Current Search: Fernandez, Eduardo B. (x)
View All Items
Pages
- Title
- A survey of compliance issues in cloud computing.
- Creator
- Yimam, Dereje, Fernandez, Eduardo B.
- Date Issued
- 2016-12-10
- PURL
- http://purl.flvc.org/fau/fd/FAUIR000139
- Format
- Citation
- Title
- A Misuse Pattern for Flame.
- Creator
- Lewis, Paul, Singh, Sanjay, Fernandez, Eduardo B.
- Abstract/Description
-
Flame is a computer worm that is being used for targeted cyber espionage in Middle Eastern countries. It is considered one of the most complex malware ever found. Flame can record audio, screenshots, keyboard activity and network traffic. It also has a kill switch to erase itself. Its program modules are encrypted. We are writing a misuse pattern to describe its architecture. A pattern is a solution to a recurrent problem in a given context. A pattern embodies the knowledge and experience of...
Show moreFlame is a computer worm that is being used for targeted cyber espionage in Middle Eastern countries. It is considered one of the most complex malware ever found. Flame can record audio, screenshots, keyboard activity and network traffic. It also has a kill switch to erase itself. Its program modules are encrypted. We are writing a misuse pattern to describe its architecture. A pattern is a solution to a recurrent problem in a given context. A pattern embodies the knowledge and experience of software developers and can be reused in new applications. A security pattern describes a mechanism or procedure to defend against an attack. A misuse pattern describes how a misuse is performed from the point of view of the attacker. It defines the environment where the attack is performed, countermeasures to stop it, and provides forensic information in order to trace the attack once it happens.
Show less - Date Issued
- 2014
- PURL
- http://purl.flvc.org/fau/fd/FA0005027
- Subject Headings
- College students --Research --United States.
- Format
- Document (PDF)
- Title
- A Misuse Pattern for Retrieving Data from a Database Using SQL Injection.
- Creator
- Alder, Ernst, Bagley, Richard, Fernandez, Eduardo B.
- Abstract/Description
-
FAU's Office of Undergraduate Research and Inquiry hosts an annual symposium where students engaged in undergraduate research may present their findings either through a poster presentation or an oral presentation.
- Date Issued
- 2011
- PURL
- http://purl.flvc.org/fau/fd/FA00005426
- Format
- Document (PDF)
- Title
- Introduction to the Special Issue on Evaluating the Security of Complex Systems.
- Creator
- Fernandez, Eduardo B.
- Abstract/Description
-
Recent security breaches show the need to secure large, distributed, complex systems. A fundamental, but little discussed aspect of security is how to evaluate when a complete system is secure. Purely formal methods cannot handle this level of complexity. Code checking does not consider the interaction of separate modules working together and is hard to scale. Model-based approaches, such as patterns and problem frames, can be effective for handling large systems. Their use in evaluating...
Show moreRecent security breaches show the need to secure large, distributed, complex systems. A fundamental, but little discussed aspect of security is how to evaluate when a complete system is secure. Purely formal methods cannot handle this level of complexity. Code checking does not consider the interaction of separate modules working together and is hard to scale. Model-based approaches, such as patterns and problem frames, can be effective for handling large systems. Their use in evaluating security appears promising. A few works in this direction exist, but there is a need for more ideas. This Special Issue focuses on global, model-based, architectural, and systems-oriented evaluation methods.
Show less - Date Issued
- 2016-07-18
- PURL
- http://purl.flvc.org/fau/fd/FAUIR000017
- Format
- Citation
- Title
- Microprocessor design for non-discretionary multilevel security.
- Creator
- Clifton, Daniel B., Florida Atlantic University, Fernandez, Eduardo B.
- Abstract/Description
-
Microprocessor design for data security is examined with regard to both methodology and implementation. The examination begins with seven commercial 32-bit microprocessors which are evaluated against a set of previously published requirements for secure hardware. Then, the methodology and implementation of data secure microprocessor design is presented using an original design. The presentation includes a description of the security policy implemented, a model of secure operation, and a...
Show moreMicroprocessor design for data security is examined with regard to both methodology and implementation. The examination begins with seven commercial 32-bit microprocessors which are evaluated against a set of previously published requirements for secure hardware. Then, the methodology and implementation of data secure microprocessor design is presented using an original design. The presentation includes a description of the security policy implemented, a model of secure operation, and a detailed description of the design. The security-related overhead of the new design is compared to that of two commercial microprocessors. The design is then validated with a formal proof. Finally, the design is shown to protect against several generic attacks.
