Bridging the gap between Privacy by Design and mobile systems by patterns / Modèles pour les environnements de terminaux nomades "Privacy by Design"

Sokolova, Karina

27 April 2016

De nos jours, les smartphones et les tablettes génèrent, reçoivent, mémorisent et transfèrent vers des serveurs une grande quantité de données en proposant des services aux utilisateurs via des applications mobiles facilement téléchargeables et installables. Le grand nombre de capteurs intégrés dans un smartphone lui permet de collecter de façon continue des informations très précise sur l'utilisateur et son environnement. Cette importante quantité de données privées et professionnelles devient difficile à superviser.L'approche «Privacy by Design», qui inclut sept principes, propose d'intégrer la notion du respect des données privées dès la phase de la conception d’un traitement informatique. En Europe, la directive européenne sur la protection des données privées (Directive 95/46/EC) intègre des notions du «Privacy by Design». La nouvelle loi européenne unifiée (General Data Protection Régulation) renforce la protection et le respect des données privées en prenant en compte les nouvelles technologies et confère au concept de «Privacy by Design» le rang d’une obligation légale dans le monde des services et des applications mobiles.L’objectif de cette thèse est de proposer des solutions pour améliorer la transparence des utilisations des données personnelles mobiles, la visibilité sur les systèmes informatiques, le consentement et la sécurité pour finalement rendre les applications et les systèmes mobiles plus conforme au «Privacy by (re)Design» / Nowadays, smartphones and smart tablets generate, receive, store and transfer substantial quantities of data, providing services for all possible user needs with easily installable programs, also known as mobile applications. A number of sensors integrated into smartphones allow the devices to collect very precise information about the owner and his environment at any time. The important flow of personal and business data becomes hard to manage.The “Privacy by Design” approach with 7 privacy principles states privacy can be integrated into any system from the software design stage. In Europe, the Data Protection Directive (Directive 95/46/EC) includes “Privacy by Design” principles. The new General Data Protection Regulation enforces privacy protection in the European Union, taking into account modern technologies such as mobile systems and making “Privacy by Design” not only a benefit for users, but also a legal obligation for system designers and developers.The goal of this thesis is to propose pattern-oriented solutions to cope with mobile privacy problems, such as lack of transparency, lack of consent, poor security and disregard for purpose limitation, thus giving mobile systems more Privacy by (re) Design

Design patterns

Droit à la vie privée

Smartphones -- Accès -- Contrôle

Software patterns

Smartphones -- Access control

Privacy, Right of

Google Androïd (operating systems)

343.099

PADRÕES ARQUITETURAIS PARA O DESENVOLVIMENTO DE APLICAÇÕES MULTIAGENTE / ARCHITECTURAL STANDARDS FOR THE DEVELOPMENT OF MULTI-AGENT APPLICATIONS

Silva Junior, Geovane Bezerra da

20 March 2003

Made available in DSpace on 2016-08-17T14:52:46Z (GMT). No. of bitstreams: 1 Geovane bezerra.pdf: 1597415 bytes, checksum: 1a51bd2c6aed9c1c6ee46b8369083350 (MD5) Previous issue date: 2003-03-20 / This work proposes a collection of architectural patterns for the development of multi-agent systems. Main architectural concerns like communication, cooperation and coordination mechanisms between the agents of the society are particularly analyzed in each described pattern. The generation of new patterns through the extension or composition of the proposed ones is also approached. The methodology for pattern extraction is based on the study of frequently used architectures of multi-agent systems, like blackboard and federative architectures, and on mechanisms of cooperation and coordination usually identified in such architectures, like master-slave, meeting and negotiator mechanisms, as well. Pattern description is based on AUML and KQML. Main AUML diagrams, like agent packages, agent diagrams and agent interaction diagrams are used to represent the structure and behavior of the society. In those diagrams, agent interactions are represented as KQML performatives. Proposed patterns are validated through the construction of three case studies related to the development of multi-agent systems for information retrieval and filtering. In these case studies, the architectures RETSINA, AMALTHAEA and ABARFI are analyzed and the reuse or potential application of proposed patterns is identified. / Este trabalho propõe uma coleção de padrões arquiteturais para o desenvolvimento de sistemas multiagente. Os principais problemas arquiteturais tais como comunicação, cooperação e mecanismo de coordenação entre os agentes são analisados e descritos em cada padrão. A geração de novos padrões pela extensão ou composição dos padrões propostos também é abordada. A metodologia utilizada para extração de padrões está baseada no estudo de arquiteturas de sistemas multiagente freqüentemente utilizadas, como as arquiteturas quadro-negro e federativas e nos mecanismos de cooperação e coordenação geralmente identificados em tais arquiteturas, como os mecanismos mestre-escravo, reunião e negociador. A descrição dos padrões está baseada em AUML e KQML. Os principais diagramas da AUML, como o diagrama de pacotes, o diagrama de agente e o diagrama de interação são usados para representar a estrutura e o comportamento da sociedade. Nesses diagramas, a representação das interações entre os agentes é feita com a utilização das performatives de KQML. Os padrões propostos são validados através da construção de três estudos de caso relacionados ao desenvolvimento de sistemas multiagente para recuperação e filtragem de informações. Nesses estudos de caso, são analisadas as arquiteturas RETSINA, AMALTHAEA e ABARFI e é identificado a potencial reutilização ou aplicação dos padrões propostos.

