Maritta Heisel

Prof. Dr. Maritta Heisel
Room BB 919
Tel. : +49 203 379 3465
Fax : +49 379 4490
E-Mail : maritta.heisel[at]uni-duisburg-essen.de

Research

Pattern based software development [publications]
Specification and development of software for safety critical
embedded systems (safety) [publications]
IT-Security [publications]
Methods for software development [publications]
Requirements engineering [publications]
Component based software development [publications]
Testing [publications]
Software evolution [publications]
Formal specification techniques [publications]
Software architecture [publications]

Year	Title	Author	Journal/Proceedings	Publisher
2017	A structured and systematic model-based development method for automotive systems, considering the OEM/supplier interface [Abstract] [BibTeX] [pdf]	Beckers, K., Côté, I., Frese, T., Hatebur, D. & Heisel, M.	Reliability Engineering & System Safety
Abstract: Abstract The released ISO 26262 standard for automotive systems requires to create a hazard analysis and risk assessment and to create safety goals, to break down these safety goals into functional safety requirements in the functional safety concept, to specify technical safety requirements in the safety requirements specification, and to perform several validation and verification activities. Experience shows that the definition of technical safety requirements and the planning and execution of validation and verification activities has to be done jointly by OEMs and suppliers. In this paper, we present a structured and model-based safety development approach for automotive systems. The different steps are based on Jackson's requirement engineering. The elements are represented by UML notation extended with stereotypes. The UML model enables a rigorous validation of several constraints. We make use of the results of previously published work to be able to focus on the OEM/supplier interface. We illustrate our method using a three-wheeled-tilting control system (3WTC) as running example and case study.
BibTeX: @article{Beckers2016-4, year = {2017}, title = {A structured and systematic model-based development method for automotive systems, considering the OEM/supplier interface}, author = {Beckers, Kristian and C{\^{o}}t{\'{e}}, Isabelle and Frese, Thomas and Hatebur, Denis and Heisel, Maritta}, journal = {Reliability Engineering \& System Safety}, volume = {158}, pages = {172 - 184}, note = {Special Sections : Reliability and Safety Certification of Software-Intensive Systems}, url = {http://www.sciencedirect.com/science/article/pii/S0951832016304057}, doi = {10.1016/j.ress.2016.08.018} }
2017	A structured hazard analysis and risk assessment method for automotive systems—A descriptive study [Abstract] [BibTeX] [pdf]	Beckers, K., Holling, D., Côté, I. & Hatebur, D.	Reliability Engineering & System Safety
Abstract: Abstract The 2011 release of the first version of the ISO 26262 standard for automotive systems demand the elicitation of safety goals following a rigorous method for hazard and risk analysis. Companies are struggling with the adoption of the standard due to ambiguities, documentation demands and the alignment of the standards demands to existing processes. We previously proposed a structured engineering method to deal with these problems developed in applying action research together with an OEM. In this work, we evaluate how applicable the method is for junior automotive software engineers by a descriptive study. We provided the method to 8 members of the master course Automotive Software Engineering (ASE) at the Technical University Munich. The participants have each been working in the automotive industry for 1–4 years in parallel to their studies. We investigated their application of our method to an electronic steering column lock system. The participants applied our method in a first round alone and afterwards discussed their results in groups. Our data analysis revealed that the participants could apply the method successfully and the hazard analysis and risk assessment achieved a high precision and productivity. Moreover, the precision could be improved significantly during group discussions.
BibTeX: @article{Beckers2016-5, year = {2017}, title = {A structured hazard analysis and risk assessment method for automotive systems—A descriptive study}, author = {Beckers, Kristian and Holling, Dominik and C{\^{o}}t{\'{e}}, Isabelle and Hatebur, Denis}, journal = {Reliability Engineering \& System Safety}, volume = {158}, pages = {185 - 195}, note = {Special Sections : Reliability and Safety Certification of Software-Intensive Systems}, url = {http://www.sciencedirect.com/science/article/pii/S0951832016305002}, doi = {10.1016/j.ress.2016.09.004} }
2016	Computer-Aided Identification and Validation of Privacy Requirements [Abstract] [BibTeX] [pdf]	Meis, R. & Heisel, M.	Information
Abstract: Privacy is a software quality that is closely related to security. The main difference is that security properties aim at the protection of assets that are crucial for the considered system, and privacy aims at the protection of personal data that are processed by the system. The identification of privacy protection needs in complex systems is a hard and error prone task. Stakeholders whose personal data are processed might be overlooked, or the sensitivity and the need of protection of the personal data might be underestimated. The later personal data and the needs to protect them are identified during the development process, the more expensive it is to fix these issues, because the needed changes of the system-to-be often affect many functionalities. In this paper, we present a systematic method to identify the privacy needs of a software system based on a set of functional requirements by extending the problem-based privacy analysis (ProPAn) method. Our method is tool-supported and automated where possible to reduce the effort that has to be spent for the privacy analysis, which is especially important when considering complex systems. The contribution of this paper is a semi-automatic method to identify the relevant privacy requirements for a software-to-be based on its functional requirements. The considered privacy requirements address all dimensions of privacy that are relevant for software development. As our method is solely based on the functional requirements of the system to be, we enable users of our method to identify the privacy protection needs that have to be addressed by the software-to-be at an early stage of the development. As initial evaluation of our method, we show its applicability on a small electronic health system scenario.
BibTeX: @article{Information16, year = {2016}, title = {Computer-Aided Identification and Validation of Privacy Requirements}, author = {Meis, Rene and Heisel, Maritta}, journal = {Information}, volume = {7}, number = {2}, pages = {28}, url = {http://www.mdpi.com/2078-2489/7/2/28}, doi = {10.3390/info7020028} }
2016	Introducing Product Line Engineering in a Bottom-up Approach [Abstract] [BibTeX] [pdf]	Ulfat-Bunyadi, N., Meis, R., Mohammadi, N. G. & Heisel, M.	Proceedings of the 11th International Joint Conference on Software Technologies (ICSOFT 2016)	SciTePress
Abstract: The optimal way for introducing a product line is to set up a completely new product line by developing a reuse infrastructure for the whole range of products right from the start. However, in practice, product line engineering is frequently introduced by a company after having developed a number of products separately (i.e. in single system engineering). The challenge then consists of defining the product line based on these existing products, i.e. to a certain extent these products have to be re-engineered. More precisely, two problems need to be solved: first, commonality and variability among the existing products needs to be identified to define a common set of core assets, and, second, the way in which future systems (i.e. products of the product line) will be developed based on this common set of assets needs to be defined. The method we suggest in this paper solves these two problems. Our method focuses on control systems, i.e. systems which monitor/control certain quantities in their environment.
BibTeX: @inproceedings{ICSOFT16b, year = {2016}, title = {Introducing Product Line Engineering in a Bottom-up Approach}, booktitle = {Proceedings of the 11th International Joint Conference on Software Technologies {(ICSOFT} 2016)}, author = {Ulfat-Bunyadi, Nelufar and Meis, Rene and Mohammadi, Nazila Gol and Heisel, Maritta}, publisher = {SciTePress}, pages = {146--153}, url = {http://dx.doi.org/10.5220/0006006001460153}, doi = {10.5220/0006006001460153} }
2016	Supporting Privacy Impact Assessments using Problem-based Privacy Analysis [Abstract] [BibTeX] [pdf]	Meis, R. & Heisel, M.	Software Technologies - 10th International Joint Conference, ICSOFT 2015, Revised Selected Papers	Springer
Abstract: Privacy-aware software development is gaining more and more importance for nearly all information systems that are developed nowadays. As a tool to force organizations and companies to consider privacy properly during the planning and the execution of their projects, some governments advise to perform privacy impact assessments (PIAs). During a PIA, a report has to be created that summarizes the consequence on privacy the project may have and how the organization or company addresses these consequences. As basis for a PIA, it has to be documented which personal data is collected, processed, stored, and shared with others in the context of the project. Obtaining this information is a difficult task that is not yet well supported by existing methods. In this paper, we present a method based on the problem-based privacy analysis (ProPAn) that helps to elicit the needed information for a PIA systematically from a given set of functional requirements. Our tool-supported method shall reduce the effort that has to be spent to elicit the information needed to conduct a PIA in a way that the information is as complete and consistent as possible.
BibTeX: @inproceedings{CCIS16, year = {2016}, title = {Supporting Privacy Impact Assessments using Problem-based Privacy Analysis}, booktitle = {Software Technologies - 10th International Joint Conference, {ICSOFT} 2015, Revised Selected Papers}, author = {Meis, Rene and Heisel, Maritta}, publisher = {Springer}, volume = {586}, series = {Communications in Computer and Information Science}, pages = {79--98}, url = {http://dx.doi.org/10.1007/978-3-319-30142-6_5}, doi = {10.1007/978-3-319-30142-6_5} }
2016	The Six-Variable Model - Context Modelling Enabling Systematic Reuse of Control Software [Abstract] [BibTeX] [pdf]	Ulfat-Bunyadi, N., Meis, R. & Heisel, M.	Proceedings of the 11th International Joint Conference on Software Technologies (ICSOFT 2016)	SciTePress
Abstract: A control system usually consists of some control software as well as sensors and actuators to monitor and control certain quantities in the environment. The context of the control software thus consists of the sensors and actuators it uses and the environment. When starting development of the control software, its context is often not predefined or given. There are contextual decisions the developers can make (e.g. which sensors/actuators/other systems to use). By means of these decisions, the context is defined step by step. Existing approaches (like the Four-Variable Model) call for documenting the environmental quantities (monitored, controlled, input, and output variables) that are relevant after making these contextual decisions. The environmental quantities that have originally been relevant (i.e. before deciding which sensors/actuators/other systems to use) are not documented. This results in problems when the software shall later on be reused in another, slightly different setting (e.g. with additional sensors). Then, it is hard for developers to decide which environmental quantities are still relevant for the software. In this paper, we suggest an extended version of the Four-Variable Model, the Six-Variable Model, and, based on that, a context modelling method, that combines existing approaches. The benefit of our method is that the environmental quantities that are relevant before and after decision making are documented as well as the contextual decisions themselves and the options that were selectable. In this way, later reuse of the software is facilitated.
BibTeX: @inproceedings{ICSOFT16a, year = {2016}, title = {The Six-Variable Model - Context Modelling Enabling Systematic Reuse of Control Software}, booktitle = {Proceedings of the 11th International Joint Conference on Software Technologies {(ICSOFT} 2016)}, author = {Ulfat-Bunyadi, Nelufar and Meis, Rene and Heisel, Maritta}, publisher = {SciTePress}, pages = {15--26}, url = {http://dx.doi.org/10.5220/0005944100150026}, doi = {10.5220/0005944100150026} }
2016	Understanding the Privacy Goal Intervenability [Abstract] [BibTeX] [pdf]	Meis, R. & Heisel, M.	Trust, Privacy, and Security in Digital Business	Springer
Abstract: Privacy is gaining more and more attention in society and hence, gains more importance as a software quality that has to be considered during software development. A privacy goal that has not yet been deeply studied is the empowerment of end-users to have control over how their personal data is processed by information systems. This privacy goal is called intervenability. Several surveys have shown that one of end-users’ main privacy concerns is the lack of intervenability options in information systems. In this paper, we refine the privacy goal intervenability into a software requirements taxonomy and relate it to a taxonomy of transparency requirements because transparency can be regarded as a prerequisite for intervenability. The combined taxonomy of intervenability and transparency requirements shall guide requirements engineers to identify the intervenability requirements relevant for the system they consider. We validated the completeness of our taxonomy by comparing it to the relevant literature that we derived based on a systematic literature review.
BibTeX: @inproceedings{TrustBus16, year = {2016}, title = {Understanding the Privacy Goal Intervenability}, booktitle = {Trust, Privacy, and Security in Digital Business}, author = {Meis, Rene and Heisel, Maritta}, publisher = {Springer}, volume = {9830}, series = {LNCS}, pages = {79--94}, url = {http://dx.doi.org/10.1007/978-3-319-44341-6_6}, doi = {10.1007/978-3-319-44341-6_6} }
2015	A Structured Validation and Verification Method for Automotive Systems considering the OEM/Supplier Interface [Abstract] [BibTeX] [pdf]	Beckers, K., Côté, I., Frese, T., Hatebur, D. & Heisel, M.	Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)
Abstract: The released ISO 26262 standard for automotive systems requires several validation and verification activities. These validation and verification activities have to be planned and performed jointly by the OEMs and the suppliers. In this paper, we present a systematic, structured and model-based method to plan the required validation and verification activities and collect the results. Planning and the documentation of performed activities are represented by a UML notation extended with stereotypes. The UML model supports the creation of the artifacts required by ISO 26262, enables document generation and a rigorous check of several constraints expressed in OCL. We illustrate our method using the example of an electronic steering column lock system.
BibTeX: @article{sc15, year = {2015}, title = {A Structured Validation and Verification Method for Automotive Systems considering the OEM/Supplier Interface}, author = {Beckers, Kristian and C{\^{o}}t{\'{e}}, Isabelle and Frese, Thomas and Hatebur, Denis and Heisel, Maritta}, journal = {Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)}, volume = {9337}, pages = {90 - 107} }
2015	Applying Performance Patterns for Requirements Analysis [Abstract] [BibTeX]	Alebrahim, A. & Heisel, M.	Proceedings of the 20th European Conference on Pattern Languages of Programs (EuroPLoP)
Abstract: Performance as one of the critical quality requirements for the success of a software system must be integrated into software development from the beginning to prevent performance problems. Analyzing and modeling performance demands knowledge of performance experts and analysts. In order to integrate performance analysis into software analysis and design methods, performance-specific properties known as domain knowledge has to be identified, analyzed, and documented properly. In this paper, we propose the performance analysis method PoPeRA to guide the requirements engineer in dealing with performance problems as early as possible in requirements analysis. Our structured method provides support for identifying potential performance problems using performance-specific domain knowledge attached to the requirement models. To deal with identified performance problems, we make use of performance analysis patterns to be applied to the requirement models in the requirements engineering phase. To show the application of our approach, we illustrate it with the case study CoCoME, a trading system to be deployed in supermarkets for handling sales.
BibTeX: @inproceedings{Europlop2015-1, year = {2015}, title = {Applying Performance Patterns for Requirements Analysis}, booktitle = {Proceedings of the 20th European Conference on Pattern Languages of Programs (EuroPLoP)}, author = {Azadeh Alebrahim and Maritta Heisel}, note = {Accepted} }
2015	Challenges in Rendering and Maintaining Trustworthiness for Long-Living Software Systems [Abstract] [BibTeX]	Alebrahim, A., Mohammadi, N. G. & Heisel, M.	Proceedings of the 2nd Collaborative Workshop on Evolution and Maintenance of Long-Living Software Systems (EMLS), GI Software Engineering Tagung SE
Abstract: Trustworthiness plays a key role in acceptance and adoption of software by the end-users. When maintaining long-living software systems, trustworthiness has to be addressed since trust of the end-user is volatile and can change over time. In this paper, we discuss the challenges regarding trustworthiness of long-living software systems. Trustworthiness should be considered in the whole life-cycle of a long-living system, i.e., in all development phases aiming at building trustworthiness into the core of the system at design-time and later maintaining it during run-time. But, our focus in this paper is on challenges in requirements engineering and also planning for the run-time activities, e.g., what are the needed monitor interfaces, what are the planned actions and how are the execution interfaces for performing those actions.
BibTeX: @inproceedings{EMLS2015, year = {2015}, title = {Challenges in Rendering and Maintaining Trustworthiness for Long-Living Software Systems}, booktitle = {Proceedings of the 2nd Collaborative Workshop on Evolution and Maintenance of Long-Living Software Systems (EMLS), GI Software Engineering Tagung SE}, author = {Azadeh Alebrahim and Nazila Gol Mohammadi and Maritta Heisel}, publisher = {CEUR-WS.org}, volume = {1337}, series = {{CEUR} Workshop Proceedings}, pages = {103--105} }
2015	Towards a Reliable Mapping between Performance and Security Tactics, and Architectural Patterns [Abstract] [BibTeX]	Alebrahim, A., Filipczyk, S. F. M., Goedicke, M. & Heisel, M.	Proceedings of the 20th European Conference on Pattern Languages of Programs (EuroPLoP)
Abstract: The software architecture of a system-to-be affects the fulfillment of the desired quality requirements for this system. For building upon common knowledge and best practices, the use of architectural patterns in the software architecture has shown to be valuable. Besides their functional properties, each architectural pattern has benefits and liabilities regarding the fulfillment of quality requirements. Whereas architectural patterns contribute to the fulfillment of several quality requirements positively or negatively in a larger scale, tactics aim at improving one specific quality requirement in a more local manner. In order to tailor a software architecture for satisfying one or more specific quality requirements, tactics have to be integrated into the structure of the architectural patterns. In this paper, we investigate the relationship between several architectural patterns and performance as well as security tactics. We study how easily one tactic can be implemented in an architectural pattern. Based on our investigation, we provide mappings between the architectural patterns and tactics. Additionally, we provide a reasoning for the relations we found. Finally, we plan to conduct an experiment to discover the relevant factors for creating reliable relations. We describe the definition and planning of the experiment. The results will be used to define a method for creating a reliable mapping between tactics and architectural patterns.
