16,054 research outputs found
Modelling and Analysis Using GROOVE
In this paper we present case studies that describe how the graph transformation tool GROOVE has been used to model problems from a wide variety of domains. These case studies highlight the wide applicability of GROOVE in particular, and of graph transformation in general. They also give concrete templates for using GROOVE in practice. Furthermore, we use the case studies to analyse the main strong and weak points of GROOVE
A Blockchain-based Approach for Data Accountability and Provenance Tracking
The recent approval of the General Data Protection Regulation (GDPR) imposes
new data protection requirements on data controllers and processors with
respect to the processing of European Union (EU) residents' data. These
requirements consist of a single set of rules that have binding legal status
and should be enforced in all EU member states. In light of these requirements,
we propose in this paper the use of a blockchain-based approach to support data
accountability and provenance tracking. Our approach relies on the use of
publicly auditable contracts deployed in a blockchain that increase the
transparency with respect to the access and usage of data. We identify and
discuss three different models for our approach with different granularity and
scalability requirements where contracts can be used to encode data usage
policies and provenance tracking information in a privacy-friendly way. From
these three models we designed, implemented, and evaluated a model where
contracts are deployed by data subjects for each data controller, and a model
where subjects join contracts deployed by data controllers in case they accept
the data handling conditions. Our implementations show in practice the
feasibility and limitations of contracts for the purposes identified in this
paper
Static Enforcement of Role-Based Access Control
We propose a new static approach to Role-Based Access Control (RBAC) policy
enforcement. The static approach we advocate includes a new design methodology,
for applications involving RBAC, which integrates the security requirements
into the system's architecture. We apply this new approach to policies
restricting calls to methods in Java applications. We present a language to
express RBAC policies on calls to methods in Java, a set of design patterns
which Java programs must adhere to for the policy to be enforced statically,
and a description of the checks made by our static verifier for static
enforcement.Comment: In Proceedings WWV 2014, arXiv:1409.229
Big data analytics:Computational intelligence techniques and application areas
Big Data has significant impact in developing functional smart cities and supporting modern societies. In this paper, we investigate the importance of Big Data in modern life and economy, and discuss challenges arising from Big Data utilization. Different computational intelligence techniques have been considered as tools for Big Data analytics. We also explore the powerful combination of Big Data and Computational Intelligence (CI) and identify a number of areas, where novel applications in real world smart city problems can be developed by utilizing these powerful tools and techniques. We present a case study for intelligent transportation in the context of a smart city, and a novel data modelling methodology based on a biologically inspired universal generative modelling approach called Hierarchical Spatial-Temporal State Machine (HSTSM). We further discuss various implications of policy, protection, valuation and commercialization related to Big Data, its applications and deployment
Security-Driven Software Evolution Using A Model Driven Approach
High security level must be guaranteed in applications in order to mitigate risks during the deployment of information systems in open network environments. However, a significant number of legacy systems remain in use which poses security risks to the enterpriseā assets due to the poor technologies used and lack of security concerns when they were in design. Software reengineering is a way out to improve their security levels in a systematic way. Model driven is an approach in which model as defined by its type directs the execution of the process. The aim of this research is to explore how model driven approach can facilitate the software reengineering driven by security demand. The research in this thesis involves the following three phases.
Firstly, legacy system understanding is performed using reverse engineering techniques. Task of this phase is to reverse engineer legacy system into UML models, partition the legacy system into subsystems with the help of model slicing technique and detect existing security mechanisms to determine whether or not the provided security in the legacy system satisfies the userās security objectives.
Secondly, security requirements are elicited using risk analysis method. It is the process of analysing key aspects of the legacy systems in terms of security. A new risk assessment method, taking consideration of asset, threat and vulnerability, is proposed and used to elicit the security requirements which will generate the detailed security requirements in the specific format to direct the subsequent security enhancement.
Finally, security enhancement for the system is performed using the proposed ontology based security pattern approach. It is the stage that security patterns derived from security expertise and fulfilling the elicited security requirements are selected and integrated in the legacy system models with the help of the proposed security ontology.
The proposed approach is evaluated by the selected case study. Based on the analysis, conclusions are drawn and future research is discussed at the end of this thesis. The results show this thesis contributes an effective, reusable and suitable evolution approach for software security
- ā¦