Maritta Heisel

Prof. Dr. Maritta Heisel
Raum BB 919
Tel. : +49 203 379 3465
Fax : +49 379 4490
E-Mail : maritta.heisel[at]uni-duisburg-essen.de

Research
  • Compliance [Veröffentlichungen]
  • Formal Methods [Veröffentlichungen]
  • Methodology [Veröffentlichungen]
  • Patterns [Veröffentlichungen]
  • Privacy [Veröffentlichungen]
  • Requirements Engineering [Veröffentlichungen]
  • Safety [Veröffentlichungen]
  • Security
    Veröffentlichungen:

    QuickSearch:   Number of matching entries: 0.

    YearTitleAuthorJournal/ProceedingsPublisher
    2017 Performing a More Realistic Safety Analysis by Means of the Six-Variable Model Ulfat-Bunyadi, N., Hatebur, D. & Heisel, M. Automotive - Safety & Security 2017   GI  
    Abstract: Safety analysis typically consists of hazard analysis and risk assessment (HARA) as well as fault tree analysis (FTA). During the first, possible hazardous events are identified. During the latter, failure events that can lead to a hazardous event are identified. Usually, the focus of FTA is on identifying failure events within the system. However, a hazardous event may also occur due to invalid assumptions about the system’s environment. If the possibility that environmental assumptions turn invalid is considered during safety analysis, a more realistic and complete safety analysis is performed than without considering them. Yet, a major challenge consists in eliciting first the ‘real’ environmental assumptions. Developers do not always document assumptions, and often they are not aware of the assumptions they make. In previous work, we defined the Six-Variable Model which provides support in making the ‘real’ environmental assumptions explicit. In this paper, we define a safety analysis method based on the Six-Variable Model. The benefit of our method is that we make the environmental assumptions explicit and consider them in safety analysis. In this way, assumptions that are too strong and too risky can be identified and weakened or abandoned if necessary.
    BibTeX:
    @inproceedings{UHH-ASS2017,
      year = {2017},
      title = {Performing a More Realistic Safety Analysis by Means of the Six-Variable Model},
      booktitle = {Automotive - Safety \& Security 2017},
      author = {Ulfat-Bunyadi, Nelufar and Hatebur, Denis and Heisel, Maritta},
      publisher = {GI},
      volume = {P-269},
      series = {Lecture Notes in Informatics},
      pages = {135-148},
      url = {https://dl.gi.de/handle/20.500.12116/152}
    }
    
    2015 Problem-Based Security Requirements Elicitation and Refinement with PresSuRE Faßbender, S., Heisel, M. & Meis, R. Software Technologies - 9th International Joint Conference, ICSOFT 2014, Vienna, Austria, August 29-31, 2014, Revised Selected Papers   Springer  
    Abstract: Recently published reports on cybercrime indicate an ever-increasing number of
    security incidents related to IT systems. Many attacks causing the incidents
    abuse (in)directly one or more security defects.
    Fixing the security defect once fielded is costly. To avoid the defects and the
    subsequent need to fix them, security has to be considered thoroughly when
    developing software. The earliest phase to do so is the requirements
    engineering, in which security threats should be identified early on and treated
    by defining sufficient security requirements.
    In a previous paper, we introduced a methodology for
    Problem-based Security Requirements Elicitation (PresSuRE).
    PresSuRE provides a computer-aided security threat identification. The
    identification is based on the functional requirements for a system-to-be.
    Still, there is a need for guidance on how to derive security requirements once
    the threats are identified. In this work, we provide such guidance extending
    PresSuRE and its tool support. We illustrate and validate our approach using a
    smart grid scenario provided by the industrial partners of the EU project
    NESSoS.
    BibTeX:
    @incollection{CCIS15b,
      year = {2015},
      title = {Problem-Based Security Requirements Elicitation and Refinement with PresSuRE},
      booktitle = {Software Technologies - 9th International Joint Conference, {ICSOFT} 2014, Vienna, Austria, August 29-31, 2014, Revised Selected Papers},
      author = {Fa{\ss}bender, Stephan and Heisel, Maritta and Meis, Rene},
      publisher = {Springer},
      volume = {555},
      series = {Communications in Computer and Information Science},
      pages = {311--330},
      url = {http://dx.doi.org/10.1007/978-3-319-25579-8_18},
      doi = {10.1007/978-3-319-25579-8_18}
    }
    
    2014 Towards Developing Secure Software using Problem-oriented Security Patterns Alebrahim, A. & Heisel, M. Proceedings of the 6th International Cross-Domain Conference on Availability, Reliability, and Security in Information Systems and HCI (CD-ARES)   Springer  
    Abstract: Security as one essential quality requirement has to be addressed during
    the software development process. Quality requirements such as security
    drive the architecture of a software, while design decisions such as security patterns
    on the architecture level in turn might constrain the achievement of quality
    requirements significantly. Thus, to obtain sound architectures and correct requirements,
    knowledge which is gained in the solution space, for example from
    security patterns, should be reflected in the requirements engineering. In this paper,
    we propose an iterative method that takes into account the concurrent development
    of requirements and architecture descriptions systematically. It reuses
    security patterns for refining and restructuring the requirement models by applying
    problem-oriented security patterns. Problem-oriented security patterns adapt
    existing security patterns in a way that they can be used in the problem-oriented
    requirements engineering. The proposed method bridges the gap between security
    problems and security architectural solutions.
    BibTeX:
    @inproceedings{Alebrahim-cdares2014,
      year = {2014},
      title = {Towards Developing Secure Software using Problem-oriented Security Patterns},
      booktitle = {Proceedings of the 6th International Cross-Domain Conference on Availability, Reliability, and Security in Information Systems and HCI (CD-ARES)},
      author = {Alebrahim, Azadeh and Heisel, Maritta},
      publisher = {Springer},
      series = {LNCS 8708},
      pages = {45-62},
      url = {https://link.springer.com/}
    }
    