BibTeX: @inproceedings{Europlop2015-3, year = {2015}, title = {Towards a Reliable Mapping between Performance and Security Tactics, and Architectural Patterns}, booktitle = {Proceedings of the 20th European Conference on Pattern Languages of Programs (EuroPLoP)}, author = {Azadeh Alebrahim and Stephan Fa{\ss}benderand Martin Filipczyk and Michael Goedicke and Maritta Heisel}, note = {Accepted} }
2015	Towards Systematic Selection of Architectural Patterns with Respect to Quality Requirements [Abstract] [BibTeX]	Alebrahim, A., Filipczyk, S. F. M., Goedicke, M. & Heisel, M.	Proceedings of the 20th European Conference on Pattern Languages of Programs (EuroPLoP)
Abstract: The design of software architecture for a system-to-be is a challenge, since required functionality as well as the desired quality requirements have to be considered. Building upon common knowledge and best practices captured in architectural patterns has shown to be valuable in this context. However, existing solutions for deriving architectures from requirements mostly rely on experienced architects. Beside the required experience, it is often a problem that the decision is not properly reasoned and documented. In this paper, we propose a process to select appropriate architectural patterns with regards to given (quality) requirements. The process uses problem frames for modeling requirements and relates requirements to architectural patterns by means of a question catalog. The answers to the questions indicate suitable architectural pattern candidates. The final decision making about the pattern to be used is supported with several steps and also takes tactics and their applicability for a pattern into account. This way, our proposed process connects requirements and architecture, guides even less experienced software engineers through the pattern selection process, provides support for decision making, and makes the decision rationale transparent.
BibTeX: @inproceedings{Europlop2015-2, year = {2015}, title = {Towards Systematic Selection of Architectural Patterns with Respect to Quality Requirements}, booktitle = {Proceedings of the 20th European Conference on Pattern Languages of Programs (EuroPLoP)}, author = {Azadeh Alebrahim and Stephan Fa{\ss}benderand Martin Filipczyk and Michael Goedicke and Maritta Heisel}, note = {Accepted} }
2014	A Threat Analysis Methodology for Smart Home Scenarios [BibTeX]	Beckers, K., Faßbender, S., Heisel, M. & Suppan, S.	Proceedings of the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14)	Springer
BibTeX: @proceedings{BFHS2014, year = {2014}, title = {{A} {T}hreat {A}nalysis {M}ethodology for {S}mart {H}ome {S}cenarios}, booktitle = {Proceedings of the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14)}, author = {Kristian Beckers and Stephan Fa{\ss}bender and Maritta Heisel and Santiago Suppan}, publisher = {Springer}, series = {LNCS 8448}, pages = {Pages 94-124}, url = {http://www.springerlink.com/} }
2014	Considering Attacker Motivation in Attack Graphs Analysis in a Smart Grid Scenario [BibTeX]	Beckers, K., Heisel, M., Krautsevich, L., Maritnelli, F. & Yautsiukhin, A.	Proceedings of the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14)	Springer Berlin Heidelberg
BibTeX: @proceedings{BHKMY2014, year = {2014}, title = {{C}onsidering {A}ttacker {M}otivation in {A}ttack {G}raphs {A}nalysis in a {S}mart {G}rid {S}cenario}, booktitle = {Proceedings of the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14)}, author = {Kristian Beckers and Maritta Heisel and Leanid Krautsevich and Fabio Maritnelli and Artsiom Yautsiukhin}, publisher = {Springer Berlin Heidelberg}, series = {LNCS 8448}, pages = {Pages 30-47}, url = {http://www.springerlink.com/} }
2014	A Problem-based Approach for Computer Aided Privacy Threat Identification [Abstract] [BibTeX] [pdf]	Beckers, K., Faßbender, S., Heisel, M. & Meis, R.	Annual Privacy Forum 2012	Springer
Abstract: Recently, there has been an increase of reported privacy threats hitting large software systems. These threats can originate from stakeholders that are part of the system. Thus, it is crucial for software engineers to identify these privacy threats, refine these into privacy requirements, and design solutions that mitigate the threats. In this paper, we introduce our methodology named Problem-Based Privacy Analysis (ProPAn). The ProPAn method is an approach for identifying privacy threats during the requirements analysis of software systems using problem frame models. Our approach does not rely entirely on the privacy analyst to detect privacy threats, but allows a computer aided privacy threat identification that is derived from the relations between stakeholders, technology, and personal information in the system-to-be. To capture the environment of the system, e.g., stakeholders and other IT systems, we use problem frames, a requirements engineering approach founded on the modeling of a machine (system-to-be) in its environment (e.g. stakeholders, other software). We define a UML profile for privacy requirements and a reasoning technique that identifies stakeholders, whose personal information are stored or transmitted in the system-to-be and stakeholders from whom we have to protect this personal information. We illustrate our approach using an eHealth scenario provided by the industrial partners of the EU project NESSoS.
BibTeX: @inproceedings{APF2012, year = {2014}, title = {A Problem-based Approach for Computer Aided Privacy Threat Identification}, booktitle = {Annual Privacy Forum 2012}, author = {Kristian Beckers and Stephan Fa{\ss}bender and Maritta Heisel and Rene Meis}, publisher = {Springer}, volume = {8319}, series = {LNCS}, pages = {1--16}, url = {http://www.springerlink.com/} }
2014	A Structured Approach for Eliciting, Modeling, and Using Quality-Related Domain Knowledge [Abstract] [BibTeX] [pdf]	Alebrahim, A., Heisel, M. & Meis, R.	Proceedings of the 14th International Conference on Computational Science and Its Applications (ICCSA)
Abstract: In requirements engineering, properties of the environment and assumptions about it, called domain knowledge, need to be captured in addition to exploring the requirements. Despite the recognition of the significance of capturing and using the required domain knowledge, it might be missing, left implicit, or be captured inadequately during the software development. This results in an incorrect specification. Moreover, the software might fail to achieve its quality objectives because of ignored required constraints and assumptions. In order to analyze software quality properly, we propose a structured approach for eliciting, modeling, and using domain knowledge. We investigate what kind of quality-related domain knowledge is required for the early phases of qualitydriven software development and how such domain knowledge can be systematically elicited and explicitly modeled to be used for the analysis of quality requirements. Our method aims at improving the quality of the requirements engineering process by facilitating the capturing and using of implicit domain knowledge.
BibTeX: @incollection{SQ2014, year = {2014}, title = {A Structured Approach for Eliciting, Modeling, and Using Quality-Related Domain Knowledge}, booktitle = {Proceedings of the 14th International Conference on Computational Science and Its Applications (ICCSA)}, author = {Alebrahim, Azadeh and Heisel, Maritta and Meis, Rene}, publisher = {Springer}, series = {LNCS 8583}, pages = {370--386} }
2014	A Structured Comparison of Security Standards [Abstract] [BibTeX] [pdf]	Beckers, K., Côté, I., Fenz, S., Hatebur, D. & Heisel, M.	Advances in Engineering Secure Future Internet Services and Systems	Springer
Abstract: A number of different security standards exist and it is diffcult to choose the right one for a particular project or to evaluate if the right standard was chosen for a certifcation. These standards are often long and complex texts, whose reading and understanding takes up a lot of time. We provide a conceptual model for security standards that relies upon existing research and contains concepts and phases of security standards. In addition, we developed a template based upon this model, which can be instantiated for given security standard. These instantiated templates can be compared and help software and security engineers to understand the differences of security standards. In particular, the instantiated templates explain which information and what level of detail a system document according to a certain security standard contains. We applied our method to the well known international security standards ISO 27001 and Common Criteria, and the German IT-Grundschutz standards, as well.
BibTeX: @inproceedings{Lopez2014, year = {2014}, title = {A Structured Comparison of Security Standards}, booktitle = {Advances in Engineering Secure Future Internet Services and Systems}, author = {Beckers, Kristian and C{\^{o}}t{\'{e}}, Isabelle and Fenz, Stefan and Hatebur, Denis and Heisel, Maritta}, publisher = {Springer}, number = {8431}, series = {LNCS State-of-the-Art Surveys}, pages = {1-34}, url = {http://www.springerlink.com/} }
2014	A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain [BibTeX]	Beckers, K., Côté, I., Goeke, L., Güler, S. & Heisel, M.	International Journal of Secure Software Engineering (IJSSE) - Special Issue on 7th International Workshop on Secure Software Engineering (SecSE 2013)	IGI Global
BibTeX: @article{Beckers2014-IJIS, year = {2014}, title = {A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain}, author = {Kristian Beckers and Isabelle C{\^o}t{\'e} and Ludger Goeke and Selim G\"{u}ler and Maritta Heisel}, journal = {International Journal of Secure Software Engineering (IJSSE) - Special Issue on 7th International Workshop on Secure Software Engineering (SecSE 2013)}, publisher = {IGI Global}, volume = {5}, number = {2}, pages = {19 -- 41}, url = {http://www.igi-global.com} }
2014	Aspect-oriented Requirements Engineering with Problem Frames [Abstract] [BibTeX] [pdf]	Faßbender, S., Heisel, M. & Meis, R.	ICSOFT-PT 2014 - Proc. of the 9th Int. Conf. on Software Paradigm Trends
Abstract: Nowadays, the requirements of various stakeholders for a system do not only increase the complexity of the system-to-be, but also contain different cross-cutting concerns. In such a situation, requirements engineers are really challenged to master the complexity and to deliver a coherent and complete description of the system-to-be. Hence, they are in need for methods which reduce the complexity, handle functional and quality requirements, check completeness and reveal interactions, and are tool supported to lower the effort. One possible option to handle the complexity of a system-to-be is the separation of concerns. Both, aspect-oriented requirements engineering and the problem frames approach implement this principle. Therefore, we propose a combination of both, the AORE4PF (Aspect-Oriented Requirements Engineering for Problem Frames) method. AORE4PF provides guidance for classifying requirements, separating the different concerns, modeling requirements for documentation and application of completeness and interaction analyses, and weaving the reusable parts to a complete and coherent system. AORE4PF provides tool support for most activities. We exemplify our method using a smart grid case obtained from the NESSoS project. For validation, the results of a small experiment in the field of crisis management systems are presented.
BibTeX: @inproceedings{ICSOFT14Aspects, year = {2014}, title = {Aspect-oriented Requirements Engineering with Problem Frames}, booktitle = {{ICSOFT-PT} 2014 - Proc. of the 9th Int. Conf. on Software Paradigm Trends}, author = {Fa\ss{}bender, S. and Heisel, M. and Meis, R.}, publisher = {SciTePress}, pages = {145-156} }
2014	Enhancing Problem Frames with Trust and Reputation for Analyzing Smart Grid Security Requirements [BibTeX]	Moyano, F., Fernandez-Gago, C., Beckers, K. & Heisel, M.	Proceedings of the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14)	Springer
BibTeX: @proceedings{MGBH2014, year = {2014}, title = {Enhancing Problem Frames with Trust and Reputation for Analyzing Smart Grid Security Requirements}, booktitle = {Proceedings of the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14)}, author = {Francisco Moyano and Carmen Fernandez-Gago and Kristian Beckers and Maritta Heisel}, publisher = {Springer}, series = {LNCS 8448}, pages = {166 -- 180}, url = {http://www.springerlink.com/} }
2014	Functional Requirements Under Security PresSuRE [Abstract] [BibTeX] [pdf]	Faßbender, S., Heisel, M. & Meis, R.	ICSOFT-PT 2014 - Proc. of the 9th Int. Conf. on Software Paradigm Trends
Abstract: Recently, there has been an increase of reported security incidents hitting large software systems. Such incidents can originate from different attackers exploiting vulnerabilities of different parts of a system. Hence, there is a need for enhancing security considerations in software development. It is crucial for requirements engineers to identify security threats early on, and to refine the threats into security requirements. In this paper, we introduce a methodology for Problem-based Security Requirements Elicitation (PresSuRE). PresSuRE is a method for identifying security needs during the requirements analysis of software systems using a problem frame model. Our method does not rely entirely on the requirements engineer to detect security needs, but provides a computer-aided security threat identification, and subsequently the elicitation of security requirements. The identification is based on the functional requirements for a system-to-be. We illustrate and validate our approach using a smart grid scenario provided by the industrial partners of the EU project NESSoS
BibTeX: @inproceedings{ICSOFT14Pressure, year = {2014}, title = {Functional Requirements Under Security {PresSuRE}}, booktitle = {{ICSOFT-PT} 2014 - Proc. of the 9th Int. Conf. on Software Paradigm Trends}, author = {Fa\ss{}bender, S. and Heisel, M. and Meis, R.}, publisher = {SciTePress}, pages = {5-16} }
2014	Intertwining Relationship between Requirements, Architecture, and Domain Knowledge [BibTeX]	Alebrahim, A. & Heisel, M.	Proceedings of the 9th International Conference on Software Engineering Advances (ICSEA)
BibTeX: @inproceedings{ICSEA2014, year = {2014}, title = {Intertwining Relationship between Requirements, Architecture, and Domain Knowledge}, booktitle = {Proceedings of the 9th International Conference on Software Engineering Advances (ICSEA)}, author = {Azadeh Alebrahim and Maritta Heisel}, pages = {1--7} }
2014	ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System [BibTeX]	Beckers, K., Heisel, M., Solhaug, B. & Stølen, K.	Advances in Engineering Secure Future Internet Services and Systems
BibTeX: @inproceedings{BHSS2014, year = {2014}, title = {ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System}, booktitle = {Advances in Engineering Secure Future Internet Services and Systems}, author = {Kristian Beckers and Maritta Heisel and Bj{\o}rnar Solhaug and Ketil St{\o}len}, publisher = {Springer}, number = {8431}, series = {LNCS State-of-the-Art Surveys}, pages = {315-344} }
2014	Optimizing functional and quality requirements according to stakeholders' goals [BibTeX]	Alebrahim, A., Choppy, C., Faßbender, S. & Heisel, M.	System Quality and Software Architecture (SQSA)
BibTeX: @incollection{SQSA2014, year = {2014}, title = {Optimizing functional and quality requirements according to stakeholders' goals}, booktitle = {System Quality and Software Architecture (SQSA)}, author = {Alebrahim, Azadeh and Choppy, Christine and Fa{\ss}bender, Stephan and Heisel, Maritta}, publisher = {Elsevier}, pages = {75-120} }
2014	Pattern-Based and ISO 27001 Compliant Risk Analysis for Cloud Systems [Abstract] [BibTeX] [pdf]	Alebrahim, A., Hatebur, D. & Goeke, L.	Proceedings of the 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)
Abstract: For accepting clouds and using cloud services by companies, security plays a decisive role. For cloud providers, one way to obtain customers� confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in the ISO 27001 standard for achieving information security. This standard, however, contains ambiguous descriptions. In addition, it does not stipulate any method to identify assets, threats, and vulnerabilities. In this paper, we present a structured and patternbased method to conduct risk analysis for cloud computing systems. It is tailored to SMEs. Our method addresses the requirements of the ISO 27001. We make use of the cloud system analysis pattern, security requirement patterns, threat patterns, and control patterns for conducting the risk analysis. The method is illustrated by a cloud logistics application example.
BibTeX: @inproceedings{ESPRE2014, year = {2014}, title = {Pattern-Based and ISO 27001 Compliant Risk Analysis for Cloud Systems}, booktitle = {Proceedings of the 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)}, author = {Alebrahim, Azadeh and Hatebur, Denis and Goeke, Ludger}, publisher = {IEEE}, pages = {42-47} }
2014	Privacy-Aware Cloud Deployment Scenario Selection [Abstract] [BibTeX] [pdf]	Beckers, K., Faßbender, S., Gritzalis, S., Heisel, M., Kalloniatis, C. & Meis, R.	Trust, Privacy, and Security in Digital Business	Springer
Abstract: Nowadays, IT-resources are often out-sourced to clouds to reduce administration and hardware costs of the own IT infrastructure. There are different deployment scenarios for clouds that heavily differ in the costs for deployment and maintenance, but also in the number of stakeholders involved in the cloud and the control over the data in the cloud. These additional stakeholders can introduce new privacy threats into a system. Hence, there is a trade-off between the reduction of costs and addressing privacy concerns introduced by clouds. Our contribution is a structured method that assists decision makers in selecting an appropriate cloud deployment scenario. Our method is based on the privacy requirements of the system-to-be. These are analyzed on basis of the functional requirements using the problem-based privacy threat analysis (ProPAn). The concept of clouds is integrated into the requirements model, which is used by ProPAn to automatically generate privacy threat graphs. 1
BibTeX: @inproceedings{TrustBus2014, year = {2014}, title = {Privacy-Aware Cloud Deployment Scenario Selection}, booktitle = {Trust, Privacy, and Security in Digital Business}, author = {Beckers, K. and Fa\ss{}bender, S. and Gritzalis, S. and Heisel, M. and Kalloniatis, C. and Meis, R.}, publisher = {Springer}, volume = {8647}, series = {LNCS}, pages = {94-105}, url = {http://www.springerlink.com/} }
2014	Problem-Based Requirements Interaction Analysis [Abstract] [BibTeX] [pdf]	Alebrahim, A., Faßbender, S., Heisel, M. & Meis, R.	Proceedings of the International Working Conference onRequirements Engineering: Foundation for Software Quality (REFSQ)
Abstract: [Context] The ability to address the diverse interests of different stakeholders in a software project in a coherent way is one fundamental software quality. These diverse and maybe conflicting interests are reflected by the requirements of each stakeholder. [Problem] Thus, it is likely that aggregated requirements for a software system contain interactions. To avoid unwanted interactions and improve software quality, we propose a structured method consisting of three phases to find such interactions. [Principal ideas] For our method, we use problem diagrams, which describe requirements in a structured way. The information represented in the problem diagrams is translated into a formal Z model. Then we reduce the number of combinations of requirements, which might conflict. [Contribution] The reduction of requirements interaction candidates is crucial to lower the effort of the in depth interaction analysis. For validation of our method, we use a real-life example in the domain of smart grid.
