Prof. Dr. Maritta Heisel
Raum BB 919
Tel. : +49 203 379 3465
Fax : +49 379 4490
E-Mail : maritta.heisel[at]uni-duisburg-essen.de

QuickSearch:   Number of matching entries: 0.

YearTitleAuthorJournal/ProceedingsPublisher
2019 Integration of Development Interface Agreement, Supplier Safety Assessment and Safety Management for Driver Assistance Systems Frese, T., Côté, I., Hatebur, D. & Heisel, M. Mobilität in Zeiten der Veränderung   Springer  
BibTeX:
@incollection{mobi19,
  year = {2019},
  title = {Integration of Development Interface Agreement, Supplier Safety Assessment and Safety Management for Driver Assistance Systems},
  booktitle = {Mobilit{\"{a}}t in Zeiten der Ver{\"{a}}nderung},
  author = {Frese, Thomas and C{\^{o}}t{\'{e}}, Isabelle and Hatebur, Denis and Heisel, Maritta},
  publisher = {Springer},
  pages = {241 -- 251},
  url = {www.springer.com}
}
2019 Combining Safety and Security in Autonomous Cars Using Blockchain Technologies Davi, L., Hatebur, D., Heisel, M. & Wirtz, R. Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)   Springer  
BibTeX:
@proceedings{,
  year = {2019},
  title = {Combining Safety and Security in Autonomous Cars Using Blockchain Technologies},
  booktitle = {Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)},
  author = {Davi, Lucas and Hatebur, Denis and Heisel, Maritta and Wirtz, Roman},
  publisher = {Springer},
  url = {www.springer.com}
}
2018 Functional Safety Processes and Driver Assistance Systems: Evolution or Revolution? Frese, T., Hatebur, D., Côté, I. & Heisel, M. Mobilität und digitale Transformation - Technische und betriebswirtschaftliche Aspekte   Springer  
BibTeX:
@incollection{mobi2018,
  year = {2018},
  title = {Functional Safety Processes and Driver Assistance Systems: Evolution or Revolution?},
  booktitle = {Mobilit{\"{a}}t und digitale Transformation - Technische und betriebswirtschaftliche Aspekte},
  author = {Frese, Thomas and Hatebur, Denis and C{\^{o}}t{\'{e}}, Isabelle and Heisel, Maritta},
  publisher = {Springer},
  pages = {199 - 216},
  url = {www.springer.com}
}
2018 Problem-based Elicitation of Security Requirements - The ProCOR Method Wirtz, R., Heisel, M., Meis, R., Omerovic, A. & Stølen, K. Proceedings of the 13th International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE 2018, Funchal, Madeira, Portugal, March 23-24, 2018.   SciTePress  
BibTeX:
@inproceedings{Wirtz18,
  year = {2018},
  title = {Problem-based Elicitation of Security Requirements - The ProCOR Method},
  booktitle = {Proceedings of the 13th International Conference on Evaluation of Novel Approaches to Software Engineering, {ENASE} 2018, Funchal, Madeira, Portugal, March 23-24, 2018.},
  author = {Wirtz, Roman and Heisel, Maritta and Meis, Rene and Omerovic, Aida and St{\o}len, Ketil},
  publisher = {SciTePress},
  pages = {26--38},
  url = {https://doi.org/10.5220/0006669400260038},
  doi = {10.5220/0006669400260038}
}
2017 A structured and systematic model-based development method for automotive systems, considering the OEM/supplier interface Beckers, K., Côté, I., Frese, T., Hatebur, D. & Heisel, M. Reliability Engineering & System Safety    
Abstract: Abstract The released ISO 26262 standard for automotive systems requires to create a hazard analysis and risk assessment and to create safety goals, to break down these safety goals into functional safety requirements in the functional safety concept, to specify technical safety requirements in the safety requirements specification, and to perform several validation and verification activities. Experience shows that the definition of technical safety requirements and the planning and execution of validation and verification activities has to be done jointly by OEMs and suppliers. In this paper, we present a structured and model-based safety development approach for automotive systems. The different steps are based on Jackson's requirement engineering. The elements are represented by UML notation extended with stereotypes. The UML model enables a rigorous validation of several constraints. We make use of the results of previously published work to be able to focus on the OEM/supplier interface. We illustrate our method using a three-wheeled-tilting control system (3WTC) as running example and case study.
BibTeX:
@article{Beckers2016-4,
  year = {2017},
  title = {A structured and systematic model-based development method for automotive systems, considering the OEM/supplier interface},
  author = {Beckers, Kristian and C{\^{o}}t{\'{e}}, Isabelle and Frese, Thomas and Hatebur, Denis and Heisel, Maritta},
  journal = {Reliability Engineering \& System Safety},
  volume = {158},
  pages = {172 - 184},
  note = {Special Sections : Reliability and Safety Certification of Software-Intensive Systems},
  url = {http://www.sciencedirect.com/science/article/pii/S0951832016304057},
  doi = {10.1016/j.ress.2016.08.018}
}
2017 Facilitating Reuse of Control Software through Context Modelling based on the Six-Variable Model Ulfat-Bunyadi, N., Meis, R. & Heisel, M. Software Technologies   Springer  
BibTeX:
@incollection{CCIS17,
  year = {2017},
  title = {Facilitating Reuse of Control Software through Context Modelling based on the Six-Variable Model},
  booktitle = {Software Technologies},
  author = {Ulfat-Bunyadi, Nelufar and Meis, Rene and Heisel, Maritta},
  publisher = {Springer},
  volume = {743},
  series = {Communications in Computer and Information Science},
  pages = {332-358},
  url = {http://www.springer.com}
}
2017 Online Self-disclosure: From Users' Regrets to Instructional Awareness Diaz Ferreyra, N. E., Meis, R. & Heisel, M. Machine Learning and Knowledge Extraction - First IFIP TC 5, WG 8.4, 8.9, 12.9 International Cross-Domain Conference, CD-MAKE 2017, Reggio di Calabria, Italy, August 29 - September 1, 2017, Proceedings   Springer  
BibTeX:
@inproceedings{CDMAKE17,
  year = {2017},
  title = {Online Self-disclosure: From Users' Regrets to Instructional Awareness},
  booktitle = {Machine Learning and Knowledge Extraction - First {IFIP} {TC} 5, {WG} 8.4, 8.9, 12.9 International Cross-Domain Conference, {CD-MAKE} 2017, Reggio di Calabria, Italy, August 29 - September 1, 2017, Proceedings},
  author = {Diaz Ferreyra, Nicol{\'{a}}s E. and Meis, Rene and Heisel, Maritta},
  publisher = {Springer},
  volume = {10410},
  series = {LNCS},
  pages = {83--102},
  url = {https://doi.org/10.1007/978-3-319-66808-6_7},
  doi = {10.1007/978-3-319-66808-6_7}
}
2017 Aspect Frames – Describing Cross-Cutting Concerns in Aspect-Oriented Requirements Engineering Meis, R. & Heisel, M. Proceedings of the 22nd European Conference on Pattern Languages of Programs   ACM  
Abstract: Cross-cutting concerns often arise when non-functional requirements are operationalized, because non-functional requirements
are themselves cross-cutting. In the field of aspect-oriented requirements engineering (AORE), functional requirements that
cross-cut multiple other functional requirements are called aspects. An aspect describes in most cases a solution for a non-
functional requirement and how this solution can be integrated into the realization of the functional requirements it cross-cuts.
Examples for cross-cutting concerns are logging, encryption, and access control. We observed that aspects often share a basic
structure, behavior, and the way of how they have to be integrated into the realization of the functional requirements they
cross-cut. We propose in this paper aspect frames. An aspect frame is a kind of pattern for aspects that share a common
concern, behavior, and way how they are integrated into the realization of the functional requirements
BibTeX:
@inproceedings{EuroPLoP17,
  year = {2017},
  title = {Aspect Frames – Describing Cross-Cutting Concerns in Aspect-Oriented Requirements Engineering},
  booktitle = {Proceedings of the 22nd European Conference on Pattern Languages of Programs},
  author = {Meis, Rene and Heisel, Maritta},
  publisher = {ACM},
  number = {25},
  series = {EuroPLoP '17},
  pages = {28},
  url = {https://doi.org/10.1145/3147704.3147732},
  doi = {3147704.3147732}
}
2017 Computer-Aided Identification and Validation of Intervenability Requirements Meis, R. & Heisel, M. Information    
Abstract: Privacy as a software quality is becoming more important these days and should not be underestimated during the development of software that processes personal data. The privacy goal of intervenability, in contrast to unlinkability (including anonymity and pseudonymity), has so far received little attention in research. Intervenability aims for the empowerment of end-users by keeping their personal data and how it is processed by the software system under their control. Several surveys have pointed out that the lack of intervenability options is a central privacy concern of end-users. In this paper, we systematically assess the privacy goal of intervenability and set up a software requirements taxonomy that relates the identi?ed intervenability requirements with a taxonomy of transparency requirements. Furthermore, we provide a tool-supported method to identify intervenability requirements from the functional requirements of a software system. This tool-supported method provides the means to elicit and validate intervenability requirements in a computer-aided way. Our combined taxonomy of intervenability and transparency requirements gives a detailed view on the privacy goal of intervenability and its relation to transparency. We validated the completeness of our taxonomy by comparing it to the relevant literature that we derived based on a systematic literature review. The proposed method for the identi?cation of intervenability requirements shall support requirements engineers to elicit and document intervenability requirements in compliance with the EU General Data Protection Regulation.
BibTeX:
@article{Information2017,
  year = {2017},
  title = {Computer-Aided Identification and Validation of Intervenability Requirements},
  author = {Meis, Rene and Heisel, Maritta},
  journal = {Information},
  volume = {8},
  number = {30},
  url = {http://www.mdpi.com/2078-2489/8/1/30},
  doi = {10.3390/info8010030}
}
2017 Should User-generated Content be a Matter of Privacy Awareness? - A Position Paper Diaz Ferreyra, N. E., Meis, R. & Heisel, M. Proceedings of the 9th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management - (Volume 3), Funchal, Madeira, Portugal, November 1-3, 2017.   SciTePress  
BibTeX:
@inproceedings{KDKEKM17,
  year = {2017},
  title = {Should User-generated Content be a Matter of Privacy Awareness? - {A} Position Paper},
  booktitle = {Proceedings of the 9th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management - (Volume 3), Funchal, Madeira, Portugal, November 1-3, 2017.},
  author = {Diaz Ferreyra, Nicol{\'{a}}s E. and Meis, Rene and Heisel, Maritta},
  publisher = {SciTePress},
  pages = {212--216},
  url = {https://doi.org/10.5220/0006517302120216},
  doi = {10.5220/0006517302120216}
}
2017 Deriving Safety Requirements according to ISO 26262 for complex systems: A method applied in the automotive industrie Frese, T., Heisel, M., Hatebur, D. & Côté, I. Innovative Produkte und Dienstleisungen in der Mobilität    
BibTeX:
@article{mobi2017,
  year = {2017},
  title = {Deriving Safety Requirements according to ISO 26262 for complex systems: A method applied in the automotive industrie},
  author = {Frese, Thomas and Heisel, Maritta and Hatebur, Denis and C{\^{o}}t{\'{e}}, Isabelle},
  journal = {Innovative Produkte und Dienstleisungen in der Mobilit{\"{a}}t},
  volume = {Wissenschaftsforum Mobilit{\"{a}}t 8},
  pages = {211-222}
}
2017 Towards Systematic Privacy and Operability (PRIOP) Studies Meis, R. & Heisel, M. ICT Systems Security and Privacy Protection   Springer  
Abstract: The assessment of privacy properties of software systems gains more and more importance nowadays. This is, on the one hand because of increasing privacy concerns of end-users due to numerous reported privacy breaches, and on the other hand due to stricter data protection regulations, e.g., the EU General Data Protection Regulation that prescribes an assessment of the privacy implications that a project possibly has. The lack of systematic methods to assist a comprehensive and detailed privacy analysis makes it hard for analysts to address the end-users’ and legal requirements. In this paper, we adopt the principles of the hazard and operability (HAZOP) studies, which have successfully been used for safety analyses, to privacy to provide a systematic method to identify the relevant privacy threats for a software to be developed. We propose a method called privacy and operability (PRIOP) studies that allows to systematically analyze the potential privacy issues that a software to be developed might raise, based on the software’s functionality at the requirements level.
BibTeX:
@inproceedings{SEC17,
  year = {2017},
  title = {Towards Systematic Privacy and Operability ({PRIOP}) Studies},
  booktitle = {ICT Systems Security and Privacy Protection},
  author = {Meis, Rene and Heisel, Maritta},
  publisher = {Springer},
  volume = {502},
  series = {IFIP AICT},
  pages = {427--441},
  url = {http://dx.doi.org/10.1007/978-3-319-58469-0_29},
  doi = {10.1007/978-3-319-58469-0_29}
}
2017 Pattern-based Representation of Privacy Enhancing Technologies as Early Aspects Meis, R. & Heisel, M. Trust, Privacy, and Security in Digital Business   Springer International Publishing  
Abstract: Several regulations and standards emphasize that privacy
shall already be considered from the very beginning in software development.
A crucial point during the development of a privacy-friendly
software is the selection and integration of measures that implement speci
c privacy requirements or mitigate threats to these. These measures
are called privacy enhancing technologies (PETs). PETs have a crosscutting
nature. That is, a PET needs often to be integrated into several
base functionalities of the software-to-be. For example, anonymization
techniques need to be integrated into functionalities that shall reveal
originally identi able information in an anonymized form to others. One
possibility to handle cross-cutting concerns already on the requirements
level is aspect-oriented requirements engineering. In this paper, we show
how PETs can be represented as early aspects and how these can be
integrated into a given requirements model in problem frames notation.
Furthermore, we show how PETs can be represented as patterns to help
requirements engineers to identify and select appropriate PETs that address
the privacy requirements they have to satisfy. We use the PET
Privacy-ABCs (Attribute-Based Credentials) to illustrate our approach.
BibTeX:
@inproceedings{TrustBus17,
  year = {2017},
  title = {Pattern-based Representation of Privacy Enhancing Technologies as Early Aspects},
  booktitle = {Trust, Privacy, and Security in Digital Business},
  author = {Meis, Rene and Heisel, Maritta},
  publisher = {Springer International Publishing},
  volume = {10442},
  series = {LNCS},
  pages = {49--65},
  url = {https://doi.org/10.1007/978-3-319-64483-7_4},
  doi = {10.1007/978-3-319-64483-7_4}
}
2017 Performing a More Realistic Safety Analysis by Means of the Six-Variable Model Ulfat-Bunyadi, N., Hatebur, D. & Heisel, M. Automotive - Safety & Security 2017   GI  
Abstract: Safety analysis typically consists of hazard analysis and risk assessment (HARA) as well as fault tree analysis (FTA). During the first, possible hazardous events are identified. During the latter, failure events that can lead to a hazardous event are identified. Usually, the focus of FTA is on identifying failure events within the system. However, a hazardous event may also occur due to invalid assumptions about the system’s environment. If the possibility that environmental assumptions turn invalid is considered during safety analysis, a more realistic and complete safety analysis is performed than without considering them. Yet, a major challenge consists in eliciting first the ‘real’ environmental assumptions. Developers do not always document assumptions, and often they are not aware of the assumptions they make. In previous work, we defined the Six-Variable Model which provides support in making the ‘real’ environmental assumptions explicit. In this paper, we define a safety analysis method based on the Six-Variable Model. The benefit of our method is that we make the environmental assumptions explicit and consider them in safety analysis. In this way, assumptions that are too strong and too risky can be identified and weakened or abandoned if necessary.
BibTeX:
@inproceedings{UHH-ASS2017,
  year = {2017},
  title = {Performing a More Realistic Safety Analysis by Means of the Six-Variable Model},
  booktitle = {Automotive - Safety & Security 2017},
  author = {Ulfat-Bunyadi, Nelufar and Hatebur, Denis and Heisel, Maritta},
  publisher = {GI},
  volume = {P-269},
  series = {Lecture Notes in Informatics},
  pages = {135-148},
  url = {https://dl.gi.de/handle/20.500.12116/152}
}
2016 Variability for Qualities in Software Architecture Alebrahim, A., Faßbender, S., Filipczyk, M., Goedicke, M., Heisel, M. & Zdun, U. SIGSOFT Softw. Eng. Notes   ACM  
BibTeX:
@article{Alebrahim:2016:VQS:2853073.2853095,
  year = {2016},
  title = {Variability for Qualities in Software Architecture},
  author = {Alebrahim, Azadeh and Fa{\ss}bender, Stephan and Filipczyk, Martin and Goedicke, Michael and Heisel, Maritta and Zdun, U.},
  journal = {SIGSOFT Softw. Eng. Notes},
  publisher = {ACM},
  volume = {41},
  number = {1},
  pages = {32--35},
  url = {https://dl.acm.org/citation.cfm?doid=2853073.2853095},
  doi = {10.1145/2853073.2853095}
}
2016 Supporting Privacy Impact Assessments using Problem-based Privacy Analysis Meis, R. & Heisel, M. Software Technologies - 10th International Joint Conference, ICSOFT 2015, Revised Selected Papers   Springer  
Abstract: Privacy-aware software development is gaining more and more importance for nearly all information systems that are developed nowadays. As a tool to force organizations and companies to consider privacy properly during the planning and the execution of their projects, some governments advise to perform privacy impact assessments (PIAs). During a PIA, a report has to be created that summarizes the consequence on privacy the project may have and how the organization or company addresses these consequences. As basis for a PIA, it has to be documented which personal data is collected, processed, stored, and shared with others in the context of the project. Obtaining this information is a difficult task that is not yet well supported by existing methods. In this paper, we present a method based on the problem-based privacy analysis (ProPAn) that helps to elicit the needed information for a PIA systematically from a given set of functional requirements. Our tool-supported method shall reduce the effort that has to be spent to elicit the information needed to conduct a PIA in a way that the information is as complete and consistent as possible.
BibTeX:
@inproceedings{CCIS16,
  year = {2016},
  title = {Supporting Privacy Impact Assessments using Problem-based Privacy Analysis},
  booktitle = {Software Technologies - 10th International Joint Conference, {ICSOFT} 2015, Revised Selected Papers},
  author = {Meis, Rene and Heisel, Maritta},
  publisher = {Springer},
  volume = {586},
  series = {Communications in Computer and Information Science},
  pages = {79--98},
  url = {http://dx.doi.org/10.1007/978-3-319-30142-6_5},
  doi = {10.1007/978-3-319-30142-6_5}
}
2016 The Six-Variable Model - Context Modelling Enabling Systematic Reuse of Control Software Ulfat-Bunyadi, N., Meis, R. & Heisel, M. Proceedings of the 11th International Joint Conference on Software Technologies (ICSOFT 2016)   SciTePress  
Abstract: A control system usually consists of some control software as well as sensors and actuators to monitor and control certain quantities in the environment. The context of the control software thus consists of the sensors and actuators it uses and the environment. When starting development of the control software, its context is often not predefined or given. There are contextual decisions the developers can make (e.g. which sensors/actuators/other systems to use). By means of these decisions, the context is defined step by step. Existing approaches (like the Four-Variable Model) call for documenting the environmental quantities (monitored, controlled, input, and output variables) that are relevant after making these contextual decisions. The environmental quantities that have originally been relevant (i.e. before deciding which sensors/actuators/other systems to use) are not documented. This results in problems when the software shall later on be reused in another, slightly different setting (e.g. with additional sensors). Then, it is hard for developers to decide which environmental quantities are still relevant for the software. In this paper, we suggest an extended version of the Four-Variable Model, the Six-Variable Model, and, based on that, a context modelling method, that combines existing approaches. The benefit of our method is that the environmental quantities that are relevant before and after decision making are documented as well as the contextual decisions themselves and the options that were selectable. In this way, later reuse of the software is facilitated.