    2014 Problem-oriented Security Patterns for Requirements Engineering Alebrahim, A. & Heisel, M. Proceedings of the 19th European Conference on Pattern Languages of Programs (EuroPLoP)   ACM  
    BibTeX:
    @inproceedings{Alebrahim-europlop2014,
      year = {2014},
      title = {Problem-oriented Security Patterns for Requirements Engineering},
      booktitle = {Proceedings of the 19th European Conference on Pattern Languages of Programs (EuroPLoP)},
      author = {Alebrahim, Azadeh and Heisel, Maritta},
      publisher = {ACM},
      note = {Accepted},
      url = {https://dl.acm.org/citation.cfm?id=2721963}
    }
    
    2014 A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain Beckers, K., Côté, I., Goeke, L., Güler, S. & Heisel, M. International Journal of Secure Software Engineering (IJSSE) - Special Issue on 7th International Workshop on Secure Software Engineering (SecSE 2013)   IGI Global  
    Abstract: Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud's scalable and flexible IT-resources. The benefits are of particular interest for SME's. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. Therefore, the authors propose a structured, pattern-based method supporting eliciting security requirements and selecting security measures. The method guides potential cloud customers to model the application of their business case in a cloud computing context using a pattern-based approach. Thus, a potential cloud customer can instantiate our so-called Cloud System Analysis Pattern. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns and individual defined security requirement patterns, as well. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transfers the information from the instance to the security requirements patterns. In addition, they have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. The authors illustrate their method using an online-banking system as running example.
    BibTeX:
    @article{Beckers2014-IJIS,
      year = {2014},
      title = {A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain},
      author = {Beckers, Kristian and C{\^{o}}t{\'{e}}, Isabelle and Goeke, Ludger and G{\"{u}}ler, Selim and Heisel, Maritta},
      journal = {International Journal of Secure Software Engineering (IJSSE) - Special Issue on 7th International Workshop on Secure Software Engineering (SecSE 2013)},
      publisher = {IGI Global},
      volume = {5},
      number = {2},
      pages = {19 -- 41},
      url = {http://www.igi-global.com}
    }
    
    2014 Supporting Common Criteria Security Analysis with Problem Frames Beckers, K., Hatebur, D. & Heisel, M. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)   Innovative Information Science & Technology Research Group (ISYOU)  
    Abstract: Security standards, e.g., the Common Criteria (ISO 15408), are applied by software
    vendors to establish a level of confidence that the security functionality of their products
    and their applied assurance measures are sufficient. To get a Common Criteria certification,
    a comprehensible set of documents is necessary, including a detailed threat analysis and
    security objective elicitation. We focus on improving the Common Criteria threat analysis
    and the derivation of security objectives in our work.
    Our method is based upon an attacker model, which considers different attacker types,
    e.g., software attackers, that threaten only specific parts of a system. We provide tool
    support for checking the consistency and the completeness of the specified software systems
    using OCL expressions. For example, we check if all types of attackers have been considered
    for a specific domain, we check for all software domains that either a software attacker is
    considered or an assumption is documented that excludes software attackers, and we check
    if all threats are addressed by security objectives. Moreover, we can generate tables and
    texts from our UML models to satisfy the Common Criteria documentation demands. For
    instance, we can generate Common Criteria specific cross-table, which maps every security
    objective and assumption to a specific threat. The consistency checks are integrated in our
    structured method for threat analysis that considers the Common Criteria’s (CC) demands
    for documentation of the system in its environment and the reasoning that all threats are
    discovered and addressed. With our support tool UML4PF (that extends a UML tool and
    contains e.g., a UML profile and an OCL validator), we support security reasoning, validation
    of models, and we are able to generate Common Criteria-compliant documentation using
    model-to-text transformations. Our threat analysis method can also be used for threat
    analysis without the common criteria, because it uses a specific part of the UML profile that
    can be adapted to other demands with little effort. For example, it could be adapted for
    other security standards like ISO 27001.We illustrate our approach with the development of
    a smart metering gateway system.
    BibTeX:
    @article{Beckers2014-Jowua,
      year = {2014},
      title = {Supporting Common Criteria Security Analysis with Problem Frames},
      author = {Beckers, Kristian and Hatebur, Denis and Heisel, Maritta},
      journal = {Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)},
      publisher = {Innovative Information Science \& Technology Research Group (ISYOU)},
      volume = {5},
      number = {1},
      pages = {37-63},
      url = {http://isyou.info/}
    }
    
    2014 A Threat Analysis Methodology for Smart Home Scenarios Beckers, K., Faßbender, S., Heisel, M. & Suppan, S. Smart Grid Security, Proceddings of the Second International Workshop (SmartGridSec)   Springer  
    Abstract: A smart grid is envisioned to enable a more economic, environmen-
    tal friendly, sustainable and reliable supply of energy. But significant security
    concerns have to be addressed for the smart grid, dangers range from threatened
    availability of energy, to threats of customer privacy. This paper presents a struc-
    tured method for identifying security threats in the smart home scenario and in
    particular for analyzing their severity and relevance. The method is able to unveil
    also new threats, not discussed in the literature before. The smart home scenario
    is represented by a context-pattern, which is a specific kind of pattern for the elic-
    itation of domain knowledge [5]. Hence, by exchanging the smart home pattern
    by a context-pattern for another domain, e.g., clouds, our method can be used
    for these other domains, as well. The proposal is based on Microsoft’s Security
    Development Lifecycle (SDL) [4], which uses Data Flow diagrams, but proposes
    new alternatives for scenario definition and asset identification based on context-
    patterns. These alleviate the lack of scalability of the SDL. In addition, we present
    Attack Path DFDs, that show how an attacker can compromise the system.
    BibTeX:
    @inproceedings{BFassbenderHS2014,
      year = {2014},
      title = {A Threat Analysis Methodology for Smart Home Scenarios},
      booktitle = {Smart Grid Security, Proceddings of the Second International Workshop (SmartGridSec)},
      author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Heisel, Maritta and Suppan, Santiago},
      publisher = {Springer},
      volume = {8448},
      series = {Lecture Notes in Computer Science},
      pages = {94-124},
      url = {http://link.springer.com/chapter/10.1007/978-3-319-10329-7_7},
      doi = {10.1007/978-3-319-10329-7_7}
    }
    
