Enforcing Security and Privacy via a Cooperation of Security Experts and Software Engineers: A Model-Based Vision

2017 ◽  
Author(s):  
Marcus Hilbrich ◽  
Markus Frank
Keyword(s):  
Security And Privacy ◽  
Model Based ◽  
Software Engineers

Model Based Process to Support Security and Privacy Requirements Engineering

2012 ◽  
Vol 3 (3) ◽  
pp. 1-22 ◽  
Author(s):  
Shareeful Islam ◽  
Haralambos Mouratidis ◽  
Christos Kalloniatis ◽  
Aleksandar Hudic ◽  
Lorenz Zechner
Keyword(s):  
Requirements Engineering ◽  
Security And Privacy ◽  
Software Systems ◽  
Continuous Change ◽  
Privacy Requirements ◽  
Model Based ◽  
Systems Research ◽  
Implementation Techniques ◽  
Voting System ◽  
Eu Project

Software systems are becoming more complex, interconnected and liable to adopt continuous change and evolution. It’s necessary to develop appropriate methods and techniques to ensure security and privacy of such systems. Research efforts that aim to ensure security and privacy of software systems are distinguished through two main categories: (1) the development of requirements engineering methods, and (2) implementation techniques. Approaches that fall in the first category usually aim to address either security or privacy in an implicit way, with emphasis on the security aspects by developing methods to elicit and analyse security (and privacy) requirements. Works that fall in the latter categories focus specifically on the later stages of the development process irrespective of the organisational context in which the system will be incorporated. This work introduces a model-based process for security and privacy requirements engineering. In particular, the authors’ work includes activities which support to identify and analyse security and privacy requirements for the software system. Their purpose process combines concepts from two well-known requirements engineering methods, Secure Tropos and PriS. A real case study from the EU project E-vote, i.e., an Internet based voting system, is employed to demonstrate the applicability of the approach.

Model-based Design of Clinical Information Systems

2008 ◽  
Vol 47 (05) ◽  
pp. 399-408 ◽  
Author(s):  
J. Werner ◽  
Y. Lee ◽  
B. Malin ◽  
A. Ledeczi ◽  
J. Mathe
Keyword(s):  
Information System ◽  
Information Systems ◽  
Service Oriented Architecture ◽  
Clinical Information System ◽  
Clinical Information ◽  
Security And Privacy ◽  
Clinical Information Systems ◽  
Great Promise ◽  
Model Based ◽  
Business Process Execution

Summary Objective: The goal of this research is to provide a framework to enable the model-based development, simulation, and deployment of clinical information system prototypes with mechanisms that enforce security and privacy policies. Methods: We developed the Model-Integrated Clinical Information System (MICIS), a software toolkit that is based on model-based design techniques and highlevel modeling abstractions to represent complex clinical workflows in a service-oriented architecture paradigm. MICIS translates models into executable constructs, such as web service descriptions, business process execution language procedures, and deployment instructions. MICIS models are enriched with formal security and privacy specifications, which are enforced within the execution environment. Results: We successfully validated our design platform by modeling multiple clinical workflows and deploying them onto the execution platform. Conclusions: The model-based approach shows great promise for developing, simulating, and evolving clinical information systems with formal properties and policy restrictions.

scholarly journals A model-based approach to support privacy compliance

2018 ◽  
Vol 26 (4) ◽  
pp. 437-453 ◽  
Author(s):  
Majed Alshammari ◽  
Andrew Simpson
Keyword(s):  
Data Processing ◽  
Design Methodology ◽  
Content Type ◽  
Meta Model ◽  
Model Based ◽  
Compliance Checking ◽  
Software Engineers ◽  
Legal Frameworks ◽  
Key Aspects

