Enterprise Modelling using Algebraic Graph Transformation - Extended Version

An analysis of today's situation at Credit Suisse has shown severe problems, because it is based on current best practices and ad-hoc modelling techniques to handle important aspects of security, risk and compliance. Based on this analysis we propose in this paper a new enterprise model which allows the construction, integration, transformation and evaluation of different organizational models in a big decentralized organization like Credit Suisse. The main idea of the new model framework is to provide small decentralized models and intra-model evaluation techniques to handle services, processes and rules separately for the business and IT universe on one hand and for human-centric and machine-centric concepts on the other hand. Furthermore, the new framework provides inter-modelling techniques based on algebraic graph transformation to establish the connection between different kinds of models and to allow integration of the decentralized models. In order to check for security, risk and compliance in a suitable way, our models and techniques are based on different kinds of formal methods. In this paper, we show that algebraic graph transformation techniques are useful not only for intra-modelling - using graph grammars for visual languages and graph constraints for requirements - but also for inter-modelling - using triple graph grammars for model transformation and integration. Altogether, we present the overall idea of our new model framework and show how to solve specific problems concerning intra- and inter-modelling as first steps. This should give evidence that our framework can also handle important other requirements for enterprise modelling in a big decentralized organization like Credit Suisse

Towards a Governance of Low-Code Development Platforms Using the Example of Microsoft PowerPlatform in a Multinational Company

The advantages of low-code platforms include the ability to better manage corporate processes. These processes can quickly become customized and business critical. Consequently, governance of low-code development platforms gains increasing importance in the IT sector. This paper contributes to the design of a governance for low-code platforms using the example of Microsoft PowerPlatform through the action-design- research-paradigm within a consumer goods corporation. The paper shows both the relationship between IT governance and low-code platforms and what challenges this poses, as well as the importance of governance of low-code platforms in relation to the field of end-user computing. This work aims at developing governance for low-code platforms, and evaluates it using several methods. Based on the results of the naturalistic evaluation, design principles for the development of a governance for low-code platforms are derived. The principles summarize suggestions for designing such governance, providing evidence-based design knowledge for developing governance of low-code platforms

Formal Verification of Functional Requirements for Smart Contract Compositions in Supply Chain Management Systems

The smart contract technology has increasingly attracted the attention of different industries. However, a significant number of smart contracts deployed in practice suffer from several bugs, which enable malicious users to cause damage. The research community has shifted their focus to verifying the correctness of smart contracts using model checkers and formal verification methods. The majority of the research investigates the correctness of systems built on one smart contract. This paper proposes a verification approach for systems composed of interacting smart contracts developed and controlled by different entities. We use the NuSMV model checker and the Behavioral Interaction Priority tool to model the behaviors of smart contracts and their interactions with the aim of verifying their compliance with the systems’ functional requirements. These requirements are formalized by Linear Temporal Logic propositions. The applicability of our approach is illustrated using a case study from The American Petroleum Institute and implemented using Hyperledger Fabric

How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems

Recently security researchers have started to look into automated generation of attack trees from socio-technical system models. The obvious next step in this trend of automated risk analysis is automating the selection of security controls to treat the detected threats. However, the existing socio-technical models are too abstract to represent all security controls recommended by practitioners and standards. In this paper we propose an attack-defence model, consisting of a set of attack-defence bundles, to be generated and maintained with the socio-technical model. The attack-defence bundles can be used to synthesise attack-defence trees directly from the model to offer basic attack-defence analysis, but also they can be used to select and maintain the security controls that cannot be handled by the model itself.Comment: GraMSec 2015, 16 page

Visions and Challenges in Managing and Preserving Data to Measure Quality of Life

Health-related data analysis plays an important role in self-knowledge, disease prevention, diagnosis, and quality of life assessment. With the advent of data-driven solutions, a myriad of apps and Internet of Things (IoT) devices (wearables, home-medical sensors, etc) facilitates data collection and provide cloud storage with a central administration. More recently, blockchain and other distributed ledgers became available as alternative storage options based on decentralised organisation systems. We bring attention to the human data bleeding problem and argue that neither centralised nor decentralised system organisations are a magic bullet for data-driven innovation if individual, community and societal values are ignored. The motivation for this position paper is to elaborate on strategies to protect privacy as well as to encourage data sharing and support open data without requiring a complex access protocol for researchers. Our main contribution is to outline the design of a self-regulated Open Health Archive (OHA) system with focus on quality of life (QoL) data.Comment: DSS 2018: Data-Driven Self-Regulating System

Designing Data Spaces

This open access book provides a comprehensive view on data ecosystems and platform economics from methodical and technological foundations up to reports from practical implementations and applications in various industries. To this end, the book is structured in four parts: Part I “Foundations and Contexts” provides a general overview about building, running, and governing data spaces and an introduction to the IDS and GAIA-X projects. Part II “Data Space Technologies” subsequently details various implementation aspects of IDS and GAIA-X, including eg data usage control, the usage of blockchain technologies, or semantic data integration and interoperability. Next, Part III describes various “Use Cases and Data Ecosystems” from various application areas such as agriculture, healthcare, industry, energy, and mobility. Part IV eventually offers an overview of several “Solutions and Applications”, eg including products and experiences from companies like Google, SAP, Huawei, T-Systems, Innopay and many more. Overall, the book provides professionals in industry with an encompassing overview of the technological and economic aspects of data spaces, based on the International Data Spaces and Gaia-X initiatives. It presents implementations and business cases and gives an outlook to future developments. In doing so, it aims at proliferating the vision of a social data market economy based on data spaces which embrace trust and data sovereignty

Global Risks 2012, Seventh Edition

The World Economic Forum's Global Risks 2012 report is based on a survey of 469 experts from industry, government, academia and civil society that examines 50 global risks across five categories. The report emphasizes the singular effect of a particular constellation of global risks rather than focusing on a single existential risk. Three distinct constellations of risks that present a very serious threat to our future prosperity and security emerged from a review of this year's set of risks. Includes a special review of the important lessons learned from the 2011 earthquake, tsunami and the subsequent nuclear crisis at Fukushima, Japan. It focuses on therole of leadership, challenges to effective communication in this information age and resilient business models in response to crises of unforeseen magnitude