Stephan FaßbenderUniversity of Duisburg-Essen | uni-due · paluno - The Ruhr Institute for Software Technology
Stephan Faßbender
PHD Student
About
41
Publications
7,531
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
392
Citations
Introduction
Additional affiliations
August 2011 - present
April 2010 - July 2011
Education
October 2002 - March 2010
Publications
Publications (41)
An increase of process awareness within organizations and advances in IT systems led to a development of process-aware information systems (PAIS) in many organizations. UPROM is developed as a unified BPM methodology to conduct business process and user requirements analysis for PAIS in an integrated way. However, due to the purpose, granularity an...
Variability is a key factor of most systems. While there are many works covering variability in functionality, there is a research gap regarding variability in software qualities. There is an obvious imbalance between the importance of variability in the context of quality attributes, and the intensity of research in this area. To improve this situ...
Requirements engineers not only have to cope with the requirements of various stakeholders for complex software systems, they also have to consider several software qualities (e.g., performance, maintainability, security, and privacy) that the system-to-be shall address. In such a situation, it is challenging for requirements engineers to develop a...
Recently published reports on cybercrime indicate an ever-increasing number of security incidents related to IT systems. Many attacks causing the incidents abuse (in)directly one or more security defects. Fixing the security defect once fielded is costly. To avoid the defects and the subsequent need to fix them, security has to be considered thorou...
It is essential for building the right software system to elicit and analyze requirements. Writing requirements that can achieve the purpose of building the right system is only possible if the domain knowledge of the system-to-be and its environment is known and considered thoroughly. We consider this as the context problem of software development...
The design of software architecture for a system-to-be is a challenge, since required functionality as well as the desired quality requirements have to be considered. Building upon common knowledge and best practices captured in architectural patterns has shown to be valuable in this context. However, existing solutions for deriving architectures f...
The software architecture of a system-to-be affects the fulfillment of the desired quality requirements for this system. For building upon common knowledge and best practices, the use of architectural patterns in the software architecture has shown to be valuable. Besides their functional properties, each architectural pattern has benefits and liab...
Many software systems are designed to support variability, either at design time or at runtime. Hence, variability is a key factor of most systems. Variability itself covers two dimensions: functional variability and variability in software qualities. While there are many works covering variability in functionality, there is a research gap regardin...
To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers' confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an orga...
To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers' confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an orga...
High-quality software has to consider various quality issues and different stakeholder goals. Such diverse requirements may be conflicting, and the conflicts may not be visible at first sight. We propose a method to obtain an optimal set of requirements that contains
no conflicts and satisfies the stakeholder goals and quality requirements to the l...
In today’s world many products and services are highly dependent on software and information systems.With the growing importance of IT systems, legislators worldwide decided to regulate and enforce laws for IT systems. With respect to this situation, the impact of compliance on the development of IT systems becomes more and more severe. Hence, soft...
Nowadays, IT-resources are often out-sourced to clouds to reduce administration and hardware costs of the own IT infrastructure. There are different deployment scenarios for clouds that heavily differ in the costs for deployment and maintenance, but also in the number of stakeholders involved in the cloud and the control over the data in the cloud....
In a previous EuroPlop publication we introduced a catalog of context-patterns. We described common structures and stakeholders for several different domains in our context-patterns. The common elements of the context were obtained from observations about the domain in terms of standards, domain specific-publications, and implementations. Whenever...
In a previous publication we introduced a catalog of context-patterns. Each context pattern describes common structures and stakeholders for a specific domain. The common elements of the context were obtained from observations about the domain in terms of standards, domain specific-publications, and implementations. Whenever the domain of a system-...
In theory, software product lines are planned in advance, using established engineering methods. However, there are cases where commonalities and variabilities between several systems are only discovered after they have been developed individually as single systems. In retrospect, this leads to the hindsight that these systems should have been deve...
[Context] The ability to address the diverse interests of different stakeholders in a software project in a coherent way is one fundamental software quality. These diverse and maybe conflicting interests are reflected by the requirements of each stakeholder. [Problem] Thus, it is likely that aggregated requirements for a software system contain int...
