The Experts below are selected from a list of 321 Experts worldwide ranked by ideXlab platform
Peizhong Shi - One of the best experts on this subject based on the ideXlab platform.
-
Smart Contract Security: A Software Lifecycle Perspective
IEEE Access, 2019Co-Authors: Yongfeng Huang, Yiyang Bian, J. Leon Zhao, Peizhong ShiAbstract:Smart contract security is an emerging research area that deals with security issues arising from the execution of smart contracts in a blockchain system. Generally, a smart contract is a piece of executable code that automatically runs on the blockchain to enforce an agreement preset between parties involved in the transaction. As an innovative technology, smart contracts have been applied in various business areas, such as digital asset exchange, supply chains, crowdfunding, and intellectual property. Unfortunately, many security issues in smart contracts have been reported in the media, often leading to substantial financial losses. These security issues pose new challenges to security research because the execution environment of smart contracts is based on blockchain computing and its decentralized nature of execution. Thus far, many partial solutions have been proposed to address specific aspects of these security issues, and the trend is to develop new methods and tools to automatically detect common security vulnerabilities. However, smart contract security is systematic engineering that should be explored from a global perspective, and a comprehensive study of issues in smart contract security is urgently needed. To this end, we conduct a literature review of smart contract security from a Software Lifecycle perspective. We first analyze the key features of blockchain that can cause security issues in smart contracts and then summarize the common security vulnerabilities of smart contracts. To address these vulnerabilities, we examine recent advances in smart contract security spanning four development phases: 1) security design; 2) security implementation; 3) testing before deployment; and 4) monitoring and analysis. Finally, we outline emerging challenges and opportunities in smart contract security for blockchain engineers and researchers.
Clay Williams - One of the best experts on this subject based on the ideXlab platform.
-
open challenges for consulting service Lifecycle management what service research should learn from Software Lifecycle management
IEEE International Conference on Services Computing, 2012Co-Authors: Pietro Mazzoleni, Richard Goodwin, Clay WilliamsAbstract:In the last two decades, research in Software engineering has hada focus on Software Lifecycle management. Rather than a narrowfocus on programming languages environments and Softwaredevelopment, researchers are considering the end-to-end Lifecycleof Software, including design, development, deployment, supportand retirement. Business IT consulting has a similar Lifecyclefrom request for proposal, to proposal, delivery, on-goingoperation and retirement. For the past 5 years we have beenworking with IBM Global Business Services to address issues indelivering Business IT services. From this experience, we'veidentified a number of open challenges and have begun workingon solutions and a platform for addressing these challenges. Weare starting with lessons learned in Software Lifecyclemanagement, and building on them to address challengesparticular to service delivery. For example, like SoftwareLifecycle management, services Lifecycle management requiressupport for end-to-end traceability, coordination between peopleworking on related activities and on hand offs between one phaseof a consulting project and the next. In this paper, we enumeratea set of open challenges for service Lifecycle management. Wesuggest how lessons from Software Lifecycle management can beapplied and give a preliminary report on our implementation ofan open architecture environment to support services Lifecyclemanagement.
-
IEEE SCC - Open Challenges for Consulting Service Lifecycle Management: What Service Research Should learn from Software Lifecycle Management
2012 IEEE Ninth International Conference on Services Computing, 2012Co-Authors: Pietro Mazzoleni, Richard Goodwin, Clay WilliamsAbstract:In the last two decades, research in Software engineering has hada focus on Software Lifecycle management. Rather than a narrowfocus on programming languages environments and Softwaredevelopment, researchers are considering the end-to-end Lifecycleof Software, including design, development, deployment, supportand retirement. Business IT consulting has a similar Lifecyclefrom request for proposal, to proposal, delivery, on-goingoperation and retirement. For the past 5 years we have beenworking with IBM Global Business Services to address issues indelivering Business IT services. From this experience, we'veidentified a number of open challenges and have begun workingon solutions and a platform for addressing these challenges. Weare starting with lessons learned in Software Lifecyclemanagement, and building on them to address challengesparticular to service delivery. For example, like SoftwareLifecycle management, services Lifecycle management requiressupport for end-to-end traceability, coordination between peopleworking on related activities and on hand offs between one phaseof a consulting project and the next. In this paper, we enumeratea set of open challenges for service Lifecycle management. Wesuggest how lessons from Software Lifecycle management can beapplied and give a preliminary report on our implementation ofan open architecture environment to support services Lifecyclemanagement.