BibTeX: @inproceedings{REFSQ2014, year = {2014}, title = {Problem-Based Requirements Interaction Analysis}, booktitle = {Proceedings of the International Working Conference onRequirements Engineering: Foundation for Software Quality ({REFSQ})}, author = {Azadeh Alebrahim and Stephan Fa{\ss}bender and Maritta Heisel and Rene Meis}, publisher = {Springer}, series = {LNCS 8396}, pages = {200--215} }
2014	Problem-oriented Security Patterns for Requirements Engineering [BibTeX]	Alebrahim, A. & Heisel, M.	Proceedings of the 19th European Conference on Pattern Languages of Programs (EuroPLoP)
BibTeX: @inproceedings{Alebrahim-europlop2014, year = {2014}, title = {Problem-oriented Security Patterns for Requirements Engineering}, booktitle = {Proceedings of the 19th European Conference on Pattern Languages of Programs (EuroPLoP)}, author = {Alebrahim, Azadeh and Heisel, Maritta}, note = {Accepted} }
2014	Supporting Common Criteria Security Analysis with Problem Frames [Abstract] [BibTeX] [pdf]	Beckers, K., Hatebur, D. & Heisel, M.	Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)	Innovative Information Science & Technology Research Group (ISYOU)
Abstract: Security standards, e.g., the Common Criteria (ISO 15408), are applied by software vendors to establish a level of confidence that the security functionality of their products and their applied assurance measures are sufficient. To get a Common Criteria certification, a comprehensible set of documents is necessary, including a detailed threat analysis and security objective elicitation. We focus on improving the Common Criteria threat analysis and the derivation of security objectives in our work. Our method is based upon an attacker model, which considers different attacker types, e.g., software attackers, that threaten only specific parts of a system. We provide tool support for checking the consistency and the completeness of the specified software systems using OCL expressions. For example, we check if all types of attackers have been considered for a specific domain, we check for all software domains that either a software attacker is considered or an assumption is documented that excludes software attackers, and we check if all threats are addressed by security objectives. Moreover, we can generate tables and texts from our UML models to satisfy the Common Criteria documentation demands. For instance, we can generate Common Criteria specific cross-table, which maps every security objective and assumption to a specific threat. The consistency checks are integrated in our structured method for threat analysis that considers the Common Criteria�s (CC) demands for documentation of the system in its environment and the reasoning that all threats are discovered and addressed. With our support tool UML4PF (that extends a UML tool and contains e.g., a UML profile and an OCL validator), we support security reasoning, validation of models, and we are able to generate Common Criteria-compliant documentation using model-to-text transformations. Our threat analysis method can also be used for threat analysis without the common criteria, because it uses a specific part of the UML profile that can be adapted to other demands with little effort. For example, it could be adapted for other security standards like ISO 27001.We illustrate our approach with the development of a smart metering gateway system.
BibTeX: @article{Beckers2014-Jowua, year = {2014}, title = {Supporting Common Criteria Security Analysis with Problem Frames}, author = {Beckers, Kristian and Hatebur, Denis and Heisel, Maritta}, journal = {Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)}, publisher = {Innovative Information Science \& Technology Research Group (ISYOU)}, volume = {5}, number = {1}, pages = {37-63}, url = {http://isyou.info/} }
2014	Systematic Derivation of Functional Safety Requirements for Automotive Systems [Abstract] [BibTeX] [pdf]	Beckers, K., Côté, I., Frese, T., Hatebur, D. & Heisel, M.	Proceedings of SAFECOMP
Abstract: The released ISO 26262 standard for automotive systems requires breaking down safety goals from the hazard analysis and risk assessment into functional safety requirements in the functional safety concept. It has to be justied that the dened functional safety requirements are suitable to achieve the stated safety goals. In this paper, we present a systematic, structured and model-based method to dene functional safety requirements using a given set of safety goals. The rationale for safety goal achievement, the relevant attributes of the functional safety requirements, and their relationships are represented by a UML notation extended with stereotypes. The UML model enables a rigorous validation of several constraints expressed in OCL. We illustrate our method using an example electronic steering column lock system.
BibTeX: @inproceedings{safecomp2014, year = {2014}, title = {Systematic Derivation of Functional Safety Requirements for Automotive Systems}, booktitle = {{Proceedings of SAFECOMP}}, author = {Beckers, Kristian and C{\^{o}}t{\'{e}}, Isabelle and Frese, Thomas and Hatebur, Denis and Heisel, Maritta}, publisher = {Springer}, series = {LNCS 8666}, pages = {65--80} }
2014	Towards a Computer-aided Problem-oriented Variability Requirements Engineering Method [BibTeX]	Alebrahim, A., Faßbender, S., Filipczyk, M., Goedicke, M., Heisel, M. & Konersmann, M.	Advanced Information Systems Engineering Workshops
BibTeX: @incollection{ASDENCA2014, year = {2014}, title = {Towards a Computer-aided Problem-oriented Variability Requirements Engineering Method}, booktitle = {Advanced Information Systems Engineering Workshops}, author = {Azadeh Alebrahim and Stephan Fa{\ss}bender and Martin Filipczyk and Michael Goedicke and Maritta Heisel and Marco Konersmann}, publisher = {Springer}, series = {LNBIP 178}, pages = {136-147} }
2014	Towards Developing Secure Software using Problem-oriented Security Patterns [BibTeX]	Alebrahim, A. & Heisel, M.	Proceedings of the 6th International Cross-Domain Conference on Availability, Reliability, and Security in Information Systems and HCI (CD-ARES)
BibTeX: @inproceedings{Alebrahim-cdares2014, year = {2014}, title = {Towards Developing Secure Software using Problem-oriented Security Patterns}, booktitle = {Proceedings of the 6th International Cross-Domain Conference on Availability, Reliability, and Security in Information Systems and HCI (CD-ARES)}, author = {Azadeh Alebrahim and Maritta Heisel}, publisher = {Springer}, series = {LNCS 8708}, pages = {45-62} }
2013	A Usability Evaluation of the NESSoS Common Body of Knowledge [BibTeX]	Beckers, K. & Heisel, M.	Proceedings of the International Conference on Availability, Reliability and Security (ARES) - 2nd International Workshop on Security Ontologies and Taxonomies(SecOnT 2013)	IEEE Computer Society
BibTeX: @inproceedings{Beckers2013-ares3, year = {2013}, title = { A Usability Evaluation of the NESSoS Common Body of Knowledge}, booktitle = {Proceedings of the International Conference on Availability, Reliability and Security ({ARES}) - 2nd International Workshop on Security Ontologies and Taxonomies(SecOnT 2013)}, author = {Kristian Beckers and Maritta Heisel}, publisher = {IEEE Computer Society}, pages = {559-568}, url = {http://www.ieee.org/} }
2013	A Framework for Combining Problem Frames and Goal Models to Support Context Analysis during Requirements Engineering [BibTeX]	Mohammadi, N. G., Alebrahim, A., Weyer, T., Heisel, M. & Pohl, K.	Proceedings of the 5th International Cross-Domain Conference on Availability, Reliability, and Security in Information Systems and HCI (CD-ARES)
BibTeX: @inproceedings{CDARES2013, year = {2013}, title = {A Framework for Combining Problem Frames and Goal Models to Support Context Analysis during Requirements Engineering}, booktitle = {Proceedings of the 5th International Cross-Domain Conference on Availability, Reliability, and Security in Information Systems and HCI (CD-ARES)}, author = {Nazila Gol Mohammadi and Azadeh Alebrahim and Thorsten Weyer and Maritta Heisel and Klaus Pohl}, publisher = {Springer}, series = {LNCS 8127}, pages = {272--288} }
2013	A Meta-Model Approach to the Fundamentals for a Pattern Language for Context Elicitation [BibTeX]	Beckers, K., Faßbender, S. & Heisel, M.	Proceedings of the 18th European Conference on Pattern Languages of Programs (Europlop)	ACM
BibTeX: @inproceedings{Beckers2013-europlop, year = {2013}, title = {A Meta-Model Approach to the Fundamentals for a Pattern Language for Context Elicitation}, booktitle = {Proceedings of the 18th European Conference on Pattern Languages of Programs (Europlop)}, author = {Beckers, Kristian and Fa{\ss}bender, Stephan and Heisel, Maritta}, publisher = {ACM}, pages = {-}, note = {Accepted for Publication}, url = {http://dl.acm.org/} }
2013	A pattern-based method for establishing a cloud-specific information security management system [BibTeX]	Beckers, K., Côté, I., Faßbender, S., Heisel, M. & Hofbauer, S.	Requirements Engineering	Springer-Verlag
BibTeX: @article{Beckers2013rohtua, year = {2013}, title = {A pattern-based method for establishing a cloud-specific information security management system}, author = {Beckers, Kristian and C{\^o}t{\'e}, Isabelle and Fa{\ss}bender, Stephan and Heisel, Maritta and Hofbauer, Stefan}, journal = {Requirements Engineering}, publisher = {Springer-Verlag}, pages = {1-53}, url = {http://www.springerlink.com/} }
2013	A Problem-based Threat Analysis in compliance with Common Criteria [Abstract] [BibTeX] [pdf]	Beckers, K., Hatebur, D. & Heisel, M.	Proceedings of the International Conference on Availability, Reliability and Security (ARES)	IEEE Computer Society
Abstract: In order to gain their customers� trust, software vendors can certify their products according to security standards,e.g., the Common Criteria (ISO 15408). A Common Criteria certification requires a comprehensible documentation of the software product, including a detailed threat analysis. In our work, we focus on improving that threat analysis. Our method is based upon an attacker model, which considers attacker types like software attacker that threaten only specific parts of a system. We use OCL expressions to check if all attackers for a specific domain have been considered. For example, we propose a computer-aided method that checks if all software systems have either considered a software attacker or documented an assumption that excludes software attackers. Hence, we propose a structured method for threat analysis that considers the Common Criteria�s (CC) demands for documentation of the system in its environment and the reasoning that all threats are discovered. We use UML4PF, a UML profile and support tool for Jackson�s problem frame method and OCL for supporting security reasoning, validation of models, and also to generate Common Criteria-compliant documentation. Our threat analysis method can also be used for threat analysis without the common criteria, because it uses a specific part of the UML profile that can be adapted to other demands with little effort. We illustrate our approach with the development of a smart metering gateway system.
BibTeX: @inproceedings{Beckers2013-ares1, year = {2013}, title = {A Problem-based Threat Analysis in compliance with Common Criteria}, booktitle = {Proceedings of the International Conference on Availability, Reliability and Security ({ARES})}, author = {Kristian Beckers and Denis Hatebur and Maritta Heisel}, publisher = {IEEE Computer Society}, pages = {111-120}, url = {http://www.ieee.org/} }
2013	A Structured and Model-Based Hazard Analysis and Risk Assessment Method for Automotive Systems [Abstract] [BibTeX] [pdf]	Beckers, K., Frese, T., Hatebur, D. & Heisel, M.	Proceedings of the 24th IEEE International Symposium on Software Reliability Engineering	IEEE Computer Society
Abstract: The released ISO 26262 standard requires a hazard analysis and risk assessment for automotive systems to determine the necessary safety measures to be implemented for a certain feature. In this paper, we present a structured and model-based hazard analysis and risk assessment method for automotive systems. The hazard analysis and risk assessment are based on a requirements engineering process using problem frames. Their elements are represented by a UML notation extended with stereotypes. The UML model enables a rigorous validation of several constraints expressed in OCL. We illustrate our method using an electronic steering column lock system.
BibTeX: @inproceedings{Beckers2013-issre, year = {2013}, title = {A Structured and Model-Based Hazard Analysis and Risk Assessment Method for Automotive Systems}, booktitle = {Proceedings of the 24th IEEE International Symposium on Software Reliability Engineering}, author = {Kristian Beckers and Thomas Frese and Denis Hatebur and Maritta Heisel}, publisher = {IEEE Computer Society}, pages = {238-247}, url = {http://www.ieee.org/} }
2013	Combining Goal-oriented and Problem-oriented Requirements Engineering Methods [BibTeX]	Beckers, K., Faßbender, S., Heisel, M. & Paci, F.	Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2013)	Springer
BibTeX: @inproceedings{Beckers2013-cdares2, year = {2013}, title = {Combining Goal-oriented and Problem-oriented Requirements Engineering Methods}, booktitle = {Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2013)}, author = {Kristian Beckers and Stephan Fa{\ss}bender and Maritta Heisel and Federica Paci}, publisher = {Springer}, series = {LNCS 8127}, pages = {178-194}, url = {http://www.springerlink.com/} }
2013	Common Criteria CompliAnt Software Development (CC-CASD) [Abstract] [BibTeX] [pdf]	Beckers, K., Côté, I., Hatebur, D., Faßbender, S. & Heisel, M.	Proceedings 28th Symposium on Applied Computing	ACM
Abstract: In order to gain their customers� trust, software vendors can certify their products according to security standards, e.g., the Common Criteria (ISO 15408). However, a Common Criteria certification requires a comprehensible documentation of the software product. The creation of this documentation results in high costs in terms of time and money. We propose a software development process that supports the creation of the required documentation for a Common Criteria certification. Hence, we do not need to create the documentation after the software is built. Furthermore, we propose to use an enhanced version of the requirements-driven software engineering process called ADIT to discover possible problems with the establishment of Common Criteria documents. We aim to detect these issues before the certification process. Thus, we avoid expensive delays of the certification effort. ADIT provides a seamless development approach that allows consistency checks between different kinds of UML models. ADIT also supports traceability from security requirements to design documents. We illustrate our approach with the development of a smart metering gateway system.
BibTeX: @conference{SAC2013, year = {2013}, title = {Common Criteria CompliAnt Software Development (CC-CASD)}, booktitle = {Proceedings 28th Symposium on Applied Computing}, author = {Kristian Beckers and Isabelle C{\^o}t{\'e} and Denis Hatebur and Stephan Fa{\ss}bender and Maritta Heisel}, publisher = {ACM}, pages = {937-943}, url = {http://dl.acm.org/} }
2013	Structured Pattern-Based Security Requirements Elicitation for Clouds [BibTeX]	Beckers, K., Côté, I., Goeke, L., Güler, S. & Heisel, M.	Proceedings of the International Conference on Availability, Reliability and Security (ARES) - 7th International Workshop on Secure Software Engineering (SecSE 2013)	IEEE Computer Society
BibTeX: @inproceedings{Beckers2013-ares2, year = {2013}, title = {Structured Pattern-Based Security Requirements Elicitation for Clouds }, booktitle = {Proceedings of the International Conference on Availability, Reliability and Security ({ARES}) - 7th International Workshop on Secure Software Engineering (SecSE 2013)}, author = {Kristian Beckers and Isabelle C{\^o}t{\'e} and Ludger Goeke and Selim G\"{u}ler and Maritta Heisel}, publisher = {IEEE Computer Society}, pages = {465-474}, url = {http://www.ieee.org/} }
2012	A Common Body of Knowledge for Engineering Secure Software and Services [BibTeX]	Schwittek, W., Schmidt, H., Beckers, K., Eicker, S., Faßbender, S. & Heisel, M.	Proceedings of the International Conference on Availability, Reliability and Security (ARES) - 1st International Workshop on Security Ontologies and Taxonomies (SecOnT 2012)	IEEE Computer Society
BibTeX: @inproceedings{Beckers2012-ares7, year = {2012}, title = {A Common Body of Knowledge for Engineering Secure Software and Services}, booktitle = {Proceedings of the International Conference on Availability, Reliability and Security ({ARES}) - 1st International Workshop on Security Ontologies and Taxonomies (SecOnT 2012)}, author = {Widura Schwittek and Holger Schmidt and Kristian Beckers and Stefan Eicker and Stephan Fa{\ss}bender and Maritta Heisel}, publisher = {IEEE Computer Society}, pages = {499-506}, url = {http://www.ieee.org/} }
2012	A Foundation for Requirements Analysis of Privacy Preserving Software [BibTeX]	Beckers, K. & Heisel, M.	Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2012)	Springer
BibTeX: @inproceedings{Beckers2012-ares3, year = {2012}, title = {A Foundation for Requirements Analysis of Privacy Preserving Software}, booktitle = {Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2012)}, author = {Kristian Beckers and Maritta Heisel}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, pages = {1-16}, url = {http://www.springerlink.com/} }
2012	An Aspect-Oriented Approach to Relating Security Requirements and Access Control [Abstract] [BibTeX] [pdf]	Alebrahim, A., Tun, T. T., Yu, Y., Heisel, M. & Nuseibeh, B.	Proceedings of the CAiSE Forum	CEUR-WS.org
Abstract: Affecting multiple parts in software systems, security requirements often tangle with functional requirements. In order to separate crosscutting concerns and increase modularity, we propose to represent security requirements as aspects that can be woven into functional requirements. Using problem frames to model the functional requirements, weaving is achieved by composing the modules representing security aspects with the requirement models. Moreover, we provide guidance on how such security aspects are structured to implement a particular access control solution. As a result, such security aspects become reusable solution patterns to refne the structure of security-related problem.
