Fraunhofer Institute for Software and Systems Engineering ISST

Berlin, Germany

Fraunhofer Institute for Software and Systems Engineering ISST

Berlin, Germany
SEARCH FILTERS
Time filter
Source Type

Steinbuss S.,Fraunhofer Institute for Software and Systems Engineering ISST | Holtkamp B.,Fraunhofer Institute for Software and Systems Engineering ISST | Opriel S.,Fraunhofer Institute for Software and Systems Engineering ISST
Procedia Manufacturing | Year: 2017

Digitization is a megatrend which affects all industries. But how does this affect learning on the job scenarios. The research project HANDELkompetent aims at digitization of work process integrated informal learning in retail with a methodological approach and a supporting digital learning environment. The method consists of an accompanied learning approach, where a dedicated person schedules the development of competences of staff in dialog. Learning content consists of small web-based trainings, i.e. learning-nuggets, which can be consumed in a few minutes. The learning environment is enhanced with a tablet pc app, which presents learning content to a learner. The app is enabled to deliver appropriate content to the learner by recognizing the learning situation by making use of device sensors, the actual competences of a learner and the target competences as registered in the learning environment. That means in detail that a learning position, e.g. cash point, warehouse or sales floor is tagged with iBeacons. Those iBeacons broadcast their identification via Bluetooth Low Energy. The tablet PCof a learner can identify these iBeacons and thus, the app determines the physical location of the learner. Besides the position the app can utilize microphone, camera or a brightness sensor for gathering context information, to derive the learning situation and to deliver appropriate content. We make use of the Digital Business Engineering Framework to structure our work. Digital Business Engineering is a methodological framework to deliver sustainable solutions for Digital Transformation. This paper shows our structural approach and first results of the development phase of the HANDELkompetent project. © 2017 The Authors


Ahmadian A.S.,University of Koblenz-Landau | Struber D.,University of Koblenz-Landau | Riediger V.,University of Koblenz-Landau | Jurjens J.,University of Koblenz-Landau | Jurjens J.,Fraunhofer Institute for Software and Systems Engineering ISST
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2017

Article 25 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing and the free movement of personal data, refers to data protection by design and by default. Privacy and data protection by design implies that IT systems need to be adapted or focused to technically support privacy and data protection. To this end, we need to verify whether security and privacy are supported by a system, or any change in the design of the system is required. In this paper, we provide a model-based privacy analysis approach to analyze IT systems that provide IT services to service customers. An IT service may rely on different enterprises to process the data that is provided by service customers. Therefore, our approach is modular in the sense that it analyzes the system design of each enterprise individually. The approach is based on the four privacy fundamental elements, namely purpose, visibility, granularity, and retention. We present an implementation of the approach based on the CARiSMA tool. To evaluate our approach, we apply it to an industrial case study. © Springer International Publishing AG 2017.


Ahmadian A.S.,University of Koblenz-Landau | Jurjens J.,University of Koblenz-Landau | Jurjens J.,Fraunhofer Institute for Software and Systems Engineering ISST
Proceedings of the International Conference on Cloud Computing Technology and Science, CloudCom | Year: 2017

Security and privacy are increasing concerns for both IT service customers and providers. According to cloud security alliance (CSA), privacy level agreements (PLAs) are intended to be used as appendixes to service level agreements and are likely to become as an industry standardized way for cloud service providers to describe the level of privacy and data protection. In this paper, we introduce an approach to verify whether the system design of a service provider supports the service customer's privacy and security preferences, by exploiting PLAs. In the first step, we formalize the PLAs. To this end, a metamodel for the PLAs is provided. This metamodel is based on the PLA outline provided by CSA, which is originally based on Directive 95/46/EC. In our research, we first investigate if an adaptation of the PLA outline with respect to the Regulation 2016/679 (repealing of Directive 95/46/EC) on the protection of natural persons with respect to the processing of personal data, is required. Afterwards, we describe how the PLAs are used to support model-based privacy and security analyses. Moreover, we explain how the analyses results can be used to refine PLAs. Our approach is supported by the CARiSMA tool. To evaluate the approach, we applied it to a real industry case study. © 2016 IEEE.