BibTeX:
@inproceedings{ICSOFT16a,
  year = {2016},
  title = {The Six-Variable Model - Context Modelling Enabling Systematic Reuse of Control Software},
  booktitle = {Proceedings of the 11th International Joint Conference on Software Technologies {(ICSOFT} 2016)},
  author = {Ulfat-Bunyadi, Nelufar and Meis, Rene and Heisel, Maritta},
  publisher = {SciTePress},
  pages = {15--26},
  url = {http://www.scitepress.org/DigitalLibrary/Link.aspx?doi=10.5220/0005944100150026},
  doi = {10.5220/0005944100150026}
}
2016 Introducing Product Line Engineering in a Bottom-up Approach Ulfat-Bunyadi, N., Meis, R., Mohammadi, N. G. & Heisel, M. Proceedings of the 11th International Joint Conference on Software Technologies (ICSOFT 2016)   SciTePress  
Abstract: The optimal way for introducing a product line is to set up a completely new product line by developing a reuse infrastructure for the whole range of products right from the start. However, in practice, product line engineering is frequently introduced by a company after having developed a number of products separately (i.e. in single system engineering). The challenge then consists of defining the product line based on these existing products, i.e. to a certain extent these products have to be re-engineered. More precisely, two problems need to be solved: first, commonality and variability among the existing products needs to be identified to define a common set of core assets, and, second, the way in which future systems (i.e. products of the product line) will be developed based on this common set of assets needs to be defined. The method we suggest in this paper solves these two problems. Our method focuses on control systems, i.e. systems which monitor/control certain quantities in their environment.
BibTeX:
@inproceedings{ICSOFT16b,
  year = {2016},
  title = {Introducing Product Line Engineering in a Bottom-up Approach},
  booktitle = {Proceedings of the 11th International Joint Conference on Software Technologies {(ICSOFT} 2016)},
  author = {Ulfat-Bunyadi, Nelufar and Meis, Rene and Mohammadi, Nazila Gol and Heisel, Maritta},
  publisher = {SciTePress},
  pages = {146--153},
  url = {http://www.scitepress.org/DigitalLibrary/Link.aspx?doi=10.5220/0006006001460153},
  doi = {10.5220/0006006001460153}
}
2016 Computer-Aided Identification and Validation of Privacy Requirements Meis, R. & Heisel, M. Information   MDPI  
Abstract: Privacy is a software quality that is closely related to security. The main difference is that security properties aim at the protection of assets that are crucial for the considered system, and privacy aims at the protection of personal data that are processed by the system. The identification of privacy protection needs in complex systems is a hard and error prone task. Stakeholders whose personal data are processed might be overlooked, or the sensitivity and the need of protection of the personal data might be underestimated. The later personal data and the needs to protect them are identified during the development process, the more expensive it is to fix these issues, because the needed changes of the system-to-be often affect many functionalities. In this paper, we present a systematic method to identify the privacy needs of a software system based on a set of functional requirements by extending the problem-based privacy analysis (ProPAn) method. Our method is tool-supported and automated where possible to reduce the effort that has to be spent for the privacy analysis, which is especially important when considering complex systems. The contribution of this paper is a semi-automatic method to identify the relevant privacy requirements for a software-to-be based on its functional requirements. The considered privacy requirements address all dimensions of privacy that are relevant for software development. As our method is solely based on the functional requirements of the system to be, we enable users of our method to identify the privacy protection needs that have to be addressed by the software-to-be at an early stage of the development. As initial evaluation of our method, we show its applicability on a small electronic health system scenario.
BibTeX:
@article{Information16,
  year = {2016},
  title = {Computer-Aided Identification and Validation of Privacy Requirements},
  author = {Meis, Rene and Heisel, Maritta},
  journal = {Information},
  publisher = {MDPI},
  volume = {7},
  number = {28},
  url = {http://www.mdpi.com/2078-2489/7/2/28},
  doi = {10.3390/info7020028}
}
2016 Understanding the Privacy Goal Intervenability Meis, R. & Heisel, M. Trust, Privacy, and Security in Digital Business   Springer  
Abstract: Privacy is gaining more and more attention in society and hence, gains more importance as a software quality that has to be considered during software development. A privacy goal that has not yet been deeply studied is the empowerment of end-users to have control over how their personal data is processed by information systems. This privacy goal is called intervenability. Several surveys have shown that one of end-users’ main privacy concerns is the lack of intervenability options in information systems. In this paper, we refine the privacy goal intervenability into a software requirements taxonomy and relate it to a taxonomy of transparency requirements because transparency can be regarded as a prerequisite for intervenability. The combined taxonomy of intervenability and transparency requirements shall guide requirements engineers to identify the intervenability requirements relevant for the system they consider. We validated the completeness of our taxonomy by comparing it to the relevant literature that we derived based on a systematic literature review.
BibTeX:
@inproceedings{TrustBus16,
  year = {2016},
  title = {Understanding the Privacy Goal Intervenability},
  booktitle = {Trust, Privacy, and Security in Digital Business},
  author = {Meis, Rene and Heisel, Maritta},
  publisher = {Springer},
  volume = {9830},
  series = {LNCS},
  pages = {79--94},
  url = {https://link.springer.com/chapter/10.1007/978-3-319-44341-6_6},
  doi = {10.1007/978-3-319-44341-6_6}
}
2015 1st Workshop on VAriability for QUalIties in SofTware Architecture (VAQUITA): Workshop Introduction Alebrahim, A., Faßbender, S., Filipczyk, M., Goedicke, M., Heisel, M. & Zdun, U. Proceedings of the 2015 European Conference on Software Architecture Workshops   ACM  
BibTeX:
@inproceedings{Alebrahim:2015:WVQ:2797433.2797455,
  year = {2015},
  title = {1st Workshop on VAriability for QUalIties in SofTware Architecture (VAQUITA): Workshop Introduction},
  booktitle = {Proceedings of the 2015 European Conference on Software Architecture Workshops},
  author = {Alebrahim, Azadeh and Fa{\ss}bender, Stephan and Filipczyk, Martin and Goedicke, Michael and Heisel, Maritta and Zdun, U.},
  publisher = {ACM},
  series = {ECSAW '15},
  pages = {22:1--22:2},
  url = {https://dl.acm.org/citation.cfm?doid=2797433.2797455},
  doi = {10.1145/2797433.2797455}
}
2015 Relating Performance and Security Tactics to Architectural Patterns Alebrahim, A., Faßbender, S., Filipczyk, M., Goedicke, M. & Heisel, M. Proceedings of the 20th European Conference on Pattern Languages of Program   ACM  
BibTeX:
@inproceedings{AlebrahimFassbenderFGH2015ACM-europlopb,
  year = {2015},
  title = {Relating Performance and Security Tactics to Architectural Patterns},
  booktitle = {Proceedings of the 20th European Conference on Pattern Languages of Program},
  author = {Alebrahim, Azadeh and Fa{\ss}bender, Stephan and Filipczyk, Martin and Goedicke, Michael and Heisel, Maritta},
  publisher = {ACM},
  series = {EuroPLoP '15},
  note = {To be Published},
  url = {https://dl.acm.org/}
}
2015 A Problem-, Quality-, and Aspect-Oriented Requirements Engineering Method Faßbender, S., Heisel, M. & Meis, R. Software Technologies - 9th International Joint Conference, ICSOFT 2014, Vienna, Austria, August 29-31, 2014, Revised Selected Papers   Springer  
Abstract: Requirements engineers not only have to cope with the requirements
of various stakeholders for complex software systems, they also have
to consider several software qualities (e.g., performance,
maintainability, security, and privacy) that the system-to-be shall
address. In such a situation, it is challenging for requirements engineers to
develop a complete and coherent set of requirements for the
system-to-be.
Separation of concerns has shown to be one option to handle the
complexity of systems. The problem frames approach address this
principle by decomposing the problem of building the
system-to-be into simpler subproblems. Aspect-orientation aims at
separating cross-cutting functionalities into separate
functionalities, called aspects.
We propose a method called AORE4PF, which shows that
aspect-orientation can be integrated into the problem frames
approach to increase the separation of concerns and to benefit from
several methods that exist on problem frames to develop a complete
and coherent set of requirements. We validated our method with a
small experiment in the field of crisis management.
BibTeX:
@inproceedings{CCIS15a,
  year = {2015},
  title = {A Problem-, Quality-, and Aspect-Oriented Requirements Engineering Method},
  booktitle = {Software Technologies - 9th International Joint Conference, {ICSOFT} 2014, Vienna, Austria, August 29-31, 2014, Revised Selected Papers},
  author = {Fa{\ss}bender, Stephan and Heisel, Maritta and Meis, Rene},
  publisher = {Springer},
  volume = {555},
  series = {Communications in Computer and Information Science},
  pages = {291--310},
  url = {http://dx.doi.org/10.1007/978-3-319-25579-8_17},
  doi = {10.1007/978-3-319-25579-8_17}
}
2015 Problem-Based Security Requirements Elicitation and Refinement with PresSuRE Faßbender, S., Heisel, M. & Meis, R. Software Technologies - 9th International Joint Conference, ICSOFT 2014, Vienna, Austria, August 29-31, 2014, Revised Selected Papers   Springer  
Abstract: Recently published reports on cybercrime indicate an ever-increasing number of
security incidents related to IT systems. Many attacks causing the incidents
abuse (in)directly one or more security defects.
Fixing the security defect once fielded is costly. To avoid the defects and the
subsequent need to fix them, security has to be considered thoroughly when
developing software. The earliest phase to do so is the requirements
engineering, in which security threats should be identified early on and treated
by defining sufficient security requirements.
In a previous paper, we introduced a methodology for
Problem-based Security Requirements Elicitation (PresSuRE).
PresSuRE provides a computer-aided security threat identification. The
identification is based on the functional requirements for a system-to-be.
Still, there is a need for guidance on how to derive security requirements once
the threats are identified. In this work, we provide such guidance extending
PresSuRE and its tool support. We illustrate and validate our approach using a
smart grid scenario provided by the industrial partners of the EU project
NESSoS.
BibTeX:
@incollection{CCIS15b,
  year = {2015},
  title = {Problem-Based Security Requirements Elicitation and Refinement with PresSuRE},
  booktitle = {Software Technologies - 9th International Joint Conference, {ICSOFT} 2014, Vienna, Austria, August 29-31, 2014, Revised Selected Papers},
  author = {Fa{\ss}bender, Stephan and Heisel, Maritta and Meis, Rene},
  publisher = {Springer},
  volume = {555},
  series = {Communications in Computer and Information Science},
  pages = {311--330},
  url = {http://dx.doi.org/10.1007/978-3-319-25579-8_18},
  doi = {10.1007/978-3-319-25579-8_18}
}
2015 Challenges in Rendering and Maintaining Trustworthiness for Long-Living Software Systems Alebrahim, A., Mohammadi, N. G. & Heisel, M. Proceedings of the 2nd Collaborative Workshop on Evolution and Maintenance of Long-Living Software Systems (EMLS), GI Software Engineering Tagung SE   CEUR-WS.org  
Abstract: Trustworthiness plays a key role in acceptance and adoption of software
by the end-users. When maintaining long-living software systems,
trustworthiness has to be addressed since trust of the end-user is volatile
and can change over time. In this paper, we discuss the challenges regarding
trustworthiness of long-living software systems. Trustworthiness
should be considered in the whole life-cycle of a long-living system,
i.e., in all development phases aiming at building trustworthiness into
the core of the system at design-time and later maintaining it during
run-time. But, our focus in this paper is on challenges in requirements
engineering and also planning for the run-time activities, e.g., what are
the needed monitor interfaces, what are the planned actions and how
are the execution interfaces for performing those actions.
BibTeX:
@inproceedings{EMLS2015,
  year = {2015},
  title = {Challenges in Rendering and Maintaining Trustworthiness for Long-Living Software Systems},
  booktitle = {Proceedings of the 2nd Collaborative Workshop on Evolution and Maintenance of Long-Living Software Systems (EMLS), GI Software Engineering Tagung SE},
  author = {Alebrahim, Azadeh and Mohammadi, Nazila Gol and Heisel, Maritta},
  publisher = {CEUR-WS.org},
  volume = {1337},
  series = {{CEUR} Workshop Proceedings},
  pages = {103--105},
  url = {http://ceur-ws.org/Vol-1337/paper14.pdf}
}
2015 Applying Performance Patterns for Requirements Analysis Alebrahim, A. & Heisel, M. Proceedings of the 20th European Conference on Pattern Languages of Programs (EuroPLoP)   ACM  
Abstract: Performance as one of the critical quality requirements for the success of a software system must be integrated into software development
from the beginning to prevent performance problems. Analyzing and modeling performance demands knowledge of performance experts and
analysts. In order to integrate performance analysis into software analysis and design methods, performance-specific properties known as
domain knowledge have to be identified, analyzed, and documented properly. In this paper, we propose the performance analysis method
PoPeRA to guide the requirements engineer in dealing with performance problems as early as possible in requirements analysis. Our structured
method provides support for identifying potential performance problems using performance-specific domain knowledge attached to
the requirement models. To deal with identified performance problems, we make use of performance analysis patterns to be applied to the
requirement models in the requirements engineering phase. To show the application of our approach, we illustrate it with the case study
CoCoME, a trading system to be deployed in supermarkets for handling sales.
BibTeX:
@inproceedings{Europlop2015-1,
  year = {2015},
  title = {Applying Performance Patterns for Requirements Analysis},
  booktitle = {Proceedings of the 20th European Conference on Pattern Languages of Programs (EuroPLoP)},
  author = {Alebrahim, Azadeh and Heisel, Maritta},
  publisher = {ACM},
  url = {https://dl.acm.org/citation.cfm?id=2855357}
}
2015 Towards Systematic Selection of Architectural Patterns with Respect to Quality Requirements Alebrahim, A., Faßbender, S., Filipczyk, M., Goedicke, M. & Heisel, M. Proceedings of the 20th European Conference on Pattern Languages of Programs (EuroPLoP)   ACM  
BibTeX:
@inproceedings{Europlop2015-2,
  year = {2015},
  title = {Towards Systematic Selection of Architectural Patterns with Respect to Quality Requirements},
  booktitle = {Proceedings of the 20th European Conference on Pattern Languages of Programs (EuroPLoP)},
  author = {Alebrahim, Azadeh and Fa{\ss}bender, Stephan and Filipczyk, Martin and Goedicke, Michael and Heisel, Maritta},
  publisher = {ACM},
  url = {https://dl.acm.org/citation.cfm?id=2855362}
}
2015 A Structured Validation and Verification Method for Automotive Systems considering the OEM/Supplier Interface Beckers, K., Côté, I., Frese, T., Hatebur, D. & Heisel, M. Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)   Springer  
Abstract: The released ISO 26262 standard for automotive systems requires several validation and verification activities. These validation and verification activities have to be planned and performed jointly by the OEMs and the suppliers. In this paper, we present a systematic, structured and model-based method to plan the required validation and verification activities and collect the results. Planning and the documentation of performed activities are represented by a UML notation extended with stereotypes. The UML model supports the creation of the artifacts required by ISO 26262, enables document generation and a rigorous check of several constraints expressed in OCL. We illustrate our method using the example of an electronic steering column lock system.
BibTeX:
@inproceedings{fs2015,
  year = {2015},
  title = {A Structured Validation and Verification Method for Automotive Systems considering the OEM/Supplier Interface},
  booktitle = {Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)},
  author = {Beckers, Kristian and C{\^{o}}t{\'{e}}, Isabelle and Frese, Thomas and Hatebur, Denis and Heisel, Maritta},
  publisher = {Springer},
  volume = {9337},
  pages = {90 - 107},
  url = {www.springer.com}
}
2015 Systematic Identification of Information Flows from Requirements to support Privacy Impact Assessments Meis, R. & Heisel, M. ICSOFT-PT 2015 - Proc. of the 10th Int. Conf. on Software Paradigm Trends   SciTePress  
Abstract: Several countries prescribe or advise government departments and
organizations to perform a privacy impact assessment (PIA) if these
prepare new projects or change existing ones that involve personal
information. A PIA shall summarize what personal information is
collected, processed, stored, and distributed in the context of the
project. But there is only little support for undertaking a PIA and
to create a PIA report, most countries only provide vague guidelines
and simple templates. We present in this paper an extension of the
problem-based privacy analysis (ProPAn) method that derives
information needed to conduct a PIA from a requirements model in
problem frame notation. We provide a formally specified method with
well-defined steps and tool support to reduce the effort to be spent
for eliciting the needed information and to ensure that the needed
information is as complete and coherent as possible to form an
adequate basis for the creation of a PIA report.
BibTeX:
@inproceedings{ICSOFT15,
  year = {2015},
  title = {Systematic Identification of Information Flows from Requirements to support Privacy Impact Assessments},
  booktitle = {{ICSOFT-PT} 2015 - Proc. of the 10th Int. Conf. on Software Paradigm Trends},
  author = {Meis, Rene and Heisel, Maritta},
  publisher = {SciTePress},
  pages = {43-52},
  url = {http://dx.doi.org/10.5220/0005518500430052},
  doi = {10.5220/0005518500430052}
}
2015 A Taxonomy of Requirements for the Privacy Goal Transparency Meis, R., Heisel, M. & Wirtz, R. Trust, Privacy, and Security in Digital Business   Springer  
Abstract: Privacy is a growing concern during software
development. Transparency--in the sense of increasing user's
privacy-awareness--is a privacy goal that is not as deeply studied
in the literature as the properties anonymity and unlinkability. To
be compliant with legislation and standards, requirements engineers
have to identify the requirements on transparency that are relevant
for the software to be developed. To assist the identification
process, we provide a taxonomy of transparency requirements derived
from legislation and standards. This taxonomy is validated using
related research which was identified using a systematic literature
review. Our proposed taxonomy can be used by requirements engineers
as basis to systematically identify the relevant transparency
requirements leading to a more complete and coherent set of
requirements.
BibTeX:
@inproceedings{TrustBus2015,
  year = {2015},
  title = {A Taxonomy of Requirements for the Privacy Goal Transparency},
  booktitle = {Trust, Privacy, and Security in Digital Business},
  author = {Meis, Rene and Heisel, Maritta and Wirtz, Roman},
  publisher = {Springer},
  series = {LNCS 9264},
  pages = {195-209},
  url = {http://dx.doi.org/10.5220/0005518500430052},
  doi = {10.5220/0005518500430052}
}
2015 Towards a Reliable Mapping between Performance and Security Tactics, and Architectural Patterns Alebrahim, A., Faßbender, S., Filipczyk, M., Goedicke, M. & Heisel, M. Proceedings of the 20th European Conference on Pattern Languages of Programs (EuroPLoP)   ACM  
BibTeX:
@inproceedings{,
  year = {2015},
  title = {Towards a Reliable Mapping between Performance and Security Tactics, and Architectural Patterns},
  booktitle = {Proceedings of the 20th European Conference on Pattern Languages of Programs (EuroPLoP)},
  author = {Alebrahim, Azadeh and Fa{\ss}bender, Stephan and Filipczyk, Martin and Goedicke, Michael and Heisel, Maritta},
  publisher = {ACM},
  url = {https://dl.acm.org/citation.cfm?id=2855361}
}
2014 Towards Developing Secure Software using Problem-oriented Security Patterns Alebrahim, A. & Heisel, M. Proceedings of the 6th International Cross-Domain Conference on Availability, Reliability, and Security in Information Systems and HCI (CD-ARES)   Springer  
Abstract: Security as one essential quality requirement has to be addressed during
the software development process. Quality requirements such as security
drive the architecture of a software, while design decisions such as security patterns
on the architecture level in turn might constrain the achievement of quality
requirements significantly. Thus, to obtain sound architectures and correct requirements,
knowledge which is gained in the solution space, for example from
security patterns, should be reflected in the requirements engineering. In this paper,
we propose an iterative method that takes into account the concurrent development
of requirements and architecture descriptions systematically. It reuses
security patterns for refining and restructuring the requirement models by applying
problem-oriented security patterns. Problem-oriented security patterns adapt
existing security patterns in a way that they can be used in the problem-oriented
requirements engineering. The proposed method bridges the gap between security
problems and security architectural solutions.
