research-article

Security-Driven Information Flow Modelling for Component Integration in Complex Environments

Authors:

Veronika Kupfersberger,

Thomas Schaberreiter,

Gerald QuirchmayrAuthors Info & Claims

IAIT '18: Proceedings of the 10th International Conference on Advances in Information Technology

Article No.: 19, Pages 1 - 8

https://doi.org/10.1145/3291280.3291797

Published: 10 December 2018 Publication History

Abstract

Conceptualising and developing a new software solution is always a daunting task, even more so when existing technologies of international partners are to be integrated into a unique and holistic product, as is the case in many international research and innovation projects. The individual requirements not only of each tool, but of the resulting solution as a whole, must be considered as well as the problem domain. The approach presented in this paper uniquely combines existing structuring and modelling techniques, resulting in an information flow model and interface definition specifications appropriate for international projects. It is based on an approach developed for an EU cybersecurity project and for its specific requirements, but due to its flexibility seen as appropriate for other domains as well. Complex systems consisting of different existing software solutions are represented in a conceptual model of their internal processes and the connecting information flows, thereby facilitating further software development and adaptations. Additionally, the exact identification and accounting of all information flows are essential requirements for modelling according to security and privacy by design principles, as for example prescribed by privacy and impact assessment guides and required by the General Data Protection Regulation (GDPR).

References

[1]

Srividya K Bansal and Sebastian Kagemann. 2015. Integrating big data: A semantic extract-transform-load framework. Computer 48, 3 (2015), 42--50.

Digital Library

[2]

Jan Bosch. 2004. Software architecture: The next step. In European Workshop on Software Architecture. Springer, 194--199.

[3]

Peter Checkland. 1981. Systems thinking, systems practice. (1981).

[4]

Patrice Clemente, Jonathan Rouzaud-Cornabas, and Christian Toinard. 2010. From a generic framework for expressing integrity properties to a dynamic mac enforcement for operating systems. In Transactions on computational science XI. Springer, 131--161.

Digital Library

[5]

European Commission and High Representative of the European Union for Foreign Affairs and Security Policy. 2013. Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace. JOIN(2013) 1 final. (2013).

[6]

Valentina Ferretti. 2016. From stakeholders analysis to cognitive mapping and Multi-Attribute Value Theory: An integrated approach for policy support. European Journal of Operational Research 253, 2 (2016), 524--541.

[7]

Jeffrey O Grady. 1995. System engineering planning and enterprise identity. Vol. 7. CRC Press.

[8]

JC Jiang, JY Yu, and JS Lei. 2015. Finding influential agent groups in complex multiagent software systems based on citation network analyses. Advances in Engineering Software 79 (2015), 57--69.

Digital Library

[9]

Anastasios Karagiannis, Panos Vassiliadis, and Alkis Simitsis. 2013. Scheduling strategies for efficient ETL execution. Information Systems 38, 6 (2013), 927--945.

Digital Library

[10]

Jeff Kramer. 2007. Is abstraction the key to computing? Commun. ACM 50, 4 (2007), 36--42.

Digital Library

[11]

Qing Li and Yu-Liu Chen. 2009. Modeling and Analysis of Enterprise and Information Systems: from requirements to realization. Springer.

Digital Library

[12]

THE EUROPEAN PARLIAMENT and THE COUNCIL OF THE EUROPEAN UNION. 2008. COUNCIL DIRECTIVE 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. Official Journal of the European Union L 345/75. (2008).

[13]

THE EUROPEAN PARLIAMENT and THE COUNCIL OF THE EUROPEAN UNION. 2016. DIRECTIVE (EU) 2016/1148 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. Official Journal of the European Union L 194/1. (2016).

[14]

Stewart Robinson. 2008. Conceptual modelling for simulation Part I: definition and requirements. Journal of the operational research society 59, 3 (2008), 278--290.

[15]

Stewart Robinson. 2008. Conceptual modelling for simulation Part II: a framework for conceptual modelling. Journal of the Operational Research Society 59, 3 (2008), 291--304.

[16]

Ric Roca, Dale Pace, Stewart Robinson, Andreas Tolk, and Levent Yilmaz. 2015. Paradigms for conceptual modeling. In Proceedings of the 48th Annual Simulation Symposium. Society for Computer Simulation International, 202--209.

Digital Library

[17]

Najah Ben Said, Takoua Abdellatif, Saddek Bensalem, and Marius Bozga. 2014. Model-driven information flow security for component-based systems. In Joint European Conferences on Theory and Practice of Software. Springer, 1--20.