Dmytro O Ivanchyshyn - One of the best experts on this subject based on the ideXlab platform.
-
assessment of the source code static analysis effectiveness for security requirements implementation into Software developing process
Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, 2013Co-Authors: Oksana Pomorova, Dmytro O IvanchyshynAbstract:The article focuses on the problem of Software security assurance. The place of source code security analysis in the Software Lifecycle was considered. Results of common tools for C and C++ source code static analysis were investigated. Effectiveness of source code security analysis applying was researched.
-
IDAACS - Assessment of the source code static analysis effectiveness for security requirements implementation into Software developing process
2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), 2013Co-Authors: Oksana Pomorova, Dmytro O IvanchyshynAbstract:The article focuses on the problem of Software security assurance. The place of source code security analysis in the Software Lifecycle was considered. Results of common tools for C and C++ source code static analysis were investigated. Effectiveness of source code security analysis applying was researched.
Yongfeng Huang - One of the best experts on this subject based on the ideXlab platform.
-
Smart Contract Security: A Software Lifecycle Perspective
IEEE Access, 2019Co-Authors: Yongfeng Huang, Yiyang Bian, J. Leon Zhao, Peizhong ShiAbstract:Smart contract security is an emerging research area that deals with security issues arising from the execution of smart contracts in a blockchain system. Generally, a smart contract is a piece of executable code that automatically runs on the blockchain to enforce an agreement preset between parties involved in the transaction. As an innovative technology, smart contracts have been applied in various business areas, such as digital asset exchange, supply chains, crowdfunding, and intellectual property. Unfortunately, many security issues in smart contracts have been reported in the media, often leading to substantial financial losses. These security issues pose new challenges to security research because the execution environment of smart contracts is based on blockchain computing and its decentralized nature of execution. Thus far, many partial solutions have been proposed to address specific aspects of these security issues, and the trend is to develop new methods and tools to automatically detect common security vulnerabilities. However, smart contract security is systematic engineering that should be explored from a global perspective, and a comprehensive study of issues in smart contract security is urgently needed. To this end, we conduct a literature review of smart contract security from a Software Lifecycle perspective. We first analyze the key features of blockchain that can cause security issues in smart contracts and then summarize the common security vulnerabilities of smart contracts. To address these vulnerabilities, we examine recent advances in smart contract security spanning four development phases: 1) security design; 2) security implementation; 3) testing before deployment; and 4) monitoring and analysis. Finally, we outline emerging challenges and opportunities in smart contract security for blockchain engineers and researchers.
Antònia Mas - One of the best experts on this subject based on the ideXlab platform.
-
Implementing information security best practices on Software Lifecycle processes
Computers & Security, 2015Co-Authors: Antoni Lluís Mesquida, Antònia MasAbstract:The ISO/IEC 15504 international standard can be aligned with the ISO/IEC 27000 information security management framework. During the research conducted all the existing relations between ISO/IEC 15504-5 Software development base practices and ISO/IEC 27002 security controls have been analysed and the ISO/IEC 15504 Security Extension has been developed. This extension details the changes that Software companies should make in the Software Lifecycle processes for the successful implementation of the related security controls. To attain our research objectives, we evaluate the ISO/IEC 15504 Security Extension through case studies in a sample of Software development organizations. This study follows the design science research paradigm that is based on constructive research. ISO/IEC 15504-5 processes can be adapted to deploy ISO/IEC 27002 controls on them.Relations between ISO/IEC 15504-5 and ISO/IEC 27002 security controls are analysed.From these relations, the ISO/IEC 15504 Security Extension has been developed.The Design Science Research paradigm has been followed during its development.The ISO/IEC 15504 Security Extension has been validated in industry.