BibTeX:
@inproceedings{Alebrahim-cdares2014,
  year = {2014},
  title = {Towards Developing Secure Software using Problem-oriented Security Patterns},
  booktitle = {Proceedings of the 6th International Cross-Domain Conference on Availability, Reliability, and Security in Information Systems and HCI (CD-ARES)},
  author = {Alebrahim, Azadeh and Heisel, Maritta},
  publisher = {Springer},
  series = {LNCS 8708},
  pages = {45-62},
  url = {https://link.springer.com/}
}
2014 Problem-oriented Security Patterns for Requirements Engineering Alebrahim, A. & Heisel, M. Proceedings of the 19th European Conference on Pattern Languages of Programs (EuroPLoP)   ACM  
BibTeX:
@inproceedings{Alebrahim-europlop2014,
  year = {2014},
  title = {Problem-oriented Security Patterns for Requirements Engineering},
  booktitle = {Proceedings of the 19th European Conference on Pattern Languages of Programs (EuroPLoP)},
  author = {Alebrahim, Azadeh and Heisel, Maritta},
  publisher = {ACM},
  note = {Accepted},
  url = {https://dl.acm.org/citation.cfm?id=2721963}
}
2014 A Problem-based Approach for Computer Aided Privacy Threat Identification Beckers, K., Faßbender, S., Heisel, M. & Meis, R. Privacy Technologies and Policy   Springer  
Abstract: Recently, there has been an increase of reported privacy threats hitting
large software systems. These threats can originate from stakeholders that are
part of the system. Thus, it is crucial for software engineers to identify these
privacy threats, refine these into privacy requirements, and design solutions that
mitigate the threats.

In this paper, we introduce our methodology named Problem-Based Privacy Analysis (ProPAn). The ProPAn method is an approach for identifying privacy threats during the requirements
analysis of software systems using problem frame models. Our approach does not rely
entirely on the privacy analyst to detect privacy threats, but allows a computer aided privacy
threat identification that is derived from the relations between stakeholders, technology, and personal information in the system-to-be.

To capture the environment of the system, e.g., stakeholders and other IT systems,
we use problem frames, a requirements engineering approach founded on the modeling
of a machine (system-to-be) in its environment (e.g. stakeholders, other software). We define a UML profile for privacy requirements and a reasoning technique that
identifies stakeholders, whose personal information are stored or transmitted in the system-to-be and stakeholders from whom we have to protect this personal information. We illustrate our approach using an eHealth scenario provided by the industrial partners of the EU project NESSoS.

BibTeX:
@inproceedings{APF2012,
  year = {2014},
  title = {A Problem-based Approach for Computer Aided Privacy Threat Identification},
  booktitle = {Privacy Technologies and Policy},
  author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Heisel, Maritta and Meis, Rene},
  publisher = {Springer},
  volume = {8319},
  series = {LNCS},
  pages = {1-16},
  url = {http://dx.doi.org/10.1007/978-3-642-54069-1_1},
  doi = {10.1007/978-3-642-54069-1_1}
}
2014 Towards a Computer-aided Problem-oriented Variability Requirements Engineering Method Alebrahim, A., Faßbender, S., Filipczyk, M., Goedicke, M., Heisel, M. & Konersmann, M. Advanced Information Systems Engineering Workshops   Springer  
Abstract: In theory, software product lines are planned in advance, using established
engineering methods. However, there are cases where commonalities and
variabilities between several systems are only discovered after they have been developed
individually as single systems. In retrospect, this leads to the hindsight
that these systems should have been developed as a software product line from
the beginning to reduce costs and effort. To cope with the challenge of detecting
variability early on, we propose the PREVISE method, covering domain and application
engineering. Domain engineering is concerned with exploring the variability
caused by entities in the environment of the software and the variability in
functional and quality requirements. In application engineering, the configuration
for a concrete product is selected, and subsequently, a requirement model for a
concrete product is derived.
BibTeX:
@incollection{ASDENCA2014,
  year = {2014},
  title = {Towards a Computer-aided Problem-oriented Variability Requirements Engineering Method},
  booktitle = {Advanced Information Systems Engineering Workshops},
  author = {Alebrahim, Azadeh and Fa{\ss}bender, Stephan and Filipczyk, Martin and Goedicke, Michael and Heisel, Maritta and Konersmann, Marco},
  publisher = {Springer},
  series = {LNBIP 178},
  pages = {136-147},
  url = {https://link.springer.com/}
}
2014 A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain Beckers, K., Côté, I., Goeke, L., Güler, S. & Heisel, M. International Journal of Secure Software Engineering (IJSSE) - Special Issue on 7th International Workshop on Secure Software Engineering (SecSE 2013)   IGI Global  
Abstract: Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud's scalable and flexible IT-resources. The benefits are of particular interest for SME's. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. Therefore, the authors propose a structured, pattern-based method supporting eliciting security requirements and selecting security measures. The method guides potential cloud customers to model the application of their business case in a cloud computing context using a pattern-based approach. Thus, a potential cloud customer can instantiate our so-called Cloud System Analysis Pattern. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns and individual defined security requirement patterns, as well. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transfers the information from the instance to the security requirements patterns. In addition, they have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. The authors illustrate their method using an online-banking system as running example.
BibTeX:
@article{Beckers2014-IJIS,
  year = {2014},
  title = {A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain},
  author = {Beckers, Kristian and C{\^{o}}t{\'{e}}, Isabelle and Goeke, Ludger and G{\"{u}}ler, Selim and Heisel, Maritta},
  journal = {International Journal of Secure Software Engineering (IJSSE) - Special Issue on 7th International Workshop on Secure Software Engineering (SecSE 2013)},
  publisher = {IGI Global},
  volume = {5},
  number = {2},
  pages = {19 -- 41},
  url = {http://www.igi-global.com}
}
2014 Supporting Common Criteria Security Analysis with Problem Frames Beckers, K., Hatebur, D. & Heisel, M. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)   Innovative Information Science & Technology Research Group (ISYOU)  
Abstract: Security standards, e.g., the Common Criteria (ISO 15408), are applied by software
vendors to establish a level of confidence that the security functionality of their products
and their applied assurance measures are sufficient. To get a Common Criteria certification,
a comprehensible set of documents is necessary, including a detailed threat analysis and
security objective elicitation. We focus on improving the Common Criteria threat analysis
and the derivation of security objectives in our work.
Our method is based upon an attacker model, which considers different attacker types,
e.g., software attackers, that threaten only specific parts of a system. We provide tool
support for checking the consistency and the completeness of the specified software systems
using OCL expressions. For example, we check if all types of attackers have been considered
for a specific domain, we check for all software domains that either a software attacker is
considered or an assumption is documented that excludes software attackers, and we check
if all threats are addressed by security objectives. Moreover, we can generate tables and
texts from our UML models to satisfy the Common Criteria documentation demands. For
instance, we can generate Common Criteria specific cross-table, which maps every security
objective and assumption to a specific threat. The consistency checks are integrated in our
structured method for threat analysis that considers the Common Criteria’s (CC) demands
for documentation of the system in its environment and the reasoning that all threats are
discovered and addressed. With our support tool UML4PF (that extends a UML tool and
contains e.g., a UML profile and an OCL validator), we support security reasoning, validation
of models, and we are able to generate Common Criteria-compliant documentation using
model-to-text transformations. Our threat analysis method can also be used for threat
analysis without the common criteria, because it uses a specific part of the UML profile that
can be adapted to other demands with little effort. For example, it could be adapted for
other security standards like ISO 27001.We illustrate our approach with the development of
a smart metering gateway system.
BibTeX:
@article{Beckers2014-Jowua,
  year = {2014},
  title = {Supporting Common Criteria Security Analysis with Problem Frames},
  author = {Beckers, Kristian and Hatebur, Denis and Heisel, Maritta},
  journal = {Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)},
  publisher = {Innovative Information Science \& Technology Research Group (ISYOU)},
  volume = {5},
  number = {1},
  pages = {37-63},
  url = {http://isyou.info/}
}
2014 A Meta-Pattern and Pattern Form For Context-Patterns Beckers, K., Faßbender, S. & Heisel, M. Proceedings of the 19th European Conference on Pattern Languages of Programs (Europlop)   ACM  
Abstract: In a previous EuroPlop publication we introduced a catalog of context-patterns.We described common structures and stakeholders for several
different domains in our context-patterns. The common elements of the context were obtained from observations about the domain in terms
of standards, domain specific-publications, and implementations. Whenever a system-to-be is already described by a context-pattern, one
can use this context-pattern to elicit domain knowledge via instantiation of the context-pattern. Moreover, we analyzed the common concepts
in our context-patterns and created a meta-model to describe the relations between these concepts. This meta-model was the initial step
towards a pattern language for context-patterns. In this work, we show the consequent next step for the definition of a pattern language for
context-patterns.
BibTeX:
@inproceedings{BeckersFassbender2014-europlop-A,
  year = {2014},
  title = {A Meta-Pattern and Pattern Form For Context-Patterns},
  booktitle = {Proceedings of the 19th European Conference on Pattern Languages of Programs (Europlop)},
  author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Heisel, Maritta},
  publisher = {ACM},
  series = {EuroPloP'14},
  pages = {5:1--5:23},
  url = {http://doi.acm.org/10.1145/2721956.2721979},
  doi = {10.1145/2721956.2721979}
}
2014 Deriving a Pattern Language Syntax for Context-Patterns Beckers, K., Faßbender, S. & Heisel, M. Proceedings of the 19th European Conference on Pattern Languages of Programs (Europlop)   ACM  
Abstract: In a previous publication we introduced a catalog of context-patterns. Each context pattern describes common structures and stakeholders
for a specific domain. The common elements of the context were obtained from observations about the domain in terms of standards, domain
specific-publications, and implementations. Whenever the domain of a system-to-be is already described by a context-pattern, one can
use this context-pattern to elicit domain knowledge by instantiating the corresponding context-pattern. Moreover, we analyzed the common
concepts in our context-patterns and created a meta-model to describe the relations between these concepts. This meta-model was the initial
step towards a pattern language for context-patterns. In this work, we show the consequent next step for the definition of a pattern language
syntax for context-patterns. Thus, we describe how to derive the connections between the existing context-pattern in a structured way and
present the results.
BibTeX:
@inproceedings{BeckersFassbender2014-europlop-B,
  year = {2014},
  title = {Deriving a Pattern Language Syntax for Context-Patterns},
  booktitle = {Proceedings of the 19th European Conference on Pattern Languages of Programs (Europlop)},
  author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Heisel, Maritta},
  publisher = {ACM},
  series = {EuroPLoP '14},
  pages = {2:1--2:25},
  url = {http://doi.acm.org/10.1145/2721956.2721967},
  doi = {10.1145/2721956.2721967}
}
2014 A Threat Analysis Methodology for Smart Home Scenarios Beckers, K., Faßbender, S., Heisel, M. & Suppan, S. Smart Grid Security, Proceddings of the Second International Workshop (SmartGridSec)   Springer  
Abstract: A smart grid is envisioned to enable a more economic, environmen-
tal friendly, sustainable and reliable supply of energy. But significant security
concerns have to be addressed for the smart grid, dangers range from threatened
availability of energy, to threats of customer privacy. This paper presents a struc-
tured method for identifying security threats in the smart home scenario and in
particular for analyzing their severity and relevance. The method is able to unveil
also new threats, not discussed in the literature before. The smart home scenario
is represented by a context-pattern, which is a specific kind of pattern for the elic-
itation of domain knowledge [5]. Hence, by exchanging the smart home pattern
by a context-pattern for another domain, e.g., clouds, our method can be used
for these other domains, as well. The proposal is based on Microsoft’s Security
Development Lifecycle (SDL) [4], which uses Data Flow diagrams, but proposes
new alternatives for scenario definition and asset identification based on context-
patterns. These alleviate the lack of scalability of the SDL. In addition, we present
Attack Path DFDs, that show how an attacker can compromise the system.
BibTeX:
@inproceedings{BFassbenderHS2014,
  year = {2014},
  title = {A Threat Analysis Methodology for Smart Home Scenarios},
  booktitle = {Smart Grid Security, Proceddings of the Second International Workshop (SmartGridSec)},
  author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Heisel, Maritta and Suppan, Santiago},
  publisher = {Springer},
  volume = {8448},
  series = {Lecture Notes in Computer Science},
  pages = {94-124},
  url = {http://link.springer.com/chapter/10.1007/978-3-319-10329-7_7},
  doi = {10.1007/978-3-319-10329-7_7}
}
2014 Considering Attacker Motivation in Attack Graphs Analysis in a Smart Grid Scenario Beckers, K., Heisel, M., Krautsevich, L., Martinelli, F. & Yautsiukhin, A. Proceedings of the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14)   Springer Berlin Heidelberg  
BibTeX:
@inproceedings{BHKMY2014,
  year = {2014},
  title = {{C}onsidering {A}ttacker {M}otivation in {A}ttack {G}raphs {A}nalysis in a {S}mart {G}rid {S}cenario},
  booktitle = {Proceedings of the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14)},
  author = {Beckers, Kristian and Heisel, Maritta and Krautsevich, Leanid and Martinelli, Fabio and Yautsiukhin, Artsiom},
  publisher = {Springer Berlin Heidelberg},
  series = {LNCS 8448},
  pages = {Pages 30-47},
  url = {http://www.springerlink.com/}
}
2014 ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System Beckers, K., Heisel, M., Solhaug, B. & Stølen, K. Advances in Engineering Secure Future Internet Services and Systems   Springer  
BibTeX:
@inproceedings{BHSS2014,
  year = {2014},
  title = {ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System},
  booktitle = {Advances in Engineering Secure Future Internet Services and Systems},
  author = {Beckers, Kristian and Heisel, Maritta and Solhaug, Bj{\o}rnar and St{\o}len, Ketil},
  publisher = {Springer},
  number = {8431},
  series = {LNCS State-of-the-Art Surveys},
  pages = {315-344},
  url = {https://link.springer.com/}
}
2014 A Computer Aided Process From Problems to Laws in Requirements Engineering Faßbender, S. & Heisel, M. Software Technologies   Springer  
Abstract: In today’s world many products and services are highly dependent on
software and information systems. With the growing importance of IT systems,
legislators worldwide decided to regulate and enforce laws for IT systems. With
respect to this situation, the impact of compliance on the development of IT sys-
tems becomes more and more severe. Hence, software engineers have a need for
techniques to deal with compliance. But identifying relevant compliance regu-
lations for IT systems is a challenging task. We proposed patterns and a struc-
tured method to tackle these problems [1]. A crucial step is the transformation
of requirements into a structure, which allows for the identification of laws. The
transformation step was described in general in [2]. This work describes a method
to structure the requirements, elicit the needed domain knowledge and transform
requirements into law identification pattern instances. The manual execution of
this method was reported by us to be time consuming and tedious. Hence, in this
work we identify the points for (semi-)automation, and we outline a first imple-
mentation for the automation. We present our results using a voting system as an
example, which was obtained from the ModIWa DFG1 project and the common
criteria profile for voting systems.
BibTeX:
@inproceedings{FassbenderH13_SDT,
  year = {2014},
  title = {A Computer Aided Process From Problems to Laws in Requirements Engineering},
  booktitle = {Software Technologies},
  author = {Fa{\ss}bender, Stephan and Heisel, Maritta},
  publisher = {Springer},
  volume = {457},
  series = {Communications in Computer and Information Science},
  pages = {215-234},
  url = {http://link.springer.com/chapter/10.1007%2F978-3-662-44920-2_14},
  doi = {10.1007/978-3-662-44920-2_14}
}
2014 Intertwining Relationship between Requirements, Architecture, and Domain Knowledge Alebrahim, A. & Heisel, M. Proceedings of the 9th International Conference on Software Engineering Advances (ICSEA)    
Abstract: In requirements engineering, properties of the environment
and assumptions about it, called domain knowledge, need to
be captured in addition to exploring the requirements. Despite the
recognition of the significance of capturing the required domain
knowledge, domain knowledge might be missing, left implicit,
or be captured inadequately during the software development
process, causing incorrect specifications and software failure.
Domain knowledge affects the elicitation and evolution of requirements,
the evolution of software architectures, and related design
decisions. Conversely, requirements and design decisions affect
the elicitation and modification of domain knowledge. In this
paper, we propose the iterative capturing and co-developing of
domain knowledge with requirements and software architectures.
We explicitly discuss the effects of requirements and design
decisions on domain knowledge and illustrate this relationship
with examples drawn from our research, where we had to go
back and forth between requirements, domain knowledge, and
design decisions.
BibTeX:
@inproceedings{ICSEA2014,
  year = {2014},
  title = {Intertwining Relationship between Requirements, Architecture, and Domain Knowledge},
  booktitle = {Proceedings of the 9th International Conference on Software Engineering Advances (ICSEA)},
  author = {Alebrahim, Azadeh and Heisel, Maritta},
  volume = {421},
  series = {IFIP Advances in Information and Communication Technology},
  pages = {150--162}
}
2014 Aspect-oriented Requirements Engineering with Problem Frames Faßbender, S., Heisel, M. & Meis, R. ICSOFT-PT 2014 - Proc. of the 9th Int. Conf. on Software Paradigm Trends   SciTePress  
Abstract: Nowadays, the requirements of various stakeholders for a system do not only increase the complexity of the system-to-be, but also contain different cross-cutting concerns. In such a situation, requirements engineers are really challenged to master the complexity and to deliver a coherent and complete description of the system-to-be. Hence, they are in need for methods which reduce the complexity, handle functional and quality requirements, check completeness and reveal interactions, and are tool supported to lower the effort. One possible option to handle the complexity of a system-to-be is the separation of concerns. Both, aspect-oriented requirements engineering and the problem frames approach implement this principle. Therefore, we propose a combination of both, the AORE4PF (Aspect-Oriented Requirements Engineering for Problem Frames) method. AORE4PF provides guidance for classifying requirements, separating the different concerns, modeling requirements for documentation and application of completeness and interaction analyses, and weaving the reusable parts to a complete and coherent system. AORE4PF provides tool support for most activities. We exemplify our method using a smart grid case obtained from the NESSoS project. For validation, the results of a small experiment in the field of crisis management systems are presented.
BibTeX:
@inproceedings{ICSOFT14Aspects,
  year = {2014},
  title = {Aspect-oriented Requirements Engineering with Problem Frames},
  booktitle = {{ICSOFT-PT} 2014 - Proc. of the 9th Int. Conf. on Software Paradigm Trends},
  author = {Fa{\ss}bender, Stephan and Heisel, Maritta and Meis, Rene},
  publisher = {SciTePress},
  pages = {145-156},
  url = {http://dx.doi.org/10.5220/0005001801450156},
  doi = {10.5220/0005001801450156}
}
2014 Functional Requirements Under Security PresSuRE Faßbender, S., Heisel, M. & Meis, R. ICSOFT-PT 2014 - Proc. of the 9th Int. Conf. on Software Paradigm Trends   SciTePress  
Abstract: Recently, there has been an increase of reported security incidents hitting
large software systems. Such incidents can originate from different
attackers exploiting vulnerabilities of different parts of a system. Hence, there
is a need for enhancing security considerations in software development.
It is crucial for requirements engineers to identify security threats
early on, and to refine the threats into security requirements.
