DEVSECOPS METHODOLOGY FOR NG-IOT ECOSYSTEM DEVELOPMENT LIFECYCLE – ASSIST-IOT PERSPECTIVE

Current software projects require continuous integration during their whole lifetime. In this context, different approaches regarding introduction of DevOps and DevSecOps strategies have been proposed in the literature. While DevOps proposes an agile methodology for the development and instantiation of software platforms with minimal impact in any kind of operations environment, this contribution proposes the introduction of DevOps methodology for Next Generation IoT deployments. Moreover, novelty of the proposed approach lies in leveraging DevSecOps in different stages and layers of the architecture. In particular, the present work describes the different DevSecOps methodology tasks, and how the security is included on pre-design activities such as planning, creation or adaptation, the design and implementation, as well as on post-implementation activities such as detection, response. Without proper consideration of security and privacy best practices identified in this article, the continuous delivery of services using DevOps methodologies may create risks and introduce different vulnerabilities for Next Generation IoT deployments.

Download Full-text

Security and Privacy Requirements for Electronic Consent

ACM Transactions on Computing for Healthcare ◽

10.1145/3433995 ◽

2021 ◽

Vol 20 (2) ◽

pp. 1-24

Author(s):

Stef Verreydt ◽

Koen Yskout ◽

Wouter Joosen

Keyword(s):

Security And Privacy ◽

Inclusion Criteria ◽

Comprehensive Overview ◽

Privacy And Security ◽

Pubmed Central ◽

Privacy Requirements ◽

Development Lifecycle ◽

Main Challenge ◽

Security Challenges ◽

Server Systems

Electronic consent (e-consent) has the potential to solve many paper-based consent approaches. Existing approaches, however, face challenges regarding privacy and security. This literature review aims to provide an overview of privacy and security challenges and requirements proposed by papers discussing e-consent implementations, as well as the manner in which state-of-the-art solutions address them. We conducted a systematic literature search using ACM Digital Library, IEEE Xplore, and PubMed Central. We included papers providing comprehensive discussions of one or more technical aspects of e-consent systems. Thirty-one papers met our inclusion criteria. Two distinct topics were identified, the first being discussions of e-consent representations and the second being implementations of e-consent in data sharing systems. The main challenge for e-consent representations is gathering the requirements for a “valid” consent. For the implementation papers, many provided some requirements but none provided a comprehensive overview. Blockchain is identified as a solution to transparency and trust issues in traditional client-server systems, but several challenges hinder it from being applied in practice. E-consent has the potential to grant data subjects control over their data. However, there is no agreed-upon set of security and privacy requirements that must be addressed by an e-consent platform. Therefore, security- and privacy-by-design techniques should be an essential part of the development lifecycle for such a platform.

Download Full-text

Networking Cyber-Physical Systems: Algorithm Fundamentals of Security and Privacy for Next-Generation Wireless Networks

Wireless Networks - Security and Privacy for Next-Generation Wireless Networks ◽

10.1007/978-3-030-01150-5_2 ◽

2018 ◽

pp. 33-48

Author(s):

Sheng Zhong ◽

Hong Zhong ◽

Xinyi Huang ◽

Panlong Yang ◽

Jin Shi ◽

...

Keyword(s):

Wireless Networks ◽

Cyber Physical Systems ◽

Security And Privacy ◽

Next Generation ◽

Physical Systems ◽

Next Generation Wireless Networks

Download Full-text

An Interactive Virtual Environment for Programming Modular Robots

Volume 9: 2015 ASME/IEEE International Conference on Mechatronic and Embedded Systems and Applications ◽

10.1115/detc2015-47705 ◽

2015 ◽

Cited By ~ 3

Author(s):

Kevin J. Gucwa ◽

Harry H. Cheng

Keyword(s):

