共查询到20条相似文献,搜索用时 15 毫秒
1.
In today’s dynamic business environments, organizations are under pressure to modernize their existing software systems in
order to respond to changing business demands. Service oriented architectures provide a composition framework to create new
business functionalities from autonomous building blocks called services, enabling organizations to quickly adapt to changing
conditions and requirements. Characteristics of services offer the promise of leveraging the value of enterprise systems through
source code reuse. In this respect, existing system components can be used as the foundation of newly created services. However, one problem
to overcome is the lack of business semantics to support the reuse of existing source code. Without sufficient semantic knowledge
about the code in the context of business functionality, it would be impossible to utilize source code components in services
development. In this paper, we present an automated approach to enrich source code components with business semantics. Our
approach is based on the idea that the gap between the two ends of an enterprise system—(1) services as processes and (2)
source code—can be bridged via similarity of data definitions used in both ends. We evaluate our approach in the framework
of a commercial enterprise systems application. Initial results indicate that the proposed approach is useful for annotating
source code components with business specific knowledge. 相似文献
2.
Model-driven Engineering (MDE) has attained great importance in both the Software Engineering industry and the research community,
where it is now widely used to provide a suitable approach with which to improve productivity when developing software artefacts.
In this scenario, measurement models (software artefacts) have become a fundamental point in improvement of productivity,
where MDE and Software Measurement can reap mutual benefits. MDE principles and techniques can be used in software measurement
to build more automatic and generic solutions, and to achieve this, it is fundamental to be able to develop software measurement
models. To facilitate this task, a domain-specific language named “Software Measurement Modelling Language” (SMML) has been
developed. This paper tackles the question of whether the use of SMML can assist in the definition of software measurement
models. An empirical study was conducted, with the aim of verifying whether SMML makes it easier to construct measurement
models which are more usable and maintainable as regards textual notation. The results show that models which do not use the
language are more difficult—in terms of effort, correctness and efficiency—to understand and modify than those represented
with SMML. Additional feedback was also obtained, to verify the suitability of the graphical representation of each symbol
(element or relationship) of SMML. 相似文献
3.
With ever growing and evolving threats and cyber attacks, the management of enterprise security and the security of enterprise
management systems are key to business—if not a nation’s—operations and survival. Secur(e/ity) management, the moniker for
the intertwined topics of secure management and security management, has evolved trying to keep pace. The history of secur(e/ity)
management is traced from its origins in the disjoint silos of telecommunications, internetworking and computer security to
today’s recognition as necessary, interdisciplinary, interworking technologies and operations. An overview of threats and
attacks upon managed and management systems shows that occurrences of ever more sophisticated, complex and harder to detect
cyber misconduct are increasing as are the severity and costs of their consequences. Introduction of new technologies, expansion
of the perimeters of an enterprise and trends in collaborative business partnerships compound the number of managed system
targets of cyber compromise. Technical and marketplace trends in secur(e/ity) management reveal needs that must be bridged.
Research attention should focus on developing axiomatic understanding of the natural laws of security, tools to realize vulnerability-free
software, metrics for assessing the efficacy of secur(e/ity) management, tools for default-deny strategies so that signature-based
security management can be retired, secur(e/ity) management approaches for virtualized and service-oriented environments,
and approaches for composite, holistic, secur(e/ity) management.
John Hale is an Associate Professor of Computer Science and Director of the Institute for Information Security at The University of Tulsa. His research interests include: network attack modeling, analysis and visualization, secure operating systems, programmable security, distributed system verification, policy coordination. Paul J. Brusil Ph.D is a visionary and leader in the research, specification, architecting and education of security, networking and enterprise management. He convened and led industry, government and academic forums including the Integrated Management Symposia series and the National Information Assurance Partnership. He is a Senior Member of the IEEE and a long time editor and advisor with the JNSM. He graduated from Harvard with a joint degree in Engineering and Medicine and is now lead faculty in Norwich University’s graduate program in Information Assurance. 相似文献
Paul BrusilEmail: |
John Hale is an Associate Professor of Computer Science and Director of the Institute for Information Security at The University of Tulsa. His research interests include: network attack modeling, analysis and visualization, secure operating systems, programmable security, distributed system verification, policy coordination. Paul J. Brusil Ph.D is a visionary and leader in the research, specification, architecting and education of security, networking and enterprise management. He convened and led industry, government and academic forums including the Integrated Management Symposia series and the National Information Assurance Partnership. He is a Senior Member of the IEEE and a long time editor and advisor with the JNSM. He graduated from Harvard with a joint degree in Engineering and Medicine and is now lead faculty in Norwich University’s graduate program in Information Assurance. 相似文献
4.