    2014 Considering Attacker Motivation in Attack Graphs Analysis in a Smart Grid Scenario Beckers, K., Heisel, M., Krautsevich, L., Martinelli, F. & Yautsiukhin, A. Proceedings of the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14)   Springer Berlin Heidelberg  
    BibTeX:
    @inproceedings{BHKMY2014,
      year = {2014},
      title = {{C}onsidering {A}ttacker {M}otivation in {A}ttack {G}raphs {A}nalysis in a {S}mart {G}rid {S}cenario},
      booktitle = {Proceedings of the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14)},
      author = {Beckers, Kristian and Heisel, Maritta and Krautsevich, Leanid and Martinelli, Fabio and Yautsiukhin, Artsiom},
      publisher = {Springer Berlin Heidelberg},
      series = {LNCS 8448},
      pages = {Pages 30-47},
      url = {http://www.springerlink.com/}
    }
    
    2014 ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System Beckers, K., Heisel, M., Solhaug, B. & Stølen, K. Advances in Engineering Secure Future Internet Services and Systems   Springer  
    BibTeX:
    @inproceedings{BHSS2014,
      year = {2014},
      title = {ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System},
      booktitle = {Advances in Engineering Secure Future Internet Services and Systems},
      author = {Beckers, Kristian and Heisel, Maritta and Solhaug, Bj{\o}rnar and St{\o}len, Ketil},
      publisher = {Springer},
      number = {8431},
      series = {LNCS State-of-the-Art Surveys},
      pages = {315-344},
      url = {https://link.springer.com/}
    }
    
    2014 Functional Requirements Under Security PresSuRE Faßbender, S., Heisel, M. & Meis, R. ICSOFT-PT 2014 - Proc. of the 9th Int. Conf. on Software Paradigm Trends   SciTePress  
    Abstract: Recently, there has been an increase of reported security incidents hitting
    large software systems. Such incidents can originate from different
    attackers exploiting vulnerabilities of different parts of a system. Hence, there
    is a need for enhancing security considerations in software development.
    It is crucial for requirements engineers to identify security threats
    early on, and to refine the threats into security requirements.
    In this paper, we introduce a methodology for Problem-based Security
    Requirements Elicitation (PresSuRE). PresSuRE is a method for
    identifying security needs during the requirements analysis of
    software systems using a problem frame model. Our method does not rely
    entirely on the requirements engineer to detect security needs, but
    provides a computer-aided security threat identification, and
    subsequently the elicitation of security requirements.
    The identification is based on the functional requirements for a
    system-to-be. We illustrate and validate our approach using a smart grid
    scenario provided by the industrial partners of the EU project NESSoS.
    BibTeX:
    @inproceedings{ICSOFT14Pressure,
      year = {2014},
      title = {Functional Requirements Under Security {PresSuRE}},
      booktitle = {{ICSOFT-PT} 2014 - Proc. of the 9th Int. Conf. on Software Paradigm Trends},
      author = {Fa{\ss}bender, Stephan and Heisel, Maritta and Meis, Rene},
      publisher = {SciTePress},
      pages = {5-16},
      url = {http://dx.doi.org/10.5220/0005098600050016},
      doi = {10.5220/0005098600050016}
    }
    
    2014 A Structured Comparison of Security Standards Beckers, K., Côté, I., Fenz, S., Hatebur, D. & Heisel, M. Advances in Engineering Secure Future Internet Services and Systems   Springer  
    Abstract: A number of di erent security standards exist and it is dif-
    cult to choose the right one for a particular project or to evaluate if
    the right standard was chosen for a certi cation. These standards are
    often long and complex texts, whose reading and understanding takes
    up a lot of time. We provide a conceptual model for security standards
    that relies upon existing research and contains concepts and phases of
    security standards. In addition, we developed a template based upon
    this model, which can be instantiated for given security standard. These
    instantiated templates can be compared and help software and security
    engineers to understand the di erences of security standards. In particular,
    the instantiated templates explain which information and what
    level of detail a system document according to a certain security standard
    contains. We applied our method to the well known international
    security standards ISO 27001 and Common Criteria, and the German
    IT-Grundschutz standards, as well.
    BibTeX:
    @inproceedings{Lopez2014,
      year = {2014},
      title = {A Structured Comparison of Security Standards},
      booktitle = {Advances in Engineering Secure Future Internet Services and Systems},
      author = {Beckers, Kristian and C{\^{o}}t{\'{e}}, Isabelle and Fenz, Stefan and Hatebur, Denis and Heisel, Maritta},
      publisher = {Springer},
      number = {8431},
      series = {LNCS State-of-the-Art Surveys},
      pages = {1-34},
      url = {http://www.springerlink.com/}
    }
    
    2014 Enhancing Problem Frames with Trust and Reputation for Analyzing Smart Grid Security Requirements Moyano, F., Fernandez-Gago, C., Beckers, K. & Heisel, M. Proceedings of the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14)   Springer  
    BibTeX:
    @inproceedings{MGBH2014,
      year = {2014},
      title = {Enhancing Problem Frames with Trust and Reputation for Analyzing Smart Grid Security Requirements},
      booktitle = {Proceedings of the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14)},
      author = {Moyano, Francisco and Fernandez-Gago, Carmen and Beckers, Kristian and Heisel, Maritta},
      publisher = {Springer},
      series = {LNCS 8448},
      pages = {166 -- 180},
      url = {http://www.springerlink.com/}
    }
    