Recently, there has been an increase of reported security incidents hitting large software systems. Such incidents can originate from different attackers exploiting vulnerabilities of different parts of a system. Hence, there is a need for enhancing security considerations in software development. It is crucial for requirements engineers to identif...
Nowadays, the requirements of various stakeholders for a system do not only increase the complexity of the system-to-be, but also contain different cross-cutting concerns. In such a situation, requirements engineers are really challenged to master the complexity and to deliver a coherent and complete description of the system-to-be. Hence, they are...
Assembling an information security management system (ISMS) according to the ISO 27001 standard is difficult, because the standard provides only very sparse support for system development and documentation. Assembling an ISMS consists of several difficult tasks, e.g., asset identification, threat and risk analysis and security reasoning. Moreover,...
Several requirements engineering methods exist that differ in their ab- straction level and in their view on the system-to-be. Two fundamentally different classes of requirements engineering methods are goal- and problem-based meth- ods. Goal-based methods analyze the goals of stakeholders towards the system- to-be. Problem-based methods focus on d...
In order to gain their customers' trust, software vendors can certify their products according to security standards, e.g., the Common Criteria (ISO 15408). However, a Common Criteria certification requires a comprehensible documentation of the software product. The creation of this documentation results in high costs in terms of time and money.
We...
Nowadays, many legislators decided to enact different laws, which all enforce legal and natural persons to deal more carefully with IT systems. Hence, there is a need for techniques to identify and analyze laws, which are relevant for an IT system. But identifying relevant compliance regulations for an IT system and aligning it to be compliant to t...
It is essential for building the right software system to elicit and analyze requirements. Requirements define what right is, without them a checking if the right software was built is impossible. Writing requirements that can achieve this purpose is only possible if the domain knowledge of the system-to-be and its environment is known and consider...
Recently, there has been an increase of reported privacy threats hitting large software systems. These threats can originate from stakeholders that are part of the system. Thus, it is crucial for software engineers to identify these privacy threats, refine these into privacy requirements, and design solutions that mitigate the threats.
In this pape...
Researchers often have to understand new knowledge areas, and identify research gaps and immature areas in them. They have to understand and link numerous publications to achieve this goal. This is difficult, because natural language has to be analyzed in the publications, and implicit relations between them have to be discovered. We propose to uti...
Assembling an information security management system according to the ISO 27001 standard is difficult, because the standard provides only sparse support for system development and documentation.
We analyse the ISO 27001 standard to determine what techniques and documentation are necessary and instrumental to develop and document systems according t...
The discipline of engineering secure software and services brings together researchers and practitioners from software, services, and security engineering. This interdisciplinary community is fairly new, it is still not well integrated and is therefore confronted with differing perspectives, processes, methods, tools, vocabularies, and standards. W...
Internet-scale applications require scalability that peer-to-peer (P2P) architectures provide. Traditional software engineering processes start with requirements and move onto architectures, software design, implementation, and testing. Choosing a P2P architecture, however, has significant constraints on the requirements of a given software enginee...
Considering legal aspects during software development is a challenging problem, due to the cross-disciplinary expertise required. The problem is even more complex for cloud computing systems, because of the international distribution, huge amounts of processed data, and a large number of stakeholders that own or process the data. Approaches exist t...
Nowadays many legislators decided to enact different laws, which all enforce legal and natural persons to deal more carefully with IT systems. Hence, there is a need for techniques to identify and analyze laws which are relevant for an IT system. But identifying relevant compliance regulations for an IT system and aligning it to be compliant is a c...
A context description of a software system and its environment is essential for any given software engineering process. Requirements define statements about the environment (according to Jackson's terminology). The context description of a Service-Oriented Architecture is difficult to provide, because of the variety of technical systems and stakeho...
The ISO 27000 is a well-established series of information security standards. The scope for applying these standards can be an organisation as a whole, single business processes or even an IT application or IT infrastructure. The context establishment and the asset identification are among the first steps to be performed. The quality of the results...