Toward the Engineering of Security of Information Systems (ESIS): UML and the IS Confidentiality

Goudalo, Wilson; Seret, Dominique

doi:10.1109/securware.2008.66

Cited by 8 publications

(4 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another group of approaches like (Alghathbar and Wijesekera, 2003;Lodderstedt et al, 2002;Goudalo and Seret, 2008) aim for extending UML with security information. Some allow modelling ACRs on the architectural level.…”

Section: State Of the Artmentioning

confidence: 99%

Challenges in Aligning Enterprise Application Architectures to Business Process Access Control Requirements in Evolutional Changes

Pilipchuk

Seifermann

Heinrich

et al. 2021

Proceedings of the 18th International Conference on E-Business

View full text Add to dashboard Cite

Business processes define requirements for software systems that support business goals. Enterprise Application Architectures (EAAs) organize the structure and behavior of the required software systems. Satisfying requirements regarding the confidentiality of information that originate from the business process design is crucial to fulfill legal obligations and corporate policies. Violating these obligations and policies can lead to high fines and lost assets. There is a gap in modeling confidentiality requirements holistically across business processes and EAAs (Alpers et al., 2019). Hence, aligning EAAs with business processes by identifying violated business access control requirements (ACRs) during the architectural design phase is vital. Thereto, three challenges need to be overcome: i) define the meaning of read and write from ACRs for EAAs, ii) identify relevant parts of the EAA affected by ACRs and iii) define rules to cope with data type refinement. In this paper, we present the challenges, solutions to them and our scientific findings that we made during the development of AcsALign, which is an approach to align the EAAs to ACRs of business processes in the early design phase and evolution scenarios using the established modeling languages Business Process Model and Notation (BPMN) and Palladio Component Model (PCM). We apply our solutions in a real-world case study. Evaluation results show satisfying accuracy of the requirements extraction and architectural alignment.

show abstract

Section: State Of the Artmentioning

confidence: 99%

Challenges in Aligning Enterprise Application Architectures to Business Process Access Control Requirements in Evolutional Changes

Pilipchuk

Seifermann

Heinrich

et al. 2021

Proceedings of the 18th International Conference on E-Business

View full text Add to dashboard Cite

show abstract

“…We base the actions of this step on various experiments both in industry and academic research. As mentioned in section 3.3, Goudalo defined seven security acts constituting the engineering of information security (Goudalo, 2011). Although several researchers have discussed usable security design, Kai-Ping Yee has proposed a list of guidelines for addressing valid and nontrivial problems specific to usable security design (Yee, 2002): path of least resistance, active authorization, revocability, visibility, self-awareness, trusted path, expressiveness, relevant boundaries, identifiability and foresight.…”

Section: Stage #3: Define Solutionsmentioning

confidence: 99%

Towards Advanced Enterprise Information Systems Engineering - Solving Resilience, Security and Usability Issues within the Paradigms of Socio-Technical Systems

Goudalo¹,

Kolski

2016

Proceedings of the 18th International Conference on Enterprise Information Systems

Self Cite

View full text Add to dashboard Cite

Resilience and Security are very important attributes for most enterprise Information Systems (IS). These systems have human users with various capabilities, experiences and behaviors. Therefore, they have to be resilient, secure and usable. Resilience requires the capacity to prepare and adapt, facing perpetuating evolutionary conditions, and to restore full capability after an incident or an attack. We track and solve Resilience, Security and Usability issues jointly in Enterprise IS. This challenge requires considering the ergonomics of interactions, effectiveness and efficiency of the task realization, user satisfaction, and trust as well as human feelings when using the secure services. In this paper, we propose an approach based on paradigms of socio-technical systems to model the interplay between resilience, security and usability. We detail a case study illustrating the proposed approach and detailing the elaboration of user-experience-based design patterns.

show abstract

“…They defined the security stereotypes based on the Open Web Application Security Project, which lists the top ten most critical web application vulnerabilities, including buffer overflow, connection flooding, encryption, access control, and Search and Query Language injection. Goudalo and Seret worked on the security of information systems (ISs) and proposed another UML profile with secrecy, trust, and role‐based access control stereotypes. Villarroel et al .…”

Section: Related Workmentioning

confidence: 99%

Model driven security framework for software design and verification

Deveci

Caglayan

2015

Security Comm Networks

View full text Add to dashboard Cite

Information system security is receiving increasing attention every day because a security problem can cause serious financial loss or even loss of lives. Some of these security problems occur as a result of poor design practices, where important security functionality is not designed properly and is directly implemented later in the development cycle in an unmethodical way. Researchers have put a great deal of effort into defining processes and tools to design and develop more secure information systems. However, verification of the designed and developed security functionality is of utmost importance. In some cases, designs and codes also need to be formally or semi‐formally verified and certified by authorities. The Common Criteria is one of the widely used universal frameworks for evaluating the security functionality of information systems. In this paper, we propose a new framework, model driven security framework, for the analysis, design, and evaluation of security properties of information systems. Our aim is to support information system developers and evaluation authorities who implement the higher‐level Common Criteria (levels 6 and 7) security assurance process using formal methods based on Unified Modelling Language, Object Constraint Language, Promela, and Spin. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

Toward the Engineering of Security of Information Systems (ESIS): UML and the IS Confidentiality

Cited by 8 publications

References 5 publications

Challenges in Aligning Enterprise Application Architectures to Business Process Access Control Requirements in Evolutional Changes

Challenges in Aligning Enterprise Application Architectures to Business Process Access Control Requirements in Evolutional Changes

Towards Advanced Enterprise Information Systems Engineering - Solving Resilience, Security and Usability Issues within the Paradigms of Socio-Technical Systems

Model driven security framework for software design and verification

Contact Info

Product

Resources

About