Engineering Data-Driven Secure Software Services

Big Data Systems (BDS) (i.e., data-intensive applications) have become one of the key priority areas for all sorts of organizations. We have been conducting R&D on different aspects of Data intensive applications in general and on security oriented solutions in particular. A significant part of our research is aimed at inventing new and innovative techniques and technologies for supporting several functions of Big Data systems such as data capture and storage, data transmission, data curation, data analysis, and data visualization. Recently, I gave a talk on the topic of engineering data-driven secure software services during a two days symposium, Secure and Integrated Energy and Mining Systems (SIEMS), co-organized by the Institute of Mining and Energy Resources (IMER) and Global Mining Guidelines Group in Adelaide. My talk, slides available here, summarised our current R&D that is combining Artificial Intelligence, Cyber Security, and Software Systems for leveraging and/or protecting big data for digital solutions.

Posted in Cyber Security, Data Exfiltration, Innovation, Internet of Everything, Internet of Things (IoTs), Model Driven Engineering (MDE), Privacy, Security, Security Analytics, Security Orchestration, Smart Campus, Smart Cities, Software Architecture, Software Engineering, Uncategorized | Leave a comment

Design Space for Cyber Security Analytical Systems

Cyber Security infrastructures are increasingly relying on big data technologies for capturing, storing, and analyzing huge amount of security events data. Designing and evolving systems that can effectively and efficiently combine big data technologies and cybersecurity are hugely challenging undertakings. Whilst the knowledge for designing cyber security analytics systems has increasing for sometime, there was no consolidated piece of work on design mechanisms, also called tactics, for architecting big data cyber security analytics systems – very proud to share that our recent effort has attempted to fill that gap by providing a consolidated piece of knowledge about the quality attributes considered important for cyber security analytics systems and architectural tactics can help achieve the desired set of quality attributes – such a consolidated knowledge about any aspect of software  design is called Design Space – ours is a design space for cyber security analytics systems. This work has recently been accepted for publication in one of the top quality journal of software systems, Journal of Systems and Software. We will be happy to provide a copy of the article on request and following is the abstract of the article. Continue reading

Posted in Big Data, Cloud Computing, Connected Cities, Cyber Security, Data Exfiltration, Security, Security Analytics, Uncategorized | Leave a comment

Adaptive Architectures for Cyber Security Analytics Systems

It is becoming quite hard to imagine software systems that wouldn’t need adaptation as part of their runtime requirements. With the increasing demand for adaptivity by design, the knowledge and skills in this area are lagging far behind. Cyber Analytics systems are a new breed of systems that combine big data technologies and cyber security systems for capturing, manning, and analyzing cyber security events data. Such systems need to be adaptive for supporting real-time analysis of the security events data. Our research has been focused on this important area for sometime and now we have started reporting the results of our work. Recently, one of our articles on this topic has been accepted in a prestigious software architecture conference, International Conference on Software Architecture, which will be held in Hamburg. Following is the abstract of the article and if it interests to you, please feel free to ask for a copy. Continue reading

Posted in Big Data, Cloud Computing, Cyber Security, Data Exfiltration, Security, Security Analytics, Security Orchestration, Uncategorized | Leave a comment

A Systematic Horizon Scan of Security Orchestration Approaches and Tools

An increasing number of organisations focusing on security orchestration approaches and solutions to automate the processes of their Security Operation Centre (SOC). There are hundreds of approaches and tools to support security orchestration, hence, practitioners find it hard to access a consolidated material on the available solutions and researchers are unable to figure out the gaps. Our team has tried to address this need by reporting a systematic horizon scan of the security orchestration approaches and tools – the report has been published in one of the most prestigious journal of computing, ACM Computing Survey – the work is led by Chadni Islam, and Data61’s Surya Nepal is the collaborator. The abstracts of the paper is below and interested readers are welcome to contact us for a copy of the paper. Continue reading

Posted in Cyber Security, Data Exfiltration, Evidence-Based Software Engineering, Security, Security Orchestration | Leave a comment

Internet of Things Search Engine: Concepts, Classification, and Open Issues

Internet of Things (IoT) enabled infrastructures, products, and services are revolutionising the way businesses and societies engage and operate. Billions of devices, small and large, are predicted to be connected via Internet over the coming years. These devices and the systems built upon them will be generating huge amount of data and information that would be leveraged for providing different products and services. One of the core components of such systems will be Internet of Things Search Engines (IoTSE) because without customised search engines, it is not possible to detect and use devices, sensors and  actuators, that form the IoT systems. Hence, it is important to understand various concepts, technologies, and aspects of IoTSE, which is a complicated and relatively immature research topic. The diversity of IoT systems and the content they generate poses a significant challenge to advance the R&D for IoTSE. To fill this gap, we have produced an article to help easily understand the concepts, classification, and open issues for IoTSE. We are glad to share that this article has been accepted in the ACM Communication magazine, which is one of the top venue for ICT publications. This is the pre-print copy of the article, whose abstract below can provide a brief about the content of the article.  Continue reading

Posted in Innovation, Internet of Everything, Internet of Things (IoTs), Service Oriented Computing, Smart Campus, Smart Cities, Smart Environment, Smart People, Social Computing, Software Architecture | Leave a comment

Building and Leveraging Design Spaces for Architecting Contemporary Software Systems

It was a great pleasure to visit the Secure Systems Group at the Aalto University of Finland. I was hosted by Professor N. Asokan, the leader of the group and a leading authority on different aspects of the security systems, and Dr Lachlan Gunn, a postdoctoral researcher who has a long association with me from the University of Adelaide. I have had the opportunity to meet and discuss common interests areas and activities with several researchers from the group and also attended two talks by the group members on their work. I also gave a rather informal talk to the group to brief them about different pieces of research being carried out by the members of the CREST group that I lead at the University of Adelaide. The title of this post is the title of my talk and below is the abstract of the talk. If you are interested in getting the slides used for this talk, please drop me a line.