    2014 Determining the Probability of Smart Grid Attacks by Combining Attack Tree and Attack Graph Analysis Beckers, K., Heisel, M., Krautsevich, L., Martinelli, F., Meis, R. & Yautsiukhin, A. Smart Grid Security - Second International Workshop, SmartGridSec 2014, Munich, Germany, February 26, 2014, Revised Selected Papers   Springer  
    Abstract: Smart grid is an intelligent energy distribution system consisting of multiple information and communication technologies (ICT). One of the challenges for such complex and heterogeneous system as smart grid is to unite security analysis on a high level of abstraction and concrete behavioral attack patterns that exploit low-level vulnerabilities. We provide a structured method that combines the Si* language, which can express attacker motivations as a goal hierarchy, and vulnerability specific attack graphs, which shows every step available for an attacker. We derive system specific information from the low-level representation of the system for a high-level probabilistic analysis.
    BibTeX:
    @inproceedings{SmartGridSec14,
      year = {2014},
      title = {Determining the Probability of Smart Grid Attacks by Combining Attack Tree and Attack Graph Analysis},
      booktitle = {Smart Grid Security - Second International Workshop, SmartGridSec 2014, Munich, Germany, February 26, 2014, Revised Selected Papers},
      author = {Beckers, Kristian and Heisel, Maritta and Krautsevich, Leanid and Martinelli, Fabio and Meis, Rene and Yautsiukhin, Artisom},
      publisher = {Springer},
      series = {LNCS 8448},
      pages = {30--47},
      url = {http://dx.doi.org/10.1007/978-3-319-10329-7_3},
      doi = {10.1007/978-3-319-10329-7_3}
    }
    
    2013 A Problem-based Threat Analysis in compliance with Common Criteria Beckers, K., Hatebur, D. & Heisel, M. Proceedings of the International Conference on Availability, Reliability and Security (ARES)   IEEE Computer Society  
    Abstract: In order to gain their customers’ trust, software vendors
    can certify their products according to security standards,
    e.g., the Common Criteria (ISO 15408). A Common Criteria
    certification requires a comprehensible documentation of the
    software product, including a detailed threat analysis. In our
    work, we focus on improving that threat analysis. Our method
    is based upon an attacker model, which considers attacker types
    like software attacker that threaten only specific parts of a
    system. We use OCL expressions to check if all attackers for a
    specific domain have been considered. For example, we propose
    a computer-aided method that checks if all software systems
    have either considered a software attacker or documented an
    assumption that excludes software attackers.
    Hence, we propose a structured method for threat analysis that
    considers the Common Criteria’s (CC) demands for documentation
    of the system in its environment and the reasoning that
    all threats are discovered. We use UML4PF, a UML profile and
    support tool for Jackson’s problem frame method and OCL for
    supporting security reasoning, validation of models, and also to
    generate Common Criteria-compliant documentation. Our threat
    analysis method can also be used for threat analysis without the
    common criteria, because it uses a specific part of the UML
    profile that can be adapted to other demands with little effort.
    We illustrate our approach with the development of a smart
    metering gateway system.
    BibTeX:
    @inproceedings{Beckers2013-ares1,
      year = {2013},
      title = {A Problem-based Threat Analysis in compliance with Common Criteria},
      booktitle = {Proceedings of the International Conference on Availability, Reliability and Security ({ARES})},
      author = {Beckers, Kristian and Hatebur, Denis and Heisel, Maritta},
      publisher = {IEEE Computer Society},
      pages = {111-120},
      url = {http://www.ieee.org/}
    }
    
    2013 A pattern-based method for establishing a cloud-specific information security management system Beckers, K., Côté, I., Faßbender, S., Heisel, M. & Hofbauer, S. Requirements Engineering   Springer-Verlag  
    Abstract: Assembling an information security management
    system (ISMS) according to the ISO 27001 standard
    is difficult, because the standard provides only very sparse
    support for system development and documentation.
    Assembling an ISMS consists of several difficult tasks,
    e.g., asset identification, threat and risk analysis and
    security reasoning. Moreover, the standard demands consideration
    of laws and regulations, as well as privacy
    concerns. These demands present multi-disciplinary challenges
    for security engineers. Cloud computing provides
    scalable IT resources and the challenges of establishing an
    ISMS increases, because of the significant number of
    stakeholders and technologies involved and the distribution
    of clouds among many countries. We analyzed the ISO
    27001 demands for these multi-disciplinary challenges and
    cloud computing systems. Based on these insights, we
    provide a method that relies upon existing requirements
    engineering methods and patterns for several security tasks,
    e.g., context descriptions, threat analysis and policy definition.
    These can ease the effort of establishing an ISMS
    and can produce the necessary documentation for an ISO
    27001 compliant ISMS. We illustrate our approach using
    the example of an online bank.
    BibTeX:
    @article{Beckers2013rohtua,
      year = {2013},
      title = {A pattern-based method for establishing a cloud-specific information security management system},
      author = {Beckers, Kristian and C{\^{o}}t{\'{e}}, Isabelle and Fa{\ss}bender, Stephan and Heisel, Maritta and Hofbauer, Stefan},
      journal = {Requirements Engineering},
      publisher = {Springer-Verlag},
      pages = {1-53},
      url = {http://www.springerlink.com/}
    }
    
