Advanced Information Systems Engineering Workshops

We present a case study of business architecture development by students working in socially networked groups. In this case study we emulated a self-development of an evolutionary information system. The “client system” in this emulated project was medical laboratory information system. In the role of the “change agent” were students of two different specialties: medical technology students (one group) and IT students (another group). We describe the process and results of the first (finished) phase of strategic analysis where the initial business architecture was developed. Later on this business architecture will be utilized as a platform for (social, self-) development of business processes and software. Medical technology students (knowing the problem) played the business process owner/analyst dual role. IT students (knowing IT-related solution patterns for the problem and processes) played the business designer role. The relationships between (and inside) the two groups/communities were managed using Google Sites (social) software.

As technology becomes more far-reaching and interconnected, the need of interoperability is becoming increasingly important. The Ontology of Enterprise Interoperability (OoEI) was defined as a scientific reference model regarding interoperability leading to a common understanding involving this topic. The OoEI was proposed in the general context of Enterprise Interoperability with high level concepts using the system theory. This needs to be enriched with concepts from Enterprise domain. The discipline of Enterprise Architecture (EA) advocates the use of models to support business services on enterprises. Among them, this work focuses on ArchiMate. In order to provide business services support, ArchiMate, should be amenable to analyze of various properties, as e.g. the interoperability requirements. This paper proposes a set of concepts covering the EA and interoperability domains. Through literature review and framework research, we identify key aspects of interoperability and EA and their associations, resulting in a reference conceptual model for integrated Enterprise Architecture Interoperability. The proposed model is defined based on the Design Science Research methodology. A case study illustration will be used for the evaluation as part of the research approach.

Enterprise architecture (EA) management represents an evolving discipline in the curriculum of information systems research. Research in the area of EA management is often conducted in close cooperation with industry partners, who on the one hand provide input in terms of current challenges and on the other hand are more than willing to apply and evaluate the research findings. Therefore, researchers in the area of EA management applying the design science paradigm are confronted with the challenge to make theoretical contributions which additionally can be applied and help to solve current and anticipated problems in practice.

In this paper we present the so-called pattern-based design research (PDR) an iterative design research method to overcome this problem by enabling researchers to theorize and learn from the intervention at the industry partner(s) while performing rigorous and relevant design science research. We illustrate the applicability of PDR by discussing our research projects of the last 7 years in the area of EA management. We conclude that PDR provides a suitable research method that can be applied in the area of EA and discuss further challenges from the perspective of practitioners and researchers.

This paper is concerned with the research methodology that was used in the GEA (General Enterprise Architecting) research programme. The goal of this programme was the development of a new approach for doing enterprise architecture. We discuss the motivations for starting the GEA programme, its focus, as well as its objectives. Based on this, the research methodology as it was used by the GEA programme is discussed and motivated. This involves a combination of design science and case study based research. The paper also discusses the way the GEA programme went about to actually implement the research methodology in a real-world situation, while also highlighting its results.

The emerging field of enterprise engineering provides a promising outlook for positioning relevant research. Enterprise Architecture frameworks which are frequently used in practice, but are often criticized from a research perspective, can be positioned in this field. The challenge for the enterprise engineering field is to provide a framework to improve such frameworks using a rigorous scientific approach. This paper aims to contribute to addressing this challenge by proposing components for a research framework which focuses on applying engineering insights to enterprise architecture. It first explores how current enterprise architecture frameworks handle issues relevant for engineering (i.e., complexity, change and integration). It then introduces additional components which could contribute towards a more systematic approach. These components are derived from the way the Normalized Systems Theory was developed, and successfully introduced engineering standards into the design software architecture.

Enterprises encounter serious problems in keeping pace with ever faster changing markets. Enterprise Engineering (EE) is an emerging field that is promising in providing solutions. Doing research in this field, requires choosing an appropriate research method for different parts of the research. This is the composition of the research method from known research methods, we call this engineering of the research approach. We structure available methods, approaches and techniques for qualitative research in information systems. We describe three epistemologies and discuss the different qualitative research methods and differences and similarities between them. For our research on EE that applies transaction cost economics in designing enterprises using the notions of Enterprise Ontology and Enterprise Architecture we combine a positivist approach during literature study with an interpretivist approach during Action Research.