In this paper, we introduce a methodology for Problem-based Security
Requirements Elicitation (PresSuRE). PresSuRE is a method for
identifying security needs during the requirements analysis of
software systems using a problem frame model. Our method does not rely
entirely on the requirements engineer to detect security needs, but
provides a computer-aided security threat identification, and
subsequently the elicitation of security requirements.
The identification is based on the functional requirements for a
system-to-be. We illustrate and validate our approach using a smart grid
scenario provided by the industrial partners of the EU project NESSoS.
BibTeX:
@inproceedings{ICSOFT14Pressure,
  year = {2014},
  title = {Functional Requirements Under Security {PresSuRE}},
  booktitle = {{ICSOFT-PT} 2014 - Proc. of the 9th Int. Conf. on Software Paradigm Trends},
  author = {Fa{\ss}bender, Stephan and Heisel, Maritta and Meis, Rene},
  publisher = {SciTePress},
  pages = {5-16},
  url = {http://dx.doi.org/10.5220/0005098600050016},
  doi = {10.5220/0005098600050016}
}
2014 A Structured Comparison of Security Standards Beckers, K., Côté, I., Fenz, S., Hatebur, D. & Heisel, M. Advances in Engineering Secure Future Internet Services and Systems   Springer  
Abstract: A number of di erent security standards exist and it is dif-
cult to choose the right one for a particular project or to evaluate if
the right standard was chosen for a certi cation. These standards are
often long and complex texts, whose reading and understanding takes
up a lot of time. We provide a conceptual model for security standards
that relies upon existing research and contains concepts and phases of
security standards. In addition, we developed a template based upon
this model, which can be instantiated for given security standard. These
instantiated templates can be compared and help software and security
engineers to understand the di erences of security standards. In particular,
the instantiated templates explain which information and what
level of detail a system document according to a certain security standard
contains. We applied our method to the well known international
security standards ISO 27001 and Common Criteria, and the German
IT-Grundschutz standards, as well.
BibTeX:
@inproceedings{Lopez2014,
  year = {2014},
  title = {A Structured Comparison of Security Standards},
  booktitle = {Advances in Engineering Secure Future Internet Services and Systems},
  author = {Beckers, Kristian and C{\^{o}}t{\'{e}}, Isabelle and Fenz, Stefan and Hatebur, Denis and Heisel, Maritta},
  publisher = {Springer},
  number = {8431},
  series = {LNCS State-of-the-Art Surveys},
  pages = {1-34},
  url = {http://www.springerlink.com/}
}
2014 Enhancing Problem Frames with Trust and Reputation for Analyzing Smart Grid Security Requirements Moyano, F., Fernandez-Gago, C., Beckers, K. & Heisel, M. Proceedings of the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14)   Springer  
BibTeX:
@inproceedings{MGBH2014,
  year = {2014},
  title = {Enhancing Problem Frames with Trust and Reputation for Analyzing Smart Grid Security Requirements},
  booktitle = {Proceedings of the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14)},
  author = {Moyano, Francisco and Fernandez-Gago, Carmen and Beckers, Kristian and Heisel, Maritta},
  publisher = {Springer},
  series = {LNCS 8448},
  pages = {166 -- 180},
  url = {http://www.springerlink.com/}
}
2014 Problem-Based Requirements Interaction Analysis Alebrahim, A., Faßbender, S., Heisel, M. & Meis, R. Proceedings of the International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ)   Springer  
Abstract: The ability to address the diverse interests of different
stakeholders in a software project in a coherent way is one
fundamental software quality. These diverse and maybe conflicting
interests are reflected by the requirements of each
stakeholder. Thus, it is likely that aggregated
requirements for a software system contain interactions. To avoid unwanted
interactions and improve software quality, we propose a structured
method consisting of three phases to find such interactions.
For our method, we use problem diagrams, which
describe requirements in a structured way. The information represented in the
problem diagrams is translated into a formal Z model.
Then we reduce the number of combinations of
requirements, which might conflict. The reduction of
requirements interaction candidates is crucial to lower the effort of the in
depth interaction analysis. For validation of our method, we use a real-life
example in the domain of smart grid.
BibTeX:
@inproceedings{REFSQ2014,
  year = {2014},
  title = {Problem-Based Requirements Interaction Analysis},
  booktitle = {Proceedings of the International Working Conference on Requirements Engineering: Foundation for Software Quality ({REFSQ})},
  author = {Alebrahim, Azadeh and Fa{\ss}bender, Stephan and Heisel, Maritta and Meis, Rene},
  publisher = {Springer},
  series = {LNCS 8396},
  pages = {200--215},
  url = {http://dx.doi.org/10.1007/978-3-319-05843-6_15},
  doi = {10.1007/978-3-319-05843-6_15}
}
2014 Systematic Derivation of Functional Safety Requirements for Automotive Systems Beckers, K., Côté, I., Frese, T., Hatebur, D. & Heisel, M. Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)   Springer  
Abstract: The released ISO 26262 standard for automotive systems
requires breaking down safety goals from the hazard analysis and risk
assessment into functional safety requirements in the functional safety
concept. It has to be justi ed that the de ned functional safety requirements
are suitable to achieve the stated safety goals. In this paper, we
present a systematic, structured and model-based method to de ne functional
safety requirements using a given set of safety goals. The rationale
for safety goal achievement, the relevant attributes of the functional
safety requirements, and their relationships are represented by a UML
notation extended with stereotypes. The UML model enables a rigorous
validation of several constraints expressed in OCL. We illustrate our
method using an example electronic steering column lock system.
BibTeX:
@inproceedings{safecomp2014,
  year = {2014},
  title = {{Systematic Derivation of Functional Safety Requirements for Automotive Systems}},
  booktitle = {Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)},
  author = {Beckers, Kristian and C{\^{o}}t{\'{e}}, Isabelle and Frese, Thomas and Hatebur, Denis and Heisel, Maritta},
  publisher = {Springer},
  series = {LNCS 8666},
  pages = {65--80},
  url = {https://link.springer.com/}
}
2014 Determining the Probability of Smart Grid Attacks by Combining Attack Tree and Attack Graph Analysis Beckers, K., Heisel, M., Krautsevich, L., Martinelli, F., Meis, R. & Yautsiukhin, A. Smart Grid Security - Second International Workshop, SmartGridSec 2014, Munich, Germany, February 26, 2014, Revised Selected Papers   Springer  
Abstract: Smart grid is an intelligent energy distribution system consisting of multiple information and communication technologies (ICT). One of the challenges for such complex and heterogeneous system as smart grid is to unite security analysis on a high level of abstraction and concrete behavioral attack patterns that exploit low-level vulnerabilities. We provide a structured method that combines the Si* language, which can express attacker motivations as a goal hierarchy, and vulnerability specific attack graphs, which shows every step available for an attacker. We derive system specific information from the low-level representation of the system for a high-level probabilistic analysis.
BibTeX:
@inproceedings{SmartGridSec14,
  year = {2014},
  title = {Determining the Probability of Smart Grid Attacks by Combining Attack Tree and Attack Graph Analysis},
  booktitle = {Smart Grid Security - Second International Workshop, SmartGridSec 2014, Munich, Germany, February 26, 2014, Revised Selected Papers},
  author = {Beckers, Kristian and Heisel, Maritta and Krautsevich, Leanid and Martinelli, Fabio and Meis, Rene and Yautsiukhin, Artisom},
  publisher = {Springer},
  series = {LNCS 8448},
  pages = {30--47},
  url = {http://dx.doi.org/10.1007/978-3-319-10329-7_3},
  doi = {10.1007/978-3-319-10329-7_3}
}
2014 A Structured Approach for Eliciting, Modeling, and Using Quality-Related Domain Knowledge Alebrahim, A., Heisel, M. & Meis, R. Proceedings of the 14th International Conference on Computational Science and Its Applications (ICCSA)   Springer  
Abstract: In requirements engineering, properties of the environment and assumptions about
it, called domain knowledge, need to be captured in addition to
exploring the requirements.
Despite the recognition of the significance of capturing and using the
required domain knowledge, it might be missing, left implicit, or be
captured inadequately during the software development. This results in an
incorrect specification. Moreover, the software might fail to achieve its
quality objectives because of ignored required constraints and assumptions.
In order to analyze software quality properly, we
propose a structured approach for eliciting, modeling, and using domain
knowledge. We investigate what kind of quality-related domain knowledge is
required for the early phases of quality-driven software development and how
such domain knowledge can be systematically elicited and explicitly modeled to
be used for the analysis of quality requirements. Our method aims at improving
the quality of the requirements engineering process by facilitating the
capturing and using of implicit domain knowledge.
BibTeX:
@incollection{SQ2014,
  year = {2014},
  title = {A Structured Approach for Eliciting, Modeling, and Using Quality-Related Domain Knowledge},
  booktitle = {Proceedings of the 14th International Conference on Computational Science and Its Applications (ICCSA)},
  author = {Alebrahim, Azadeh and Heisel, Maritta and Meis, Rene},
  publisher = {Springer},
  series = {LNCS 8583},
  pages = {370--386},
  url = {http://dx.doi.org/10.1007/978-3-319-09156-3_27},
  doi = {10.1007/978-3-319-09156-3_27}
}
2014 Optimizing functional and quality requirements according to stakeholders' goals Alebrahim, A., Choppy, C., Faßbender, S. & Heisel, M. System Quality and Software Architecture (SQSA)    
BibTeX:
@incollection{SQSA2014,
  year = {2014},
  title = {Optimizing functional and quality requirements according to stakeholders' goals},
  booktitle = {System Quality and Software Architecture (SQSA)},
  author = {Alebrahim, Azadeh and Choppy, Christine and Fa{\ss}bender, Stephan and Heisel, Maritta},
  publisher = {Elsevier},
  pages = {75-120}
}
2014 Privacy-Aware Cloud Deployment Scenario Selection Beckers, K., Faßbender, S., Gritzalis, S., Heisel, M., Kalloniatis, C. & Meis, R. Trust, Privacy, and Security in Digital Business   Springer  
Abstract: Nowadays, IT-resources are often out-sourced to clouds to reduce
administration and hardware costs of the own IT
infrastructure. There are different deployment scenarios for clouds
that heavily differ in the costs for deployment and maintenance, but
also in the number of stakeholders involved in the cloud and the
control over the data in the cloud. These additional stakeholders
can introduce new privacy threats into a system. Hence, there is a
trade-off between the reduction of costs and addressing privacy
concerns introduced by clouds. Our contribution is a structured
method that assists decision makers in selecting an appropriate
cloud deployment scenario. Our method is based on the privacy
requirements of the system-to-be. These are analyzed on basis of the
functional requirements using the problem-based privacy threat
analysis (ProPAn). The concept of clouds is integrated into the
requirements model, which is used by ProPAn to automatically generate
privacy threat graphs.
BibTeX:
@inproceedings{TrustBus2014,
  year = {2014},
  title = {Privacy-Aware Cloud Deployment Scenario Selection},
  booktitle = {Trust, Privacy, and Security in Digital Business},
  author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Gritzalis, Stefanos and Heisel, Maritta and Kalloniatis, Christos and Meis, Rene},
  publisher = {Springer},
  series = {LNCS 8647},
  pages = {94-105},
  url = {http://dx.doi.org/10.1007/978-3-319-09770-1_9},
  doi = {10.1007/978-3-319-09770-1_9}
}
2013 A Problem-based Threat Analysis in compliance with Common Criteria Beckers, K., Hatebur, D. & Heisel, M. Proceedings of the International Conference on Availability, Reliability and Security (ARES)   IEEE Computer Society  
Abstract: In order to gain their customers’ trust, software vendors
can certify their products according to security standards,
e.g., the Common Criteria (ISO 15408). A Common Criteria
certification requires a comprehensible documentation of the
software product, including a detailed threat analysis. In our
work, we focus on improving that threat analysis. Our method
is based upon an attacker model, which considers attacker types
like software attacker that threaten only specific parts of a
system. We use OCL expressions to check if all attackers for a
specific domain have been considered. For example, we propose
a computer-aided method that checks if all software systems
have either considered a software attacker or documented an
assumption that excludes software attackers.
Hence, we propose a structured method for threat analysis that
considers the Common Criteria’s (CC) demands for documentation
of the system in its environment and the reasoning that
all threats are discovered. We use UML4PF, a UML profile and
support tool for Jackson’s problem frame method and OCL for
supporting security reasoning, validation of models, and also to
generate Common Criteria-compliant documentation. Our threat
analysis method can also be used for threat analysis without the
common criteria, because it uses a specific part of the UML
profile that can be adapted to other demands with little effort.
We illustrate our approach with the development of a smart
metering gateway system.
BibTeX:
@inproceedings{Beckers2013-ares1,
  year = {2013},
  title = {A Problem-based Threat Analysis in compliance with Common Criteria},
  booktitle = {Proceedings of the International Conference on Availability, Reliability and Security ({ARES})},
  author = {Beckers, Kristian and Hatebur, Denis and Heisel, Maritta},
  publisher = {IEEE Computer Society},
  pages = {111-120},
  url = {http://www.ieee.org/}
}
2013 Structured Pattern-Based Security Requirements Elicitation for Clouds Beckers, K., Côté, I., Goeke, L., Güler, S. & Heisel, M. Proceedings of the International Conference on Availability, Reliability and Security (ARES) - 7th International Workshop on Secure Software Engineering (SecSE 2013)   IEEE Computer Society  
BibTeX:
@inproceedings{Beckers2013-ares2,
  year = {2013},
  title = {Structured Pattern-Based Security Requirements Elicitation for Clouds},
  booktitle = {Proceedings of the International Conference on Availability, Reliability and Security ({ARES}) - 7th International Workshop on Secure Software Engineering (SecSE 2013)},
  author = {Beckers, Kristian and C{\^{o}}t{\'{e}}, Isabelle and Goeke, Ludger and G{\"{u}}ler, Selim and Heisel, Maritta},
  publisher = {IEEE Computer Society},
  pages = {465-474},
  url = {http://www.ieee.org/}
}
2013 A Usability Evaluation of the NESSoS Common Body of Knowledge Beckers, K. & Heisel, M. Proceedings of the International Conference on Availability, Reliability and Security (ARES) - 2nd International Workshop on Security Ontologies and Taxonomies(SecOnT 2013)   IEEE Computer Society  
Abstract: The common body of knowledge (CBK) of the
Network of Excellence on Engineering Secure Future Internet
Software Services and Systems (NESSoS) is a ontology that
contains knowledge objects (methods, tools, notations, etc.) for
secure systems engineering. The CBK is intended to support
one of the main goals of the NESSoS NoE, namely to create a
long-lasting research community on engineering secure software
services and systems and to bring together researchers and
practitioners from security engineering, service computing, and
software engineering. Hence, the usability of the CBK is of utmost
importance to stimulate participations in the effort of collecting
and distributing knowledge about secure systems engineering.
This paper is devoted to identifying and ameliorating usability
deficiencies in the initial version of the CBK and its current
implementation in the SMW+ framework. We report on usability
tests that we performed on the initial version of the CBK
and the suggestions for improvement that resulted from the
usability tests. We also show some exemplary solutions, which we
already implemented. We discuss our experiences so that other
researchers can benefit from them.
BibTeX:
@inproceedings{Beckers2013-ares3,
  year = {2013},
  title = {A Usability Evaluation of the NESSoS Common Body of Knowledge},
  booktitle = {Proceedings of the International Conference on Availability, Reliability and Security ({ARES}) - 2nd International Workshop on Security Ontologies and Taxonomies(SecOnT 2013)},
  author = {Beckers, Kristian and Heisel, Maritta},
  publisher = {IEEE Computer Society},
  pages = {559-568},
  url = {http://www.ieee.org/}
}
2013 Combining Goal-oriented and Problem-oriented Requirements Engineering Methods Beckers, K., Faßbender, S., Heisel, M. & Paci, F. Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2013)   Springer  
Abstract: Several requirements engineering methods exist that differ in their abstraction
level and in their view on the system-to-be. Two fundamentally different
classes of requirements engineering methods are goal- and problem-based methods.
Goal-based methods analyze the goals of stakeholders towards the systemto-
be. Problem-based methods focus on decomposing the development problem
into simple sub-problems. Goal-based methods use a higher abstraction level that
consider only the parts of a system that are relevant for a goal and provide the
means to analyze and solve goal conflicts. Problem-based methods use a lower
abstraction level that describes the entire system-to-be. A combination of these
methods enables a seamless software development, which considers stakeholders’
goals and a comprehensive view on the system-to-be at the requirements
level. We propose a requirements engineering method that combines the goalbased
method SI* and the problem-based method Problem Frames. We propose
to analyze the issues between different goals of stakeholders first using the SI*
method. Our method provides the means to use the resulting SI* models as input
for the problem frame method. These Problem Frame models can be refined into
architectures using existing research. Thus, we provide a combined requirements
engineering method that considers all stakeholder views and provides a detailed
system specification. We illustrate our method using an E-Health example.
BibTeX:
@inproceedings{Beckers2013-cdares2,
  year = {2013},
  title = {Combining Goal-oriented and Problem-oriented Requirements Engineering Methods},
  booktitle = {Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2013)},
  author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Heisel, Maritta and Paci, Federica},
  publisher = {Springer},
  series = {LNCS 8127},
  pages = {178-194},
  url = {http://www.springerlink.com/}
}
2013 A Meta-Model Approach to the Fundamentals for a Pattern Language for Context Elicitation Beckers, K., Faßbender, S. & Heisel, M. Proceedings of the 18th European Conference on Pattern Languages of Programs (Europlop)   ACM  
Abstract: It is essential for building the right software system to elicit and analyze requirements. Requirements define what right is, without them
a checking if the right software was built is impossible. Writing requirements that can achieve this purpose is only possible if the domain
knowledge of the system-to-be and its environment is known and considered thoroughly. We consider this as the context problem of software
development.
In the past, we tackled this problem by describing common structures and stakeholders for several different domains. The common elements of
the context where obtained by from observations about the domain in terms of standards, domain specific publications and implementations.
Whenever a system-to-be is within the context of a domain already described by a context elicitation pattern, one can use this pattern
to describe the context by instantiation. But the description of the structure of a context elicitation pattern, especially in terms of its static
structure, was not aligned. This inhibits relating context elicitation patterns to form a patter language. Also describing newly observed pattern
is difficult for inexperienced pattern creators without any guidance.
We present these patterns, show how we used them to construct our meta-model, and give an example how to describe a context elicitation
pattern using the meta-model.
We propose a meta model for describing context patterns. The meta model contains elements, which can be used to structure and describe
domain knowledge in a generic form. These context patterns can afterwards be instantiated with the domain knowledge required for software
engineering. We presented a number of context patterns for different areas of domain knowledge in the past. This work is based on these
existing patterns, which we abstracted into a meta-model. We present our context patterns, show how we used them to construct our metamodel,
and provide an example of how to describe a context elicitation pattern using our meta-model. We contribute this meta model as a
basis for a pattern language for context elicitation.
BibTeX:
@inproceedings{Beckers2013-europlop,
  year = {2013},
  title = {A Meta-Model Approach to the Fundamentals for a Pattern Language for Context Elicitation},
  booktitle = {Proceedings of the 18th European Conference on Pattern Languages of Programs (Europlop)},
  author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Heisel, Maritta},
  publisher = {ACM},
  pages = {-},
  note = {Accepted for Publication},
  url = {http://dl.acm.org/}
}
2013 A Structured and Model-Based Hazard Analysis and Risk Assessment Method for Automotive Systems Beckers, K., Frese, T., Hatebur, D. & Heisel, M. Proceedings of the 24th IEEE International Symposium on Software Reliability Engineering   IEEE Computer Society  
Abstract: The released ISO 26262 standard requires a hazard
analysis and risk assessment for automotive systems to
determine the necessary safety measures to be implemented
for a certain feature. In this paper, we present a structured
and model-based hazard analysis and risk assessment method
for automotive systems. The hazard analysis and risk assessment
are based on a requirements engineering process using
problem frames. Their elements are represented by a UML
notation extended with stereotypes. The UML model enables
a rigorous validation of several constraints expressed in OCL.
