Kristian Beckers

• Dr.-Ing., Dipl. Wirt.-Inform.
• Researcher at Siemens

In the last decade, companies adopted DevOps as a fast path to deliver software products according to customer expectations, with well aligned teams and in continuous cycles. As a basic practice, DevOps relies on pipelines that simulate factory swim-lanes. The more automation in the pipeline, the shorter a lead time is supposed to be. However, appl...

Many industrial software development processes today have to comply with security standards such as the IEC~62443-4-1. These standards, written in natural language, are ambiguous and complex to understand. This is especially true for non-security experts. Security practitioners thus invest much effort into comprehending standards and, later, into i...

Integrating security into agile software development is an open issue for research and practice. Especially in strongly regulated industries, complexity increases not only when scaling agile practices but also when aiming for compliance with security standards. To achieve security compliance in a large-scale agile context, we developed S2C-SAFe: An...

Many industrial software development processes today have to comply with security standards such as the IEC 62443-4-1. These standards, written in natural language, are ambiguous and complex to understand. This is especially true for non-security experts. Security practitioners thus invest much effort into comprehending standards and, later, into i...

Integrating security into agile software development is an open issue for research and practice. Especially in strongly regulated industries, complexity increases not only when scaling agile practices but also when aiming for compliance with security standards. To achieve security compliance in a large-scale agile context, we developed S2C-SAFe: An...

In the last decade, companies adopted DevOps as a fast path to deliver software products according to customer expectations, with well aligned teams and in continuous cycles. As a basic practice, DevOps relies on pipelines that simulate factory swim-lanes. The more automation in the pipeline, the shorter a lead time is supposed to be. However, appl...

Recent approaches to raise security awareness have improved a lot in terms of user-friendliness and user engagement. However, since social engineering attacks on employees are evolving fast, new variants arise very rapidly. To deal with recent changes, our serious game CyberSecurity Awareness Quiz provides a quiz on recent variants to make employee...

Recent approaches to raise security awareness have improved a lot in terms of user-friendliness and user engagement. However, since social engineering attacks on employees are evolving fast, new variants arise very rapidly. To deal with recent changes, our serious game Cy-berSecurity Awareness Quiz provides a quiz on recent variants to make employe...

Cyber security is always a main concern for critical infrastructures and nation-wide safety and sustainability. Thus, advanced cyber ranges and security training is becoming imperative for the involved organizations. This paper presets a cyber security training platform, called THREAT-ARREST. The various platform modules can analyze an organization...

Social engineering is the clever manipulation of human trust. While most security protection focuses on technical aspects, organisations remain vulnerable to social engineers. Approaches employed in social engineering do not differ significantly from the ones used in common fraud. This implies defence mechanisms against the fraud are useful to prev...

Companies are often challenged to modify and improve their software development processes in order to make them compliant with security standards. The complexity of these processes renders it difficult for practitioners to validate and foresee the effort required for compliance assessments. Further, performing gap analyses when processes are not ye...

Social engineering is the clever manipulation of human trust. While most security protection focuses on technical aspects, organisations remain vulnerable to social engineers. Approaches employed in social engineering do not differ significantly from the ones used in common fraud. This implies defence mechanisms against the fraud are useful to prev...

Compliance to security-standards for engineering secure software and hardware products is essential to gain and keep customers trust. In particular, industrial control systems (ICS) have a significant need for secure development activities. The standard IEC 62443-4-1 (4-1) is a novel norm that describes activities required to engineer secure produc...

Bei Social Engineering (SE) wird durch Beeinflussungen der Opfer versucht, ein bestimmtes Verhalten hervorzurufen und auszunutzen, um sensible Informationen zu beschaffen. Laut dem aktuellen Datensatz des Data Breach Investigations Report [1] enthalten 43 % aller Datendiebstähle einen SE-Angriff. Dabei ist der SE-Angriff oft der erste Schritt eines...

