Towards Cybersecurity by Design: A multi-level reference model for requirements-driven smart grid cybersecurity

This paper provides a first step towards a reference model for end-to-end cybersecurity by design in the electricity sector. The envisioned reference model relies, among others, on the integrated consideration of two currently fragmented, but complementary, reference models: NISTIR 7628 and powerLang. As an underlying language architecture of choice, we rely on multi-level modeling, specifically on the Flexible Meta Modeling and Execution Language (FMMLx), as multi-level modeling supports a natural integration across different abstraction levels inherent to reference models. This paper’s contributions are a result of one full consideration of Wieringa’s engineering cycle: for problem investigation, we describe the problems the reference model should address; for treatment design, we contribute the requirements the reference model should fulfill; for treatment implementation, we provide reference model’s fragments implemented in an integrated modeling and programming environment. Finally, for treatment evaluation, we perform expert interviews to check, among others, the artefact’s relevance and utility

Multi-perspective requirements engineering for networked business systems: a framework for pattern composition

How business and software analysts explore, document, and negotiate requirements for enterprise systems is critical to the benefits their organizations will eventually derive. In this paper, we present a framework for analysis and redesign of networked business systems. It is based on libraries of patterns which are derived from existing Internet businesses. The framework includes three perspectives: Economic value, Business processes, and Application communication, each of which applies a goal-oriented method to compose patterns. By means of consistency relationships between perspectives, we demonstrate the usefulness of the patterns as a light-weight approach to exploration of business ideas

Finding and Resolving Security Misusability with Misusability Cases

Although widely used for both security and usability concerns, scenarios used in security design may not necessarily inform the design of usability, and vice- versa. One way of using scenarios to bridge security and usability involves explicitly describing how design deci- sions can lead to users inadvertently exploiting vulnera- bilities to carry out their production tasks. This paper describes how misusability cases, scenarios that describe how design decisions may lead to usability problems sub- sequently leading to system misuse, address this problem. We describe the related work upon which misusability cases are based before presenting the approach, and illus- trating its application using a case study example. Finally, we describe some findings from this approach that further inform the design of usable and secure systems

Coupling system design and project planning: discussion on a bijective link between system and project structures

This article discuss the architecture of an integrated model able to support the coupling between a system design process and a project planning process. The project planning process is in charge of defining, planning and controlling the system design project. A benchmarking analysis carried out with fifteen companies belonging to the world competitiveness cluster, Aerospace Valley, has highlighted a lack of models, processes and tools for aiding the interactions between the two environments. We define the coupling as the establishment of links between entities of the two domains while preserving their original semantic, thus allowing information to be collected. The proposed coupling is recursive. It enables systems to be decomposed into subsystems when designers consider complexity to be too high, and can also decompose projects into sub-projects. The coupling enables systematically links to be drawn between project entities and system entities. In this paper, we discuss the different possibilities of linking system and project structures during the design and the planning processes. Firstly, after presenting the results of the industrial analysis, the different entities are defined and the various coupling modes are discussed

Special Session on Industry 4.0

No abstract available

Engineering model transformations with transML

The final publication is available at Springer via http://dx.doi.org/10.1007%2Fs10270-011-0211-2Model transformation is one of the pillars of model-driven engineering (MDE). The increasing complexity of systems and modelling languages has dramatically raised the complexity and size of model transformations as well. Even though many transformation languages and tools have been proposed in the last few years, most of them are directed to the implementation phase of transformation development. In this way, even though transformations should be built using sound engineering principles—just like any other kind of software—there is currently a lack of cohesive support for the other phases of the transformation development, like requirements, analysis, design and testing. In this paper, we propose a unified family of languages to cover the life cycle of transformation development enabling the engineering of transformations. Moreover, following an MDE approach, we provide tools to partially automate the progressive refinement of models between the different phases and the generation of code for several transformation implementation languages.This work has been sponsored by the Spanish Ministry of Science and Innovation with project METEORIC (TIN2008-02081), and by the R&D program of the Community of Madrid with projects “e-Madrid" (S2009/TIC-1650). Parts of this work were done during the research stays of Esther and Juan at the University of York, with financial support from the Spanish Ministry of Science and Innovation (grant refs. JC2009-00015, PR2009-0019 and PR2008-0185)