English englisch

ClouDAT

Projektbeschreibung

Veröffentlichungen

Kontakt

Veröffentlichungen

QuickSearch:   Number of matching entries: 0.

Year Title Author Journal/Proceedings Publisher
2014 A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain Beckers, K., Côté, I., Goeke, L., Güler, S. & Heisel, M. International Journal of Secure Software Engineering (IJSSE)   IGI Global  
BibTeX:
@article{Beckers2014-IJIS},
  year = {2014},
  title = {A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain},
  author = {Kristian Beckers and Isabelle C{\^o}t{\'e} and Ludger Goeke and Selim G\"{u}ler and Maritta Heisel},
  journal = {International Journal of Secure Software Engineering (IJSSE)},
  publisher = {IGI Global},
  note = {Accepted for Publication},
  url = {http://www.igi-global.com}
}
  
2014 A Catalog of Security Requirements Patterns for the Domain of Cloud Computing Systems Beckers, K., Côté, I. & Goeke, L. Proceedings 29th Symposium on Applied Computing   ACM  
BibTeX:
@conference{SAC2014},
  year = {2014},
  title = {{A Catalog of Security Requirements Patterns for the Domain of Cloud Computing Systems}},
  booktitle = {Proceedings 29th Symposium on Applied Computing},
  author = {Kristian Beckers and Isabelle C{\^o}t{\'e} and Ludger Goeke},
  publisher = {ACM},
  note = {Accepted for Publication},
  url = {http://dl.acm.org/}
}
  
2013 Structured Pattern-Based Security Requirements Elicitation for Clouds Beckers, K., Côté, I., Goeke, L., Güler, S. & Heisel, M. Proceedings of the International Conference on Availability, Reliability and Security (ARES) - 7th International Workshop on Secure Software Engineering (SecSE 2013)   IEEE Computer Society  
BibTeX:
@inproceedings{Beckers2013-ares2},
  year = {2013},
  title = {Structured Pattern-Based Security Requirements Elicitation for Clouds },
  booktitle = {Proceedings of the International Conference on Availability, Reliability and Security ({ARES}) - 7th International Workshop on Secure Software Engineering (SecSE 2013)},
  author = {Kristian Beckers and Isabelle C{\^o}t{\'e} and Ludger Goeke and Selim G\"{u}ler and Maritta Heisel},
  publisher = {IEEE Computer Society},
  pages = {465-474},
  url = {http://www.ieee.org/}
}
  
2013 A pattern-based method for establishing a cloud-specific information security management system Beckers, K., Côté, I., Faßbender, S., Heisel, M. & Hofbauer, S. Requirements Engineering   Springer-Verlag  
BibTeX:
@article{Beckers2013rohtua},
  year = {2013},
  title = {A pattern-based method for establishing a cloud-specific information security management system},
  author = {Beckers, Kristian and C{\^o}t{\'e}, Isabelle and Fa{\ss}bender, Stephan and Heisel, Maritta and Hofbauer, Stefan},
  journal = {Requirements Engineering},
  publisher = {Springer-Verlag},
  pages = {1-53},
  url = {http://www.springerlink.com/}
}
  
2013 Ontology-Based Analysis of Compliance and Regulatory Requirements of Business Processes, Technical Report, also published in 3rd International Conference on Cloud Computing and Services Science (Closer 2013) pp. 553--561 Humberg, T., Wessel, C., Poggenpohl, D., Wenzel, S., Ruhroth, T. & Jürjens, J.    
Abstract: Despite its significant potential benefits, the concept of Cloud Computing is still regarded with skepticism in most companies. One of the main obstacle is posed by concerns about the systems security and compliance issues. Examining system and process models for compliance manually is time-consuming and error-prone, in particular due to the mere extent of potentially relevant sources of security and compliance concerns that have to be considered. This paper proposes techniques to ease these problems by providing support in identifying relevant aspects, as well as suggesting possible methods (from an existing pool of such) to actually check a given model. We developed a two-step approach: At first, we build an ontology to formalize rules from relevant standards, augmented with additional semantic information. This ontology is then utilized in the analysis of an actual model of a system or a business process in order to detect possible compliance obligations.
BibTeX:
@techreport{closer13WHWPRJ},
  year = {2013},
  title = {Ontology-Based Analysis of Compliance and Regulatory Requirements of Business Processes, Technical Report, also published in 3rd International Conference on Cloud Computing and Services Science (Closer 2013) pp. 553--561},
  author = {T.~Humberg and C.~Wessel and D.~Poggenpohl and S.~Wenzel and T.~Ruhroth and J.~J\"urjens},
  publisher = {SciTePress},
  pages = {553--561}
}
  