Show less - Date Issued
- 1988
- PURL
- http://purl.flvc.org/fcla/dt/14443
- Subject Headings
- Microprocessors, Data protection
- Format
- Document (PDF)
- Title
- Multi-factor Authentication.
- Creator
- Callahan, Colin, Fernandez, Eduardo B., College of Engineering and Computer Science
- Abstract/Description
-
An important authentication method is multi-factor authentication (MFA). Products such as Enterprise Office 365 are already using it, available for any user in Office 365 Midsize Business, Enterprise, Academic, and Nonprofit plans as well as the standalone versions of Exchange Online and SharePoint Online. The log-in verification feature is aimed at reducing users' vulnerability to online identity theft, phishing, and other scams by adding a second level of authentication to an account log-in...
Show moreAn important authentication method is multi-factor authentication (MFA). Products such as Enterprise Office 365 are already using it, available for any user in Office 365 Midsize Business, Enterprise, Academic, and Nonprofit plans as well as the standalone versions of Exchange Online and SharePoint Online. The log-in verification feature is aimed at reducing users' vulnerability to online identity theft, phishing, and other scams by adding a second level of authentication to an account log-in. Twitter, Apple, PayPal, Google, Facebook, and other vendors already have implemented it. After correctly entering their username and password, users need to acknowledge a phone call, text message, or an app notification on their smartphone before they can gain access to their account. Two-factor authentication is the most common form of MFA and requires the use of two of the three authentication factors: Something only the user knows, something the user has, and something only the user is. In this work we will analyze some varieties, do UML models of their structure and dynamics, and compare MFA to other authentication approaches.
Show less - Date Issued
- 2015
- PURL
- http://purl.flvc.org/fau/fd/FA00005179
- Subject Headings
- College students --Research --United States.
- Format
- Document (PDF)
- Title
- Misuse Pattern: Keyboard Injection Through The USB Human Interface Device Class.
- Creator
- To, Dyllan, Fernandez, Eduardo B., College of Engineering and Computer Science
- Abstract/Description
-
We are presenting a misuse pattern, Keyboard Injection through the USB Human Interface Device(HID) class. This paper describes how such a misuse is performed from the view from an attacker, describes the systems involved in the misuse, analyzes methods of stopping or preventing the attack through potential security patterns, and details techniques that can be used to detect or trace such an attack after it has occurred. Such a pattern can inform IT managers, device manufacturers, or even...
Show moreWe are presenting a misuse pattern, Keyboard Injection through the USB Human Interface Device(HID) class. This paper describes how such a misuse is performed from the view from an attacker, describes the systems involved in the misuse, analyzes methods of stopping or preventing the attack through potential security patterns, and details techniques that can be used to detect or trace such an attack after it has occurred. Such a pattern can inform IT managers, device manufacturers, or even device driver developers of the vulnerability, as well as detail methods or security patterns that can prevent an attack. A keyboard injection misuse attempts to infiltrate a system or network through a variety of techniques. Such a misuse impersonates a keyboard HID, which most systems inherently trust.
Show less - Date Issued
- 2015
- PURL
- http://purl.flvc.org/fau/fd/FA00005214
- Subject Headings
- College students --Research --United States.
- Format
- Document (PDF)
- Title
- HIPAA Security Mechanisms for Medical Devices.
- Creator
- Jofre, Michael A., Fernandez, Eduardo B., Dorothy F. Schmidt College of Arts and Letters
- Abstract/Description
-
The HIPAA (Health Insurance Portability and Accountability Act) defines regulations to help protect patient’s information. Now as the health information technology (Health IT) environment becomes an even more integral part in the field of medicine, it is vital that HIPAA’s privacy protection is applied to the handling of patient’s information by medical devices. These devices not only perform their intended medical functionality, but they also perform other functionalities that can be...
Show moreThe HIPAA (Health Insurance Portability and Accountability Act) defines regulations to help protect patient’s information. Now as the health information technology (Health IT) environment becomes an even more integral part in the field of medicine, it is vital that HIPAA’s privacy protection is applied to the handling of patient’s information by medical devices. These devices not only perform their intended medical functionality, but they also perform other functionalities that can be affected by security threats. As a result, HIPAA’s privacy guidelines need to be enforced by appropriate security mechanisms within these medical devices. Security mechanisms can be described by software patterns. A few of these patterns will be discussed, showing how they can handle such threats. We will survey existing patterns and identify which other patterns would be necessary.