Throughout recent years a lot of research has been done to develop enterprise architecture (EA) approaches for large and complex enterprises. Consequently, an array of tools has been developed for these large enterprises to aid in EA management. However, traditional small and medium-sized enterprises (SMEs), which are very important for economy, have to a great extent been neglected. Recently research has been done towards a new EA approach for SMEs. The approach is called CHOOSE. As tool support is almost indispensable in complex environments, the need for tool support was quickly experienced while doing case studies in SMEs. Unfortunately, tool support is already rated low on usability by EA practitioners in large companies. A different approach was required to provide tool support for managers in SMEs. The developed software tool already received positive feedback from managers.

Large enterprises need to coordinate the IT initiatives that exist in different organisational units of the enterprise. If these initiatives are not coordinated, the resulting IT system is likely to become difficult to use and expensive to develop/maintain. Enterprise architecture methods are designed for that purpose. We report on the use of a service-oriented enterprise architecture method, called SEAM, in the context of a mid-size university. The originality of SEAM is its service orientation and the recursive modeling from business down to systems. Using SEAM, we develop a service model of the overall organisation. The model is stored in a web-based tool. We also propose a concrete implementation of architectural principles described in the literature. This principles help build an integrated IT system. The paper explains the background of this project and the current progresses. This approach illustrates how enterprises can build a common view for their IT resources.

Business rules are everywhere. Some of these rules are implicit and thus poorly enforced, others are written but not enforced, and still others are perhaps poorly written and obscurely enforced [1]. In this work, we propose an interactive, simulation-driven approach for the discovery of business rules. The rules are first specified in a natural language, then translated to the Alloy specification language. The Alloy Analyzer tool is used as a platform for rule simulation and discovery: it provides a domain specialist with an instant feedback, helping her to detect the issues with the existing business rules and to discover new rules in a systematic way.

IT Management best-practice process frameworks for IT Service Management and IT Governance have been applied by many organizations to structure and improve operational IT management and IT governance. It further facilitates customer centric, cost efficient and compliant IT Service provisioning. IT Management has undergone various evolutionary stages and changes over recent years due to the evolving maturity of best-practice recommendations and evolving IT requirements. This paper refers to the current practices and standards in the areas of IT Service Management and IT Governance. A case study identifies and outlines implications for the Higher Education sector. The practical adoption of these frameworks in higher education institutions suggests that the domain has advanced and matured in recent years. However further research and adjustments are required to further facilitate the adoption of the core ITSM and IT Governance principles.

Business/IT alignment has become one of the most relevant concerns on organizations. Enterprise Architecture (EA) and ITIL, two distinct governance approaches with different perspectives, have become recently dominant between practitioners. However, parallel EA and ITIL projects can lead to wasted resources and a duplication of costs and efforts. In this paper we propose an EA and ITIL integration using ArchiMate as a common frame of reference. We also want to point out that implementing ITIL is like implementing any other architecture change and demonstrate it by using TOGAF to perform an ITIL implementation on ArchiSurance, a fictitious organization from the well known ArchiMate case study.

IT pervades all sectors of today’s organizations. To support efficient business solutions, business-IT alignment has been long-time discussed as a solution. Given the complexity of achieving alignment, in our research we have hypothesized the importance of one partial possible solution, namely, the fit between strategy and information system requirements. To systematically investigate the influence of widely-used business strategy formulations, such as Porter’s Value Chain, Kaplan & Norton’s Strategy Maps, and others, we propose a model-centric approach to strategy-IT alignment where the strategy formulations are represented in the form of models, and mapped to requirements models. The objective of this paper is to present a pilot empirical investigation assessing if strategy-IT alignment is an issue of concern, and seeking to obtain insights from practitioners about relevance of our model-based view for strategy-IT alignment. The empirical information is collected through a well-prepared questionnaire-based survey.

Information Technology (IT) has been used in large organizations since the 1950s, for internal and external purposes. The pervasive use of technology in organizations has created a critical dependency on IT that calls for a specific focus on IT Governance (ITG) that is essential to ensure the Business/IT alignment objectives. However, determining the right ITG mechanisms remains a complex endeavor. Therefore, we propose to perform an exploratory research and analyze several ITG case studies to elicit possible ITG mechanisms patterns used in specific organizational context. It should be noted that a pattern is something which describes a successful solution to a problem in a specific context. Our main goal is to build some theories (ITG mechanisms patterns) which we believe that will guide organizations about the suitable ITG mechanisms to implement. The research methodology adopted was Design Science Research. We finish our research with limitations, contribution and future work.

