Widura Schwittek

Towards secure and at-runtime tailorable customer-driven public cloud deployment

Cloud computing as a facility for outsourcing IT related tasks is a growing trend. Customer-driven application deployment in public clouds has to be secure and flexible by means of easing security configuration as well as by avoiding the vendor lock-in problem. In this paper we present an approach intending to meet these needs by (1) easing security configuration(s), (2) automating the consideration of security best practices and adding/enabling anonymity components at-runtime, and (3) by using Open Virtualization Format (OVF) in order to overcome the vendor lock-in problem. The requirements gathering is based on the needs of three projects from different business domains, the EU FP7 digital.me project, the multidisciplinary iFishWatcher/iAngle combined project and the joint german-french research and development project ReSCUe IT. All projects require empowering lay as well as experienced customers to (re-)deploy their own applications and migrate them easily by considering security thereby. Supporting tailorability of the deployed environment by adding anonymity components at-runtime without downtimes is a specific requirement in these projects. We present first results and discuss experiences and future work directions.

A study on third party component reuse in Java enterprise open source software

Recent studies give empirical evidence that much of todays software is to a large extent built on preexisting software, such as commercial-off-the-shelf (COTS) and open source software components. In this exploratory study we want to contribute to this small but increasing body of knowledge by investigating third party component reuse in 36 Java web applications that are open source and are meant to be used in an enterprise context. Our goal is to get a better understanding on how third party components are reused in web applications and how to better support it. The results are in line with existing research in this field. 70 third party components are being reused on average. 50 percent of the 40 most reused third party components are maintained by the Apache Foundation. Further research questions based on the study results were generated and are presented at the end of this paper.

Ontology-Based Identification of Research Gaps and Immature Research Areas

Researchers often have to understand new knowledge areas, and identify research gaps and immature areas in them. They have to understand and link numerous publications to achieve this goal. This is difficult, because natural language has to be analyzed in the publications, and implicit relations between them have to be discovered. We propose to utilize the structuring possibilities of ontologies to make the relations between publications, knowledge objects (e.g., methods, tools, notations), and knowledge areas explicit. Furthermore, we use Kitchenham’s work on structured literature reviews and apply it to the ontology. We formalize relations between objects in the ontology using Codd’s relational algebra to support different kinds of literature research. These formal expressions are implemented as ontology queries. Thus, we implement an immature research area analysis and research gap identification mechanism. The ontology and its relations are implemented based on the Semantic MediaWiki+ platform.

Decision support for off-the-shelf software selection in web development projects

Reusing off-the-shelf (OTS) components (including commercial and open source software) has become a key success factor in software development projects leading to reduced costs, faster time-to-market and better software quality. This especially holds true in the field of web engineering, where software engineers are faced with a steady proliferation of new technologies and standards. But there are upfront and ongoing efforts and risks attached to the adoption of OTS components which makes decision-making very difficult. Such difficulties are for example a large and intransparent market, incompatibilities between components and architectural mismatches. In this paper, a plan towards a novel platform concept is proposed that can improve the situation for software engineers coping with the adoption of OTS components during web-based systems development. One key contribution is an empirically derived ontology to describe software artifacts on a feature level allowing a better description and identification of OTS components in the domain of web development. Another key contribution is a concept for a lean experience sharing mechanism. The goal of both contributions is to improve OTS component decision-making. The concept will be implemented as a platform prepopulated with OTS components from the domain of Java web development. A cross-case study is planned to evaluate the concept.

A Common Body of Knowledge for Engineering Secure Software and Services

The discipline of engineering secure software and services brings together researchers and practitioners from software, services, and security engineering. This interdisciplinary community is fairly new, it is still not well integrated and is therefore confronted with differing perspectives, processes, methods, tools, vocabularies, and standards. We present a Common Body of Knowledge (CBK) to overcome the aforementioned problems. We capture use cases from research and practice to derive requirements for the CBK. Our CBK collects, integrates, and structures knowledge from the different disciplines based on an ontology that allows one to semantically enrich content to be able to query the CBK. The CBK heavily relies on user participation, making use of the Semantic MediaWiki as a platform to support collaborative writing. The ontology is complemented by a conceptual framework, consisting of concepts to structure the knowledge and to provide access to it, and a means to build a common terminology. We also present organizational factors covering dissemination and quality assurance.

Communicating architectural knowledge: requirements for software architecture knowledge management tools

Architecting is a communication intensive task in which architectural knowledge is shared between the architect and the stakeholders. The software architects communicative action is often conducted face-to-face, e.g. in presentations and workshops. A software architecture documentation as a carrier of explicit architectural knowledge can also be seen as an architects communicative action. This perspective opens the door for treating a software architecture documentation as an expression of an asynchronous knowledge communication process enabling the application of principles from communication theory. In this paper this perspective is taken and specific requirements are derived for software architecture knowledge management tools with respect to the context-oriented communication model.

SOA Generic Views In the Eye of the Beholder

This paper presents an approach called generic view concept which facilitates the creation and visualization of role-based, task-oriented views on service-oriented architectures. Those views enhance the understanding from the technical and functional point of view, and thus reduce the inherent complexity arising during the creation, use and maintenance of service-oriented architectures. The unique aspect of the generic view concept is that it does not constrain stakeholders to a set of predefined views. In order to examine the usefulness of generic views in real world scenarios, a prototype has been implemented applying 3D visualization techniques.

A Guidance Model for Architecting Secure Mobile Applications

In addition to fast technological advances in the area of mobile devices and its broad adoption in todays developed societies, mobile applications do not only address the consumer electronics market but are also increasingly being used in a business and industry context. Thus, we see a demand for research developing software systems comprising mobile devices with special respect to security concerns. In this paper we want to address this demand from an architectural point of view and make use of the concept of architectural decisions. We present a guidance model that supports on the one hand this decision-making process during architecting mobile applications. On the other hand the presented guidance model serves as a tool to evaluate existing architectures. The guidance model has been created based on an adapted version of Zimmermann’s SOAD framework, which is used for in the context of service-oriented architectures. The guidance model itself consists of a set of interrelated architectural decisions for recurring design situations. The application of the guidance model is demonstrated along a real-world scenario. The guidance model also takes into account that security concerns are changing and therefore provides an extension mechanism which is presented in this paper.