Sven PeldszusRuhr-Universität Bochum | RUB · Computer Science
Sven Peldszus
About
34
Publications
2,313
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
153
Citations
Citations since 2017
Introduction
Today’s software systems are used on a long-term basis and often process security-critical data, so that keeping up with ever-changing security properties is vital to preserve their security. Model-based system development enables us to address security issues already in the the early phases of the software design (e.g. UML models). The continuous changes in the security assumptions and the design of software systems have to be reflected in both the system models (e.g. UML models) and the system’s implementation. The detection which change is necessary where has currently to be performed manually by developers.
I am studying approaches for automatic detection and execution of necessary changes on a single representation of the system and to keep all other representations synchronized.
Additional affiliations
June 2016 - December 2021
Education
June 2016 - December 2021
March 2014 - February 2016
Publications
Publications (34)
Effectively using software languages, be it programming or domain-specific languages, requires effective editing support. Modern IDEs, modeling tools, and code editors typically provide sophisticated support to create, comprehend, or modify instances—programs or models—of particular languages. Unfortunately, building such editing support is challen...
During the treatment of patients, lots of data is generated that has to be stored and made available to various experts. This ranges from the notes of a doctor at an office visit to large images, e.g., created by imaging devices such as ultrasonic sensors or computer tomography scanners. For the management of such data, Health Care Systems (HCS) ar...
Despite the benefits of software product lines, a growing amount of variability leads to combinatorial explosions of the product space and, consequently, to severe challenges. Notably, this applies to software engineering tasks such as refactorings, refinements, and evolution steps, which, to support systematic management, are often expressed as mo...
To the latest of our knowledge, GRaViTY is one of the first approaches allowing continuous and integrated model-based security engineering covering the whole software development life cycle. Still many related works exist target single parts of GRaViTY. In this chapter, we discuss related works regarding tracing and synchronization of changes, rela...
The continuous checking of a software system for security violations is one important task for ensuring the security compliance of a software system under development. Traditionally, security compliance is checked in manual security audits, e.g., as specified in the IEEE 1028-2009 standard for software reviews and audits. As the effort for such aud...
In the last decades, various concepts have been developed to support the development and maintenance of secure software systems. On the level of programming languages, concepts like Object-Orientation (OO) have been introduced to improve the structuring and reuse in programs. Those concepts have also been reflected in modeling languages like the Un...
While the approach presented in this thesis allows developers to develop and maintain secure software product lines, it is limited to projects that have initially developed using GRaViTY. In practice, software systems are often developed not using models as essential development artifacts at all. Nevertheless, informal modeling approaches are widel...
Considering the integration of the individual contributions of this thesis as a holistic framework is essential for judging the feasibility and usability of the GRaViTY framework for the development of secure software systems. Therefore, we evaluate in two case studies whether the GRaViTY framework is suitable to support the development of secure s...
Individually tailored variants of software systems have made our everyday lives considerably easier, and yet they give rise to a rapidly growing multitude of security threats. To allow dealing with these threats but also to allow traceability of security requirements on different system representations, we need an appropriate notation for security...
Maintaining software systems over time is challenging. Due to continuous changes in the software system, it is prone to structural decay which might give rise to anti-patterns. Anti-patterns qualify architectural decay in the large, involving several classes spread over the entire program and result in a higher effort for maintenance. Also, there i...
Several approaches exist to support security at design-time, e.g., using design-time models, but also statically during implementation and at run-time. Unfortunately, few approaches cover coupling these phases so far. Following our approach, during software development, different representations of a software system are created, e.g., to plan the s...
It is challenging to verify that the planned security mechanisms are actually implemented in the software. In the context of model-based development, the implemented security mechanisms must capture all intended security properties that were considered in the design models. Assuring this compliance manually is labor intensive and can be error-prone...
For ensuring a software system's security, it is vital to keep up with changing security precautions, attacks, and mitigations. Although model-based development enables addressing security already at design-time, design models are often inconsistent with the implementation or among themselves. An additional burden are variants of software systems....
The verification that planned security mechanisms are actually implemented in the software code is a challenging endeavor. In the context of model-based development, the implemented security mechanisms must capture all intended security properties that were considered in the design models. Assuring this compliance manually is labor intensive and ca...