Homes that make us smart 总被引:1,自引:1,他引:0
Alex S. Taylor Richard Harper Laurel Swan Shahram Izadi Abigail Sellen Mark Perry 《Personal and Ubiquitous Computing》2007,11(5):383-393
In this article we consider what it should mean to build “smartness” or “intelligence” into the home. We introduce an argument
suggesting that it is people who imbue their homes with intelligence by continually weaving together things in their physical
worlds with their everyday routines and distinct social arrangements. To develop this argument we draw on four ongoing projects
concerned with designing interactive surfaces. These projects illustrate how, through the use of surfaces like fridge doors
and wall displays, and even bowl shaped surfaces, we keep in touch with one another, keep the sense of our homes intact, and
craft our homes as something unique and special. Intelligence, here, is seen to be something that emerges from our interactions
with these surfaces—seen in the thoughtful placement of things throughout the home’s ecology of surfaces. IT for the home
is thus understood less as something to be designed as intelligent and more as a resource for intelligence.
With apologies to Don Norman. 相似文献
5.
Jürgen Dorn Christoph Grün Hannes Werthner Marco Zapletal 《Information Systems and E-Business Management》2009,7(2):123-142
In recent years business-to-business (B2B) e-commerce has been subject to major rethinking. A paradigm shift can be observed
from document centric file-based interchange of business information to process-centric and, finally to service-based information
exchange. On a business level, a lot of work has been done to capture business models and collaborative business processes
of an enterprise; further initiatives address the identification of customer services and the formalization of business service
level agreements (SLA). On a lower, i.e., technical level, the focus is on moving towards service-oriented architectures (SOA).
These developments promise more flexibility, a market entry at lower costs and an easier IT-alignment to changing market conditions.
This explains the overwhelming quantity of specifications and approaches targeting the area of B2B—these approaches are partly
competing and overlapping. In this paper we provide a survey of the most promising approaches at both levels and classify
them using the Open-edi reference model standardized by ISO. Whereas on the technical level, service-oriented architecture
is becoming the predominant approach, on the business level the landscape is more heterogeneous. In this context, we propose—in
line with the services science approach—to integrate business modeling with process modeling in order to make the transformation
from business services to Web services more transparent. 相似文献
6.
Chris Wysopal 《Datenschutz und Datensicherheit - DuD》2012,36(9):645-652
Veracode has analyzed more than 9,000 applications over the past 18 months, across 40 different industry sectors. These applications are both internally developed enterprise applications and those purchased by enterprises from software vendors. We measured the security quality of third-party software from large and small software vendors and compared the security quality of soft-ware written different languages for different industry sectors. The paper will show that there are significant differences in the quantity and types of vulnerabilities in software due to differences in where the software was developed, the type of software it is, in what language it was developed, and for what type of business the software was developed for. 相似文献
7.
Luis E. Mendoza Anna C. Grim n Marí a A. P rez Teresita Rojas 《Information Systems Management》2002,19(2):70-84
With the growing application of the Internet, business portal software is becoming increasingly complex given the wide variety of technologies it must integrate. It is therefore most important to have development environments that enable this type of software to be built efficiently. This justifies the need to evaluate the quality of business portal development environments.
The objective of this article is to propose the definition of a quality model for business portal development environments, based on ISO/IEC 9126, with the appropriate metrics for estimating quality. the estimation model was evaluated through a case study using a commercial business portal development environment. the rational unified process (RUP) methodology was chosen to build a business portal prototype. 相似文献
The objective of this article is to propose the definition of a quality model for business portal development environments, based on ISO/IEC 9126, with the appropriate metrics for estimating quality. the estimation model was evaluated through a case study using a commercial business portal development environment. the rational unified process (RUP) methodology was chosen to build a business portal prototype. 相似文献
8.
Leading software shops (including Microsoft) are working hard to improve the way they build security into their products. Software security initiatives have proven beneficial for those organizations that have implemented them. Such initiatives involve the adoption and rollout of various types of best practices. The article describes an approach that works, with an emphasis on business process engineering that might be unfamiliar to technical practitioners. By following some commonsense steps, a software security improvement program has a greater chance of achieving its ultimate goal: software security that makes business sense. 相似文献
9.