BibTeX: @inproceedings{caise2012, year = {2012}, title = {An Aspect-Oriented Approach to Relating Security Requirements and Access Control}, booktitle = {Proceedings of the CAiSE Forum}, author = {Azadeh Alebrahim and Thein Than Tun and Yijun Yu and Maritta Heisel and and Bashar Nuseibeh}, publisher = {CEUR-WS.org}, series = {CEUR Workshop Proceedings}, pages = {15--22}, url = {http://ceur-ws.org/} }
2012	Deriving Quality-based Architecture Alternatives with Patterns [Abstract] [BibTeX] [pdf]	Konersmann, M., Alebrahim, A., Heisel, M., Goedicke, M. & Kersten, B.	Software Engineering 2012	GI
Abstract: We propose in this paper an iterative method composed of three steps to derive architecture alternatives from quality requirements using a catalogue of patterns and styles. The solution candidates are chosen by answering a set of questions which reflects the requirements. We instantiate then the solution candidates using a UMLbased enhancement of the problem frame approach. To ensure that the instantiated architectures fulfill the quality requirements, we evaluate them in the next step. A desired refinement of the software architectures is then achieved by iterating over the described steps.
BibTeX: @inproceedings{SE2012, year = {2012}, title = {Deriving Quality-based Architecture Alternatives with Patterns}, booktitle = {Software Engineering 2012}, author = {Marco Konersmann and Azadeh Alebrahim and Maritta Heisel and Michael Goedicke and Benjamin Kersten}, publisher = {GI}, pages = {71--82}, url = {www.gi.de} }
2012	Designing Architectures from Problem Descriptions by Interactive Model Transformation [Abstract] [BibTeX] [pdf]	Alebrahim, A., Côté, I., Heisel, M., Choppy, C. & Hatebur, D.	Proceedings 27th Symposium on Applied Computing	ACM
Abstract: We present a structured approach to systematically derive a software architecture from a given problem description based on problem frames and a description of the environment. Our aim is to re-use the elements of the problem descriptions in creating the architecture. The derivation is performed by transforming the problem description into an initial architecture, where each subproblem corresponds to a component. The transformation is supported by model transformation rules, formally specified as operations with pre- and postconditions. This specification serves as a blueprint for a tool supporting the architectural design. We illustrate our method by the example of a patient care system.
BibTeX: @inproceedings{SAC2012, year = {2012}, title = {Designing Architectures from Problem Descriptions by Interactive Model Transformation}, booktitle = {Proceedings 27th Symposium on Applied Computing}, author = {Azadeh Alebrahim and Isabelle C\^{o}t\'{e} and Maritta Heisel and Christine Choppy and Denis Hatebur}, publisher = {ACM}, pages = {1256--1258}, url = {http://dl.acm.org/} }
2012	Enterprise Applications: From Requirements to Design [BibTeX]	Choppy, C., Reggio, G., Hatebur, D. & Heisel, M.	Aligning Enterprise, System, and Software Architectures
BibTeX: @incollection{CRHH2012, year = {2012}, title = {Enterprise Applications: From Requirements to Design}, booktitle = {Aligning Enterprise, System, and Software Architectures}, author = {C. Choppy and G. Reggio and D. Hatebur and M. Heisel}, publisher = {IGI Global}, pages = {96--117} }
2012	Ontology-Based Identification of Research Gaps and Immature Research Areas [BibTeX]	Beckers, K., Eicker, S., Faßbender, S., Heisel, M., Schmidt, H. & Schwittek, W.	Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2012)
BibTeX: @inproceedings{Beckers2012-ares1, year = {2012}, title = {Ontology-Based Identification of Research Gaps and Immature Research Areas}, booktitle = {Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2012)}, author = {Kristian Beckers and Stefan Eicker and Stephan Fa{\ss}bender and Maritta Heisel and Holger Schmidt and Widura Schwittek}, publisher = {Springer}, series = {LNCS 7465}, pages = {93-107} }
2012	Pattern-based Context Establishment for Service-Oriented Architectures [BibTeX]	Beckers, K., Faßbender, S., Heisel, M. & Meis, R.	Software Service and Application Engineering
BibTeX: @inproceedings{sdps2012, year = {2012}, title = {Pattern-based Context Establishment for Service-Oriented Architectures}, booktitle = {Software Service and Application Engineering}, author = {Beckers, Kristian and Fa\ss{}bender, Stephan and Heisel, Maritta and Meis, Rene}, publisher = {Springer}, series = {LNCS 7365}, pages = {81-101} }
2012	Supporting Quality-Driven Design Decisions by Modeling Variability [Abstract] [BibTeX] [pdf]	Alebrahim, A. & Heisel, M.	Proceedings of the International ACM Sigsoft Conference on the Quality of Software Architectures (QoSA)	Springer
Abstract: Design decisions should take quality characteristics into account. To support such decisions, we capture various solution artifacts with different levels of satisfying quality requirements as variabilities in the solution space and provide them with rationales for selecting suitable variants. We present a UML-based approach to modeling variability in the problem and the solution space by adopting the notion of feature modeling. It provides a mapping of requirements variability to design solution variability to be used as a part of a general process for generating design alternatives. Our approach supports the software engineer in the process of decision-making for selecting suitable solution variants, reflecting quality concerns, and reasoning about it.
BibTeX: @inproceedings{qosa2012, year = {2012}, title = {Supporting Quality-Driven Design Decisions by Modeling Variability}, booktitle = {Proceedings of the International ACM Sigsoft Conference on the Quality of Software Architectures ({QoSA})}, author = {Azadeh Alebrahim and Maritta Heisel}, publisher = {Springer}, pages = {43-48}, url = {http://www.springerlink.com/} }
2012	Supporting the Development and Documentation of ISO 27001 Information Security Management Systems through Security Requirements Engineering Approaches [BibTeX]	Beckers, K., Faßbender, S., Heisel, M., Küster, J.-C. & Schmidt, H.	Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS)	Springer
BibTeX: @inproceedings{BeckersFHKS12, year = {2012}, title = {Supporting the Development and Documentation of ISO 27001 Information Security Management Systems through Security Requirements Engineering Approaches}, booktitle = {Proceedings of the International Symposium on Engineering Secure Software and Systems ({ESSoS})}, author = {Kristian Beckers and Stephan Fa{\ss}bender and Maritta Heisel and Jan-Christoph K{\"u}ster and Holger Schmidt}, publisher = {Springer}, series = {LNCS}, pages = {14-21}, url = {http://www.springerlink.com/} }
2012	Using Security Requirements Engineering Approaches to Support ISO 27001 Information Security Management Systems Development and Documentation [BibTeX]	Beckers, K., Heisel, M., Faßbender, S. & Schmidt, H.	Proceedings of the International Conference on Availability, Reliability and Security (ARES)	IEEE Computer Society
BibTeX: @inproceedings{Beckers2012-ares4, year = {2012}, title = {Using Security Requirements Engineering Approaches to Support ISO 27001 Information Security Management Systems Development and Documentation}, booktitle = {Proceedings of the International Conference on Availability, Reliability and Security ({ARES})}, author = {Kristian Beckers and Maritta Heisel and Stephan Fa{\ss}bender and Holger Schmidt}, publisher = {IEEE Computer Society}, pages = {243-248}, url = {http://www.ieee.org/} }
2011	A Method to Derive Software Architectures from Quality Requirements [Abstract] [BibTeX] [pdf]	Alebrahim, A., Hatebur, D. & Heisel, M.	Proceedings of the 18th Asia-Pacific Software Engineering Conference (APSEC)	IEEE Computer Society
Abstract: We present a model- and pattern-based method that allows software engineers to take quality requirements into account right from the beginning of the software development process. The method comprises requirements analysis as well as the derivation of a software architecture from requirements documents, in which quality requirements are reflected explicitly. For requirements analysis, we use an enhancement of the problem frame approach, where software development problems are represented by problem diagrams. The derivation of a software architecture starts from a set of problem diagrams, annotated with functional as well as quality requirements. First, we set up an initial software architecture, taking into account the decomposition of the overall software development problem into subproblems. Then, we incorporate quality requirements into that architecture by using security or performance patterns or mechanisms. The method is toolsupported, which allows developers to check semantic integrity conditions in the different models.
BibTeX: @inproceedings{APSEC2011, year = {2011}, title = {A Method to Derive Software Architectures from Quality Requirements}, booktitle = {Proceedings of the 18th Asia-Pacific Software Engineering Conference ({APSEC})}, author = {Alebrahim, Azadeh and Hatebur, Denis and Heisel, Maritta}, publisher = {IEEE Computer Society}, pages = {322--330}, url = {http://www.ieee.org} }
2011	A UML Profile and Tool Support for Evolutionary Requirements Engineering [Abstract] [BibTeX] [pdf]	Côté, I. & Heisel, M.	Proc. 13th European Conference on Software Maintenance and Reengineering, CSMR 2011
Abstract: Abstract�In this paper, we present a method to perform the first steps of software evolution, namely evolutionary requirements engineering, where new requirements have to be analyzed in the context of a set of already given requirements. The basic idea is to adjust an existing requirements engineering process so that evolution is supported. In the requirements engineering process we consider, the original software development problem is decomposed into a number of subproblems that are analyzed according to the problem frame approach [1]. Evolution is performed by defining rules for each process step and each document that is generated in the respective step to incorporate the new evolution requirements into the existing requirements documents or to create, when necessary, additional documents. We show that the evolution task benefits from the chosen problem decomposition. The described software evolution method is toolsupported. Our tool UML4PF, which is based on the Eclipse Modeling Framework, supports the problem frame approach to software engineering by a specifically defined UML profile. We extend that profile so that it also covers software evolution.
BibTeX: @inproceedings{CSMR2011, year = {2011}, title = {A UML Profile and Tool Support for Evolutionary Requirements Engineering}, booktitle = {Proc. 13th European Conference on Software Maintenance and Reengineering, CSMR 2011}, author = {Isabelle C\^ot\'e and Maritta Heisel}, pages = {161-170} }
2011	Software Engineering for Secure Systems: Academic and Industrial Perspectives [Abstract] [BibTeX]	Schmidt, H., Hatebur, D. & Heisel, M.		IGI Global
Abstract: The authors present a security engineering process based on security problem frames and concretized security problem frames. Both kinds of frames constitute patterns for analyzing security problems and associated solution approaches. They are arranged in a pattern system that makes dependencies between them explicit. The authors describe step-by-step how the pattern system can be used to analyze a given security problem and how solution approaches can be found. Afterwards, the security problems and the solution approaches are formally modeled in detail. The formal models serve to prove that the solution approaches are correct solutions to the security problems. Furthermore, the formal models of the solution approaches constitute a formal specification of the software to be developed. Then, the specification is implemented by generic security components and generic security architectures, which constitute architectural patterns. Finally, the generic security components and the generic security architecture that composes them are refined and the result is a secure software product built from existing and/or tailor-made security components.
BibTeX: @inbook{SHH2011, year = {2011}, title = {Software Engineering for Secure Systems: Academic and Industrial Perspectives}, author = {Schmidt, Holger and Hatebur, Denis and Heisel, Maritta}, publisher = {IGI Global}, pages = {32--74}, url = {http://www.igi-global.com/} }
2011	Systematic Architectural Design based on Problem Patterns [Abstract] [BibTeX]	Choppy, C., Hatebur, D. & Heisel, M.	Relating Software Requirements and Architectures	Springer
Abstract: We present a method to derive systematically software architectures from problem descriptions. The problem descriptions are based on the artifacts that are set up when following Jackson's problem frame approach. They include a context diagram describing the overall problem situation and a set of problem diagrams that describe subproblems of the overall software development problem. The different subproblems should be instances of problem frames, which are patterns for simple software development problems. Starting from these pattern-based problem descriptions, we derive a software architecture in three steps. An initial architecture contains one component for each subproblem. In the second step, we apply different architectural and design patterns and introduce coordinator and facade components. In the final step, the components of the intermediate architecture are re-arranged to form a layered architecture, and interface and driver components are added. All artefacts are expressed as UML diagrams, using specific UML profiles. The method is tool-supported. Our tool supports developers in setting up the diagrams, and it checks different validation conditions concerning the semantic integrity and the coherence of the different diagrams. We illustrate the method by deriving an architecture for an automated teller machine.
BibTeX: @incollection{CHH2011a, year = {2011}, title = {Systematic Architectural Design based on Problem Patterns}, booktitle = {Relating Software Requirements and Architectures}, author = {C. Choppy and D. Hatebur and M. Heisel}, publisher = {Springer}, note = {To appear}, url = {http://www.springerlink.com/} }
2011	Towards Systematic Integration of Performance and Security Requirements into Software Architecture [Abstract] [BibTeX] [pdf]	Alebrahim, A., Hatebur, D. & Heisel, M.	Software Architecture	Springer Berlin Heidelberg
Abstract: We present a model- and pattern-based method that allows software engineers to take quality requirements into account right from the beginning of the software development process. The method comprises requirements analysis as well as the derivation of a software architecture from requirements documents. In that architecture, quality requirements are reflected explicitly. For requirements analysis, we use an enhancement of the problem frame approach [14], where software development problems are represented by problem diagrams. In our enhanced version of the problem frame approach, we use UML notation, and we have added the possibility to complement functional requirements with quality requirements, such as security or performance requirements. The derivation of a software architecture starts from a set of problem diagrams, annotated with functional as well as quality requirements. First, we set up an initial software architecture, taking into account the decomposition of the overall software development problem into subproblems. Next, we incorporate quality requirements into that architecture by using security or performance patterns or mechanisms. To obtain the final architecture, (functional) design patterns are applied. The method is tool-supported, which allows developers to check semantic integrity conditions in the different models.
BibTeX: @proceedings{qosa2011, year = {2011}, title = {Towards Systematic Integration of Performance and Security Requirements into Software Architecture}, booktitle = {Software Architecture}, author = {Alebrahim, Azadeh and Hatebur, Denis and Heisel, Maritta}, publisher = {Springer Berlin Heidelberg}, url = {http://dx.doi.org/10.1007/978-3-642-23798-0_2}, doi = {10.1007/978-3-642-23798-0_2} }
2011	Towards Systematic Integration of Quality Requirements into Software Architecture [Abstract] [BibTeX] [pdf]	Alebrahim, A., Hatebur, D. & Heisel, M.	Proceedings of the 5th European Conference on Software Architecture (ECSA 2011)	Springer Verlag
Abstract: We present a model- and pattern-based approach that allows software engineers to take quality requirements into account right from the beginning of the software development process. The approach comprises requirements analysis as well as the software architecture design, in which quality requirements are refl ected explicitly.
BibTeX: @inproceedings{AHH2011, year = {2011}, title = {Towards Systematic Integration of Quality Requirements into Software Architecture}, booktitle = {Proceedings of the 5th European Conference on Software Architecture (ECSA 2011)}, author = {Azadeh Alebrahim and Denis Hatebur and Maritta Heisel}, publisher = {Springer Verlag}, series = {LNCS 6903}, pages = {17--25}, url = {http://www.springerlink.com/} }
2010	A UML Profile for Requirements Analysis of Dependable Software [Abstract] [BibTeX] [pdf]	Hatebur, D. & Heisel, M.	Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)	Springer
Abstract: At Safecomp 2009, we presented a foundation for requirements analysis of dependable software. We defined a set of patterns for expressing and analyzing dependability requirements, such as confidentiality, integrity, availability, and reliability. The patterns take into account random faults as well as certain attacks and therefore support a combined safety and security engineering. In this paper, we demonstrate how the application of our patterns can be tool supported. We present a UML profile allowing us to express the different dependability requirements using UML diagrams. Integrity conditions are expressed using OCL. We provide tool support based on the Eclipse development environment, extended with an EMF-based UML tool, e.g., Papyrus UML. We illustrate how to use the profile to model dependability requirements of a cooperative adaptive cruise control system.