With agile methodologies increasingly being applied in regulated environments, security and compliance emerge as critical issues. Combining both concerns is challenging because security engineering techniques are often based on linear development. We propose a method for achieving continuous and secure development by mapping the requirements of sec...

The assessment of new vulnerabilities is an activity that accounts for information from several data sources and produces a `severity' score for the vulnerability. The Common Vulnerability Scoring System (\CVSS) is the reference standard for this assessment. Yet, no guidance currently exists on \emph{which information} aids a correct assessment and...

The assessment of new vulnerabilities is an activity that accounts for information from several data sources and produces a 'severity' score for the vulnerability. The Common Vulnerability Scoring System (CVSS) is the reference standard for this assessment. Yet, no guidance currently exists on which information aids a correct assessment and should...

Beiträge zum Rahmenwerk ITS|KRITIS, im Erscheinen

Recent efforts in practical symbolic execution have successfully mitigated the path-explosion problem to some extent with search-based heuristics and compositional approaches. Similarly, due to an increase in the performance of cheap multi-core commodity computers, fuzzing as a viable method of random mutation-based testing has also seen promise. H...

[Context/ Background]: With the increasing use of cyber-physical systems in complex socio-technical setups, mechanisms that hold specific entities accountable for safety and security incidents are needed. Although there exist models that try to capture and formalize accountability concepts, many of these lack practical implementations. We hence kno...

Modern socio-technical systems are increasingly complex. A fundamental problem is that the borders of such systems are often not well-defined a-priori, which among other problems can lead to unwanted behavior during runtime. Ideally, unwanted behavior should be prevented. If this is not possible the system shall at least be able to help determine p...

Modern socio-technical systems are increasingly complex. A fundamental problem is that the borders of such systems are often not well-defined a-priori, which among other problems can lead to unwanted behavior during runtime. Ideally, unwanted behavior should be prevented. If this is not possible the system shall at least be able to help determine p...

The automotive industry relies increasingly on computer technology in their cars, which malicious attackers can exploit. Therefore, the Original Equipment Manufacturers (OEMs) have to adopt security engineering practices in their development efforts, in addition to their safety engineering efforts. In particular, information assets that can undermi...

Social engineering is the clever manipulation of the human tendency to trust to acquire information assets. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Traditional penetration testing approaches often focus on vulnerabilities in network or software systems. Few approache...

Zur Unterstützung der digitalen Transformation im Bereich Smart Mobility und Smart City wurde das TUM Living Lab Connected Mobility (TUM LLCM) initiiert. Das Forschungsprojekt bündelt die einschlägigen Forschungs‑, Entwicklungs‑, und Innovations‐Kompetenzen der TU München in der Informatik und in der Verkehrsforschung. Im Projekt wird die Konzeptio...

Purpose This paper aims to outline strategies for defence against social engineering that are missing in the current best practices of information technology (IT) security. Reason for the incomplete training techniques in IT security is the interdisciplinary of the field. Social engineering is focusing on exploiting human behaviour, and this is not...

Zur Unterstützung der digitalen Transformation im Bereich Smart Mobility und Smart City wurde das TUM Living Lab Connected Mobility (TUM LLCM) initiiert. Das Forschungsprojekt bündelt die einschlägigen Forschungs-, Entwicklungs-, und Innovationskompetenzen der Technischen Universität München (TUM) in der Informatik und in der Verkehrsforschung. Im...

We propose a controlled experiment to assess how well creativity techniques can support social engineering threat assessment. Social engineering threats form the basis for the elicitation of security requirements , a type of quality requirement, which state what threat should be prevented or mitigated. The proposed experiment compares a serious gam...

Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud’s scalable and flexible IT-resources. The benefits are of particular interest for SME’s. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However,...

Social engineering is the acquisition of information about computer systems by methods that deeply include non- technical means. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Social engineering is a technique that: (i) does not require any (advanced) technical tools, (ii)...

