On a problem of Gabriel and Ulmer

AbstractWe present a locally finitely presentable category with a finitely presentable regular generator G and a finitely presentable object A, such that A is not a coequalizer of morphisms whose domains and codomains are finite coproducts of objects in G, thereby settling a problem by Gabriel and Ulmer. We also show that in λ-orthogonality classes in AlgSτ (category of S-sorted τ-algebras) for a λ-ary signature τ, λ-presentable objects have a presentation by less than λ generators and relations and use this to exhibit an example of a reflective subcategory of a locally finitely presentable category which is closed under directed colimits, but not a ℵ0-orthogonality class, disproving a characterization of λ-orthogonality classes in the book by Adámek and Rosický

Traceability for the maintenance of secure software

Traceability links among different software engineering artifacts make explicit how a software system was implemented to accommodate its requirements. For secure and dependable software system development, one must ensure the linked entities are truly traceable to each other and the links are updated to reflect true traceability among changed entities. However, traditional traceability relationships link recovery techniques are not accurate enough. To address this problem, we propose a traceability technique based on refactoring, which is then continuously integrated with other software maintenance activities. Applying our traceability technique to the proven SSL protocol design, we found a significant vulnerability bug in its open-source implementation. The results also demonstrate the level of accuracy and change resilience of our technique that enable reuse of the traceability-related analysis on different implementations

Secure Information Systems Engineering: Experiences and Lessons Learned from Two Health Care Projects

In CAiSE 2006, we had presented a framework to support development of secure information systems. The framework was based on the integration of two security-aware approaches, the Secure Tropos methodology, which provides an approach for security requirements elicitation, and the UMLsec approach, which allows one to include the security requirements into design models and offers tools for security analysis. In this paper we reflect on the usage of this framework and we report our experiences of applying it to two different industrial case studies from the health care domain. However, due to lack of space we only describe in this paper one of the case studies. Our findings demonstrate that the support of the framework for the consideration of security issues from the early stages and throughout the development process can result in a substantial improvement in the security of the analysed systems

Towards a comprehensive framework for secure systems development

Security involves technical as well as social challenges. In the development of security-critical applications, system developers must consider both the technical and the social parts. To achieve this, security issues must be considered during the whole development life-cycle of an information system. This paper presents an approach that allows developers to consider both the social and the technical dimensions of security through a structured and well defined process. In particular, the proposed approach takes the high-level concepts and modelling activities of the secure Tropos methodology and enriches them with a low level security-engineering ontology and models derived from the UMLsec approach. A real case study from the e-commerce sector is employed to demonstrate the applicability of the approach

A formal methodology for integral security design and verification of network protocols

We propose a methodology for verifying security properties of network protocols at design level. It can be separated in two main parts: context and requirements analysis and informal verification; and formal representation and procedural verification. It is an iterative process where the early steps are simpler than the last ones. Therefore, the effort required for detecting flaws is proportional to the complexity of the associated attack. Thus, we avoid wasting valuable resources for simple flaws that can be detected early in the verification process. In order to illustrate the advantages provided by our methodology, we also analyze three real protocols

Ovarian cysts in women receiving tamoxifen for breast cancer

Tamoxifen is a nonsteroidal anti-oestrogen with gynaecological side-effects. Only recently, ovarian cyst formation during tamoxifen treatment has been reported. The present study aimed to evaluate patient-related parameters that determine ovarian cyst formation in women using tamoxifen for breast cancer. A cross-sectional study was performed in 142 breast cancer patients using tamoxifen. Forty-five patients were also examined prior to tamoxifen treatment. Gynaecological assessment, transvaginal ultrasonography (TVU) and serum oestradiol (E2) and follicle stimulating hormone (FSH) analysis were performed. Follow-up assessments were performed twice a year. Uni- or bilateral ovarian cysts were detected by TVU in 24 tamoxifen-using patients and in one patient before tamoxifen treatment. Multiple regression analysis showed that cyst development is related (multiple R = 0.73) to high E2 (P < 0.001), younger age (P < 0.001) and absence of high-dose chemotherapy (P = 0.007). Patients with ovarian cysts had higher serum E2 levels compared to patients without cysts (1.95 vs 0.05 nmol l−1; P < 0.001). All patients after high-dose chemotherapy or older than 50 years had E2 < 0.10 nmol l−1 and/or amenorrhoea > 1 year and did not develop ovarian cysts. Patients still having a menstrual cycle during tamoxifen had a high chance (81%) of developing ovarian cysts. Breast cancer patients receiving tamoxifen only develop ovarian cysts if their ovaries are able to respond to FSH stimulation as shown by E2 production. © 1999 Cancer Research Campaig

Adapting Secure Tropos for Security Risk Management during Early Phases of the Information Systems Development

Security is a major target for today’s information systems (IS) designers. Security modelling languages exist to reason on security in the early phases of IS development, when the most crucial design decisions are made. Reasoning on security involves analysing risk, and effectively communicating risk-related information. However, we think that current languages can be improved in this respect. In this paper, we discuss this issue for Secure Tropos, the language supporting the eponymous agent-based IS development. We analyse it and suggest improvements in the light of an existing reference model for IS security risk management. This allows for checking Secure Tropos concepts and terminology against those of current risk management standards, thereby improving the conceptual appropriateness of the language. The paper follows a running example, called eSAP, located in the healthcare domain