BibTeX: @inproceedings{Safecomp10, year = {2010}, title = {A {UML} Profile for Requirements Analysis of Dependable Software}, booktitle = {Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)}, author = {Hatebur, Denis and Heisel, Maritta}, publisher = {Springer}, series = {LNCS 6351}, pages = {317-331}, url = {http://www.springerlink.com/} }
2010	A Comparison of Security Requirements Engineering Methods [Abstract] [BibTeX]	Fabian, B., Gürses, S., Heisel, M., Santen, T. & Schmidt, H.	Requirements Engineering -- Special Issue on Security Requirements Engineering
Abstract: This paper presents a conceptual framework for security engineering, with a strong focus on security requirements elicitation and analysis. This conceptual framework establishes a clear-cut vocabulary and makes explicit the interrelations between the different concepts and notions used in security engineering. Further, we apply our conceptual framework to compare and evaluate current security requirements engineering approaches, such as the Common Criteria, Secure Tropos, SREP, MSRA, as well as methods based on UML and problem frames. We review these methods and assess them according to different criteria, such as the general approach and scope of the method, its validation, and quality assurance capabilities. Finally, we discuss how these methods are related to the conceptual framework and to one another.
BibTeX: @article{FGH+2010, year = {2010}, title = {A Comparison of Security Requirements Engineering Methods}, author = {Fabian, Benjamin and G{\"u}rses, Seda and Heisel, Maritta and Santen, Thomas and Schmidt, Holger}, journal = {Requirements Engineering -- Special Issue on Security Requirements Engineering}, volume = {15}, number = {1}, pages = {7--40} }
2010	Automated Checking of Integrity Constraints for a Model- and Pattern-Based Requirements Engineering Method (Technical Report) [Abstract] [BibTeX] [pdf]	Côté, I., Hatebur, D. & Heisel, M.
Abstract: We present a new UML profile serving to support a pattern- and model-based requirements engineering method based on Jackson�s problem frames. The UML profile allows us to express the different models being defined during requirements analysis using UML diagrams. In order to automatically perform semantic validations associated with the method, we provide integrity conditions, expressed as OCL constraints. These constraints concern single models as well as the coherence of different models. To provide tool support for the requirements engineering method, we have developed a tool called UML4PF. It is based on the Eclipse development environment, extended by an EMF-based UML tool, in our case, Papyrus. To demonstrate the applicability of our approach, we use the case study of a vacation rentals reservation system.
BibTeX: @misc{Autocheck2010, year = {2010}, title = {Automated Checking of Integrity Constraints for a Model- and Pattern-Based Requirements Engineering Method (Technical Report)}, author = {C{\^{o}}t{\'{e}}, Isabelle and Hatebur, Denis and Heisel, Maritta} }
2010	Making Pattern- and Model-Based Software Development More Rigorous [Abstract] [BibTeX] [pdf]	Hatebur, D. & Heisel, M.	Proceedings of 12th International Conference on Formal Engineering Methods, ICFEM 2010, Shanghai, China	Springer
Abstract: Pattern-based and model-based software development approaches have a high potential to improve the quality of software. Patterns allow engineers to re-use established and proven development knowledge. Developing software by constructing a sequence of models provides engineers with various possibilities for validation, because the different development models are not independent of each other and hence can be checked for coherence. We present a UML profile equipped with numerous OCL constraints that supports a pattern- and model-based software development process. The basis of the UML profile is a representation of problem frames, which are patterns supporting requirements analysis. OCL constraints provide a formal underpinning of the development process and allow one to perform semantic checks every time a new model is set up. Our approach is supported by a tool, called UML4PF. The tool is based on the Eclipse development environment, extended by an EMF-based UML tool, in our case, Papyrus. In this paper, we specifically focus on ensuring that problem frames are instantiated correctly. We illustrate our approach by the case study of an automatic teller machine.
BibTeX: @inproceedings{ICFEM10, year = {2010}, title = {Making Pattern- and Model-Based Software Development More Rigorous}, booktitle = {Proceedings of 12th International Conference on Formal Engineering Methods, ICFEM 2010, Shanghai, China}, author = {Denis Hatebur and Maritta Heisel}, publisher = {Springer}, series = {LNCS 6447}, pages = {253-269}, url = {http://www.springerlink.com/} }
2009	A Foundation for Requirements Analysis of Dependable Software [Abstract] [BibTeX] [pdf]	Hatebur, D. & Heisel, M.	Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)	Springer
Abstract: We present patterns for expressing dependability requirements, such as confidentiality, integrity, availability, and reliability. The paper considers random faults as well as certain attacks and therefore supports a combined safety and security engineering. The patterns - attached to functional requirements - are part of a pattern system that can be used to identify missing requirements. The approach is illustrated on a cooperative adaptive cruise control system.
BibTeX: @inproceedings{HateburHeisel2009, year = {2009}, title = {A Foundation for Requirements Analysis of Dependable Software}, booktitle = {Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)}, author = {Hatebur, Denis and Heisel, Maritta}, publisher = {Springer}, series = {LNCS 5775}, pages = {311--325}, url = {http://www.springerlink.com/} }
2009	Deriving Software Architectures from Problem Descriptions [Abstract] [BibTeX] [pdf]	Hatebur, D. & Heisel, M.	Software Engineering 2009 - Workshopband	GI
Abstract: We show how software architectures (including interface descriptions) can be derived from artifacts set up in the analysis phase of the software lifecycle. The analysis phase consists of six steps, where various models are constructed. Especially, the software development problem is decomposed into simple subproblems. The models set up in the analysis phase form the basis for (i) defining software architectures related to single subproblems, (ii) merging the subproblem architectures to obtain the overall software architecture, and (iii) to define the interfaces between the components of the overall architecture. The approach is based on problem patterns (problem frames) and the architectural style of layered software architectures.
BibTeX: @inproceedings{HH09a, year = {2009}, title = {Deriving Software Architectures from Problem Descriptions}, booktitle = {Software Engineering 2009 - Workshopband}, author = {Denis Hatebur and Maritta Heisel}, publisher = {GI}, pages = {383--302}, url = {http://www.gi.com/} }
2009	Problem-Oriented Documentation of Design Patterns [Abstract] [BibTeX] [pdf]	Fülleborn, A., Meffert, K. & Heisel, M.	Proceedings 12thInternational Conference on Fundamental Approaches to Software Engineering (FASE)	Springer
Abstract: In order to retrieve, select and apply design patterns in a tool-supported way, we suggest to construct and document a problem context pattern that reflects the essence of the problems that the design pattern is meant to solve. In our approach, software engineers can choose examples of source code or UML models from the special domains that they are experts in. We present a method that enables software engineers to describe the transformation from a problem-bearing source model to an appropriate solution model. Afterwards, the inverse of that transformation is applied to the UML solution model of the existing design pattern, resulting in an abstract problem-context pattern. This pattern can then be stored together with the solution pattern in a pattern library. The method is illustrated by deriving a problem-context pattern for the Observer design pattern.
BibTeX: @inproceedings{FASE09, year = {2009}, title = {Problem-Oriented Documentation of Design Patterns}, booktitle = {Proceedings 12thInternational Conference on Fundamental Approaches to Software Engineering (FASE)}, author = {Alexander F\"ulleborn and Klaus Meffert and Maritta Heisel}, publisher = {Springer}, series = {LNCS 5503}, pages = {294--308}, url = {http://www.springerlink.com/} }
2008	Using UML Environment Models for Test Case Generation [Abstract] [BibTeX] [pdf]	Heisel, M., Hatebur, D., Santen, T. & Seifert, D.	Software Engineering 2008 - Workshopband
Abstract: We propose a new method for system validation by means of testing, which is based on environment models expressed as UML state machines. A sun blind control case study serves to illustrate the method.
BibTeX: @inproceedings{HHSS08a, year = {2008}, title = {{U}sing {UML} {E}nvironment {M}odels for {T}est {C}ase {G}eneration}, booktitle = {Software Engineering 2008 - Workshopband}, author = {Maritta Heisel and Denis Hatebur and Thomas Santen and Dirk Seifert}, publisher = {GI}, series = {Lecture Notes in Informatics P-122}, pages = {399--406} }
2008	A Formal Metamodel for Problem Frames [Abstract] [BibTeX] [pdf]	Hatebur, D., Heisel, M. & Schmidt, H.	Proceedings of the International Conference on Model Driven Engineering Languages and Systems (MODELS)	Springer
Abstract: Problem frames are patterns for analyzing, structuring, and characterizing software development problems. This paper presents a formal metamodel for problem frames expressed in UML class diagrams and the formal specification notation OCL. That metamodel clarifies the nature of the different syntactical elements of problem frames, as well as the relations between them. It provides a framework for syntactical analysis and semantic validation of newly defined problem frames, and it prepares the ground for tool support for the problem frame approach.
BibTeX: @inproceedings{models08, year = {2008}, title = {A Formal Metamodel for Problem Frames}, booktitle = {Proceedings of the International Conference on Model Driven Engineering Languages and Systems (MODELS)}, author = {Hatebur, Denis and Heisel, Maritta and Schmidt, Holger}, publisher = {Springer}, series = {LNCS 5301}, pages = {68-82}, url = {http://www.springerlink.com/} }
2008	A Systematic Account of Problem Frames [Abstract] [BibTeX] [pdf]	Côté, I., Hatebur, D., Heisel, M., Schmidt, H. & Wentzlaff, I.	Proceedings of the European Conference on Pattern Languages of Programs (EuroPLoP)	Universitätsverlag Konstanz
Abstract: We give an enumeration of possible problem frames, based on domain characteristics, and comment on the usefulness of the obtained frames. In particular, we investigate problem domains and their characteristics in detail. This leads to finegrained criteria for describing problem domains. As a result, we identify a new type of problem domain and come up with integrity conditions for problem frames. Taking a complete enumeration of possible problem frames (with at most three problem domains) as a basis, we find 8 new problem frames, 7 of which we consider as useful in practical software development.
BibTeX: @inproceedings{europlop07, year = {2008}, title = {A Systematic Account of Problem Frames}, booktitle = {Proceedings of the European Conference on Pattern Languages of Programs (EuroPLoP)}, author = {C\^ot\'e, Isabelle and Hatebur, Denis and Heisel, Maritta and Schmidt, Holger and Wentzlaff, Ina}, publisher = {Universit{\"a}tsverlag Konstanz}, pages = {749-767}, url = {http://www.uvk.de/}, doi = {http://www.uvk.de/} }
2008	Analysis and Component-based Realization of Security Requirements [Abstract] [BibTeX] [pdf]	Hatebur, D., Heisel, M. & Schmidt, H.	Proceedings of the International Conference on Availability, Reliability and Security (AReS)	IEEE Computer Society
Abstract: We present a process to develop secure software with an extensive pattern-based security requirements engineering phase. It supports identifying and analyzing conflicts between different security requirements. In the design phase, we proceed by selecting security software components that achieve security requirements. The process enables software developers to systematically identify, analyze, and finally realize security requirements using security software components. We illustrate our approach by a lawyer agency software example.
BibTeX: @inproceedings{ares08, year = {2008}, title = {Analysis and Component-based Realization of Security Requirements}, booktitle = {Proceedings of the International Conference on Availability, Reliability and Security (AReS)}, author = {Hatebur, Denis and Heisel, Maritta and Schmidt, Holger}, publisher = {IEEE Computer Society}, pages = {195-203}, url = {http://www.ieee.org/} }
2008	Testing Against Requirements using UML Environment Models [Abstract] [BibTeX] [pdf]	Heisel, M., Hatebur, D., Santen, T. & Seifert, D.	Proc. Fachgruppentreffen Requirements Engineering und Test, Analyse & Verifikation
Abstract: We propose a new method for system validation by means of testing, which is based on environment models expressed as UML state machines. A sun blind control case study serves to illustrate the method.
BibTeX: @inproceedings{HHSS08b, year = {2008}, title = {Testing Against Requirements using {UML} Environment Models}, booktitle = {Proc. {Fachgruppentreffen} {Requirements} {Engineering} und {Test}, {Analyse} \& {Verifikation}}, author = {Maritta Heisel and Denis Hatebur and Thomas Santen and Dirk Seifert}, publisher = {GI}, series = {Softwaretechnik-Trends, Band 28, Heft 3}, pages = {28--31} }
2007	A Pattern System for Security Requirements Engineering [Abstract] [BibTeX] [pdf]	Hatebur, D., Heisel, M. & Schmidt, H.	Proceedings of the International Conference on Availability, Reliability and Security (AReS)	IEEE
Abstract: We present a pattern system for security requirements engineering, consisting of security problem frames and concretized security problem frames. These are special kinds of problem frames that serve to structure, characterize, analyze, and finally solve software development problems in the area of software and system security. We equip each frame with formal preconditions and postconditions. The analysis of these conditions results in a pattern system that explicitly shows the dependencies between the different frames. Moreover, we indicate related frames, which are commonly used together with the considered frame. Hence, our approach helps security engineers to avoid omissions and to cover all security requirements that are relevant for a given problem.
BibTeX: @inproceedings{ares07, year = {2007}, title = {A Pattern System for Security Requirements Engineering}, booktitle = {Proceedings of the International Conference on Availability, Reliability and Security (AReS)}, author = {Hatebur, Denis and Heisel, Maritta and Schmidt, Holger}, publisher = {IEEE}, series = {IEEE Transactions}, pages = {356-365}, url = {http://www.ieee.org/} }
2007	A Security Engineering Process based on Patterns [Abstract] [BibTeX] [pdf]	Hatebur, D., Heisel, M. & Schmidt, H.	Proceedings of the International Workshop on Secure Systems Methodologies using Patterns (SPatterns), DEXA 2007	IEEE Computer Society
Abstract: In this paper, we present a security engineering process based on security problem frames and concretized security problem frames. Both kinds of frames constitute patterns for analyzing security problems and associated solution approaches. They are arranged in a pattern system that makes dependencies between them explicit. We describe step-by-step how the pattern system can be used to analyze a given security problem and how solution approaches can be found. The process yields a consolidated set of security requirements and it prepares the ground for solving the initially given security problem. Further, we introduce new frames that focus on the privacy requirements anonymity and pseudonymity.
BibTeX: @inproceedings{spatterns07, year = {2007}, title = {A Security Engineering Process based on Patterns}, booktitle = {Proceedings of the International Workshop on Secure Systems Methodologies using Patterns (SPatterns), DEXA 2007}, author = {Hatebur, D. and Heisel, M. and Schmidt, H.}, publisher = {IEEE Computer Society}, pages = {734--738}, url = {http://www.ieee.org/} }
2007	Enhancing Dependability of Component-Based Systems [Abstract] [BibTeX] [pdf]	Lanoix, A., Hatebur, D., Heisel, M. & Souquières, J.	Reliable Software Technologies -- Ada Europe 2007	Springer
Abstract: We present an approach for enhancing dependability of component- based software. Functionality related to security, safety and reliability is encapsulated in specific components, allowing the method to be applied to off-the-shelf components. Any set of components can be extended with dependability features by wrapping them with special components, which monitor and filter input and outputs. This approach is supported by a rigorous development methodology based on UML and the B method and is introduced on the level of software architecture.
BibTeX: @inproceedings{RST07, year = {2007}, title = {Enhancing Dependability of Component-Based Systems}, booktitle = {Reliable Software Technologies -- Ada Europe 2007}, author = {Arnaud Lanoix and Denis Hatebur and Maritta Heisel and Jeanine Souqui{\`e}res}, publisher = {Springer}, series = {LNCS 4498}, pages = {41--54}, url = {http://www.springerlink.com/} }
2007	Methods to Create and Use Cross-Domain Analysis Patterns [Abstract] [BibTeX] [pdf]	Fülleborn, A. & Heisel, M.	EuroPLoP '06, Proceedings of the 11th European Conference on Pattern Languages of Programs	Universitätsverlag Konstanz
Abstract: We present a set of methods to enable a cross-domain reuse of problem solutions via analysis patterns. First, problem-context descriptions and problemcontext models as well as solution models are used to express the domainspecific problems and their assigned solutions. After that, the two-step abstraction method is used to create cross-domain analysis patterns for the problemcontext models as well as for the solution models. The problem-context patterns are used to search across domains for a solution pattern. If a solution pattern is available, it can be instantiated in the solution-seeking domain.