2013 Model-centric Security Verification subject to Evolution (Invited Talk), technischer Bericht, auch vorgestellt auf dem Eternals Workshop @ ESSOS'13, Paris Jürjens, J.    
BibTeX:
@techreport{eternals13J},
  year = {2013},
  title = {Model-centric Security Verification subject to Evolution (Invited Talk), technischer Bericht, auch vorgestellt auf dem Eternals Workshop @ ESSOS'13, Paris},
  author = {J.~{J}{\"u}{r}jens}
}
  
2013 Hot Topics in Model-based Security (Invited Panel Contribution), technischer Bericht, auch vorgestellt auf dem Eternals Workshop @ ESSOS'13, Paris Jürjens, J.    
BibTeX:
@techreport{eternals13Jpanel},
  year = {2013},
  title = {Hot Topics in Model-based Security (Invited Panel Contribution), technischer Bericht, auch vorgestellt auf dem Eternals Workshop @ ESSOS'13, Paris},
  author = {J.~{J}{\"u}{r}jens}
}
  
2013 Modellbasiertes Sicherheits- und Compliance-Management, technischer Bericht, auch vorgestellt auf dem Jahrestreffen der GI-FG Formale Methoden und Software Engineering für Sichere Systeme (FoMSESS), Dortmund Jürjens, J.    
BibTeX:
@techreport{foMSESS13},
  year = {2013},
  title = {Modellbasiertes Sicherheits- und Compliance-Management, technischer Bericht, auch vorgestellt auf dem Jahrestreffen der GI-FG Formale Methoden und Software Engineering f\"ur Sichere Systeme (FoMSESS), Dortmund},
  author = {J.~{J}{\"u}{r}jens}
}
  
2013 Evolution vs. semantische Konsistenz, technischer Bericht, auch vorgestellt auf dem Workshop des GI-AK Traceability, Dortmund Jürjens, J.    
BibTeX:
@techreport{giak13},
  year = {2013},
  title = {Evolution vs. semantische Konsistenz, technischer Bericht, auch vorgestellt auf dem Workshop des GI-AK Traceability, Dortmund},
  author = {J.~{J}{\"u}{r}jens}
}
  
2013 Zertifizierung für sichere Cyber-Physikalische Systeme, technischer Bericht, auch vorgestellt auf dem Tag der Informations- und Kommunikationswirtschaft Nordrhein-Westfalen (IuK-Tag NRW 2013) Jürjens, J.    
BibTeX:
@techreport{iuknrw13j},
  year = {2013},
  title = {Zertifizierung f\"ur sichere Cyber-Physikalische Systeme, technischer Bericht, auch vorgestellt auf dem Tag der Informations- und Kommunikationswirtschaft Nordrhein-Westfalen (IuK-Tag NRW 2013)},
  author = {J.~{J}{\"u}{r}jens},
  url = {http://iuk-tag-nrw.de/}
}
  
2013 Sicherheit und Compliance in der Cloud (Eingeladener Vortrag), technischer Bericht, auch vorgestellt auf dem microfin Jahresempfang 2013 Jürjens, J.    
BibTeX:
@techreport{microfin13J},
  year = {2013},
  title = {Sicherheit und Compliance in der Cloud (Eingeladener Vortrag), technischer Bericht, auch vorgestellt auf dem microfin Jahresempfang 2013},
  author = {J.~{J}{\"u}{r}jens}
}
  