We present a novel approach to modeling business objectives (strategies) and a novel notion of alignment between strategy and service models leading to the successfully deployed ServAlign tool that supports automated alignment analysis.

After visualizing data of various observational experiments on the way in which modelers construct process models, a promising process modeling style (i.e., structured process modeling) was discovered that is expected to cause process model quality to increase. A modeler constructs process models in a structured way if she/he is working on a limited amount of parts of the model simultaneously. This paper describes two cognitive theories that can explain this causal relation. Cognitive Load Theory (CLT) suggests that the amount of errors increases when the limited capacity of our working memory is overloaded. Cognitive Fit Theory (CFT) states that performance is improved when task material representation matches with the task to be executed. Three hypotheses are formulated and the experimental set-up to evaluate these hypotheses is described.

In this paper we present some cognitive guidelines to move from higher degrees of abstraction to lower, more concrete degrees of abstraction, and reciprocally. For a time, in Requirements Engineering this approach was called the

top-down method

and it was intended to be used as a general method in the first steps of specifying a system: the whole application was decomposed using this method. In everyday analysis and design, it continues to be a fundamental way of separation of concerns, applying the motto of

divide and conquer

. In order to divide, we must visualize the whole system in terms of lower level components: processes, use cases or user stories. But the important question is that zooming in can not start –in Requirements Engineering– at every level but at a given level of abstraction, usually at the level where some event will trigger the execution of some processes: such is the case of user stories and use cases. Another important issue we want to stress is the essential role that stories play in our cognition: this is why user stories –as well as use cases– have been and continue to be intensively used in software development.

Deployment architecture is an important part of the software development lifecycle. Our preliminary research indicates that the process of constructing the deployment architecture holds several challenges which, if not properly met, may hinder the success of the project and result in low customer satisfaction. In this ongoing research, we analyze this process in different firms, in an attempt to understand its challenges towards proposing strategies for its improvement. To this end, we collected data via 25 questionnaires at a global IT firm, and 12 in-depth interviews with architects from 10 firms. Analyzing the data qualitatively, through the lens of distributed cognition theory, helped us to understand the structure and flow of this multiple-stakeholders process and identify common potential pain points and challenges that need to be addressed.

Despite the growing interest in agile information systems development approaches, we contend that existing approaches retain traditional assumptions about the structure of information, assumptions that inhibit agile responses to emerging and evolving information requirements. We suggest an approach, based on cognitive principles, to model information requirements by separating conceptual views of data from logical models, allowing the former to be changed without requiring changes to the latter.

Process model quality has been an area of considerable research efforts. In this context, the correctness-by-construction principle of change patterns offers a promising perspective. However, using change patterns for model creation imposes a more structured way of modeling. While the process of process modeling (PPM) based on change primitives has been investigated, little is known about this process based on change patterns and factors that impact the cognitive complexity of pattern usage. Insights from the field of cognitive psychology as well as observations from a pilot study suggest that the nesting depth of the model to be created has a significant impact on cognitive complexity. This paper proposes a research design to test the impact of nesting depth on the cognitive complexity of change pattern usage in an experiment.

Summary.

Companies increasingly adopt process-aware information systems (PAISs) to model, enact, monitor, and evolve their business processes. Although the proper handling of temporal constraints (e.g., deadlines and minimum time lags between activities) is crucial for many application domains, existing PAISs vary significantly regarding the support of the temporal perspective of a business process. In previous work, we introduced characteristic time patterns for specifying the temporal perspective of PAISs. However, time-aware process schemas might be complex and hard to understand for end-users. To enable their proper visualization, therefore, this paper introduces an approach for transforming time-aware process schemas into enhanced Gantt charts. Based on this, a method for creating personalized process schedules using process views is suggested. Overall, the presented approach enables users to easily understand and monitor time-aware processes in PAISs.

Nowadays, many enterprises use business process models for documenting and supporting their operations. As many enterprises have branches in several countries and provide similar services throughout the globe, there is high potential for re-using these process models. However, the language barrier is a major obstacle for the successful re-use of process models, especially in multi-national companies. In this paper, we address this problem by presenting the Business Process Model Translator (BPMT), a technique for the automated translation of business process models that eases the re-use of business process models and reduces redundant work in multi-national companies. It builds upon the state-of-the-art machine translation system Moses and extends it with word and translation disambiguation considering the context of the domain. As a result, the BPMT can successfully deal with the compact and special language fragments that are typically found in business process models. A two-fold evaluation with the BLEU metric and an expert survey showed improvements of our approach over Moses.

