Evaluating Docker for Secure and Scalable Private Cloud with Container Technologies

The ongoing collaboration with the Maritime Division of Defence and Science Technology Group (DST) has resulted in another very useful piece of work that we are very glad to share through this blog. We have been conducting a series of Research and Development (R&D) projects with the same group in the Maritime Division of DST for evaluating technological solutions for building secure and scalable private clouds for mission critical systems. Given the increasing adopting of containerised solutions, our collaborators were interested in evaluating Docker for secure and scale private cloud – that means both security and scalability are the key quality attributes for their domain. Ben Ramsey from my team led the efforts of carrying out this work that has resulted in a detailed technical report. We believe that this technical report will be very useful for anyone interested in knowing about the security and scalability aspects of container technologies like Docker when used for building a private cloud infrastructure. Here is the report titled, Evaluating Docker for Secure and Scalable Private Cloud with Container Technologies, and the abstract has been copied from the report below: Continue reading

Posted in Cloud Computing, Combat Systems, Container Technologies, Cyber Security, Defence Systems, Private Cloud, Scalable, Security, Service Oriented Computing, Submarine Systems | Leave a comment

Understanding Container Isolation Mechanisms for Security-Sensitive Private Cloud

With the increasing trend of adopting containerised solution for cloud-based infrastructures, it is becoming increasingly important to pay appropriate attention to the security risks that usually characterise virtualised solutions using container technologies such as Docker. We have recently finished another successful project with our collaborators from Defence Science and Technology Group (DST). This project was focused on identifing and understanding the isolation mechanisms used for containerised technologies. We are glad to share the technical report on this topic with those who are interested in building and operating containerised security-sensitive private cloud. The title of the report is, Understanding Container Isolation Mechanisms for Building Security-Sensitive Private Cloud, and abstract of the report has been copied from the report below for ease of access. This project has been carried out with Ben Ramsey.  Continue reading

Posted in Cloud Computing, Combat Systems, Container Technologies, Defence Systems, DevOps, Private Cloud, Submarine Systems | Leave a comment

A 360 Review on Continuous Integration, Delivery, and Deployment

The increasing amount of literature on Continuous Integration (CI), Continuous Delivery (CDE), and Continuous Deployment (CD) has stimulated the need and desire of secondary studies. Recently, there have been several reviews published on CI, CDE, and CD, mostly in Software Engineering journal. Whilst these reviews have made important contributions to the body of knowledge about CI, CDE, CD, there was no significant effort to perform an integrated review of these three practices areas, which are so much intertwined that it is critically important that the key pieces of work on these topics are reviewed in an integrated fashion. Such an integrated review is expected to provide the researchers and practitioners with a 360 degree view on the approaches, tools, and challenges in these areas. We have tried to address this need through a Systematic Literature Review (SLR), Continuous Integration, Delivery and Deployment: A Systematic Review on Approaches, Tools, Challenges, which has been recently published in IEEE Access. We are really excited to have this work done as it would fill important gaps left by other secondary studies on these important topics. Our review also critically comparing the existing reviews and our work that is an important part of progressing the state of the art in an emerging area. I’m copying/pasting the abstract for the readers’ interests as a teaser leading to a full read of the article. We also welcome comments.

Continue reading

Posted in Continuous Development, Continuous Software Engineering, Evidence-Based Software Engineering, Software Engineering | Leave a comment

A New Course on Requirements Engineering

We are going to complete the implementation of our redeveloped Bachelor of Engineering (Software) degree program in 2017. As part of the full implementation of the redeveloped degree, we will be adding two new courses to the program: Software Engineering Workshop I and Software Engineering Workshop II. The Software Engineering Workshop  I aims at providing the students with the understanding, knowledge, and skills in different approaches, methods, processes, and tools for supporting the requirements engineering activities. I have designed and developed this course that would be offered in a workshop style format. We have even tried to change the terminology for the course mode and the face to face sessions are called: Seminar Sessions and Workshop Sessions. For the interested students and educators, here is the course outline.

