Stephan Faßbender

Pattern-Based Support for Context Establishment and Asset Identification of the ISO 27000 in the Field of Cloud Computing

The ISO 27000 is a well-established series of information security standards. The scope for applying these standards can be an organisation as a whole, single business processes or even an IT application or IT infrastructure. The context establishment and the asset identification are among the first steps to be performed. The quality of the results produced when performing these steps has a crucial influence on the subsequent steps such as identifying loss, vulnerabilities, possible attacks and defining countermeasures. Thus, a context analysis to gather all necessary information in the initial steps is important, but is not offered in the standard. In this paper, we focus on the scope of cloud computing systems and present a way to support the context establishment and the asset identification described in ISO 27005. A cloud system analysis pattern and different kinds of stakeholder templates serve to understand and describe a given cloud development problem, i.e. the envisaged IT systems and the relevant parts of the operational environment. We illustrate our support using an online banking cloud scenario.

A pattern-based method for identifying and analyzing laws

Nowadays many legislators decided to enact different laws, which all enforce legal and natural persons to deal more carefully with IT systems. Hence, there is a need for techniques to identify and analyze laws which are relevant for an IT system. But identifying relevant compliance regulations for an IT system and aligning it to be compliant is a challenging task. This paper presents a novel method for identifying and analyzing laws. The method makes use of different kinds of law analysis patterns that allow legal experts and software and system developers to understand and elicit relevant laws for the given development problem. Our approach also helps to detect dependent laws. We illustrate our method using an online-banking cloud scenario.

Optimizing Functional and Quality Requirements According to Stakeholders’ Goals

High-quality software has to consider various quality issues and different stakeholder goals. Such diverse requirements may be conflicting, and the conflicts may not be visible at first sight. We propose a method to obtain an optimal set of requirements that contains no conflicts and satisfies the stakeholder goals and quality requirements to the largest possible extent. We first capture the stakeholders’ goals and then analyze functional and quality requirements using an extension of the problem frame approach. To obtain an optimal set of requirements, we first determine candidates for requirements interaction. For negatively interacting requirements, we derive alternatives in a systematic way. To prepare for the optimization, we need to assign values to the different requirements. To determine those values, we apply the Analytical Network Process (ANP). Finally, we use existing optimizer tools to obtain a set of requirements that has a maximal value with respect to the previously determined values and that does not contain any conflicting requirements. We illustrate our method with the real-life example of smart metering.

Supporting the development and documentation of ISO 27001 information security management systems through security requirements engineering approaches

Assembling an information security management system according to the ISO 27001 standard is difficult, because the standard provides only sparse support for system development and documentation. We analyse the ISO 27001 standard to determine what techniques and documentation are necessary and instrumental to develop and document systems according to this standard. Based on these insights, we inspect a number of current security requirements engineering approaches to evaluate whether and to what extent these approaches support ISO 27001 system development and documentation. We re-use a conceptual framework originally developed for comparing security requirements engineering methods to relate important terms, techniques, and documentation artifacts of the security requirements engineering methods to the ISO 27001.

Pattern-Based context establishment for service-oriented architectures

A context description of a software system and its environment is essential for any given software engineering process. Requirements define statements about the environment (according to Jacksons terminology). The context description of a Service-Oriented Architecture is difficult to provide, because of the variety of technical systems and stakeholders involved. We present two patterns for SOA systems and support their instantiation with a structured method. In addition, we show how the pattern can be used in a secure service development life-cycle.

A Threat Analysis Methodology for Smart Home Scenarios

A smart grid is envisioned to enable a more economic, environmental friendly, sustainable and reliable supply of energy. But significant security concerns have to be addressed for the smart grid, dangers range from threatened availability of energy, to threats of customer privacy. This paper presents a structured method for identifying security threats in the smart home scenario and in particular for analyzing their severity and relevance. The method is able to unveil also new threats, not discussed in the literature before. The smart home scenario is represented by a context-pattern, which is a specific kind of pattern for the elicitation of domain knowledge [1]. Hence, by exchanging the smart home pattern by a context-pattern for another domain, e.g., clouds, our method can be used for these other domains, as well. The proposal is based on Microsoft’s Security Development Lifecycle (SDL) [2], which uses Data Flow diagrams, but proposes new alternatives for scenario definition and asset identification based on context-patterns. These alleviate the lack of scalability of the SDL. In addition, we present Attack Path DFDs, that show how an attacker can compromise the system.