We illustrate our method using an electronic steering column
lock system.
BibTeX:
@inproceedings{Beckers2013-issre,
  year = {2013},
  title = {A Structured and Model-Based Hazard Analysis and Risk Assessment Method for Automotive Systems},
  booktitle = {Proceedings of the 24th IEEE International Symposium on Software Reliability Engineering},
  author = {Beckers, Kristian and Frese, Thomas and Hatebur, Denis and Heisel, Maritta},
  publisher = {IEEE Computer Society},
  pages = {238-247},
  url = {http://www.ieee.org/}
}
2013 A pattern-based method for establishing a cloud-specific information security management system Beckers, K., Côté, I., Faßbender, S., Heisel, M. & Hofbauer, S. Requirements Engineering   Springer-Verlag  
Abstract: Assembling an information security management
system (ISMS) according to the ISO 27001 standard
is difficult, because the standard provides only very sparse
support for system development and documentation.
Assembling an ISMS consists of several difficult tasks,
e.g., asset identification, threat and risk analysis and
security reasoning. Moreover, the standard demands consideration
of laws and regulations, as well as privacy
concerns. These demands present multi-disciplinary challenges
for security engineers. Cloud computing provides
scalable IT resources and the challenges of establishing an
ISMS increases, because of the significant number of
stakeholders and technologies involved and the distribution
of clouds among many countries. We analyzed the ISO
27001 demands for these multi-disciplinary challenges and
cloud computing systems. Based on these insights, we
provide a method that relies upon existing requirements
engineering methods and patterns for several security tasks,
e.g., context descriptions, threat analysis and policy definition.
These can ease the effort of establishing an ISMS
and can produce the necessary documentation for an ISO
27001 compliant ISMS. We illustrate our approach using
the example of an online bank.
BibTeX:
@article{Beckers2013rohtua,
  year = {2013},
  title = {A pattern-based method for establishing a cloud-specific information security management system},
  author = {Beckers, Kristian and C{\^{o}}t{\'{e}}, Isabelle and Fa{\ss}bender, Stephan and Heisel, Maritta and Hofbauer, Stefan},
  journal = {Requirements Engineering},
  publisher = {Springer-Verlag},
  pages = {1-53},
  url = {http://www.springerlink.com/}
}
2013 A Meta-Model for Context-Patterns Beckers, K., Faßbender, S. & Heisel, M. Proceedings of the 18th European Conference on Pattern Languages of Program   ACM  
Abstract: It is essential for building the right software system to elicit and analyze requirements. Writing requirements that can achieve the purpose of
building the right system is only possible if the domain knowledge of the system-to-be and its environment is known and considered
thoroughly. We consider this as the context problem of software development. In the past, we tackled this problem by describing common
structures and stakeholders for several different domains. The common elements of the context were obtained from observations about the
domain in terms of standards, domain specific p u blications a n d i m plementations. But the d escription of t h e structure of a context-pattern,
especially in terms of its static structure, was not aligned. This inhibits relating context-patterns to form a pattern language. It is also difficult
for inexperienced pattern creators to describe newly observed patterns without any guidance.
We propose a meta model for describing context-patterns. The meta model contains elements, which can be used to structure and describe
domain knowledge in a generic form. These context-patterns can afterwards be instantiated with the domain knowledge required for software
engineering. This work is based on already existing patterns, which we abstracted into a meta-model. We present our context-patterns, show
how we used them to construct our meta-model, and provide an example of how to describe a context-pattern using our meta-model. We
contribute this meta model as a basis for a pattern language for context elicitation.
BibTeX:
@inproceedings{BeckersFassbender2013ACM-europlop,
  year = {2013},
  title = {A Meta-Model for Context-Patterns},
  booktitle = {Proceedings of the 18th European Conference on Pattern Languages of Program},
  author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Heisel, Maritta},
  publisher = {ACM},
  series = {EuroPLoP '13},
  pages = {5:1--5:15},
  url = {http://doi.acm.org/10.1145/2739011.2739016},
  doi = {10.1145/2739011.2739016}
}
2013 A Framework for Combining Problem Frames and Goal Models to Support Context Analysis during Requirements Engineering Mohammadi, N. G., Alebrahim, A., Weyer, T., Heisel, M. & Pohl, K. Proceedings of the 5th International Cross-Domain Conference on Availability, Reliability, and Security in Information Systems and HCI (CD-ARES)   Springer  
Abstract: Quality requirements, like security requirements, are dicult
to elicit, especially if they cross multiple domains. Understanding these
domains is an important issue in the requirements engineering process
for the corresponding systems. Well-known requirements engineering ap-
proaches, such as goal-oriented techniques provide a good starting point
in capturing security requirements in the form of soft-goals in the early
stage of the software engineering process. However, such approaches are
not sucient for context and problem analysis. On the other hand, the
context and problem modeling approaches like e.g., problem frames, do
not address the system goals. Integrating the relevant context knowledge
into goal models is a promising approach to address the mutual limita-
tions. In this paper, we propose a framework for combining goal models
and problem frames. The framework makes it possible to document the
goals of the system together with the corresponding knowledge of the
system's context. Furthermore, it supports the process of re ning (soft-)
goals right up to the elicitation of corresponding security requirements.
To show the applicability of our approach, we illustrate its application
on a real-life case study concerning Smart Grids.
BibTeX:
@inproceedings{CDARES2013,
  year = {2013},
  title = {A Framework for Combining Problem Frames and Goal Models to Support Context Analysis during Requirements Engineering},
  booktitle = {Proceedings of the 5th International Cross-Domain Conference on Availability, Reliability, and Security in Information Systems and HCI (CD-ARES)},
  author = {Mohammadi, Nazila Gol and Alebrahim, Azadeh and Weyer, Thorsten and Heisel, Maritta and Pohl, Klaus},
  publisher = {Springer},
  series = {LNCS 8127},
  pages = {272--288},
  url = {https://link.springer.com/}
}
2013 From Problems to Laws in Requirements Engineering Using Model-Transformation (Best Students Paper Award) Faßbender, S. & Heisel, M. ICSOFT 2013 - Proceedings of the 8th International Conference on Software Paradigm Trends   SciTePress  
Abstract: Nowadays, many legislators decided to enact different laws, which all enforce legal and natural persons to deal
more carefully with IT systems. Hence, there is a need for techniques to identify and analyze laws, which are
relevant for an IT system. But identifying relevant compliance regulations for an IT system and aligning it to
be compliant to these regulations is a challenging task. In earlier works of ours we proposed patterns and a
structured method to tackle these problems. One of the central crucial steps, while using the patterns and the
method, is the transformation of requirements into a structure, allowing the identification of laws. The step is
not trivial, as requirements, in most cases, focus on the technical parts of the problem, putting the knowledge
about the environment of the system aside. In this work, we propose a method to structure the requirements,
elicit the needed domain knowledge and transform requirements into law identification pattern instances. For
this purpose, we make use of problem diagrams, problem frames, domain knowledge, and questionnaire. We
present our method using a voting system as an example, which was obtained from the ModIWa DFGa project
and the common criteria profile for voting systems
BibTeX:
@inproceedings{FassbenderH13_icsoft,
  year = {2013},
  title = {From Problems to Laws in Requirements Engineering Using Model-Transformation (Best Students Paper Award)},
  booktitle = {ICSOFT 2013 - Proceedings of the 8th International Conference on Software Paradigm Trends},
  author = {Fa{\ss}bender, Stephan and Heisel, Maritta},
  publisher = {SciTePress},
  pages = {447-458},
  url = {http://www.scitepress.org/DigitalLibrary/Link.aspx?doi=10.5220/0004490804470458},
  doi = {10.5220/0004490804470458}
}
2013 Common Criteria CompliAnt Software Development (CC-CASD) Beckers, K., Faßbender, S., Hatebur, D., Heisel, M. & Côté, I. Proceedings of the 28th Annual ACM Symposium on Applied Computing (SAC)   ACM  
Abstract: In order to gain their customers’ trust, software vendors can certify
their products according to security standards, e.g., the Common
Criteria (ISO 15408). However, a Common Criteria certification
requires a comprehensible documentation of the software product.
The creation of this documentation results in high costs in terms of
time and money.
We propose a software development process that supports the
creation of the required documentation for a Common Criteria certification.
Hence, we do not need to create the documentation after
the software is built. Furthermore, we propose to use an enhanced
version of the requirements-driven software engineering process
called ADIT to discover possible problems with the establishment
of Common Criteria documents. We aim to detect these issues before
the certification process. Thus, we avoid expensive delays of
the certification effort. ADIT provides a seamless development approach
that allows consistency checks between different kinds of
UML models. ADIT also supports traceability from security requirements
to design documents. We illustrate our approach with
the development of a smart metering gateway system.
BibTeX:
@inproceedings{SAC2013,
  year = {2013},
  title = {{Common Criteria CompliAnt Software Development (CC-CASD)}},
  booktitle = {Proceedings of the 28th Annual ACM Symposium on Applied Computing (SAC)},
  author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Hatebur, Denis and Heisel, Maritta and C{\^{o}}t{\'{e}}, Isabelle},
  publisher = {ACM},
  pages = {1298--1304},
  url = {https://dl.acm.org/citation.cfm?id=2480604}
}
2012 Ontology-Based Identification of Research Gaps and Immature Research Areas Beckers, K., Eicker, S., Faßbender, S., Heisel, M., Schmidt, H. & Schwittek, W. Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2012)   Springer  
Abstract: Researchers often have to understand new knowledge areas, and identify
research gaps and immature areas in them. They have to understand and
link numerous publications to achieve this goal. This is difficult, because natural
language has to be analyzed in the publications, and implicit relations between
them have to be discovered. We propose to utilize the structuring possibilities of
ontologies to make the relations between publications, knowledge objects (e.g.,
methods, tools, notations), and knowledge areas explicit. Furthermore, we use
Kitchenham’s work on structured literature reviews and apply it to the ontology.
We formalize relations between objects in the ontology using Codd’s relational
algebra to support different kinds of literature research. These formal expressions
are implemented as ontology queries. Thus, we implement an immature research
area analysis and research gap identification mechanism. The ontology and its
relations are implemented based on the Semantic MediaWiki+ platform.
BibTeX:
@inproceedings{Beckers2012-ares1,
  year = {2012},
  title = {Ontology-Based Identification of Research Gaps and Immature Research Areas},
  booktitle = {Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2012)},
  author = {Beckers, Kristian and Eicker, Stefan and Fa{\ss}bender, Stephan and Heisel, Maritta and Schmidt, Holger and Schwittek, Widura},
  publisher = {Springer},
  series = {LNCS 7465},
  pages = {93-107},
  url = {http://www.springerlink.com/}
}
2012 A Foundation for Requirements Analysis of Privacy Preserving Software Beckers, K. & Heisel, M. Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2012)   Springer  
Abstract: Privacy requirements are difficult to elicit for any given software engineering
project that processes personal information. The problem is that these
systems require personal data in order to achieve their functional requirements
and privacy mechanisms that constrain the processing of personal information in
such a way that the requirement still states a useful functionality.
We present privacy patterns that support the expression and analysis of different
privacy goals: anonymity, pseudonymity, unlinkability and unobservability.
These patterns have a textual representation that can be instantiated. In addition,
for each pattern, a logical predicate exists that can be used to validate the instantiation.
We also present a structured method for instantiating and validating the
privacy patterns, and for choosing privacy mechanisms. Our patterns can also be
used to identify incomplete privacy requirements. The approach is illustrated by
the case study of a patient monitoring system.
BibTeX:
@inproceedings{Beckers2012-ares3,
  year = {2012},
  title = {A Foundation for Requirements Analysis of Privacy Preserving Software},
  booktitle = {Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2012)},
  author = {Beckers, Kristian and Heisel, Maritta},
  publisher = {Springer},
  series = {LNCS 7465},
  pages = {1-16},
  url = {http://www.springerlink.com/}
}
2012 Using Security Requirements Engineering Approaches to Support ISO 27001 Information Security Management Systems Development and Documentation Beckers, K., Heisel, M., Faßbender, S. & Schmidt, H. Proceedings of the International Conference on Availability, Reliability and Security (ARES)   IEEE Computer Society  
Abstract: An ISO 27001 compliant information security
management system is difficult to create, due to the the limited
support for system development and documentation provided
in the standard.
We present a structured analysis of the documentation
and development requirements in the ISO 27001 standard.
Moreover, we investigate to what extent existing security
requirements engineering approaches fulfill these requirements.
We developed relations between these approaches and the
ISO 27001 standard using a conceptual framework originally
developed for comparing security requirements engineering
methods. The relations include comparisons of important
terms, techniques, and documentation artifacts. In addition,
we show practical applications of our results.
BibTeX:
@inproceedings{Beckers2012-ares4,
  year = {2012},
  title = {Using Security Requirements Engineering Approaches to Support ISO 27001 Information Security Management Systems Development and Documentation},
  booktitle = {Proceedings of the International Conference on Availability, Reliability and Security ({ARES})},
  author = {Beckers, Kristian and Heisel, Maritta and Fa{\ss}bender, Stephan and Schmidt, Holger},
  publisher = {IEEE Computer Society},
  pages = {243-248},
  url = {http://www.ieee.org/}
}
2012 A Common Body of Knowledge for Engineering Secure Software and Services Schwittek, W., Schmidt, H., Beckers, K., Eicker, S., Faßbender, S. & Heisel, M. Proceedings of the International Conference on Availability, Reliability and Security (ARES) - 1st International Workshop on Security Ontologies and Taxonomies (SecOnT 2012)   IEEE Computer Society  
BibTeX:
@inproceedings{Beckers2012-ares7,
  year = {2012},
  title = {A Common Body of Knowledge for Engineering Secure Software and Services},
  booktitle = {Proceedings of the International Conference on Availability, Reliability and Security ({ARES}) - 1st International Workshop on Security Ontologies and Taxonomies (SecOnT 2012)},
  author = {Schwittek, Widura and Schmidt, Holger and Beckers, Kristian and Eicker, Stefan and Fa{\ss}bender, Stephan and Heisel, Maritta},
  publisher = {IEEE Computer Society},
  pages = {499-506},
  url = {http://www.ieee.org/}
}
2012 An Aspect-Oriented Approach to Relating Security Requirements and Access Control Alebrahim, A., Tun, T. T., Yu, Y., Heisel, M. & Nuseibeh, B. Proceedings of the CAiSE Forum   CEUR-WS.org  
Abstract: Affecting multiple parts in software systems, security requirements often tangle with functional requirements. In order to separate crosscutting concerns and increase modularity, we propose to represent security requirements as aspects that can be woven into functional requirements. Using problem frames to model the functional requirements, weaving is achieved by composing the modules representing security aspects with the requirement models. Moreover, we provide guidance on how such security aspects are structured to implement a particular access control solution. As a result, such security aspects become reusable solution patterns to refne the structure of security-related problem.
BibTeX:
@inproceedings{CAiSEForum2012,
  year = {2012},
  title = {An Aspect-Oriented Approach to Relating Security Requirements and Access Control},
  booktitle = {Proceedings of the CAiSE Forum},
  author = {Alebrahim, Azadeh and Tun, Thein Than and Yu, Yijun and Heisel, Maritta and Nuseibeh, Bashar},
  publisher = {CEUR-WS.org},
  volume = {855},
  series = {CEUR Workshop Proceedings},
  pages = {15--22},
  url = {http://ceur-ws.org/}
}
2012 Enterprise Applications: From Requirements to Design Choppy, C., Reggio, G., Hatebur, D. & Heisel, M. Aligning Enterprise, System, and Software Architectures   IGI Global  
BibTeX:
@incollection{CRHH2012,
  year = {2012},
  title = {Enterprise Applications: From Requirements to Design},
  booktitle = {Aligning Enterprise, System, and Software Architectures},
  author = {Choppy, Christine and Reggio, G. and Hatebur, Denis and Heisel, Maritta},
  publisher = {IGI Global},
  pages = {96--117},
  url = {www.igi-global.com}
}
2012 Supporting the Development and Documentation of ISO 27001 Information Security Management Systems Through Security Requirements Engineering Approaches Beckers, K., Faßbender, S., Heisel, M., Küster, J.-C. & Schmidt, H. Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS)   Springer  
Abstract: Assembling an information security management system according
to the ISO 27001 standard is difficult, because the standard provides
only sparse support for system development and documentation.
We analyse the ISO 27001 standard to determine what techniques and
documentation are necessary and instrumental to develop and document
systems according to this standard. Based on these insights, we inspect a
number of current security requirements engineering approaches to evaluate
whether and to what extent these approaches support ISO 27001
system development and documentation. We re-use a conceptual framework
originally developed for comparing security requirements engineering
methods to relate important terms, techniques, and documentation
artifacts of the security requirements engineering methods to the ISO
27001.
BibTeX:
@inproceedings{essos2012,
  year = {2012},
  title = {Supporting the Development and Documentation of {ISO} 27001 Information Security Management Systems Through Security Requirements Engineering Approaches},
  booktitle = {Proceedings of the International Symposium on Engineering Secure Software and Systems ({ESSoS})},
  author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Heisel, Maritta and K{\"{u}}ster, Jan-Christoph and Schmidt, Holger},
  publisher = {Springer},
  series = {LNCS 7159},
  url = {https://link.springer.com/}
}
2012 Supporting Quality-Driven Design Decisions by Modeling Variability Alebrahim, A. & Heisel, M. Proceedings of the International ACM Sigsoft Conference on the Quality of Software Architectures (QoSA)   ACM  
Abstract: Design decisions should take quality characteristics into account.
To support such decisions, we capture various solution
artifacts with different levels of satisfying quality requirements
as variabilities in the solution space and provide
them with rationales for selecting suitable variants. We
present a UML-based approach to modeling variability in
the problem and the solution space by adopting the notion
of feature modeling. It provides a mapping of requirements
variability to design solution variability to be used as a part
of a general process for generating design alternatives. Our
approach supports the software engineer in the process of
decision-making for selecting suitable solution variants, reflecting
quality concerns, and reasoning about it.
BibTeX:
@inproceedings{qosa2012,
  year = {2012},
  title = {Supporting Quality-Driven Design Decisions by Modeling Variability},
  booktitle = {Proceedings of the International ACM Sigsoft Conference on the Quality of Software Architectures ({QoSA})},
  author = {Alebrahim, Azadeh and Heisel, Maritta},
  publisher = {ACM},
  pages = {43-48},
  url = {https://dl.acm.org/citation.cfm?id=2304705}
}
2012 Designing Architectures from Problem Descriptions by Interactive Model Transformation Alebrahim, A., Côté, I., Heisel, M., Choppy, C. & Hatebur, D. Proceedings 27th Symposium on Applied Computing   ACM  
Abstract: We present a structured approach to systematically derive a software
architecture from a given problem description based on problem
frames and a description of the environment. Our aim is to
re-use the elements of the problem descriptions in creating the architecture.
The derivation is performed by transforming the problem
description into an initial architecture, where each subproblem
corresponds to a component. The transformation is supported by
model transformation rules, formally specified as operations with
pre- and postconditions. This specification serves as a blueprint for
a tool supporting the architectural design. We illustrate our method
by the example of a patient care system.