[18]

Lorenza Saitta and Jean-Daniel Zucker. 2013. Abstraction in artificial intelligence and complex systems. Vol. 456. Springer.

Digital Library

[19]

John Sokolowski, Charles Turnitsa, and Saikou Diallo. 2008. A conceptual modeling method for critical infrastructure modeling. In Simulation Symposium, 2008. ANSS 2008. 41st Annual. IEEE, 203--211.

Digital Library

Cited By

de Chaves SBarreto Vavassori Benitti FHong JLanperne MPark JCerny TShahriar H(2023)Privacy by Design in Software Engineering: An update of a Systematic Mapping StudyProceedings of the 38th ACM/SIGAPP Symposium on Applied Computing10.1145/3555776.3577626(1362-1369)Online publication date: 27-Mar-2023
https://dl.acm.org/doi/10.1145/3555776.3577626
Saltarella MDesolda GLanzilotti RBarletta V(2023)Translating Privacy Design Principles Into Human-Centered Software Lifecycle: A Literature ReviewInternational Journal of Human–Computer Interaction10.1080/10447318.2023.221996440:17(4465-4483)Online publication date: 20-Jun-2023
https://doi.org/10.1080/10447318.2023.2219964
Saltarella MDesolda GLanzilotti R(2021)Privacy Design Strategies and the GDPR: A Systematic Literature ReviewHCI for Cybersecurity, Privacy and Trust10.1007/978-3-030-77392-2_16(241-257)Online publication date: 24-Jul-2021
https://dl.acm.org/doi/10.1007/978-3-030-77392-2_16

Index Terms

Security-Driven Information Flow Modelling for Component Integration in Complex Environments
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Systems security
    1. Information flow control
2. Software and its engineering
  1. Software creation and management
    1. Designing software
      1. Software design engineering

Recommendations

Security Information Flow in Multidimensional Arrays

The problem of security flow into n-dimensional arrays is considered. It is shown that in the security flow analysis for an array assignment A(B ¹, B ²···,B ⁿ) = , it is sufficient to analyze the flows B ^j__ __ A( B ¹, B ²,··· Bn), i.e., show that L[B ^j]...
Non risk assessment information security assurance model
InfoSecCD '09: 2009 Information Security Curriculum Development Conference

This article is present information assurance model based on Non risk assessment model. The model based on diligence model where assurance is achieved by using threat and vulnerability reviews and countermeasures based on tangible best practices. An ...
Towards ensuring security by design in cyber-physical systems engineering processes
ICSSP '18: Proceedings of the 2018 International Conference on Software and System Process

Engineering cyber-physical systems secure by design requires engineers to consider security from the ground up. However, current systems engineering processes are not tailored to cyber-physical systems, or lack an integration with security engineering. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

IAIT '18: Proceedings of the 10th International Conference on Advances in Information Technology

December 2018

145 pages

ISBN:9781450365680

DOI:10.1145/3291280

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

KMUTT: King Mongkut's University of Technology Thonburi

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 December 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

IAIT 2018

IAIT 2018: The 10th International Conference on Advances in Information Technology

December 10 - 13, 2018

Bangkok, Thailand

Acceptance Rates

IAIT '18 Paper Acceptance Rate 20 of 47 submissions, 43%;

Overall Acceptance Rate 20 of 47 submissions, 43%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
110
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

de Chaves SBarreto Vavassori Benitti FHong JLanperne MPark JCerny TShahriar H(2023)Privacy by Design in Software Engineering: An update of a Systematic Mapping StudyProceedings of the 38th ACM/SIGAPP Symposium on Applied Computing10.1145/3555776.3577626(1362-1369)Online publication date: 27-Mar-2023
https://dl.acm.org/doi/10.1145/3555776.3577626
Saltarella MDesolda GLanzilotti RBarletta V(2023)Translating Privacy Design Principles Into Human-Centered Software Lifecycle: A Literature ReviewInternational Journal of Human–Computer Interaction10.1080/10447318.2023.221996440:17(4465-4483)Online publication date: 20-Jun-2023
https://doi.org/10.1080/10447318.2023.2219964
Saltarella MDesolda GLanzilotti R(2021)Privacy Design Strategies and the GDPR: A Systematic Literature ReviewHCI for Cybersecurity, Privacy and Trust10.1007/978-3-030-77392-2_16(241-257)Online publication date: 24-Jul-2021
https://dl.acm.org/doi/10.1007/978-3-030-77392-2_16

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents