Threats Management Throughout the Software Service Life-Cycle

Software services are inevitably exposed to a fluctuating threat picture. Unfortunately, not all threats can be handled only with preventive measures during design and development, but also require adaptive mitigations at runtime. In this paper we describe an approach where we model composite services and threats together, which allows us to create preventive measures at design-time. At runtime, our specification also allows the service runtime environment (SRE) to receive alerts about active threats that we have not handled, and react to these automatically through adaptation of the composite service. A goal-oriented security requirements modelling tool is used to model business-level threats and analyse how they may impact goals. A process flow modelling tool, utilising Business Process Model and Notation (BPMN) and standard error boundary events, allows us to define how threats should be responded to during service execution on a technical level. Throughout the software life-cycle, we maintain threats in a centralised threat repository. Re-use of these threats extends further into monitoring alerts being distributed through a cloud-based messaging service. To demonstrate our approach in practice, we have developed a proof-of-concept service for the Air Traffic Management (ATM) domain. In addition to the design-time activities, we show how this composite service duly adapts itself when a service component is exposed to a threat at runtime.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Applying tropos to socio-technical system design and runtime configuration

Recent trends in Software Engineering have introduced the importance of reconsidering the traditional idea of software design as a socio-tecnical problem, where human agents are integral part of the system along with hardware and software components. Design and runtime support for Socio-Technical Systems (STSs) requires appropriate modeling techniques and non-traditional infrastructures. Agent-oriented software methodologies are natural solutions to the development of STSs, both humans and technical components are conceptualized and analyzed as part of the same system. In this paper, we illustrate a number of Tropos features that we believe fundamental to support the development and runtime reconfiguration of STSs. Particularly, we focus on two critical design issues: risk analysis and location variability. We show how they are integrated and used into a planning-based approach to support the designer in evaluating and choosing the best design alternative. Finally, we present a generic framework to develop self-reconfigurable STSs

Self-Configuring Socio-Technical Systems: Redesign at Runtime

Modern information systems are becoming more and more socio-technical systems, namely systems composed of human (social) agents and software (technical) systems operating together in a common environment. The structure of such systems has to evolve dynamically in response to the changes of the environment. When new requirements are introduced, when an actor leaves the system or when a new actor comes, the socio-technical structure needs to be redesigned and revised. In this paper, an approach to dynamic reconfiguration of a socio-technical system structure in response to internal or external changes is proposed. The approach is based on planning techniques for generating possible alternative configurations, and local strategies for their evaluation. The reconfiguration mechanism is presented, which makes the socio-technical system self-configuring, and the approach is discussed and analyzed on a simple case study

Comparison of STS and ArchiMate Risk and Security Overlay

ArchiMate'i kasutatakse tänapäeval laialdaselt erinevates ärivaldkondades ettevõttesüsteemide arhitektuuri modelleerimiseks ning seda võib iseloomustada modelleerimise tööriistana, mis ühendab endas UML'i ja BPMN'i. STS keskendub aga sotsiotehnilisele perspektiivile ja tegijatevahelistele sotsiaalsetele vastastikmõjudele. Kuigi neil on palju ühist, on tegemist siiski erinevate lähenemistega, mistõttu räägitakse tänapäeval ArchiMate'st ja Secure Socio-Technical Systems'ist valdavalt kui eraldiseisvatest süsteemidest. Sellise olukorra tõttu on tekkinud puudujääk tööriistadest ja lähenemistest, mis ühendaks kaks süsteemi üheks uueks, mis võtaks arvesse nii modelleerimise arhitektuurseid kui ka sotsiotehnilisi aspekte. Selline kombinatsioon võib osutuda kasulikuks, kuna ArchiMate'ga saab modelleerida riskijuhtimist ja STS abil saab modelleerida erinevate süsteemi kaasatud tegijate omavahelist suhtlemist sotsiaalsest vaatevinklist ja turvalisuse inimfaktorit. Seega nende kahe süsteemi ühendamise teel võib luua turvalisuse modelleerimise lähenemise, mis katab nii arhitektuurilised kui sotsiaalsed vaatevinklid. Ideaalselt kasutaks selline lähenemine mõlema süsteemi tugevamaid külgi ja lahendaks mõned kitsaskohad. Lähenemise terviklikust hinnatakse ISSRM'i suhtes. Selles lõputöös kirjeldatakse ülalmainitud kombineeritud lähenemist turvalisuse modelleerimisele.Nowadays ArchiMate is widely used in enterprise architecture modelling of the various business domains and briefly could be described as something in between UML and BPMN with main focus in architectural perspective. STS in its turn is focusing on socio-technical perspective and taking into consideration social interactions betwen actors. Current state of the art is talking about Secure Socio-Technical Systems and ArchiMate separately. This is perfectly fine because this two approaches are quite different. Still, they have a lot in common. Based on the state described above problem could be identified as an absence of tools or approaches which will combine these two approaches into a new one, which will take into consideration both architectural and socio-technical perspectives of modelling. This combination could be beneficial because ArchiMate risk and security overlay models risk management and STS models how actors involved in this system interact with each other from social point of view and highlights “human factor” in security. Thus, combination of them could potentially result in security modelling approach which will cover both architecture and social points of view. Ideally, this approach will create some workarounds over weak places in both initial approaches and heavily use their best parts. We will also validate this approach in terms of completeness with respect to ISSRM. In this paper we will describe this combined approach

Socio-Technical Perspective for Electronic Tax Information System in Tanzania

Socio-technical systems theory has rarely been used by system architects in setting up computing systems. However, the role of socio-technical concepts in computing, which is becoming social in nature, has made the concepts more relevant and commercial. Tax information systems are examples of such systems because they are influenced by external variables such as the political environment, technological trends, and social environment, introducing complexity in their deployment and determining the type of e-services and their delivery to a diverse group of people. It was observed that in Tanzania there is resistance, reluctance and minimal use of electronic tax system because of insufficient end-user support and their involvement in constructing the system. Therefore, there is need to develop an electronic tax information system using socio-technical systems perspectives to ensure design of an efficient user-friendly tax administration system. The research used the qualitative approach, featuring case studies in Korea, Chile, Tanzania, and Denmark. The study used best practices from the Organization for Economic Cooperation and Development (OECD) to benchmark Tanzania Revenue Authority current practices. It was found that tax models implemented are techno-centric push models, which don’t attract its use by tax payers and requiring human intervention in its operation, hence not cost-effective. As the first and relevant phase in socio-technical system development, this paper presents the problem definition and analysis of e-Tax collection system in Tanzania

Applying acceptance requirements to requirements modeling tools via gamification: a case study on privacy and security.

Requirements elicitation, analysis and modeling are critical activities for software success. However, software systems are increasingly complex, harder to develop due to an ever-growing number of requirements from numerous and heterogeneous stakeholders, concerning dozens of requirements types, from functional to qualitative, including adaptation, security and privacy, ethical, acceptance and more. In such settings, requirements engineers need support concerning such increasingly complex activities, and Requirements Engineering (RE) modeling tools have been developed for this. However, such tools, although effective, are complex, time-consuming and requiring steep learning curves. The consequent lack of acceptance and abandonment in using such tools, by engineers, paves the way to the application of RE techniques in a more error-prone, low-quality way, increasing the possibility to have failures in software systems delivered. In this paper, we identify main areas of lack of acceptance, affecting RE engineers, for such tools, and propose an approach for making modeling tools more effective in engaging the engineer in performing RE in a tool-based way, receiving adequate feedback and staying motivated to use modeling tools. This is accomplished by performing acceptance requirements analysis (through the Agon Framework) and using gamification to increase the engagement of engineers during the usage of RE modeling tools. Towards this end, we performed a case study, within the VisiOn European Project, for enhancing a tool for modeling privacy and security requirements. Our case study provides preliminary evidence that our approach supports in making RE modeling tools more engaging from the engineer perspective