Jan Jürjens

Bio: Jan Jürjens is an academic researcher from University of Koblenz and Landau. The author has contributed to research in topics: UMLsec & Security engineering. The author has an hindex of 36, co-authored 217 publications receiving 4618 citations. Previous affiliations of Jan Jürjens include Open University & Technische Universität München.

UMLsec: Extending UML for Secure Systems Development

Abstract: Developing secure-critical systems is difficult and there are many well-known examples of security weaknesses exploitedin practice. Thus a sound methodology supporting secure systems development is urgently needed.Our aim is to aid the difficult task of developing security-critical systems in an approach basedon the notation of the Unified Modeling Language. We present the extension UMLsec of UML that allows to express securityrelevant information within the diagrams in a system specification. UMLsec is defined in form of a UML profile using the standard UML extension mechanisms. In particular, the associatedc onstraints give criteria to evaluate the security aspects of a system design, by referring to a formal semantics of a simplifiedfragm ent of UML. We demonstrate the concepts with examples.

Towards Development of Secure Systems Using UMLsec

Abstract: We show how UML (the industry standard in object-oriented modelling) can be used to express security requirements during system development. Using the extension mechanisms provided by UML, we incorporate standard concepts from formal methods regarding multi-level secure systems and security protocols. These definitions evaluate diagrams of various kinds and indicate possible vulnerabilities.On the theoretical side, this work exemplifies use of the extension mechanisms of UML and of a (simplified) formal semantics for it. A more practical aim is to enable developers (that may not be security specialists) to make use of established knowledge on security engineering through the means of a widely used notation.

Formal Eavesdropping and Its Computational Interpretation

Abstract: We compare two views of symmetric cryptographic primitives in the context of the systems that use them. We express those systems in a simple programming language; each of the views yields a semantics for the language. One of the semantics treats cryptographic operations formally (that is, symbolically). The other semantics is more detailed and computational; it treats cryptographic operations as functions on bitstrings. Each semantics leads to a definition of equivalence of systems with respect to eavesdroppers. We establish the soundness of the formal definition with respect to the computational one. This result provides a precise computational justification for formal reasoning about security against eavesdroppers.

Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec

Abstract: Building secure systems is difficult for many reasons. This paper deals with two of the main challenges: (i) the lack of security expertise in development teams and (ii) the inadequacy of existing methodologies to support developers who are not security experts. The security standard ISO 14508 Common Criteria (CC) together with secure design techniques such as UMLsec can provide the security expertise, knowledge, and guidelines that are needed. However, security expertise and guidelines are not stated explicitly in the CC. They are rather phrased in security domain terminology and difficult to understand for developers. This means that some general security and secure design expertise are required to fully take advantage of the CC and UMLsec. In addition, there is the problem of tracing security requirements and objectives into solution design, which is needed for proof of requirements fulfilment. This paper describes a security requirements engineering methodology called SecReq. SecReq combines three techniques: the CC, the heuristic requirements editor HeRA, and UMLsec. SecReq makes systematic use of the security engineering knowledge contained in the CC and UMLsec, as well as security-related heuristics in the HeRA tool. The integrated SecReq method supports early detection of security-related issues (HeRA), their systematic refinement guided by the CC, and the ability to trace security requirements into UML design models. A feedback loop helps reusing experience within SecReq and turns the approach into an iterative process for the secure system life-cycle, also in the presence of system evolution.

