Model-based privacy and security analysis with CARiSMA

Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering

Volumn Part F130154, Issue , 2017, Pages 989-993

  Ahmadian, Amir Shayan ^a   Peldszus, Sven ^a   Ramadan, Qusai ^a   Jürjens, Jan ^a,b  

^a University of Koblenz Landau   (Germany)

^b Fraunhofer ISST   (Germany)

Author keywords

Model based analysis; Privacy; Security; System design analysis

Indexed keywords

DATA HANDLING; SECURITY SYSTEMS; SOFTWARE ENGINEERING; SYSTEMS ANALYSIS;

DESIGN ANALYSIS; MODEL-BASED ANALYSIS; MODEL-BASED SECURITY ANALYSIS; ORGANIZATIONAL CONTROLS; PRIVACY AND SECURITY; SECURITY; SECURITY AND PRIVACY; SYSTEM DEVELOPERS;

DATA PRIVACY;

EID: 85030761760     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/3106237.3122823     Document Type: Conference Paper

References (30)

1. Ahmadian, A. S., Strüber, D., Riediger, V., and Jürjens, J. Model-based Privacy Analysis in Industrial Ecosystems. In ECMFA (2017), Springer. accepted.
2. Barker, K., Askari, M., Banerjee, M., Ghazinour, K., Mackas, B., Majedi, M., Pun, S., and Williams, A. A Data Privacy Taxonomy. Springer, 2009, pp. 42-54.
3. Cavoukian, A., and Chibba, M. Advancing Privacy and Security in Computing, Networking and Systems Innovations through Privacy by Design. In CASCON (2009), pp. 358-360.
4. Colombo, P., and Ferrari, E. Towards a Modeling and Analysis Framework for Privacy-Aware Systems. In SOCIALCOM-PASSAT (2012), IEEE Computer Society, pp. 81-90.
5. Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J., Métayer, D. L., Tirtea, R., and Schiffner, S. Privacy and data protection by design - from policy to engineering. CoRR abs/1501.03726 (2015).
6. den Braber, F., Hogganvik, I., Lund, M. S., Stølen, K., and Vraalsen, F. Modelbased security analysis in seven steps - a guided tour to the coras method. BT Technology Journal 25, 1 (2007), 101-117.
7. Georg, G., Ray, I., Anastasakis, K., Bordbar, B., Toahchoodee, M., and Houmb, S. H. An Aspect-oriented Methodology for Designing Secure Applications. INFSOF 51, 5 (2009), 846-864.
8. Gollmann, D. Computer Security. John Wiley & Sons, Inc., New York, NY, USA, 1999.
9. Heitmeyer, C. L., Archer, M., Leonard, E. I., and McLean, J. Applying Formal Methods to a Certifiably Secure Software System. IEEE Trans. Software Eng. 34, 1 (2008), 82-98.
10. Islam, S., Mouratidis, H., and Jürjens, J. A framework to support alignment of secure software engineering with legal regulations. Software & Systems Modeling 10, 3 (2011), 369-394.
11. Islam, S., Pavlidis, M., Mouratidis, H., and Kearney, P. Modeling Trust Relationships for Developing Trustworthy Information Systems. Int. J. Inf. Syst. Model. Des. 5, 1 (2014), 25-48.
12. Jin, X., Sandhu, R., and Krishnan, R. RABAC: Role-Centric Attribute-Based Access Control. Springer, 2012, pp. 84-96.
13. Jürjens, J. Secure Systems Development with UML. Springer, 2005.
14. Jürjens, J., and Wimmel, G. Formally testing fail-safety of electronic purse protocols. In 16th International Conference on Automated Software Engineering (ASE 2001) (2001), IEEE, pp. 408-411.
15. Katt, B., Gander, M., Breu, R., and Felderer, M. Enhancing Model Driven Security through Pattern Refinement Techniques. In FMCO (2011), pp. 169-183.
16. Lano, K., Clark, D., and Androutsopoulos, K. Safety and Security Analysis of Object-Oriented Models. In SAFECOMP (2002), Springer, pp. 82-93.
17. Lodderstedt, T., Basin, D., and Doser, J. SecureUML: A UML-Based Modeling Language for Model-Driven Security. In UML (2002).
18. Mouratidis, H., Giorgini, P., and Manson, G. Modelling Secure Multiagent Systems. In AAMAS (2003).
19. Nguyen, P. H., Yskout, K., Heyman, T., Klein, J., Scandariato, R., and Traon, Y. L. SoSPa: A System of Security Design Patterns for Systematically Engineering Secure Systems. In MoDELS (2015), pp. 246-255.
20. Object Management Group. Object Constraint Language - Version 2.4. Tech. Rep. formal/2014-02-03, 2014.
21. Paja, E., Dalpiaz, F., and Giorgini, P. Modelling and reasoning about security requirements in socio-technical systems. Data and Knowledge Engineering 98 (2015), 123-143. Research on conceptual modeling.
22. Paja, E., Dalpiaz, F., Poggianella, M., Roberti, P., and Giorgini, P. Sts-tool: Socio-technical security requirements through social commitments. In 2012 20th IEEE International Requirements Engineering Conference (RE) (Sept 2012), pp. 331-332.
23. Pavlidis, M., and Islam, S. SecTro: A CASE Tool for Modelling Security in Requirements Engineering using Secure Tropos. In CAiSE (2011), pp. 89-96.
24. Peldszus, S., Kulcsár, G., Lochau, M., and Schulze, S. Continuous detection of design flaws in evolving object-oriented programs using incremental multipattern matching. In Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering (New York, NY, USA, 2016), ASE 2016, ACM, pp. 578-589.
25. Petriu, D., Woodside, M., Petriu, D., Xu, J., Israr, T., Georg, G., France, R., Bieman, J., Houmb, S. H., and Jürjens, J. Performance analysis of security aspects in UML models. In Sixth International Workshop on Software and Performance (WOSP 2007) (2007), ACM, pp. 91-102.
26. Schneider, K., Knauss, E., Houmb, S., Islam, S., and Jürjens, J. Enhancing Security Requirements Engineering by Organisational Learning. REJ 17, 1 (2012), 35-56.
27. Spiekermann, S., Acqisti, A., Böhme, R., and Hui, K.-L. The challenges of personal data markets and privacy. Electronic Markets 25, 2 (2015), 161-167.
28. Spiekermann, S., and Cranor, L. F. Engineering Privacy. IEEE Trans. Softw. Eng. 35, 1 (Jan. 2009), 67-82.
29. Steinberg, D., Budinsky, F., Paternostro, M., and Merks, E. EMF: Eclipse Modeling Framework 2.0, 2nd ed. Addison-Wesley Professional, 2009.
30. The European Parliament and the Council of the Europeam Union. Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Union (2016).