Padrões de Software

Reutilização de Software

Agentes de Software

Arquiteturas de Software

KQML e AUML

Software Patterns

Software Reuse

Multi-agent Systems

Software Architectures

KQML

AUML

Software Design

GARREC: ferramenta de apoio no processo de certificação de software da CERTICS / GARREC: Supporting tool on the process of software's certification of CERTICS

Medeiros, Adriana Gonçalves Silva de

01 September 2017

A certificação CERTICS foi desenvolvida para ser um instrumento de política pública que busca contribuir para o desenvolvimento nacional sustentável e pode apoiar as empresas nacionais de software na evolução necessária para se tornarem mais competitivas frente aos softwares estrangeiros. No entanto, esta certificação, assim como outras, requer investimento de profissionais e recursos financeiros, o que é um problema notadamente nas pequenas empresas de software. Este trabalho tem o objetivo de apresentar o GARREC, Guia para Atendimento dos Requisitos dos Resultados Esperados da CERTICS, que é uma ferramenta desenvolvida para apoiar no processo da certificação CERTICS, atuando em complemento à documentação existente. O GARREC foi construído visando facilitar o entendimento dos conceitos da CERTICS e no atendimento dos resultados esperados por meio de proposição de evidências, considerando cenários de pequenas empresas. Assim, o GARREC contribuirá para reduzir o investimento necessário para a certificação. O método de pesquisa adotado envolveu a análise do Modelo de Referência para Avaliação da CERTICS e o detalhamento dos Requisitos Específicos dos seus Resultados Esperados e, para estes foram propostas evidências para atendimento classificadas por relevância. Desta forma, todos os aspectos avaliados são considerados, garantindo qualidade de cobertura do atendimento aos requisitos da certificação. Para a avaliação do GARREC foi realizado um experimento no qual os participantes o utilizaram para atender a resultados esperados predeterminados e responderam a uma pesquisa. Participaram do experimento três empresas com diferentes níveis de conhecimento da CERTICS, uma empresa certificada, uma em processo de certificação e uma sem conhecimento anterior. A partir dos resultados coletados da pesquisa de avaliação, o GARREC atinge os seus objetivos de auxiliar no entendimento e no atendimento dos requisitos da certificação CERTICS, com 91,3% de aceitação aos itens de efetividade e 97,5% referente aos itens de aplicabilidade. Uma validação mais ampla em campo ainda se faz necessária para uma avaliação mais consistente da ferramenta. / The CERTICS certification was developed to be a public policy tool that seeks to contribute to sustainable national development and it can support national software companies in the evolution required to become more competitive compared to the foreign software. However, this certification, as well as others, requires professional investment and financial resources, which is usually a problem for small software companies. This work aims to present GARREC, Guide for Meeting the Requirements of Results Expected from CERTICS, which is a tool developed to support the understanding and obtaining of the CERTICS certification, working in addition to the existing documentation. GARREC was built to facilitate the understanding of the CERTICS’ concepts and in meeting the expected results through evidence proposition considering small business scenarios.Therefore, GARREC will contribute to reducing the investment required for certification. The research method involved the analysis of the Reference Model for Evaluation of CERTICS and detailing of the Specific Requirements of its Expected Results, and for these, evidence was presented to meet them, classified by relevance. In this way all evaluated aspects are considered, guaranteeing quality of coverage of the attendance to the certification requirements. For the GARREC evaluation, an experiment was carried out in which the participants used it to meet predetermined expected results and answered to a survey. Three companies with different levels of knowledge of CERTICS, a certified company, one in the process of certification and one without previous knowledge participated in the experiment. Based on the results of the evaluation survey, GARREC achieves its objectives of assisting in the understanding and fulfillment of CERTICS certification requirements, with 91.3% acceptance of the items referring to Effectiveness and, 97.5% acceptance of the related items Applicability. Further validation in the field is still necessary for a more consistent evaluation of the tool.