BibTeX: @inproceedings{Europlop06, year = {2007}, title = {Methods to Create and Use Cross-Domain Analysis Patterns}, booktitle = {EuroPLoP '06, Proceedings of the 11th European Conference on Pattern Languages of Programs}, author = {Alexander F\"ulleborn and Maritta Heisel}, publisher = {Universit\"atsverlag Konstanz}, pages = {427--442}, url = {http://www.uvk.de/} }
2007	Pattern-based Evolution of Software Architectures [Abstract] [BibTeX] [pdf]	Côté, I., Heisel, M. & Wentzlaff, I.	First European Conference on Software Architecture	Springer
Abstract: We propose a pattern-based software development method comprising analysis (using problem frames) and design (using architectural and design patterns), of which especially evolving systems benefit. Evolution operators guide a pattern-based transformation procedure, including re-engineering tasks for adjusting a given software architecture to meet new system demands. Through application of these operators, relations between analysis and design documents are explored systematically for accomplishing desired software modifications. This allows for reusing development documents to a large extent, even when the application environment and the requirements change.
BibTeX: @inproceedings{ECSA07, year = {2007}, title = {Pattern-based Evolution of Software Architectures}, booktitle = {First European Conference on Software Architecture}, author = {Isabelle C\^{o}t\'{e} and Maritta Heisel and Ina Wentzlaff}, publisher = {Springer}, series = {LNCS}, note = {to appear}, url = {http://www.springerlink.com/} }
2007	Pattern-based Exploration of Design Alternatives for the Evolution of Software Architectures [Abstract] [BibTeX] [pdf]	Côté, I., Heisel, M. & Wentzlaff, I.	International Journal of Cooperative Information Systems (IJCIS)	World Scientific
Abstract: We propose a pattern-based software development method comprising analysis (using problem frames) and design (using architectural and design patterns), from which especially evolving systems benefit. Evolution operators guide a pattern-based transformation procedure, including re-engineering tasks for adjusting a given software architecture to meet new system demands. Through application of these operators, relations between analysis and design documents are explored systematically for accomplishing desired software modifications. This allows for reusing development documents to a large extent, even when the application environment and the requirements change.
BibTeX: @article{IJCIS07, year = {2007}, title = {Pattern-based Exploration of Design Alternatives for the Evolution of Software Architectures}, author = {Isabelle C\^{o}t\'{e} and Maritta Heisel and Ina Wentzlaff}, journal = {International Journal of Cooperative Information Systems (IJCIS)}, publisher = {World Scientific}, volume = {Volume: 16}, number = {Issue: 3/4}, pages = {341-365}, url = {http://www.worldscinet.com/ijcis/ijcis.shtml} }
2006	A Method for Component-Based Software and System Development [Abstract] [BibTeX] [pdf]	Hatebur, D., Heisel, M. & Souquières, J.	Proc. 32nd Euromicro Conference on Software Engineering and Advanced Applications (SEAA)	IEEE Computer Society
Abstract: We propose a method for component-based software and system development, where the interoperability between the different components is given special consideration. The method uses existing notations and languages with their associated tools: context diagrams for analyzing and structuring the problem, composite structure diagrams for describing the overall system in terms of components and interfaces, sequence diagrams to describe the behavior of each component, and the formal method B for specifying the interfaces of the different components and for proving their interoperability. The method proposes to integrate these different notations; at the end of the process, the interoperability is guaranted by the use of the B method with its underlying concept of refinement, and its powerful tool support, the B prover.
BibTeX: @inproceedings{HateburHeiselSouquieres06, year = {2006}, title = {A Method for Component-Based Software and System Development}, booktitle = {Proc. 32nd Euromicro Conference on Software Engineering and Advanced Applications (SEAA)}, author = {Denis Hatebur and Maritta Heisel and Jeanine Souqui{\`e}res}, publisher = {IEEE Computer Society}, pages = {72--80}, url = {http://www.ieee.org/} }
2006	Component composition through architectural patterns for problem frames [Abstract] [BibTeX] [pdf]	Choppy, C., Hatebur, D. & Heisel, M.	Proc. XIII Asia Pacific Software Engineering Conference (APSEC)	IEEE
Abstract: In this paper, we present a pattern-based software development process using problem frames and corresponding architectural patterns. In decomposing a complex problem into simple subproblems, the relationships between the subproblems are recorded explicitly. Based on this information, we give guidelines on how to derive the software architecture for the overall problem from the software architectures of the simple subproblems.
BibTeX: @inproceedings{apsec06, year = {2006}, title = {Component composition through architectural patterns for problem frames}, booktitle = {Proc. XIII Asia Pacific Software Engineering Conference (APSEC)}, author = {Christine Choppy and Denis Hatebur and Maritta Heisel}, publisher = {IEEE}, pages = {27--34}, url = {http://www.ieee.org/} }
2006	Entwicklung aus dem Baukasten. Modellierung und Verifikation technischer Systeme [Abstract] [BibTeX] [pdf]	Heisel, M., König, B., Kochs, H.-D. & Petersen, Jö.	Forum Forschung
Abstract: Technische Systeme sind heute allgegenw�rtig: Ob im Haushalt, im Auto oder im Flugzeug. Systemtechnik dominiert auch Heizungs- und Solartechnikanlagen, ganze Kraftwerke, Raffinerien oder Stahlwerke. Vernetzte und verteilte Systeme wie Mobilkommunikationssysteme, das Internet oder satellitengest�tzte Positions- und Mautsysteme umspannen die ganze Welt. Informatische Techniken sind dabei oft nicht nur Bestandteil dieser Systeme, sondern werden auch bei deren Konzeption, Produktion und Qualit�ts�berwachung eingesetzt. Das Informatikjahr soll das Bewusstsein sch�rfen, dass unsere Gesellschaft ohne Technik und diese wiederum ohne Informatik �berhaupt nicht mehr funktionieren w�rden.
BibTeX: @article{HKKP06, year = {2006}, title = {Entwicklung aus dem Baukasten. Modellierung und Verifikation technischer Systeme}, author = {Maritta Heisel and Barbara K{\"o}nig and Hans-Dieter Kochs and J{\"o}rg Petersen}, journal = {Forum Forschung}, pages = {32--41}, note = {{Universit{\"a}t Duisburg-Essen}} }
2006	Proving Component Interoperability with B Refinement [Abstract] [BibTeX]	Chouali, S., Heisel, M. & Souquières, J.	Electronic Notes in Theoretical Computer Science
Abstract: We use the formal method B for specifying interfaces of software components. Each component interface is equipped with a suitable data model dening all types occurring in the signature of interface operations. Moreover, pre- and postconditions have to be given for all interface operations. The interoperability between two components is proved by using a renement relation between an adaptation of the interface specifcations
BibTeX: @article{ChoualiHeiselSouquieres06, year = {2006}, title = {Proving Component Interoperability with {B} Refinement}, author = {Samir Chouali and Maritta Heisel and Jeanine Souqui{\`e}res}, journal = {Electronic Notes in Theoretical Computer Science}, volume = {160}, pages = {157--172} }
2006	Security Engineering using Problem Frames [Abstract] [BibTeX] [pdf]	Hatebur, D., Heisel, M. & Schmidt, H.	Proceedings of the International Conference on Emerging Trends in Information and Communication Security (ETRICS)	Springer
Abstract: We present a method for security engineering, which is based on two special kinds of problem frames that serve to structure, characterize, analyze, and finally solve software development problems in the area of software and system security. Both kinds of problem frames constitute patterns for representing security problems, variants of which occur frequently in practice. We present security problem frames, which are instantiated in the initial step of our method. They explicitly distinguish security problems from their solutions. To prepare the solution of the security problems in the next step, we employ concretized security problem frames capturing known approaches to achieve security. Finally, the last step of our method results in a specification of the system to be implemented given by concrete security mechanisms and instantiated generic sequence diagrams. We illustrate our approach by the example of a secure remote display system.
BibTeX: @inproceedings{etrics06, year = {2006}, title = {Security Engineering using Problem Frames}, booktitle = {Proceedings of the International Conference on Emerging Trends in Information and Communication Security (ETRICS)}, author = {Hatebur, Denis and Heisel, Maritta and Schmidt, Holger}, publisher = {Springer}, volume = {3995/2006}, pages = {238-253}, url = {http://www.springerlink.com/} }
2005	A Model-Based Development Process for Embedded Systems [Abstract] [BibTeX] [pdf]	Heisel, M. & Hatebur, D.	Proc. Workshop on Model-Based Development of Embedded Systems
Abstract: to be inserted
BibTeX: @inproceedings{mbees05, year = {2005}, title = {A Model-Based Development Process for Embedded Systems}, booktitle = {Proc. Workshop on Model-Based Development of Embedded Systems}, author = {Maritta Heisel and Denis Hatebur}, publisher = {Technical University of Braunschweig}, number = {TUBS-SSE-2005-01}, note = {Available at http://www.sse.cs.tu-bs.de/publications/MBEES-Tagungsband.pdf} }
2005	Architectural Patterns for Problem Frames [Abstract] [BibTeX] [pdf]	Choppy, C., Hatebur, D. & Heisel, M.	IEE Proceedings -- Software, Special issue on Relating Software Requirements and Architecture
Abstract: Problem frames provide a characterisation and classification of software development problems. Fitting a problem into an appropriate problem frame should not only help to understand it, but also to solve the problem (the idea being that, once the adequate problem frame is identified, then the associated development method should be available). We propose software architectural patterns corresponding to the different problem frames that may serve as a starting point for the construction of the software solving the given problem. These architectural patterns exactly reflect the properties of the problems fitting into a given frame, and they can be combined in a modular way to solve multi-frame problems.
BibTeX: @article{Choppy2005, year = {2005}, title = {Architectural Patterns for Problem Frames}, author = {Christine Choppy and Denis Hatebur and Maritta Heisel}, journal = {IEE Proceedings -- Software, Special issue on Relating Software Requirements and Architecture}, note = {To appear} }
2005	Problem Frames and Architectures for Security Problems [Abstract] [BibTeX] [pdf]	Hatebur, D. & Heisel, M.	Proceedings of the 24th International Conference on Computer Safety, Reliability and Security (SAFECOMP)	Springer
Abstract: to be inserted
BibTeX: @inproceedings{safecomp05, year = {2005}, title = {Problem Frames and Architectures for Security Problems}, booktitle = {Proceedings of the 24th International Conference on Computer Safety, Reliability and Security (SAFECOMP)}, author = {Denis Hatebur and Maritta Heisel}, publisher = {Springer}, series = {LNCS 3688}, pages = {390--404}, url = {http://www.springerlink.com/} }
2005	Proving Component Interoperability with B Refinement [Abstract] [BibTeX] [pdf]	Chouali, S., Heisel, M. & Souquières, J.
Abstract: to be inserted
BibTeX: @techreport{Chouali2005, year = {2005}, title = {Proving Component Interoperability with B Refinement}, author = {Samir Chouali and Maritta Heisel and Jeanine Souqui\`eres} }
2004	A Description Structure for Simulation Model Components [Abstract] [BibTeX] [pdf]	Heisel, M., Lüthi, J., Uhrmacher, A. & Valentin, E.	Proceedings Summer Computer Simulation Conference 04
Abstract: to be inserted
BibTeX: @inproceedings{Heisel2004, year = {2004}, title = {A Description Structure for Simulation Model Components}, booktitle = {Proceedings Summer Computer Simulation Conference 04}, author = {Maritta Heisel and Johannes L{\"u}thi and Adelinde Uhrmacher and Edwin Valentin} }
2004	A Systematic Approach for Guiding Software Evolution [Abstract] [BibTeX] [pdf]	Heisel, M. & von Schwichow, C.	Proceedings of the IASTED Conference on Software Engineering (SE 2004)
Abstract: to be inserted
BibTeX: @inproceedings{Heisel2004a, year = {2004}, title = {A Systematic Approach for Guiding Software Evolution}, booktitle = {Proceedings of the IASTED Conference on Software Engineering (SE 2004)}, author = {Maritta Heisel and Carsten von Schwichow}, publisher = {ACTA Press}, pages = {462--468} }
2004	Adding Features to Component-Based Systems [Abstract] [BibTeX] [pdf]	Heisel, M. & Souquières, J.	Objects, Agents and Features	Springer
Abstract: to be inserted
BibTeX: @incollection{Heisel2004b, year = {2004}, title = {Adding Features to Component-Based Systems}, booktitle = {Objects, Agents and Features}, author = {Maritta Heisel and Jeanine Souqui{\`e}res}, publisher = {Springer}, series = {LNCS 2975}, pages = {137--153}, url = {http://www.springerlink.com/} }
2004	Une approache à base de ``patrons'' pour la spécification et le développement de systèmes d'information [Abstract] [BibTeX] [pdf]	Choppy, C. & Heisel, M.	Proceedings Approches Formelles dans l'Assistance au Développement de Logiciels - AFADL'2004
Abstract: Cet article pr�sente une approche pour la sp�cication de composants logiciels en vue d'assurer leur interop�rabilit�. Notre contribution concerne les trois points suivants. Elle propose une mani�re de sp�cier les composants ind�pendamment d'un langage d'expression. Elle met en avant l'importance des donn�es dans la d�nition de composants en rajoutant aux contrats d'utilisation entre composants un mod�le de donn�es. Elle introduit une notion de compatibilit� entre interfaces pour d�cider de l'interop�rabilit� entre composants.
BibTeX: @inproceedings{Choppy2004, year = {2004}, title = {Une approache {\`a} base de ``patrons'' pour la sp{\'e}cification et le d{\'e}veloppement de syst{\`e}mes d'information}, booktitle = {Proceedings Approches Formelles dans l'Assistance au D{\'e}veloppement de Logiciels - AFADL'2004}, author = {Christine Choppy and Maritta Heisel}, pages = {61--76} }
2003	Formalisation des besoins à l`aide de schémas LSCs [Abstract] [BibTeX] [pdf]	Souquières, J. & Heisel, M.	Proceedings Approches Formelles dans l'Assistance au Développement de Logiciels - AFADL'2003
Abstract: Dans notre approche pour l�expression des besoins, nous proposons d�int�grer une �tape de formalisation tr�s t�t dans le d�veloppement afin d�analyser de mani�re d�taill�e les besoins des utilisateurs et de d�couvrir les inconsistances et les probl�mes � partir des difficult�s rencontr�es lors de la formalisation. Afin d�am�liorer la lisibilit� et l��criture des besoins formalis�s, nous proposons d�utiliser les LSCs, Life Sequence Charts, au lieu des formules pour la formalisation des besoins d�compos�s sous forme de fragments. Nous proposons, en particulier, des sch�mas graphiques pour exprimer diff�rents types de besoins. Ces sch�mas constituent un guide � la formalisation.
BibTeX: @inproceedings{Souqui`eres2003, year = {2003}, title = {Formalisation des besoins {\`a} l`aide de sch{\'e}mas {LSCs}}, booktitle = {Proceedings Approches Formelles dans l'Assistance au D{\'e}veloppement de Logiciels - AFADL'2003}, author = {Jeanine Souqui{\`e}res and Maritta Heisel}, pages = {53--63}, note = {ISBN 2-7261-1236-6} }
2003	Use of Patterns in Formal Development: Systematic Transition From Problems to Architectural Designs [Abstract] [BibTeX] [pdf]	Choppy, C. & Heisel, M.	Recent Trends in Algebraic Development Techniques, 16th WADT, Selected Papers	Springer
Abstract: We discuss how to nd a suitable problem frame for some software development problem. Furthermore, we give heuristics for how to proceed from an instantiated problem frame to an architectural design.
BibTeX: @inproceedings{Choppy2003, year = {2003}, title = {Use of Patterns in Formal Development: Systematic Transition From Problems to Architectural Designs}, booktitle = {Recent Trends in Algebraic Development Techniques, 16th WADT, Selected Papers}, author = {Christine Choppy and Maritta Heisel}, publisher = {Springer}, series = {LNCS 2755}, pages = {205--220}, url = {http://www.springerlink.com/} }
2002	A Problem-Oriented Approach to Common Criteria Certification [Abstract] [BibTeX] [pdf]	Rottke, T., Hatebur, D., Heisel, M. & Heiner, M.	Proceedings of the 21st International Conference on Computer Safety, Reliability and Security (SAFECOMP)	Springer
Abstract: to be inserted
BibTeX: @inproceedings{Rottke2002, year = {2002}, title = {A Problem-Oriented Approach to Common Criteria Certification}, booktitle = {Proceedings of the 21st International Conference on Computer Safety, Reliability and Security (SAFECOMP)}, author = {Thomas Rottke and Denis Hatebur and Maritta Heisel and Monika Heiner}, publisher = {Springer}, series = {LNCS 2434}, pages = {334--346}, url = {http://www.springerlink.com/} }
2002	Confidentiality-Preserving Refinement is Compositional -- Sometimes [Abstract] [BibTeX] [pdf]	Santen, T., Heisel, M. & Pfitzmann, A.	Proc. Computer Security -- ESORICS 2002	Springer
Abstract: Confidentiality-preserving refinement describes a relation between a specification and an implementation that ensures that all confidentiality properties required in the specification are preserved by the implementation. Stating positively what an observer may learn about the executing system, the specification implicitly requires that all other information about the system be kept confidential. Confidentiality-preserving refinement preserves that property even in a probabilistic setting. The present paper investigates the condition under which that notion of refinement is compositional, i.e. the condition under which refining a sub-system of a larger system yields a confidentiality-preserving refinement. It turns out that the refinement relation is not composition in general, but the condition for compositionality can be stated in a way that builds on the analysis of sub-systems and aids systems designers in analyzing a composition. Keywords: Probabilistic models of security, secure refinement, CSP, process calculi, formal techniques, security aware software engineering.