Combining Goal-Oriented and Problem-Oriented Requirements Engineering Methods

Several requirements engineering methods exist that differ in their abstraction level and in their view on the system-to-be. Two fundamentally different classes of requirements engineering methods are goal- and problem-based methods. Goal-based methods analyze the goals of stakeholders towards the system-to-be. Problem-based methods focus on decomposing the development problem into simple sub-problems. Goal-based methods use a higher abstraction level that consider only the parts of a system that are relevant for a goal and provide the means to analyze and solve goal conflicts. Problem-based methods use a lower abstraction level that describes the entire system-to-be. A combination of these methods enables a seamless software development, which considers stakeholders’ goals and a comprehensive view on the system-to-be at the requirements level. We propose a requirements engineering method that combines the goal-based method SI* and the problem-based method Problem Frames. We propose to analyze the issues between different goals of stakeholders first using the SI* method. Our method provides the means to use the resulting SI* models as input for the problem frame method. These Problem Frame models can be refined into architectures using existing research. Thus, we provide a combined requirements engineering method that considers all stakeholder views and provides a detailed system specification. We illustrate our method using an E-Health example.

A meta-pattern and pattern form for context-patterns

In a previous EuroPlop publication we introduced a catalog of context-patterns. We described common structures and stakeholders for several different domains in our context-patterns. The common elements of the context were obtained from observations about the domain in terms of standards, domain specific-publications, and implementations. Whenever a system-to-be is already described by a context-pattern, one can use this context-pattern to elicit domain knowledge via instantiation of the context-pattern. Moreover, we analyzed the common concepts in our context-patterns and created a meta-model to describe the relations between these concepts. This meta-model was the initial step towards a pattern language for context-patterns. In this work, we show the consequent next step for the definition of a pattern language for context-patterns. In addition, we contribute a structured and guided meta-process for deriving and describing context-patterns, which relies on the previously introduced meta model. The meta process contains a pattern form for context-patterns, which helps to identify the structure of a particular context-pattern. We contribute a (context-) meta pattern, as well, which provides a basis for refinement into any given context-pattern. We illustrate our approach by describing a smart grid context-pattern, which is based on our experience with the industrial partners of the NESSoS project.

A Computer-Aided Process from Problems to Laws in Requirements Engineering

In today’s world many products and services are highly dependent on software and information systems. With the growing importance of IT systems, legislators worldwide decided to regulate and enforce laws for IT systems. With respect to this situation, the impact of compliance on the development of IT systems becomes more and more severe. Hence, software engineers have a need for techniques to deal with compliance. But identifying relevant compliance regulations for IT systems is a challenging task. We proposed patterns and a structured method to tackle these problems [1]. A crucial step is the transformation of requirements into a structure, which allows for the identification of laws. The transformation step was described in general in [2]. This work describes a method to structure the requirements, elicit the needed domain knowledge and transform requirements into law identification pattern instances. The manual execution of this method was reported by us to be time consuming and tedious. Hence, in this work we identify the points for (semi-)automation, and we outline a first implementation for the automation. We present our results using a voting system as an example, which was obtained from the ModIWa DFG (Juristisch-informatische Modellierung von Internetwahlen (II). A Deutsche Forschungsgemeinschaft project: http://cms.uni-kassel.de/unicms/index.php?id=38536) project and the common criteria profile for voting systems.

Ontology-Based Identification of Research Gaps and Immature Research Areas

Researchers often have to understand new knowledge areas, and identify research gaps and immature areas in them. They have to understand and link numerous publications to achieve this goal. This is difficult, because natural language has to be analyzed in the publications, and implicit relations between them have to be discovered. We propose to utilize the structuring possibilities of ontologies to make the relations between publications, knowledge objects (e.g., methods, tools, notations), and knowledge areas explicit. Furthermore, we use Kitchenham’s work on structured literature reviews and apply it to the ontology. We formalize relations between objects in the ontology using Codd’s relational algebra to support different kinds of literature research. These formal expressions are implemented as ontology queries. Thus, we implement an immature research area analysis and research gap identification mechanism. The ontology and its relations are implemented based on the Semantic MediaWiki+ platform.