Security-Driven Information Flow Modelling for Component Integration in Complex Environments

Conceptualising and developing a new software solution is always a daunting task, even more so when existing technologies of international partners are to be integrated into a unique and holistic product, as is the case in many international research and innovation projects. The individual requirements not only of each tool, but of the resulting solution as a whole, must be considered as well as the problem domain. The approach presented in this paper uniquely combines existing structuring and modelling techniques, resulting in an information flow model and interface definition specifications appropriate for international projects. It is based on an approach developed for an EU cybersecurity project and for its specific requirements, but due to its flexibility seen as appropriate for other domains as well. Complex systems consisting of different existing software solutions are represented in a conceptual model of their internal processes and the connecting information flows, thereby facilitating further software development and adaptations. Additionally, the exact identification and accounting of all information flows are essential requirements for modelling according to security and privacy by design principles, as for example prescribed by privacy and impact assessment guides and required by the General Data Protection Regulation (GDPR).

[1]  Peter Checkland,et al.  Systems Thinking, Systems Practice , 1981 .

[2]  Jeffrey O. Grady System Engineering Planning and Enterprise Identity , 1995 .

[3]  Jan Bosch,et al.  Software Architecture: The Next Step , 2004, EWSA.

[4]  Jeff Kramer,et al.  Is abstraction the key to computing? , 2007, CACM.

[5]  Stewart Robinson,et al.  Conceptual modelling for simulation Part II: a framework for conceptual modelling , 2008, J. Oper. Res. Soc..

[6]  Stewart Robinson,et al.  Conceptual modelling for simulation Part I: definition and requirements , 2008, J. Oper. Res. Soc..

[7]  Saikou Y. Diallo,et al.  A Conceptual Modeling Method for Critical Infrastructure Modeling , 2008, 41st Annual Simulation Symposium (anss-41 2008).

[8]  Qing Li,et al.  Modeling and Analysis of Enterprise and Information Systems: From Requirements to Realization , 2009 .

[9]  Qing Li,et al.  Modeling and Analysis of Enterprise and Information Systems , 2009 .

[10]  Patrice Clemente,et al.  From a Generic Framework for Expressing Integrity Properties to a Dynamic mac Enforcement for Operating Systems , 2010, Trans. Comput. Sci..

[11]  Jean-Daniel Zucker,et al.  Abstraction in Artificial Intelligence and Complex Systems , 2013, Springer New York.

[12]  Panos Vassiliadis,et al.  Scheduling strategies for efficient ETL execution , 2013, Inf. Syst..

[13]  Marius Bozga,et al.  Model-Driven Information Flow Security for Component-Based Systems , 2014, FPS@ETAPS.

[14]  J. C. Jiang,et al.  Finding influential agent groups in complex multiagent software systems based on citation network analyses , 2015, Adv. Eng. Softw..

[15]  Levent Yilmaz,et al.  Paradigms for conceptual modeling , 2015, SpringSim.

[16]  Srividya Kona Bansal,et al.  Integrating Big Data: A Semantic Extract-Transform-Load Framework , 2015, Computer.

[17]  C. Martin 2015 , 2015, Les 25 ans de l’OMC: Une rétrospective en photos.

[18]  Valentina Ferretti,et al.  From stakeholders analysis to cognitive mapping and Multi-Attribute Value Theory: An integrated approach for policy support , 2016, Eur. J. Oper. Res..

[19]  Florence March,et al.  2016 , 2016, Affair of the Heart.

[20]  S. Hewitt,et al.  2008 , 2018, Los 25 años de la OMC: Una retrospectiva fotográfica.