BibTeX:
@inproceedings{SAC2012,
  year = {2012},
  title = {Designing Architectures from Problem Descriptions by Interactive Model Transformation},
  booktitle = {Proceedings 27th Symposium on Applied Computing},
  author = {Alebrahim, Azadeh and C{\^{o}}t{\'{e}}, Isabelle and Heisel, Maritta and Choppy, Christine and Hatebur, Denis},
  publisher = {ACM},
  pages = {1256--1258},
  url = {http://dl.acm.org/}
}
2012 Pattern-based Context Establishment for Service-Oriented Architectures Beckers, K., Faßbender, S., Heisel, M. & Meis, R. Software Service and Application Engineering   Springer  
Abstract: A context description of a software system and its environment is essential
for any given software engineering process. Requirements define statements
about the environment (according to Jackson's terminology). The context
description of a Service-Oriented Architecture is difficult to provide,
because of the variety of technical systems and stakeholders involved. We
present two patterns for SOA systems and support their instantiation with a
structured method. In addition, we show how the pattern can be used in a
secure service development life-cycle.
BibTeX:
@inproceedings{sdps2012,
  year = {2012},
  title = {Pattern-based Context Establishment for Service-Oriented Architectures},
  booktitle = {Software Service and Application Engineering},
  author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Heisel, Maritta and Meis, Rene},
  publisher = {Springer},
  series = {LNCS 7365},
  pages = {81-101},
  url = {http://dx.doi.org/10.1007/978-3-642-30835-2_7},
  doi = {10.1007/978-3-642-30835-2_7}
}
2012 Deriving Quality-based Architecture Alternatives with Patterns Konersmann, M., Alebrahim, A., Heisel, M., Goedicke, M. & Kersten, B. Software Engineering   GI  
Abstract: We propose in this paper an iterative method composed of three steps to
derive architecture alternatives from quality requirements using a catalogue of patterns
and styles. The solution candidates are chosen by answering a set of questions which
reflects the requirements. We instantiate then the solution candidates using a UMLbased
enhancement of the problem frame approach. To ensure that the instantiated
architectures fulfill the quality requirements, we evaluate them in the next step. A
desired refinement of the software architectures is then achieved by iterating over the
described steps.
BibTeX:
@inproceedings{SE2012,
  year = {2012},
  title = {Deriving Quality-based Architecture Alternatives with Patterns},
  booktitle = {Software Engineering},
  author = {Konersmann, Marco and Alebrahim, Azadeh and Heisel, Maritta and Goedicke, Michael and Kersten, Benjamin},
  publisher = {GI},
  series = {LNI 198},
  pages = {71--82},
  url = {www.gi.de}
}
2011 Towards Systematic Integration of Quality Requirements into Software Architecture Alebrahim, A., Hatebur, D. & Heisel, M. Proceedings of the 5th European Conference on Software Architecture (ECSA 2011)   Springer  
Abstract: We present a model- and pattern-based approach that allows
software engineers to take quality requirements into account right from
the beginning of the software development process. The approach comprises
requirements analysis as well as the software architecture design,
in which quality requirements are re
ected explicitly.
BibTeX:
@inproceedings{AHH2011a,
  year = {2011},
  title = {Towards Systematic Integration of Quality Requirements into Software Architecture},
  booktitle = {Proceedings of the 5th European Conference on Software Architecture (ECSA 2011)},
  author = {Alebrahim, Azadeh and Hatebur, Denis and Heisel, Maritta},
  publisher = {Springer},
  series = {LNCS 6903},
  pages = {17--25},
  url = {https://link.springer.com/}
}
2011 A Method to Derive Software Architectures from Quality Requirements Alebrahim, A., Hatebur, D. & Heisel, M. Proceedings of the 18th Asia-Pacific Software Engineering Conference (APSEC)   IEEE Computer Society  
Abstract: We present a model- and pattern-based method that allows software engineers to take quality requirements into account right from the beginning of the software development process. The method comprises requirements analysis as well as the derivation of a software architecture from requirements documents, in which quality requirements are reflected explicitly. For requirements analysis, we use an enhancement of the problem frame approach, where software development problems are represented by problem diagrams. The derivation of a software architecture starts from a set of problem diagrams, annotated with functional as well as quality requirements. First, we set up an initial software architecture, taking into account the decomposition of the overall software development problem into subproblems. Then, we incorporate quality requirements into that architecture by using security or performance patterns or mechanisms. The method is toolsupported, which allows developers to check semantic integrity conditions in the different models
BibTeX:
@inproceedings{AHH2011b,
  year = {2011},
  title = {A Method to Derive Software Architectures from Quality Requirements},
  booktitle = {Proceedings of the 18th Asia-Pacific Software Engineering Conference ({APSEC})},
  author = {Alebrahim, Azadeh and Hatebur, Denis and Heisel, Maritta},
  publisher = {IEEE Computer Society},
  pages = {322--330},
  url = {https://www.ieee.org/}
}
2011 On the Evolution of Component-based Software Côté, I., Heisel, M. & Souquières, J. Proceedings 4th IFIP TC2 Central and East European Conference on Software Engineering Techniques (CEE-SET)   Springer  
BibTeX:
@inproceedings{ceeset2009,
  year = {2011},
  title = {On the Evolution of Component-based Software},
  booktitle = {Proceedings 4th IFIP TC2 Central and East European Conference on Software Engineering Techniques (CEE-SET)},
  author = {C{\^{o}}t{\'{e}}, Isabelle and Heisel, Maritta and Souqui{\`{e}}res, Jeanine},
  publisher = {Springer},
  series = {LNCS 7054},
  pages = {54-69},
  url = {https://link.springer.com/}
}
2011 Systematic Architectural Design based on Problem Patterns Choppy, C., Hatebur, D. & Heisel, M. Relating Software Requirements and Architectures   Springer  
Abstract: We present a method to derive systematically software architectures
from problem descriptions. The problem descriptions are based on the artifacts
that are set up when following Jackson's problem frame approach. They include a
context diagram describing the overall problem situation and a set of problem
diagrams that describe subproblems of the overall software development problem.
The different subproblems should be instances of problem frames, which are
patterns for simple software development problems.
Starting from these pattern-based problem descriptions, we derive a software
architecture in three steps. An initial architecture contains one component for each
subproblem. In the second step, we apply different architectural and design
patterns and introduce coordinator and facade components. In the final step, the
components of the intermediate architecture are re-arranged to form a layered
architecture, and interface and driver components are added.
All artefacts are expressed as UML diagrams, using specific UML profiles. The
method is tool-supported. Our tool supports developers in setting up the diagrams,
and it checks different validation conditions concerning the semantic integrity and
the coherence of the different diagrams.
We illustrate the method by deriving an architecture for an automated teller
machine.
BibTeX:
@incollection{CHH2011a,
  year = {2011},
  title = {Systematic Architectural Design based on Problem Patterns},
  booktitle = {Relating Software Requirements and Architectures},
  author = {Choppy, Christine and Hatebur, Denis and Heisel, Maritta},
  publisher = {Springer},
  pages = {133--159},
  url = {https://link.springer.com/}
}
2011 A UML Profile and Tool Support for Evolutionary Requirements Engineering Côté, I. & Heisel, M. Proceedings of the European Conference on Software Maintenance and Reengineering   IEEE  
Abstract: In this paper, we present a method to perform the
first steps of software evolution, namely evolutionary requirements
engineering, where new requirements have to be analyzed
in the context of a set of already given requirements. The basic
idea is to adjust an existing requirements engineering process
so that evolution is supported. In the requirements engineering
process we consider, the original software development problem
is decomposed into a number of subproblems that are analyzed
according to the problem frame approach [1]. Evolution is
performed by defining rules for each process step and each
document that is generated in the respective step to incorporate
the new evolution requirements into the existing requirements
documents or to create, when necessary, additional documents.
We show that the evolution task benefits from the chosen problem
decomposition. The described software evolution method is toolsupported.
Our tool UML4PF, which is based on the Eclipse
Modeling Framework, supports the problem frame approach to
software engineering by a specifically defined UML profile. We
extend that profile so that it also covers software evolution.
BibTeX:
@inproceedings{CoteHeisel2011,
  year = {2011},
  title = {A {UML} Profile and Tool Support for Evolutionary Requirements Engineering},
  booktitle = {Proceedings of the European Conference on Software Maintenance and Reengineering},
  author = {C{\^{o}}t{\'{e}}, Isabelle and Heisel, Maritta},
  publisher = {IEEE},
  pages = {161--170},
  url = {https://www.ieee.org/}
}
2011 Systematic Development of UMLsec Design Models Based On Security Requirements Hatebur, D., Heisel, M., Jürjens, J. & Schmidt, H. Proceedings of the European Joint Conferences on Theory and Practice of Software (ETAPS) - Fundamental Approaches to Software Engineering (FASE)   Springer  
BibTeX:
@inproceedings{HHJ+2011,
  year = {2011},
  title = {Systematic Development of {UMLsec} Design Models Based On Security Requirements},
  booktitle = {Proceedings of the European Joint Conferences on Theory and Practice of Software (ETAPS) - Fundamental Approaches to Software Engineering ({FASE})},
  author = {Hatebur, Denis and Heisel, Maritta and J{\"{u}}rjens, Jan and Schmidt, Holger},
  publisher = {Springer},
  series = {LNCS 6603},
  pages = {232--246},
  url = {https://link.springer.com/}
}
2011 UML4PF -- A Tool for Problem-Oriented Requirements Analysis Côté, I., Hatebur, D., Heisel, M. & Schmidt, H. Proceedings of the International Conference on Requirements Engineering (RE)   IEEE Computer Society  
Abstract: We present a tool called UML4PF. This tool supports
requirements analysis according to an enhanced version
of Michael Jackson’s problem frame approach. UML4PF supports software engineers in
developing a coherent and complete set of requirements
documents. Moreover, it supports the systematic development
of an appropriate software architecture.
BibTeX:
@inproceedings{re2011,
  year = {2011},
  title = {{UML4PF} -- A Tool for Problem-Oriented Requirements Analysis},
  booktitle = {Proceedings of the International Conference on Requirements Engineering ({RE})},
  author = {C{\^{o}}t{\'{e}}, Isabelle and Hatebur, Denis and Heisel, Maritta and Schmidt, Holger},
  publisher = {IEEE Computer Society},
  pages = {349--350},
  url = {https://www.ieee.org}
}
2011 A Pattern- and Component-Based Method to Develop Secure Software Schmidt, H., Hatebur, D. & Heisel, M. Software Engineering for Secure Systems: Academic and Industrial Perspectives   IGI Global  
Abstract: We present a security engineering process based on security problem frames and concretized
security problem frames. Both kinds of frames constitute patterns for analyzing security problems
and associated solution approaches. They are arranged in a pattern system that makes
dependencies between them explicit. We describe step-by-step how the pattern system can be
used to analyze a given security problem and how solution approaches can be found.
Afterwards, the security problems and the solution approaches are formally modeled in detail.
The formal models serve to prove that the solution approaches are correct solutions to the security
problems. Furthermore, the formal models of the solution approaches constitute a formal
specification of the software to be developed.
Then, the specification is implemented by generic security components and generic security
architectures, which constitute architectural patterns. Finally, the generic security components
and the generic security architecture that composes them are refined and the result is a secure
software product built from existing and/or tailor-made security components.
KEYWORDS
security
BibTeX:
@incollection{SHH2011,
  year = {2011},
  title = {A Pattern- and Component-Based Method to Develop Secure Software},
  booktitle = {Software Engineering for Secure Systems: Academic and Industrial Perspectives},
  author = {Schmidt, Holger and Hatebur, Denis and Heisel, Maritta},
  publisher = {IGI Global},
  pages = {32--74},
  url = {http://www.igi-global.com/}
}
2011 Towards Systematic Integration of Performance and Security Requirements into Software Architecture Alebrahim, A., Hatebur, D. & Heisel, M. Software Architecture   Springer Berlin Heidelberg  
Abstract: We present a model- and pattern-based method that allows
software engineers to take quality requirements into account
right from the beginning of the software development process.
The method comprises requirements analysis as well as
the derivation of a software architecture from requirements
documents. In that architecture, quality requirements are
reflected explicitly.
For requirements analysis, we use an enhancement of the
problem frame approach [14], where software development
problems are represented by problem diagrams. In our enhanced
version of the problem frame approach, we use UML
notation, and we have added the possibility to complement
functional requirements with quality requirements, such as
security or performance requirements.
The derivation of a software architecture starts from a
set of problem diagrams, annotated with functional as well
as quality requirements. First, we set up an initial software
architecture, taking into account the decomposition of
the overall software development problem into subproblems.
Next, we incorporate quality requirements into that architecture
by using security or performance patterns or mechanisms.
To obtain the final architecture, (functional) design
patterns are applied. The method is tool-supported, which
allows developers to check semantic integrity conditions in
the different models.
BibTeX:
@proceedings{,
  year = {2011},
  title = {Towards Systematic Integration of Performance and Security Requirements into Software Architecture},
  booktitle = {Software Architecture},
  author = {Alebrahim, Azadeh and Hatebur, Denis and Heisel, Maritta},
  publisher = {Springer Berlin Heidelberg},
  url = {https://link.springer.com/chapter/10.1007%2F978-3-642-23798-0_2},
  doi = {10.1007/978-3-642-23798-0_2}
}
2010 A Comparison of Security Requirements Engineering Methods Fabian, B., Gürses, S., Heisel, M., Santen, T. & Schmidt, H. Requirements Engineering -- Special Issue on Security Requirements Engineering    
Abstract: This paper presents a conceptual framework for
security engineering, with a strong focus on security
requirements elicitation and analysis. This conceptual
framework establishes a clear-cut vocabulary and makes
explicit the interrelations between the different concepts and
notions used in security engineering. Further, we apply our
conceptual framework to compare and evaluate current
security requirements engineering approaches, such as the
Common Criteria, Secure Tropos, SREP, MSRA, as well as
methods based on UML and problem frames. We review
these methods and assess them according to different criteria,
such as the general approach and scope of the method, its
validation, and quality assurance capabilities. Finally, we
discuss how these methods are related to the conceptual
framework and to one another.
BibTeX:
@article{FGH+2010,
  year = {2010},
  title = {A Comparison of Security Requirements Engineering Methods},
  author = {Fabian, Benjamin and G{\"{u}}rses, Seda and Heisel, Maritta and Santen, Thomas and Schmidt, Holger},
  journal = {Requirements Engineering -- Special Issue on Security Requirements Engineering},
  volume = {15},
  number = {1},
  pages = {7--40}
}
2010 Making Pattern- and Model-Based Software Development More Rigorous Hatebur, D. & Heisel, M. Proceedings of International Conference on Formal Engineering Methods (ICFEM)   Springer  
Abstract: Pattern-based and model-based software development approaches have
a high potential to improve the quality of software. Patterns allow engineers to
re-use established and proven development knowledge. Developing software by
constructing a sequence of models provides engineers with various possibilities
for validation, because the different development models are not independent of
each other and hence can be checked for coherence.
We present a UML profile equipped with numerous OCL constraints that supports
a pattern- and model-based software development process. The basis of the
UML profile is a representation of problem frames, which are patterns supporting
requirements analysis. OCL constraints provide a formal underpinning of the
development process and allow one to perform semantic checks every time a new
model is set up. Our approach is supported by a tool, called UML4PF. The tool
is based on the Eclipse development environment, extended by an EMF-based
UML tool, in our case, Papyrus. In this paper, we specifically focus on ensuring
that problem frames are instantiated correctly. We illustrate our approach by the
case study of an automatic teller machine.
BibTeX:
@inproceedings{HateburHeisel2010a,
  year = {2010},
  title = {Making Pattern- and Model-Based Software Development More Rigorous},
  booktitle = {Proceedings of International Conference on Formal Engineering Methods ({ICFEM})},
  author = {Hatebur, Denis and Heisel, Maritta},
  publisher = {Springer},
  series = {LNCS 6447},
  pages = {253--269},
  url = {https://link.springer.com/}
}
2010 A UML Profile for Requirements Analysis of Dependable Software Hatebur, D. & Heisel, M. Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)   Springer  
Abstract: At Safecomp 2009, we presented a foundation for requirements analysis
of dependable software. We defined a set of patterns for expressing and analyzing
dependability requirements, such as confidentiality, integrity, availability,
and reliability. The patterns take into account random faults as well as certain
attacks and therefore support a combined safety and security engineering.
In this paper, we demonstrate how the application of our patterns can be tool supported.
We present a UML profile allowing us to express the different dependability
requirements using UML diagrams. Integrity conditions are expressed using
OCL. We provide tool support based on the Eclipse development environment,
extended with an EMF-based UML tool, e.g., Papyrus UML. We illustrate how
to use the profile to model dependability requirements of a cooperative adaptive
cruise control system.
BibTeX:
@inproceedings{HateburHeisel2010b,
  year = {2010},
  title = {A {UML} Profile for Requirements Analysis of Dependable Software},
  booktitle = {Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)},
  author = {Hatebur, Denis and Heisel, Maritta},
  publisher = {Springer},
  series = {LNCS 6351},
  pages = {317--331},
  url = {https://link.springer.com/}
}
2010 UML4PF – A Tool for Problem-Oriented Requirements Analysis Heisel, M. & Schmidt, H.    
BibTeX:
@techreport{UML4PF,
  year = {2010},
  title = {UML4PF – A Tool for Problem-Oriented Requirements Analysis},
  author = {Heisel, Maritta and Schmidt, Holger}
}
2010 Automated Checking of Integrity Constraints for a Model- and Pattern-Based Requirements Engineering Method (Technical Report) Côté, I., Hatebur, D. & Heisel, M.    
Abstract: We present a new UML profile serving to support a pattern- and model-based requirements engineering method based on Jackson’s problem frames. The UML profile allows us to express the different models being defined during requirements analysis using UML diagrams. In order to automatically perform semantic validations associated with the method, we provide integrity conditions, expressed as OCL constraints.
These constraints concern single models as well as the coherence of different models. To provide tool support for the requirements engineering method, we have developed a tool called UML4PF. It is based on the
Eclipse development environment, extended by an EMF-based UML tool, in our case, Papyrus. To demonstrate the applicability of our approach, we use the case study of a vacation rentals reservation system.
BibTeX:
@misc{,
  year = {2010},
  title = {Automated Checking of Integrity Constraints for a Model- and Pattern-Based Requirements Engineering Method (Technical Report)},
  author = {C{\^{o}}t{\'{e}}, Isabelle and Hatebur, Denis and Heisel, Maritta}
}
2009 Problem-Oriented Documentation of Design Patterns Fülleborn, A., Meffert, K. & Heisel, M. Proceedings 12thInternational Conference on Fundamental Approaches to Software Engineering (FASE)   Springer  
Abstract: In order to retrieve, select and apply design patterns in a
tool-supported way, we suggest to construct and document a problemcontext
pattern that re
ects the essence of the problems that the design
pattern is meant to solve. In our approach, software engineers can choose
examples of source code or UML models from the special domains that
they are experts in. We present a method that enables software engineers
to describe the transformation from a problem-bearing source model to
an appropriate solution model. Afterwards, the inverse of that transformation
is applied to the UML solution model of the existing design
pattern, resulting in an abstract problem-context pattern. This pattern
can then be stored together with the solution pattern in a pattern library.
The method is illustrated by deriving a problem-context pattern
for the Observer design pattern.
BibTeX:
@inproceedings{FASE09,
  year = {2009},
  title = {Problem-Oriented Documentation of Design Patterns},
  booktitle = {Proceedings 12thInternational Conference on Fundamental Approaches to Software Engineering (FASE)},
  author = {F{\"{u}}lleborn, Alexander and Meffert, Klaus and Heisel, Maritta},
  publisher = {Springer},
  series = {LNCS 5503},
  pages = {294--308},
  url = {https://link.springer.com/}
}
2009 Deriving Software Architectures from Problem Descriptions Hatebur, D. & Heisel, M. Software Engineering 2009 - Workshopband   GI  
Abstract: We show how software architectures (including interface descriptions) can
be derived from artifacts set up in the analysis phase of the software lifecycle. The
analysis phase consists of six steps, where various models are constructed. Especially,
the software development problem is decomposed into simple subproblems. The models
set up in the analysis phase form the basis for (i) defining software architectures
related to single subproblems, (ii) merging the subproblem architectures to obtain the
overall software architecture, and (iii) to define the interfaces between the components
of the overall architecture. The approach is based on problem patterns (problem
frames) and the architectural style of layered software architectures.