Ontologies as a means to formally specify the knowledge of a domain of interest have made their way into information and communication technology. Most often, such knowledge is subject to continuous change, which demands for consistent evolution of ontologies and dependent artifacts. In this article, we study ontology evolution in the context of so...
In this chapter, we focus on the privacy and the security analyses of public administration (PA) systems regarding the privacy concerns and requirements. As it has been described in the architecture of VisiOn, the VisiOn Privacy Platform is composed of two frameworks and a common back-end that provides internal functionalities, data storage, etc.
The VisiOn Privacy Platform consists of a set of components and tools, which will work and collaborate in a single platform.
Today’s software systems are too complex to ensure security after the fact – security has to be built into systems by design. To this end, model-based techniques such as UMLsec support the design-time specification and analysis of security requirements by providing custom model annotations and checks. Yet, a particularly challenging type of complex...
We present our paper published at the 2019 edition of the International Conference on
Model Driven Engineering Languages and Systems (MODELS). During the development of
security-critical software, the system implementation must capture the security properties postulated by the architectural design. To iteratively guide the developer in discovering...
Software systems are continuously entering more and more parts of our lives and have to deal with a higher amount of sensitive data than ever before. At the same time, these software systems get more complex and have to be maintained over long periods. One approach to deal with the issues arising from these trends is model-driven software developme...
In recent years, blockchains became widely known for offering immutable and trust-free storage of arbitrary information. Blockchains also leverage smart contracts, a concept
for executing program code for modifying the blockchain state. While the characteristics of a blockchain, especially immutability, enable reliability in a trust-free environmen...
Paper as submitted to SE 2020 in Innsbruck. The paper will be presented on Wednesday, 26th of February in the session "Software Architektur, Design und Model-to-Code Mapping" at 2 pm in room 6.
https://se20.ocg.at/programm.html
During the development of security-critical software, the system implementation must capture the security properties postulated by the architectural design. This paper presents an approach to support secure data-flow compliance checks between design models and code. To iteratively guide the developer in discovering such compliance violations we int...
Today's software systems are too complex to ensure security after the fact – security has to be built into systems by design. To this end, model-based techniques such as UMLsec support the design-time specification and analysis of security requirements by providing custom model annotations and checks. Yet, a particularly challenging type of complex...
Die Digitale Transformation bedeutet für Firmen nicht nur die Erzeugung, Vernetzung und Verarbeitung von Daten in unternehmensinternen Prozessen, sondern auch eine engere datenbasierte Zusammenarbeit über Unternehmensgrenzen hinweg. Der Industrial Data Space bietet die dafür notwendige Dateninfrastruktur, indem er es ermöglicht, Daten dezentral (Pu...
We present CARiSMA, a tool that is originally designed to support model-based security analysis of IT systems. In our recent work, we added several new functionalities to CARiSMA to support the privacy of personal data. Moreover, we introduced a mechanism to assist the system designers to perform a CARiSMA analysis by automatically initializing an...
Design flaws in object-oriented programs may seriously corrupt code quality thus increasing the risk for introducing subtle errors during software maintenance and evolution. Most recent approaches identify design flaws in an ad-hoc manner, either focusing on software metrics, locally restricted code smells, or on coarse-grained architectural anti-p...
Modern Java IDE aim at assisting object-oriented software development workflows with continuously interleaved co-evolution steps of program editing and program refactoring. Program editing usually comprises manually performed program changes applied by a programmer at source code level. In contrast, refactorings consist of behavior-preserving progr...
Software more and more pervades our everyday lives. Hence, we have high requirements towards the trustworthiness of the software. Software testing greatly contributes to the quality assurance of modern software systems. However, as today’s software system get more and more complex and exist in many different variants, we need rigorous and systemati...
Projects
Projects (2)
The main research directions of GRaViTY are to study approaches for automatically detecting and performing necessary changes on a single representation of the system and to keep all other representations synchronized with this changed representation. Allowing developers to develop systems in a model-based manner and dealing with structural decay of long-living systems.
Therefore. we are proposing a model-based approach in which design models (e.g. specified in UML), source code (e.g. written in Java), and a program model (PM) for performing sophisticated analyses are continuously synchronized for covering the different phases of software development. Security as well as variability is introduced into the different artifacts as annotations. E.g. on UML models we can the UMLsec profile proposed by Jürjens for security annotations and for variability annotations Antenna preprocessor like statements as defined in Antenna.