The 2011 release of the first version of the ISO 26262 standard for automotive systems demand the elicitation of safety goals following a rigorous method for hazard and risk analysis. Companies are struggling with the adoption of the standard due to ambiguities, documentation demands and the alignment of the standards demands to existing processes....

The released ISO 26262 standard for automotive systems requires to create a hazard analysis and risk assessment and to create safety goals, to break down these safety goals into functional safety requirements in the functional safety concept, to specify technical safety requirements in the safety requirements specification, and to perform several v...

Social engineering is the acquisition of information about computer systems by methods that deeply include non- technical means. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Social engineering is a technique that: (i) does not require any (advanced) technical tools, (ii)...

Social engineering is the illicit acquisition of information about computer systems by primarily non-technical means. Although the technical security of most critical systems is usually being regarded in penetration tests, such systems remain highly vulnerable to attacks from social engineers that exploit human behavioural patterns to obtain inform...

Because human factors are a root cause of security breaches in many organisations, security awareness activities are often used to address problematic behaviours and improve security culture. Previous work has found that personas are useful for identifying audience needs & goals when designing and implementing awareness campaigns. We present a six-...

Social engineering is the acquisition of information about computer systems by methods that deeply include non-technical means. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Social engineering is a technique that: (i) does not require any (advanced) technical tools, (ii) c...

TheautomotiveindustryhassuccessfullycollaboratedtoreleasetheISO26262standard for developing safe software for cars. The standard describes in detail how to conduct hazard analysis and risk assessments to determine the necessary safety measures for each feature. However, the standard does not concern threat analysis for malicious attackers or how to...

Data-accountability encompasses responsibility for data and the traceability of data flows. This is becoming increasingly important for Socio-Technical Systems (STS). Determining root causes for unwanted events after their occurrence is often not possible, e.g. because of missing logs. A better traceability of root causes can be supported by the in...

Analyzing security from an attacker's perspective has been accepted as an effective approach for dealing with security requirements for complex systems. However, there is no systematic approach for constructing attack scenarios. As a result, the completeness of the derived attack scenarios is subject to the expertise of analysts. In this paper, we...

The released ISO 26262 standard for automotive systems requires several validation and verification activities. These validation and verification activities have to be planned and performed jointly by the OEMs and the suppliers. In this paper, we present a systematic, structured and model-based method to plan the required validation and verificatio...

The ever-growing complexity of systems makes their protection more challenging, as a single vulnerability or exposure of any component of the system can lead to serious security breaches. This problem is exacerbated by the fact that the system development community has not kept up with advances in attack knowledge. In this demo paper, we propose a...

Protecting socio-technical systems is a challenging task, as a single vulnerability or exposure of any component of the systems can lead to serious security breaches. This problem is exacerbated by the fact that the system development community has not kept up with advances in attack tactics. In this paper, we present ongoing research on the develo...

It is essential for building the right software system to elicit and analyze requirements. Writing requirements that can achieve the purpose of building the right system is only possible if the domain knowledge of the system-to-be and its environment is known and considered thoroughly. We consider this as the context problem of software development...

Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security st...

Engineering safe software for the automotive domain is challenging due to ever more complex systems. The safety standard ISO 26262 provides car manufactures in this effort with a guideline. In particular, the standard describes a hazard analysis and risk assessment for automotive systems to determine the necessary safety measures to be engineered f...

Software vendors have to build their customers’ trust through appropriate security functionalities of their products. The Common Criteria (ISO 15408) security standard provides an evaluation process for a software product, the application of which results in a set of documents that can be reviewed by a certification body. Creating this comprehensib...

Establishing an information security management system (ISMS) compliant to the ISO 27001 standard is a way for companies to gain their customers trust with regard to information security. Key challenges of establishing an ISO 27001 compliant ISMS are removing the standards’ ambiguities and providing an acceptable risk management approach. Risk mana...