BibTeX:
@inproceedings{HH09a,
  year = {2009},
  title = {Deriving Software Architectures from Problem Descriptions},
  booktitle = {Software Engineering 2009 - Workshopband},
  author = {Hatebur, Denis and Heisel, Maritta},
  publisher = {GI},
  pages = {383--302},
  url = {https://gi.de/}
}
2009 A Foundation for Requirements Analysis of Dependable Software Hatebur, D. & Heisel, M. Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)   Springer  
Abstract: We present patterns for expressing dependability requirements, such
as confidentiality, integrity, availability, and reliability. The paper considers random
faults as well as certain attacks and therefore supports a combined safety
and security engineering. The patterns - attached to functional requirements - are
part of a pattern system that can be used to identify missing requirements. The
approach is illustrated on a cooperative adaptive cruise control system.
BibTeX:
@inproceedings{HH09b,
  year = {2009},
  title = {A Foundation for Requirements Analysis of Dependable Software},
  booktitle = {Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)},
  author = {Hatebur, Denis and Heisel, Maritta},
  publisher = {Springer},
  series = {LNCS 5775},
  pages = {311--325},
  url = {https://link.springer.com/}
}
2008 A Systematic Account of Problem Frames Côté, I., Hatebur, D., Heisel, M., Schmidt, H. & Wentzlaff, I. Proceedings of the European Conference on Pattern Languages of Programs (EuroPLoP)   Universitätsverlag Konstanz  
Abstract: We give an enumeration of possible problem frames, based on domain characteristics, and
comment on the usefulness of the obtained frames. In particular, we investigate problem domains
and their characteristics in detail. This leads to fine-grained criteria for describing problem
domains. As a result, we identify a new type of problem domain and come up with integrity
conditions for developing useful problem frames. Taking a complete enumeration of possible
problem frames (with at most three problem domains, of which only one is constrained) as a
basis, we find 8 new problem frames, 7 of which we consider as useful in practical software
development.
BibTeX:
@inproceedings{europlop08,
  year = {2008},
  title = {A Systematic Account of Problem Frames},
  booktitle = {Proceedings of the European Conference on Pattern Languages of Programs ({EuroPLoP})},
  author = {C{\^{o}}t{\'{e}}, Isabelle and Hatebur, Denis and Heisel, Maritta and Schmidt, Holger and Wentzlaff, Ina},
  publisher = {Universit{\"{a}}tsverlag Konstanz},
  pages = {749--767},
  url = {http://www.uvk.de/}
}
2008 A Formal Metamodel for Problem Frames Hatebur, D., Heisel, M. & Schmidt, H. Proceedings of the International Conference on Model Driven Engineering Languages and Systems (MODELS)    
Abstract: Problem frames are patterns for analyzing, structuring, and characterizing
software development problems. This paper presents a formal metamodel
for problem frames expressed in UML class diagrams and using the formal specification
notation OCL. That metamodel clarifies the nature of the different syntactical
elements of problem frames, as well as the relations between them. It
provides a framework for syntactical analysis and semantic validation of newly
defined problem frames, and it prepares the ground for tool support for the problem
frame approach.
BibTeX:
@techreport{HHS2008,
  year = {2008},
  title = {A Formal Metamodel for Problem Frames},
  booktitle = {Proceedings of the International Conference on Model Driven Engineering Languages and Systems (MODELS)},
  author = {Hatebur, Denis and Heisel, Maritta and Schmidt, Holger},
  series = {LNCS 5301},
  pages = {68--82},
  url = {https://link.springer.com/}
}
2008 Analysis and Component-based Realization of Security Requirements Hatebur, D., Heisel, M. & Schmidt, H. Proceedings of the International Conference on Availability, Reliability and Security (AReS)   IEEE Computer Society  
Abstract: We present a process to develop secure software with an
extensive pattern-based security requirements engineering
phase. It supports identifying and analyzing conflicts between
different security requirements. In the design phase,
we proceed by selecting security software components that
achieve security requirements. The process enables software
developers to systematically identify, analyze, and finally
realize security requirements using security software
components. We illustrate our approach by a lawyer agency
software example.
BibTeX:
@inproceedings{HHS2008b,
  year = {2008},
  title = {Analysis and Component-based Realization of Security Requirements},
  booktitle = {Proceedings of the International Conference on Availability, Reliability and Security (AReS)},
  author = {Hatebur, Denis and Heisel, Maritta and Schmidt, Holger},
  publisher = {IEEE Computer Society},
  series = {IEEE Transactions},
  pages = {195--203},
  url = {https://www.ieee.org}
}
2008 Using UML Environment Models for Test Case Generation Heisel, M., Hatebur, D., Santen, T. & Seifert, D. Software Engineering 2008 - Workshopband   GI  
Abstract: We propose a new method for system validation by means of testing,
which is based on environment models expressed as UML state machines. A sun
blind control case study serves to illustrate the method.
BibTeX:
@inproceedings{HHSS08a,
  year = {2008},
  title = {{U}sing {UML} {E}nvironment {M}odels for {T}est {C}ase {G}eneration},
  booktitle = {Software Engineering 2008 - Workshopband},
  author = {Heisel, Maritta and Hatebur, Denis and Santen, Thomas and Seifert, Dirk},
  publisher = {GI},
  pages = {399--406},
  url = {https://gi.de/}
}
2008 Testing Against Requirements using UML Environment Models Heisel, M., Hatebur, D., Santen, T. & Seifert, D. Proc. Fachgruppentreffen Requirements Engineering und Test, Analyse & Verifikation   GI  
Abstract: We propose a new method for system validation by
means of testing, which is based on environment models
expressed as UML state machines. A sun blind
control case study serves to illustrate the method.
BibTeX:
@inproceedings{HHSS08b,
  year = {2008},
  title = {Testing Against Requirements using {UML} Environment Models},
  booktitle = {Proc. {Fachgruppentreffen} {Requirements} {Engineering} und {Test}, {Analyse} \& {Verifikation}},
  author = {Heisel, Maritta and Hatebur, Denis and Santen, Thomas and Seifert, Dirk},
  publisher = {GI},
  pages = {28--31},
  url = {https://gi.de/}
}
2007 Pattern-based Exploration of Design Alternatives for the Evolution of Software Architectures Côté, I., Heisel, M. & Wentzlaff, I. International Journal of Cooperative Information Systems (IJCIS)   World Scientific  
Abstract: We propose a pattern-based software development method comprising analysis (using
problem frames) and design (using architectural and design patterns), from which especially
evolving systems benefit. Evolution operators guide a pattern-based transformation
procedure, including re-engineering tasks for adjusting a given software architecture to
meet new system demands. Through application of these operators, relations between
analysis and design documents are explored systematically for accomplishing desired software
modifications. This allows for reusing development documents to a large extent,
even when the application environment and the requirements change.
BibTeX:
@article{CHW2007,
  year = {2007},
  title = {{Pattern-based Exploration of Design Alternatives for the Evolution of Software Architectures}},
  author = {C{\^{o}}t{\'{e}}, Isabelle and Heisel, Maritta and Wentzlaff, Ina},
  journal = {International Journal of Cooperative Information Systems (IJCIS)},
  publisher = {World Scientific},
  volume = {Volume: 16},
  number = {Issue: 3/4},
  pages = {341 -- 365},
  url = {http://www.worldscinet.com/ijcis/ijcis.shtml}
}
2007 Pattern-based Evolution of Software Architectures Côté, I., Heisel, M. & Wentzlaff, I. Proceedings of the 1st European Conference on Software Architecture (ECSA 2007)   Springer  
Abstract: We propose a pattern-based software development method comprising analysis (using problem frames) and design (using architectural and design patterns), of which especially evolving systems benefit. Evolution operators guide a pattern-based transformation procedure, including re-engineering tasks for adjusting a given software architecture to meet new system demands. Through application of these operators, relations between analysis and design documents are explored systematically for accomplishing desired software modifications. This allows for reusing development documents to a large extent, even when the application environment and the requirements change.
BibTeX:
@inproceedings{CHW2007a,
  year = {2007},
  title = {Pattern-based Evolution of Software Architectures},
  booktitle = {Proceedings of the 1st European Conference on Software Architecture (ECSA 2007)},
  author = {C{\^{o}}t{\'{e}}, Isabelle and Heisel, Maritta and Wentzlaff, Ina},
  publisher = {Springer},
  series = {LNCS 4758},
  pages = {29 -- 43},
  url = {http://www.springerlink.com}
}
2007 Methods to Create and Use Cross-Domain Analysis Patterns Fülleborn, A. & Heisel, M. EuroPLoP '06, Proceedings of the 11th European Conference on Pattern Languages of Programs   Universitätsverlag Konstanz  
Abstract: We present a set of methods to enable a cross-domain reuse of problem solutions via analysis patterns. First, problem-context descriptions and problemcontext models as well as solution models are used to express the domainspecific problems and their assigned solutions. After that, the two-step abstraction method is used to create cross-domain analysis patterns for the problemcontext models as well as for the solution models. The problem-context patterns are used to search across domains for a solution pattern. If a solution pattern is available, it can be instantiated in the solution-seeking domain.
BibTeX:
@inproceedings{Europlop06,
  year = {2007},
  title = {Methods to Create and Use Cross-Domain Analysis Patterns},
  booktitle = {EuroPLoP '06, Proceedings of the 11th European Conference on Pattern Languages of Programs},
  author = {F{\"{u}}lleborn, Alexander and Heisel, Maritta},
  publisher = {Universit{\"{a}}tsverlag Konstanz},
  pages = {427--442},
  url = {http://www.uvk.de/}
}
2007 A Pattern System for Security Requirements Engineering Hatebur, D., Heisel, M. & Schmidt, H. Proceedings of the International Conference on Availability, Reliability and Security (AReS)   IEEE Computer Society  
Abstract: We present a pattern system for security requirements engineering,
consisting of security problem frames and concretized
security problem frames. These are special kinds
of problem frames that serve to structure, characterize, analyze,
and finally solve software development problems in the
area of software and system security. We equip each frame
with formal preconditions and postconditions. The analysis
of these conditions results in a pattern system that explicitly
shows the dependencies between the different frames.
Moreover, we indicate related frames, which are commonly
used together with the considered frame. Hence, our approach
helps security engineers to avoid omissions and to
cover all security requirements that are relevant for a given
problem.
BibTeX:
@inproceedings{HHS2007,
  year = {2007},
  title = {A Pattern System for Security Requirements Engineering},
  booktitle = {Proceedings of the International Conference on Availability, Reliability and Security (AReS)},
  author = {Hatebur, Denis and Heisel, Maritta and Schmidt, Holger},
  publisher = {IEEE Computer Society},
  series = {IEEE Transactions},
  pages = {356--365},
  url = {https://www.ieee.org}
}
2007 A Security Engineering Process based on Patterns Hatebur, D., Heisel, M. & Schmidt, H. Proceedings of the International Workshop on Secure Systems Methodologies using Patterns (SPatterns)   IEEE Computer Society  
Abstract: We present a security engineering process based on security
problem frames and concretized security problem
frames. Both kinds of frames constitute patterns for analyzing
security problems and associated solution approaches.
They are arranged in a pattern system that makes dependencies
between them explicit. We describe step-by-step how
the pattern system can be used to analyze a given security
problem and how solution approaches can be found. Further,
we introduce a new frame that focuses on the privacy
requirement anonymity.
BibTeX:
@inproceedings{HHS2007a,
  year = {2007},
  title = {A Security Engineering Process based on Patterns},
  booktitle = {Proceedings of the International Workshop on Secure Systems Methodologies using Patterns (SPatterns)},
  author = {Hatebur, Denis and Heisel, Maritta and Schmidt, Holger},
  publisher = {IEEE Computer Society},
  url = {https://www.ieee.org}
}
2007 Enhancing Dependability of Component-Based Systems Lanoix, A., Hatebur, D., Heisel, M. & Souquières, J. Reliable Software Technologies -- Ada Europe 2007   Springer  
Abstract: We present an approach for enhancing dependability of component-
based software. Functionality related to security, safety and reliability
is encapsulated in specific components, allowing the method to
be applied to off-the-shelf components. Any set of components can be
extended with dependability features by wrapping them with special
components, which monitor and filter input and outputs. This approach
is supported by a rigorous development methodology based on UML and
the B method and is introduced on the level of software architecture.
BibTeX:
@inproceedings{LHH+2007,
  year = {2007},
  title = {Enhancing Dependability of Component-Based Systems},
  booktitle = {Reliable Software Technologies -- Ada Europe 2007},
  author = {Lanoix, Arnaud and Hatebur, Denis and Heisel, Maritta and Souqui{\`{e}}res, Jeanine},
  publisher = {Springer},
  series = {LNCS 4498},
  pages = {41--54},
  url = {https://link.springer.com/}
}
2006 Component composition through architectural patterns for problem frames Choppy, C., Hatebur, D. & Heisel, M. Proc. XIII Asia Pacific Software Engineering Conference   IEEE Computer Society  
Abstract: In this paper, we present a pattern-based software development
process using problem frames and corresponding
architectural patterns. In decomposing a complex problem
into simple subproblems, the relationships between the subproblems
are recorded explicitly. Based on this information,
we give guidelines on how to derive the software architecture
for the overall problem from the software architectures
of the simple subproblems.
BibTeX:
@inproceedings{CHH2006,
  year = {2006},
  title = {Component composition through architectural patterns for problem frames},
  booktitle = {Proc. XIII Asia Pacific Software Engineering Conference},
  author = {Choppy, Christine and Hatebur, Denis and Heisel, Maritta},
  publisher = {IEEE Computer Society},
  pages = {27--34},
  url = {https://www.ieee.org}
}
2006 Proving Component Interoperability with B Refinement Chouali, S., Heisel, M. & Souquières, J. Electronic Notes in Theoretical Computer Science    
BibTeX:
@article{CHS2006,
  year = {2006},
  title = {Proving Component Interoperability with B Refinement},
  author = {Chouali, Samir and Heisel, Maritta and Souqui{\`{e}}res, Jeanine},
  journal = {Electronic Notes in Theoretical Computer Science},
  volume = {160},
  pages = {157--172}
}
2006 Security Engineering using Problem Frames Hatebur, D., Heisel, M. & Schmidt, H. Proceedings of the International Conference on Emerging Trends in Information and Communication Security (ETRICS)   Springer  
Abstract: We present a method for security engineering, which is based on two
special kinds of problem frames that serve to structure, characterize, analyze, and
finally solve software development problems in the area of software and system
security. Both kinds of problem frames constitute patterns for representing security
problems, variants of which occur frequently in practice.We present security
problem frames, which are instantiated in the initial step of our method. They explicitly
distinguish security problems from their solutions. To prepare the solution
of the security problems in the next step, we employ concretized security problem
frames capturing known approaches to achieve security. Finally, the last step of
our method results in a specification of the system to be implemented given by
concrete security mechanisms and instantiated generic sequence diagrams. We
illustrate our approach by the example of a secure remote display system.
BibTeX:
@inproceedings{HHS2006a,
  year = {2006},
  title = {Security Engineering using Problem Frames},
  booktitle = {Proceedings of the International Conference on Emerging Trends in Information and Communication Security (ETRICS)},
  author = {Hatebur, Denis and Heisel, Maritta and Schmidt, Holger},
  publisher = {Springer},
  volume = {3995/2006},
  pages = {238--253},
  url = {https://link.springer.com/}
}
2006 A Method for Component-Based Software and System Development Hatebur, D., Heisel, M. & Souquières, J. Proc. 32nd Euromicro Conference on Software Engineering and Advanced Applications (SEAA)   IEEE Computer Society  
Abstract: In this paper, we present a pattern-based software development
process using problem frames and corresponding
architectural patterns. In decomposing a complex problem
into simple subproblems, the relationships between the subproblems
are recorded explicitly. Based on this information,
we give guidelines on how to derive the software architecture
for the overall problem from the software architectures
of the simple subproblems.
BibTeX:
@inproceedings{HHS2006b,
  year = {2006},
  title = {A Method for Component-Based Software and System Development},
  booktitle = {Proc. 32nd Euromicro Conference on Software Engineering and Advanced Applications (SEAA)},
  author = {Hatebur, Denis and Heisel, Maritta and Souqui{\`{e}}res, Jeanine},
  publisher = {IEEE Computer Society},
  pages = {72--80},
  url = {https://www.ieee.org}
}
2006 Entwicklung aus dem Baukasten. Modellierung und Verifikation technischer Systeme Heisel, M., König, B., Kochs, H.-D. & Petersen, Jö. Forum Forschung    
Abstract: Technische Systeme sind heute allgegenwärtig: Ob im Haushalt, im Auto oder im Flugzeug.
Systemtechnik dominiert auch Heizungs- und Solartechnikanlagen, ganze Kraftwerke,
Raffinerien oder Stahlwerke. Vernetzte und verteilte Systeme wie Mobilkommunikationssysteme,
das Internet oder satellitengestützte Positions- und Mautsysteme umspannen die
ganze Welt. Informatische Techniken sind dabei oft nicht nur Bestandteil dieser Systeme,
sondern werden auch bei deren Konzeption, Produktion und Qualitätsüberwachung eingesetzt.
Das Informatikjahr soll das Bewusstsein schärfen, dass unsere Gesellschaft ohne
Technik und diese wiederum ohne Informatik überhaupt nicht mehr funktionieren
würden.
BibTeX:
@article{HKK+2006,
  year = {2006},
  title = {Entwicklung aus dem Baukasten. Modellierung und Verifikation technischer Systeme},
  author = {Heisel, Maritta and K{\"{o}}nig, Barbara and Kochs, Hans-Dieter and Petersen, J{\"{o}}rg},
  journal = {Forum Forschung},
  pages = {32--41},
  note = {Universit{\"{a}}t Duisburg-Essen}
}
2005 Architectural Patterns for Problem Frames Choppy, C., Hatebur, D. & Heisel, M. IEEE Proceedings -- Software, Special Issue on Relating Software Requirements and Architecture    
Abstract: Problem frames provide a characterisation and classification of software development problems.
Fitting a problem into an appropriate problem frame should not only help to understand
it, but also to solve the problem (the idea being that, once the adequate problem frame is
identified, then the associated development method should be available). We propose software
architectural patterns corresponding to the different problem frames that may serve as
a starting point for the construction of the software solving the given problem. These architectural
patterns exactly reflect the properties of the problems fitting into a given frame, and
they can be combined in a modular way to solve multi-frame problems.
BibTeX:
@article{CHH2005a,
  year = {2005},
  title = {Architectural Patterns for Problem Frames},
  author = {Choppy, Christine and Hatebur, Denis and Heisel, Maritta},
  journal = {IEEE Proceedings -- Software, Special Issue on Relating Software Requirements and Architecture},
  url = {https://www.ieee.org}
}
2005 Composing architectures based on architectural patterns for problem frames Choppy, C., Hatebur, D. & Heisel, M.    
Abstract: to be inserted
BibTeX:
@techreport{ChoppyHateburHeisel05,
  year = {2005},
  title = {Composing architectures based on architectural patterns for problem frames},
  author = {Choppy, Christine and Hatebur, Denis and Heisel, Maritta},
  note = {\tt http://swe.uni-duisburg-essen.de/intern/comparch05.pdf}
}
2005 Proving Component Interoperability with B Refinement Chouali, S., Heisel, M. & Souquières, J. International Workshop on Formal Aspects on Component Software    
Abstract: We use the formal method B for specifying interfaces of software components. Each component interface is equipped with a suitable data model defining all types occurring in the signature of interface operations. Moreover, pre- and postconditions have to be given for all interface operations. The interoperability between two components is proved by using a refinement relation between an adaption of the interface specifications.