Show less - Date Issued
- 2015
- PURL
- http://purl.flvc.org/fau/fd/FA00005198
- Subject Headings
- College students --Research --United States.
- Format
- Document (PDF)
- Title
- Controlling access to physical locations.
- Creator
- Desouza-Doucet, Ana C., Florida Atlantic University, Fernandez, Eduardo B.
- Abstract/Description
-
The need to secure and control access to rooms in premises has shifted from allowing some people to enter a room to giving permission to specific persons to access a room and recording who entered the room and the time they spent in it. With such need for higher security in mind, we design an access control system for controlling physical access of people to locations or to specific units in these locations. Our study gives emphasis to the organization of physical locations, including nested...
Show moreThe need to secure and control access to rooms in premises has shifted from allowing some people to enter a room to giving permission to specific persons to access a room and recording who entered the room and the time they spent in it. With such need for higher security in mind, we design an access control system for controlling physical access of people to locations or to specific units in these locations. Our study gives emphasis to the organization of physical locations, including nested rooms, and the approach used to assign permission to people to access such locations. We also define some security policies to be used in such model as well as appropriate user interfaces. Finally, we develop two patterns based on our model.
Show less - Date Issued
- 2006
- PURL
- http://purl.flvc.org/fcla/dt/13328
- Subject Headings
- Software architecture, Computer networks--Access control, Computer security, Object-oriented programming (Computer science), Smart cards--Security measures
- Format
- Document (PDF)
- Title
- Modeling use cases and their sequences in object-oriented analysis.
- Creator
- Anwar, Mahbub Morshed., Florida Atlantic University, Fernandez, Eduardo B.
- Abstract/Description
-
Use cases and scenarios are used by most of the object-oriented modeling approaches for capturing users' requirements, analyzing the system and building the test cases. All the different methodologies have different approaches for modeling use cases and applying them to other object-oriented models. Use case models help the analyst to construct dynamic as well as static models. In this thesis, we show an approach of modeling use cases for object-oriented software analysis. We give emphasis to...
Show moreUse cases and scenarios are used by most of the object-oriented modeling approaches for capturing users' requirements, analyzing the system and building the test cases. All the different methodologies have different approaches for modeling use cases and applying them to other object-oriented models. Use case models help the analyst to construct dynamic as well as static models. In this thesis, we show an approach of modeling use cases for object-oriented software analysis. We give emphasis to modeling the sequences of the activities within the scenarios and the sequences of the scenarios throughout the system. We show how these sequences influence the static model (object diagram) and dynamic model (state diagram). We propose an Integrated State diagram for dynamic modeling and an Object Interaction diagram for modeling the flows of the scenarios throughout the system by applying the use case sequence models. Our approaches are demonstrated by solving a variety of examples.
Show less - Date Issued
- 1997
- PURL
- http://purl.flvc.org/fcla/dt/15389
- Subject Headings
- Object-oriented methods (Computer science)
- Format
- Document (PDF)
- Title
- Object-oriented modeling of multimedia conferencing systems.
- Creator
- Chien, Pei-Der., Florida Atlantic University, Fernandez, Eduardo B.
- Abstract/Description
-
Multimedia conferencing has been making significant progress in recent years. There are many research projects and prototypes of this advance in interactive communications, however there is still no general abstract model. This thesis is primarily concerned with developing such a model that covers the major functions employed in a conference. Object Modeling Technique (OMT) is adopted here in describing both the static and dynamic aspects of this model. A relevant authorization system is also...
Show moreMultimedia conferencing has been making significant progress in recent years. There are many research projects and prototypes of this advance in interactive communications, however there is still no general abstract model. This thesis is primarily concerned with developing such a model that covers the major functions employed in a conference. Object Modeling Technique (OMT) is adopted here in describing both the static and dynamic aspects of this model. A relevant authorization system is also considered in this thesis. This system includes the description of an authorization model with general administration policies.
Show less - Date Issued
- 1994
- PURL
- http://purl.flvc.org/fcla/dt/15070
- Subject Headings
- Teleconferencing--Computer programs, Telecommunication systems, Multimedia systems--Computer programs, Object-oriented programming (Computer science)
- Format
- Document (PDF)
- Title
- Object-oriented design of flexible manufacturing systems.
- Creator
- Abou-Haidar, Bassam., Florida Atlantic University, Fernandez, Eduardo B.