Our context-patterns describe common elements, structures, and stakeholders for a specific domain such as cloud computing. In the previous chapters, we introduced our catalog of context-patterns, and our pattern language for context-patterns. The pattern language helps engineers to describe their own context-patterns and to understand the relations...

Establishing security standards is a challenging task, because the activities demanded by the standard have to be understood, executed, and well documented. We propose to ease the task by using security requirements engineering methods and patterns. Our Pattern- and sEcurity-rEquirements-engineeRing-based Establishment of Security Standards (PEERES...

We have shown in the contents of this book how to support the establishment of security standards with security requirements engineering methods and patterns. This final chapter of our book summarizes our research results and our key findings when applying our work and discussing the results with practitioners in the field. We reflect on their feed...

The establishment of an ISO 27001 security standard demands a description of the environment including its stakeholders and their security goals. Hence, goal-based security requirements engineering methods are an ideal fit for creating a methodology for supporting ISO 27001 compliance. In particular one type of stakeholder is of interest for a secu...

Working with security standards is difficult, because these are long and ambiguous texts. The time spent to understand what activities and documents are necessary to establish the standard is significant. Furthermore, comparing standards is even more time consuming, because this process has to be done multiple times. We propose a structured methodo...

In the beginning of every security analysis a Context Establishment aims at eliciting and understanding the system that shall be analyzed including its direct and indirect environment, the relevant stakeholders, other already established systems, and other entities that are directly or indirectly related to the system. For this purpose, we describe...

The previous chapter introduced our PACTS methodology that supports the establishment of a cloud-specific information security management system (ISMS) compliant to the ISO 27001 standard. In this chapter, we present the results of our collaboration with the industrial partners of the ClouDAT project. The ClouDAT project develops a method including...

The establishment of the ISO 27001 security standards is a difficult endeavor, due to ambiguity in its natural language text and sparse descriptions of the needed system analysis procedures. Security engineering methods provide guidance for a detailed and step-by-step security analysis within a given software engineering project. We propose not to...

The background that is required to follow the remainder of this book is provided in this chapter. We provide descriptions of security standards, which are supported by various methods and approaches presented in this book, namely the ISO 27001 and the Common Criteria. In addition, we show how to apply our research to the safety, as well. In contras...

A context-pattern describes common elements, structures, and stakeholders for a specific domain such as cloud computing. These commonalities for a context were obtained from observations about the domain from sources such as standards, domain specific-publications, domain experts, and guidelines. Existing context-patterns can be used for a structur...

Reputation as a decision criteria for whom to trust has been successfully adopted by a few internet-based businesses such as ebay or Amazon. Moreover, trust evaluation is becoming of increasing importance for future internet systems such as smart grids, because these contain potentially millions of users, their data, and a huge number of subsystems...

The acquisition of information about computer systems by mostly non-technical means is called social engineering. Most critical systems are vulnerable to social threats, even when technical security is high. Social engineering is a technique that: i does not require any advanced technical tools, ii can be used by anyone, iii is cheap, iv almost imp...

Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud's scalable and flexible IT-resources. The benefits are of particular interest for SME's. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However,...

Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud’s scalable and flexible IT-resources. The benefits are of particular interest for SME’s. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However,...

Social engineering is the acquisition of information about computer systems by methods that deeply include non-technical means. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Social engineering is a technique that: (i) does not require any (advanced) technical tools, (ii) c...

The released ISO 26262 standard for automotive systems requires breaking down safety goals from the hazard analysis and risk assessment into functional safety requirements in the functional safety concept. It has to be justified that the defined functional safety requirements are suitable to achieve the stated safety goals. In this paper, we presen...

Nowadays, IT-resources are often out-sourced to clouds to reduce administration and hardware costs of the own IT infrastructure. There are different deployment scenarios for clouds that heavily differ in the costs for deployment and maintenance, but also in the number of stakeholders involved in the cloud and the control over the data in the cloud....

