Scalable model-based configuration management of security services in complex enterprise networks

Security administrators face the challenge of designing, deploying and maintaining a variety of configuration files related to security systems, especially in large-scale networks. These files have heterogeneous syntaxes and follow differing semantic concepts. Nevertheless, they are interdependent due to security services having to cooperate and their configuration to be consistent with each other, so that global security policies are completely and correctly enforced. To tackle this problem, our approach supports a comfortable definition of an abstract high-level security policy and provides an automated derivation of the desired configuration files. It is an extension of policy-based management and policy hierarchies, combining model-based management (MBM) with system modularization. MBM employs an object-oriented model of the managed system to obtain the details needed for automated policy refinement. The modularization into abstract subsystems (ASs) segment the system-and the model-into units which more closely encapsulate related system components and provide focused abstract views. As a result, scalability is achieved and even comprehensive IT systems can be modelled in a unified manner. The associated tool MoBaSeC (Model-Based-Service-Configuration) supports interactive graphical modelling, automated model analysis and policy refinement with the derivation of configuration files. We describe the MBM and AS approaches, outline the tool functions and exemplify their applications and results obtained. Copyright (C) 2010 John Wiley & Sons, Ltd.

TOWARD SEMANTIC WEB SERVICES AS MVC APPLICATIONS: FROM OWL-S VIA UML

OWL-S is an application of OWL, the Web Ontology Language, that describes the semantics of Web Services so that their discovery, selection, invocation and composition can be automated. The research literature reports the use of UML diagrams for the automatic generation of Semantic Web Service descriptions in OWL-S. This paper demonstrates a higher level of automation by generating complete complete Web applications from OWL-S descriptions that have themselves been generated from UML. Previously, we proposed an approach for processing OWL-S descriptions in order to produce MVC-based skeletons for Web applications. The OWL-S ontology undergoes a series of transformations in order to generate a Model-View-Controller application implemented by a combination of Java Beans, JSP, and Servlets code, respectively. In this paper, we show in detail the documents produced at each processing step. We highlight the connections between OWL-S specifications and executable code in the various Java dialects and show the Web interfaces that result from this process.

Improving data perturbation testing techniques for Web services

The widespread use of service-oriented architectures (SOAs) and Web services in commercial software requires the adoption of development techniques to ensure the quality of Web services. Testing techniques and tools concern quality and play a critical role in accomplishing quality of SOA based systems. Existing techniques and tools for traditional systems are not appropriate to these new systems, making the development of Web services testing techniques and tools required. This article presents new testing techniques to automatically generate a set of test cases and data for Web services. The techniques presented here explore data perturbation of Web services messages upon data types, integrity and consistency. To support these techniques, a tool (GenAutoWS) was developed and applied to real problems. (C) 2010 Elsevier Inc. All rights reserved.

Software maintenance project delays prediction using Bayesian Networks

Managing software maintenance is rarely a precise task due to uncertainties concerned with resources and services descriptions. Even when a well-established maintenance process is followed, the risk of delaying tasks remains if the new services are not precisely described or when resources change during process execution. Also, the delay of a task at an early process stage may represent a different delay at the end of the process, depending on complexity or services reliability requirements. This paper presents a knowledge-based representation (Bayesian Networks) for maintenance project delays based on specialists experience and a corresponding tool to help in managing software maintenance projects. (c) 2006 Elsevier Ltd. All rights reserved.

The effects of Kanban in software development teams : a study of the implementation at Sandvik