- Abstract/Description
-
This thesis presents a systematic method for the design and modeling of flexible manufacturing systems, using object-oriented concepts and Petri nets. In the method proposed, we first define the system components in terms of an object model consisting of hierarchical sets of classes and operations. Secondly, we model the dynamic aspects of the system using statecharts, including exceptions. As a third step, we derive Petri nets from those statecharts to realize the concurrency present in the...
Show moreThis thesis presents a systematic method for the design and modeling of flexible manufacturing systems, using object-oriented concepts and Petri nets. In the method proposed, we first define the system components in terms of an object model consisting of hierarchical sets of classes and operations. Secondly, we model the dynamic aspects of the system using statecharts, including exceptions. As a third step, we derive Petri nets from those statecharts to realize the concurrency present in the system. Finally we develop a hierarchy of controllers, corresponding to the layers of the object model, for the independent components of the system based on the Petri nets obtained in the previous step.
Show less - Date Issued
- 1993
- PURL
- http://purl.flvc.org/fcla/dt/14989
- Subject Headings
- Petri nets, Flexible manufacturing systems, Object-oriented programming (Computer science), Real-time control
- Format
- Document (PDF)
- Title
- An architectural and performance characterization of distributed real-time systems.
- Creator
- Huynh, Khoa Dang., Florida Atlantic University, Fernandez, Eduardo B.
- Abstract/Description
-
We propose a methodology to effectively characterize the architecture and system performance of distributed systems designed to operate in frame-based real-time environments. Important characteristics that define the real-time performance of a distributed system are identified and classified at the hardware, operating system, and user application levels. A synthetic workload model, called the Distributed Real-Time Workload (DRTW), is designed to fully characterize a broad range of real-time...
Show moreWe propose a methodology to effectively characterize the architecture and system performance of distributed systems designed to operate in frame-based real-time environments. Important characteristics that define the real-time performance of a distributed system are identified and classified at the hardware, operating system, and user application levels. A synthetic workload model, called the Distributed Real-Time Workload (DRTW), is designed to fully characterize a broad range of real-time applications and to exercise a single- or multiple-node distributed system under measurement. A set of data collection tools to obtain empirical performance data at different levels of a distributed system is also proposed. For the purpose of illustration, these tools are used to obtain data on several real-time systems from Encore Computer Corporation.
Show less - Date Issued
- 1990
- PURL
- http://purl.flvc.org/fcla/dt/14665
- Subject Headings
- Electronic data processing--Distributed processing, Real-time data processing
- Format
- Document (PDF)
- Title
- An efficient test strategy for microprogrammable minicomputers.
- Creator
- Franklin, William Allen., Florida Atlantic University, Fernandez, Eduardo B.
- Abstract/Description
-
A strategy for software and firmware testing for minicomputers is presented in this thesis. This test approach provides effective hardware fault detection and isolation. The test approach is embodied in a set of test procedures and is meant for use by field and factory personnel. This thesis discusses several alternative diagnostic approaches, and combines some of the features of these approaches to produce an efficient and complete test approach.
- Date Issued
- 1988
- PURL
- http://purl.flvc.org/fcla/dt/14465
- Subject Headings
- Minicomputers--Testing
- Format
- Document (PDF)
- Title
- A multiprocessor simulator to test fault detection and reconfiguration algorithms.
- Creator
- Bhathija, Unmesh Jethanand., Florida Atlantic University, Fernandez, Eduardo B.
- Abstract/Description
-
In recent years multiprocessor systems are becoming increasingly important in critical applications. In particular, their fault tolerance properties are of great importance for their ability to be used in these type of applications. We have developed a multiprocessor simulator that can be used to test different fault detection algorithms. The processors must have four communication links. This simulator operates by passing messages between processors. An algorithm was developed for routing...
Show moreIn recent years multiprocessor systems are becoming increasingly important in critical applications. In particular, their fault tolerance properties are of great importance for their ability to be used in these type of applications. We have developed a multiprocessor simulator that can be used to test different fault detection algorithms. The processors must have four communication links. This simulator operates by passing messages between processors. An algorithm was developed for routing the messages among the processors. The simulator can also be used to try different reconfiguration strategies. In particular we have tested Malek's comparison algorithm using different multiprocessor configurations. We also developed a program which determines the configuration of an unknown network of transputers.
Show less - Date Issued
- 1990
- PURL
- http://purl.flvc.org/fcla/dt/14622
- Subject Headings
- Multiprocessors, Fault-tolerant computing
- Format
- Document (PDF)
- Title
- Extending use cases and interaction diagrams to develop distributed system architecture requirements.
