Modelchecking non-functional requirements for interface specifications.

In this paper we present a combination of formal specification and mechanical analysis enabling a simple and flexible development process for interface specifications from requirements. Using the potential of temporal logic for describing non-functional requirements we derive an analysis model from functional requirements. Slightly abusing its original object-oriented incentives we employ the precision and modularity of formal specification in Object-Z for representing interface descriptions. A structure preserving translation of Object-Z specifications to the model checker SMV unifies the temporal logic specification of requirements with the analysis model. The automated verification in SMV supports a feedback loop for a stepwise improvement of the requirement specification and its analysis model. We illustrate this technique on the case study of the safety-critical TWIN elevator system

Checking the TWIN elevator system by translating object-Z to SMV

In the context of large scale industrial installations, model checking often fails to tap its full potential because of a missing link between a system’s specification and its functional and non-functional requirements, like safety. Our work bridges this gap by providing a translation from the formal specification language Object-Z to the SMV model checker input language to combine their advantages. This paper focuses on the translation of the object-oriented features of Object-Z: operation promotion and communication between objects. We demonstrate the feasibility of our approach using the example of the TWIN Elevator system and embed the translation process in the industrial software production workflow

Twelve Theses on Reactive Rules for the Web

Reactivity, the ability to detect and react to events, is an essential functionality in many information systems. In particular, Web systems such as online marketplaces, adaptive (e.g., recommender) systems, and Web services, react to events such as Web page updates or data posted to a server. This article investigates issues of relevance in designing high-level programming languages dedicated to reactivity on the Web. It presents twelve theses on features desirable for a language of reactive rules tuned to programming Web and Semantic Web applications

"Fairly truthful": The impact of perceived effort, fairness, relevance, and sensitivity on personal data disclosure

While personal data is a source of competitive advantage, businesses should consider the potential reaction of individuals to certain types of data requests. Privacy research has identified some factors that impact privacy perceptions, but these have not yet been linked to actual disclosure behaviour. We describe a field-experiment investigating the effect of different factors on online disclosure behaviour. 2720 US participants were invited to participate in an Amazon Mechanical Turk survey advertised as a marketing study for a credit card company. Participants were asked to disclose several items of personal data. In a follow-up UCL branded survey, a subset (N=1851) of the same participants rated how they perceived the effort, fairness, relevance, and sensitivity of the first phase personal data requests and how truthful their answers had been. Findings show that fairness has a consistent and significant effect on the disclosure and truthfulness of data items such as weekly spending or occupation. Partial support was found for the effect of effort and sensitivity. Privacy researchers are advised to take into account the under-investigated fairness construct in their research. Businesses should focus on non-sensitive data items which are perceived as fair in the context they are collected; otherwise they risk obtaining low-quality or incomplete data from their customers. © 2013 Springer-Verlag

The Future of Enterprise Security with Regards to Mobile Technology and Applications

The utilisation of work assigned mobile technology by enterprise staff to chat and upload contents to the social media applications for personal use has become a key issue for a significant number of enterprises. This work aims to understand the trends amongst the users of work assigned phones when unknowingly downloading and using applications which could breach the security of the enterprise. In this paper; we assess current trends amongst employees and organisations’ use and trust of hybrid and web based social media applications used on a daily basis to communicate. This information is then evaluated alongside human related cyber security risks presented by such applications to provide instructions and advice on the management of social media application use within organisations in the Healthcare, Education and Energy sectors. The findings may be employed to develop a more robust cyber security strategy which focuses at reducing the user related risks

A qualitative study of stakeholders' perspectives on the social network service environment

Over two billion people are using the Internet at present, assisted by the mediating activities of software agents which deal with the diversity and complexity of information. There are, however, ethical issues due to the monitoring-and-surveillance, data mining and autonomous nature of software agents. Considering the context, this study aims to comprehend stakeholders' perspectives on the social network service environment in order to identify the main considerations for the design of software agents in social network services in the near future. Twenty-one stakeholders, belonging to three key stakeholder groups, were recruited using a purposive sampling strategy for unstandardised semi-structured e-mail interviews. The interview data were analysed using a qualitative content analysis method. It was possible to identify three main considerations for the design of software agents in social network services, which were classified into the following categories: comprehensive understanding of users' perception of privacy, user type recognition algorithms for software agent development and existing software agents enhancement

(In)Complete acquisition of Turkish among Turkish German bilinguals in Germany and Turkey: an analysis of complex embeddings in narratives

Although most researchers recognise that the language repertoire of bilinguals can mvary, few studies have tried to address variation in bilingual competence in any detail. This study aims to take a first step towards further understanding the way in which bilingual competencies can vary at the level of syntax by comparing the use of syntactic embeddings among three different groups of Turkish/German bilinguals. The approach of the present paper is new in that different groups of bilinguals are compared with each other, and not only with monolingual speakers, as is common in most studies in the field. The analysis focuses on differences in the use of embeddings in Turkish, which are generally considered to be one of the more complex aspects of Turkish grammar. The study shows that young Turkish/German bilingual adults who were born and raised in Germany use fewer, and less complex embeddings than Turkish/German bilingual returnees who had lived in Turkey for eight years at the time of recording. The present study provides new insights in the nature of bilingual competence, as well as a new perspective on syntactic change in immigrant Turkish as spoken in Europe

Simple Nudges for Better Password Creation

Recent security breaches have highlighted the consequences of reusing passwords across online accounts. Recent guidance on password policies by the UK government recommend an emphasis on password length over an extended character set for generating secure but memorable passwords without cognitive overload. This paper explores the role of three nudges in creating website-specific passwords: financial incentive (present vs absent), length instruction (long password vs no instruction) and stimulus (picture present vs not present). Mechanical Turk workers were asked to create a password in one of these conditions and the resulting passwords were evaluated based on character length, resistance to automated guessing attacks, and time taken to create the password. We found that users created longer passwords when asked to do so or when given a financial incentive and these longer passwords were harder to guess than passwords created with no instruction. Using a picture nudge to support password creation did not lead to passwords that were either longer or more resistant to attacks but did lead to account-specific passwords

Privacy analysis of a hidden friendship protocol

Friendship relations are a defining property of online social networks. On the one hand, and beyond their cultural interpretation, they sustain access control mechanisms and are privacy-enhancing by limiting the proliferation of personal information. On the other hand, the publicity of friendship links is privacy-invasive. We outline a distributed authentication protocol based on hidden friendship links that has been suggested in earlier work. We then investigate its formalisation and, using model-checking, we carry out a mechanised analysis of the protocol that enables the revision and rectification of the earlier version. We thus demonstrate more generally how model-checking and epistemic logic can be used for the detection of privacy and security vulnerabilities in authentication protocols for social networks