The issue of security in the distributed system landscape of a service-oriented architecture (SOA) is a challenging one. No longer is it limited to a local application or an application domain, security must now work across a range of applications and business processes interacting with each other. This is even more true when SOA-based applications are provisioned in the cloud. Firstly, cloud applications components, and the data they might handle, that were once silos, are now being exposed as services by distinct and distrusted tenants. Secondly, such applications are often adaptive when they are provisioned in cloud environments. This study proposes an end-to-end security model (E2SM) that aims to protect data confidentiality in adaptive cloud-based SOA applications. E2SM allows the setting of data-centric security policies that go beyond services boundaries. First, security configuration is automatically calculated starting from a few intuitive business-oriented security settings. Then, the configuration is updated with minimal overhead if security policies are dynamically modified and/or SOA architecture is reconfigured. A security tool is implemented according to the proposed model. As for validation, the tool was used to secure a healthcare business process.

Software as a Service reflects a ‘service-oriented’ approach to software development that is based on the notion of composing applications by discovering and invoking network-available services to accomplish some task. However, as more business organisations adopt service-oriented solutions and the demands on them grow, the problem of ensuring that the software systems can adapt fast and effectively to changing business needs, changes in their runtime environment and failures in provided services has become an increasingly important research problem. Dynamic adaptation has been proposed as a way to address the problem. However, for adaptation to be effective several other factors need to be considered. This study identifies the key factors that influence runtime adaptation in service-oriented systems (SOSs) and examines how well they are addressed in 29 adaptation approaches intended to support SOSs.

Elasticity property allows cloud systems to adapt to their input workload by provisioning and deprovisioning resources as the demand grows and drops. However, due to the unpredictable nature of workload, providing accurate action plans to manage a cloud system's elasticity is a particularly challenging task. In this study, the authors propose a bigraphical reactive system-based approach to provide a formal modelling of cloud systems’ structure using bigraphs, and their elastic behaviours using bigraphical reaction rules. They introduce elasticity strategies to describe cloud systems’ auto-adaptation behaviours. One step further, they encode the bigraphical specifications into Maude language to enable an autonomic executability of the elastic behaviours and verify their correctness. Finally, they propose a queuing-based approach to discuss and analyse elasticity strategies in cloud systems through different simulated scenarios.

Cyber-physical systems (CPSs) are characterized by a multitude of physical and software. Particularly time-related properties are of paramount importance and they can impact the behaviour of these systems. Designing and verifying CPS while tackling time-related and physical properties are very important steps in the CPS life cycle development. Indeed, it is necessary to capture and characterize the different features and their dependencies with time through expressive models. Then, these models must be verified to prove their correctness. Existing process modelling languages such as business process modelling notation (BPMN) has been widely used to model business processes. However, BPMN lacks several features for modelling rich CPS processes such as those related to time and physical properties. In this study, the authors propose a verification framework for collaborative time-aware CPS processes. In this context, they propose to extend BPMN to support the various CPS concepts and properties. Based on this extension, they propose a consistency verification approach, which aims to verify that the time-related and physical properties associated with each process do not give rise to conflicts. Finally, they propose a compatibility verification approach, which aims to verify that the set of involved CPS processes form consistent inter-CPS processes.

The Internet-of-things, which designates the interconnection of physical objects, is a growing research area with many challenges. One of these challenges is the management of failures and unforeseen situations when using connected devices in real world applications. To this end, the authors propose a self-adaptation framework to deal with changes and take into account storage, computational and communication constraints. Their self-adaptation framework relies on constraints expressed in terms of quality of service (QoS) and event-driven rules to specify control objectives. Internally, the framework generates labelled transitions systems and builds on the fly synchronous controllers to guarantee QoS properties. Moreover, their framework has capabilities to concurrently deal with dynamic control objectives, monitoring and self-adaptation. To prove the practicality of their framework, they present a healthcare case-study to remotely monitor a patient at risk of myocardial infarction recurrence. The objective control rules easily specify how wearable devices should coordinate their behaviours to ensure safety, resilience and health-awareness factors. The implementation of their framework is fully distributed and scalable and include their development of a wearable, remotely configurable, QoS aware cardiac activity sensor.

Software fault localisation (SFL) is recognised to be one of the most tedious, costly, and critical activities in program debugging. Due to the increase in software complexity, there is a huge interest in advanced SFL techniques that aid software engineers in locating program bugs. This interest paves a way to the existence of a large amount of literature in the SFL research domain. This study aims to investigate the overall research productivity, demographics, and trends shaping the landscape of SFL research domain. The research also aims to classify existing fault localisation techniques and identify trends in the field of study. Accordingly, a systematic mapping study of 273 primary selected studies is conducted with the adoption of an evidence-based systematic methodology to ensure coverage of all relevant studies. The results of this systematic mapping study show that SFL research domain is gaining more attention since 2010, with an increasing number of publications per year. Three main research facets were identified, i.e. validation research, evaluation research, and solution research, with solution research type getting more attention. Hence, various contribution facets were identified as well. In totality, general demographics of SFL research domain were highlighted and discussed.

Software requirements are an essential stepping stone for engineering any software system that meets the needs of its stakeholders. User interface (UI) contextual help provides end users with much-needed support for understanding how to use a software system. This article presents an approach for generating contextual help from software requirements, while maintaining the ability to provide human input on the generated help. Domain classes, use cases, and UI flow models embody information that is valuable for help generation and are thereby used by the proposed approach. Templates are also used to define how requirements are associated with their contextual help counterpart elements. The generated help is represented using an existing contextual help definition language called CHAINXML. The latter was extended to support templates and alternatives in order to make the help generation process more seamless and to reduce the repetition in the generated help. The usefulness (usability and utility) of the generated help was evaluated by conducting a study with end users. The results showed that the participants found the help to be highly useful and most of them chose to use this help when given the opportunity to do so in a real-life case.

This study presents a novel approach for assessing and prioritising relative weights of the factors in order to reveal the level of each factors' contribution to the usability index system in the context of library websites. The inputs of experts in the related field were used to probe weights of seven key dimensions and 20 measuring items of library website usability. These factors covering both dimensions and measuring items were identified and validated from the authors' previous study. The study employed fuzzy theories along with the extent analysis fuzzy analytic hierarchy process (FAHP) method with the expectation of scrutinising the relative importance of the criteria of interest while avoiding uncertainty, ambiguity, loss of data, and difficulties in assessment cycle. In order to maintain uniformity in expert consensus, triangular fuzzy numbers were used instead of linguistic values. The research findings revealed that the satisfaction was the most important dimension, while accessibility was considered the least important. In addition, the top 7 of the 20 measurement items investigated accounted for 49.37% of importance. The results indicate that more attention is needed in ensuring those websites are comfortable and fulfilled with clear information required for the users, while less time and effort can be given to readability and compatible capability considerations.