10.
通过PPTP构建安全的企业私有网络 总被引:2,自引:0,他引:2
采用PPTP方案成功地解决了构建安全的企业私有网的问题,并在上海复旦高科技集团网络建设与商务系统开发过程中得到很好的验证。 相似文献
11.
12.
Since the first systems and networks developed, virus and worms matched them to follow these advances. So after a few technical
evolutions, rootkits could moved easily from userland to kernelland, attaining the holy grail: to gain full power on computers.
Those last years also saw the emergence of the virtualization techniques, allowing the deployment of software virtualization
solutions and at the same time to reinforce computer security. Giving means to a processor to manipulate virtualization have
not only significantly increased software virtualization performance, but also have provide new techniques to virus writers.
These effects had as impact to create a tremendous polemic about this new kind of rootkits—HVM (hardware-based virtual machine)—and
especially the most (in)famous of them: Bluepill. Some people claim them to be invisible and consequently undetectable thus making antivirus software or HIDS definitively
useless, while for others HVM rootkits are nothing but fanciful. However, the recent release of the source code of the first
HVM rootkit, Bluepill, allowed to form a clear picture of those different claims. HVM can indeed change the state of a whole operating system by
toggling it into a virtual machine and thus taking the full control on the host and on the operating system itself. In this
paper, we haven striven to demystify that new kind of rootkit. Ona first hand we are providing clear and reliable technical
data about the conception of such rootkit to explain what is possible and what is not. On a second hand, we provide an efficient,
operational detection technique that make possible to systematically detect Bluepill-like rootkits (aka HVM-rootkits). 相似文献
13.
Many have long regarded software assessment as a way to determine the correctness of software. Formal methods attempt to build in correct behavior. Techniques such as formal verification and testing attempt to demonstrate, either formally or empirically, that the software computes the specified function-whether or not the specified function is correct. Note several subtleties here. First, to employ these techniques, we need a definition of correct behavior. Without an accurate definition of what we want, we cannot confidently label an information system as defective. Second, the predominant goal of software assurance has been to demonstrate correct behavior. But as we all know, correct software can still kill you. Correct and safe behaviors can conflict since safety is a system property while correctness is a software property. We must merge these two properties if we ever hope to realize information assurance. Information assurance is similar to software assurance but covers a broader set of information integrity issues, such as information security, privacy, and confidentiality. For example, if a system can thwart attacks, whether malicious or simply unfortunate, and still provide accurate information on demand, then it provides some degree of information assurance. Information assurance also includes the traditional software “ilities” (as they are called), such as software safety, software security, reliability, fault tolerance, correctness, and so on. Put simply, information assurance is accurate enough information that is available on demand for a given application or situation 相似文献
14.
Jos J. M. Trienekens Rob J. Kusters Michiel J. I. M. van Genuchten Hans Aerts 《Software Quality Journal》2007,15(2):135-153
This paper reports on a survey amongst software groups in a multinational organization. The survey was initiated by the Software
Process Improvement (SPI) Steering Committee of Philips, a committee that monitors the status and quality of software process
improvement in the global organization. The paper presents and discusses improvement targets, improvement drivers, and metrics,
and the degree to that they are being recognized in the software groups. The improvement targets ‘increase predictability’
and ‘reduce defects’ are being recognized as specifically important, joined for Capability Maturity Model (CMM) level three
groups by ‘increase productivity’ and ‘reduce lead time’. The set of improvement drivers that was used in the survey appears
to be valid. Three improvement drivers that were rated highest were: ‘commitment of engineering management’, ‘commitment of
development staff, and ‘sense of urgency’. Finally, it could be seen that metrics activity, both in size and in quality, increases
significantly for CMM level three groups. However, no consensus regarding what metrics should be used can be seen.
相似文献
Jos J. M. TrienekensEmail: |
15.
