Abstract: Although security and privacy by design underpin effective engineering of software intensive systems, the dynamic reality of modern information systems means that such systems are the subject of changes of many different forms that can affect their operational environment, their behaviour, and the behaviour of their users, both legitimate and malicious. Systems must therefore be adaptive by design, in order to adapt effectively at runtime. In particular, these systems must be able to adapt their security and privacy controls, both proactively or in response to a variety of changes in their environment, in the threats they face, and in the assets they are required to protect. This talks presents both empirical and engineering challenges to achieving adaptive security and privacy in information systems. Acknowledging that information systems are increasingly both socio-technical and cyber-physical, the talk explores the impact of cyber-physical-social boundaries and their effective management when engineering secure, privacy-aware, and forensics-ready systems.
Bashar Nuseibeh is a Professor of Computing at The Open University (Director of Research 2001-2008) and a Professor of Software Engineering at Lero - The Irish Software Research Centre (Chief Scientist 2009-2012). He is also a Visiting Professor and University College London (UCL) and the National Institute of Informatics (NII), Tokyo, Japan. Previously, he was a Reader in Computing at Imperial College London, Head of its Software Engineering Laboratory, and a Visiting Professor (2005-2015). His current research interests lie at the intersection of requirements engineering, adaptive systems, and security and privacy. He served as Editor-in-Chief of IEEE Transactions on Software Engineering and of the Automated Software Engineering Journal, and currently serves as an Associate Editor of ACM Transactions on Software Engineering and Methodology and Software Engineering Editor of ACM Books. He chaired the Steering Committee of the International Conference on Software Engineering (ICSE) and IFIP Working Group 2.9 on Requirements Engineering.
Bashar received an ICSE Most Influential Paper Award, a Philip Leverhulme Prize, an Automated Software Engineering Fellowship, and a Senior Research Fellowship of the Royal Academy of Engineering. He was the recipient of the ACM SIGSOFT Distinguished Service Award (2015) and an IFIP Outstanding Service Award (2009). His research work crosses a number of discipline boundaries in computing, and has received research awards in Software Engineering (e.g.,ICSE/RE), Logic Programming (e.g., ICLP), Human-Computer Interaction (e.g., CHI), natural language processing (e.g., MedNLP), and security and privacy (e.g., TrustCom). He currently holds a Royal Society-Wolfson Merit Award and two European Research Council (ERC) awards, including an ERC Advanced Grant on 'Adaptive Security and Privacy'. More information at http://nuseibeh.com.
Research Methods and Examples of Empirical Research in Information Security
Abstract: Over the last years, there is an increasing number of descriptive works observing and describing complex phenomena, e.g., the efficiency of different spam campaigns, the distribution of bots, or the likelihood of users to accept false identities as friends in social networks. These studies are characterized by large sets of samples.
Future research will focus on networks and cloud systems; the research methodology will be empirical systems security: (1) passively observing large systems and (2) active probing that stimulates revealing behavior of the systems. The research contribution lies in observing, describing and inferring the behavior of complex systems that cannot be directly observed and have a large impact on users.
In this presentation we will look at how we can measure whether ISPs implement peering, if they adhere to net neutrality and we will also look at aspects of privacy.
Edgar R. Weippl (CISSP, CISA, CISM, CRISC, CSSLP, CMC) is Research Director of SBA Research and associate professor (Privatdozent) at the Vienna University of Technology and teaches at several universities of applied sciences (Fachhochschulen). His research focuses on applied concepts of IT-security; he is on the editorial board of Elsevier’s Computers & Security journal (COSE), general chair of ACM CCS 2016 and PC Chair of SACMAT 2017.
After graduating with a Ph.D. from the Vienna University of Technology, Edgar worked for two years in a research startup. He spent one year teaching as an assistant professor at Beloit College, WI. From 2002 to 2004, while with the software vendor ISIS Papyrus, he worked as a consultant for an HMO in New York, NY and Albany, NY, and for the financial industry in Frankfurt, Germany. In 2004 he joined the Vienna University of Technology and founded together with A Min Tjoa and Markus Klemen the research center SBA Research.
Conceptual Modelling: how to do it right?
Abstract: Providing individual and immediate feedback in educational situations is a critical factor for improving knowledge and skills acquisition. This is especially important for complex ill-structured learning tasks, i.e. tasks that are characterized by having multiple good solutions (ill-structured), allowing individual learners to follow different routes for achieving the final learning objectives, and having non-evident interactions between the different concepts in the problem domain. Conceptual modelling is an example of such complex learning task as it requires rigorous analytical skills and experience to externalize requirements into high-quality formal representations - conceptual models. These skills are very difficult to teach to novice modellers mainly due to the lack of tools that can continuously guide them in the learning process. In this talk, I will report about the use of automated feedback and simuation to guide the student's learning process for conceptual modelling. Furthermore, lessons from student modelling behaviour as observed from logging the modelling process of students will be presented. The findings include a set of typical modeling and validation patterns that can be used to improve teaching guidance for domain modeling courses. From a scientific viewpoint, the outcomes of the work can be inspirational outside of the area of domain modeling as learning event data is becoming readily available through virtual learning environments and other information systems.
Monique Snoeck holds a PhD in computer science from the KU Leuven. She is full professor in the Department of Decision Sciences and Information Management of the Faculty of Economics and Business of the KU Leuven and visiting professor at the University of Namur (UNamur). She has a strong research track in conceptual modeling, requirements engineering, software architecture, model-driven engineering and business process management. Main guiding research themes are domain modelling, business process modelling, model quality, model-driven engineering, and e-learning. Previous research has resulted in the Enterprise Information Systems Engineering approach MERODE, and its companion e-learning and prototyping tool JMermaid. She is author of 2 books, (co)-author of over 40 peer-reviewed journal papers and 60 peer-reviewed conference papers.