In a previous EuroPlop publication we introduced a catalog of context-patterns. We described common structures and stakeholders for several different domains in our context-patterns. The common elements of the context were obtained from observations about the domain in terms of standards, domain specific-publications, and implementations. Whenever...

In a previous publication we introduced a catalog of context-patterns. Each context pattern describes common structures and stakeholders for a specific domain. The common elements of the context were obtained from observations about the domain in terms of standards, domain specific-publications, and implementations. Whenever the domain of a system-...

Cloud sourcing consists of outsourcing data, services and infrastructure to cloud providers. Even when this outsourcing model brings advantages to cloud customers, new threats also arise as sensitive data and critical IT services are beyond customers’ control. When an organization considers moving to the cloud, IT decision makers must select a clou...

Security and privacy concerns are essential in cloud computing scenarios, because cloud customers and end customers have to trust the cloud provider with their critical business data and even their IT infrastructure. In projects these are often addressed late in the software development life-cycle, because these are difficult to elicit in cloud sce...

Security standards, e.g., the Common Criteria (ISO 15408), are applied by software vendors to establish a level of confidence that the security functionality of their products and their applied assurance measures are sufficient. To get a Common Criteria certification, a comprehensible set of documents is necessary, including a detailed threat analy...

A smart grid is envisioned to enable a more economic, environmen- tal friendly, sustainable and reliable supply of energy. But significant security concerns have to be addressed for the smart grid, dangers range from threatened availability of energy, to threats of customer privacy. This paper presents a struc- tured method for identifying security...

Smart grid is an intelligent energy distribution system consisting of multiple information and communication technologies (ICT). One of the challenges for such complex and heterogeneous system as smart grid is to unite security analysis on a high level of abstraction and concrete behavioral attack patterns that exploit low-level vulnerabilities. We...

Smart grids are expected to scale over millions of users and provide numerous services over geographically distributed entities. Moreover, smart grids are expected to contain controllable local systems (CLS) such as fridges or heaters that can be controlled using the network communication technology of the grid. Security solutions that prevent harm...

It is increasingly difficult for customers to understand complex systems like clouds and to trust them with regard to security. As a result, numerous companies achieved a security certification according to the ISO 27001 standard. However, assembling an Information Security Management System (ISMS) according to the ISO 27001 standard is difficult,...

Established standards on security and risk management provide guidelines and advice to organizations and other stakeholders on how to fulfill their security needs. However, realizing and ensuring compliance with such standards may be challenging. This is partly because the descriptions are very generic and have to be refined and interpreted by secu...

A number of different security standards exist and it is difficult to choose the right one for a particular project or to evaluate if the right standard was chosen for a certification. These standards are often long and complex texts, whose reading and understanding takes up a lot of time. We provide a conceptual model for security standards that r...

Realizing security and risk management standards may be challenging , partly because the descriptions of what to realize are often generic and have to be refined by security experts. Removing this ambiguity is time intensive for security experts, because the experts have to interpret all the required tasks in the standard on their own. In our previ...

The released ISO 26262 standard requires a hazard analysis and risk assessment for automotive systems to determine the necessary safety measures to be implemented for a certain feature. In this paper, we present a structured and model-based hazard analysis and risk assessment method for automotive systems. The hazard analysis and risk assessment ar...

Assembling an information security management system (ISMS) according to the ISO 27001 standard is difficult, because the standard provides only very sparse support for system development and documentation. Assembling an ISMS consists of several difficult tasks, e.g., asset identification, threat and risk analysis and security reasoning. Moreover,...

Several requirements engineering methods exist that differ in their ab- straction level and in their view on the system-to-be. Two fundamentally different classes of requirements engineering methods are goal- and problem-based meth- ods. Goal-based methods analyze the goals of stakeholders towards the system- to-be. Problem-based methods focus on d...