- Creator
- Hawkins, John C., Florida Atlantic University, Fernandez, Eduardo B.
- Abstract/Description
-
Current object-oriented development methodologies do not introduce distributed system architectural aspects early enough in the system development cycle. A development partitioning scheme that includes the system level, in addition to the problem and application levels, will encourage analysis that includes elicitation of non-functional system requirements. These requirements include response time with respect to system communication load, fault tolerance, safety, security, and real-time...
Show moreCurrent object-oriented development methodologies do not introduce distributed system architectural aspects early enough in the system development cycle. A development partitioning scheme that includes the system level, in addition to the problem and application levels, will encourage analysis that includes elicitation of non-functional system requirements. These requirements include response time with respect to system communication load, fault tolerance, safety, security, and real-time deadlines, among others. They can be documented with an extended form of Jacobson's use cases. Where use cases describe how a system will work from a user's point of view, extended use cases add the capability to describe how well it should work. System level analysis information can be graphically depicted on extended forms of Unified Modeling Language (UML) interaction diagrams and on multilevel architecture diagrams.
Show less - Date Issued
- 1997
- PURL
- http://purl.flvc.org/fcla/dt/15406
- Subject Headings
- Object-oriented methods (Computer science), UML (Computer science), Electronic data processing--Distributed processing
- Format
- Document (PDF)
- Title
- An ultrareliable multicomputer architecture for real time control applications.
- Creator
- Buechler, Peter Charles., Florida Atlantic University, Fernandez, Eduardo B.
- Abstract/Description
-
This thesis considers the design of ultrareliable multicomputers for control applications. The fault tolerance problem is divided into three subproblems: software, processing node, and communication fault tolerance. Design is performed using layers of abstraction, with fault tolerance implemented by dedicated layers. For software fault tolerance, new constructs for concurrent n-version programming are introduced. For processing node fault tolerance, the distributed fault tolerance (DFT)...
Show moreThis thesis considers the design of ultrareliable multicomputers for control applications. The fault tolerance problem is divided into three subproblems: software, processing node, and communication fault tolerance. Design is performed using layers of abstraction, with fault tolerance implemented by dedicated layers. For software fault tolerance, new constructs for concurrent n-version programming are introduced. For processing node fault tolerance, the distributed fault tolerance (DFT) concept of Chen and Chen is extended to allow for arbitrary failures. Communication fault tolerance is achieved with multicasting on a fault-tolerant graph (FG) network. Reliability models are developed for each of the layers, and a performance model is developed for the communication layer. An example flight control system is compared to currently existing architectures.
Show less - Date Issued
- 1989
- PURL
- http://purl.flvc.org/fcla/dt/14573
- Subject Headings
- Computers--Reliability, Fault-tolerant computing, Real-time data processing, Flight control
- Format
- Document (PDF)
- Title
- A methodology for object-oriented modeling and design of real-time, fault-tolerant systems.
- Creator
- Hancock, Debera R., Florida Atlantic University, Fernandez, Eduardo B.
- Abstract/Description
-
Many methodologies for software modeling and design include some form of static and dynamic modeling to describe the structural and behavioral views respectively. Modeling and design of complex real-time software systems requires notations for describing concurrency, asynchronous event handling, communication between independent machines, timing properties, and accessing real time. Function-oriented structured analysis methodologies such as Ward and Mellor's SA/RT and Harel's Statecharts have...
Show moreMany methodologies for software modeling and design include some form of static and dynamic modeling to describe the structural and behavioral views respectively. Modeling and design of complex real-time software systems requires notations for describing concurrency, asynchronous event handling, communication between independent machines, timing properties, and accessing real time. Function-oriented structured analysis methodologies such as Ward and Mellor's SA/RT and Harel's Statecharts have provided extensions for real-time system modeling. Dynamic modeling of real time systems using object-oriented methodologies also requires extensions to the traditional state machine notations in order to convey the real time system characteristics and constraints. Shaw's Communicating Real Time State Machines (CRSM's), Harel's O-Chart notations, and the Octopus methodology provide methods for modeling real-time systems consistent with object-oriented methods. This thesis proposes an object-oriented analysis and design methodology that augments the traditional Object Modeling Technique (OMT) dynamic model with real-time extensions based on high-level parallel machines and communication notations from CRSM. An example of the proposed methodology is provided using a realistic but hypothetical example of an automated passenger train system. A design refinement step is included for fault tolerant considerations. An evaluation of the proposed methodology with its extended notations is provided.
