13 research outputs found
Improving the Information Security Model by using TFI
In the context of information systems and information technology, information security is a concept that is becoming widely used. The European Network of Excellence INTEROP classifies information security as a nonfunctional aspect of interoperability and as such it is an integral part of the design process for interoperable systems. In the last decade, academics and practitioners have shown their interest in information security, for example by developing security models for evaluating products and setting up security specifications in order to safeguard the confidentiality, integrity, availability and accountability of data. Earlier research has shown that measures to achieve information security in the administrative or organisational level are missing or inadequate. Therefore, there is a need to improve information security models by including vital elements of information security. In this paper, we introduce a holistic view of information security based on a Swedish model combined with a literature survey. Furthermore we suggest extending this model using concepts based on semiotic theory and adopting the view of an information system as constituted of the technical, formal and informal (TFI) parts. The aim is to increase the understanding of the information security domain in order to develop a well-founded theoretical framework, which can be used both in the analysis and the design phase of interoperable systems. Finally, we describe and apply the Information Security (InfoSec) model to the results of three different case studies in the healthcare domain. Limits of the model will be highlighted and an extension will be proposed.In the context of information systems and information technology, information security is a concept that is becoming widely used. The European Network of Excellence INTEROP classifies information security as a nonfunctional aspect of interoperability and as such it is an integral part of the design process for interoperable systems. In the last decade, academics and practitioners have shown their interest in information security, for example by developing security models for evaluating products and setting up security specifications in order to safeguard the confidentiality, integrity, availability and accountability of data. Earlier research has shown that measures to achieve information security in the administrative or organisational level are missing or inadequate. Therefore, there is a need to improve information security models by including vital elements of information security. In this paper, we introduce a holistic view of information security based on a Swedish model combined with a literature survey. Furthermore we suggest extending this model using concepts based on semiotic theory and adopting the view of an information system as constituted of the technical, formal and informal (TFI) parts. The aim is to increase the understanding of the information security domain in order to develop a well-founded theoretical framework, which can be used both in the analysis and the design phase of interoperable systems. Finally, we describe and apply the Information Security (InfoSec) model to the results of three different case studies in the healthcare domain. Limits of the model will be highlighted and an extension will be proposed.Monograph's chapter
Process Patterns for Component-Based Software Development
Abstract. Component-Based Development (CBD) has been broadly used in software development, as it enhances reusability and flexibility, and reduces the costs and risks involved in systems development. It has therefore spawned many widely-used approaches, such as Commercial Off-The-Shelf (COTS) and software product lines. On the other hand, in order to gain a competitive edge, organizations need to define custom processes tailored to fit their specific de-velopment requirements. This has led to the emergence of process patterns and Method Engineering approaches. We propose a set of process patterns commonly encountered in component-based development methodologies. Seven prominent component-based method-ologies have been selected and reviewed, and a set of high-level process patterns recurring in these methodologies have been identified. A generic process framework for component-based development has been proposed based on these process patterns. The process patterns and the generic framework can be used for developing or tailoring a process for producing component-based systems
Method Construction by Goal Analysis
Abstract. Method engineering proposes the construction of methodologies by selecting method fragments from a repository and assembling then in an appropriate way. However, the rules by which the “optimal ” method fragments are chosen are not clear, and such chores are usually done manually by an expert. This paper presents a goal analysis technique for the selection of the optimal method fragments from a repository, using backward reasoning to obtain the set of fragments that satisfy the desired goals with minimum effort. By using this technique, a methodologist can determine the goals that the organisation wants the methodology to satisfy, and then, preferably, rely on automated tools for the selection of the optimal solution.
Adding Agent-Oriented Concepts Derived from Gaia to Agent OPEN
Agent OPEN offers extensions of an object-oriented methodological framework to support agent-oriented software developments. However, to date, it is incomplete. Here, we extend the Agent OPEN repository of process components to include contributions from the Gaia agent-oriented methodology. We have identified one new Task, together with six new subtasks for some preexisting Tasks. Three extra Techniques and five new Work Products were identified and recommended to be added in order to support the Gaia approach for agent-oriented software development. © Springer-Verlag 2004
Turning Method Engineering Support into Reality
Part 5: Tools for Method EngineeringInternational audienceThe Situational Method Engineering (SME) discipline emerged two decades ago to face up to the challenge of the in-house definition of software production methods and the construction of the corresponding supporting tools. However, nowadays most of the existent proposals only focus on one of the phases of the SME lifecycle. In order to fill this gap, in this paper we present a methodological framework that equally encompasses two of these phases, which refer to the method design and implementation. In order to support them in an effective manner, we advocate for the use of the Model Driven Development (MDD) paradigm. Applying these ideas, the framework has been defined on top of a MDD infrastructure based on meta-modeling and model transformation techniques. In addition, we provide implementation details of the framework in an Eclipse-based modeling platform, namely MOSKitt