Software - Desenvolvimento

Padrões de software

Software - Confiabilidade

Política pública

Engenharia de sistemas

Computação

Computer software - Development

Software patterns

Computer software - Reliability

Small business - Software - Evaluation

Public policy

Systems engineering

Computer science

Ciência da Computação

GARREC: ferramenta de apoio no processo de certificação de software da CERTICS / GARREC: Supporting tool on the process of software's certification of CERTICS

Medeiros, Adriana Gonçalves Silva de

01 September 2017

A certificação CERTICS foi desenvolvida para ser um instrumento de política pública que busca contribuir para o desenvolvimento nacional sustentável e pode apoiar as empresas nacionais de software na evolução necessária para se tornarem mais competitivas frente aos softwares estrangeiros. No entanto, esta certificação, assim como outras, requer investimento de profissionais e recursos financeiros, o que é um problema notadamente nas pequenas empresas de software. Este trabalho tem o objetivo de apresentar o GARREC, Guia para Atendimento dos Requisitos dos Resultados Esperados da CERTICS, que é uma ferramenta desenvolvida para apoiar no processo da certificação CERTICS, atuando em complemento à documentação existente. O GARREC foi construído visando facilitar o entendimento dos conceitos da CERTICS e no atendimento dos resultados esperados por meio de proposição de evidências, considerando cenários de pequenas empresas. Assim, o GARREC contribuirá para reduzir o investimento necessário para a certificação. O método de pesquisa adotado envolveu a análise do Modelo de Referência para Avaliação da CERTICS e o detalhamento dos Requisitos Específicos dos seus Resultados Esperados e, para estes foram propostas evidências para atendimento classificadas por relevância. Desta forma, todos os aspectos avaliados são considerados, garantindo qualidade de cobertura do atendimento aos requisitos da certificação. Para a avaliação do GARREC foi realizado um experimento no qual os participantes o utilizaram para atender a resultados esperados predeterminados e responderam a uma pesquisa. Participaram do experimento três empresas com diferentes níveis de conhecimento da CERTICS, uma empresa certificada, uma em processo de certificação e uma sem conhecimento anterior. A partir dos resultados coletados da pesquisa de avaliação, o GARREC atinge os seus objetivos de auxiliar no entendimento e no atendimento dos requisitos da certificação CERTICS, com 91,3% de aceitação aos itens de efetividade e 97,5% referente aos itens de aplicabilidade. Uma validação mais ampla em campo ainda se faz necessária para uma avaliação mais consistente da ferramenta. / The CERTICS certification was developed to be a public policy tool that seeks to contribute to sustainable national development and it can support national software companies in the evolution required to become more competitive compared to the foreign software. However, this certification, as well as others, requires professional investment and financial resources, which is usually a problem for small software companies. This work aims to present GARREC, Guide for Meeting the Requirements of Results Expected from CERTICS, which is a tool developed to support the understanding and obtaining of the CERTICS certification, working in addition to the existing documentation. GARREC was built to facilitate the understanding of the CERTICS’ concepts and in meeting the expected results through evidence proposition considering small business scenarios.Therefore, GARREC will contribute to reducing the investment required for certification. The research method involved the analysis of the Reference Model for Evaluation of CERTICS and detailing of the Specific Requirements of its Expected Results, and for these, evidence was presented to meet them, classified by relevance. In this way all evaluated aspects are considered, guaranteeing quality of coverage of the attendance to the certification requirements. For the GARREC evaluation, an experiment was carried out in which the participants used it to meet predetermined expected results and answered to a survey. Three companies with different levels of knowledge of CERTICS, a certified company, one in the process of certification and one without previous knowledge participated in the experiment. Based on the results of the evaluation survey, GARREC achieves its objectives of assisting in the understanding and fulfillment of CERTICS certification requirements, with 91.3% acceptance of the items referring to Effectiveness and, 97.5% acceptance of the related items Applicability. Further validation in the field is still necessary for a more consistent evaluation of the tool.

