Jurjens J.,University of Koblenz-Landau |
Jurjens J.,Fraunhofer Institute for Software and Systems Engineering ISST |
Wenzel S.,Fraunhofer Institute for Software and Systems Engineering ISST |
Poggenpohl D.,Fraunhofer Institute for Software and Systems Engineering ISST |
Ochoa M.,Singapore University of Technology and Design
Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI) | Year: 2016
Security certification of complex systems requires a high amount of effort. As a particular challenge, today's systems are increasingly long-living and subject to continuous change. After each change of some part of the system, the whole system needs to be re-certified from scratch (since security properties are not in general modular), which is usually far too much effort. We present a tool-supported approach for security certification that minimizes the amount of effort necessary in the case of re-certification after change. It is based on an approach for model-based development of secure software which makes use of the security extension UMLsec of the Unified Modeling Language (UML). It allows the user to integrate security requirements such as secure information flow and audit security into a system design model, it supported by a security verification tool chain, and has been applied to a number of industrial applications.
Fleischer J.,German Research Center for Geosciences |
Haner R.,German Research Center for Geosciences |
Herrnkind S.,German Research Center for Geosciences |
Kloth A.,SpaceTech GmbH STI |
And 3 more authors.
Natural Hazards and Earth System Science | Year: 2010
The German Indonesian Tsunami Early Warning System (GITEWS) is built upon a complex sensor data infrastructure. To best fulfill the demand for a long living system, the underlying software and hardware architecture of GITEWS must be prepared for future modifications both of single sensors and entire sensors systems. The foundation for a flexible integration and for stable interfaces is a result of following the paradigm of a Service Oriented Architecture (SOA). The Tsunami Service Bus (TSB) - our integration platform in GITEWS - realizes this SOA approach by implementing the Sensor Web Enablement (SWE) standards and services. This paper focuses on architectural and implementation aspects of the TSB. Initially, the general architectural approach in GITEWS by SOA and SWE is presented. Based on this conception, the concrete system architecture of GITEWS is introduced. The sensor integration platform TSB is then discussed in detail, following by its primary responsibilities and components. Special emphasis is laid on architectural transparency, comprehensible design decisions, and references to the applied technology. © Author(s) 2010.
Jurjens J.,TU Dortmund |
Jurjens J.,Fraunhofer Institute for Software and Systems Engineering ISST |
Ahmadian A.S.,TU Dortmund
MODELSWARD 2015 - 3rd International Conference on Model-Driven Engineering and Software Development, Proceedings | Year: 2015
In this invited presentation, we give an overview on a soundly based approach to Secure Software Engineering based on the UML extension UMLsec. More specifically, one main current focus is the automated, formally based analysis of software artefacts against security requirements. This is motivated by the observation that the current state of security engineering in practice is far from satisfactory. The goal is thus to start with the actual industrial engineering methods of security-critical software-based systems, to identify problems which are practically amenable to tool-supported, formally sound analysis methods, and to try to solve these problems using these methods. An important objective is to ensure that these analysis methods can actually be used in practice by keeping the additional overhead in using them bounded: First, they take as input artefacts which are already available in current industrial software development (such as UML models and program source code) and do not have to be constructed just to perform the analysis. Second, the tools should be reasonably easy to use and have a strong emphasis on automation. We also present results from some recent work on applying model-based security analysis to the analysis of economic aspects of securing critical infrastructures. Copyright © 2015 SCITEPRESS - Science and Technology Publications.
Beckers K.,University of Duisburg - Essen |
Fassbender S.,University of Duisburg - Essen |
Heisel M.,University of Duisburg - Essen |
Kuster J.-C.,Fraunhofer Institute for Software and Systems Engineering ISST |
Schmidt H.,University of Duisburg - Essen
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2012
Assembling an information security management system according to the ISO 27001 standard is difficult, because the standard provides only sparse support for system development and documentation. We analyse the ISO 27001 standard to determine what techniques and documentation are necessary and instrumental to develop and document systems according to this standard. Based on these insights, we inspect a number of current security requirements engineering approaches to evaluate whether and to what extent these approaches support ISO 27001 system development and documentation. We re-use a conceptual framework originally developed for comparing security requirements engineering methods to relate important terms, techniques, and documentation artifacts of the security requirements engineering methods to the ISO 27001. © 2012 Springer-Verlag.
Voisard A.,Free University of Berlin |
Voisard A.,Fraunhofer Institute for Software and Systems Engineering ISST |
Ziekow H.,Humboldt University of Berlin
Information Systems | Year: 2011
In the past decade, event-based systems (EBS) have received increasing attention from various communities. Central to these systems is the notion of event, which is often generally considered as a happening of interest. An EBS encompasses a large range of functionalities on various technological levels (e.g., language, execution, or communication). Existing approaches vary in the scope of implemented functionality and underlying technical concepts. For this reason, comparing EBS solutions is a challenging task. Furthermore, the lack of a unified view on EBS poses challenges to system architects in choosing and combining technologies for building event-based systems. This paper presents ARCHITECT, a framework that decomposes a general EBS into layers of abstraction. The goal of the proposed framework is twofold: (1) provide concepts that aid the understanding of existing technologies and solutions for EBS as well as their relations from a software engineering point of view; (2) present a layered framework, which enables classifying technologies for EBS and supports system architects in building complex systems from specialized components. We believe that the concepts presented in this paper are likely to improve the way both researchers and practitioners understand, use, and develop EBS components as well as complete systems. © 2011 Elsevier B.V.