One of our main research goals is to scientifically develop and apply design knowledge, so-called design space, that can be leveraged for directing research, building tools, and supporting software design decisions. To this end, we have been building and leveraging design spaces for architecting contemporary software systems. This talk will describe our efforts to build and use design spaces for the Internet of Things Search Engine (IoTSE) and Big Data Cybersecurity Analytics (BDCA). IoTSE denotes software systems that discover and resolve queries on content in the Internet of Things, such as sensor readings, actuating functionality and the digital representation of IoT-enabled objects. Our research on IoTSE focuses on developing an architecture that can model most classes of IoTSE and building the software infrastructure to support the engineering of IoTSE systems from prior components. BDCA leverages big data technologies for collecting, storing, and analyzing a large volume of security event data. Our research on BDCA investigates the use of architectural tactics for architecting a BDCA system to achieve the desired quality of service.  The talk also mentions some of the other areas of our research to support software systems engineering for supporting organizational security.

Posted in Architectural knowledge, Cyber Security, Design patterns, Design rationale, Internet of Everything, Internet of Things (IoTs), Knowledge Sharing, Security, Service Oriented Computing, Service-Oriented Architecture, Software Architecture, Software Engineering, Uncategorized | Leave a comment

Architecting for Continuous Delivery and Deployment

Continuous Software Engineering has been gaining signifiant momentum in terms of widespread adoption among large and small Software houses. This paradigm shift is based on the promise of early, frequent delivery and deployment of software features and continuous feedback on the usefulness and adoption of the features. One of the key challenging area of practice for continuous software engineering is architecting – Software development teams are expected to adopt new conceptualisation and designing approaches and design decision making processes – for example, moving from monolithic to micro services. Given the significant challenges of architectural issues in DevOps, it is important to build and share evidence-based body of knowledge about practices and processes for architectural support in Continuous Software Engineering. We have undertaken a significant research program on this topic and one of our comprehensive pieces of of work has just been accepted in a premier Software Engineering journal with the title of, An Empirical Study of Architecting for Continuous Delivery and Deployment, following is the abstract copied from the paper for the readers of this blog. The paper’s pre-print copies will be available soon.  Continue reading

Posted in Continuous Development, Continuous Software Engineering, DevOps, Evidence-Based Software Engineering, Human-Centric Software Engineering, Software Architecture, Software Engineering, Uncategorized | Leave a comment

Our New Work on Self-Adaptive Security for large-scale Open Environments

We are continuously progressing on the plan for strengthening our capabilities in Cyber Security. To achieve this goal, we have been not only building internal capabilities but also forming and leveraging strategic collaborations. Out of one of our recent collaborations, with Giannis and Rami, in the areas of Cyber Security has resulted a high quality piece of work that has been accepted in a highly profile journal, ACM Computing Survey. The abstract of this paper is below and can provide some useful insights to the potential readers of this work. We are hoping that this piece of work will lead to systematic classification and comparison of architectural level Cyber Security Solutions and develop and evaluate new techniques, approaches, and tools for designing and evaluating security centric large scale distributed systems. Below is the abstract from the paper. Continue reading

Posted in Architectural knowledge, Cloud Computing, Cyber Security, Data Exfiltration, Design patterns, Design rationale, Security, Service Oriented Computing, Service-Oriented Architecture, Software Architecture, Software Engineering, Uncategorized | Leave a comment

Data Exfiltration: External Attack Vectors and Countermeasures

With regards to our work on Cyber Security, we have recently successfully completed a collaborative piece fo work with researchers from Security Lancaster, University of Lancaster, UK. Our collaborative work was focused on identifying and understanding Data Exfiltration: External Vectors and Countermeasures and has been accepted in Journal of Network and Computer Applications with the following title and abstract. The pieces of paper provide an extensive literature review that is expected to be leveraged for understanding the key external attack vectors and the countermeasures and the areas for future research.

“Data Exfiltration: A Review of External Attack Vectors and Countermeasures” Continue reading

Posted in Big Data, Cloud Computing, Cyber Security, Data Exfiltration, Knowledge Sharing, Security, Service Oriented Computing | Leave a comment

Search Engines for Web of Things (WoT)

Millions of objects are being connected to provide different services via the Web. This trend has led the paradigm of Web of Things (WoT), that can be searched and leveraged by uses (i.e., human or other systems/machines). One of the key enabling technologies for materialising the WoT vision are search engines, which need to be highly sophisticated pieces of complex software systems. Researchers and practitioners have been allocated huge amount of resources for developing a large variety of search engines for WoT. It is pertinent to critically review the state of the art on search engines for WoT to assess the currently available search engines as well as to guide the future research and innovation efforts in this area. To this goal, we have recently completed a large scale review of the search engines for WoT.  We are ver proud to share that our review titled, Searching the Web of Things: State of the Art, Challenges and Solutions, has been accepted in the top quality journal ACM Computing Survey. Here is the preprint version of the paper that provides a detailed critical review of more than 30 systems and highlights the open issues that need to be addressed in order to achieve a so-called ideal WoT Search Engine. 

Posted in Innovation, Internet of Everything, Internet of Things (IoTs), Software Architecture, Software Engineering, Uncategorized, Web of Things (WoTs) | Leave a comment