Software - Desenvolvimento

Padrões de software

Software - Confiabilidade

Política pública

Engenharia de sistemas

Computação

Computer software - Development

Software patterns

Computer software - Reliability

Small business - Software - Evaluation

Public policy

Systems engineering

Computer science

Ciência da Computação

A new programming model for enterprise software : Allowing for rapid adaption and supporting maintainability at scale

Höffl, Marc

January 2017

Companies are under constant pressure to adapt and improve their processes to staycompetitive. Since most of their processes are handled by software, it also needs toconstantly change. Those improvements and changes add up over time and increase thecomplexity of the system, which in turn prevents the company from further adaption.In order to change and improve existing business processes and their implementation withinsoftware, several stakeholders have to go through a long process. Current IT methodologies arenot suitable for such a dynamic environment. The analysis of this change process shows thatfour software characteristics are important to speed it up. They are: transparency, adaptability,testability and reparability. Transparency refers to the users capability to understand what thesystem is doing, where and why. Adaptability is a mainly technical characteristic that indicatesthe capability of the system to evolve or change. Testability allows automated testing andvalidation for correctness without requiring manual checks. The last characteristic is reparability,which describes the possibility to bring the system back into a consistent and correct state, evenif erroneous software was deployed.An architecture and software development patterns are evaluated to build an overall programmingmodel that provides the software characteristics. The overall architecture is basedon microservices, which facilitates decoupling and maintainability for the software as well asorganizations. Command Query Responsibility Segregation decouples read from write operationsand makes data changes explicit. With Event Sourcing, the system stores not only the currentstate, but all historic events. It provides a built-in audit trail and is able to reproduce differentscenarios for troubleshooting and testing.A demo process is defined and implemented within multiple prototypes. The design of theprototype is based on the programming model. It is built in Javascript and implements Microservices,CQRS and Event Sourcing. The prototypes show and validate how the programmingmodel provides the software characteristics. Software built with the programming model allowscompanies to iterate faster at scale. Since the programming model is suited for complex processes,the main limitation is that the validation is based on a demo process that is simpler and thebenefits are hard to quantify. / ör att fortsatt vara konkurrenskraftiga är företag under konstant press att anpassa ochförbättra sina processer. Eftersom de flesta processer hanteras av programvara, behöveräven de ständigt förändras. Övertiden leder dessa förbättringar och förändringar till ökadsystemkomplexitet, vilket i sin tur hindrar företaget från ytterligare anpassningar. För attförändra och förbättra befintliga affärsprocesser och dess programvara, måste idag typiskt fleraaktörer vara en del av en lång och tidskrävande process. Nuvarande metoder är inte lämpade fören sådan dynamisk miljö. Detta arbete har fokuserat på fyra programvaruegenskaper som ärviktiga för att underlätta förändringsprocesser. Dessa fyra egenskaper är: öppenhet, anpassningsförmåga,testbarhet och reparerbarhet. Öppenhet, hänvisar till förmågan att förstå varför, var ochvad systemet gör. Anpassningsbarhet är huvudsakligen en teknisk egenskap som fokuserar påsystemets förmåga att utvecklas och förändras. Testbarhet strävar efter automatisk testning ochvalidering av korrekthet som kräver ingen eller lite manuell kontroll. Den sista egenskapen ärreparerbarhet, som beskriver möjligheten att återhämta systemet till ett konsekvent och korrekttillstånd, även om felaktig programvara har använts. En programmeringsmodell som rustarprogramvara med de ovan beskrivna programegenskaperna är utvecklad i detta examensarbete.Programmeringsmodellens arkitektur är baserad på diverse micro-tjänster, vilka ger brafrånkopplings- och underhållsförmåga för en programvara, samt användarorganisationerna.Command Query Responsibility Segregation (CQRS) frånkopplar läsoperationer från skrivoperationeroch gör ändringar i data explicita. Med Event Sourcing lagrar systemet inte endastdet nuvarande tillståndet, utan alla historiska händelser. Modellen förser användarna medett inbyggt revisionsspår och kan reproducera olika scenarion för felsökning och testning. Endemoprocess är definierad och implementerad i tre olika prototyper. Designen av prototypernaär baserad på den föreslagna programmeringsmodellen. Vilken är byggd i Javascript och implementerarmicro-tjänster, CQRS och Event Sourcing. Prototyperna visar och validerar hurprogrammeringsmodellen ger programvaran rätt egenskaper. Programvara byggd med dennaprogrammeringsmodell tillåter företag att iterera snabbare. De huvudsakliga begränsningarna iarbetet är att valideringen är baserad på en enklare demoprocess och att dess fördelar är svåraatt kvantifiera.

Enterprise Software

Microservices

Event Sourcing

Distributed Systems

Process Systems

Enterprise Resource Planning (ERP)

Business Process Re-engineering (BPR)

Transparency

Adaptability

Testability

Reparability

Seneca.js

Hemera.js

Enterprise Software Patterns

Pattern Matching

Transport Independence

Additivity

Elektroteknik och elektronik