Model-Based Approaches for Validating Business Critical Systems

Developing a business critical system can involve considerable difficulties. This paper describes part of a new methodology that tackles this problem using co-evolution of models and prototypes to strengthen the relationship between modelling and testing. We illustrate how different modelling frameworks, Promela/SPIN and B/ProB/AtelierB, can be used to implement this idea. As a way to reinforce integration between modelling and testing, we were able to anticipate problems and guide the development of our software in a safer way, increasing our understanding of the system and its reliabilit

Expressing business rules : a fact based approach : a thesis presented in partial fulfilment of the requirements for the degree of Master of Philosophy in Information Systems at Massey University, Palmerston North, New Zealand

Numerous industry surveys have suggested that many IT projects still end in failure. Incomplete, ambiguous and inaccurate specifications are cited as a major causal factor. Traditional techniques for specifying data requirements often lack the expressiveness with which to model subtle but common features within organisations. As a consequence, categories of business rules that determine the structure and behaviour of organisations may not be captured until the latter stages of the systems development lifecycle. A fact-based technique called Object Role Modelling (ORM) has been investigated as an altemative approach for specifying data requirements. The technique's ability to capture and represent a wide range of data requirements rigorously, but still in a form comprehensible to business people, could provide a powerful tool for analysts. In this report, ORM constructs have been synthesised with the concepts and definitions provided by the Business Rules Group (BRG), who have produced a detailed taxonomy of business rule categories. In doing so, business rules discovered in an organisation can be expressed in a form that is meaningful to both analysts and business people. Exploiting the expressive simplicity of a conceptual modelling technique to articulate an organisation's business rules could help to fill a significant requirements gap

Model-Based Security Testing

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582

Medical Cyber-Physical Systems Development: A Forensics-Driven Approach

The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system availability. The complexity and operating requirements of a MCPS complicates digital investigations. Coupling this information with the potentially vast amounts of information that a MCPS produces and/or has access to is generating discussions on, not only, how to compromise these systems but, more importantly, how to investigate these systems. The paper proposes the integration of forensics principles and concepts into the design and development of a MCPS to strengthen an organization's investigative posture. The framework sets the foundation for future research in the refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd International Workshop on Security, Privacy, and Trustworthiness in Medical Cyber-Physical Systems (MedSPT 2017

Reflecting on reflection: scale extension and a comparison of undergraduate business students in the United States and the United Kingdom

In the Peltier, Hay, and Drago (2005) article entitled “The Reflective Learning Continuum: Reflecting on Reflection,” a reflective learning continuum was conceptualized and tested. This is a follow-up article based on three extensions: (1) determine whether the continuum could be expanded, (2) further validating the continuum using additional schools, and (3) determining whether the continuum could also be applied to undergraduate business education. The findings from a study of U.S. and UK students show that the revised scale is valid and reliable and that U.S. students in the sample universities rated their educational experience higher and were more likely to use reflective thinking practices

Towards Validating Risk Indicators Based on Measurement Theory (Extended version)

Due to the lack of quantitative information and for cost-efficiency, most risk assessment methods use partially ordered values (e.g. high, medium, low) as risk indicators. In practice it is common to validate risk indicators by asking stakeholders whether they make sense. This way of validation is subjective, thus error prone. If the metrics are wrong (not meaningful), then they may lead system owners to distribute security investments inefficiently. For instance, in an extended enterprise this may mean over investing in service level agreements or obtaining a contract that provides a lower security level than the system requires. Therefore, when validating risk assessment methods it is important to validate the meaningfulness of the risk indicators that they use. In this paper we investigate how to validate the meaningfulness of risk indicators based on measurement theory. Furthermore, to analyze the applicability of the measurement theory to risk indicators, we analyze the indicators used by a risk assessment method specially developed for assessing confidentiality risks in networks of organizations

Higher education policy initiatives and their implementation - the case of Lifelong Learning Networks in England

This article is about Lifelong Learning Networks in England that are groups of higher education institutions and further education colleges covering a city, area or region. These networks have been established through funding from the Higher Education Funding Council for England and their policy objective is to improve the coherence, clarity and certainty of progression opportunities for vocational learners into and through higher education. In this article we consider the likelihood of LLNs delivering this policy objective. In doing so, we focus our discussion on the clarity of LLN policy and the wider policy landscape, and the compatibility and relevance of LLN policy with the values, interests and core activities of the institutions that make up the networks

Using agent based simulation to empirically examine complexity in carbon footprint business process

Through the critical analysis of the extant literature, it is observed that Simulation is widely used as a research method in Natural Sciences, Engineering and Social Sciences, in addition to argumentation and formalisation as the third way of carrying out research. Simulation is not so widely used in Business and Management research as it ought to have been, though this is changing for the better with the technological advances in computers and their computational power. These technological advances enhance the capability of theoretical research models, in defining a problem and their use in empirically examining a solution to the problem in simulated reality, like never before. Management journal searches for “Simulation and Complexity Theory” returned nil or zero returns, which explain that this combination is not popular in management research, though they are used individually more often. The major objective of this paper is to analyse some of the conceptual (or theoretical) and methodological (or empirical) contributions that Agent Based Simulation and Complexity Theory can make to the business and management community in their business process related research In view of this, some basic ideas are discussed of using Agent Based Simulation as a method in Business and Management Studies research and how an Agent Based Model can be applied to a business process as complex as Carbon Footprint. It is in this context that the use of Complexity as the base theory to empirically examine a business process is discussed. Throughout this article, our research on complex adaptive systems (e.g., Accounting Information System) in continuously changing organisations managing complex business processes (e.g., Carbon Footprint business process) is considered as the basis for illustrating some of the concepts. Through this article, avenues for further management research using these tools and methodology are suggested