Publications

2018

• C. Schuppler, M. Leitner, and S. Rinderle-Ma, “Privacy-aware data assessment of online social network registration processes,” in Proceedings of the eighth acm conference on data and application security and privacy, New York, NY, USA, 2018, p. 167–169. doi:10.1145/3176258.3176950
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  Privacy and security research has been very active concerning online social networks (OSN) as a vast amount of personal information is used and published (by users) within OSNs. However, most people do not pay attention on what personal information they provide during registration. Depending on what information is provided in (public) OSN profiles, that data might be misused by attackers e.g., for cross-site profile cloning. This paper assesses data provided by the user during the registration of OSNs. Therefore, it is investigated how OSN registration processes are typically modeled, which information is needed to create a profile in OSNs and which attack scenarios can occur based on the provided data. The results contribute to the understanding of OSN registration process design as well as requested data and to replicate and reuse processes for further privacy and security investigations.

  @inproceedings{SchupplerLR_privacy-aware_2018,
  address = {New York, NY, USA},
  series = {{CODASPY} '18},
  title = {Privacy-aware Data Assessment of Online Social Network Registration Processes},
  isbn = {978-1-4503-5632-9},
  url = {http://doi.acm.org/10.1145/3176258.3176950},
  doi = {10.1145/3176258.3176950},
  booktitle = {Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy},
  publisher = {ACM},
  author = {Schuppler, Christine and Leitner, Maria and Rinderle-Ma, Stefanie},
  year = {2018},
  abstract = {Privacy and security research has been very active concerning online social networks (OSN) as a vast amount of personal information is used and published (by users) within OSNs. However, most people do not pay attention on what personal information they provide during registration. Depending on what information is provided in (public) OSN profiles, that data might be misused by attackers e.g., for cross-site profile cloning. This paper assesses data provided by the user during the registration of OSNs. Therefore, it is investigated how OSN registration processes are typically modeled, which information is needed to create a profile in OSNs and which attack scenarios can occur based on the provided data. The results contribute to the understanding of OSN registration process design as well as requested data and to replicate and reuse processes for further privacy and security investigations.},
  note ={Poster},
  pages = {167--169}
  }

• Digitale Bürgerbeteiligung: Forschung und Praxis – Chancen und Herausforderungen der elektronischen Partizipation, M. Leitner, Ed., Wiesbaden: Springer Vieweg, 2018. doi:10.1007/978-3-658-21621-4
  [BibTeX] [Abstract] [URL]
  

  Bürgerbeteiligung, d. h. die Beteiligung der Bürgerinnen und Bürger an politischen Planungsprozessen oder Entscheidungen, wird bereits in Deutschland, Österreich und der Schweiz gefördert und gelebt. In Zeiten der Digitalisierung werden immer häufiger technische Applikationen zur elektronischen Partizipation (E-Partizipation) eingesetzt. Die Nutzung von Technologien bietet Chancen und Herausforderungen gleichermaßen, so zum Beispiel in den Bereichen Sicherheit, Datenschutz und nutzerorientierte Gestaltung. Das Buch greift genau diese Themen im Bereich der E-Partizipation auf und erläutert insbesondere Gestaltungsaspekte der digitalen Bürgerbeteiligung. Es kombiniert aktuelle Forschungsergebnisse mit bestehenden Theorien der E-Partizipation und bietet eine umfassende, interdisziplinäre Analyse aus sozialwissenschaftlicher, rechtlicher und technologischer Perspektive. Schutz der Privatsphäre und Sicherheit sind dabei zentrale Aspekte des Buches, die langfristig das Vertrauen in digitale Bürgerbeteiligung fördern können.

  @book{Leitner_digitale_2018,
  title = {Digitale {Bürgerbeteiligung}: {Forschung} und {Praxis} – {Chancen} und {Herausforderungen} der elektronischen {Partizipation}},
  isbn = {978-3-658-21620-7},
  shorttitle = {Digitale {Bürgerbeteiligung}},
  url = {https://doi.org/10.1007/978-3-658-21621-4},
  doi = {10.1007/978-3-658-21621-4},
  abstract = {Bürgerbeteiligung, d. h. die Beteiligung der Bürgerinnen und Bürger an politischen Planungsprozessen oder Entscheidungen, wird bereits in Deutschland, Österreich und der Schweiz gefördert und gelebt. In Zeiten der Digitalisierung werden immer häufiger technische Applikationen zur elektronischen Partizipation (E-Partizipation) eingesetzt. Die Nutzung von Technologien bietet Chancen und Herausforderungen gleichermaßen, so zum Beispiel in den Bereichen Sicherheit, Datenschutz und nutzerorientierte Gestaltung. Das Buch greift genau diese Themen im Bereich der E-Partizipation auf und erläutert insbesondere Gestaltungsaspekte der digitalen Bürgerbeteiligung. Es kombiniert aktuelle Forschungsergebnisse mit bestehenden Theorien der E-Partizipation und bietet eine umfassende, interdisziplinäre Analyse aus sozialwissenschaftlicher, rechtlicher und technologischer Perspektive. Schutz der Privatsphäre und Sicherheit sind dabei zentrale Aspekte des Buches, die langfristig das Vertrauen in digitale Bürgerbeteiligung fördern können.},
  publisher = {Springer Vieweg},
  editor = {Leitner, Maria},
  address = {Wiesbaden},
  year = {2018}
  }

• M. Leitner, A. Bonitz, W. Hötzendorfer, O. Terbu, S. Vogl, and S. Zehetbauer, “Design und Entwicklung eines E-Partizipationsökosystems,” in Digitale Bürgerbeteiligung: Forschung und Praxis – Chancen und Herausforderungen der elektronischen Partizipation, M. Leitner, Ed., Wiesbaden: Springer Fachmedien Wiesbaden, 2018, p. 163–187. doi:10.1007/978-3-658-21621-4_7
  [BibTeX] [Abstract] [URL]
  

  Um elektronische Beteiligung generell zu ermöglichen, werden sozio-technische Informationssysteme, unabhängig von deren Ausprägung und Reichweite, entworfen und entwickelt. Die Auswahl und Gestaltung der Systeme kann maßgeblich am Erfolg oder Misserfolg von Bürgerbeteiligungen sein. Daher ist es von Beginn an wichtig, die Anforderungen und Funktionalitäten, die ein System unterstützen soll, zu kennen. Das System bildet die Basis für elektronische Beteiligung und ist Teil eines E-Partizipationsökosystems. Das Ökosystem umfasst auch die Gemeinschaft (z. B. StakeholderInnen, BürgerInnen, Wirtschaftstreibende etc.) und weitere Bedingungen (z. B. Gesetzesvorgaben etc.), die auch von der elektronischen Beteiligung direkt oder indirekt betroffen sind. Um dies vollständig zu erfassen, werden in diesem Kapitel das Design und die Entwicklung des Ökosystems analysiert, insbesondere unter dem Aspekt der Wahrung der Sicherheit und Privatsphäre.

  @incollection{Leitner_design_2018,
  address = {Wiesbaden},
  title = {Design und {Entwicklung} eines {E}-{Partizipationsökosystems}},
  isbn = {978-3-658-21621-4},
  url = {https://doi.org/10.1007/978-3-658-21621-4_7},
  abstract = {Um elektronische Beteiligung generell zu ermöglichen, werden sozio-technische Informationssysteme, unabhängig von deren Ausprägung und Reichweite, entworfen und entwickelt. Die Auswahl und Gestaltung der Systeme kann maßgeblich am Erfolg oder Misserfolg von Bürgerbeteiligungen sein. Daher ist es von Beginn an wichtig, die Anforderungen und Funktionalitäten, die ein System unterstützen soll, zu kennen. Das System bildet die Basis für elektronische Beteiligung und ist Teil eines E-Partizipationsökosystems. Das Ökosystem umfasst auch die Gemeinschaft (z. B. StakeholderInnen, BürgerInnen, Wirtschaftstreibende etc.) und weitere Bedingungen (z. B. Gesetzesvorgaben etc.), die auch von der elektronischen Beteiligung direkt oder indirekt betroffen sind. Um dies vollständig zu erfassen, werden in diesem Kapitel das Design und die Entwicklung des Ökosystems analysiert, insbesondere unter dem Aspekt der Wahrung der Sicherheit und Privatsphäre.},
  booktitle = {Digitale {Bürgerbeteiligung}: {Forschung} und {Praxis} – {Chancen} und {Herausforderungen} der elektronischen {Partizipation}},
  publisher = {Springer Fachmedien Wiesbaden},
  author = {Leitner, Maria and Bonitz, Arndt and Hötzendorfer, Walter and Terbu, Oliver and Vogl, Stefan and Zehetbauer, Sebastian},
  editor = {Leitner, Maria},
  year = {2018},
  doi = {10.1007/978-3-658-21621-4_7},
  pages = {163--187}
  }

• A. Bonitz, M. Leitner, B. Rinnerbauer, J. Schoßböck, O. Terbu, S. Vogl, and S. Zehetbauer, “Technologien für digitale Bürgerbeteiligungsverfahren,” in Digitale Bürgerbeteiligung: Forschung und Praxis – Chancen und Herausforderungen der elektronischen Partizipation, M. Leitner, Ed., Wiesbaden: Springer Fachmedien Wiesbaden, 2018, p. 99–125. doi:10.1007/978-3-658-21621-4_5
  [BibTeX] [Abstract] [URL]
  

  Das Kapitel „Technologien für digitale Bürgerbeteiligungsverfahren“ beschreibt ausgewählte, aktuelle Standards und Technologien, die für die Umsetzung von digitalen Bürgerbeteiligungsverfahren aus Sicht eines Entwicklers oder Betreibers einer Beteiligungsplattform wichtig sind. Das Kapitel liefert unter Bezugnahme auf existierende E-Partizipationsplattformen eine Beschreibung der verwendeten Basistechnologien. Dabei wird sowohl auf Webtechnologien als auch auf Technologien für mobile Endgeräte eingegangen. Ein großer Schwerpunkt des Kapitels liegt auf dem Thema „Elektronische Identitäten“ sowie den verschiedenen Verfahren, die zur Authentifizierung dieser Identitäten eingesetzt werden können. Die Vor- und Nachteile der unterschiedlichen Formen von elektronischen Identitäten werden in eine finale Empfehlung zur Nutzung von elektronischen Identitäten in den jeweiligen Stufen der Partizipation aufgegriffen und gegeneinander abgewogen.

  @incollection{Bonitz_technologien_2018,
  address = {Wiesbaden},
  title = {Technologien für digitale {Bürgerbeteiligungsverfahren}},
  isbn = {978-3-658-21621-4},
  url = {https://doi.org/10.1007/978-3-658-21621-4_5},
  abstract = {Das Kapitel „Technologien für digitale Bürgerbeteiligungsverfahren“ beschreibt ausgewählte, aktuelle Standards und Technologien, die für die Umsetzung von digitalen Bürgerbeteiligungsverfahren aus Sicht eines Entwicklers oder Betreibers einer Beteiligungsplattform wichtig sind. Das Kapitel liefert unter Bezugnahme auf existierende E-Partizipationsplattformen eine Beschreibung der verwendeten Basistechnologien. Dabei wird sowohl auf Webtechnologien als auch auf Technologien für mobile Endgeräte eingegangen. Ein großer Schwerpunkt des Kapitels liegt auf dem Thema „Elektronische Identitäten“ sowie den verschiedenen Verfahren, die zur Authentifizierung dieser Identitäten eingesetzt werden können. Die Vor- und Nachteile der unterschiedlichen Formen von elektronischen Identitäten werden in eine finale Empfehlung zur Nutzung von elektronischen Identitäten in den jeweiligen Stufen der Partizipation aufgegriffen und gegeneinander abgewogen.},
  booktitle = {Digitale {Bürgerbeteiligung}: {Forschung} und {Praxis} – {Chancen} und {Herausforderungen} der elektronischen {Partizipation}},
  publisher = {Springer Fachmedien Wiesbaden},
  author = {Bonitz, Arndt and Leitner, Maria and Rinnerbauer, Bettina and Schoßböck, Judith and Terbu, Oliver and Vogl, Stefan and Zehetbauer, Sebastian},
  editor = {Leitner, Maria},
  year = {2018},
  doi = {10.1007/978-3-658-21621-4_5},
  pages = {99--125}
  }

• M. Leitner, “Einleitung,” in Digitale Bürgerbeteiligung: Forschung und Praxis – Chancen und Herausforderungen der elektronischen Partizipation, M. Leitner, Ed., Wiesbaden: Springer Fachmedien Wiesbaden, 2018, p. 1–9. doi:10.1007/978-3-658-21621-4_1
  [BibTeX] [Abstract] [URL]
  

  Bürgerbeteiligung gibt es in sehr vielen Städten, Gemeinden, Kommunen, Bundesländern oder auf Bundesebene in vielen Ländern wie zum Beispiel Deutschland, Österreich und der Schweiz. BürgerInnen scheuen sich nicht davor, sich an der Gestaltung unserer Gesellschaft zu beteiligen und ergreifen oftmals auch die Initiative. In den letzten 10 Jahren hat eine Vielzahl an privat initiierten Bürgerinitiativen bzw. Bürgerprotesten, insbesondere zu Infrastrukturprojekten, immer wieder für mediales Aufsehen gesorgt. In Zeiten der Digitalisierung werden immer häufiger auch webbasierte oder mobile Applikationen (d. h. online – über das Internet) zur elektronischen Beteiligung (auch Partizipation genannt) eingesetzt. Die Nutzung von Technologien bietet Chancen und Herausforderungen wie zum Beispiel Sicherheit, Datenschutz, nutzerorientierte Gestaltung sowie die Evaluierung und Darstellung von Resultaten. Dieses Kapitel gibt einen Überblick über die Inhalte des Buches und den interdisziplinären Ansatz, den es verfolgt.

