Publikationen

Although being well-adopted and in widespread use, attribute-based access control (ABAC) remains a hard-to-master security paradigm in application software development. Despite considerable research towards ABAC policy engineering and ABAC policy correctness, this mainly is because there is still no unified workflow to encompass both the versatility of application domains and the strong guarantees promised by formal modeling methods. This work contributes to improving this situation. By presenting a flexible, yet highly formalized modeling scheme for designing and analyzing ABAC policies (DABAC), a reference implementation in Rust (dabac-rs), and a reference architecture for its integration into applications (AppSPEAR) including developer support (appspear-rs), we put together loose pieces of a tool-supported model-based security engineering workflow. The effectiveness of our approach is demonstrated based on a real-world engineering scenario.

Since the early 2000s, Model-driven engineering has aimed to accomplish executable UML models. With fUML and PSCS, the Object Management Group (OMG) published standardized specifications of precise semantics for certain parts of UML in the form of metamodels, which form an execution environment. A certain characteristic of these environments is that static information about a model is analyzed and evaluated during runtime. With composite structures being a concept for describing structural properties of a model, the majority of execution semantics specified by PSCS concern analysis and processing of such static information about the model’s fine-grained structure. Thus, the PSCS specification appears suitable for a generative realization approach. Using Model-To-Text-Transformation to generate source code, which serves as an input for the actual execution environment, the runtime level of model executions can be relieved by outsourcing analysis and processing of static information to the level of code generation. By inserting this preprocessing step, the performance of the actual model execution at runtime can be improved. This paper introduces an implementation of the PSCS specification for C++ based on code generation using Model-to-Text-Transformation. This also includes a generative approach to realize an extension mechanism of the fUML and PSCS execution environments by introducing user-defined semantic execution strategies. The proposed PSCS implementation was developed as a part of the MDE4CPP project. Moreover, this paper presents a set of test models validating the correct functionality of the implementation as well as a performance benchmark. Finally, analysis results of an application example for the presented realization are evaluated and discussed.

Dry electroencephalography (EEG) electrodes provide rapid, gel-free, and easy EEG preparation, but with limited wearing comfort. We propose a novel dry electrode comprising multiple tilted pins in a flower-like arrangement. The novel Flower electrode increases wearing comfort and contact area while maintaining ease of use. In a study with 20 volunteers, we compare the performance of a novel 64-channel dry Flower electrode cap to a commercial dry Multipin electrode cap in sitting and supine positions. The wearing comfort of the Flower cap was rated as significantly improved both in sitting and supine positions. The channel reliability and average impedances of both electrode systems were comparable. Averaged VEP components showed no considerable differences in global field power amplitude and latency, as well as in signal-to-noise ratio and topography. No considerable differences were found in the power spectral density of the resting state EEGs between 1 and 40 Hz. Overall, our findings provide evidence for equivalent channel reliability and signal characteristics of the compared cap systems in the sitting and supine positions. The reliability, signal quality, and significantly improved wearing comfort of the Flower electrode allow new fields of applications for dry EEG in long-term monitoring, sensitive populations, and recording in supine position.

In event processing systems, detected event patterns can reveal privacy-sensitive information. In this paper, we propose and discuss how to integrate pattern-level privacy protection in event-based systems. Compared to state-of-the-art approaches, we aim to enforce privacy independent of the particularities of specific operators. We accomplish this by supporting the flexible integration of multiple obfuscation techniques and studying deployment strategies for privacy-enforcing mechanisms. In addition, we share ideas on how to model the adversary's knowledge to select appropriate obfuscation techniques for the discussed deployment strategies. Initial results indicate that flexibly choosing obfuscation techniques and deployment strategies is essential to conceal privacy-sensitive event patterns accurately.

Stream processing is becoming increasingly important as the amount of data being produced, transmitted, processed, and stored continues to grow. One of the greatest difficulties in designing stream processing applications is estimating the final runtime performance in production. This is often complicated by differences between the development and final execution environments, unexpected outliers in the incoming data, or subtle long-term problems such as congestion due to bottlenecks in the pipeline. In this demonstration, we present an automated tool workflow for interactively simulating and exploring the performance characteristics of a stream processing pipeline in real-time. Changes to input data, pipeline structure, or operator configurations during the simulation are immediately reflected in the simulation results, allowing to interactively explore the robustness of the pipeline to outliers, changes in input data, or long-term effects.