2013 IT-Architekturen für auditierbare Geschäftsprozessanwendungen (Eingeladener Vortrag), technischer Bericht, auch vorgestellt auf dem Fraunhofer-Symposium "Netzwert" 2013 Jürjens, J.    
BibTeX:
@techreport{netzwert13J},
  year = {2013},
  title = {IT-Architekturen f\"ur auditierbare Gesch\"aftsprozessanwendungen (Eingeladener Vortrag), technischer Bericht, auch vorgestellt auf dem Fraunhofer-Symposium "Netzwert" 2013},
  author = {J.~{J}{\"u}{r}jens}
}
  
2013 Common Criteria CompliAnt Software Development (CC-CASD) Beckers, K., Côté, I., Hatebur, D., Faßbender, S. & Heisel, M. Proceedings 28th Symposium on Applied Computing   ACM  
BibTeX:
@conference{SAC2013},
  year = {2013},
  title = {{C}ommon {C}riteria {C}ompli{A}nt {S}oftware {D}evelopment ({CC}-{CASD})},
  booktitle = {Proceedings 28th Symposium on Applied Computing},
  author = {Kristian Beckers and Isabelle C{\^o}t{\'e} and Denis Hatebur and Stephan Fa{\ss}bender and Maritta Heisel},
  publisher = {ACM},
  pages = {937-943},
  url = {http://dl.acm.org/}
}
  
2013 Resolving Vulnerability Identification Errors using Security Requirements on Business Process Models, Technical Report, also published in Journal on Information Management and Computer Security (IMCS) 2013 Vol. 21 pp.202--223 Taubenberger, S., Jürjens, J., Yu, Y. & Nuseibeh, B.    
Abstract: Purpose -- In any information security risk assessment, vulnerabilities are usually identified by information-gathering techniques. However, vulnerability identification errors -- wrongly identified or unidentified vulnerabilities -- can occur as uncertain data are used. Furthermore, businesses' security needs are not considered sufficiently. Hence, security functions may not protect business assets sufficiently and cost-effectively. This paper aims to resolve vulnerability errors by analysing the security requirements of information assets in business process models.
Design/methodology/approach -- Business process models have been selected for use, because there is a close relationship between business process objectives and risks. Security functions are evaluated in terms of the information flow of business processes regarding their security requirements. The claim that vulnerability errors can be resolved was validated by comparing the results of a current risk assessment approach with the proposed approach. The comparison is conducted both at three entities of an insurance company, as well as through a controlled experiment within a survey among security professionals.
Findings -- Vulnerability identification errors can be resolved by explicitly evaluating security requirements in the course of business; this is not considered in current assessment methods.
Originality/value -- It is shown that vulnerability identification errors occur in practice. With the explicit evaluation of security requirements, identification errors can be resolved. Risk assessment methods should consider the explicit evaluation of security requirements.
BibTeX:
@techreport{TauJurYuNus13},
  year = {2013},
  title = {Resolving Vulnerability Identification Errors using Security Requirements on Business Process Models, Technical Report, also published in Journal on Information Management and Computer Security (IMCS) 2013 Vol. 21 pp.202--223},
  author = {S.~Taubenberger and J.~{J}{\"u}{r}jens and Y.~Yu and B.~Nuseibeh},
  volume = {21},
  number = {3},
  pages = {202--223},
  doi = {http://dx.doi.org/10.1108/IMCS-09-2012-0054}
}
  
2013 Security for Changing Software and Systems (Invited Talk), technischer Bericht, auch vorgestellt auf dem tubs.CITY Symposium 2013 Jürjens, J.    
BibTeX:
@techreport{tubscity13J},
  year = {2013},
  title = {Security for Changing Software and Systems (Invited Talk), technischer Bericht, auch vorgestellt auf dem tubs.CITY Symposium 2013},
  author = {J.~{J}{\"u}{r}jens}
}