  @incollection{Leitner_einleitung_2018,
  address = {Wiesbaden},
  title = {Einleitung},
  isbn = {978-3-658-21621-4},
  url = {https://doi.org/10.1007/978-3-658-21621-4_1},
  abstract = {Bürgerbeteiligung gibt es in sehr vielen Städten, Gemeinden, Kommunen, Bundesländern oder auf Bundesebene in vielen Ländern wie zum Beispiel Deutschland, Österreich und der Schweiz. BürgerInnen scheuen sich nicht davor, sich an der Gestaltung unserer Gesellschaft zu beteiligen und ergreifen oftmals auch die Initiative. In den letzten 10 Jahren hat eine Vielzahl an privat initiierten Bürgerinitiativen bzw. Bürgerprotesten, insbesondere zu Infrastrukturprojekten, immer wieder für mediales Aufsehen gesorgt. In Zeiten der Digitalisierung werden immer häufiger auch webbasierte oder mobile Applikationen (d. h. online – über das Internet) zur elektronischen Beteiligung (auch Partizipation genannt) eingesetzt. Die Nutzung von Technologien bietet Chancen und Herausforderungen wie zum Beispiel Sicherheit, Datenschutz, nutzerorientierte Gestaltung sowie die Evaluierung und Darstellung von Resultaten. Dieses Kapitel gibt einen Überblick über die Inhalte des Buches und den interdisziplinären Ansatz, den es verfolgt.},
  booktitle = {Digitale {Bürgerbeteiligung}: {Forschung} und {Praxis} – {Chancen} und {Herausforderungen} der elektronischen {Partizipation}},
  publisher = {Springer Fachmedien Wiesbaden},
  author = {Leitner, Maria},
  editor = {Leitner, Maria},
  year = {2018},
  doi = {10.1007/978-3-658-21621-4_1},
  pages = {1--9}
  }

• Cyber Situational Awareness in Public-Private-Partnerships: Organisationsübergreifende Cyber-Sicherheitsvorfälle effektiv bewältigen, F. Skopik, T. Páhi, and M. Leitner, Eds., Springer Vieweg, 2018. doi:10.1007/978-3-658-21621-4
  [BibTeX] [Abstract] [URL]
  

  Digitale Dienste werden für unsere Gesellschaft immer wichtiger, daher gelangen sie auch stärker ins Visier von Wirtschaftskriminellen, Spionen, Terroristen oder staatsfeindlichen Gruppierungen. Wie schützen sich Unternehmen und Staaten vor solchen Cyber-Attacken? Ein wichtiger Grundstein ist die Schaffung von Behörden, wie sie die EU-Richtlinie über Maßnahmen zur Gewährleistung eines hohen gemeinsamen Sicherheitsniveaus von Netz- und Informationssystemen (NIS) vorsieht. Das Buch zeigt, wie sich die Zusammenarbeit von Unternehmen mit diesen NIS-Behörden gestaltet mit dem gemeinsamen Ziel, Cyber-Sicherheit zu etablieren und zu gewährleisten. Darüber hinaus legen die Autoren dar, wie sich die NIS-Richtlinie und die im Mai 2018 in Kraft getretene EU-Datenschutz-Grundverordnung (DSGVO) auf Security-Prozesse in Unternehmen auswirken können. Das Buch verknüpft technische, organisatorische und rechtliche Aspekte der Zusammenarbeit und spiegelt damit die Komplexität des Themas wider. Zugleich liefert es zahlreiche Vorschläge zur Umsetzung der EU-Richtlinie. Im Mittelpunkt steht dabei das Konzept der „Cyber Situational Awareness“ – das bewusste Erfassen der aktuellen Lage – und damit ein Instrument, mit dem sich die Reaktionsfähigkeit bei Cyber-Angriffen wesentlich erhöhen lässt. Folgende Themen werden erläutert: • Aufbau und Nutzung von Cyber Situational Awareness • Erstellung von Cyber-Lagebildern auf nationaler Ebene • Informations- und Datenquellen für Cyber-Lagebilder• Informationsaustausch zwischen Cyber-Lagezentren und Stakeholdern • Informations- und Meldepflichten von Unternehmen• Planspiel zur Bildung und Evaluierung von Cyber Situational Awareness

  @book{skopik_cyber_2018,
  title = {Cyber {Situational} {Awareness} in {Public}-{Private}-{Partnerships}: {Organisationsübergreifende} {Cyber}-{Sicherheitsvorfälle} effektiv bewältigen},
  isbn = {978-3-662-56083-9},
  shorttitle = {Cyber {Situational} {Awareness} in {Public}-{Private}-{Partnerships}},
  url = {https://www.springer.com/us/book/9783662560839},
  doi = {10.1007/978-3-658-21621-4},
  abstract = {Digitale Dienste werden für unsere Gesellschaft immer wichtiger, daher gelangen sie auch stärker ins Visier von Wirtschaftskriminellen, Spionen, Terroristen oder staatsfeindlichen Gruppierungen. Wie schützen sich Unternehmen und Staaten vor solchen Cyber-Attacken? Ein wichtiger Grundstein ist die Schaffung von Behörden, wie sie die EU-Richtlinie über Maßnahmen zur Gewährleistung eines hohen gemeinsamen Sicherheitsniveaus von Netz- und Informationssystemen (NIS) vorsieht. Das Buch zeigt, wie sich die Zusammenarbeit von Unternehmen mit diesen NIS-Behörden gestaltet mit dem gemeinsamen Ziel, Cyber-Sicherheit zu etablieren und zu gewährleisten. Darüber hinaus legen die Autoren dar, wie sich die NIS-Richtlinie und die im Mai 2018 in Kraft getretene EU-Datenschutz-Grundverordnung (DSGVO) auf Security-Prozesse in Unternehmen auswirken können. Das Buch verknüpft technische, organisatorische und rechtliche Aspekte der Zusammenarbeit und spiegelt damit die Komplexität des Themas wider. Zugleich liefert es zahlreiche Vorschläge zur Umsetzung der EU-Richtlinie. Im Mittelpunkt steht dabei das Konzept der „Cyber Situational Awareness“ – das bewusste Erfassen der aktuellen Lage – und damit ein Instrument, mit dem sich die Reaktionsfähigkeit bei Cyber-Angriffen wesentlich erhöhen lässt. Folgende Themen werden erläutert: • Aufbau und Nutzung von Cyber Situational Awareness • Erstellung von Cyber-Lagebildern auf nationaler Ebene • Informations- und Datenquellen für Cyber-Lagebilder• Informationsaustausch zwischen Cyber-Lagezentren und Stakeholdern • Informations- und Meldepflichten von Unternehmen• Planspiel zur Bildung und Evaluierung von Cyber Situational Awareness},
  language = {en},
  urldate = {2018-10-24},
  publisher = {Springer Vieweg},
  editor = {Skopik, Florian and Páhi, Tímea and Leitner, Maria},
  year = {2018}
  }

• M. Leitner, T. Pahi, and F. Skopik, “Das Konzept von Situationsbewusstsein und Cyber-Lagebildern,” in Cyber Situational Awareness in Public-Private-Partnerships: Organisationsübergreifende Cyber-Sicherheitsvorfälle effektiv bewältigen, F. Skopik, T. Páhi, and M. Leitner, Eds., Berlin, Heidelberg: Springer Berlin Heidelberg, 2018, p. 1–41. doi:10.1007/978-3-662-56084-6_1
  [BibTeX] [Abstract] [URL]
  

  Situationsbewusstsein beschäftigt sich mit der Wahrnehmung und dem Verstehen einer Situation sowie der Prognose dieser. Dieses Situationsbewusstsein wird auch im Cyber Raum immer wichtiger, um die aktuelle Lage einschätzen und bewerten zu können. Oftmals wird dies als Cyber-Situationsbewusstsein bezeichnet. Dieses Kapitel beschreibt umfassende Aspekte zur Herstellung von Cyber-Situationsbewusstsein und zeigt, dass nicht nur technische Aufgaben, sondern auch organisatorische Voraussetzungen zur Herstellung benötigt werden. Als Grundlage werden wissenschaftliche Modelle zur Herstellung von Cyber-Situationsbewusstsein analysiert und verglichen. Dies zeigt wie erste kognitive Modelle in technische Modelle adaptiert wurden, um Menschen immer mehr bei der Verarbeitung von Informationen zur Erkennung der Lage zu unterstützen. Darauf aufbauend werden Cyber-Sicherheitsstrategien beschrieben, die zur Umsetzung von Situationsbewusstsein auf nationaler Ebene beitragen können. Cyber-Sicherheitsstrategien umfassen häufig die Umsetzung von Cyber-Lagezentren. Dazu werden übliche Aufgaben und Verantwortlichkeiten von Lagezentren sowie der Austausch mit Stakeholdern definiert. Cyber-Lagezentren nutzen diverse Cyber-Lagebilder, um gesammelte Informationen über Situationen über definierte Zeiträume nachvollziehbar darzustellen. Sie sind daher ein wichtiges Hilfsmittel zur Bewertung von Situationen und Herstellung von Cyber-Situationsbewusstsein.

  @incollection{leitner_konzept_2018,
  address = {Berlin, Heidelberg},
  title = {Das {Konzept} von {Situationsbewusstsein} und {Cyber}-{Lagebildern}},
  isbn = {978-3-662-56084-6},
  url = {https://doi.org/10.1007/978-3-662-56084-6_1},
  abstract = {Situationsbewusstsein beschäftigt sich mit der Wahrnehmung und dem Verstehen einer Situation sowie der Prognose dieser. Dieses Situationsbewusstsein wird auch im Cyber Raum immer wichtiger, um die aktuelle Lage einschätzen und bewerten zu können. Oftmals wird dies als Cyber-Situationsbewusstsein bezeichnet. Dieses Kapitel beschreibt umfassende Aspekte zur Herstellung von Cyber-Situationsbewusstsein und zeigt, dass nicht nur technische Aufgaben, sondern auch organisatorische Voraussetzungen zur Herstellung benötigt werden. Als Grundlage werden wissenschaftliche Modelle zur Herstellung von Cyber-Situationsbewusstsein analysiert und verglichen. Dies zeigt wie erste kognitive Modelle in technische Modelle adaptiert wurden, um Menschen immer mehr bei der Verarbeitung von Informationen zur Erkennung der Lage zu unterstützen. Darauf aufbauend werden Cyber-Sicherheitsstrategien beschrieben, die zur Umsetzung von Situationsbewusstsein auf nationaler Ebene beitragen können. Cyber-Sicherheitsstrategien umfassen häufig die Umsetzung von Cyber-Lagezentren. Dazu werden übliche Aufgaben und Verantwortlichkeiten von Lagezentren sowie der Austausch mit Stakeholdern definiert. Cyber-Lagezentren nutzen diverse Cyber-Lagebilder, um gesammelte Informationen über Situationen über definierte Zeiträume nachvollziehbar darzustellen. Sie sind daher ein wichtiges Hilfsmittel zur Bewertung von Situationen und Herstellung von Cyber-Situationsbewusstsein.},
  language = {de},
  urldate = {2018-12-08},
  booktitle = {Cyber {Situational} {Awareness} in {Public}-{Private}-{Partnerships}: {Organisationsübergreifende} {Cyber}-{Sicherheitsvorfälle} effektiv bewältigen},
  publisher = {Springer Berlin Heidelberg},
  author = {Leitner, Maria and Pahi, Timea and Skopik, Florian},
  editor = {Skopik, Florian and Páhi, Tímea and Leitner, Maria},
  year = {2018},
  doi = {10.1007/978-3-662-56084-6_1},
  pages = {1--41}
  }

• T. Pahi, F. Skopik, P. Kieseberg, and M. Leitner, “Erhebung von Informations- und Datenquellen für Cyber-Lagebilder,” in Cyber Situational Awareness in Public-Private-Partnerships: Organisationsübergreifende Cyber-Sicherheitsvorfälle effektiv bewältigen, F. Skopik, T. Páhi, and M. Leitner, Eds., Berlin, Heidelberg: Springer Berlin Heidelberg, 2018, p. 191–236. doi:10.1007/978-3-662-56084-6_6
  [BibTeX] [Abstract] [URL]
  

  Ein Cyber-Lagezentrum ist eine zentrale Organisationseinheit, in der alle relevanten Informationen über Sicherheitsvorfälle zur Aufarbeitung und Bewertung zusammenlaufen. In diesem Zusammenhang sind die richtigen Informations- und Datenquellen unverzichtbare Bestandteile bei der Erstellung von Cyber-Lagebildern. Durch die Auswertung von zahlreichen Informationen und Daten kann das Situationsbewusstsein über den Zustand kritischer und wesentlicher Infrastrukturen auf unterschiedlichen Ebenen entstehen. Dazu ist es essenziell, die relevanten Quellen nutzbar zu machen.