I’m very excited to deliver this course with my colleague Dr Christoph Treude from the first semester 2017. We have also decided to use Slack as the communication and interaction tools for this course. We are quite confident that the students are going to like the course as well as the use of online tools we are going to use for this course – apart from Slack, we will be using Canvas, a newly adopted online learning and teaching platform at the University of Adelaide.  If you are interested in getting the class exercises and course project details, please feel free to contact me.

Posted in Curriculum, Education, Requirements Engineering, SE Curriculum, Software Engineering, Software Engineering Programs | Leave a comment

Security Support in Continuous Deployment Pipeline

Continuous Software Engineering has gained significant attraction in the software development industry. One of the key areas of Continuous Software Engineering is Development and Operation (DevOps) – according to which development and operations teams are brought together for better coordination, collaboration, and communication. DevOps is characterised by Continuous Development, Continuous Delivery, and Continuous Deployment (CD). Continuous Deployment means continuously and automatically deploy software changes into production. Continuous Deployment Pipeline (CDP) supports CD practice by transferring the changes from the repository to production. CDP can be a significant target for cyber attacks. Hence, it is important that CDP is design and operated with security requirements in mind. We have recently published a paper paper that describe a few design tactics and their implementation for designing a security sensitive CDP. We hope that this work will interest to those who are interested in gathering patterns and tactics for designing secure deployment pipeline to support DevOps. We welcome comments and enquiries for collaboration in this area.

Posted in Architectural knowledge, Continuous Development, Continuous Software Engineering, Design patterns, Design rationale, DevOps, Evidence-Based Software Engineering, Service-Oriented Architecture, Software Architecture, Software Engineering | Leave a comment

An Approach to Designing and Evaluating Web of Things (WoT) Systems

Internet of Things (IoT) have emerged a popular technology that underpinning several innovative products and services. Internet of Everything (IoE) or Web of Things (WoT) are real or virtual networks of things (or services) that can be meaningfully quarried or combined in order to build and provide different types of services. Recently, we have a book chapter, Using Reference Architecture for Design and Evaluation of Web of Things Systems, has been included a newly published book, Managing the Web of Things: Linking the Real World to the Web, edited by Michael Sheng, Yongrui Qin, Lina Yao, and Boualem Benatallah. The abstract of our book chapter is below as it may interest to some of the readers. The book chapter provides a methodological approach and technical details about applying a reference architectures to support the design and evaluation of Web of Things Systems. The research involved students from a software architecture course offered at the IT University of Copenhagen, Denmark. The abstract of the chapter is below:

Continue reading

Posted in Architectural knowledge, Big Data, Cloud Computing, Container Technologies, Cyber Security, Data Exfiltration, Design patterns, Design rationale, Internet of Everything, Internet of Things (IoTs), Private Cloud, Scalable, Security, Service Oriented Computing, Service-Oriented Architecture, Software Architecture, Software Engineering, Web of Things (WoTs) | Leave a comment

A Reference Architecture for provisioning of Tools as a Service

We have been developing and maturing a state of the art infrastructure for providing tools as a service. Our work has resulted in a reference architecture provides meta-models, Ontologies, quality attributes, and implementation of an instantiated cloud-based infrastructure for providing tools as a service. Recently, we have published a compressive piece of work in a journal article, titled, A Reference Architecture for provisioning of Tools as a Service: Meta-model, Ontologies and Design Elements, in the journal of Future Generation of Computer Systems. We believe that this piece of work has a great potential for further extension and development for providing tools as a service in multiple engineering domains. The theoretical foundations and practical design techniques developed for this particular piece of work have significant contribution to the body of knowledge on reference architectures for tools as a service. The following abstract of the paper can provide some details about the paper for stimulating the interests of the relevant readers. We are quite keen to receive enquiries for the infrastructure use and collaboration on extending and modifying the infrastructure. Continue reading

Posted in Architectural knowledge, Cloud Computing, Container Technologies, Design patterns, Design rationale, Private Cloud, Service Oriented Computing, Service-Oriented Architecture, Software Architecture | Leave a comment