Purpose Concerns over data-processing activities that may lead to privacy violations or harms have motivated the development of legal frameworks and standards. Further, software engineers are increasingly expected to develop and maintain privacy-aware systems that both comply with such frameworks and standards and meet reasonable expectations of privacy. This paper aims to facilitate reasoning about privacy compliance, from legal frameworks and standards, with a view to providing necessary technical assurances. Design/methodology/approach The authors show how the standard extension mechanisms of the UML meta-model might be used to specify and represent data-processing activities in a way that is amenable to privacy compliance checking and assurance. Findings The authors demonstrate the usefulness and applicability of the extension mechanisms in specifying key aspects of privacy principles as assumptions and requirements, as well as in providing criteria for the evaluation of these aspects to assess whether the model meets these requirements. Originality/value First, the authors show how key aspects of abstract privacy principles can be modelled using stereotypes and tagged values as privacy assumptions and requirements. Second, the authors show how compliance with these principles can be assured via constraints that establish rules for the evaluation of these requirements.

Bug Localization in Model-Based Systems in the Wild

2022 ◽  
Vol 31 (1) ◽  
pp. 1-32
Author(s):  
Lorena Arcega ◽  
Jaime Font Arcega ◽  
Øystein Haugen ◽  
Carlos Cetina
Keyword(s):  
Model Transformations ◽  
Bug Localization ◽  
Model Driven ◽  
Design Time ◽  
Model Based ◽  
In The Wild ◽  
Software Engineers ◽  
The Right ◽  
High Level ◽  
Wrong Place

The companies that have adopted the Model-Driven Engineering (MDE) paradigm have the advantage of working at a high level of abstraction. Nevertheless, they have the disadvantage of the lack of tools available to perform bug localization at the model level. In addition, in an MDE context, a bug can be related to different MDE artefacts, such as design-time models, model transformations, or run-time models. Starting the bug localization in the wrong place or with the wrong tool can lead to a result that is unsatisfactory. We evaluate how to apply the existing model-based approaches in order to mitigate the effect of starting the localization in the wrong place. We also take into account that software engineers can refine the results at different stages. In our evaluation, we compare different combinations of the application of bug localization approaches and human refinement. The combination of our approaches plus manual refinement obtains the best results. We performed a statistical analysis to provide evidence of the significance of the results. The conclusions obtained from this evaluation are: humans have to be involved at the right time in the process (or results can even get worse), and artefact-independence can be achieved without worsening the results.

SLABS: A FORMAL SPECIFICATION LANGUAGE FOR AGENT-BASED SYSTEMS

2001 ◽  
Vol 11 (05) ◽  
pp. 529-558 ◽  
Author(s):  
HONG ZHU
Keyword(s):  
Formal Specification ◽  
Speech Act ◽  
Specification Language ◽  
Agent Based ◽  
Model Based ◽  
Software Engineers ◽  
Personal Assistants ◽  
Emergent Behaviours ◽  
Formal Specification Language

Being autonomous, proactive and adaptive, an agent-based system may demonstrate emergent behaviours, which are neither designed by the developers nor expected by the users of the system. Whether or not such emergent behaviours are advantageous, methods for the specification of agent behaviours must be developed to enable software engineers to analyse agent-based systems before they are implemented. This paper presents a formal specification language SLABS for agent-based systems. It is a model-based specification language defined based on the notion of agents as encapsulations of data, operations and behaviours. The behaviour of an agent is defined by a set of rules that describe the action/reaction of the agent in certain environment scenarios. The style and expressiveness of the language is demonstrated by examples like ants, personal assistants and speech-act style of agent communications.

Representation, abstraction, and simple-minded sophisticates

2020 ◽  
Vol 43 ◽  
Author(s):  
Peter Dayan
Keyword(s):  
Decision Theory ◽  
Predictive Coding ◽  
Bayesian Decision Theory ◽  
Bayesian Decision ◽  
Model Based ◽  
Model Free

Abstract Bayesian decision theory provides a simple formal elucidation of some of the ways that representation and representational abstraction are involved with, and exploit, both prediction and its rather distant cousin, predictive coding. Both model-free and model-based methods are involved.

Sign in / Sign up

Export Citation Format

Share Document