  @incollection{pahi_erhebung_2018,
  address = {Berlin, Heidelberg},
  title = {Erhebung von {Informations}- und {Datenquellen} für {Cyber}-{Lagebilder}},
  isbn = {978-3-662-56084-6},
  url = {https://doi.org/10.1007/978-3-662-56084-6_6},
  abstract = {Ein Cyber-Lagezentrum ist eine zentrale Organisationseinheit, in der alle relevanten Informationen über Sicherheitsvorfälle zur Aufarbeitung und Bewertung zusammenlaufen. In diesem Zusammenhang sind die richtigen Informations- und Datenquellen unverzichtbare Bestandteile bei der Erstellung von Cyber-Lagebildern. Durch die Auswertung von zahlreichen Informationen und Daten kann das Situationsbewusstsein über den Zustand kritischer und wesentlicher Infrastrukturen auf unterschiedlichen Ebenen entstehen. Dazu ist es essenziell, die relevanten Quellen nutzbar zu machen.},
  language = {de},
  urldate = {2018-12-08},
  booktitle = {Cyber {Situational} {Awareness} in {Public}-{Private}-{Partnerships}: {Organisationsübergreifende} {Cyber}-{Sicherheitsvorfälle} effektiv bewältigen},
  publisher = {Springer Berlin Heidelberg},
  author = {Pahi, Timea and Skopik, Florian and Kieseberg, Peter and Leitner, Maria},
  editor = {Skopik, Florian and Páhi, Tímea and Leitner, Maria},
  year = {2018},
  doi = {10.1007/978-3-662-56084-6_6},
  pages = {191--236}
  }

• P. Kieseberg, F. Skopik, T. Pahi, M. Leitner, and R. Fiedler, “Informationsanalysekonzept zur Erstellung von Cyber-Lagebildern in PPPs,” in Cyber Situational Awareness in Public-Private-Partnerships: Organisationsübergreifende Cyber-Sicherheitsvorfälle effektiv bewältigen, F. Skopik, T. Páhi, and M. Leitner, Eds., Berlin, Heidelberg: Springer Berlin Heidelberg, 2018, p. 237–291. doi:10.1007/978-3-662-56084-6_7
  [BibTeX] [Abstract] [URL]
  

  Jedes informationsverarbeitende System ist in seiner Qualität sehr stark von der Verarbeitung der gesammelten Informationen abhängig. Speziell zur Konstruktion eines sinnvollen Lagebilds ist die Bewertung und Aggregierung von Daten von besonderer Bedeutung, um Muster und Gemeinsamkeiten scheinbar isolierter Incidents erkennen und darstellen zu können. Zusätzlich wird durch die potenzielle Einbindung automatisiert gesammelter Informationen, wie bspw. durch Sensoren in kritischen Netzabschnitten und wichtigen Infrastrukturen, die Informationsmenge exponentiell erhöht.

  @incollection{kieseberg_informationsanalysekonzept_2018,
  address = {Berlin, Heidelberg},
  title = {Informationsanalysekonzept zur {Erstellung} von {Cyber}-{Lagebildern} in {PPPs}},
  isbn = {978-3-662-56084-6},
  url = {https://doi.org/10.1007/978-3-662-56084-6_7},
  abstract = {Jedes informationsverarbeitende System ist in seiner Qualität sehr stark von der Verarbeitung der gesammelten Informationen abhängig. Speziell zur Konstruktion eines sinnvollen Lagebilds ist die Bewertung und Aggregierung von Daten von besonderer Bedeutung, um Muster und Gemeinsamkeiten scheinbar isolierter Incidents erkennen und darstellen zu können. Zusätzlich wird durch die potenzielle Einbindung automatisiert gesammelter Informationen, wie bspw. durch Sensoren in kritischen Netzabschnitten und wichtigen Infrastrukturen, die Informationsmenge exponentiell erhöht.},
  language = {de},
  urldate = {2018-12-08},
  booktitle = {Cyber {Situational} {Awareness} in {Public}-{Private}-{Partnerships}: {Organisationsübergreifende} {Cyber}-{Sicherheitsvorfälle} effektiv bewältigen},
  publisher = {Springer Berlin Heidelberg},
  author = {Kieseberg, Peter and Skopik, Florian and Pahi, Timea and Leitner, Maria and Fiedler, Roman},
  editor = {Skopik, Florian and Páhi, Tímea and Leitner, Maria},
  year = {2018},
  doi = {10.1007/978-3-662-56084-6_7},
  pages = {237--291}
  }

• M. Kaundert, L. Ziegler, T. Pahi, F. Skopik, M. Leitner, P. Kieseberg, B. Schwanzer, and J. Kojo Ampia-Addison, “Evaluierung des Cyber Lagebildkonzepts im praktischen Einsatz,” in Cyber Situational Awareness in Public-Private-Partnerships: Organisationsübergreifende Cyber-Sicherheitsvorfälle effektiv bewältigen, F. Skopik, T. Páhi, and M. Leitner, Eds., Berlin, Heidelberg: Springer Berlin Heidelberg, 2018, p. 293–344. doi:10.1007/978-3-662-56084-6_8
  [BibTeX] [Abstract] [URL]
  

  Der im Rahmen des CISA Projektes erstellte technische Demonstrator wurde in einer eintägigen, iterativen Planspielübung analysiert und für einen möglichen Realeinsatz evaluiert. Die praktische Anwendung des Demonstrators durch die Teilnehmenden stellte einen Abgleich der entwickelten Cyber Incident Situational Awareness (CISA) -Definition mit einer möglichen Anwendungsrealität dar und agierte als Feuerprobe für die Nützlichkeit der dargestellten Datentypen und -verknüpfungen zur Lagebeurteilung durch Identifikation von Schwachstellen in den verwendeten Visualisierungsoptionen. Diese Tauglichkeitsprüfung soll zur Schärfung der Bedürfnisse – einerseits für die Nutzung von Daten zur Lagebeurteilung, andererseits für die Schulung zukünftiger Operateure – beitragen. Hierbei wurde vor allem der Bedarf nach intensivem Training und klarer Rollendefinition einerseits für die Operateure eines Lagezentrums, andererseits für das Lagezentrum selbst, aufgezeigt. Eine der Kernbeobachtungen waren die unterschiedlichen Wünsche einerseits nach „mehr“ Daten und mehr Information und andererseits nach aggregierterer Darstellung und ausgeprägterer Interpretation durch die Software. Der Umgang mit Informationsunsicherheit in der Lagebeurteilung wird daher einen besonders prominenten Fokus für zukünftige Operateure darstellen. Eine vollautomatisierte Darstellung eines Lagebildes, in welcher das Softwaretool selbst eine Beurteilung der Lage erstellt und ausgibt, konnte mit den vorliegenden Mitteln nicht erreicht werden und es muss in Zukunft beurteilt werden, in welchem Ausmaß eine maschinelle Interpretation von Daten zur Lagebilderstellung einerseits möglich und andererseits erwünscht ist. Nach Auswertung des durchgeführten Planspiels ist die Aufwendung menschlicher „Übersetzungsleistung“ für die Entwicklung einer Lageeinschätzung unabdingbar.

  @incollection{kaundert_evaluierung_2018,
  address = {Berlin, Heidelberg},
  title = {Evaluierung des {Cyber} {Lagebildkonzepts} im praktischen {Einsatz}},
  isbn = {978-3-662-56084-6},
  url = {https://doi.org/10.1007/978-3-662-56084-6_8},
  abstract = {Der im Rahmen des CISA Projektes erstellte technische Demonstrator wurde in einer eintägigen, iterativen Planspielübung analysiert und für einen möglichen Realeinsatz evaluiert. Die praktische Anwendung des Demonstrators durch die Teilnehmenden stellte einen Abgleich der entwickelten Cyber Incident Situational Awareness (CISA) -Definition mit einer möglichen Anwendungsrealität dar und agierte als Feuerprobe für die Nützlichkeit der dargestellten Datentypen und -verknüpfungen zur Lagebeurteilung durch Identifikation von Schwachstellen in den verwendeten Visualisierungsoptionen. Diese Tauglichkeitsprüfung soll zur Schärfung der Bedürfnisse – einerseits für die Nutzung von Daten zur Lagebeurteilung, andererseits für die Schulung zukünftiger Operateure – beitragen. Hierbei wurde vor allem der Bedarf nach intensivem Training und klarer Rollendefinition einerseits für die Operateure eines Lagezentrums, andererseits für das Lagezentrum selbst, aufgezeigt. Eine der Kernbeobachtungen waren die unterschiedlichen Wünsche einerseits nach „mehr“ Daten und mehr Information und andererseits nach aggregierterer Darstellung und ausgeprägterer Interpretation durch die Software. Der Umgang mit Informationsunsicherheit in der Lagebeurteilung wird daher einen besonders prominenten Fokus für zukünftige Operateure darstellen. Eine vollautomatisierte Darstellung eines Lagebildes, in welcher das Softwaretool selbst eine Beurteilung der Lage erstellt und ausgibt, konnte mit den vorliegenden Mitteln nicht erreicht werden und es muss in Zukunft beurteilt werden, in welchem Ausmaß eine maschinelle Interpretation von Daten zur Lagebilderstellung einerseits möglich und andererseits erwünscht ist. Nach Auswertung des durchgeführten Planspiels ist die Aufwendung menschlicher „Übersetzungsleistung“ für die Entwicklung einer Lageeinschätzung unabdingbar.},
  language = {de},
  urldate = {2018-12-08},
  booktitle = {Cyber {Situational} {Awareness} in {Public}-{Private}-{Partnerships}: {Organisationsübergreifende} {Cyber}-{Sicherheitsvorfälle} effektiv bewältigen},
  publisher = {Springer Berlin Heidelberg},
  author = {Kaundert, Miriam and Ziegler, Louis and Pahi, Timea and Skopik, Florian and Leitner, Maria and Kieseberg, Peter and Schwanzer, Bernhard and Kojo Ampia-Addison, John},
  editor = {Skopik, Florian and Páhi, Tímea and Leitner, Maria},
  year = {2018},
  doi = {10.1007/978-3-662-56084-6_8},
  pages = {293--344}
  }

2017

• T. Pahi, M. Leitner, and F. Skopik, “Analysis and assessment of situational awareness models for national cyber security centers,” in Proceedings of the 3rd international conference on information systems security and privacy (icissp), 2017, p. 334–345. doi:10.5220/0006149703340345
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  National cyber security centers (NCSCs) are gaining more and more importance to ensure the security and proper operations of critical infrastructures (CIs). As a prerequisite, NCSCs need to collect, analyze, process, assess and share security-relevant information from infrastructure operators. A vital capability of mentioned NCSCs is to establish Cyber Situational Awareness (CSA) as a precondition for understanding the security situation of critical infrastructures. This is important for proper risk assessment and subsequent reduction of potential attack surfaces at national level. In this paper, we therefore survey theoretical models relevant for Situational Awareness (SA) and present a collaborative CSA model for NCSCs in order to enhance the protection of CIs at national level. Additionally, we provide an application scenario to illustrate a hands-on case of utilizing a CSA model in a NCSC, especially focusing on information sharing. We foresee this illustrative scenario to aid decision makers and practitioners who are involved in establishing NCSCs and cyber security processes on national level to better understand the specific implications regarding the application of the CSA model for NCSCs.