BibTeX:
@inproceedings{ChoualiHeiselSouquieres05,
  year = {2005},
  title = {Proving Component Interoperability with {B} Refinement},
  booktitle = {{International Workshop on Formal Aspects on Component Software}},
  author = {Chouali, Samir and Heisel, Maritta and Souqui{\`{e}}res, Jeanine},
  publisher = {CSREA Press},
  pages = {915-920}
}
2005 Problem Frames and Architectures for Security Problems Hatebur, D. & Heisel, M. Proceedings of the 24th International Conference on Computer Safety, Reliability and Security (SAFECOMP)   Springer  
Abstract: Abstract: We present two (?) problem frames that serve to structure, characterize and analyze software
development problems in the area of software and system security. These problem frames constitute
patterns for representing security problems, variants of which occur frequently in practice. Solving such
problems starts with the development of an appropriate software architecture. To support that process,
we furthermore present architectural patterns associated with the problem frames.
BibTeX:
@inproceedings{HH2005,
  year = {2005},
  title = {Problem Frames and Architectures for Security Problems},
  booktitle = {Proceedings of the 24th International Conference on Computer Safety, Reliability and Security (SAFECOMP)},
  author = {Hatebur, Denis and Heisel, Maritta},
  publisher = {Springer},
  series = {LNCS 3688},
  pages = {390--404},
  url = {https://link.springer.com/}
}
2005 A Model-Based Development Process for Embedded Systems Heisel, M. & Hatebur, D. Proc. Workshop on Model-Based Development of Embedded Systems    
Abstract: We present a development process for embedded systems which emerged from industrial
practice. This process covers hardware and software components for systems engineering, but the main
focus is on embedded software components and the modeling of problems, specications, tests and
architectures. Each step of the process has validation conditions associated with it that help to detect
errors as early as possible.
BibTeX:
@inproceedings{HH2005a,
  year = {2005},
  title = {A Model-Based Development Process for Embedded Systems},
  booktitle = {Proc. Workshop on Model-Based Development of Embedded Systems},
  author = {Heisel, Maritta and Hatebur, Denis},
  publisher = {Technical University of Braunschweig},
  number = {TUBS-SSE-2005-01},
  note = {Available at {\tt http://www.sse.cs.tu-bs.de/publications/MBEES-Tagungsband.pdf}}
}
2004 Une approache à base de ``patrons'' pour la spécification et le développement de systèmes d'information Choppy, C. & Heisel, M. Proceedings Approches Formelles dans l'Assistance au Développement de Logiciels - AFADL'2004    
Abstract: Les "patrons" (ou "patterns") tels que les "problem frames" (schémas de problèmes) et les styles d'architecture sont utilisés ici comme support pour la spécication formelle et le développement de systèmes d'information. De nouveaux schémas de problèmes spéciques pour les systèmes d'information sont proposés pour décrire les sous-problèmes identiés et pour aider la spécication formelle. La recomposition est effectuée en utilisant une approche basée sur les composants et un style d'architecture qui permet de réunir les différents composants. Une méthode originale est proposée pour accompagner ce processus, avec la mise à prot de certains apports d'UML pour le premier niveau de décomposition, puis l'utilisation des "patterns". Ces idées sont illustrées sur une étude de cas.
BibTeX:
@inproceedings{CH2004,
  year = {2004},
  title = {Une approache {\`{a}} base de ``patrons'' pour la sp{\'{e}}cification et le d{\'{e}}veloppement de syst{\`{e}}mes d'information},
  booktitle = {Proceedings Approches Formelles dans l'Assistance au D{\'{e}}veloppement de Logiciels - AFADL'2004},
  author = {Choppy, Christine and Heisel, Maritta},
  pages = {61--76}
}
2004 A Systematic Approach for Guiding Software Evolution Heisel, M. & von Schwichow, C. Proceedings of the IASTED Conference on Software Engineering (SE 2004)   ACTA Press  
Abstract: We present an approach to adjust existing software to new
or changed requirements in an systematic way. The approach
relies on a set of intermediate artifacts linked by
mappings that bridge the gap between requirements and
code. Those artifacts and the links between them can be
constructed and maintained with reasonable effort. Additional
support is supplied by bookkeeping and validation
concepts. We demonstrate the usefulness of our approach
by performing our method on a real-life application.
BibTeX:
@inproceedings{Heisel2004a,
  year = {2004},
  title = {A Systematic Approach for Guiding Software Evolution},
  booktitle = {Proceedings of the IASTED Conference on Software Engineering (SE 2004)},
  author = {Heisel, Maritta and von Schwichow, Carsten},
  publisher = {ACTA Press},
  pages = {462--468},
  url = {http://www.actapress.com/}
}
2004 A Description Structure for Simulation Model Components Heisel, M., Lüthi, J., Uhrmacher, A. & Valentin, E. Proceedings Summer Computer Simulation Conference 04    
BibTeX:
@inproceedings{HLU+2004,
  year = {2004},
  title = {A Description Structure for Simulation Model Components},
  booktitle = {Proceedings Summer Computer Simulation Conference 04},
  author = {Heisel, Maritta and L{\"{u}}thi, Johannes and Uhrmacher, Adelinde and Valentin, Edwin}
}
2004 Adding Features to Component-Based Systems Heisel, M. & Souquières, J. Objects, Agents and Features   Springer  
Abstract: Features and components are two different structuring mechanisms
for software systems. Both are very useful, but lead to different structures for
the same system. Usually, features are spread over more than one component. In
this paper, we aim at reconciling the two structuring mechanisms. We show how
component orientation can support adding new features to a base system. We
present a method for adding features in a systematic way to component-based
systems that have been specified according to the method proposed by Cheesman
and Daniels
BibTeX:
@incollection{HS2004a,
  year = {2004},
  title = {Adding Features to Component-Based Systems},
  booktitle = {Objects, Agents and Features},
  author = {Heisel, Maritta and Souqui{\`{e}}res, Jeanine},
  publisher = {Springer},
  series = {LNCS 2975},
  pages = {137--153},
  url = {https://link.springer.com/}
}
2004 Signature Matching with UML Rudloff, R. & Heisel, M.    
Abstract: to be inserted
BibTeX:
@techreport{Rudloff2004,
  year = {2004},
  title = {Signature Matching with {UML}},
  author = {Rudloff, Roberto and Heisel, Maritta},
  note = {Internal working paper}
}
2003 Use of Patterns in Formal Development: Systematic Transition From Problems to Architectural Designs Choppy, C. & Heisel, M. Recent Trends in Algebraic Development Techniques, 16th WADT, Selected Papers   Springer  
Abstract: We present a pattern-based software lifecycle and a method that supports the systematic execution of that lifecycle. First, problem frames are used to develop a formal specification of the problem to be solved. In a second phase, architectural styles are used to construct an architectural specification of the software system to be developed. That specification forms the basis for fine-grained design and implementation.
BibTeX:
@inproceedings{CH2003,
  year = {2003},
  title = {Use of Patterns in Formal Development: Systematic Transition From Problems to Architectural Designs},
  booktitle = {Recent Trends in Algebraic Development Techniques, 16th WADT, Selected Papers},
  author = {Choppy, Christine and Heisel, Maritta},
  publisher = {Springer},
  series = {LNCS 2755},
  pages = {205--220},
  url = {https://link.springer.com/}
}
2003 Formalisation des besoins à l`aide de schémas LSCs Souquières, J. & Heisel, M. Proceedings Approches Formelles dans l'Assistance au Développement de Logiciels - AFADL'2003    
Abstract: Dans notre approche pour l'expression des besoins, nous proposons d'intégrer une
étape de formalisation très tôt dans le développement an d'analyser de manière détaillée les besoins
des utilisateurs et de découvrir les inconsistances et les problèmes à partir des difcultés
rencontrées lors de la formalisation. An d'améliorer la lisibilité et l'écriture des besoins formalis
és, nous proposons d'utiliser les LSCs, Life Sequence Charts, au lieu des formules pour la
formalisation des besoins décomposés sous forme de fragments. Nous proposons, en particulier,
des schémas graphiques pour exprimer différents types de besoins. Ces schémas constituent un
guide à la formalisation.
BibTeX:
@inproceedings{SH2003,
  year = {2003},
  title = {Formalisation des besoins {\`{a}} l`aide de sch{\'{e}}mas {LSCs}},
  booktitle = {Proceedings Approches Formelles dans l'Assistance au D{\'{e}}veloppement de Logiciels - AFADL'2003},
  author = {Souqui{\`{e}}res, Jeanine and Heisel, Maritta},
  pages = {53--63},
  note = {ISBN 2-7261-1236-6}
}
2002 Logische Modellierung von Anwendungswelten aus Benutzersicht Heisel, M. & Krömker, H. Workshop Proceedings "Multimediale Informations- und Kommunikationssysteme, NET.OBJECT Days 2002"    
Abstract: Der Softwareentwicklung fehlt oft eine detaillierte methodische Unterstützung von technischen Softwareentwicklungsaktivitäten. Eine Autorin dieses Papiers hat das Konzept der Agenda entwickelt, das zum Ziel hat, Softwareentwicklungswissen als "methodische Essenzen" von Softwareentwicklungsaktivitäten explizit zu repräsentieren. Zur logischen Modellierung von Anwendungswelten aus Benutzersicht wird eine Agenda entwickelt, die es erlaubt diese Anwendungswelt methodisch in Konzepten der Handlungspsychologie zu erheben.
BibTeX:
@inproceedings{Heisel2002,
  year = {2002},
  title = {Logische Modellierung von Anwendungswelten aus Benutzersicht},
  booktitle = {Workshop Proceedings "Multimediale Informations- und Kommunikationssysteme, NET.OBJECT Days 2002"},
  author = {Heisel, Maritta and Kr{\"{o}}mker, Heidi},
  publisher = {tranSIT GmbH, Ilmenau},
  pages = {649--656},
  note = {ISBN 3-9808628-1-X}
}
2002 Toward a formal model of software components Heisel, M., Santen, T. & Souquières, J. Proc. 4th International Conference on Formal Engineering Methods   Springer  
Abstract: We are interested in specifying component models in a way that allows
us to analyze the interplay of components in general, and to concisely specify
individual components. As a starting point for coming up with a technique of
specifying component models, we consider JavaBeans. We capture the JavaBean
component model using UML class diagrams, Object-Z, and life sequence charts.
BibTeX:
@inproceedings{HSS2002,
  year = {2002},
  title = {Toward a formal model of software components},
  booktitle = {Proc.\ 4th International Conference on Formal Engineering Methods},
  author = {Heisel, Maritta and Santen, Thomas and Souqui{\`{e}}res, Jeanine},
  publisher = {Springer},
  series = {LNCS 2495},
  pages = {57--68},
  url = {https://link.springer.com/}
}
2002 A Problem-Oriented Approach to Common Criteria Certification Rottke, T., Hatebur, D., Heisel, M. & Heiner, M. Proceedings of the 21st International Conference on Computer Safety, Reliability and Security (SAFECOMP)   Springer  
Abstract: There is an increasing demand to certify the security of systems according to the Common Criteria (CC). The CC distinguish several evaluation assurance levels (EALs), level EAL7 being the highest and requiring the application of formal techniques. We present a method for requirements engineering and (semi-formal and formal) modeling of systems to be certified according to the higher evaluation assurance levels of the CC. The method is problem oriented, i.e. it is driven by the environment in which the system will operate and by a mission statement. We illustrate our approach by an industrial case study, namely an electronic purse card (EPC) to be implemented on a Java Smart Card. As a novelty, we treat the mutual asymmetric authentication of the card and the terminal into which the card is inserted.
BibTeX:
@inproceedings{RHH+2002,
  year = {2002},
  title = {A Problem-Oriented Approach to Common Criteria Certification},
  booktitle = {Proceedings of the 21st International Conference on Computer Safety, Reliability and Security (SAFECOMP)},
  author = {Rottke, Thomas and Hatebur, Denis and Heisel, Maritta and Heiner, Monika},
  publisher = {Springer},
  series = {LNCS 2434},
  pages = {334--346},
  url = {https://link.springer.com/}
}
2002 Confidentiality-Preserving Refinement is Compositional -- Sometimes Santen, T., Heisel, M. & Pfitzmann, A. Proc. Computer Security -- ESORICS 2002   Springer  
Abstract: Confidentiality-preserving refinement describes a relation between a
specification and an implementation that ensures that all confidentiality properties
required in the specification are preserved by the implementation in a probabilistic
setting. The present paper investigates the condition under which that notion
of refinement is compositional, i.e. the condition under which refining a subsystem
of a larger system yields a confidentiality-preserving refinement of the larger
system. It turns out that the refinement relation is not composition in general,
but the condition for compositionality can be stated in a way that builds on the
analysis of subsystems thus aiding system designers in analyzing a composition.
BibTeX:
@inproceedings{SHP2002,
  year = {2002},
  title = {Confidentiality-Preserving Refinement is Compositional -- Sometimes},
  booktitle = {Proc.\ Computer Security -- ESORICS 2002},
  author = {Santen, Thomas and Heisel, Maritta and Pfitzmann, Andreas},
  publisher = {Springer},
  series = {LNCS 2502},
  pages = {194--211},
  url = {https://link.springer.com/}
}
2002 Specification and Refinement of Secure IT Systems Santen, T., Pfitzmann, A. & Heisel, M. Proc. International Workshop on Refinement of Critical Systems    
BibTeX:
@inproceedings{SPH2002,
  year = {2002},
  title = {Specification and Refinement of Secure {IT} Systems},
  booktitle = {Proc.\ International Workshop on Refinement of Critical Systems},
  author = {Santen, Thomas and Pfitzmann, Andreas and Heisel, Maritta},
  note = {http://www.esil.univ-mrs.fr/\verb|~|spc/rcs02/papers/Santen.ps.gz}
}
2001 Specifying Safety-Critical Embedded systems with Statecharts and Z: An Agenda for Cyclic Software Components Grieskamp, W., Heisel, M. & Dörr, H. Science of Computer Programming    
Abstract: The application of formal techniques can contribute much to the quality of software, which is of utmost importance for safety-critical embedded systems. These techniques, however, are not easy to apply. In particular, methodological guidance is often unsatisfactory. We address this problem by the concept of an agenda. An agenda is a list of activities to be performed for solving a task in software engineering. Agendas used to support the application of formal specification techniques provide detailed guidance for specifiers, templates of the used specification language that only need to be instantiated, and application independent validation criteria. We apply the agenda approach to a particular class of embedded safety-critical systems, the formal specification of which has been investigated in the case-studies of the German Espress project during the last two years.
BibTeX:
@article{Grieskamp2001,
  year = {2001},
  title = {Specifying Safety-Critical Embedded systems with {S}tatecharts and {Z}: An Agenda for Cyclic Software Components},
  author = {Grieskamp, Wolfgang and Heisel, Maritta and D{\"{o}}rr, Heiko},
  journal = {Science of Computer Programming},
  volume = {40},
  pages = {31--57}
}
2001 Confidentiality-Preserving Refinement Heisel, M., Pfitzmann, A. & Santen, T. Proc. 14th IEEE Computer Security Foundations Workshop    
Abstract: We develop a condition for confidentiality-preserving refinement which is both necessary and sufficient. Using a slight extension of CSP as notation, we give a toy example to illustrate the usefulness of our condition.
Systems are specified by their behavior and a window. For an abstract system, the window specifies what information is allowed to be observed by its environment. For a concrete system, the window specifies what information cannot be hidden from its environment. A concrete system is a confidentiality-preserving refinement of an abstract system,
if it behaviorally refines the abstract system and if the
information revealed by the concrete window is allowed to
be revealed according to the abstract window.
BibTeX:
@inproceedings{HPS2001,
  year = {2001},
  title = {Confidentiality-Preserving Refinement},
  booktitle = {Proc.\ 14th IEEE Computer Security Foundations Workshop},
  author = {Heisel, Maritta and Pfitzmann, Andreas and Santen, Thomas},
  publisher = {IEEE Computer Society},
  pages = {295--305}
}
2000 Toward an Evolutionary Software Technology Heisel, M. Modelling Software System Structures in a fastly moving scenario    
Abstract: to be inserted
BibTeX:
@inproceedings{Heisel2000,
  year = {2000},
  title = {Toward an Evolutionary Software Technology},
  booktitle = {Modelling Software System Structures in a fastly moving scenario},
  author = {Heisel, Maritta},
  publisher = {Dipartimento di Informatica e Scienze dell'Informazione, Universita' di Genova},
  note = {http://www.disi.unige.it/person/ReggioG/PROCEEDINGS/}
}
2000 A heuristic algorithm to detect feature interactions in requirements Heisel, M. & Souquières, J. Language Constructs for Describing Features   Springer-Verlag  
Abstract: We present a method to systematically detect feature interactions in requirements,
which are expressed as constraints on system event traces. We show its application on the lift
system, incorporating new features to a simple lift, concerning the lift overfull and the executive
floor with priority. This method is part of a broader approach to requirements elicitation
and formal specification.
BibTeX:
@incollection{HS2000,
  year = {2000},
  title = {A heuristic algorithm to detect feature interactions in requirements},
  booktitle = {Language Constructs for Describing Features},
  author = {Heisel, Maritta and Souqui{\`{e}}res, Jeanine},
  publisher = {Springer-Verlag},
  pages = {143--162},
  url = {http://www.springerlink.com/}
}
2000 Une méthode pour l'élicitation des besoins: application au système de contrôle d'accès Souquières, J. & Heisel, M. Proceedings Approches Formelles dans l'Assistance au Développement de Logiciels - AFADL'2000    
Abstract: Cet article présente l'utilisation d'une approche systématique pour clarifier et analyser les besoins sur l'étude de cas d'un système de contrôle d'accès. L'approche intègre une détection systématique des interactions entre les différents besoins.
BibTeX:
@inproceedings{Souqui`eres2000,
  year = {2000},
  title = {Une m{\'{e}}thode pour l'{\'{e}}licitation des besoins: application au syst{\`{e}}me de contr{\^{o}}le d'acc{\`{e}}s},
  booktitle = {Proceedings Approches Formelles dans l'Assistance au D{\'{e}}veloppement de Logiciels - AFADL'2000},
  author = {Souqui{\`{e}}res, Jeanine and Heisel, Maritta},
  publisher = {LSR-IMAG, Grenoble},
  pages = {36--50},
  note = {http://www-lsr.imag.fr/afadl/Programme/ProgrammeAFADL2000.html}
}
2000 A Method for Systematic Requirements Elicitation: Application to the Light Control System Souquières, J. & Heisel, M.    
Abstract: This paper demonstrates the use of a systematic approach to clarify and analyze requirements of the light control case study. The approach includes a formalization of the requirements and the analysis of interactions between them.
BibTeX:
@techreport{Souqui`eres2000a,
  year = {2000},
  title = {A Method for Systematic Requirements Elicitation: Application to the Light Control System},
  author = {Souqui{\`{e}}res, Jeanine and Heisel, Maritta},
  number = {A00-R-090}
}
2000 Structuring the First Steps of Requirements Elicitation Souquières, J. & Heisel, M.    
Abstract: to be inserted
BibTeX:
@techreport{Souqui`eres2000b,
  year = {2000},
  title = {Structuring the First Steps of Requirements Elicitation},
  author = {Souqui{\`{e}}res, Jeanine and Heisel, Maritta},
  number = {A00-R-123}
}

Created by JabRef on 11/09/2019.