Learn More
At the RELENG 2014 Q&A, the question was asked, "What is your greatest concern?" and the response was "someone subverting our deployment pipeline". That is the motivation for this paper. We explore what it means to subvert a pipeline and provide several different scenarios of subversion. We then focus on the issue of securing a pipeline. As a result, we(More)
Building secure applications requires significant expertise. Secure platforms and security patterns have been proposed to alleviate this problem. However, correctly applying patterns to use platform features is still highly expertise-dependent. Patterns are informal and there is a gap between them and platform features. We propose the concept of reusable(More)
Half a decade after Bitcoin became the first widely used cryptocurrency, blockchains are receiving considerable interest from industry and the research community. Modern blockchains feature services such as name registration and smart contracts. Some employ new forms of consensus, such as proof-of-stake instead of proof-of-work. However, these blockchains(More)
When monitoring complex applications in cloud systems, a difficult problem for operators is receiving false positive alarms. This becomes worse when the system is sporadically being changed and upgraded due to the emerging continuous deployment practice. Other legitimate but sporadic maintenance operations, such as log compression, garbage collection and(More)
1 Introduction While WS*-based Service-Oriented Architecture (SOA) is employed heavily in the enterprise application & integration space, end-user-oriented organizations such as Facebook, Google or Yahoo! adopted the REST paradigm. Web service ecosystems [1] have been established around web service offerings like social networking, where open platforms(More)
Blockchain is of rising importance as a technology for engineering applications in cross-organizational settings, avoiding reliance on central trusted third-parties. The use of blockchain, instead of traditional databases or services, is an architectural choice in the development of a software system. The costs of execution and storage are important(More)
— Building high assurance secure applications requires the proper use of security mechanisms and assurances provided by the underlying secure platform. However, applications are often built using security patterns and best practices that are agnostic with respect to the intricate specifics of the different underlying platforms. This independence from the(More)
  • Paul Rimba
  • 2015
This summary reports on three separate events, the main conference and two co-located workshops, which were held at the International Conference on Software Engineering (ICSE) in 2015 in Florence. The workshops are the third international workshop on RELeng ENGineering (RELENG) and the first international workshop on Complex faUlts and Failures in LargE(More)
A registry is a list of information recorded by a trusted authority. Registries have security requirements for data integrity and availability, and for the ability to connect with other registries. Building registries on a blockchain leverages key properties of blockchains, including data integrity, immutability, and availability. By using a blockchain as(More)
Developing and operating a complex secure application with high assurance is difficult and requires experts. Security patterns and best practices have been proposed to assist architects in designing secure applications. However, these are usually written independently of the underlying platforms and operating environment. This leads to a gap between(More)