed, in particular in the context of liberal education. For example, most of the students enroll in these schools because they have higher interest for liberal arts, and perceive programming as a very difficult task. Also, issues can emerge when trying to introduce new courses into schools. In this paper, we describe a course, which aims at creating a mobile application with students having no background in software development. The main strategy to accomplish this is to foster and evaluate CT, with the support of development tools that ease the learning and application of CT skills. We report the results and the evaluation of a case study conducted in a social-economic high school, with a total of 29 students of 8\(^{th}\) and 9\(^{th}\) grade.

Blending mobile programming and liberal education in a social-economic high school

Mobile programming is one of the fastest growing approaches in many fields, such as marketing or e-commerce. From the educational perspective, this means that students should understand that they can build mobile applications (apps) without being professionals, and at the same time recognize their own potential to use technology in any professional path they choose. This goal is not trivial, even if students are in general curious and open to learn about the creation of apps. Indeed, especially in liberal education, students get discouraged upfront as they perceive programming as a difficult task. This paper describes a course that was cre- ated to fit the educational needs of a social-economic high school. Students take part of an interdisciplinary project in which the Software Engineering process is used to promote CT skills. The course was repeated twice and involved 29 students (8th and 9th grade).

Trustworthy Cloud Certification: A Model-Based Approach

Cloud computing is introducing an architectural paradigm shift that involves a large part of the IT industry. The flexibility in allocating and releasing resources at runtime creates new business opportunities for service providers and their customers. However, despite its advantages, cloud computing is still not showing its full potential. Lack of mechanisms to formally assess the behavior of the cloud and its services/processes, in fact, negatively affects the trust relation between providers and potential customers, limiting customer movement to the cloud. Recently, cloud certification has been proposed as a means to support trustworthy services by providing formal evidence of service behavior to customers. One of the main limitations of existing approaches is the uncertainty introduced by the cloud on the validity and correctness of existing certificates. In this paper, we present a trustworthy cloud certification approach based on model verification. Our approach checks certificate validity at runtime, by continuously verifying the correctness of the service model at the basis of certification activities against real and synthetic service execution traces.