Show less - Date Issued
- 1997
- PURL
- http://purl.flvc.org/fcla/dt/15405
- Subject Headings
- Object-oriented methods (Computer science), Fault-tolerant computing, Real-time programming
- Format
- Document (PDF)
- Title
- USING A SUPERPROCESS TO ACCELERATE CONVERSATIONS FOR FAULT-TOLERANT CONCURRENT SOFTWARE.
- Creator
- GAO, LIXIN., Florida Atlantic University, Fernandez, Eduardo B.
- Abstract/Description
-
Since computer systems are applied to many critical areas, fault-tolerance is a necessary requirement for their operation. Many techniques for dealing with hardware faults have been developed. Fault-tolerant software has had a much slower progress. Concurrent software adds an additional dimension to the problem of fault-tolerant software. This thesis uses an intermediate structure between two major schemes, conversation and programmer transparent coordination. The scheme proposed here...
Show moreSince computer systems are applied to many critical areas, fault-tolerance is a necessary requirement for their operation. Many techniques for dealing with hardware faults have been developed. Fault-tolerant software has had a much slower progress. Concurrent software adds an additional dimension to the problem of fault-tolerant software. This thesis uses an intermediate structure between two major schemes, conversation and programmer transparent coordination. The scheme proposed here accelerates conversations by using a special process or superprocess, which is executed on the same system level as the run-time system, and that by having access to the history of all interprocess communications can allow a process that passes its acceptance test to proceed conditionally. If the process does not pass its acceptance test all processes recover immediately without waiting to get to their acceptance tests. This work presents a set of algorithms to implement these ideas.
Show less - Date Issued
- 1987
- PURL
- http://purl.flvc.org/fcla/dt/14398
- Subject Headings
- Fault-tolerant computing
- Format
- Document (PDF)
- Title
- Compliance Issues In Cloud Computing Systems.
- Creator
- Yimam, Dereje, Fernandez, Eduardo B., Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Appealing features of cloud services such as elasticity, scalability, universal access, low entry cost, and flexible billing motivate consumers to migrate their core businesses into the cloud. However, there are challenges about security, privacy, and compliance. Building compliant systems is difficult because of the complex nature of regulations and cloud systems. In addition, the lack of complete, precise, vendor neutral, and platform independent software architectures makes compliance even...
Show moreAppealing features of cloud services such as elasticity, scalability, universal access, low entry cost, and flexible billing motivate consumers to migrate their core businesses into the cloud. However, there are challenges about security, privacy, and compliance. Building compliant systems is difficult because of the complex nature of regulations and cloud systems. In addition, the lack of complete, precise, vendor neutral, and platform independent software architectures makes compliance even harder. We have attempted to make regulations clearer and more precise with patterns and reference architectures (RAs). We have analyzed regulation policies, identified overlaps, and abstracted them as patterns to build compliant RAs. RAs should be complete, precise, abstract, vendor neutral, platform independent, and with no implementation details; however, their levels of detail and abstraction are still debatable and there is no commonly accepted definition about what an RA should contain. Existing approaches to build RAs lack structured templates and systematic procedures. In addition, most approaches do not take full advantage of patterns and best practices that promote architectural quality. We have developed a five-step approach by analyzing features from available approaches but refined and combined them in a new way. We consider an RA as a big compound pattern that can improve the quality of the concrete architectures derived from it and from which we can derive more specialized RAs for cloud systems. We have built an RA for HIPAA, a compliance RA (CRA), and a specialized compliance and security RA (CSRA) for cloud systems. These RAs take advantage of patterns and best practices that promote software quality. We evaluated the architecture by creating profiles. The proposed approach can be used to build RAs from scratch or to build new RAs by abstracting real RAs for a given context. We have also described an RA itself as a compound pattern by using a modified POSA template. Finally, we have built a concrete deployment and availability architecture derived from CSRA that can be used as a foundation to build compliance systems in the cloud.
Show less - Date Issued
- 2015
- PURL
- http://purl.flvc.org/fau/fd/FA00004559, http://purl.flvc.org/fau/fd/FA00004559
- Subject Headings
- Biometric identification, Client/server computing -- Security measures, Cloud computing -- Security measures, Computational intelligence, Computer software -- Quality control, Electronic information resources -- Access control
- Format
- Document (PDF)