    2013 Common Criteria CompliAnt Software Development (CC-CASD) Beckers, K., Faßbender, S., Hatebur, D., Heisel, M. & Côté, I. Proceedings of the 28th Annual ACM Symposium on Applied Computing (SAC)   ACM  
    Abstract: In order to gain their customers’ trust, software vendors can certify
    their products according to security standards, e.g., the Common
    Criteria (ISO 15408). However, a Common Criteria certification
    requires a comprehensible documentation of the software product.
    The creation of this documentation results in high costs in terms of
    time and money.
    We propose a software development process that supports the
    creation of the required documentation for a Common Criteria certification.
    Hence, we do not need to create the documentation after
    the software is built. Furthermore, we propose to use an enhanced
    version of the requirements-driven software engineering process
    called ADIT to discover possible problems with the establishment
    of Common Criteria documents. We aim to detect these issues before
    the certification process. Thus, we avoid expensive delays of
    the certification effort. ADIT provides a seamless development approach
    that allows consistency checks between different kinds of
    UML models. ADIT also supports traceability from security requirements
    to design documents. We illustrate our approach with
    the development of a smart metering gateway system.
    BibTeX:
    @inproceedings{SAC2013,
      year = {2013},
      title = {{Common Criteria CompliAnt Software Development (CC-CASD)}},
      booktitle = {Proceedings of the 28th Annual ACM Symposium on Applied Computing (SAC)},
      author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Hatebur, Denis and Heisel, Maritta and C{\^{o}}t{\'{e}}, Isabelle},
      publisher = {ACM},
      pages = {1298--1304},
      url = {https://dl.acm.org/citation.cfm?id=2480604}
    }
    
    2012 Ontology-Based Identification of Research Gaps and Immature Research Areas Beckers, K., Eicker, S., Faßbender, S., Heisel, M., Schmidt, H. & Schwittek, W. Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2012)   Springer  
    Abstract: Researchers often have to understand new knowledge areas, and identify
    research gaps and immature areas in them. They have to understand and
    link numerous publications to achieve this goal. This is difficult, because natural
    language has to be analyzed in the publications, and implicit relations between
    them have to be discovered. We propose to utilize the structuring possibilities of
    ontologies to make the relations between publications, knowledge objects (e.g.,
    methods, tools, notations), and knowledge areas explicit. Furthermore, we use
    Kitchenham’s work on structured literature reviews and apply it to the ontology.
    We formalize relations between objects in the ontology using Codd’s relational
    algebra to support different kinds of literature research. These formal expressions
    are implemented as ontology queries. Thus, we implement an immature research
    area analysis and research gap identification mechanism. The ontology and its
    relations are implemented based on the Semantic MediaWiki+ platform.
    BibTeX:
    @inproceedings{Beckers2012-ares1,
      year = {2012},
      title = {Ontology-Based Identification of Research Gaps and Immature Research Areas},
      booktitle = {Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2012)},
      author = {Beckers, Kristian and Eicker, Stefan and Fa{\ss}bender, Stephan and Heisel, Maritta and Schmidt, Holger and Schwittek, Widura},
      publisher = {Springer},
      series = {LNCS 7465},
      pages = {93-107},
      url = {http://www.springerlink.com/}
    }
    
    2012 Using Security Requirements Engineering Approaches to Support ISO 27001 Information Security Management Systems Development and Documentation Beckers, K., Heisel, M., Faßbender, S. & Schmidt, H. Proceedings of the International Conference on Availability, Reliability and Security (ARES)   IEEE Computer Society  
    Abstract: An ISO 27001 compliant information security
    management system is difficult to create, due to the the limited
    support for system development and documentation provided
    in the standard.
    We present a structured analysis of the documentation
    and development requirements in the ISO 27001 standard.
    Moreover, we investigate to what extent existing security
    requirements engineering approaches fulfill these requirements.
    We developed relations between these approaches and the
    ISO 27001 standard using a conceptual framework originally
    developed for comparing security requirements engineering
    methods. The relations include comparisons of important
    terms, techniques, and documentation artifacts. In addition,
    we show practical applications of our results.
    BibTeX:
    @inproceedings{Beckers2012-ares4,
      year = {2012},
      title = {Using Security Requirements Engineering Approaches to Support ISO 27001 Information Security Management Systems Development and Documentation},
      booktitle = {Proceedings of the International Conference on Availability, Reliability and Security ({ARES})},
      author = {Beckers, Kristian and Heisel, Maritta and Fa{\ss}bender, Stephan and Schmidt, Holger},
      publisher = {IEEE Computer Society},
      pages = {243-248},
      url = {http://www.ieee.org/}
    }
    
    2012 A Common Body of Knowledge for Engineering Secure Software and Services Schwittek, W., Schmidt, H., Beckers, K., Eicker, S., Faßbender, S. & Heisel, M. Proceedings of the International Conference on Availability, Reliability and Security (ARES) - 1st International Workshop on Security Ontologies and Taxonomies (SecOnT 2012)   IEEE Computer Society  
    BibTeX:
    @inproceedings{Beckers2012-ares7,
      year = {2012},
      title = {A Common Body of Knowledge for Engineering Secure Software and Services},
      booktitle = {Proceedings of the International Conference on Availability, Reliability and Security ({ARES}) - 1st International Workshop on Security Ontologies and Taxonomies (SecOnT 2012)},
      author = {Schwittek, Widura and Schmidt, Holger and Beckers, Kristian and Eicker, Stefan and Fa{\ss}bender, Stephan and Heisel, Maritta},
      publisher = {IEEE Computer Society},
      pages = {499-506},
      url = {http://www.ieee.org/}
    }
    
    2012 An Aspect-Oriented Approach to Relating Security Requirements and Access Control Alebrahim, A., Tun, T. T., Yu, Y., Heisel, M. & Nuseibeh, B. Proceedings of the CAiSE Forum   CEUR-WS.org  
    Abstract: Affecting multiple parts in software systems, security requirements often tangle with functional requirements. In order to separate crosscutting concerns and increase modularity, we propose to represent security requirements as aspects that can be woven into functional requirements. Using problem frames to model the functional requirements, weaving is achieved by composing the modules representing security aspects with the requirement models. Moreover, we provide guidance on how such security aspects are structured to implement a particular access control solution. As a result, such security aspects become reusable solution patterns to refne the structure of security-related problem.
    BibTeX:
    @inproceedings{CAiSEForum2012,
      year = {2012},
      title = {An Aspect-Oriented Approach to Relating Security Requirements and Access Control},
      booktitle = {Proceedings of the CAiSE Forum},
      author = {Alebrahim, Azadeh and Tun, Thein Than and Yu, Yijun and Heisel, Maritta and Nuseibeh, Bashar},
      publisher = {CEUR-WS.org},
      volume = {855},
      series = {CEUR Workshop Proceedings},
      pages = {15--22},
      url = {http://ceur-ws.org/}
    }
    