Fleischer J.,German Research Center for Geosciences | Haner R.,German Research Center for Geosciences | Herrnkind S.,German Research Center for Geosciences | Kloth A.,SpaceTech GmbH STI | And 3 more authors.
Natural Hazards and Earth System Science | Year: 2010

The German Indonesian Tsunami Early Warning System (GITEWS) is built upon a complex sensor data infrastructure. To best fulfill the demand for a long living system, the underlying software and hardware architecture of GITEWS must be prepared for future modifications both of single sensors and entire sensors systems. The foundation for a flexible integration and for stable interfaces is a result of following the paradigm of a Service Oriented Architecture (SOA). The Tsunami Service Bus (TSB) - our integration platform in GITEWS - realizes this SOA approach by implementing the Sensor Web Enablement (SWE) standards and services. This paper focuses on architectural and implementation aspects of the TSB. Initially, the general architectural approach in GITEWS by SOA and SWE is presented. Based on this conception, the concrete system architecture of GITEWS is introduced. The sensor integration platform TSB is then discussed in detail, following by its primary responsibilities and components. Special emphasis is laid on architectural transparency, comprehensible design decisions, and references to the applied technology. © Author(s) 2010.


Jurjens J.,TU Dortmund | Jurjens J.,Fraunhofer Institute for Software and Systems Engineering ISST | Ahmadian A.S.,TU Dortmund
MODELSWARD 2015 - 3rd International Conference on Model-Driven Engineering and Software Development, Proceedings | Year: 2015

In this invited presentation, we give an overview on a soundly based approach to Secure Software Engineering based on the UML extension UMLsec. More specifically, one main current focus is the automated, formally based analysis of software artefacts against security requirements. This is motivated by the observation that the current state of security engineering in practice is far from satisfactory. The goal is thus to start with the actual industrial engineering methods of security-critical software-based systems, to identify problems which are practically amenable to tool-supported, formally sound analysis methods, and to try to solve these problems using these methods. An important objective is to ensure that these analysis methods can actually be used in practice by keeping the additional overhead in using them bounded: First, they take as input artefacts which are already available in current industrial software development (such as UML models and program source code) and do not have to be constructed just to perform the analysis. Second, the tools should be reasonably easy to use and have a strong emphasis on automation. We also present results from some recent work on applying model-based security analysis to the analysis of economic aspects of securing critical infrastructures. Copyright © 2015 SCITEPRESS - Science and Technology Publications.


Beckers K.,University of Duisburg - Essen | Fassbender S.,University of Duisburg - Essen | Heisel M.,University of Duisburg - Essen | Kuster J.-C.,Fraunhofer Institute for Software and Systems Engineering ISST | Schmidt H.,University of Duisburg - Essen
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2012

Assembling an information security management system according to the ISO 27001 standard is difficult, because the standard provides only sparse support for system development and documentation. We analyse the ISO 27001 standard to determine what techniques and documentation are necessary and instrumental to develop and document systems according to this standard. Based on these insights, we inspect a number of current security requirements engineering approaches to evaluate whether and to what extent these approaches support ISO 27001 system development and documentation. We re-use a conceptual framework originally developed for comparing security requirements engineering methods to relate important terms, techniques, and documentation artifacts of the security requirements engineering methods to the ISO 27001. © 2012 Springer-Verlag.


