A framework for analyzing and monitoring the impact of dependencies on quality
Appears in the following Collection
- Institutt for informatikk 
AbstractIn today’s society, we are dependent on a number of services provided by interconnected systems. These services may be anything from electricity to services provided by social media platforms. Interconnected systems are challenging to analyze from a quality perspective in general and from a security perspective in particular. The systems depend on each other through services. Thus, the quality of services provided by one system is often directly linked to the quality of services provided by another. Moreover, the systems may be under different managerial control and within different jurisdictions, and the systems may evolve rapidly in a manner that may be difficult to predict. All of this makes it challenging to assess risk to the quality of services. In this thesis we present a framework for analyzing and monitoring the impact of dependencies on quality. More specifically, the framework should be used in the context of interconnected systems to analyze and monitor the impact of service dependencies on quality of services. The framework is the result of the integration of three artifacts: (1) a method for designing indicators to monitor the fulfillment of business objectives with particular focus on quality and ICT-supported monitoring of indicators; (2) a method for capturing and monitoring the impact of service dependencies on the quality of provided services; and (3) an architectural pattern for constructing enterprise level monitoring tools based on indicators. The three artifacts may be viewed as contributions on their own, since they can be used independently of each other. In addition, the thesis contributes in terms of two industrial case studies: (1) an empirical study on trust-based decisions in nterconnected systems; and (2) an empirical study on the design of indicators for monitoring risk. The industrial case studies have mainly been carried out to support the development of the artifacts, but since the industrial case studies also provide insight into issues of a more general nature, they may be seen as contributions on their own.
List of papers
2, 3 and 5 are removed due to publisher restrictions
1. Olav Skjelkvåle Ligaarden, Atle Refsdal, and Ketil Stølen. ValidKI: A method for designing indicators to monitor the fulfillment of business objectives with particular focus on quality and ICT-supported monitoring of indicators. In International Journal on Advances in Intelligent Systems, 5(1-2), pp. 175–193, IARIA, 2012. International Journal on Advances in Intelligent Systems, issn 1942-2679 vol. 5, no. 1 & 2, year 2012, www.iariajournals.org/intelligent_systems
2. Olav Skjelkvåle Ligaarden, Atle Refsdal, and Ketil Stølen. Using indicators to monitor risk in interconnected systems: How to capture and measure the impact of service dependencies on the quality of provided services. Chapter in the book “IT Security Governance Innovations: Theory and Research,” D. Mellado, L. E. Sánchez, E. Fernández-Medina, and M. Piattini (eds.), pp. 256–292, IGI Global, 2012.
3. Olav Skjelkvåle Ligaarden, Mass Soldal Lund, Atle Refsdal, Fredrik Seehusen, and Ketil Stølen. An architectural pattern for enterprise level monitoring tools. In Proceedings of 2011 IEEE International Workshop on the Maintenance and Evolution of Service-Oriented and Cloud-Based Systems (MESOCA’2011), IEEE Computer Society, 2011.
4. Tormod Vaksvik Håvaldsrud, Olav Skjelkvåle Ligaarden, Per Myrseth, Atle Refsdal, Ketil Stølen, and Jon Ølnes. Experiences from using a UML-based method for trust analysis in an industrial project on electronic procurement. In Journal of Electronic Commerce Research, 10(3-4), pp. 441–467, Springer, 2010. Electron Commer Res (2010) 10: 441–467 DOI 10.1007/s10660-010-9063-z
5. Olav Skjelkvåle Ligaarden, Atle Refsdal, and Ketil Stølen. Experiences from using indicators to validate expert judgments in security risk analysis. In Proceedings of Third International Workshop on Security Measurements and Metrics (MetriSec’2011), IEEE Computer Society, 2011.