    2012 Supporting the Development and Documentation of ISO 27001 Information Security Management Systems Through Security Requirements Engineering Approaches Beckers, K., Faßbender, S., Heisel, M., Küster, J.-C. & Schmidt, H. Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS)   Springer  
    Abstract: Assembling an information security management system according
    to the ISO 27001 standard is difficult, because the standard provides
    only sparse support for system development and documentation.
    We analyse the ISO 27001 standard to determine what techniques and
    documentation are necessary and instrumental to develop and document
    systems according to this standard. Based on these insights, we inspect a
    number of current security requirements engineering approaches to evaluate
    whether and to what extent these approaches support ISO 27001
    system development and documentation. We re-use a conceptual framework
    originally developed for comparing security requirements engineering
    methods to relate important terms, techniques, and documentation
    artifacts of the security requirements engineering methods to the ISO
    27001.
    BibTeX:
    @inproceedings{essos2012,
      year = {2012},
      title = {Supporting the Development and Documentation of {ISO} 27001 Information Security Management Systems Through Security Requirements Engineering Approaches},
      booktitle = {Proceedings of the International Symposium on Engineering Secure Software and Systems ({ESSoS})},
      author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Heisel, Maritta and K{\"{u}}ster, Jan-Christoph and Schmidt, Holger},
      publisher = {Springer},
      series = {LNCS 7159},
      url = {https://link.springer.com/}
    }
    
    2011 Systematic Development of UMLsec Design Models Based On Security Requirements Hatebur, D., Heisel, M., Jürjens, J. & Schmidt, H. Proceedings of the European Joint Conferences on Theory and Practice of Software (ETAPS) - Fundamental Approaches to Software Engineering (FASE)   Springer  
    BibTeX:
    @inproceedings{HHJ+2011,
      year = {2011},
      title = {Systematic Development of {UMLsec} Design Models Based On Security Requirements},
      booktitle = {Proceedings of the European Joint Conferences on Theory and Practice of Software (ETAPS) - Fundamental Approaches to Software Engineering ({FASE})},
      author = {Hatebur, Denis and Heisel, Maritta and J{\"{u}}rjens, Jan and Schmidt, Holger},
      publisher = {Springer},
      series = {LNCS 6603},
      pages = {232--246},
      url = {https://link.springer.com/}
    }
    
    2011 A Pattern- and Component-Based Method to Develop Secure Software Schmidt, H., Hatebur, D. & Heisel, M. Software Engineering for Secure Systems: Academic and Industrial Perspectives   IGI Global  
    Abstract: We present a security engineering process based on security problem frames and concretized
    security problem frames. Both kinds of frames constitute patterns for analyzing security problems
    and associated solution approaches. They are arranged in a pattern system that makes
    dependencies between them explicit. We describe step-by-step how the pattern system can be
    used to analyze a given security problem and how solution approaches can be found.
    Afterwards, the security problems and the solution approaches are formally modeled in detail.
    The formal models serve to prove that the solution approaches are correct solutions to the security
    problems. Furthermore, the formal models of the solution approaches constitute a formal
    specification of the software to be developed.
    Then, the specification is implemented by generic security components and generic security
    architectures, which constitute architectural patterns. Finally, the generic security components
    and the generic security architecture that composes them are refined and the result is a secure
    software product built from existing and/or tailor-made security components.
    KEYWORDS
    security
    BibTeX:
    @incollection{SHH2011,
      year = {2011},
      title = {A Pattern- and Component-Based Method to Develop Secure Software},
      booktitle = {Software Engineering for Secure Systems: Academic and Industrial Perspectives},
      author = {Schmidt, Holger and Hatebur, Denis and Heisel, Maritta},
      publisher = {IGI Global},
      pages = {32--74},
      url = {http://www.igi-global.com/}
    }
    
    2010 A Comparison of Security Requirements Engineering Methods Fabian, B., Gürses, S., Heisel, M., Santen, T. & Schmidt, H. Requirements Engineering -- Special Issue on Security Requirements Engineering    
    Abstract: This paper presents a conceptual framework for
    security engineering, with a strong focus on security
    requirements elicitation and analysis. This conceptual
    framework establishes a clear-cut vocabulary and makes
    explicit the interrelations between the different concepts and
    notions used in security engineering. Further, we apply our
    conceptual framework to compare and evaluate current
    security requirements engineering approaches, such as the
    Common Criteria, Secure Tropos, SREP, MSRA, as well as
    methods based on UML and problem frames. We review
    these methods and assess them according to different criteria,
    such as the general approach and scope of the method, its
    validation, and quality assurance capabilities. Finally, we
    discuss how these methods are related to the conceptual
    framework and to one another.
    BibTeX:
    @article{FGH+2010,
      year = {2010},
      title = {A Comparison of Security Requirements Engineering Methods},
      author = {Fabian, Benjamin and G{\"{u}}rses, Seda and Heisel, Maritta and Santen, Thomas and Schmidt, Holger},
      journal = {Requirements Engineering -- Special Issue on Security Requirements Engineering},
      volume = {15},
      number = {1},
      pages = {7--40}
    }
    
