137 research outputs found
Preservation of Policy Adherence under Refinement
-Policy-based management is an approach to the management of systems with respect to issues such as security, access control and trust by the enforcement of policy rules. This paper addresses the problem of integrating the requirements imposed by a policy with the system development process. In order to take a policy specification into account in the development of a system specification, the notion of policy adherence is formalized as a relation between policy specifications and system specifications. Adherence of a system specification to a policy specification means that the former satisfies the latter. The integrated development process is supported by refinement, where both the policy specification and the system specification may be developed under any number of refinement steps. This paper characterizes the conditions under which adherence is preserved under refinement and identifies development rules that guarantee adherence preservation. By results of transitivity and compositionality the integrated development process and the analysis tasks can be conducted in a stepwise and modular way, thereby facilitating development.
Oppdragsgiver: Research Council of Norwa
An Approach to Select Cost-Effective Risk Countermeasures Exemplified in CORAS
Risk is unavoidable in business and risk management is needed amongst others
to set up good security policies. Once the risks are evaluated, the next step
is to decide how they should be treated. This involves managers making
decisions on proper countermeasures to be implemented to mitigate the risks.
The countermeasure expenditure, together with its ability to mitigate risks, is
factors that affect the selection. While many approaches have been proposed to
perform risk analysis, there has been less focus on delivering the prescriptive
and specific information that managers require to select cost-effective
countermeasures. This paper proposes a generic approach to integrate the cost
assessment into risk analysis to aid such decision making. The approach makes
use of a risk model which has been annotated with potential countermeasures,
estimates for their cost and effect. A calculus is then employed to reason
about this model in order to support decision in terms of decision diagrams. We
exemplify the instantiation of the generic approach in the CORAS method for
security risk analysis.Comment: 33 page
Privacy-Aware IoT: State-of-the-Art and Challenges
The consumer IoT is now prevalent and creates an enormous amount of fine-grained, detailed information about consumers’ everyday actions, personalities, and preferences. Such detailed information brings new and unique privacy challenges. The consumers are not aware of devices that surround them. There is a lack of transparency and absence of support for consumers to control the collection and processing of their personal and sensitive data. This paper reports on a review of state-of-the-art on privacy protection in IoT, with respect to privacy enhancing technologies (PETs) and GDPR-specific privacy principles. Drawing on a thorough analysis of 36 full papers, we identify key privacy challenges in IoT that need to be addressed to provide consumers with transparency and control over their personal data. The privacy challenges we have identified are (1) the lack of technical expertise in privacy notice comprehension, (2) the lack of transparency and control of personal data, and (3) the lack of personalized privacy recommendations.acceptedVersio
How to transform UML neg into a useful construct
In UML, the operator neg is used to specify negative, or unwanted, system behaviour. We agree that being able to specify negative behaviour is important. However, the UML neg is currently not wellsuited for this purpose, the main problem being that a single operator is used with several different meanings depending on the context. In this paper we investigate some alternative definitions of neg. We also propose a solution in which neg is replaced by two new operators for specifying negative behaviour
Relating computer systems to sequence diagrams with underspecification, inherent nondeterminism and probabilistic choice : Part 1
Having a sequence diagram specification and a computer system, we need to answer the question: Is the system compliant with the sequence diagram specification in the desired way? We present a procedure for answering this question for three variations of sequence diagrams.The procedure is independent of the choice of programming language used for the system. The semantics of sequence diagrams is denotational and based on traces. In order to answer the initial question, the procedure starts by obtaining the trace-set of the system by e.g. testing, and then transforming this into the same semantic model as that used for the sequence diagram. In addition to extending our earlier work on refinement relations for sequence diagrams, we define conformance relations relating systems to sequence diagrams.
The work is split in two parts. This paper presents part 1, in which we introduce the necessary definitions for using the compliance checking procedure on sequence diagrams with underspecification and sequence diagrams with inherent nondeterminism. In part 2 [RRS07], we present the definitions for using the procedure on sequence diagrams with probabilistic choice
The pragmatics of STAIRS
STAIRS is a method for the compositional development of interactions in the setting of UML 2.0. In addition to defining denotational trace semantics for the main aspects of interactions, STAIRS focuses on how interactions may be developed through successive refinement steps. In this tutorial paper, we concentrate on explaining the practical relevance of STAIRS. Guidelines are given on how to create interactions using the different STAIRS operators, and how these may be refined. The pragmatics is illustrated by a running example
Refining UML interactions with underspecification and nondeterminism
STAIRS is an approach to the compositional development of UML interactions, such as sequence diagrams and interaction overview diagrams. An important aspect of STAIRS is the ability to distinguish between underspecification and inherent nondeterminism through the use of potential and mandatory alternatives. This paper investigates this distinction in more detail. Refinement notions explain when (and how) both kinds of nondeterminism may be reduced during the development process. In particular, in this paper we extend STAIRS with guards, which may be used to specify the choice between alternatives. Finally, we introduce the notion of an implementation and define what it means for an implementation to be correct with respect to a specification
Specification and Refinement of Soft Real-time Requirements Using Sequence Diagrams
Soft real-time requirements are often related to communication in distributed systems. Therefore it is interesting to understand how UML sequence diagrams can be used to specify such requirements. We propose a way of integrating soft real-time requirements in sequence diagram specifications by adding probabilities to timed sequence diagrams. Our approach builds on timed STAIRS, which is an approach to the compositional and incremental development of sequence diagrams supporting specification of mandatory as well as potential behavior
Using model-driven risk analysis in component-based development
Modular system development causes challenges for security and safety as upgraded subcomponents may interact with the system in unforeseen ways. Due to their lack of modularity, conventional risk analysis methods are poorly suited to address these challenges. We propose to adjust an existing method for model-based risk analysis into a method for component-based risk analysis. We also propose a stepwise integration of the componentbased risk analysis method into a component-based development process. By using the same kinds of description techniques to specify functional behaviour and risks, we may achieve upgrading of risk analysis documentation as an integrated part of component composition and refinement
- …