In software development organizations there is sometimes a need for change. In order to meet continuously increasing demands from their customers, Sandvik IT Services- SITS, at Sandvik in Sweden, required improving the way they worked with software development. Due to issues like a lot of work in progress and lot of simultaneous tasks for individuals in the teams that caused stress, it was almost impossible to address the question of working with improvements. In order to enable the improvement process Kanban was introduced in the software development teams. Kanban for software development is a change method created by David J. Anderson. The purpose of this thesis is twofold. One part is to assess what effects Kanban has had on the software development teams. The other part is to make a documentation of the Kanban implementation process at SITS. The documentation has been made on the basis of both company internal resources and observations of the Kanban implementation process. The effects of Kanban have been researched with an interview survey to the teams that have gone through the Kick start of the Kanban process. The result of the thesis is also twofold. One part of the result is an extensive documentation of the implementation process of Kanban at SITS. The other part is an assessment of the effects that Kanban has had at SITS. The major effects have been that the teams are experiencing less stress, more focus on quality and better customer collaboration. It is also evident is that it takes time for some effects to evolve when implementing Kanban

Building a Learning Architecture : e-Learning and e-Services

With the rapid advancement of the webtechnology, more and more educationalresources, including software applications forteaching/learning methods, are available acrossthe web, which enables learners to access thelearning materials and use various ways oflearning at any time and any place. Moreover,various web-based teaching/learning approacheshave been developed during the last decade toenhance the capability of both educators andlearners. Particularly, researchers from bothcomputer science and education are workingtogether, collaboratively focusing ondevelopment of pedagogically enablingtechnologies which are believed to improve theinfrastructure of education systems andprocesses, including curriculum developmentmodels, teaching/learning methods, managementof educational resources, systematic organizationof communication and dissemination ofknowledge and skills required by and adapted tousers. Despite of its fast development, however,there are still great gaps between learningintentions, organization of supporting resources,management of educational structures,knowledge points to be learned and interknowledgepoint relationships such as prerequisites,assessment of learning outcomes, andtechnical and pedagogic approaches. Moreconcretely, the issues have been widelyaddressed in literature include a) availability andusefulness of resources, b) smooth integration ofvarious resources and their presentation, c)learners’ requirements and supposed learningoutcomes, d) automation of learning process interms of its schedule and interaction, and e)customization of the resources and agilemanagement of the learning services for deliveryas well as necessary human interferences.Considering these problems and bearing in mindthe advanced web technology of which weshould make full use, in this report we willaddress the following two aspects of systematicarchitecture of learning/teaching systems: 1)learning objects – a semantic description andorganization of learning resources using the webservice models and methods, and 2) learningservices discovery and learning goals match foreducational coordination and learning serviceplanning.

PReServ: Provenance Recording for Services

The importance of understanding the process by which a result was generated in an experiment is fundamental to science. Without such information, other scientists cannot replicate, validate, or duplicate an experiment. We define provenance as the process that led to a result. With large scale in-silico experiments, it becomes increasingly difficult for scientists to record process documentation that can be used to retrieve the provenance of a result. Provenance Recording for Services (PReServ) is a software package that allows developers to integrate process documentation recording into their applications. PReServ has been used by several applications and its performance has been benchmarked.

From free software to free culture: the emergence of open business

This paper provides an examination of the emergence of open business models — entrepreneurial strategies that take advantage of the ease of digital reproduction to distribute free content, while earning money from the sale of related products and services. Locating the origins of open business in the open source software phenomenon, the authors suggest that the business strategies innovated there have broader economic relevance. Through a case study of the tecnobrega music scene in Belém, the paper illustrates how open business models can be applied to the production of cultural materials more generally

Fábricas de software e a academia: análise da formação acadêmica em informática no município do Rio de Janeiro

As Brazil wants to be perceived as a competitor in providing computer applications and system development services in the global market, the concept of Software Factory gains importance. The metaphor for the 'Factory', when applied to the activity of software development, is used to describe organizations which produce software with a minimum quality standard and at competitive costs. However, the term 'Factory' recalls Fordist concepts, which have been challenged for a few decades in the manufacturing industry. This study analyzed university curricula and how students and teachers perceive the concept of Software Factory and assessed them in relation to the Fordism ------------ post-Fordism /continuum/. It was observed that some of the teachers who have influence over curricula define Software Factories according to Fordist concepts. It was also observed that, despite opportunities for improvements, curricula are adequately structured with regards to the skills a professional at these organizations must possess. We conclude that education provided at the programs being analyzed is adequate, but that it must be supplemented by companies or by the professionals themselves so that the knowledge acquired in the programs may be put in practice.