  @inproceedings{PahiLS_analysis_2017,
  title = {Analysis and Assessment of Situational Awareness Models for National Cyber Security Centers},
  booktitle = {Proceedings of the 3rd International Conference on Information Systems Security and Privacy (ICISSP)},
  publisher = {SCITEPRESS},
  author = {Pahi, Timea and Leitner, Maria and Skopik, Florian},
  year = {2017},
  doi = {10.5220/0006149703340345},
  abstract = {National cyber security centers (NCSCs) are gaining more and more importance to ensure the security and proper operations of critical infrastructures (CIs). As a prerequisite, NCSCs need to collect, analyze, process, assess and share security-relevant information from infrastructure operators. A vital capability of mentioned NCSCs is to establish Cyber Situational Awareness (CSA) as a precondition for understanding the security situation of critical infrastructures. This is important for proper risk assessment and subsequent reduction of potential attack surfaces at national level. In this paper, we therefore survey theoretical models relevant for Situational Awareness (SA) and present a collaborative CSA model for NCSCs in order to enhance the protection of CIs at national level.
  Additionally, we provide an application scenario to illustrate a hands-on case of utilizing a CSA model in a NCSC, especially focusing on information sharing. We foresee this illustrative scenario to aid decision makers and practitioners who are involved in establishing NCSCs and cyber security processes on national level to better understand the specific implications regarding the application of the CSA model for NCSCs.},
  url = {http://www.scitepress.org/DigitalLibrary/Link.aspx?doi=10.5220/0006149703340345},
  pages = {334--345}
  }

• M. Leitner and M. Sachs, “Digitale bürgerbeteiligung. hintergrund, herausforderungen und lösungsansätze,” Siak journal – zeitschrift für polizeiwissenschaft und polizeiliche praxis, vol. 14, iss. 1, p. 42–50, 2017. doi:10.7396/2017_1_D
  [BibTeX] [Abstract] [URL]
  

  E-Partizipation wird die Beteiligung von Bürgerinnen und Bürger mittels Informations- und Kommunikationstechnologien (IKT) genannt. Mit E-Partizipation können unter anderem die Organisation von Verwaltungsabläufen bei Bürgerbeteiligungsprozessen optimiert, E-Services für Bürgerinnen und Bürger verbessert und insgesamt die wechselseitige Interaktion auf eine neue Qualitätsstufe gehoben werden. In diesem Artikel werden Ergebnisse aus dem KIRAS-Projekt „ePartizipation – Authentifizierung bei demokratischer Online-Beteiligung“ vorgestellt. Ziel des Projektes „ePartizipation“ ist es ein E-Partizipations-Ökosystem zu ermöglichen, das technische, rechtliche und sozialwissenschaftliche Rahmenbedingungen und Faktoren mit einbezieht. Projektergebnisse sind unter anderem ein Modell zu Empfehlungen zur Authentifizierung von Teilnehmerinnen und Teilnehmern bei Bürgerbeteiligungsverfahren, eine sichere und skalierbare Architektur und ein Prototyp, der diese Architektur flexibel und benutzerfreundlich umsetzt. Der Prototyp unterstützt die Nutzung verschiedenster digitaler Identitäten in Bürgerbeteiligungen und stärkt damit bereits existierende elektronische Identitäten. Im gesamten Projektverlauf wurden die Aspekte Sicherheit, Datenschutz und Privatsphäre von Beginn an sowohl im Design als auch in der Entwicklung beachtet, um eine möglichst sichere und flexible Lösung für Organisatorinnen und Organisatoren zu erstellen.

  @article{LeitnerS_digitale_2017,
  title = {Digitale Bürgerbeteiligung. Hintergrund, Herausforderungen und Lösungsansätze},
  issn = {1813-3495},
  volume = {14},
  number = {1},
  journal = {SIAK Journal - Zeitschrift für Polizeiwissenschaft und Polizeiliche Praxis},
  author = {Leitner, Maria and Sachs, Michael},
  year = {2017},
  month = {Jan},
  doi = {10.7396/2017_1_D},
  note = {Open Access},
  abstract = {E-Partizipation wird die Beteiligung von Bürgerinnen und Bürger mittels Informations- und Kommunikationstechnologien (IKT) genannt. Mit E-Partizipation können unter anderem die Organisation von Verwaltungsabläufen bei Bürgerbeteiligungsprozessen optimiert, E-Services für Bürgerinnen und Bürger verbessert und insgesamt die wechselseitige Interaktion auf eine neue Qualitätsstufe gehoben werden. In diesem Artikel werden Ergebnisse aus dem KIRAS-Projekt „ePartizipation – Authentifizierung bei demokratischer Online-Beteiligung“ vorgestellt. Ziel des Projektes „ePartizipation“ ist es ein E-Partizipations-Ökosystem zu ermöglichen, das technische, rechtliche und sozialwissenschaftliche Rahmenbedingungen und Faktoren mit einbezieht. Projektergebnisse sind unter anderem ein Modell zu Empfehlungen zur Authentifizierung von Teilnehmerinnen und Teilnehmern bei Bürgerbeteiligungsverfahren, eine sichere und skalierbare Architektur und ein Prototyp, der diese Architektur flexibel und benutzerfreundlich umsetzt. Der Prototyp unterstützt die Nutzung verschiedenster digitaler Identitäten in Bürgerbeteiligungen und stärkt damit bereits existierende elektronische Identitäten. Im gesamten Projektverlauf wurden die Aspekte Sicherheit, Datenschutz und Privatsphäre von Beginn an sowohl im Design als auch in der Entwicklung beachtet, um eine möglichst sichere und flexible Lösung für Organisatorinnen und Organisatoren zu erstellen.},
  url={http://www.bmi.gv.at/cms/BMI_SIAK/4/2/1/2017/ausgabe_1/files/Leitner_1_2017.pdf},
  pages = {42--50}
  }

• T. Pahi, M. Leitner, and F. Skopik, “Data exploitation at large: your way to adequate cyber common operating pictures,” in Proceedings of the 16th european conference on cyber warfare and security, Reading, UK, 2017, p. 307–315.
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  Recent conflicts and political incidents, such as Operation Orchard, have shown that no future conflict is likely to be fought without a cyber element. However, establishing effective defensive measures against cyber attacks is a difficult and resource-consuming task. A common denominator of an effective cyber defence has always been the application of Common Operating Pictures (COP) e.g. in law enforcement or the armed forces. COPs are widely used to represent, display and assess situations. In recent years, Cyber COPs (CCOPs) have become a key factor in the establishment and analysis of situational awareness as well as decision-making processes in the cyber domain. However, the process to establish an adequate CCOP is not trivial. The careful selection of data sources for the core CCOP, which consist of objectively measured events, gathered from both internal and external sources, as well as the subsequent rating of these sources and enrichment with contextual information to facilitate the interpretation of measured events, pose new challenges. This paper will therefore provide an information management process that aims at establishing cyber situational awareness (CSA) for stakeholders based on CCOPs. The process consists of several steps such as selecting data types, identifying core CCOP sources, evaluating the information quality, preparing CCOPs for target groups and gaining CSA based on CCOPs. Furthermore, we provide a qualitative survey of potentially usable information and related sources that are vital for CCOPs. We demonstrate our work by displaying the basic steps and grand picture to create a CCOP in an illustrative scenario. The example is set around a fictive national cyber security center (NCSC) that aims to decrease phishing, ransomware and DDoS attacks within the critical infrastructure. This CCOP example can then be used by numerous stakeholders to achieve situational awareness and thus facilitate decision making processes.

  @inproceedings{PahiLS_data_2017,
  address = {Reading, UK},
  title = {Data Exploitation at Large: Your Way to Adequate Cyber Common Operating Pictures},
  isbn = {978-1-911218-43-2},
  booktitle = {Proceedings of the 16th European Conference on Cyber Warfare and Security},
  publisher = {Academic Conferences and Publishing International Limited},
  author = {Pahi, Timea and Leitner, Maria and Skopik, Florian},
  month = jun,
  year = {2017},
  abstract = {Recent conflicts and political incidents, such as Operation Orchard, have shown that no future conflict is likely to be fought without a cyber element. However, establishing effective defensive measures against cyber attacks is a difficult and resource-consuming task. A common denominator of an effective cyber defence has always been the application of Common Operating Pictures (COP) e.g. in law enforcement or the armed forces. COPs are widely used to represent, display and assess situations. In recent years, Cyber COPs (CCOPs) have become a key factor in the establishment and analysis of situational awareness as well as decision-making processes in the cyber domain. However, the process to establish an adequate CCOP is not trivial. The careful selection of data sources for the core CCOP, which consist of objectively measured events, gathered from both internal and external sources, as well as the subsequent rating of these sources and enrichment with contextual information to facilitate the interpretation of measured events, pose new challenges. This paper will therefore provide an information management process that aims at establishing cyber situational awareness (CSA) for stakeholders based on CCOPs. The process consists of several steps such as selecting data types, identifying core CCOP sources, evaluating the information quality, preparing CCOPs for target groups and gaining CSA based on CCOPs. Furthermore, we provide a qualitative survey of potentially usable information and related sources that are vital for CCOPs. We demonstrate our work by displaying the basic steps and grand picture to create a CCOP in an illustrative scenario. The example is set around a fictive national cyber security center (NCSC) that aims to decrease phishing, ransomware and DDoS attacks within the critical infrastructure. This CCOP example can then be used by numerous stakeholders to achieve situational awareness and thus facilitate decision making processes.},
  url = {https://books.google.at/books?id=uFA8DwAAQBAJ&lpg=PA307&ots=YSo0jBZqYF&lr&pg=PA307#v=onepage&q&f=false},
  pages = {307--315}
  }

• M. Frank, M. Leitner, and T. Pahi, “Design considerations for cyber security testbeds: a case study on a cyber security testbed for education,” in 2017 ieee 3rd intl conf cyber science and technology congress, Orlando, Florida, 2017, p. 38–46. doi:10.1109/DASC-PICom-DataCom-CyberSciTec.2017.23
  [BibTeX] [Abstract] [Download PDF]
  

  Educational testbeds have been developed for many years. Within the past ten years, the development of cloud-based storage architectures as well as the facilitation of memory and storage technology allowed for the building of small to medium-sized testbeds at low or medium cost. These developments provide the foundation for the development of educational testbeds that can be used for cyber security training and exercise of various target groups (e.g., students, IT professionals, engineers) in many domains (e.g., cyber security, IoT, Industry 4.0). Testbeds have been well established within the information security community (e.g., malware analysis, cyber security experimentation, etc.). However, these testbeds often require a certain level of maintenance or resources and were therefore not often used in non-expert communities. However, it is essential that testbeds gain a wider audience in order to enable many different groups cyber security skills and competencies. In this paper, we analyze how an educational testbed could be designed by (1) examining established testbeds in research and education and (2) analyzing how typical testbeds are designed. Based on this, we propose a design life cycle, i.e. a methodology to facilitate the development of cyber security testbeds. We demonstrate our findings in a case study. In the study, we designed and implemented a cyber security testbed for educational purposes using open source technology. The results and reviewed literature validate the design life cycle and show dependencies between the underlying technology of the testbed and the designed challenges. These findings contribute to the overall development of testbeds and can be used as basis for future work. We plan to further extend this testbed in order to develop an automated and flexible cyber security testbed.