BibTeX: @inproceedings{Santen2002, year = {2002}, title = {Confidentiality-Preserving Refinement is Compositional -- Sometimes}, booktitle = {Proc.\ Computer Security -- ESORICS 2002}, author = {Thomas Santen and Maritta Heisel and Andreas Pfitzmann}, publisher = {Springer}, pages = {194--211}, note = {LNCS 2502}, url = {http://www.springerlink.com/} }
2002	Logische Modellierung von Anwendungswelten aus Benutzersicht [Abstract] [BibTeX] [pdf]	Heisel, M. & Krömker, H.	Workshop Proceedings "Multimediale Informations- und Kommunikationssysteme, NET.OBJECT Days 2002"
Abstract: Der Softwareentwicklung fehlt oft eine detaillierte methodische Unterst�tzung von technischen Softwareentwicklungsaktivit�ten. Eine Autorin dieses Papiers hat das Konzept der Agenda entwickelt, das zum Ziel hat, Softwareentwicklungswissen als "methodische Essenzen" von Softwareentwicklungsaktivit�ten explizit zu repr�sentieren. Zur logischen Modellierung von Anwendungswelten aus Benutzersicht wird eine Agenda entwickelt, die es erlaubt diese Anwendungswelt methodisch in Konzepten der Handlungspsychologie zu erheben.
BibTeX: @inproceedings{Heisel2002, year = {2002}, title = {Logische Modellierung von Anwendungswelten aus Benutzersicht}, booktitle = {Workshop Proceedings "Multimediale Informations- und Kommunikationssysteme, NET.OBJECT Days 2002"}, author = {Maritta Heisel and Heidi Kr{\"o}mker}, publisher = {tranSIT GmbH, Ilmenau}, pages = {649--656}, note = {ISBN 3-9808628-1-X} }
2002	Specification and Refinement of Secure IT Systems [Abstract] [BibTeX] [pdf]	Santen, T., Pfitzmann, A. & Heisel, M.	Proc. International Workshop on Refinement of Critical Systems
Abstract: to be inserted
BibTeX: @inproceedings{Santen2002a, year = {2002}, title = {Specification and Refinement of Secure {IT} Systems}, booktitle = {Proc.\ International Workshop on Refinement of Critical Systems}, author = {Thomas Santen and Andreas Pfitzmann and Maritta Heisel}, note = {http://www.esil.univ-mrs.fr/\verb\|~\|spc/rcs02/papers/Santen.ps.gz} }
2002	Toward a formal model of software components [Abstract] [BibTeX] [pdf]	Heisel, M., Santen, T. & Souquières, J.	Proc. 4th International Conference on Formal Engineering Methods	Springer
Abstract: We are interested in specifying component models in a way that allows us to analyze the interplay of components in general, and to concisely specify individual components. As a starting point for coming up with a technique of specifying component models, we consider JavaBeans. We capture the JavaBean component model using UML class diagrams, Object-Z, and life sequence charts.
BibTeX: @inproceedings{Heisel2002a, year = {2002}, title = {Toward a formal model of software components}, booktitle = {Proc.\ 4th International Conference on Formal Engineering Methods}, author = {Maritta Heisel and Thomas Santen and Jeanine Souqui{\`e}res}, publisher = {Springer}, series = {LNCS 2495}, pages = {57--68}, url = {http://www.springerlink.com/} }
2001	Confidentiality-Preserving Refinement [Abstract] [BibTeX] [pdf]	Heisel, M., Pfitzmann, A. & Santen, T.	Proc. 14th IEEE Computer Security Foundations Workshop	IEEE Computer Society Press
Abstract: We develop a condition for confidentiality-preserving refinement which is both necessary and sufficient. Using a slight extension of CSP as notation, we give a toy example to illustrate the usefulness of our condition. Systems are specified by their behavior and a window. For an abstract system, the window specifies what information is allowed to be observed by its environment. For a concrete system, the window specifies what information cannot be hidden from its environment. A concrete system is a confidentiality-preserving refinement of an abstract system, if it behaviorally refines the abstract system and if the information revealed by the concrete window is allowed to be revealed according to the abstract window.
BibTeX: @inproceedings{Heisel2001, year = {2001}, title = {Confidentiality-Preserving Refinement}, booktitle = {Proc.\ 14th IEEE Computer Security Foundations Workshop}, author = {Maritta Heisel and Andreas Pfitzmann and Thomas Santen}, publisher = {IEEE Computer Society Press}, pages = {295--305}, url = {http://www.ieee.org/} }
2001	Specifying Safety-Critical Embedded systems with Statecharts and Z: An Agenda for Cyclic Software Components [Abstract] [BibTeX] [pdf]	Grieskamp, W., Heisel, M. & Dörr, H.	Science of Computer Programming
Abstract: The application of formal techniques can contribute much to the quality of software, which is of utmost importance for safety-critical embedded systems. These techniques, however, are not easy to apply. In particular, methodological guidance is often unsatisfactory. We address this problem by the concept of an agenda. An agenda is a list of activities to be performed for solving a task in software engineering. Agendas used to support the application of formal specification techniques provide detailed guidance for specifiers, templates of the used specification language that only need to be instantiated, and application independent validation criteria. We apply the agenda approach to a particular class of embedded safety-critical systems, the formal specification of which has been investigated in the case-studies of the German Espress project during the last two years.
BibTeX: @article{Grieskamp2001, year = {2001}, title = {Specifying Safety-Critical Embedded systems with {S}tatecharts and {Z}: An Agenda for Cyclic Software Components}, author = {Wolfgang Grieskamp and Maritta Heisel and Heiko D{\"o}rr}, journal = {Science of Computer Programming}, volume = {40}, pages = {31--57} }
2000	A heuristic algorithm to detect feature interactions in requirements [Abstract] [BibTeX] [pdf]	Heisel, M. & Souquières, J.	Language Constructs for Describing Features	Springer
Abstract: We present a method to systematically detect feature interactions in requirements, which are expressed as constraints on system event traces. We show its application on the lift system, incorporating new features to a simple lift, concerning the lift overfull and the executive floor with priority. This method is part of a broader approach to requirements elicitation and formal specification.
BibTeX: @incollection{Heisel2000a, year = {2000}, title = {A heuristic algorithm to detect feature interactions in requirements}, booktitle = {Language Constructs for Describing Features}, author = {Maritta Heisel and Jeanine Souqui{\`e}res}, publisher = {Springer}, pages = {143--162}, url = {http://www.springerlink.com/} }
2000	Toward an Evolutionary Software Technology [Abstract] [BibTeX] [pdf]	Heisel, M.	Modelling Software System Structures in a fastly moving scenario
Abstract: to be inserted
BibTeX: @inproceedings{Heisel2000, year = {2000}, title = {Toward an Evolutionary Software Technology}, booktitle = {Modelling Software System Structures in a fastly moving scenario}, author = {Maritta Heisel}, publisher = {Dipartimento di Informatica e Scienze dell'Informazione, Universita' di Genova}, note = {http://www.disi.unige.it/person/ReggioG/PROCEEDINGS/} }
2000	Une méthode pour l'élicitation des besoins: application au système de contrôle d'accès [Abstract] [BibTeX] [pdf]	Souquières, J. & Heisel, M.	Proceedings Approches Formelles dans l'Assistance au Développement de Logiciels - AFADL'2000
Abstract: Cet article pr�sente l�utilisation d�une approche syst�matique pour clarifier et analyser les besoins sur l��tude de cas d�un syst�me de contr�le d�acc�s. L�approche int�gre une d�tection syst�matique des interactions entre les diff�rents besoins.
BibTeX: @inproceedings{Souqui`eres2000, year = {2000}, title = {Une m{\'e}thode pour l'{\'e}licitation des besoins\,: application au syst{\`e}me de contr{\^o}le d'acc{\`e}s}, booktitle = {Proceedings Approches Formelles dans l'Assistance au D{\'e}veloppement de Logiciels - AFADL'2000}, author = {Jeanine Souqui{\`e}res and Maritta Heisel}, publisher = {LSR-IMAG, Grenoble}, pages = {36--50}, note = {http://www-lsr.imag.fr/afadl/Programme/ProgrammeAFADL2000.html} }
1999	A Method for Requirements Elicitation and Formal Specification [Abstract] [BibTeX] [pdf]	Heisel, M. & Souquières, J.	Proceedings 18th International Conference on Conceptual Modeling, ER'99	Springer
Abstract: We propose a method for the elicitation and the expression of requirements. The requirements are then transformed in a systematic way into a formal specification. The approach - which distinguishes between requirements and specifications - gives methodological support for requirements elicitation and specification development. It avoids introducing new notations but builds on known techniques.
BibTeX: @inproceedings{Heisel1999, year = {1999}, title = {A Method for Requirements Elicitation and Formal Specification}, booktitle = {Proceedings 18th International Conference on Conceptual Modeling, ER'99}, author = {Maritta Heisel and Jeanine Souqui{\`e}res}, publisher = {Springer}, series = {LNCS 1728}, pages = {309--324}, url = {http://www.springerlink.com/} }
1999	De l'élicitation des besoins à la spécification formelle [Abstract] [BibTeX] [pdf]	Heisel, M. & Souquières, J.	Technique et science informatiques
Abstract: ABSTRACT. This paper proposes a method for the elicitation and the expression of requirements.It is based on a detailed analysis of requirements, leading to a better understanding of the problem to be solved. The approach � which clearly distinguishes between requirements and specifications � leads to the expression of a formal specification in a natural way. It does not introduce new languages but builds on known techniques. Agendas are used to describe the method
BibTeX: @article{Heisel1999a, year = {1999}, title = {De l'{\'e}licitation des besoins {\`a} la sp{\'e}cification formelle}, author = {Maritta Heisel and Jeanine Souqui{\`e}res}, journal = {Technique et science informatiques}, volume = {18}, number = {7}, pages = {777--801} }
1999	Modeling Safety-Critical Systems with Z and Petri Nets [Abstract] [BibTeX] [pdf]	Heiner, M. & Heisel, M.	Proceedings of the 18th International Conference on Computer Safety, Reliability and Security (SAFECOMP)	Springer
Abstract: We show how to combine the specification notation Z with Petri nets for modeling safety-critical systems. The combination preserves the strengths of the two formalisms, while ameliorating their drawbacks. We illustrate our approach by modeling a part of a production cell and validating that model with respect to safety-related properties.
BibTeX: @inproceedings{Heiner1999, year = {1999}, title = {Modeling Safety-Critical Systems with {Z} and {P}etri Nets}, booktitle = {Proceedings of the 18th International Conference on Computer Safety, Reliability and Security (SAFECOMP)}, author = {Monika Heiner and Maritta Heisel}, publisher = {Springer}, series = {LNCS 1698}, pages = {361--374}, url = {http://www.springerlink.com/} }
1998	A Heuristic Algorithm to Detect Feature Interactions in Requirements [Abstract] [BibTeX] [pdf]	Heisel, M. & Souquières, J.	Proc. 5th Feature Interaction Workshop
Abstract: to be inserted
BibTeX: @inproceedings{Heisel1998e, year = {1998}, title = {A Heuristic Algorithm to Detect Feature Interactions in Requirements}, booktitle = {Proc.\ 5th Feature Interaction Workshop}, author = {Maritta Heisel and Jeanine Souqui{\`e}res}, publisher = {IOS Press Amsterdam}, pages = {165--171} }
1998	Agendas -- A Concept to Guide Software Development Activites [Abstract] [BibTeX] [pdf]	Heisel, M.	Proc. Systems Implementation 2000
Abstract: We present the concept of an agenda. This concept serves to represent process knowledge in the area of software development. An agenda consists of a list of steps to be performed when developing a software artifact. Each activity may have associated a schematic expression of the language in which the artifact is expressed and some validation conditions that help detect errors. We present example agendas and discuss the distinguishing features of the agenda concept in detail. Agendas provide methodological support to their users, make development knowledge explicit and thus comprehensible, and contribute to a standardization of software development activities and products. Agendas are flexible and useful in many different contexts and lay the basis for powerful machine support in software development.
BibTeX: @inproceedings{Heisel1998a, year = {1998}, title = {Agendas -- A Concept to Guide Software Development Activites}, booktitle = {Proc.\ Systems Implementation 2000}, author = {Maritta Heisel}, publisher = {Chapman \& Hall London}, pages = {19--32} }
1998	An Agenda for Event-Driven Software Components with Complex Data Models [Abstract] [BibTeX] [pdf]	Winter, K., Santen, T. & Heisel, M.	Proceedings of the 17th International Conference on Computer Safety, Reliability and Security (SAFECOMP)	Springer
Abstract: We present a method to specify software for a special kind of safetycritical embedded systems, where sensors deliver low-level values that must be abstracted and pre-processed to express functional and safety requirements adequately. These systems are characterized by a reference architecture. The method is expressed as an agenda, which is a list of activities to be performed for setting up the software specification, complemented by validation conditions that help detect and correct errors. The specification language we use is a combination of the formal notation Z and the diagrammatic notation statecharts. Our approach not only provides detailed guidance to specifiers, but it is also part of a more general engineering concept for engineering safety-critical embedded systems that was developed in the ESPRESS project, a joint project of academia and industry.
BibTeX: @inproceedings{Winter1998, year = {1998}, title = {An Agenda for Event-Driven Software Components with Complex Data Models}, booktitle = {Proceedings of the 17th International Conference on Computer Safety, Reliability and Security (SAFECOMP)}, author = {Kirsten Winter and Thomas Santen and Maritta Heisel}, publisher = {Springer}, series = {LNCS 1516}, pages = {16--31}, url = {http://www.springerlink.com/} }
1998	Methodological Support for Requirements Elicitation and Formal Specification [Abstract] [BibTeX] [pdf]	Heisel, M. & Souquières, J.	Proc. 9th International Workshop on Software Specification and Design	IEEE Computer Society Press
Abstract: We propose a method for the elicitation and the expression of requirements. The requirements can then be transformed in a systematic way into a formal specification that is a suitable basis for design and implementation of a software system. The approach � which distinguishes between requirements and specifications � gives methodological support for requirements elicitation and specification development. It does not introduce a new language but builds on known techniques.
BibTeX: @inproceedings{Heisel1998g, year = {1998}, title = {Methodological Support for Requirements Elicitation and Formal Specification}, booktitle = {Proc. 9th International Workshop on Software Specification and Design}, author = {Maritta Heisel and Jeanine Souqui{\`e}res}, publisher = {IEEE Computer Society Press}, pages = {153--155}, url = {http://www.ieee.org/} }
1998	Softwaretechnik und Methodik [Abstract] [BibTeX] [pdf]	Heisel, M.	Antrittsvorlesungen der Fakultät für Informatik
Abstract: to be inserted
BibTeX: @inproceedings{Heisel1998b, year = {1998}, title = {Softwaretechnik und {M}ethodik}, booktitle = {Antrittsvorlesungen der Fakult\"at f\"ur Informatik}, author = {Maritta Heisel}, publisher = {Univ. Magdeburg}, series = {Universit\"atsschriften}, pages = {139--155} }
1998	Specifying safety-critical embedded systems with Statecharts and Z: An Agenda for Cyclic Software Components [Abstract] [BibTeX] [pdf]	Grieskamp, W., Heisel, M. & Dörr, H.	Proc. ETAPS-FASE'98	Springer
Abstract: The application of formal techniques can contribute much to the quality of software, which is of utmost importance for safety-critical embedded systems. These techniques, however, are not easy to apply. In particular, methodological guidance is often unsatisfactory. We address this problem by the concept of an agenda. An agenda is a list of activities to be performed for solving a task in software engineering. Agendas used to support the application of formal specification techniques provide detailed guidance for specifiers, templates of the used specification language that only need to be instantiated, and application independent validation criteria. We apply the agenda approach to a particular class of embedded safety-critical systems, the formal specification of which has been investigated in the case-studies of the German Espress project during the last two years.
BibTeX: @inproceedings{Grieskamp1998, year = {1998}, title = {Specifying safety-critical embedded systems with {S}tatecharts and {Z}: An Agenda for Cyclic Software Components}, booktitle = {Proc.\ {ETAPS-FASE'98}}, author = {Wolfgang Grieskamp and Maritta Heisel and Heiko D{\"o}rr}, publisher = {Springer}, series = {LNCS 1382}, pages = {88--106}, url = {http://www.springerlink.com/} }
1997	Methodological Support for Formally Specifying Safety-Critical Software [Abstract] [BibTeX] [pdf]	Heisel, M. & Sühl, C.	Proceedings 16th International Conference on Computer Safety, Reliability and Security (SAFECOMP)
Abstract: We present the concept of an agenda and apply this concept to the formal specification of software for safety-critical applications. An agenda describes a list of activities to solving a task in software engineering, and validations of the results of the activities. Agendas used to support the application of formal specification techniques provide detailed guidance for specifiers, schematic expressions of the used specification language that only need to be instantiated, and application independent validation criteria. We present an agenda for a frequently used design of safety-critical systems and illustrate its usage by an example. Using agendas to systematically develop formal specifications for safety-critical software contributes to system safety because, first, the specifications are developed in a standardized way, making them better comprehensible for other persons. Secondly, using a formal language yields specifications with an unambiguous semantics as the starting point of further design and implementation. Thirdly, the recommended validation criteria draw the specifier�s attention to common mistakes and thus enhance the quality of the resulting specification.