Communication processes are vital in the lifecycle of BPM projects. With this in mind, much research has been performed into facilitating this key component between stakeholders. Amongst the methods used to support this process are personalized process visualisations. In this paper, we review the development of this visualization trend, then, we propose a theoretical analysis framework based upon communication theory. We use this framework to provide theoretical support to the conjecture that 3D virtual worlds are powerful tools for communicating personalised visualisations of processes within a workplace. Meta-requirements are then derived and applied, via 3D virtual world functionalities, to generate example visualisations containing personalized aspects, which we believe enhance the process of communication between analysts and stakeholders in BPM process (re)design activities.

Business processes modeling plays an important role in helping organizations analyze and implement existing business processes. Specifically, business process understanding is an essential aspect for conducting risk assessment and for detecting internal control weaknesses. In current risk assessment practice, a broad spectrum of notations is used to capture processes with relative strengths and weaknesses. These notations range from pure text-based to purely visual diagrammatic formats. This gives rise to the question whether any of these notations should be preferred in the specific audit and accounting information system domain in order to provide better analysis results. Given the mixed results from prior research, this paper aims to establish a theoretical basis for discussing this question. Based on cognitive research, we identify propositions and derive associated hypotheses. Furthermore, we discuss how analysis performance can be measured in an audit context.

There are signs that cost arbitrage model of outsourcing engagement between enterprises and service providers will have to change to one based on value generation. Automation decisions taken by siloized businesses under cost arbitrage models have led to complex cost-ineffective situations. Both these situations may be addressed by an innovative business model based on product family concepts that systematically targets transactional and transformational needs of enterprises with focus on value generation using analysis and operational world views of enterprise IT systems. We motivate and elaborate such an approach. Our contributions are innovation that leads to mutual win-win situation by enabling service providers to service IT needs of multiple enterprises of same vertical and by enabling enterprises to reap value-oriented benefits with analysis and operational world views of IT systems thus serviced.

The characteristics of knowledge relevant to initiate innovation projects or improve existing manufacturing processes have been identified against the background of an organisation participating in a collaborative manufacturing process chain. Those innovation or improvement processes rely on differing types of knowledge, which must be combined in order to determine the current state, the desired state, and the methodology to get there. In a collaborative environment, all of these knowledge types can be fragmented and stored within certain partitions resembled by people, or organisational units. Within this paper, two different organisational units, management and employees of a focal organization or those of related partners have been selected to illustrate the problem. By adapting the Johari window to map knowledge exchange, this paper identifies the characteristics of intra- and inter-organisational barriers.

Open innovation is gaining increasing interest as a model to foster innovation through collaboration and knowledge sharing among organizations, especially in the context of Virtual Enterprises (VE). One of the main issues to overcome in such distributed settings is the integration of heterogeneous data, and the need to evaluate common Key Performance Indicators (KPI) capable to measure overall performances of the VE. In this paper we propose a conceptualization of KPIs into an ontology, to provide a common vocabulary to semantically annotate data belonging to different organizations. KPIs are described in terms of dimensions and a mathematical formula. In order to support reasoning services over KPIs formulas we refer to a logic-based formalization in Prolog, where formulas are translated as facts, and several predicates are included to support both mathematical functionalities for formula manipulation and higher-level functions especially suited for VE setup.

Innovations, in any field, originate in the mind of people, on the base of mechanisms not yet completely understood. There have been many studies relevant to thinking techniques that have been proven to favor creativity, like for instance those studied by De Bono. A general characteristic of these techniques is the recommendation of avoiding usual thinking paths, habitual mind frames: this is facilitated by putting oneself in unusual physical settings, or introducing absurd concepts, and the like. The use of metaphors is another recognized enabler of creativity, by bridging different conceptual domains.

A Knowledge Base (KB) structured around an Ontology can be seen as a close simulation of the conceptual structure that, according to Constructivism, supports a person’s thinking processes, and the Web can be seen as the corresponding world to be explored and that contributes to that person’s culture. This kind of domain specific KBs is being organized and used as support for advanced enterprise information systems. This paper presents a technique for extending the working domain (WD) of an organization with concepts belonging to other domains, obtained by retrieving documents that discuss both concepts of this WD and “foreign” ones. These documents, proposed to the KB editors, are considered candidates for innovative problem solving activities and considerations.

