{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T21:03:25Z","timestamp":1743109405695,"version":"3.40.3"},"publisher-location":"Cham","reference-count":23,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030929152"},{"type":"electronic","value":"9783030929169"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,12,9]],"date-time":"2021-12-09T00:00:00Z","timestamp":1639008000000},"content-version":"vor","delay-in-days":342,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>According to the laws of software evolution, the size and complexity of software systems continue to increase over time and, simultaneously, if not maintained rigorously, the quality decreases. Quality degradation typically happens due to changes in policies, regulations, and industry requirements, which, in turn, complicates compliance management over time. Among the key challenges in managing the evolution of software are the modelling and the enforcement of compliance rules. Moreover, the gap between compliance experts and software engineers has worsened the problem. The topology and orchestration specifications for cloud applications (TOSCA), which is an OASIS standard, has the potential to offer a relief by enabling different levels of abstractions for modeling and enforcing compliance policies. This work aims at investigating the potential of using TOSCA service templates for modelling and enforcing non-functional requirements and policies. Then, it proposes an approach that maximizes involvement of stakeholders in modeling and auditing such requirements and policies. Findings can help enterprises and policy makers achieve better governance and compliance on software services.<\/jats:p>","DOI":"10.1007\/978-3-030-92916-9_14","type":"book-chapter","created":{"date-parts":[[2021,12,8]],"date-time":"2021-12-08T16:04:26Z","timestamp":1638979466000},"page":"168-177","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Towards Software Compliance Specification and Enforcement Using TOSCA"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9265-4375","authenticated-orcid":false,"given":"Mohammed","family":"Mubarkoot","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8880-9546","authenticated-orcid":false,"given":"J\u00f6rn","family":"Altmann","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,12,9]]},"reference":[{"key":"14_CR1","doi-asserted-by":"publisher","unstructured":"Herraiz, I., Rodriguez, D., Robles, G., Gonzalez-Barahona, J.M.: The evolution of the laws of software evolution: a discussion based on a systematic literature review. ACM Comput. Surv. 46(2), 28:1\u201328:28 (2013). https:\/\/doi.org\/10.1145\/2543581.2543595","DOI":"10.1145\/2543581.2543595"},{"key":"14_CR2","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1016\/j.techfore.2017.09.037","volume":"129","author":"LJM Nieuwenhuis","year":"2018","unstructured":"Nieuwenhuis, L.J.M., Ehrenhard, M.L., Prause, L.: The shift to Cloud Computing: the impact of disruptive technology on the enterprise software business ecosystem. Technol. Forecast. Soc. Chang. 129, 308\u2013313 (2018). https:\/\/doi.org\/10.1016\/j.techfore.2017.09.037","journal-title":"Technol. Forecast. Soc. Chang."},{"key":"14_CR3","unstructured":"\u201cTOSCA Version 2.0.\u201d OASIS (2020). https:\/\/docs.oasis-open.org\/tosca\/TOSCA\/v2.0\/TOSCA-v2.0.pdf. Accessed 07 May 2021"},{"key":"14_CR4","doi-asserted-by":"publisher","unstructured":"Bergmayr, A., et al.: A systematic review of cloud modeling languages. ACM Comput. Surv. 51(1), 22:1\u201322:38 (2018). https:\/\/doi.org\/10.1145\/3150227","DOI":"10.1145\/3150227"},{"issue":"8","key":"14_CR5","doi-asserted-by":"publisher","first-page":"1793","DOI":"10.1007\/s00607-019-00750-3","volume":"102","author":"J Bellendorf","year":"2019","unstructured":"Bellendorf, J., Mann, Z.\u00c1.: Specification of cloud topologies and orchestration using TOSCA: a survey. Computing 102(8), 1793\u20131815 (2019). https:\/\/doi.org\/10.1007\/s00607-019-00750-3","journal-title":"Computing"},{"issue":"9","key":"14_CR6","doi-asserted-by":"publisher","first-page":"1060","DOI":"10.1109\/PROC.1980.11805","volume":"68","author":"MM Lehman","year":"1980","unstructured":"Lehman, M.M.: Programs, life cycles, and laws of software evolution. Proc. IEEE 68(9), 1060\u20131076 (1980)","journal-title":"Proc. IEEE"},{"issue":"1","key":"14_CR7","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1023\/A:1020557525901","volume":"14","author":"MM Lehman","year":"2002","unstructured":"Lehman, M.M., Ramil, J.F.: Software evolution and software evolution processes. Ann. Softw. Eng. 14(1), 275\u2013309 (2002). https:\/\/doi.org\/10.1023\/A:1020557525901","journal-title":"Ann. Softw. Eng."},{"issue":"1","key":"14_CR8","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1007\/s10270-016-0523-3","volume":"17","author":"G Liebel","year":"2016","unstructured":"Liebel, G., Marko, N., Tichy, M., Leitner, A., Hansson, J.: Model-based engineering in the embedded systems domain: an industrial survey on the state-of-practice. Softw. Syst. Model. 17(1), 91\u2013113 (2016). https:\/\/doi.org\/10.1007\/s10270-016-0523-3","journal-title":"Softw. Syst. Model."},{"key":"14_CR9","doi-asserted-by":"publisher","unstructured":"Glinz, M.: On non-functional requirements. In: 15th IEEE International Requirements Engineering Conference (RE 2007), pp. 21\u201326, October 2007. https:\/\/doi.org\/10.1109\/RE.2007.45","DOI":"10.1109\/RE.2007.45"},{"key":"14_CR10","unstructured":"ISO\/IEC\u00a025010:2011(en): Systems and software engineering\u00a0\u2014 Systems and software Quality Requirements and Evaluation (SQuaRE)\u00a0\u2014 System and software quality models. https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso-iec:25010:ed-1:v1:en. Accessed 11 June 2021"},{"key":"14_CR11","doi-asserted-by":"publisher","unstructured":"Kim, D., Muhammad, H., Kim, E., Helal, S., Lee, C.: TOSCA-based and federation-aware cloud orchestration for Kubernetes container platform. Appl. Sci 9(1), Art. no. 1 (2019). https:\/\/doi.org\/10.3390\/app9010191","DOI":"10.3390\/app9010191"},{"key":"14_CR12","doi-asserted-by":"publisher","first-page":"07023","DOI":"10.1051\/epjconf\/201921407023","volume":"214","author":"M Antonacci","year":"2019","unstructured":"Antonacci, M., et al.: Digital repository as a service: automatic deployment of an Invenio-based repository using TOSCA orchestration and Apache Mesos. EPJ Web Conf. 214, 07023 (2019). https:\/\/doi.org\/10.1051\/epjconf\/201921407023","journal-title":"EPJ Web Conf."},{"key":"14_CR13","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"260","DOI":"10.1007\/978-3-030-59155-7_20","volume-title":"Software Architecture","author":"M Cankar","year":"2020","unstructured":"Cankar, M., Luzar, A., Tamburri, D.A.: Auto-scaling using TOSCA infrastructure as code. In: Muccini, H., et al. (eds.) ECSA 2020. CCIS, vol. 1269, pp. 260\u2013268. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-59155-7_20"},{"key":"14_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/978-3-662-44879-3_13","volume-title":"Service-Oriented and Cloud Computing","author":"A Brogi","year":"2014","unstructured":"Brogi, A., Soldani, J., Wang, P.: TOSCA in a nutshell: promises and perspectives. In: Villari, M., Zimmermann, W., Lau, K.-K. (eds.) ESOCC 2014. LNCS, vol. 8745, pp. 171\u2013186. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44879-3_13"},{"issue":"3","key":"14_CR15","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MIC.2012.43","volume":"16","author":"T Binz","year":"2012","unstructured":"Binz, T., Breiter, G., Leyman, F., Spatzier, T.: Portable cloud services using TOSCA. IEEE Internet Comput. 16(3), 80\u201385 (2012)","journal-title":"IEEE Internet Comput."},{"key":"14_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"360","DOI":"10.1007\/978-3-642-41030-7_26","volume-title":"On the Move to Meaningful Internet Systems: OTM 2013 Conferences","author":"T Waizenegger","year":"2013","unstructured":"Waizenegger, T., et al.: Policy4TOSCA: a policy-aware cloud service provisioning approach to enable secure cloud computing. In: Meersman, R., et al. (eds.) OTM 2013. LNCS, vol. 8185, pp. 360\u2013376. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-41030-7_26"},{"key":"14_CR17","doi-asserted-by":"publisher","unstructured":"Koetter, F., Kochanowski, M., Weisbecker, A., Fehling, C., Leymann, F.: Integrating compliance requirements across business and IT. In: 2014 IEEE 18th International Enterprise Distributed Object Computing Conference, pp. 218\u2013225, September 2014. https:\/\/doi.org\/10.1109\/EDOC.2014.37","DOI":"10.1109\/EDOC.2014.37"},{"key":"14_CR18","unstructured":"Zimmermann, M., Breitenbucher, U., Krieger, C., Leymann, F.: Deployment enforcement rules for TOSCA-based applications. In: Proceedings of The Twelfth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2018), pp. 114\u2013121 (2018)"},{"key":"14_CR19","unstructured":"Krieger, C., Breitenb\u00fccher, U., K\u00e9pes, K., Leymann, F.: An approach to automatically check the compliance of declarative deployment models. In: IBM Research Division, pp. 76\u201389 (2018)"},{"key":"14_CR20","doi-asserted-by":"publisher","unstructured":"Li, P., Xu, C., Luo, Y., Cao, Y., Mathew, J., Ma, Y.: CareNet: building a secure software-defined infrastructure for home-based healthcare. In: Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, New York, NY, USA, pp. 69\u201372, March 2017. https:\/\/doi.org\/10.1145\/3040992.3041007","DOI":"10.1145\/3040992.3041007"},{"key":"14_CR21","doi-asserted-by":"crossref","unstructured":"Carrasco, J., Cubo, J., Dur\u00e1n, F., Pimentel, E.: Bidimensional cross-cloud management with TOSCA and Brooklyn. In: 2016 IEEE 9th International Conference on Cloud Computing (CLOUD), pp. 951\u2013955, June 2016","DOI":"10.1109\/CLOUD.2016.0143"},{"key":"14_CR22","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1016\/j.future.2021.05.033","volume":"124","author":"Z Rashid","year":"2021","unstructured":"Rashid, Z., Noor, U., Altmann, J.: Economic model for evaluating the value creation through information sharing within the cybersecurity information sharing ecosystem. Future Gener. Comput. Syst. 124, 436\u2013466 (2021). https:\/\/doi.org\/10.1016\/j.future.2021.05.033","journal-title":"Future Gener. Comput. Syst."},{"key":"14_CR23","unstructured":"Mohammed, M., Altmann, J.: Software compliance in different industries: a systematic literature review. In: CIISR 2021, International Workshop on Current Compliance Issues in Information Systems Research, March 2021"}],"container-title":["Lecture Notes in Computer Science","Economics of Grids, Clouds, Systems, and Services"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-92916-9_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,14]],"date-time":"2021-12-14T19:11:44Z","timestamp":1639509104000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-92916-9_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030929152","9783030929169"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-92916-9_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"9 December 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"GECON","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Economics of Grids, Clouds, Systems, and Services","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 September 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 September 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"gecon2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/2021.gecon-conference.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"41","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"17% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4.26","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.61","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"In addition, this book includes 8 work-in-progress papers and 2 extended abstracts","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}