    2010 A UML Profile for Requirements Analysis of Dependable Software Hatebur, D. & Heisel, M. Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)   Springer  
    Abstract: At Safecomp 2009, we presented a foundation for requirements analysis
    of dependable software. We defined a set of patterns for expressing and analyzing
    dependability requirements, such as confidentiality, integrity, availability,
    and reliability. The patterns take into account random faults as well as certain
    attacks and therefore support a combined safety and security engineering.
    In this paper, we demonstrate how the application of our patterns can be tool supported.
    We present a UML profile allowing us to express the different dependability
    requirements using UML diagrams. Integrity conditions are expressed using
    OCL. We provide tool support based on the Eclipse development environment,
    extended with an EMF-based UML tool, e.g., Papyrus UML. We illustrate how
    to use the profile to model dependability requirements of a cooperative adaptive
    cruise control system.
    BibTeX:
    @inproceedings{HateburHeisel2010b,
      year = {2010},
      title = {A {UML} Profile for Requirements Analysis of Dependable Software},
      booktitle = {Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)},
      author = {Hatebur, Denis and Heisel, Maritta},
      publisher = {Springer},
      series = {LNCS 6351},
      pages = {317--331},
      url = {https://link.springer.com/}
    }
    
    2009 A Foundation for Requirements Analysis of Dependable Software Hatebur, D. & Heisel, M. Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)   Springer  
    Abstract: We present patterns for expressing dependability requirements, such
    as confidentiality, integrity, availability, and reliability. The paper considers random
    faults as well as certain attacks and therefore supports a combined safety
    and security engineering. The patterns - attached to functional requirements - are
    part of a pattern system that can be used to identify missing requirements. The
    approach is illustrated on a cooperative adaptive cruise control system.
    BibTeX:
    @inproceedings{HH09b,
      year = {2009},
      title = {A Foundation for Requirements Analysis of Dependable Software},
      booktitle = {Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)},
      author = {Hatebur, Denis and Heisel, Maritta},
      publisher = {Springer},
      series = {LNCS 5775},
      pages = {311--325},
      url = {https://link.springer.com/}
    }
    
    2008 Analysis and Component-based Realization of Security Requirements Hatebur, D., Heisel, M. & Schmidt, H. Proceedings of the International Conference on Availability, Reliability and Security (AReS)   IEEE Computer Society  
    Abstract: We present a process to develop secure software with an
    extensive pattern-based security requirements engineering
    phase. It supports identifying and analyzing conflicts between
    different security requirements. In the design phase,
    we proceed by selecting security software components that
    achieve security requirements. The process enables software
    developers to systematically identify, analyze, and finally
    realize security requirements using security software
    components. We illustrate our approach by a lawyer agency
    software example.
    BibTeX:
    @inproceedings{HHS2008b,
      year = {2008},
      title = {Analysis and Component-based Realization of Security Requirements},
      booktitle = {Proceedings of the International Conference on Availability, Reliability and Security (AReS)},
      author = {Hatebur, Denis and Heisel, Maritta and Schmidt, Holger},
      publisher = {IEEE Computer Society},
      series = {IEEE Transactions},
      pages = {195--203},
      url = {https://www.ieee.org}
    }
    
    2007 A Pattern System for Security Requirements Engineering Hatebur, D., Heisel, M. & Schmidt, H. Proceedings of the International Conference on Availability, Reliability and Security (AReS)   IEEE Computer Society  
    Abstract: We present a pattern system for security requirements engineering,
    consisting of security problem frames and concretized
    security problem frames. These are special kinds
    of problem frames that serve to structure, characterize, analyze,
    and finally solve software development problems in the
    area of software and system security. We equip each frame
    with formal preconditions and postconditions. The analysis
    of these conditions results in a pattern system that explicitly
    shows the dependencies between the different frames.
    Moreover, we indicate related frames, which are commonly
    used together with the considered frame. Hence, our approach
    helps security engineers to avoid omissions and to
    cover all security requirements that are relevant for a given
    problem.
    BibTeX:
    @inproceedings{HHS2007,
      year = {2007},
      title = {A Pattern System for Security Requirements Engineering},
      booktitle = {Proceedings of the International Conference on Availability, Reliability and Security (AReS)},
      author = {Hatebur, Denis and Heisel, Maritta and Schmidt, Holger},
      publisher = {IEEE Computer Society},
      series = {IEEE Transactions},
      pages = {356--365},
      url = {https://www.ieee.org}
    }
    
    2007 A Security Engineering Process based on Patterns Hatebur, D., Heisel, M. & Schmidt, H. Proceedings of the International Workshop on Secure Systems Methodologies using Patterns (SPatterns)   IEEE Computer Society  
    Abstract: We present a security engineering process based on security
    problem frames and concretized security problem
    frames. Both kinds of frames constitute patterns for analyzing
    security problems and associated solution approaches.
    They are arranged in a pattern system that makes dependencies
    between them explicit. We describe step-by-step how
    the pattern system can be used to analyze a given security
    problem and how solution approaches can be found. Further,
    we introduce a new frame that focuses on the privacy
    requirement anonymity.
    BibTeX:
    @inproceedings{HHS2007a,
      year = {2007},
      title = {A Security Engineering Process based on Patterns},
      booktitle = {Proceedings of the International Workshop on Secure Systems Methodologies using Patterns (SPatterns)},
      author = {Hatebur, Denis and Heisel, Maritta and Schmidt, Holger},
      publisher = {IEEE Computer Society},
      url = {https://www.ieee.org}
    }
    
    2005 Architectural Patterns for Problem Frames Choppy, C., Hatebur, D. & Heisel, M. IEEE Proceedings -- Software, Special Issue on Relating Software Requirements and Architecture    
    Abstract: Problem frames provide a characterisation and classification of software development problems.
    Fitting a problem into an appropriate problem frame should not only help to understand
    it, but also to solve the problem (the idea being that, once the adequate problem frame is
    identified, then the associated development method should be available). We propose software
    architectural patterns corresponding to the different problem frames that may serve as
    a starting point for the construction of the software solving the given problem. These architectural
    patterns exactly reflect the properties of the problems fitting into a given frame, and
    they can be combined in a modular way to solve multi-frame problems.
    BibTeX:
    @article{CHH2005a,
      year = {2005},
      title = {Architectural Patterns for Problem Frames},
      author = {Choppy, Christine and Hatebur, Denis and Heisel, Maritta},
      journal = {IEEE Proceedings -- Software, Special Issue on Relating Software Requirements and Architecture},
      url = {https://www.ieee.org}
    }
    