This practical paper introduces hybrid modelling and its application in supporting interoperability within virtual enterprises. Based on a survey report of the FINES cluster, different dimensions of enterprise interoperability are introduced before concept modelling as an instrument and meta-modelling as the technological approach is discussed. The challenge of holistically combining different modelling approaches concerned with enterprise interoperability can be tackled via hybrid modelling. The open development platform ADOxx is introduced as a technological basis supporting realization of the hybrid modelling and the semantic lifting. Hybrid modelling applied in the project BIVEE to holistically model a Value Production Space is introduced to demonstrate a complex meta-modelling environment.

The amount of data that is being made available on the Web is increasing. This provides business organisations with the opportunity to acquire large datasets in order to offer novel information services or to better market existing products and services. Much of this data is now publicly available (e.g., thanks to initiatives such as Open Government Data). The challenge from a corporate perspective is to make sense of the third party data and transform it so that it can more easily integrate with their existing corporate data or with datasets with a different provenance. This paper presents research-in-progress aimed at semantically transforming raw data on U.K. registered companies. The approach adopted is based on BORO (a 4D foundational ontology and re-engineering method) and the target technological platform is Neo4J (a graph database). The primary challenges encountered are (1) re-engineering the raw data into a 4D ontology and (2) representing the 4D ontology into a graph database. The paper will discuss such challenges and explain the transformation process that is currently being adopted.

Semantic search and retrieval methods have a great potentiality in helping customers to make choices, since they appear to outperform traditional keyword-based approaches. In this paper, we address

SemSim

, a semantic search method based on the well-known information content approach.

SemSim

has been experimented to be effective in a defined domain, namely the tourism sector. During experimentation, one of the first requests raised from the users concerned the possibility to explain, besides the typical output of a semantic search engine, why a given result was returned. In this paper we investigate

SemSim

with the aim of providing the user with an explanation about the motivations behind the ranked list of returned options, with graphical representations conceived to better visualize the results of the semantic search.

The influence of mainstream philosophy on conceptual modelling and on modelling language development has historically been arcane or, at best, not recognized, whilst modellers might in fact implicitly espouse one particular philosophical tenet. This paper describes and discusses philosophical stances applied to conceptual modeling in order to make such influences explicit so that we, as conceptual modellers, can take the next step.

The management of social phenomena in conceptual modelling requires a novel understanding of the notion of representation. In particular, the principles for the existence and identification of objects need to be reconsidered. To do this, the paper draws on the current ontological discourse in information systems engineering and proposes a sociomaterial ontology for supporting conceptual modeling. The ontology shows how organisational entities are grounded in physical ones and how they can be understood in terms of deontic notions like privileges, duties and powers. The sociomaterial ontology is able to assist designers in creating understandable and robust conceptual models.

Knowledge Organization (KO) is one of the main activities of the Information Science field.

The theoretical and epistemological inputs from Information Science have proved themselves crucial for the construction of new classification systems – the applied dimension of KO – which take into account the multidisciplinarity inherent to complex documents and which are capable of expressing their multidimensional nature.

This article discusses the theoretical grounding for the classification of popular songs and also presents the construction of an ontology-based system for this kind of complex document.

The

Object Role Modeling language

(

ORM

2) is nowadays the most widespread fact-based conceptual modeling language in the business world. Recently, it has been proposed an encoding of the core fragment of

ORM

2 (called

ORM

2

zero

) into the description logic

$\mathcal{ALCQI}$

, allowing the use of reasoning technologies in the analysis of the schemas. A number of services has been defined there based on the FO semantics of

ORM

2. On the other hand, in many application domains there is a need for the formalization and modeling of

defeasible information

and

non-monotonic

reasoning services. Here we formalize a possible way of introducing non-monotonic reasoning into

ORM

2 schemas, enriching the language with special set of new constraints.

Process-aware information systems must encompass business process flexibility support due to business needs and factors coming from assorted sources, changing market conditions, customer needs, and regulations. However, flexibility may not be always achieved by pre-specified processes whereby, when context information is only available at runtime, decision making should be deferred to execution time. The late selection pattern defers the selection of placeholder activities’ implementations, binding applicable process fragments at runtime. This paper presents the foundations of a novel approach for an end-to-end variability management of process models through late selection of fragments by means of: (i) managing process fragments separately from the base model, (ii) resolving variation points automatically considering constraints and context data at runtime, and (iii) enabling process fragment recommendations based on experience logs.

