Search results
1 – 10 of 678Joe Garcia, Russell Shannon, Aaron Jacobson, William Mosca, Michael Burger and Roberto Maldonado
This paper aims to describe an effort to provide for a robust and secure software development paradigm intended to support DevSecOps in a naval aviation enterprise (NAE) software…
Abstract
Purpose
This paper aims to describe an effort to provide for a robust and secure software development paradigm intended to support DevSecOps in a naval aviation enterprise (NAE) software support activity (SSA), with said paradigm supporting strong traceability and provability concerning the SSA’s output product, known as an operational flight program (OFP). Through a secure development environment (SDE), each critical software development function performed on said OFP during its development has a corresponding record represented on a blockchain.
Design/methodology/approach
An SDE is implemented as a virtual machine or container incorporating software development tools that are modified to support blockchain transactions. Each critical software development function, e.g. editing, compiling, linking, generates a blockchain transaction message with associated information embedded in the output of a said function that, together, can be used to prove integrity and support traceability. An attestation process is used to provide proof that the toolchain containing SDE is not subject to unauthorized modification at the time said critical function is performed.
Findings
Blockchain methods are shown to be a viable approach for supporting exhaustive traceability and strong provability of development system integrity for mission-critical software produced by an NAE SSA for NAE embedded systems software.
Practical implications
A blockchain-based authentication approach that could be implemented at the OFP point-of-load would provide for fine-grain authentication of all OFP software components, with each component or module having its own proof-of-integrity (including the integrity of the used development tools) over its entire development history.
Originality/value
Many SSAs have established control procedures for development such as check-out/check-in. This does not prove the SSA output software is secure. For one thing, a build system does not necessarily enforce procedures in a way that is determinable from the output. Furthermore, the SSA toolchain itself could be attacked. The approach described in this paper enforces security policy and embeds information into the output of every development function that can be cross-referenced to blockchain transaction records for provability and traceability that only trusted tools, free from unauthorized modifications, are used in software development. A key original concept of this approach is that it treats assigned developer time as a transferable digital currency.
Details
Keywords
- Software development
- Blockchain
- Cybersecurity
- Operational flight program
- Secure development environment
- Secure virtual machine
- Zero trust
- Embedded systems
- Mission-critical systems
- OFP
- DevOps
- DevSecOps
- Software support activity
- SSA
- SDE
- Permissioned blockchain
- Cryptocurrency
- Time-limited authorization for developer action
- TADA
- Code signing
- Trusted software guard
- SGX
- Trusted eXecution technology
- TXT
- Trusted platform module
- Self-hosting
- Controlled access blockchain
- CABlock
- Role-based access control
- RBAC
Yanan Wang, Jianqiang Li, Sun Hongbo, Yuan Li, Faheem Akhtar and Azhar Imran
Simulation is a well-known technique for using computers to imitate or simulate the operations of various kinds of real-world facilities or processes. The facility or process of…
Abstract
Purpose
Simulation is a well-known technique for using computers to imitate or simulate the operations of various kinds of real-world facilities or processes. The facility or process of interest is usually called a system, and to study it scientifically, we often have to make a set of assumptions about how it works. These assumptions, which usually take the form of mathematical or logical relationships, constitute a model that is used to gain some understanding of how the corresponding system behaves, and the quality of these understandings essentially depends on the credibility of given assumptions or models, known as VV&A (verification, validation and accreditation). The main purpose of this paper is to present an in-depth theoretical review and analysis for the application of VV&A in large-scale simulations.
Design/methodology/approach
After summarizing the VV&A of related research studies, the standards, frameworks, techniques, methods and tools have been discussed according to the characteristics of large-scale simulations (such as crowd network simulations).
Findings
The contributions of this paper will be useful for both academics and practitioners for formulating VV&A in large-scale simulations (such as crowd network simulations).
Originality/value
This paper will help researchers to provide support of a recommendation for formulating VV&A in large-scale simulations (such as crowd network simulations).
Details
Keywords
There has been considerable discussion in recent years over the application of interpretive methodologies such as phenomenology, hermeneutics, and semiotics within the field of…
Abstract
There has been considerable discussion in recent years over the application of interpretive methodologies such as phenomenology, hermeneutics, and semiotics within the field of marketing research, particularly consumer behaviour. However, while these approaches have inspired a wealth of publications, scant attention has been paid to the potential of grounded theory. This is attributed largely to misconceptions regarding both the principles of the method and the two distinct approaches associated with the original authors, Glaser and Strauss (1967). The paper outlines the development of the method and explicates the philosophy underpinning its procedures. Finally, it suggests that grounded theory if applied in its true sense has scope and potential for the study of consumer behaviour and consumption experiences given its emphasis on context, theoretical emergence, and the social construction of realities.
Details
Keywords
Abstract
Details
Keywords
Lynn McAlpine, Isabelle Skakni, Anna Sala-Bubaré, Crista Weise and Kelsey Inouye
Teamwork has long featured in social science research. Further, with research increasingly “cross-national,” communication becomes more complex, for instance, involving different…
Abstract
Purpose
Teamwork has long featured in social science research. Further, with research increasingly “cross-national,” communication becomes more complex, for instance, involving different cultures, languages and modes of communication. Yet, studies examining team communicative processes that can facilitate or constrain collaboration are rare. As a cross-national European team representing varied disciplines, experiences, languages and ethnicities, we undertook to examine our communication processes with the aim to promote better qualitative research practices.
Design/methodology/approach
Viewing reflection as a tool for enhancing workplace practices, we undertook a structured reflection. We developed an empirically derived framework about team communication, then used it to analyse our interaction practices and their relative effectiveness.
Findings
The results highlighted two under-examined influences, the use of different modes of communication for different purposes and the need for face-to-face communication to address a particularly challenging aspect of research, negotiating a shared coding scheme to analyse diverse cultural and linguistic qualitative data.
Practical implications
The study offers a procedure and concepts that others could use to examine their team communication.
Originality/value
The communicative processes that can constrain and facilitate effective cross-national research team collaboration are rarely examined. The results emphasise the need for careful negotiations around language, epistemologies, cultures and goals from the moment collaboration begins in formulating a project, through applying for grant funds, to when the last paper is published – timely in a context in which such work is increasingly expected.
Details