Voisard A.,Free University of Berlin | Voisard A.,Fraunhofer Institute for Software and Systems Engineering ISST | Ziekow H.,Humboldt University of Berlin
Information Systems | Year: 2011

In the past decade, event-based systems (EBS) have received increasing attention from various communities. Central to these systems is the notion of event, which is often generally considered as a happening of interest. An EBS encompasses a large range of functionalities on various technological levels (e.g., language, execution, or communication). Existing approaches vary in the scope of implemented functionality and underlying technical concepts. For this reason, comparing EBS solutions is a challenging task. Furthermore, the lack of a unified view on EBS poses challenges to system architects in choosing and combining technologies for building event-based systems. This paper presents ARCHITECT, a framework that decomposes a general EBS into layers of abstraction. The goal of the proposed framework is twofold: (1) provide concepts that aid the understanding of existing technologies and solutions for EBS as well as their relations from a software engineering point of view; (2) present a layered framework, which enables classifying technologies for EBS and supports system architects in building complex systems from specialized components. We believe that the concepts presented in this paper are likely to improve the way both researchers and practitioners understand, use, and develop EBS components as well as complete systems. © 2011 Elsevier B.V.


Ahmadian A.S.,University of Koblenz-Landau | Coerschulte F.,University of Koblenz-Landau | Jurjens J.,University of Koblenz-Landau | Jurjens J.,Fraunhofer Institute for Software and Systems Engineering ISST
Lecture Notes in Business Information Processing | Year: 2016

Outsourcing services into the cloud is a worthwhile alternative to classic service models from both a customers and providers point of view. Therefore many new cloud providers surface, offering their cloud solutions. The trust and acceptance for cloud solutions are however still not given for many customers since a lot of security incidents related to cloud computing were reported. One possibility for companies to raise the trust in the own products is to gain a certification for them based on ISO27001. The certification is however a large hurdle, especially for small and medium enterprises since they lack resources and know-how. In this paper we present an overview of the ClouDAT framework. It represents a tool based approach to help in the certification process for cloud services specifically tailored to SMEs. © Springer International Publishing Switzerland 2016.


Holtkamp B.,Fraunhofer Institute for Software and Systems Engineering ISST | Steinbuss S.,Fraunhofer Institute for Software and Systems Engineering ISST | Gsell H.,Fraunhofer Institute for Software and Systems Engineering ISST | Loeffeler T.,Fraunhofer Institute for Software and Systems Engineering ISST | Springer U.,Fraunhofer Institute for Software and Systems Engineering ISST
Proceedings - 6th International Conference on Semantics, Knowledge and Grid, SKG 2010 | Year: 2010

This paper describes an approach for the development of a logistics cloud as a 'vertical cloud'. In contrast to a generic or 'horizontal cloud' components of the cloud platform are custom tailored to the specific needs of the logistics application area. The NIST cloud services model serves as a basis for structuring logistics specific cloud service requirements. In the next step the domain specific model is used as a basis for the development of Logistics Mall, a domain specific cloud platform for the trading and usage of logistics IT services and logistics processes. The paper closes with an overview of the implementation status and an outlook to future work. © 2010 IEEE.


Meister S.,Fraunhofer Institute for Software and Systems Engineering ISST
Lecture Notes in Business Information Processing | Year: 2012

Today's central issues in the healthcare supply make it imperative to develop new concepts to reduce the emerging costs and ensure high quality standards. Applying ICT and especially telemedicine - technologies that offer the chance to optimize medical data transfer - is regarded as the promising strategy, when developing cost saving concepts. As a result, physicians, as recipients of medical data, are confronted with a growing amount of information. This has to fit seamlessly into the process of information exchange and therefore has to be transported according to the principles of information logistics (ILOG). Therefore the author proposes a new approach based upon complex event processing (CEP), named Telemedical ILOG Listener (TIL). Every telemedical value, like for instance blood-pressure, has to be described as a telemedical event. For this reason in the following the author will describe how to use HL7 V3, a worldwide used standard for medical data exchange, to define a message type which is able to include the medical data, data necessary for CEP and at least data to represent the dimension of ILOG. © 2012 Springer-Verlag Berlin Heidelberg.

Loading Fraunhofer Institute for Software and Systems Engineering ISST collaborators
Loading Fraunhofer Institute for Software and Systems Engineering ISST collaborators