User Interface ◽

Virtual Environment ◽

Open Source Software ◽

Modular Robots ◽

Programming Environment ◽

Software Projects ◽

Educational Environments ◽

Software Platforms ◽

Interactive View ◽

Interactive Virtual Environment

The design of RoboSim, a virtual environment for modular robots which controls simulated robots with code written for the hardware robots without modification, is described in detail in this paper along with its applications in educational environments. RoboSim integrates into the Ch programming environment, a C/C++ interpreter, that provides the ability to remotely control robots through interpreted C/C++ code allowing users to alternate between hardware and virtual robots without modifying the code. Open source software projects Open Dynamics Engine, OpenSceneGraph, and Qt are employed to produce the virtual environment and user interface which provide the capability of running on all major software platforms. The design of the software includes multiple library modules each specific to a particular task; therefore the simulation library and Graphical User Interface (GUI) can link against only the necessary libraries. The GUI links against the graphical library and XML library to give an interactive view of the RoboSim Scene as users are adding robots and obstacles into both the GUI and simulation. Execution of Ch code generates a new RoboSim Scene window which has the entire simulation that utilizes the simulation, graphical, xml, and callback libraries, in addition to the identical Scene from the GUI. It generates its own window for the user to view and interact with the progress of the simulation.

Download Full-text

Deep Analysis of Enhanced Authentication for Next Generation Networks

International Journal of Grid and High Performance Computing ◽

10.4018/jghpc.2010040104 ◽

2010 ◽

Vol 2 (2) ◽

pp. 37-52 ◽

Cited By ~ 1

Author(s):

Mamdouh Gouda

Keyword(s):

Key Agreement ◽

Denial Of Service ◽

Next Generation Networks ◽

Security Level ◽

Ip Multimedia Subsystem ◽

Next Generation ◽

Dos Attacks ◽

Authentication Protocols ◽

Minimal Impact ◽

Authentication And Key Agreement

Next Generation Networks (NGN) is the evolution of the telecommunication core. The user has to execute multi-pass Authentication and Key Agreement (AKA) procedures in order to get access to the IP Multimedia Subsystem (IMS). This causes overhead on the AAA server and increases the delay of authenticating the user and that is because of unnecessary and repeated procedures and protocols. This paper presents an enhanced one-pass AKA procedure that eliminates the repeated steps without affecting the security level, in addition it reduces the Denial of Service (DoS) attacks. The presented mechanism has minimal impact on the network infrastructure and functionality and does not require any changes to the existing authentication protocols.

Download Full-text

Providing next-generation tools for scholars: JSTOR's Advanced Technology Research group

International Journal of Humanities and Arts Computing ◽

10.3366/ijhac.2011.0013 ◽

2010 ◽

Vol 4 (1-2) ◽

pp. 141-149

Author(s):

John Burns ◽

Kevin S. Hawkins

Keyword(s):

Research Group ◽

Raw Material ◽

Advanced Technology ◽

Technology Research ◽

Next Generation ◽

Software Projects ◽

Current Generation ◽

Digital Resources ◽

Digital World ◽

Technology Research Group

The work of scholars is rapidly changing. As new digital resources and tools are developed, and old tools and resources reinvented for the digital world, the practice of scholarship is quickly adapting to the expectations that content should be accessible from anywhere, that it is a raw material to be manipulated, and that an excess of information is the major challenge facing scholars. Despite these expectations, the current generation of tools are inadequate for emerging scholarly practices. JSTOR's Advanced Technology Research (ATR) group has built and collaborated on a number of software projects and platforms that attempt to provide the next generation of tools for scholars. We provide an overview of these projects.

Download Full-text

Insights into the Prevalence of Software Project Defects

The Scientific World JOURNAL ◽

10.1155/2014/179105 ◽

2014 ◽

Vol 2014 ◽

pp. 1-5

Author(s):

Javier Alfonso-Cendón ◽

Manuel Castejón Limas ◽

Joaquín B. Ordieres Meré ◽

Juan Pavón

Keyword(s):

Software Development ◽

Clustering Algorithm ◽

Control Strategies ◽

Likelihood Ratio Statistic ◽

Software Project ◽

Software Defects ◽

Software Projects ◽

Development Lifecycle ◽

Definition Of ◽

Effort Distribution

This paper analyses the effect of the effort distribution along the software development lifecycle on the prevalence of software defects. This analysis is based on data that was collected by the International Software Benchmarking Standards Group (ISBSG) on the development of 4,106 software projects. Data mining techniques have been applied to gain a better understanding of the behaviour of the project activities and to identify a link between the effort distribution and the prevalence of software defects. This analysis has been complemented with the use of a hierarchical clustering algorithm with a dissimilarity based on the likelihood ratio statistic, for exploratory purposes. As a result, different behaviours have been identified for this collection of software development projects, allowing for the definition of risk control strategies to diminish the number and impact of the software defects. It is expected that the use of similar estimations might greatly improve the awareness of project managers on the risks at hand.

Download Full-text