Data security and consumer trust in FinTech innovation in Germany

Abstract: The purpose of this study is to empirically analyse the key factors that influence the adoption of financial technology innovation in the country Germany. The advancement of mobile devices and their usage have increased the uptake of financial technology (FinTech) innovation. Financial sectors and startups see FinTech as a gateway to increase business opportunities, but mobile applications and other technology platforms must be launched to explore such opportunities. Mobile application security threats have increased tremendously and have become a challenge for both users and FinTech innovators. In this paper, the authors empirically inspect the components that influence the expectations of both users and organizations to adopt FinTech, such as customer trust, data security, value added, user interface design and FinTech promotion. The empirical results definitely confirm that data security, customer trust and the user design interface affect the adoption of FinTech. Existing studies have used the Technology Acceptance Model (TAM) to address this issue. The outcomes of this study can be used to improve the performance of FinTech strategies and enable banks to achieve economies of scale for global intensity.,In this paper, the authors empirically consider factors that influence the expectations of both users and organizations in adopting FinTech, such as customer trust, data security, value added, the user design interface and FinTech promotion. The results confirm that customer trust, data security and the user design interface affect the adoption of FinTech. This research proposes a model called “Intention to adopt FinTech in Germany,” constructs of which were developed based on the TAM and five additional components, as identified. The outcomes of this study can be used to improve the performance of FinTech strategies and enable banks to achieve economies of scale for global intensity.,The authors demonstrated that the number of mobile users in Germany is rapidly increasing; yet the adoption of FinTech is extremely sluggish. It is intriguing to reckon that 99 per cent of respondents had mobile devices, but only 10 per cent recognized FinTech. Further, it is significantly discouraging to perceive that only 10 of the 209 respondents had ever used FinTech services, representing under 1 per cent of the surveyed respondents. It is obvious that the FinTech incubators and banks offering FinTech services need to persuade their customers regarding the usefulness and value added advantages of FinTech. This study has been carried out to determine the key factors that influence and provoke FinTech adoption.,There are a few limitations in this study. Initially, this study focuses on FinTech implementation in Germany and not the whole of Europe. In addition, demographic and regional factors could be consolidated to inspect their particular impact on the intention to use FinTech services, particularly among younger users with a high interest in technology. Without these constraints, the authors could have gathered additional data for a more robust result and obtained new knowledge to further upgrade polices to enhance the FinTech adoption process. Future analysts can assist exploration of this topic by altering determinants in the unified theory of acceptance and use of technology model. Additionally, because the cluster sampling technique was used, the reported outcomes are not 100 per cent generalized to the German population. To accomplish a complete generalization, a basic random sampling strategy for the whole population is essential. The authors could also alleviate some limitations by examining how online vendors are performing with regard to FinTech to satisfy the needs of customers via case studies.,This study was conducted in Germany and might have produced different results if held in other countries, as technology acceptance is different in a different environment. For instance, the authors suspect that the results would be somewhat different, were the research to be conducted in the United Kingdom, where take-up of FinTech appears to be far greater than in Germany. Therefore, the authors’ results are only generalized for the country of Germany and not other geographical areas. Furthermore, respondents may have been influenced by past experiences about FinTech usage which might have led them to neglect to answer some questions. In spite of this, this study did not consider the influence of moderating variables such as age, education and FinTech services experience. The authors also neglected social impact and control factors, as their corresponding items disregarded the instrument dependability. Accordingly, the authors could not quantify social impact and control factors on FinTech use.,The outcomes of this study can be used to improve the performance of FinTech strategies and enable banks to accomplish economies of scale for global intensity. The authors do hope that this paper will serve to encourage FinTech innovators in their approach to FinTech and enable FinTech researchers to use past work with more prominent certainty, resulting in rigid hypothesis improvement in the future.,A considerable amount of revenue has been invested in the information technology (IT) infrastructure of banks to enhance their performance, but investment in IT remains a substantial risk regarding the return on investment (Carlson, 2015). Most banks and financial organizations around the globe are engaging in an extreme pressure from their customers and competitors to enhance IT.

An overview of AspectJ

Abstract: Aspect] is a simple and practical aspect-oriented extension to Java With just a few new constructs, AspectJ provides support for modular implementation of a range of crosscutting concerns. In AspectJ's dynamic join point model, join points are well-defined points in the execution of the program; pointcuts are collections of join points; advice are special method-like constructs that can be attached to pointcuts; and aspects are modular units of crosscutting implementation, comprising pointcuts, advice, and ordinary Java member declarations. AspectJ code is compiled into standard Java bytecode. Simple extensions to existing Java development environments make it possible to browse the crosscutting structure of aspects in the same kind of way as one browses the inheritance structure of classes. Several examples show that AspectJ is powerful, and that programs written using it are easy to understand.

Model Driven Engineering

Abstract: The Object Management Group's (OMG) Model Driven Architecture (MDA) strategy envisages a world where models play a more direct role in software production, being amenable to manipulation and transformation by machine. Model Driven Engineering (MDE) is wider in scope than MDA. MDE combines process and analysis with architecture. This article sets out a framework for model driven engineering, which can be used as a point of reference for activity in this area. It proposes an organisation of the modelling 'space' and how to locate models in that space. It discusses different kinds of mappings between models. It explains why process and architecture are tightly connected. It discusses the importance and nature of tools. It identifies the need for defining families of languages and transformations, and for developing techniques for generating/configuring tools from such definitions. It concludes with a call to align metamodelling with formal language engineering techniques.

SecureUML: A UML-Based Modeling Language for Model-Driven Security

Abstract: We present a modeling language for the model-driven development of secure, distributed systems based on the Unified Modeling Language (UML). Our approach is based on role-based access control with additional support for specifying authorization constraints. We show how UMLcan be used to specify information related to access control in the overall design of an application and how this information can be used to automatically generate complete access control infrastructures. Our approach can be used to improve productivity during the development of secure distributed systems and the quality of the resulting systems.

Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Abstract: (1) Whereas the objectives of the Community, as laid down in the Treaty, as amended by the Treaty on European Union, include creating an ever closer union among the peoples of Europe, fostering closer relations between the States belonging to the Community, ensuring economic and social progress by common action to eliminate the barriers which divide Europe, encouraging the constant improvement of the living conditions of its peoples, preserving and strengthening peace and liberty and promoting democracy on the basis of the fundamental rights recognized in the constitution and laws of the Member States and in the European Convention for the Protection of Human Rights and Fundamental Freedoms;