Data-intensive software systems work in different contexts for different users with the aim of supporting heterogeneous tasks in heterogeneous environments. Most of the operations carried out by data-intensive systems are interactions with data. Managing these complex systems means focusing the attention to the huge amount of data that have to be managed despite limited capacity devices where data are accessed. This rises the need of introducing adaptivity in accessing data as the key element for data-intensive systems to become reality. Currently, these systems are not supported during their lifecycle by a complete process starting from design to implementation and execution while taking into account the variability of accessing data. In this paper, we introduce the notion of data-intensive self-adaptive (DISA) systems as data-intensive systems able to perform context-dependent data accesses. We define a classification framework for adaptation and we identify the key challenges for managing the complete lifecycle of DISA systems. For each problem we envisage a possible solution and we present the technological support for an integrated implementation.

Typical SOA-based solution design involves development of multiple inter-connected models using model-driven development (MDD) techniques. Hence these models are first created in platform neutral form and subsequently transformed through decreasing levels of abstraction before getting into executable form. Therefore creating and reusing variations of these models, for the purpose of enhancing reuse is a difficult challenge. In our earlier work, we had proposed techniques for developing variability models and deriving valid variants of services in a SOA-based solution. But our earlier work lacked a formal semantics for modeling and generalizing variations at different levels of abstraction. In this paper, we present the formal semantics via our

Variability Algebra

. Via this algebra, we show how variation oriented design of SOA-based solutions can be made a formalized, repeatable and verifiable exercise that helps maximize reuse. We also demonstrate theoretical results that can help optimize the generation and integration of service variants into an SOA-based solution. Throughout this paper, we illustrate our ideas on a running example.

Software development enterprises need to tailor their own processes before enact them in order to ensure that they fit both the organization and the project. This necessity has, to date, been solved by providing these processes with variability support. Tailoring proposals have traditionally been focused on solving the problem of managing the variability of processes in order to facilitate their adaptation. Process tailoring has not, however, been considered as a solution to a wider problem consisting of the organization, project, laws and some other influencing factors that change according to each project, a problem that software processes must confront if they are to be successful. In this paper we enhance a tailoring framework in order to tackle changes in the context level of the process, and this variability is considered to drive the tailoring of the supporting processes. As a part of the enhanced framework, this paper analyzes the OMG’s Business Motivation Model (BMM) in order to apply it to the characterization of the organizational units as a part of the context variation factors, and to link them with subsequent process variations. The proposal is illustrated by means of an application example, which is based on a real industrial case and which has served as a proof of concept. The resulting conclusion is that since software process tailoring depends on the process context, so understanding and managing changes in the latter’s drive variability in software processes.

Software adaptation is becoming increasingly important as more and more applications need to dynamically adapt their structure and behavior to cope with changing contexts, available resources and user requirements. Maude is a high-performance reflective language and system, supporting both equational and rewriting logic specification and programming for a wide range of applications. In this paper we describe our experience in using Maude for prototyping and verifying self-adaptive systems. In order to illustrate the benefits of adopting a formal approach based on Maude to develop self-adaptive systems we present a case study in the robotics domain.

Software Product Line Engineering (SPLE) is an approach for software reuse. It concerns to produce customized software products as atomic or composite services to be reused in SOA-based applications. A common set of artifacts is used to build these services in a planned and managed way. The main purpose of SPLE is to explore commonalities and variabilities. The SPLE approach provides a strategic software reuse that can produce quality Software as a Service (SaaS) while cutting cost and reducing time-to-market. This paper proposes a process to construct services as Software Product Lines by using Model Driven techniques. The process combines the use of maps, visual techniques for SPL modeling, especially features diagrams and MD techniques. In addition to the process, we have developed a tool to support map, feature, and class diagrams modeling.

Bridging the gap between design and implementation stages has been a major concern that deplores designers, analysts and developers for quite a long time during the design and implementation of information systems in traditional environments. This issue grows to bigger dimension with the presence of cloud computing. Designing and modeling an Information System for the Cloud is a major and hard task that most of the traditional software engineering approaches fail to fulfill. In parallel, many respective organisations and respective researchers have highlighted a number of security and privacy challenges that are not present in traditional environments and need special attention when implementing or migrating information systems into a cloud environment. Thus, security and privacy are by themselves two areas that need special attention in the cloud era. This paper moves on to this direction. Specifically, it presents a number of privacy-oriented technical concepts that analysts need to consider when designing and modeling privacy-aware systems in a cloud environment. Also it suggest for every concept a number of implementation techniques that can assist developers in implementing the respective concepts.