A trajetória do ambiente jurídico-institucional do setor de software no Brasil e na Índia: identidades, diferenças e repercussões

Há mais de 30 anos o Brasil tem desenvolvido políticas específicas para o setor de informática, desde a Política Nacional de Informática da década de 70, passando pelo Período de Reserva de Mercado dos anos 80 e, nos dias de hoje, em que as Tecnologias de Informação e Comunicação (TIC) são tidas como uma das áreas prioritárias na Política Industrial. Dentre as metas atuais, destaca-se o foco na ampliação do volume de exportações de software e serviços. Contudo, apesar dessas pretensões, o país não tem tido destaque internacional expressivo para o setor. Por outro lado, a Índia, também considerada como um país emergente, figurando na lista dos BRIC, foi responsável pela exportação de cerca de US$47 bilhões em software e serviços de Tecnologia da Informação (TI) em 2009, se destacando como um país protagonista no mercado internacional do setor. A implementação de uma indústria tecnicamente sofisticada como a do software, que exige um ambiente propício à inovação, em um país em desenvolvimento como a Índia chama a atenção. De certo existiram arranjos jurídico-institucionais que foram utilizados naquele país. Quais? Em que medida tais arranjos ajudaram no desenvolvimento indiano do setor? E no Brasil? Este trabalho parte da hipótese de que o ambiente jurídico-institucional desses países definiu fluxos de conhecimento distintos, influenciando o tipo de desenvolvimento do setor de software de cada um. Averiguar como, entre outros fatores sócio-econômicos, esses arranjos jurídico-institucionais influenciaram na conformação diversa de fluxos de conhecimento é o objetivo específico desta pesquisa. Entende-se aqui como ambiente jurídico-institucional todas as regulamentações que estabelecem instituições, diretrizes e condições comuns para determinado tema. Partindo do pressuposto de que o setor de software desenvolve atividades intensivas em conhecimento, para cada país em questão, serão analisados apenas arranjos jurídico-institucionais que tiveram, ou têm, poder de delimitar o fluxo de conhecimento referente ao setor, sejam eles provenientes de políticas comerciais (de exportação e importação, ou de propriedade intelectual) ou de políticas de investimento para inovação. A questão fundamental ultrapassa o debate se o Estado deve ou não intervir, para focar-se na análise sobre os diferentes tipos de envolvimento observados e quais os seus efeitos. Para tal, além de revisão bibliográfica, foi feita uma pesquisa de campo na Índia (Delhi, Mumbai, Bangalore) e no Brasil (São Paulo, Brasília e Rio de Janeiro), onde foram conduzidas entrevistas com empresas e associações de software, gestores públicos e acadêmicos que estudam o setor.

Determinantes de rentabilidade de empresas apoiadas pelo Programa BNDES de Desenvolvimento da Indústria de Software - BNDES PROSOFT Empresa

Este estudo objetiva analisar fatores que impactam a lucratividade de companhias beneficiadas com o Programa para Desenvolvimento da Indústria Nacional de Software e Serviços de TI – BNDES PROSOFT. A análise da lucratividade permeia diversos estudos no país e no exterior e é de suma importância para a realização de políticas públicas de qualidade. Para a avaliação, foram elencados diferentes aspectos microeconômicos, incluindo informações contábeis, de emprego, localização da empresa, segmento de atuação, entre outros, utilizando a metodologia de dados em painel. Dentre os resultados obtidos, pode-se destacar o impacto positivo do nível da escolaridade da equipe, lucratividade observada no exercício anterior, maior retorno das empresas menores frente às de maior porte. Houve penalidade no lucro daquelas companhias voltadas para fabricação de hardware, com equipes maiores. Constatou-se, também, um decréscimo no lucro de empresas no ano em que contrataram financiamentos com o BNDES, estas que foram posteriormente beneficiadas, no momento da implantação do projeto.