Data-minimization and fairness are fundamental data protection requirements to avoid privacy threats and discrimination. Violations of data protection requirements often result from: First, conflicts between security, data-minimization and fairness requirements. Second, data protection requirements for the organizational and technical aspects of a system that are currently dealt with separately, giving rise to misconceptions and errors. Third, hidden data correlations that might lead to influence biases against protected characteristics of individuals such as ethnicity in decision-making software. For the effective assurance of data protection needs,
it is important to avoid sources of violations right from the design modeling phase. However, a model-based approach that addresses the issues above is missing.
To handle the issues above, this thesis introduces a model-based methodology called MoPrivFair (Model-based Privacy & Fairness). MoPrivFair comprises three sub-frameworks: First, a framework that extends the SecBPMN2 approach to allow detecting conflicts between security, data-minimization and fairness requirements. Second, a framework for enforcing an integrated data-protection management throughout the development process based on a business processes model (i.e., SecBPMN2 model) and a software architecture model (i.e., UMLsec model) annotated with data protection requirements while establishing traceability. Third, the UML extension UMLfair to support individual fairness analysis and reporting discriminatory behaviors. Each of the proposed frameworks is supported by automated tool support.
We validated the applicability and usability of our conflict detection technique based on a health care management case study, and an experimental user study, respectively. Based on an air traffic management case study, we reported on the applicability of our technique for enforcing an integrated data-protection management. We validated the applicability of our individual fairness analysis technique using three case studies featuring a school management system, a delivery management system and a loan management system. The results show a promising outlook on the applicability of our proposed frameworks in real-world settings.
In recent development, attempts have been made to integrate UML and OWL into one hybrid modeling language, namely TwoUse. This aims at making use of the benefits of both modeling languages and overcoming the restrictions of each. In order to create a modeling language that will actually be used in software development an integration with OCL is needed. This integration has already been described at the contextual level in, however an implementation is lacking so far. The scope of this paper is the programatical implementation of the integration of TwoUse with OCL. In order to achieve this, two different OCL implementations that already provide parsing and interpretation functionalities for expressions over regular UML. This paper presents two attempts to extend existing OCL implementations, as well as a comparison of the existing approaches.
Simulation mit VNUML
(2008)
Diese Studienarbeit soll als Einführung in das Thema Netzwerksimulation dienen und unter anderem auch als Einstiegs-Referenz für zukünftige Besucher der Rechnernetze-Veranstaltungen an der Universität Koblenz nutzbar sein. Die Ausarbeitung beginnt mit den Grundlagen zu UML und VNUML und beschreibt dann die Installation, Konfiguration und das Arbeiten mit dem Netzwerksimulator sowie oft genutzter Tools. Im Anschluss daran werden konkrete Anwendungsfelder vorgestellt: der simulierte Einsatz des Paketfilter iptables zur Realisierung von Firewalls und NAT, verschiedene Netzwerkdienste und zuguterletzt simuliertes Routing mit der quagga-Suite.
This paper shows how multiagent systems can be modeled by a combination of UML statecharts and hybrid automata. This allows formal system specification on different levels of abstraction on the one hand, and expressing real-time system behavior with continuous variables on the other hand. It is not only shown how multi-robot systems can be modeled by a combination of hybrid automata and hierarchical state machines, but also how model checking techniques for hybrid automata can be applied. An enhanced synchronization concept is introduced that allows synchronization taking time and avoids state explosion to a certain extent.