BibTeX: @inproceedings{Heisel1997c, year = {1997}, title = {Methodological Support for Formally Specifying Safety-Critical Software}, booktitle = {Proceedings 16th International Conference on Computer Safety, Reliability and Security (SAFECOMP)}, author = {Maritta Heisel and Carsten S{\"u}hl}, publisher = {Springer London}, pages = {295--308} }
1997	Methodology and Machine Support for the Application of Formal Techniques in Software Engineering [Abstract] [BibTeX] [pdf]	Heisel, M.
Abstract: Methodological support for the application of formal techniques in software engineering is the motto for this entire work We use the term formal techniques instead of the more common term formal methods because we nd the term formal method to be a misnomer A formal notation with a mathematically rigorous semantics is often called a formal method In comparison with notational and semantic issues methodological aspects are frequently neglected in the research on formal techniques In our opinion this fact is one of the greatest obstacles that hinders the transfer of formal techniques from academic environments into software engineering practice The word technique does not suggest that there exists a method for guiding the application of the formalism in question The aim of this work is to demonstrate how formal techniques can be protably employed in software engineering We do not treat the whole software engineering process and consider all known formal techniques but show areas where formal techniques can improve the quality of products or processes in software engineering For this purpose we describe some impor tant and typical situations and show what can be gained by applying formal techniques in these situations Examples are the development of safetycritical systems where formal spec ication techniques contribute to the overall system safety and software architectures where a formal characterization makes it possible to reuse previously acquired design knowledge in a semantically sound way Using formal techniques we can positively guarantee that the product of a development step of the software engineering process enjoys certain semantic properties In this respect formal techniques can lead to an improvement in software quality that cannot be achieved by traditional techniques alone However formal techniques are no panacea Even if a program is proven correct with respect to its specication this does not mean that it will perform to the satisfaction of its users The specication may not capture the requirements adequately the performance of the program may be unsatisfactory or the compiler or the operating system that are needed to execute the program may contain errors Hence informal methods as they are applied in traditional software engineering and especially informal validation techniques such as testing are still indispensable and we propose to complement traditional techniques by formal ones not to replace them
BibTeX: @book{Heisel1997, year = {1997}, title = {Methodology and Machine Support for the Application of Formal Techniques in Software Engineering}, author = {Maritta Heisel}, publisher = {Habilitation Thesis} }
1997	Using LOTOS Patterns to Characterize Architectural Styles [Abstract] [BibTeX] [pdf]	Heisel, M. & Lévy, N.	Proceedings TAPSOFT'97	Springer
Abstract: We show how the formal description language LOTOS can be used to dene software architectures and how patterns over LOTOS can serve to characterize architectural styles We characterize styles by giving characteristics of the involved processes, a top-level communication pattern, and constraints that are sufficient conditions for a concrete architectural description to be an instance of a given style. Three style characterizations are presented and illustrated by an example.
BibTeX: @inproceedings{Heisel1997b, year = {1997}, title = {Using {LOTOS} Patterns to Characterize Architectural Styles}, booktitle = {Proceedings {TAPSOFT}'97}, author = {Maritta Heisel and Nicole L{\'e}vy}, publisher = {Springer}, series = {LNCS 1214}, pages = {818--832}, url = {http://www.springerlink.com/} }
1996	A Pragmatic Approach to Formal Specification [Abstract] [BibTeX] [pdf]	Heisel, M.	Object-Oriented Behavioral Specifications
Abstract: I propose to overcome some difficulties arising in the practical usage of formal specification techniques by adopting a pragmatic attitude. I argue that the transition from informal requirements to a formal specification should not be made too early; that it is not necessary to formally specify every detail; that different formalisms should be combined where appropriate; and that sometimes it may be useful not to adhere to limitations imposed by the formal specification language.
BibTeX: @incollection{Heisel1996, year = {1996}, title = {A Pragmatic Approach to Formal Specification}, booktitle = {Object-Oriented Behavioral Specifications}, author = {Maritta Heisel}, publisher = {Kluwer Academic Publishers}, pages = {41--62} }
1996	An Approach to Develop Provably Safe Software [Abstract] [BibTeX] [pdf]	Heisel, M.	High Integrity Systems
Abstract: We present a process model for the development of provably safe software. It is based on well-established tools and techniques to set up formal specifications in the specification language Z and a program synthesis system designed by the author. The model provides a guideline for the specification and implementation of safe software consisting of a number of steps that are complemented by proof obligations. The parts of the process specific to software safety are given special consideration. The approach is exemplified by the specification and partial implementation of a program controlling the pump of a steam boiler. Finally we relate software safety to correctness and reliability.
BibTeX: @article{Heisel1996a, year = {1996}, title = {An Approach to Develop Provably Safe Software}, author = {Maritta Heisel}, journal = {High Integrity Systems}, volume = {1}, number = {6}, pages = {501--512} }
1996	Expression of Style in Formal Specification [Abstract] [BibTeX] [pdf]	Souquières, J. & Heisel, M.	Proceedings Software Quality Conference
Abstract: This paper presents a framework for supporting the acquisition of formal specifications. It is possible to identify certain styles or orientation approaches according to which the specification process is performed. These styles are used locally, i.e. even in one development, one switches between different styles. Therefore, it is not reasonable to identify styles with specification languages, as is usually the case. We propose to explicitly represent styles as sets of development operators in a process oriented way which is independent of the respective specification language that is used. Our approach is illustrated by a case study where of subset of the Unix file system is specified.
BibTeX: @inproceedings{Souqui`eres1996, year = {1996}, title = {Expression of Style in Formal Specification}, booktitle = {Proceedings Software Quality Conference}, author = {Jeanine Souqui{\`e}res and Maritta Heisel}, publisher = {University of Abertay Dundee}, pages = {56--65} }
1996	Formal Specification of Safety-Critical Software with Z and Real-Time CSP [Abstract] [BibTeX] [pdf]	Heisel, M. & Sühl, C.	Proceedings 15th International Conference on Computer Safety, Reliability and Security (SAFECOMP)
Abstract: to be inserted
BibTeX: @inproceedings{Heisel1996b, year = {1996}, title = {Formal Specification of Safety-Critical Software with {Z }and Real-Time {CSP}}, booktitle = {Proceedings 15th International Conference on Computer Safety, Reliability and Security (SAFECOMP)}, author = {Maritta Heisel and Carsten S{\"u}hl}, publisher = {Springer London}, pages = {31--45} }
1995	Embedding Mathematical Techniques in System Engineering [Abstract] [BibTeX] [pdf]	Heisel, M., Jähnichen, S., Simons, M. & Weber, M.	Proceedings Workshop on Formal Methods Application in Software Engineering Practice, International Conference on Software Engineering
Abstract: Some of the reasons why formal methods have not been widely accepted in practice are analyzed. This analysis provides the basis for a more modest approach to embedding mathematical and formal techniques into the system design process: identifying places in traditional design methodologies where formal reasoning can be convincingly introduced. The approach is outlined in general and illustrated by giving overviews of three different research activities.
BibTeX: @inproceedings{Heisel1995e, year = {1995}, title = {Embedding Mathematical Techniques in System Engineering}, booktitle = {Proceedings Workshop on Formal Methods Application in Software Engineering Practice, International Conference on Software Engineering}, author = {Maritta Heisel and Stefan J{\"a}hnichen and Martin Simons and Matthias Weber}, pages = {53--60} }
1995	Six Steps Towards Provably Safe Software [Abstract] [BibTeX] [pdf]	Heisel, M.	Proceedings of the 14th International Conference on Computer Safety, Reliability and Security (SAFECOMP)
Abstract: We present an approach to the specification and implementation of provably safe software. It uses well-established tools and techniques that are usually employed to ensure correctness rather than safety of software. The approach comprises six steps each of which is complemented by some proof obligations. For each step the safety-related aspects are clearly elaborated. Thus designers of safety-critical systems are given guidance that helps to avoid potentially dangerous gaps in the specification of the system�s safety properties.
BibTeX: @inproceedings{Heisel1995b, year = {1995}, title = {Six Steps Towards Provably Safe Software}, booktitle = {Proceedings of the 14th International Conference on Computer Safety, Reliability and Security (SAFECOMP)}, author = {Maritta Heisel}, publisher = {Springer London}, pages = {191--205} }
1995	Specification of the Unix File System: A Comparative Case Study [Abstract] [BibTeX] [pdf]	Heisel, M.	Proc. 4th Int. Conference on Algebraic Methodology and Software Technology	Springer
Abstract: The starting point of this investigation are two different formal specifications of the user�s view of the Unix file system, one algebraic and one model-based. The different features exhibited by the specifications give rise to a discussion of desirable and undesirable properties of formal specifications.
BibTeX: @inproceedings{Heisel1995, year = {1995}, title = {Specification of the {U}nix File System: A Comparative Case Study}, booktitle = {Proc. 4th Int. Conference on Algebraic Methodology and Software Technology}, author = {Maritta Heisel}, publisher = {Springer}, series = {LNCS 936}, pages = {475--488}, url = {http://www.springerlink.com/} }
1995	Tool Support for Formal Software Development: A Generic Architecture [Abstract] [BibTeX] [pdf]	Heisel, M., Santen, T. & Zimmermann, D.	Proceedings 5-th European Software Engineering Conference	Springer
Abstract: We present a formalism independent approach to the design of tools supporting the application of formal methods in software development. It consists of a concept to represent problem solving knowledge, called strategy, and a generic architecture showing how to implement tools for strategy-based development. A prototype system for program synthesis demonstrates the practicality of the approach.
BibTeX: @inproceedings{Heisel1995h, year = {1995}, title = {Tool Support for Formal Software Development: A Generic Architecture}, booktitle = {Proceedings 5-th European Software Engineering Conference}, author = {Maritta Heisel and Thomas Santen and Dominik Zimmermann}, publisher = {Springer}, series = {LNCS 989}, pages = {272--293}, url = {http://www.springerlink.com/} }
1994	Korrekte Software: Nur eine Illusion? [Abstract] [BibTeX]	Heisel, M. & Weber-Wulff, D.	Informatik -- Forschung und Entwicklung
Abstract: to be inserted
BibTeX: @article{Heisel1994c, year = {1994}, title = {{K}orrekte {S}oftware: {N}ur eine {I}llusion?}, author = {Maritta Heisel and Debora Weber-Wulff}, journal = {{I}nformatik -- {F}orschung und {E}ntwicklung}, volume = {9}, number = {4}, pages = {192--200} }
1992	Formale Programmentwicklung mit dynamischer Logik [Abstract] [BibTeX]	Heisel, M.		Deutscher Universitätsverlag
Abstract: to be inserted
BibTeX: @book{Heisel1992b, year = {1992}, title = {{F}ormale {P}rogrammentwicklung mit dynamischer {L}ogik}, author = {Maritta Heisel}, publisher = {Deutscher Universit\"atsverlag}, url = {http://www.duv.com/} }
1992	Formalizing and Implementing Gries's Program Development Method in Dynamic Logic [Abstract] [BibTeX]	Heisel, M.	Science of Computer Programming
Abstract: to be inserted
BibTeX: @article{Heisel1992a, year = {1992}, title = {Formalizing and Implementing {G}ries's Program Development Method in Dynamic Logic}, author = {Maritta Heisel}, journal = {Science of Computer Programming}, volume = {18}, pages = {107--137} }
1991	Formal Software Development with the KIV System [Abstract] [BibTeX]	Heisel, M., Reif, W. & Stephan, W.	Automating Software Design
Abstract: to be inserted
BibTeX: @incollection{Heisel1991, year = {1991}, title = {Formal Software Development with the {KIV} System}, booktitle = {Automating Software Design}, author = {Maritta Heisel and Wolfgang Reif and Werner Stephan}, publisher = {AAAI Press}, pages = {547--574} }
1990	Tactical Theorem Proving in Program Verification [Abstract] [BibTeX]	Heisel, M., Reif, W. & Stephan, W.	Proceedings 10th International Conference on Automated Deduction	Springer
Abstract: to be inserted
BibTeX: @inproceedings{Heisel1990a, year = {1990}, title = {Tactical Theorem Proving in Program Verification}, booktitle = {Proceedings 10th International Conference on Automated Deduction}, author = {Maritta Heisel and Wolfgang Reif and Werner Stephan}, publisher = {Springer}, series = {LNAI 449}, pages = {117--131}, url = {http://www.springerlink.com/} }
1989	A Dynamic Logic for Program Verification [Abstract] [BibTeX]	Heisel, M., Reif, W. & Stephan, W.	Proceedings Logic at Botik	Springer
Abstract: to be inserted
BibTeX: @inproceedings{Heisel1989a, year = {1989}, title = {A Dynamic Logic for Program Verification}, booktitle = {Proceedings Logic at Botik}, author = {Maritta Heisel and Wolfgang Reif and Werner Stephan}, publisher = {Springer}, series = {LNCS 363}, pages = {134--145}, url = {http://www.springerlink.com/} }
1989	Machine-Assisted Program Construction and Verification [Abstract] [BibTeX]	Heisel, M., Reif, W. & Stephan, W.	Proceedings of the 12th German Workshop for Artificial Intelligence	Springer
Abstract: to be inserted
BibTeX: @inproceedings{Heisel1989b, year = {1989}, title = {Machine-Assisted Program Construction and Verification}, booktitle = {Proceedings of the 12th {G}erman {W}orkshop for {A}rtificial {I}ntelligence}, author = {Maritta Heisel and Wolfgang Reif and Werner Stephan}, publisher = {Springer}, number = {216}, series = {Informatik Fachberichte}, pages = {338--347}, url = {http://www.springerlink.com/} }
1988	Implementing Verification Strategies in the KIV System [Abstract] [BibTeX]	Heisel, M., Reif, W. & Stephan, W.	Proceedings 9th International Conference on Automated Deduction	Springer
Abstract: to be inserted
BibTeX: @inproceedings{Heisel1988a, year = {1988}, title = {Implementing Verification Strategies in the {KIV} System}, booktitle = {Proceedings 9th International Conference on Automated Deduction}, author = {Maritta Heisel and Wolfgang Reif and Werner Stephan}, publisher = {Springer}, series = {LNCS 310}, pages = {131--140}, url = {http://www.springerlink.com/} }
1988	Program Verification Using Dynamic Logic [Abstract] [BibTeX]	Heisel, M., Reif, W. & Stephan, W.	Proceedings of the first Workshop on Computer Science Logic	Springer
Abstract: to be inserted
BibTeX: @inproceedings{Heisel1988, year = {1988}, title = {Program Verification Using Dynamic Logic}, booktitle = {Proceedings of the first Workshop on Computer Science Logic}, author = {Maritta Heisel and Wolfgang Reif and Werner Stephan}, publisher = {Springer}, series = {LNCS 329}, pages = {102--117}, url = {http://www.springerlink.com/} }
1987	Program Verification by Symbolic Execution and Induction [Abstract] [BibTeX]	Heisel, M., Reif, W. & Stephan, W.	Proceedings of the 11th German Workshop for Artificial Intelligence	Springer
Abstract: to be inserted
BibTeX: @inproceedings{Heisel1987, year = {1987}, title = {Program Verification by Symbolic Execution and Induction}, booktitle = {Proceedings of the 11th {G}erman {W}orkshop for {A}rtificial {I}ntelligence}, author = {Maritta Heisel and Wolfgang Reif and Werner Stephan}, publisher = {Springer}, series = {Informatik Fachberichte 152}, pages = {201--210}, url = {http://www.springerlink.com/} }
1986	An Interactive Verification System Based on Dynamic Logic [Abstract] [BibTeX]	Hähnle, R., Heisel, M., Reif, W. & Stephan, W.	Proceedings 8th International Conference on Automated Deduction	Springer
Abstract: to be inserted
BibTeX: @inproceedings{Hahnle1986, year = {1986}, title = {An Interactive Verification System Based on Dynamic Logic}, booktitle = {Proceedings 8th International Conference on Automated Deduction}, author = {Reiner H{\"a}hnle and Maritta Heisel and Wolfgang Reif and Werner Stephan}, publisher = {Springer}, number = {230}, series = {LNCS 230}, pages = {306--315}, url = {http://www.springerlink.com/} }

Created by JabRef on 03/04/2017.

Universität Duisburg-Essen

Informatik / Kognitionswissenschaft
Software Engineering

Maritta Heisel