Piero A. Bonatti Sarit Kraus V.S. Subrahmanian 《Annals of Mathematics and Artificial Intelligence》2003,37(1-2):169-235
With the rapid proliferation of software agents, there comes an increased need for agents to ensure that they do not provide data and/or services to unauthorized users. We first develop an abstract definition of what it means for an agent to preserve data/action security. Most often, this requires an agent to have knowledge that is impossible to acquire – hence, we then develop approximate security checks that take into account, the fact that an agent usually has incomplete/approximate beliefs about other agents. We develop two types of security checks – static ones that can be checked prior to deploying the agent, and dynamic ones that are executed at run time. We prove that a number of these problems are undecidable, but under certain conditions, they are decidable and (our definition of) security can be guaranteed. Finally, we propose a language within which the developer of an agent can specify her security needs, and present provably correct algorithms for static/dynamic security verification. 相似文献
16.
Loïc Duflot 《Journal in Computer Virology》2009,5(2):91-104
In this paper, we present the security implications of x86 processor bugs or backdoors on operating systems and virtual machine
monitors. We will not try to determine whether the backdoor threat is realistic or not, but we will assume that a bug or a
backdoor exists and analyze the consequences on systems. We will show how it is possible for an attacker to implement a simple
and generic CPU backdoor in order—at some later point in time—to bypass mandatory security mechanisms with very limited initial
privileges. We will explain practical difficulties and show proof of concept schemes using a modified Qemu CPU emulator. Backdoors
studied in this paper are all usable from the software level without any physical access to the hardware. 相似文献
17.
张宏伟 《自动化与信息工程》2009,30(1):28-30
中山市社保自助服务系统是一个利用触摸自助终端做为人机操作接口、光纤传输网络做为支撑载体和相应的业务应用软件系统搭建起来的自助服务平台。它覆盖中山地区的政府机关、社保、社区、,医院和银行等公共场所。为参保人提供各类信息查询和业务办理等功能。既方便了市民应用,又降低了社保部门办事窗口的压力。 相似文献
18.
Mohammed Noraden Alsaleh Ehab Al-Shaer Ghaith Husari 《Journal of Network and Systems Management》2017,25(4):759-783
Automated cyber security configuration synthesis is the holy grail of cyber risk management. The effectiveness of cyber security is highly dependent on the appropriate configuration hardening of heterogeneous, yet interdependent, network security devices, such as firewalls, intrusion detection systems, IPSec gateways, and proxies, to minimize cyber risk. However, determining cost-effective security configuration for risk mitigation is a complex decision-making process because it requires considering many different factors including end-hosts’ security weaknesses based on compliance checking, threat exposure due to network connectivity, potential impact/damage, service reachability requirements according to business polices, acceptable usability due to security hardness, and budgetary constraints. Although many automated techniques and tools have been proposed to scan end-host vulnerabilities and verify the policy compliance, existing approaches lack metrics and analytics to identify fine-grained network access control based on comprehensive risk analysis using both the hosts’ compliance reports and network connectivity. In this paper, we present new metrics and a formal framework for automatically assessing the global enterprise risk and determining the most cost-effective security configuration for risk mitigation considering both the end-host security compliance and network connectivity. Our proposed metrics measure the global enterprise risk based on the end-host vulnerabilities and configuration weaknesses, collected through compliance scanning reports, their inter-dependencies, and network reachability. We then use these metrics to automatically generate a set of host-based vulnerability fixes and network access control decisions that mitigates the global network risk to satisfy the desired Return on Investment of cyber security. We solve the problem of cyber risk mitigation based on advanced formal methods using Satisfiability Module Theories, which has shown scalability with large-size networks. 相似文献
19.
文章通过分析给出未来安全态势趋势预测的系统,提出安全度量的目标是把专业的安全数据翻译成决策者关心的、与核心业务关联的评价指标,形成对安全态势度量的指标体系,并最终为管理者决策提供依据。 相似文献
20.
It is widely acknowledged that the system functionality captured in a system model has to match organisational requirements
available in the business model. However, such a matching is rarely used to support design strategies. We believe that appropriate
measures of what we refer to as the fitness relationship can facilitate design decisions. The paper proposes criteria and
associated generic metrics to quantify to which extent there is a fit between the business and the system which supports it.
In order to formulate metrics independent of specific formalisms to express the system and the business models, we base our
proposal on the use of ontologies. This also contributes to provide a theoretical foundation to our proposal. In order to
illustrate the use of the proposed generic metrics we show in the paper, how to derive a set of specific metrics from the
generic ones and we illustrate the use of the specific metrics in a case study.
相似文献
Colette RollandEmail: |