  @inproceedings{FrankLP_design_2017,
  address = {Orlando, Florida},
  title = {Design Considerations for Cyber Security Testbeds: A Case Study on a Cyber Security Testbed for Education},
  publisher = {IEEE},
  doi = {10.1109/DASC-PICom-DataCom-CyberSciTec.2017.23},
  booktitle = {2017 IEEE 3rd Intl Conf Cyber Science and Technology Congress},
  author = {Frank, Maximilian and Leitner, Maria and Pahi, Timea},
  month = nov,
  year = {2017},
  abstract = {Educational testbeds have been developed for many years. Within the past ten years, the development of cloud-based storage architectures as well as the facilitation of memory and storage technology allowed for the building of small to medium-sized testbeds at low or medium cost. These developments provide the foundation for the development of educational testbeds that can be used for cyber security training and exercise of various target groups (e.g., students, IT professionals, engineers) in many domains (e.g., cyber security, IoT, Industry 4.0). Testbeds have been well established within the information security community (e.g., malware analysis, cyber security experimentation, etc.). However, these testbeds often require a certain level of maintenance or resources and were therefore not often used in non-expert communities. However, it is essential that testbeds gain a wider audience in order to enable many different groups cyber security skills and competencies. In this paper, we analyze how an educational testbed could be designed by (1) examining established testbeds in research and education and (2) analyzing how typical testbeds are designed. Based on this, we propose a design life cycle, i.e. a methodology to facilitate the development of cyber security testbeds. We demonstrate our findings in a case study. In the study, we designed and implemented a cyber security testbed for educational purposes using open source technology. The results and reviewed literature validate the design life cycle and show dependencies between the underlying technology of the testbed and the designed challenges. These findings contribute to the overall development of testbeds and can be used as basis for future work. We plan to further extend this testbed in order to develop an automated and flexible cyber security testbed. },
  pages = {38--46}
  }

• M. Leitner, T. Pahi, and F. Skopik, “Situational awareness for strategic decision making on a national level,” in Collaborative Cyber Threat Intelligence, F. Skopik, Ed., CRC Press, 2017, p. 225–276.
  [BibTeX] [Abstract] [URL]
  

  With highly interconnected stakeholders, IT networks, and systems, international cooperation and coordination is becoming essential for the protection of global and local networks and services. Conventional strategies require a global view for the stabilization and protection of IT networks and systems. Much effort and solutions have been proposed to establish situational awareness (SA) within organizations (i.e. their local ICT networks). In general, SA is the perception of the element in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future. Enabling SA in cyber space, further called cyber situational awareness (CSA), is becoming a key factor for governments or public bodies. For example, CSA entails establishing preventive measures, monitoring evolving threats and campaigns in diverse and distributed IT landscapes as well as mitigating threats and sharing the information in certain trust circles to stay up-to-date. Nowadays, most critical infrastructures are operated by private organizations. The evaluation and impact analysis of critical incidents (i.e. that affect national economy or health) can be conducted such as with private-public partnerships. This chapter focuses on how (cyber) situational awareness can be established at national level to enable strategic decision making processes. In this context, national cyber security strategies are examined and it is investigated how they contribute and provide tools to foster SA. Furthermore, cyber security centers and their main tasks and responsibilities are investigated. In addition, SA models for decision making processes at individual, organizational or national level are assessed as well as how information and sources can be used to establish SA on national level.

  @incollection{LeitnerPS_situational_2017,
  title = {Situational Awareness for Strategic Decision Making on a National Level},
  isbn = {978-1-138-03182-1},
  booktitle = {Collaborative {Cyber} {Threat} {Intelligence}},
  publisher = {CRC Press},
  author = {Leitner, Maria and Pahi, Timea and Skopik, Florian},
  editor = {Skopik, Florian},
  year = {2017},
  abstract = {With highly interconnected stakeholders, IT networks, and systems, international cooperation and coordination is becoming essential for the protection of global and local networks and services. Conventional strategies require a global view for the stabilization and protection of IT networks and systems. Much effort and solutions have been proposed to establish situational awareness (SA) within organizations (i.e. their local ICT networks). In general, SA is the perception of the element in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future. Enabling SA in cyber space, further called cyber situational awareness (CSA), is becoming a key factor for governments or public bodies. For example, CSA entails establishing preventive measures, monitoring evolving threats and campaigns in diverse and distributed IT landscapes as well as mitigating threats and sharing the information in certain trust circles to stay up-to-date. Nowadays, most critical infrastructures are operated by private organizations. The evaluation and impact analysis of critical incidents (i.e. that affect national economy or health) can be conducted such as with private-public partnerships. This chapter focuses on how (cyber) situational awareness can be established at national level to enable strategic decision making processes. In this context, national cyber security strategies are examined and it is investigated how they contribute and provide tools to foster SA. Furthermore, cyber security centers and their main tasks and responsibilities are investigated. In addition, SA models for decision making processes at individual, organizational or national level are assessed as well as how information and sources can be used to establish SA on national level.},
  url = {https://www.crcpress.com/Collaborative-Cyber-Threat-Intelligence-Detecting-and-Responding-to-Advanced/Skopik/p/book/9781138031821},
  pages = {225--276}
  }

• T. Pahi, M. Leitner, and F. Skopik, “Preparation, modelling, and visualisation of cyber common operating pictures for national cyber security centres,” Journal of information warfare, vol. 4, iss. 16, 2017.
  [BibTeX] [Abstract] [URL]
  

  Common Operating Pictures (COPs) have long been a common denominator of effective cyber defence operations (for example, in law enforcement and the military). COPs are widely used to represent, visualise, and assess situations. In recent years, Cyber COPs (CCOPs) have become important in establishing cyber situational awareness. This paper describes the information types and sources required for an efficient information management process supporting CCOPs. Following an initial description of CCOPs, the paper next discusses potential decisions supported by them. Finally, it provides an example of the entire process—from the application of the information management process to national decision-making.

  @article{PahiLS_preparation_2017,
  title = {Preparation, Modelling, and Visualisation of Cyber Common Operating Pictures for National Cyber Security Centres},
  volume = {4},
  url = {https://www.jinfowar.com/journal/volume-16-issue-4/preparation-modelling-visualisation-cyber-common-operating-pictures-national-cyber-security-centres},
  number = {16},
  abstract = {Common Operating Pictures (COPs) have long been a common denominator of effective cyber defence operations (for example, in law enforcement and the military). COPs are widely used to represent, visualise, and assess situations. In recent years, Cyber COPs (CCOPs) have become important in establishing cyber situational awareness. This paper describes the information types and sources required for an efficient information management process supporting CCOPs. Following an initial description of CCOPs, the paper next discusses potential decisions supported by them. Finally, it provides an example of the entire process—from the application of the information management process to national decision-making.},
  journal = {Journal of Information Warfare},
  author = {Pahi, Timea and Leitner, Maria and Skopik, Florian},
  month = dec,
  year = {2017}
  }

2016

• O. Terbu, W. Hötzendorfer, M. Leitner, A. Bonitz, S. Vogl, and S. Zehetbauer, “Privacy and security by Design im agilen Softwareprozess,” in Netzwerke: Tagungsband des 19. Internationalen Rechtsinformatik Symposions IRIS 2016, Salzburg, 2016, p. 457–464.
  [BibTeX] [URL]

  @inproceedings{TerbuHLBVZ_privacy_2016,
  address = {Salzburg},
  title = {Privacy and security by {Design} im agilen {Softwareprozess}},
  booktitle = {Netzwerke: {Tagungsband} des 19. {Internationalen} {Rechtsinformatik} {Symposions} {IRIS} 2016},
  publisher = {Österreichische Computer Gesellschaft (OCG)},
  author = {Terbu, Oliver and Hötzendorfer, Walter and Leitner, Maria and Bonitz, Arndt and Vogl, Stefan and Zehetbauer, Sebastian},
  editor = {Schweighofer, E. and Kummer, F. and Hötzendorfer, Walter and Borges, G.},
  year = {2016},
  url = {http://jusletter-it.weblaw.ch/issues/2016/IRIS.html},
  pages = {457--464}
  }

• J. Schossböck, M. Sachs, and M. Leitner, “E-Participation Platform Features and Design Principles,” in CeDEM16 Proceedings of the International Conference for E-Democracy and Open Government 2016, Krems, Austria, 2016, p. 69–74.
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  Austria has seen some efforts in e-participation initiatives during the last years, for instance in the area of urban design. However, a single official platform (“one-stop”-principle) comprising many e-participation processes for a broader target group is so far missing. In the KIRAS project “ePartizipation” researchers and practitioners have worked on a demonstrator for a platform that seeks to integrate multiple online identification methods and is able to offer activities on different levels of e-participation. This paper describes the conceptualisation of the platform and the inherent design principles, in particular related to Privacy by Design and e-inclusion.

  @inproceedings{SchossbockSL_e-participation_2016,
  address = {Krems, Austria},
  title = {E-{Participation} {Platform} {Features} and {Design} {Principles}},
  isbn = {978-3-902505-81-1},
  url = {http://www.donau-uni.ac.at/imperia/md/content/department/gpa/zeg/bilder/cedem/cedem16/cedem16_inhalt_160414.pdf},
  abstract = {Austria has seen some efforts in e-participation initiatives during the last years, for instance in the area of urban design. However, a single official platform (“one-stop”-principle) comprising many e-participation processes for a broader target group is so far missing. In the KIRAS project “ePartizipation” researchers and practitioners have worked on a demonstrator for a platform that seeks to integrate multiple online identification methods and is able to offer activities on different levels of e-participation. This paper describes the conceptualisation of the platform and the inherent design principles, in particular related to Privacy by Design and e-inclusion.},
  booktitle = {{CeDEM}16 {Proceedings} of the {International} {Conference} for {E}-{Democracy} and {Open} {Government} 2016},
  publisher = {Edition Donau-Universität Krems},
  author = {Schossböck, Judith and Sachs, Michael and Leitner, Maria},
  editor = {Parycek, Peter and Edelmann, Noella},
  year = {2016},
  pages = {69--74}
  }

• I. Serov, M. Leitner, and S. Rinderle-Ma, “Current Practice and Challenges of Data Use and Web Analytics in Online Participations,” in Electronic Government and Electronic Participation, Guimarães, Portugal, 2016, p. 80–87. doi:10.3233/978-1-61499-670-5-80
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  Information system design and implementation are key factors for electronic participatory processes and procedures. How information systems are designed does not only affect the procedures but also influences the trust building between organizers, operators and participants. In addition, the implementation often has to adhere to legal standards. In this paper, we aim to investigate current practice of data use in online participations. In particular, a qualitative analysis is conducted and 18 online participations are investigated on their data use, i.e. use of participant information, cookies and web analytics. The results show that most projects require and request data during site visits (e.g., IP address, browser type) and for active participation (e.g., name, email). The real benefit, however, for the use of web analytics is often unclear. Furthermore, often proprietary solutions for web analytics are used, even tough open source solutions (i.e. that store data locally) exist. For future projects, it is recommended to not only define but also keep privacy policies updated (according to the used technology) and to specify the purpose and goals of using web analytics

  @inproceedings{SerovLR_current_2016,
  address = {Guimarães, Portugal},
  series = {Innovation and the {Public} {Sector}},
  title = {Current {Practice} and {Challenges} of {Data} {Use} and {Web} {Analytics} in {Online} {Participations}},
  volume = {23},
  url = {http://ebooks.iospress.nl/volumearticle/45091},
  doi = {10.3233/978-1-61499-670-5-80},
  abstract = {Information system design and implementation are key factors for electronic participatory processes and procedures. How information systems are designed does not only affect the procedures but also influences the trust building between organizers, operators and participants. In addition, the implementation often has to adhere to legal standards. In this paper, we aim to investigate current practice of data use in online participations. In particular, a qualitative analysis is conducted and 18 online participations are investigated on their data use, i.e. use of participant information, cookies and web analytics. The results show that most projects require and request data during site visits (e.g., IP address, browser type) and for active participation (e.g., name, email). The real benefit, however, for the use of web analytics is often unclear. Furthermore, often proprietary solutions for web analytics are used, even tough open source solutions (i.e. that store data locally) exist. For future projects, it is recommended to not only define but also keep privacy policies updated (according to the used technology) and to specify the purpose and goals of using web analytics},
  booktitle = {Electronic {Government} and {Electronic} {Participation}},
  publisher = {IOS Press},
  author = {Serov, Igor and Leitner, Maria and Rinderle-Ma, Stefanie},
  year = {2016},
  note = {Open Access},
  pages = {80--87}
  }

• J. Schossböck, O. Terbu, M. Sachs, M. Leitner, V. Heussler, G. Wenda, A. Bonitz, W. Hötzendorfer, P. Parycek, S. Vogl, and S. Zehetbauer, “Inclusion and Privacy in E-Participation Platform Design,” in Electronic Government and Electronic Participation, 2016, p. 51–58. doi:10.3233/978-1-61499-670-5-51
  [BibTeX] [Abstract] [URL]
  

  Austria has seen some efforts in e-participation initiatives during the last years. However, a single platform comprising many e-participation levels and activities for a broader target group is so far missing. In the project ePartizipation researchers and practitioners worked on a platform demonstrator that integrates multiple online identification methods and offers activities on different levels of e-participation. This paper describes the conceptualisation of the platform and the inherent design principles, the first project results, in particular related to strategies aiming at enhancing inclusion and privacy, and the experiences from the project team.