    2005 Problem Frames and Architectures for Security Problems Hatebur, D. & Heisel, M. Proceedings of the 24th International Conference on Computer Safety, Reliability and Security (SAFECOMP)   Springer  
    Abstract: Abstract: We present two (?) problem frames that serve to structure, characterize and analyze software
    development problems in the area of software and system security. These problem frames constitute
    patterns for representing security problems, variants of which occur frequently in practice. Solving such
    problems starts with the development of an appropriate software architecture. To support that process,
    we furthermore present architectural patterns associated with the problem frames.
    BibTeX:
    @inproceedings{HH2005,
      year = {2005},
      title = {Problem Frames and Architectures for Security Problems},
      booktitle = {Proceedings of the 24th International Conference on Computer Safety, Reliability and Security (SAFECOMP)},
      author = {Hatebur, Denis and Heisel, Maritta},
      publisher = {Springer},
      series = {LNCS 3688},
      pages = {390--404},
      url = {https://link.springer.com/}
    }
    
    2002 A Problem-Oriented Approach to Common Criteria Certification Rottke, T., Hatebur, D., Heisel, M. & Heiner, M. Proceedings of the 21st International Conference on Computer Safety, Reliability and Security (SAFECOMP)   Springer  
    Abstract: There is an increasing demand to certify the security of systems according to the Common Criteria (CC). The CC distinguish several evaluation assurance levels (EALs), level EAL7 being the highest and requiring the application of formal techniques. We present a method for requirements engineering and (semi-formal and formal) modeling of systems to be certified according to the higher evaluation assurance levels of the CC. The method is problem oriented, i.e. it is driven by the environment in which the system will operate and by a mission statement. We illustrate our approach by an industrial case study, namely an electronic purse card (EPC) to be implemented on a Java Smart Card. As a novelty, we treat the mutual asymmetric authentication of the card and the terminal into which the card is inserted.
    BibTeX:
    @inproceedings{RHH+2002,
      year = {2002},
      title = {A Problem-Oriented Approach to Common Criteria Certification},
      booktitle = {Proceedings of the 21st International Conference on Computer Safety, Reliability and Security (SAFECOMP)},
      author = {Rottke, Thomas and Hatebur, Denis and Heisel, Maritta and Heiner, Monika},
      publisher = {Springer},
      series = {LNCS 2434},
      pages = {334--346},
      url = {https://link.springer.com/}
    }
    
    2002 Confidentiality-Preserving Refinement is Compositional -- Sometimes Santen, T., Heisel, M. & Pfitzmann, A. Proc. Computer Security -- ESORICS 2002   Springer  
    Abstract: Confidentiality-preserving refinement describes a relation between a
    specification and an implementation that ensures that all confidentiality properties
    required in the specification are preserved by the implementation in a probabilistic
    setting. The present paper investigates the condition under which that notion
    of refinement is compositional, i.e. the condition under which refining a subsystem
    of a larger system yields a confidentiality-preserving refinement of the larger
    system. It turns out that the refinement relation is not composition in general,
    but the condition for compositionality can be stated in a way that builds on the
    analysis of subsystems thus aiding system designers in analyzing a composition.
    BibTeX:
    @inproceedings{SHP2002,
      year = {2002},
      title = {Confidentiality-Preserving Refinement is Compositional -- Sometimes},
      booktitle = {Proc.\ Computer Security -- ESORICS 2002},
      author = {Santen, Thomas and Heisel, Maritta and Pfitzmann, Andreas},
      publisher = {Springer},
      series = {LNCS 2502},
      pages = {194--211},
      url = {https://link.springer.com/}
    }
    
    2002 Specification and Refinement of Secure IT Systems Santen, T., Pfitzmann, A. & Heisel, M. Proc. International Workshop on Refinement of Critical Systems    
    BibTeX:
    @inproceedings{SPH2002,
      year = {2002},
      title = {Specification and Refinement of Secure {IT} Systems},
      booktitle = {Proc.\ International Workshop on Refinement of Critical Systems},
      author = {Santen, Thomas and Pfitzmann, Andreas and Heisel, Maritta},
      note = {http://www.esil.univ-mrs.fr/\verb|~|spc/rcs02/papers/Santen.ps.gz}
    }
    
    2001 Confidentiality-Preserving Refinement Heisel, M., Pfitzmann, A. & Santen, T. Proc. 14th IEEE Computer Security Foundations Workshop    
    Abstract: We develop a condition for confidentiality-preserving refinement which is both necessary and sufficient. Using a slight extension of CSP as notation, we give a toy example to illustrate the usefulness of our condition.
    Systems are specified by their behavior and a window. For an abstract system, the window specifies what information is allowed to be observed by its environment. For a concrete system, the window specifies what information cannot be hidden from its environment. A concrete system is a confidentiality-preserving refinement of an abstract system,
    if it behaviorally refines the abstract system and if the
    information revealed by the concrete window is allowed to
    be revealed according to the abstract window.
    BibTeX:
    @inproceedings{HPS2001,
      year = {2001},
      title = {Confidentiality-Preserving Refinement},
      booktitle = {Proc.\ 14th IEEE Computer Security Foundations Workshop},
      author = {Heisel, Maritta and Pfitzmann, Andreas and Santen, Thomas},
      publisher = {IEEE Computer Society},
      pages = {295--305}
    }
    

    Created by JabRef on 13/03/2018.

  • Software Architecture [Veröffentlichungen]
  • Software Quality [Veröffentlichungen]
  • Test [Veröffentlichungen]