Contextualisation of Data Flow Diagrams for security analysis

Data flow diagrams (DFDs) are popular for sketching systems for subsequent threat modelling. Their limited semantics make reasoning about them difficult, but enriching them endangers their simplicity and subsequent ease of take up. We present an approach for reasoning about tainted data flows in design-level DFDs by putting them in context with other complementary usability and requirements models. We illustrate our approach using a pilot study, where tainted data flows were identified without any augmentations to either the DFD or its complementary models

Adapting Secure Tropos for Security Risk Management during Early Phases of the Information Systems Development

Security is a major target for today’s information systems (IS) designers. Security modelling languages exist to reason on security in the early phases of IS development, when the most crucial design decisions are made. Reasoning on security involves analysing risk, and effectively communicating risk-related information. However, we think that current languages can be improved in this respect. In this paper, we discuss this issue for Secure Tropos, the language supporting the eponymous agent-based IS development. We analyse it and suggest improvements in the light of an existing reference model for IS security risk management. This allows for checking Secure Tropos concepts and terminology against those of current risk management standards, thereby improving the conceptual appropriateness of the language. The paper follows a running example, called eSAP, located in the healthcare domain

Increasing the semantic transparency of the KAOS goal model concrete syntax

FCT-MCTES SFRH/BD/108492/2015Stakeholders without formal training in requirements modelling languages, such as KAOS, struggle to understand requirements specifications. The lack of semantic transparency of the KAOS goal model concrete syntax is perceived as a communication barrier between stakeholders and requirements engineers. We report on a series of related empirical experiments that include the proposal of alternative concrete syntaxes for KAOS by leveraging design contributions from novices and their evaluation with respect to semantic transparency, in contrast with the standard KAOS goal model concrete syntax. We propose an alternative concrete syntax for KAOS that increases its semantic transparency (mean difference of.23, in [−1.00.1.00]) leading to a significantly higher correct symbol identification (mean difference of 19%) by novices. These results may be a stepping stone for reducing the communication gap between stakeholders and requirements engineers.preprintpublishe

Anatomy of the Unified Enterprise Modelling Ontology

Part 2: Full PapersInternational audienceThe Unified Enterprise Modelling Language (UEML) aims to become a hub for integrated use of enterprise and information systems (IS) models expressed using different languages. A central part of this hub is an extendible ontology into which modelling languages and their constructs can be mapped, so that precise semantic relations between the languages and constructs can be established by comparing their ontology mappings. The paper presents and discusses ongoing work on reformulating the UEML ontology as an OWL2 DL ontology, the Unified Enterprise Modelling Ontology (UEMO)

Evaluating the Effects of Different Requirements Representations on Writing Test Cases

Context and MotivationOne must test a system to ensure that the requirements are met, thus, tests are often derived manually from requirements. However, requirements representations are diverse; from traditional IEEE-style text, to models, to agile user stories, the RE community of research and practice has explored various ways to capture requirements. Question/problemBut, do these different representations influence the quality or coverage of test suites? The state-of-the-art does not provide insights on whether or not the representation of requirements has an impact on the coverage, quality, or size of the resulting test suite. ResultsIn this paper, we report on a family of three experiment replications conducted with 148 students which examines the effect of different requirements representations on test creation. We find that, in general, the different requirements representations have no statistically significant impact on the number of derived tests, but specific affordances of the representation effect test quality, e.g., traditional textual requirements make it easier to derive less abstract tests, whereas goal models yield less inconsistent test purpose descriptions. ContributionOur findings give insights on the effects of requirements representation on test derivation for novice testers. Our work is limited in the use of students

Integration of safety means with functions of blockchain in multi-layered architecture of IoT for safer data transmission procedures

The launching and linking process of heterogeneous objects to the Internet of Things (IoT) is related to some important problems of the identification, authentication for ensuring safety over the wireless connections. The possibilities of connections to the IoT differ in a broad spectrum of different equipment, the functionality of objects, communication protocols, etc. This research study is related to the implementation of safeguard algorithms on the first stages of object identification and authentication before the permission stage for launching into the working area of the IoT. The application domain is related to the requirements for the safety of the multilayered infrastructure of objects by linking to the whole IoT. Such infrastructure became more complex according to the risks of very unsafe possibilities. The aim of this research is to evaluate some safety means related to the identification and authentication stages of objects by integrating them with the functionality of blockchain. The objectives of this research are related to the development of more safety working algorithms by representing the stages of checking of the identity of objects. The results demonstrated integration possibilities of implementing the blockchain functionality for establishing and managing the operational rules for pre-connection stages of objects to the IoT. The paper shows new results of developing protection means for ensuring reliable communication in the transmission of outgoing confidential data and transmission data integrity from different smart objects. As a result, components of necessary functional capabilities of the communication of IoT are developed by intending to ensure the safety and reliability of the wireless connection of objects