  @inproceedings{SchossbockTSLHWBHPVZ_inclusion_2016,
  series = {Innovation and the {Public} {Sector}},
  title = {Inclusion and {Privacy} in {E}-{Participation} {Platform} {Design}},
  volume = {23},
  url = {http://ebooks.iospress.nl/volumearticle/45087},
  doi = {10.3233/978-1-61499-670-5-51},
  abstract = {Austria has seen some efforts in e-participation initiatives during the last years. However, a single platform comprising many e-participation levels and activities for a broader target group is so far missing. In the project ePartizipation researchers and practitioners worked on a platform demonstrator that integrates multiple online identification methods and offers activities on different levels of e-participation. This paper describes the conceptualisation of the platform and the inherent design principles, the first project results, in particular related to strategies aiming at enhancing inclusion and privacy, and the experiences from the project team.},
  booktitle = {Electronic {Government} and {Electronic} {Participation}},
  publisher = {IOS Press},
  author = {Schossböck, Judith and Terbu, Oliver and Sachs, Michael and Leitner, Maria and Heussler, Vinzenz and Wenda, Gregor and Bonitz, Arndt and Hötzendorfer, Walter and Parycek, Peter and Vogl, Stefan and Zehetbauer, Sebastian},
  year = {2016},
  note = {Open Access},
  pages = {51--58}
  }

• M. Leitner and A. Bonitz, “Authentication in the context of e-participation: current practice, challenges, and recommendations,” in 3rd International Workshop on Software Assurance (SAW) at ARES, Salzburg, Austria, 2016, pp. 480-485. doi:10.1109/ARES.2016.82
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  Authentication as well as identification are key functions when it comes to online and democratic participatory processes that can be found in the context of e-participation. Until now, research has centered on the development of authentication and identification techniques. Why and how these techniques are currently used and what their benefits are in the context of e-participation is missing so far. In this paper, we aim to address these challenges by reviewing state of the art literature and practice in order to determine how current authentication techniques are used in e-participation. Furthermore, we conduct an expert survey in order to establish a baseline how current techniques are used and perceived. The results show that current practice focuses strongly on the use of the de facto standard user/password in e-participation. However, experts believe that multiple other authentication techniques such as biometrics or electronic signatures will become more important in future applications. Moreover, experts acknowledge the use of various authentication methods suitable for the level of participation, as opposed to current practice that often provides only one way of authentication. These findings will help to further develop and improve future technologies and applications to support participatory processes for citizens’ involvement.

  @inproceedings{LeitnerB_authentication_2016,
  address = {Salzburg, Austria},
  title = {Authentication in the context of e-participation: current practice, challenges, and recommendations},
  booktitle = {3rd {International} {Workshop} on {Software} {Assurance} ({SAW}) at {ARES}},
  publisher = {IEEE Computer Society},
  author = {Leitner, Maria and Bonitz, Arndt},
  year = {2016},
  doi={10.1109/ARES.2016.82},
  pages={480-485},
  abstract = {Authentication as well as identification are key functions when it comes to online and democratic participatory processes that can be found in the context of e-participation. Until now, research has centered on the development of authentication and identification techniques. Why and how these techniques are currently used and what their benefits are in the context of e-participation is missing so far. In this paper, we aim to address these challenges by reviewing state of the art literature and practice in order to determine how current authentication techniques are used in e-participation. Furthermore, we conduct an expert survey in order to establish a baseline how current techniques are used and perceived. The results show that current practice focuses strongly on the use of the de facto standard user/password in e-participation. However, experts believe that multiple other authentication techniques such as biometrics or electronic signatures will become more important in future applications. Moreover, experts acknowledge the use of various authentication methods suitable for the level of participation, as opposed to current practice that often provides only one way of authentication. These findings will help to further develop and improve future technologies and applications to support participatory processes for citizens' involvement.},
  url={https://doi.org/10.1109/ARES.2016.82},
  month={Aug}
  }

• M. Leitner, A. Bonitz, B. Herzog, W. Hötzendorfer, C. Kenngott, T. Kuhta, O. Terbu, S. Vogl, and S. Zehetbauer, “A versatile, secure and privacy-aware tool for online participation,” in 20th IEEE international enterprise distributed object computing workshop, EDOC workshops 2016, vienna, austria, september 5-9, 2016, Vienna, Austria, 2016. doi:10.1109/EDOCW.2016.7584342
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  Online participations have increased in recent years and various tools emerged to support participatory processes. However, often they support only one level of participation such as information, consultation or co-operation and definite security and privacy considerations seem to be not a priority. What is missing so far is a secure and flexible tool that can be used for multiple purposes and integrates security and privacy considerations from the beginning. In this paper, we propose a tool for online participation that supports multiple levels of participation, provides authentication with different electronic identities (eIDs), incorporates security and privacy by design and ensures interoperability to existing identity solutions. For example, with the use of different eIDs (if adequate to the level of participation), we expect to enable a low threshold for participation. Based on the aforementioned requirements, we expect to increase the trust between operators and participants in online participations in the long run.

  @inproceedings{LeitnerBHHKKTVZ_versatile_2016,
  address = {Vienna, Austria},
  title = {A versatile, secure and privacy-aware tool for online participation},
  booktitle = {20th {IEEE} International Enterprise Distributed Object Computing Workshop, {EDOC} Workshops 2016, Vienna, Austria, September 5-9, 2016},
  publisher = {IEEE},
  author = {Leitner, Maria and Bonitz, Arndt and Herzog, Bernd and H{\"{o}}tzendorfer, Walter and Kenngott, Christian and Kuhta, Thomas and Terbu, Oliver and Vogl, Stefan and Zehetbauer, Sebastian},
  year = {2016},
  abstract = {Online participations have increased in recent years and various tools emerged to support participatory processes. However, often they support only one level of participation such as information, consultation or co-operation and definite security and privacy considerations seem to be not a priority. What is missing so far is a secure and flexible tool that can be used for multiple purposes and integrates security and privacy considerations from the beginning. In this paper, we propose a tool for online participation that supports multiple levels of participation, provides authentication with different electronic identities (eIDs), incorporates security and privacy by design and ensures interoperability to existing identity solutions. For example, with the use of different eIDs (if adequate to the level of participation), we expect to enable a low threshold for participation. Based on the aforementioned requirements, we expect to increase the trust between operators and participants in online participations in the long run.},
  doi = {10.1109/EDOCW.2016.7584342},
  url = {http://dx.doi.org/10.1109/EDOCW.2016.7584342}
  }

• I. Serov and M. Leitner, “An experimental approach to reputation in e-participation,” in International conference on software security and assurance (icssa), St. Pölten, Austria, 2016, pp. 37-42. doi:10.1109/ICSSA.2016.14
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  E-participation is about ICT-supported participation of citizens in democratic processes and procedures (e.g., consultation or co-creation). Research has mostly centered on the development of tools to model and deploy ICT-supported democratic processes. So far, the integration and use of reputation has only been rarely considered even tough reputation systems provide ratings that could be adapted well to the context of e-participation e.g., evaluating and rating comments and activities of users. Furthermore, reputation in e-participation can increase the trust between users (e.g., new participants) and their activities e.g., commenting or rating. In this paper, we aim to address reputation in e-participation with an overview of state of the art and an experimental reputation model for e-participation. The model measures not only the quality of comments but also the activity of users. Thereby, a certain level of assurance is enabled by users itself; they can mark unqualified posts that can be removed at a certain level. For future work, we aim to perform user acceptance tests in order to identify potential chances and pitfalls and further enhance the proposed solution.

  @inproceedings{SerovL_experimental_2016,
  address = {St. Pölten, Austria},
  title = {An Experimental Approach to Reputation in E-participation},
  booktitle = {International Conference on Software Security and Assurance (ICSSA)},
  publisher = {IEEE},
  author = {Serov, Igor and Leitner, Maria},
  year = {2016},
  pages = {37-42},
  abstract = {E-participation is about ICT-supported participation of citizens in democratic processes and procedures (e.g., consultation or co-creation). Research has mostly centered on the development of tools to model and deploy ICT-supported democratic processes. So far, the integration and use of reputation has only been rarely considered even tough reputation systems provide ratings that could be adapted well to the context of e-participation e.g., evaluating and rating comments and activities of users. Furthermore, reputation in e-participation can increase the trust between users (e.g., new participants) and their activities e.g., commenting or rating. In this paper, we aim to address reputation in e-participation with an overview of state of the art and an experimental reputation model for e-participation. The model measures not only the quality of comments but also the activity of users. Thereby, a certain level of assurance is enabled by users itself; they can mark unqualified posts that can be removed at a certain level. For future work, we aim to perform user acceptance tests in order to identify potential chances and pitfalls and further enhance the proposed solution.},
  doi={10.1109/ICSSA.2016.14},
  url = {https://doi.org/10.1109/ICSSA.2016.14},
  month={Aug}
  }

• F. Skopik, M. Leitner, and T. Pahi, “Cisa: establishing national cyber situational awareness to counter new threats,” Ercim news, iss. 106, p. 52–53, 2016.
  [BibTeX] [Abstract] [URL]
  

  The final draft of the Network and Information Security (NIS) Directive stipulates that operators of essential services and digital service providers must report certain security incidents to competent authorities or national computer security incident response teams (CSIRTs) in their member state. It is the authorities’ job to collect and process information about security incidents to increase network security in all organisations by issuing early warnings, assisting in mitigation actions, or distributing recommendations and best practices. However, before an appropriate response to a severe cyber situation can be undertaken, it is essential to establish cyber situational awareness – which turns out to be a tricky task.

  @article{SkopikLP_cisa:_2016,
  title = {CISA: Establishing National Cyber Situational Awareness to Counter New Threats},
  url = {http://ercim-news.ercim.eu/en106/special/cisa-establishing-national-cyber-situational-awareness-to-counter-new-threats},
  number = {106},
  journal = {ERCIM News},
  author = {Skopik, Florian and Leitner, Maria and Pahi, Timea},
  month = jul,
  year = {2016},
  note = {Open Access},
  abstract = {The final draft of the Network and Information Security (NIS) Directive stipulates that operators of essential services and digital service providers must report certain security incidents to competent authorities or national computer security incident response teams (CSIRTs) in their member state. It is the authorities’ job to collect and process information about security incidents to increase network security in all organisations by issuing early warnings, assisting in mitigation actions, or distributing recommendations and best practices. However, before an appropriate response to a severe cyber situation can be undertaken, it is essential to establish cyber situational awareness – which turns out to be a tricky task.},
  note ={Open Access},
  pages = {52--53}
  }

• J. Schossböck, M. Sachs, and M. Leitner, “E-Participation Platform Features and Design Principles,” in CeDEM16 Proceedings of the International Conference for E-Democracy and Open Government 2016, Krems, Austria, 2016, p. 69–74.
  [BibTeX] [URL] [Download PDF]

  @inproceedings{SchossbockSL_e-participation_2016,
  address = {Krems, Austria},
  title = {E-{Participation} {Platform} {Features} and {Design} {Principles}},
  isbn = {978-3-902505-81-1},
  url = {http://www.donau-uni.ac.at/imperia/md/content/department/gpa/zeg/bilder/cedem/cedem16/cedem16_inhalt_160414.pdf},
  booktitle = {{CeDEM}16 {Proceedings} of the {International} {Conference} for {E}-{Democracy} and {Open} {Government} 2016},
  publisher = {Edition Donau-Universität Krems},
  author = {Schossböck, Judith and Sachs, Michael and Leitner, Maria},
  editor = {Parycek, Peter and Edelmann, Noella},
  year = {2016},
  note = {Open Access},
  note = {Austria has seen some efforts in e-participation initiatives during the last years, for instance in the area of urban design. However, a single official platform (“one-stop”-principle) comprising many e-participation processes for a broader target group is so far missing. In the KIRAS project “ePartizipation” researchers and practitioners have worked on a demonstrator for a platform that seeks to integrate multiple online identification methods and is able to offer activities on different levels of e-participation. This paper describes the conceptualisation of the platform and the inherent design principles, in particular related to Privacy by Design and e-inclusion.},
  pages = {69--74}
  }

• S. Kriglstein, M. Leitner, S. Kabicher-Fuchs, and S. Rinderle-Ma, “Evaluation Methods in Process-Aware Information Systems Research with a Perspective on Human Orientation,” Business & information systems engineering, vol. 58, iss. 6, p. 397–414, 2016. doi:10.1007/s12599-016-0427-3
  [BibTeX] [Abstract] [URL]
  

  Research on process-aware information systems (PAIS) has experienced a dramatic growth in recent years. Lately, a particular increase of empirical studies and focus on human oriented research questions could be observed, leading to an expansion of applied evaluation methods in PAIS research. At the same time, it can be observed that evaluation methods are not always applied in a systematic manner and related terminology is at times used in an ambiguous way. Hence, the paper aims at investigating evaluation methods that are typically employed in PAIS research with a special focus on human orientation. The applied methodology includes a literature review, an expert survey, and a focus group. The authors present their findings as a collection of typical evaluation methods and the related PAIS artifacts. They highlight which evaluation methods are currently used and which evaluation methods could be of interest for future PAIS research efforts.