Ahmadian A.S.,University of Koblenz-Landau |
Coerschulte F.,University of Koblenz-Landau |
Jurjens J.,University of Koblenz-Landau |
Jurjens J.,Fraunhofer Institute for Software and Systems Engineering ISST
Lecture Notes in Business Information Processing | Year: 2016
Outsourcing services into the cloud is a worthwhile alternative to classic service models from both a customers and providers point of view. Therefore many new cloud providers surface, offering their cloud solutions. The trust and acceptance for cloud solutions are however still not given for many customers since a lot of security incidents related to cloud computing were reported. One possibility for companies to raise the trust in the own products is to gain a certification for them based on ISO27001. The certification is however a large hurdle, especially for small and medium enterprises since they lack resources and know-how. In this paper we present an overview of the ClouDAT framework. It represents a tool based approach to help in the certification process for cloud services specifically tailored to SMEs. © Springer International Publishing Switzerland 2016.
Holtkamp B.,Fraunhofer Institute for Software and Systems Engineering ISST |
Steinbuss S.,Fraunhofer Institute for Software and Systems Engineering ISST |
Gsell H.,Fraunhofer Institute for Software and Systems Engineering ISST |
Loeffeler T.,Fraunhofer Institute for Software and Systems Engineering ISST |
Springer U.,Fraunhofer Institute for Software and Systems Engineering ISST
Proceedings - 6th International Conference on Semantics, Knowledge and Grid, SKG 2010 | Year: 2010
This paper describes an approach for the development of a logistics cloud as a 'vertical cloud'. In contrast to a generic or 'horizontal cloud' components of the cloud platform are custom tailored to the specific needs of the logistics application area. The NIST cloud services model serves as a basis for structuring logistics specific cloud service requirements. In the next step the domain specific model is used as a basis for the development of Logistics Mall, a domain specific cloud platform for the trading and usage of logistics IT services and logistics processes. The paper closes with an overview of the implementation status and an outlook to future work. © 2010 IEEE.
Meister S.,Fraunhofer Institute for Software and Systems Engineering ISST
Lecture Notes in Business Information Processing | Year: 2012
Today's central issues in the healthcare supply make it imperative to develop new concepts to reduce the emerging costs and ensure high quality standards. Applying ICT and especially telemedicine - technologies that offer the chance to optimize medical data transfer - is regarded as the promising strategy, when developing cost saving concepts. As a result, physicians, as recipients of medical data, are confronted with a growing amount of information. This has to fit seamlessly into the process of information exchange and therefore has to be transported according to the principles of information logistics (ILOG). Therefore the author proposes a new approach based upon complex event processing (CEP), named Telemedical ILOG Listener (TIL). Every telemedical value, like for instance blood-pressure, has to be described as a telemedical event. For this reason in the following the author will describe how to use HL7 V3, a worldwide used standard for medical data exchange, to define a message type which is able to include the medical data, data necessary for CEP and at least data to represent the dimension of ILOG. © 2012 Springer-Verlag Berlin Heidelberg.
Koch O.,Fraunhofer Institute for Software and Systems Engineering ISST |
Rotaru E.,Fraunhofer Institute for Software and Systems Engineering ISST
Lecture Notes in Business Information Processing | Year: 2010
The consideration of context information in physicians search for medical knowledge and information offers good prospects to improve the quality of the delivered search results from heterogeneous eResources. Within the scope of this contribution the authors introduce their information logistic approach towards a context-based information supply for physicians. Basically, this approach encloses a comprehensive context model, which is divided into the four sub models "process", "clinical case", "physician" and "environment". The prototypical implementation of a context application uses an excerpt from the model. The application is based on a context middleware and was used as a basis for an empiric validation of the approach during practical tests and two laboratory experiments. The contribution concludes with an outlook on future needs for research regarding context-based information supply and information logistics in general. © 2010 Springer-Verlag Berlin Heidelberg.
PubMed | Fraunhofer Institute for Software and Systems Engineering ISST
Type: | Journal: Studies in health technology and informatics | Year: 2014
Dependencies between tasks in clinical processes are often complex and error-prone. Our aim is to describe a new approach for the automatic derivation of clinical events identified via the behaviour of IT systems using Complex Event Processing. Furthermore we map these events on transition systems to monitor crucial clinical processes in real-time for preventing and detecting erroneous situations.