Multi-party computation (MPC) is attractive for data owners who are interested in collaborating to execute queries without sharing their data. Since data owners in MPC do not trust each other, finding a secure protocol for

privacy-preserving

query processing is a major requirement for real world applications. This paper deals with

equality test

query among data of multiple data owners without revealing anyone’s private data to others. In order to nicely scale with large size data, we show how communication and computation costs can be reduced via a

bucketization

technique. Our bucketization requires the use of a trusted third party (TTP) only at the beginning of the protocol execution. Experimental tests on horizontally distributed data show the effectiveness of our approach.

Because an information system is used in different activities simultaneously today, we have to analyze usages of the system in the existing activities and to-be usages in an intended activity together. Especially, security aspects should be carefully analyzed because existing activities are not always secure. We propose a security requirements analysis method for resolving this problem. To take both existing and intended activities into account together, we integrate them on the basis of the unification of common actors. To explore possible attacks under integrated activities, we enumerate achievable attacks on the basis of the possible means in each actor with the help of security knowledge. To avoid or mitigate the attacks and to achieve fundamental goals, we disable some means or narrow down the means to be monitored with the help of propositional logic formulae. Through case studies on insurance business, we illustrated our idea.

Security must be a primary concern when engineering Future Internet (FI) systems and applications. In order to achieve secure solutions, we need to capture security requirements early in the Software Development Life Cycle (SDLC). Whereas the security community has traditionally focused on providing tools and mechanisms to capture and express hard security requirements (e.g. confidentiality), little attention has been paid to other important requirements such as trust and reputation. We argue that these soft security requirements can leverage security in open, distributed, heterogeneous systems and applications and that they must be included in an early phase as part of the development process. In this paper we propose a UML extension for specifying trust and reputation requirements, and we apply it to an eHealth case study.

In federated multimedia systems new services can be dynamically added or updated, thus a synergy effect related to integration of distributed communities of users and service providers can be observed. However, the inherent security limitation of such systems is implied by malicious host problem, particularly the risk that host software would be modified in order to e.g. violate data confidentiality. In the proposed model the distributed content consumers are provided with encryption scheme securing the confidentiality and integrity of the content roaming with them from host to host e.g. in federated virtual environment. The decryption keys, shared with threshold schemes, are produced in particles that correspond to the subsets of the multimedia content with respect to its structure. The scenes can be reconstructed collectively, but in a selective manner, according to the user privileges. In consequence, the model allows for placing content safely on virtual environment hosts and mitigates the problem of the host code that can be malicious.

Despite the development of many server-side approaches, SQL Injection (SQLI) vulnerabilities are still widely reported. A complementary approach is to detect the attack from the client-side (browser). This paper presents a client-side approach to detect SQLI attacks. The client-side accepts shadow SQL queries from the server-side and checks any deviation between shadow queries with dynamic queries generated with user supplied inputs. We propose four conditional entropy metrics to measure the deviation between the shadow query and dynamic query. We evaluate the approach with an open source PHP application. The results indicate that our approach can detect malicious inputs early at the client-side.

Existing risk assessment methods often rely on a context of a target software system at a particular point in time. Such contexts of long-living software systems tend to evolve over time. Consequently, risks might also evolve. Therefore, in order to deal with evolving risks, decision makers need to select an appropriate risk countermeasure alternative that is more resilient to evolution than others. To facilitate such decision, we propose a pioneer method taking the uncertainty of evolutions and outputs of a risk assessment to produce additional information about the evolution resilience of countermeasure alternatives.

Preserving information integrity represent an urgent need for safety critical systems, where depending on incorrect or inconsistent information may leads to disasters. Typically, information integrity is a problem handled at technical level (e.g., checksumming). However, information integrity has to be analyzed in the social-technical context of the system, since information integrity related problems might manifest themselves in the business processes and actors interactions. In this paper, we propose an extended version of

i*

/ secure Tropos modeling languages to capture information integrity requirements. We illustrate the Datalog formalization of the proposed concepts and analysis techniques to support the analyst in the verification of integrity related properties. Air Traffic Management (ATM) case study is used throughout the paper.