  @article{KriglsteinLKR_evaluation_2016,
  title = {Evaluation {Methods} in {Process}-{Aware} {Information} {Systems} {Research} with a {Perspective} on {Human} {Orientation}},
  volume = {58},
  issn = {1867-0202},
  url = {http://dx.doi.org/10.1007/s12599-016-0427-3},
  doi = {10.1007/s12599-016-0427-3},
  abstract = {Research on process-aware information systems (PAIS) has experienced a dramatic growth in recent years. Lately, a particular increase of empirical studies and focus on human oriented research questions could be observed, leading to an expansion of applied evaluation methods in PAIS research. At the same time, it can be observed that evaluation methods are not always applied in a systematic manner and related terminology is at times used in an ambiguous way. Hence, the paper aims at investigating evaluation methods that are typically employed in PAIS research with a special focus on human orientation. The applied methodology includes a literature review, an expert survey, and a focus group. The authors present their findings as a collection of typical evaluation methods and the related PAIS artifacts. They highlight which evaluation methods are currently used and which evaluation methods could be of interest for future PAIS research efforts.},
  number = {6},
  journal = {Business \& Information Systems Engineering},
  author = {Kriglstein, Simone and Leitner, Maria and Kabicher-Fuchs, Sonja and Rinderle-Ma, Stefanie},
  year = {2016},
  note = {Open Access},
  pages = {397--414}
  }

2015

• M. Leitner, Z. Ma, and S. Rinderle-Ma, “A Cross-Layer Security Analysis for Process-Aware Information Systems,” Arxiv:1507.03415 [cs], 2015.
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  Information security in Process-aware Information System (PAIS) relies on many factors, including security of business process and the underlying system and technologies. Moreover, humans can be the weakest link that creates pathway to vulnerabilities, or the worst enemy that compromises a well-defended system. Since a system is as secure as its weakest link, information security can only be achieved in PAIS if all factors are secure. In this paper, we address two research questions: how to conduct a cross-layer security analysis that couple security concerns at business process layer as well as at the technical layer; and how to include human factor into the security analysis for the identification of human-oriented vulnerabilities and threats. We propose a methodology that supports the tracking of security interdependencies between functional, technical, and human aspects which contribute to establish a holistic approach to information security in PAIS. We demonstrate the applicability with a scenario from the payment card industry.

  @report{LeitnerMR_cross-layer_2015,
  title = {A {Cross}-{Layer} {Security} {Analysis} for {Process}-{Aware} {Information} {Systems}},
  url = {http://arxiv.org/abs/1507.03415},
  abstract = {Information security in Process-aware Information System (PAIS) relies on many factors, including security of business process and the underlying system and technologies. Moreover, humans can be the weakest link that creates pathway to vulnerabilities, or the worst enemy that compromises a well-defended system. Since a system is as secure as its weakest link, information security can only be achieved in PAIS if all factors are secure. In this paper, we address two research questions: how to conduct a cross-layer security analysis that couple security concerns at business process layer as well as at the technical layer; and how to include human factor into the security analysis for the identification of human-oriented vulnerabilities and threats. We propose a methodology that supports the tracking of security interdependencies between functional, technical, and human aspects which contribute to establish a holistic approach to information security in PAIS. We demonstrate the applicability with a scenario from the payment card industry.},
  urldate = {2016-06-16},
  journal = {arXiv:1507.03415 [cs]},
  author = {Leitner, Maria and Ma, Zhendong and Rinderle-Ma, Stefanie},
  month = jul,
  year = {2015},
  note = {arXiv: 1507.03415}
  }

2014

• M. Leitner and S. Rinderle-Ma, “A systematic review on security in process-aware information systems – constitution, challenges, and future directions,” Information and software technology, vol. 56, iss. 3, p. 273–293, 2014. doi:10.1016/j.infsof.2013.12.004
  [BibTeX] [Abstract] [URL]
  

  Context Security in Process-Aware Information Systems (PAIS) has gained increased attention in current research and practice. However, a common understanding and agreement on security is still missing. In addition, the proliferation of literature makes it cumbersome to overlook and determine state of the art and further to identify research challenges and gaps. In summary, a comprehensive and systematic overview of state of the art in research and practice in the area of security in PAIS is missing. Objective This paper investigates research on security in PAIS and aims at establishing a common understanding of terminology in this context. Further it investigates which security controls are currently applied in PAIS. Method A systematic literature review is conducted in order to classify and define security and security controls in PAIS. From initially 424 papers, we selected in total 275 publications that related to security and PAIS between 1993 and 2012. Furthermore, we analyzed and categorized the papers using a systematic mapping approach which resulted into 5 categories and 12 security controls. Results In literature, security in PAIS often centers on specific (security) aspects such as security policies, security requirements, authorization and access control mechanisms, or inter-organizational scenarios. In addition, we identified 12 security controls in the area of security concepts, authorization and access control, applications, verification, and failure handling in PAIS. Based on the results, open research challenges and gaps are identified and discussed with respect to possible solutions. Conclusion This survey provides a comprehensive review of current security practice in PAIS and shows that security in PAIS is a challenging interdisciplinary research field that assembles research methods and principles from security and PAIS. We show that state of the art provides a rich set of methods such as access control models but still several open research challenges remain.

  @article{LeitnerR_systematic_2014,
  title = {A systematic review on security in Process-Aware Information Systems – Constitution, challenges, and future directions},
  volume = {56},
  issn = {0950-5849},
  url = {http://www.sciencedirect.com/science/article/pii/S0950584913002334},
  doi = {10.1016/j.infsof.2013.12.004},
  number = {3},
  urldate = {2014-01-15},
  journal = {Information and Software Technology},
  author = {Leitner, Maria and Rinderle-Ma, Stefanie},
  month = mar,
  abstract = {Context
  Security in Process-Aware Information Systems (PAIS) has gained increased attention in current research and practice. However, a common understanding and agreement on security is still missing. In addition, the proliferation of literature makes it cumbersome to overlook and determine state of the art and further to identify research challenges and gaps. In summary, a comprehensive and systematic overview of state of the art in research and practice in the area of security in PAIS is missing.
  Objective
  This paper investigates research on security in PAIS and aims at establishing a common understanding of terminology in this context. Further it investigates which security controls are currently applied in PAIS.
  Method
  A systematic literature review is conducted in order to classify and define security and security controls in PAIS. From initially 424 papers, we selected in total 275 publications that related to security and PAIS between 1993 and 2012. Furthermore, we analyzed and categorized the papers using a systematic mapping approach which resulted into 5 categories and 12 security controls.
  Results
  In literature, security in PAIS often centers on specific (security) aspects such as security policies, security requirements, authorization and access control mechanisms, or inter-organizational scenarios. In addition, we identified 12 security controls in the area of security concepts, authorization and access control, applications, verification, and failure handling in PAIS. Based on the results, open research challenges and gaps are identified and discussed with respect to possible solutions.
  Conclusion
  This survey provides a comprehensive review of current security practice in PAIS and shows that security in PAIS is a challenging interdisciplinary research field that assembles research methods and principles from security and PAIS. We show that state of the art provides a rich set of methods such as access control models but still several open research challenges remain.},
  year = {2014},
  note = {Open Access},
  pages = {273--293}
  }

• M. Leitner and S. Rinderle-Ma, “Anomaly detection and visualization in rbac models,” in Proceedings of the 19th acm symposium on access control models and technologies (sacmat), New York, NY, USA, 2014, pp. 41-52. doi:10.1145/2613087.2613105
  [BibTeX] [Abstract] [URL]
  

  With the wide use of Role-based Access Control (RBAC), the need for monitoring, evaluation, and verification of RBAC implementations (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is evident. In this paper, we aim at detecting and identifying anomalies that originate from insiders such as the infringement of rights or irregular activities. To do that, we compare prescriptive (original) RBAC models (i.e. how the RBAC model is expected to work) with generative (current-state) RBAC models (i.e. the actual accesses represented by an RBAC model obtained with mining techniques). For this we present different similarity measures for RBAC models and their entities. We also provide techniques for visualizing anomalies within RBAC models based on difference graphs. This can be used for the alignment of RBAC models such as for policy updates or reconciliation. The effectiveness of the approach is evaluated based on a prototypical implementation and an experiment.

  @INPROCEEDINGS{LeitnerR_anomaly_2014,
  author = {Leitner, Maria and Rinderle-Ma, Stefanie},
  title = {Anomaly Detection and Visualization in RBAC Models},
  booktitle = {Proceedings of the 19th ACM Symposium on Access Control Models and Technologies (SACMAT)},
  address = {New York, NY, USA},
  series = {{SACMAT} '14},
  year = {2014},
  abstract = {With the wide use of Role-based Access Control (RBAC), the need for monitoring, evaluation, and verification of RBAC implementations (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is evident. In this paper, we aim at detecting and identifying anomalies that originate from insiders such as the infringement of rights or irregular activities. To do that, we compare prescriptive (original) RBAC models (i.e. how the RBAC model is expected to work) with generative (current-state) RBAC models (i.e. the actual accesses represented by an RBAC model obtained with mining techniques). For this we present different similarity measures for RBAC models and their entities. We also provide techniques for visualizing anomalies within RBAC models based on difference graphs. This can be used for the alignment of RBAC models such as for policy updates or reconciliation. The effectiveness of the approach is evaluated based on a prototypical implementation and an experiment.},
  pages = {41-52},
  isbn = {978-1-4503-2939-2},
  url = {http://doi.acm.org/10.1145/2613087.2613105},
  doi = {10.1145/2613087.2613105},
  publisher = {{ACM}}
  }

• M. Leitner, “Security policy integration and life cycle management in process-aware information systems,” phd PhD Thesis, wien, 2014.
  [BibTeX] [Abstract] [URL]
  

  Process-aware Information Systems (PAIS) are information systems that manage and execute operational processes involving people, resources, and applications in a process-oriented way. To satisfy business needs, PAIS cover a set of requirements: they manage a multitude of participants, resources, and private and public information, and provide means for intra- and inter-organizational business processes. PAIS implementations range from information systems with process support (e.g., databases or document management systems) to application-specific implementations and generic solutions such as workflow systems. With the different forms and requirements of PAIS, it is imminent that security becomes a central concern. Although research has started to investigate security in PAIS, current state of research and practice is unbalanced. For example, there is a missing agreement on technology and controls. A reason is that PAIS research has centered on the development of core features of PAIS so far and neglected to thrive and foster security techniques. As the design and implementation of security policies is a fundamental key to a successful implementation of secure software systems, this thesis centers on the integration of security policies in PAIS. This thesis aimed at providing an integrated view on security policies in PAIS. Particularly, we investigated the security policy life cycle in combination with the business process life cycle. Together, the integrated view contributes to the implementation of security policies in business processes which further strengthens the IT security and compliance management in organizations. In the thesis, techniques were analyzed and provided on how to design and model, to enact and enforce, and to evaluate security policies in business processes. One main contribution is an Role-based Access Control (RBAC) model that incorporates structural aspects that are typically represented in business processes.

  @phdthesis{Leitner_security_2014,
  address = {wien},
  type = {phd},
  title = {Security policy integration and life cycle management in process-aware information systems},
  copyright = {All rights reserved},
  url = {http://othes.univie.ac.at/36146/},
  abstract = {Process-aware Information Systems (PAIS) are information systems that manage and execute operational processes involving people, resources, and applications in a process-oriented way. To satisfy business needs, PAIS cover a set of requirements: they manage a multitude of participants, resources, and private and public information, and provide means for intra- and inter-organizational business processes. PAIS implementations range from information systems with process support (e.g., databases or document management systems) to application-specific implementations and generic solutions such as workflow systems. With the different forms and requirements of PAIS, it is imminent that security becomes a central concern. Although research has started to investigate security in PAIS, current state of research and practice is unbalanced. For example, there is a missing agreement on technology and controls. A reason is that PAIS research has centered on the development of core features of PAIS so far and neglected to thrive and foster security techniques. As the design and implementation of security policies is a fundamental key to a successful implementation of secure software systems, this thesis centers on the integration of security policies in PAIS. This thesis aimed at providing an integrated view on security policies in PAIS. Particularly, we investigated the security policy life cycle in combination with the business process life cycle. Together, the integrated view contributes to the implementation of security policies in business processes which further strengthens the IT security and compliance management in organizations. In the thesis, techniques were analyzed and provided on how to design and model, to enact and enforce, and to evaluate security policies in business processes. One main contribution is an Role-based Access Control (RBAC) model that incorporates structural aspects that are typically represented in business processes.},
  urldate = {2016-06-14},
  school = {University of Vienna},
  author = {Leitner, Maria},
  year = {2014}
  }

2013

• M. Leitner, A. Baumgrass, S. Schefer-Wenzl, S. Rinderle-Ma, and M. Strembeck, “A case study on the suitability of process mining to produce current-state RBAC models,” in Business process management workshops, 2013, p. 719–724. doi:10.1007/978-3-642-36285-9_72
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  Role-based access control ({RBAC)} is commonly used to implement authorization procedures in Process-aware information systems ({PAIS).} Process mining refers to a bundle of algorithms that typically discover process models from event log data produced during the execution of real-world processes. Beyond pure control flow mining, some techniques focus on the discovery of organizational information from event logs. However, a systematic analysis and comparison of these approaches with respect to their suitability for mining {RBAC} models is still missing. This paper works towards filling this gap and provides a first guidance for applying mining techniques for deriving {RBAC} models.

  @inproceedings{LeitnerBSRS_case_2013,
  series = {LNBIP},
  title = {A Case Study on the Suitability of Process Mining to Produce Current-State {RBAC} Models},
  copyright = {©2013 Springer-Verlag Berlin Heidelberg},
  isbn = {978-3-642-36284-2, 978-3-642-36285-9},
  url = {http://link.springer.com/chapter/10.1007/978-3-642-36285-9_72},
  abstract = {Role-based access control ({RBAC)} is commonly used to implement authorization procedures in Process-aware information systems ({PAIS).} Process mining refers to a bundle of algorithms that typically discover process models from event log data produced during the execution of real-world processes. Beyond pure control flow mining, some techniques focus on the discovery of organizational information from event logs. However, a systematic analysis and comparison of these approaches with respect to their suitability for mining {RBAC} models is still missing. This paper works towards filling this gap and provides a first guidance for applying mining techniques for deriving {RBAC} models.},
  number = {132},
  urldate = {2013-02-08},
  booktitle = {Business Process Management Workshops},
  publisher = {Springer},
  author = {Leitner, Maria and Baumgrass, Anne and Schefer-Wenzl, Sigrid and Rinderle-Ma, Stefanie and Strembeck, Mark},
  month = jan,
  year = {2013},
  doi = {10.1007/978-3-642-36285-9_72},
  pages = {719--724}
  }

• M. Leitner, M. Miller, and S. Rinderle-Ma, “An analysis and evaluation of security aspects in the business process model and notation,” in Proceedings of the 8th international conference on availability, reliability and security (ares), 2013, pp. 262-267. doi:10.1109/ARES.2013.34
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  Enhancing existing business process modeling languages with security concepts has attracted increased attention in research and several graphical notations and symbols have been proposed. How these extensions can be comprehended by users has not been evaluated yet. However, the comprehensibility of security concepts integrated within business process models is of utmost importance for many purposes such as communication, training, and later automation within a process-aware information system. If users do not understand the security concepts, this might lead to restricted acceptance or even misinterpretation and possible security problems in the sequel. In this paper, we evaluate existing security extensions of Business Process Model and Notation (BPMN) as BPMN constitutes the de facto standard in business modeling languages nowadays. The evaluation is conducted along two lines, i.e., a literature study and a survey. The findings of both evaluations identify shortcomings and open questions of existing approaches. This will yield the basis to convey security-related information within business process models in a comprehensible way and consequently, unleash the full effects of security modeling in business processes.

  @inproceedings{LeitnerMR_analysis_2013,
  title = {An Analysis and Evaluation of Security Aspects in the Business Process Model and Notation},
  publisher = {{IEEE}},
  booktitle = {Proceedings of the 8th International Conference on Availability, Reliability and Security (ARES)},
  author = {Leitner, Maria and Miller, Michelle and Rinderle-Ma, Stefanie},
  abstract = {Enhancing existing business process modeling languages with security concepts has attracted increased attention in research and several graphical notations and symbols have been proposed. How these extensions can be comprehended by users has not been evaluated yet. However, the comprehensibility of security concepts integrated within business process models is of utmost importance for many purposes such as communication, training, and later automation within a process-aware information system. If users do not understand the security concepts, this might lead to restricted acceptance or even misinterpretation and possible security problems in the sequel. In this paper, we evaluate existing security extensions of Business Process Model and Notation (BPMN) as BPMN constitutes the de facto standard in business modeling languages nowadays. The evaluation is conducted along two lines, i.e., a literature study and a survey. The findings of both evaluations identify shortcomings and open questions of existing approaches. This will yield the basis to convey security-related information within business process models in a comprehensible way and consequently, unleash the full effects of security modeling in business processes.},
  pages = {262-267},
  doi = {10.1109/ARES.2013.34},
  url = {http://dx.doi.org/10.1109/ARES.2013.34},
  pdf = {LeitnerMR_analysis_2013},
  year = {2013}
  }

• M. Leitner, S. Schefer-Wenzl, S. Rinderle-Ma, and M. Strembeck, “An experimental study on the design and modeling of security concepts in business processes,” in Proceedings of the 6th IFIP WG 8.1 working conference on the practice of enterprice modeling (PoEM), 2013, pp. 236-250. doi:10.1007/978-3-642-41641-5_17
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  In recent years, business process models are used to define security properties for the corresponding business information systems. In this context, a number of approaches emerged that integrate security properties into standard process modeling languages. Often, these security properties are depicted as text annotations or graphical extensions. However, because the symbols of process-related security properties are not standardized, different issues concerning the comprehensibility and maintenance of the respective models arise. In this paper, we present the initial results of an experimental study on the design and modeling of 11 security concepts in a business process context. In particular, we center on the semantic transparency of the visual symbols that are intended to represent the different concepts (i.e. the one-to-one correspondence between the symbol and its meaning). Our evaluation showed that various symbols exist which are well-perceived. However, further studies are necessary to dissolve a number of remaining issues.

  @inproceedings{LeitnerSRS_experimental_2013,
  title = {An Experimental Study on the Design and Modeling of Security Concepts in Business Processes},
  series = {Lecture {Notes} in {Business} {Information} {Processing}},
  booktitle = {Proceedings of the 6th {IFIP} {WG} 8.1 Working Conference on the Practice of Enterprice Modeling ({PoEM)}},
  editor = {Grabis, Janis and Kirikova, Marite and Zdravkovic, Jelena and Stirna, Janis},
  publisher = {Springer},
  author = {Leitner, Maria and Schefer-Wenzl, Sigrid and Rinderle-Ma, Stefanie and Strembeck, Mark},
  isbn = {978-3-642-41640-8 978-3-642-41641-5},
  url = {http://link.springer.com/chapter/10.1007/978-3-642-41641-5_17},
  doi = {10.1007/978-3-642-41641-5\_17},
  abstract = {In recent years, business process models are used to define security properties for the corresponding business information systems. In this context, a number of approaches emerged that integrate security properties into standard process modeling languages. Often, these security properties are depicted as text annotations or graphical extensions. However, because the symbols of process-related security properties are not standardized, different issues concerning the comprehensibility and maintenance of the respective models arise. In this paper, we present the initial results of an experimental study on the design and modeling of 11 security concepts in a business process context. In particular, we center on the semantic transparency of the visual symbols that are intended to represent the different concepts (i.e. the one-to-one correspondence between the symbol and its meaning). Our evaluation showed that various symbols exist which are well-perceived. However, further studies are necessary to dissolve a number of remaining issues.},
  pages = {236-250},
  year = {2013}
  }

• M. Leitner, “Delta analysis of role-based access control models,” in Proceedings of the 14th international conference on computer aided systems theory (EUROCAST 2013), 2013, p. 507–514. doi:10.1007/978-3-642-53856-8_64
  [BibTeX] [Abstract] [URL]
  

  Role-based Access Control (RBAC) is de facto standard for access control in Process-aware Information Systems (PAIS); it grants authorization to users based on roles (i.e. sets of permissions). So far, research has centered on the design and run time aspects of RBAC. An evaluation and verification of a RBAC system (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is still missing. In this paper, we propose delta analysis of RBAC models which compares a prescriptive RBAC model (i.e. how users are expected to work) with a RBAC model (i.e. how users have actually worked) derived from event logs. To do that, we transform RBAC models to graphs and analyze them for structural similarities and differences. Differences can indicate security violations such as unauthorized access. For future work, we plan to investigate semantic differences between RBAC models.

  @inproceedings{Leitner_delta_2013,
  series = {{LNCS}},
  title = {Delta Analysis of Role-based Access Control Models},
  volume = {8111},
  doi = {10.1007/978-3-642-53856-8_64},
  booktitle = {Proceedings of the 14th International Conference on Computer Aided Systems Theory ({EUROCAST} 2013)},
  publisher = {Springer},
  author = {Leitner, Maria},
  year = {2013},
  abstract = {Role-based Access Control (RBAC) is de facto standard for access control in Process-aware Information Systems (PAIS); it grants authorization to users based on roles (i.e. sets of permissions). So far, research has centered on the design and run time aspects of RBAC. An evaluation and verification of a RBAC system (e.g., to evaluate ex post which users acting in which roles were authorized to execute permissions) is still missing. In this paper, we propose delta analysis of RBAC models which compares a prescriptive RBAC model (i.e. how users are expected to work) with a RBAC model (i.e. how users have actually worked) derived from event logs. To do that, we transform RBAC models to graphs and analyze them for structural similarities and differences. Differences can indicate security violations such as unauthorized access. For future work, we plan to investigate semantic differences between RBAC models.},
  url = {http://dx.doi.org/10.1007/978-3-642-53856-8_64},
  pages = {507--514}
  }

2012

• M. Leitner, J. Mangler, and S. Rinderle-Ma, “Definition and enactment of instance-spanning process constraints,” in Web information systems engineering – WISE 2012, 2012, p. 652–658. doi:10.1007/978-3-642-35063-4_49
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  Currently, many approaches address the enforcement and monitoring of constraints over business processes. However, main focus has been put on constraint verification for intra-instance process constraints so far, i.e., constraints that affect single instances. Existing approaches addressing instance-spanning constraints only consider certain scenarios. In other words, a holistic approach considering intra-instance, inter-instance, and inter-process constraints is still missing. This paper aims at closing this gap. First of all, we show how the Identification and Unification of Process Constraints ({IUPC)} compliance framework enables the definition of instance-spanning process constraints in a flexible and generic way. Their enactment and enforcement is demonstrated within a prototypical implementation based on a service-oriented architecture.

  @inproceedings{LeitnerMR_definition_2012,
  series = {LNCS},
  title = {Definition and Enactment of Instance-Spanning Process Constraints},
  copyright = {©2012 Springer-Verlag Berlin Heidelberg},
  isbn = {978-3-642-35062-7, 978-3-642-35063-4},
  url = {http://link.springer.com/chapter/10.1007/978-3-642-35063-4_49},
  abstract = {Currently, many approaches address the enforcement and monitoring of constraints over business processes. However, main focus has been put on constraint verification for intra-instance process constraints so far, i.e., constraints that affect single instances. Existing approaches addressing instance-spanning constraints only consider certain scenarios. In other words, a holistic approach considering intra-instance, inter-instance, and inter-process constraints is still missing. This paper aims at closing this gap. First of all, we show how the Identification and Unification of Process Constraints ({IUPC)} compliance framework enables the definition of instance-spanning process constraints in a flexible and generic way. Their enactment and enforcement is demonstrated within a prototypical implementation based on a service-oriented architecture.},
  number = {7651},
  urldate = {2013-04-02},
  booktitle = {Web Information Systems Engineering - {WISE} 2012},
  publisher = {Springer},
  author = {Leitner, Maria and Mangler, Juergen and Rinderle-Ma, Stefanie},
  month = jan,
  year = {2012},
  doi = {10.1007/978-3-642-35063-4_49},
  pages = {652--658}
  }

• P. P. Beran, E. Vinek, E. Schikuta, and M. Leitner, “An adaptive heuristic approach to service selection problems in dynamic distributed systems,” in Proceedings of the IEEE/ACM international workshop on grid computing, 2012, p. 66–75. doi:10.1109/Grid.2012.26
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  Quality-of-Service (QoS) aware service selectionproblems are a crucial issue in both Grids and distributed, service-oriented systems. When several implementations perservice exist, one has to be selected for each workflow step. Several heuristics have been proposed, including blackboardand genetic algorithms. Their applicability and performancehas already been assessed for static systems. In order to coverreal-world scenarios, the approaches are required to deal withdynamics of distributed systems. In this paper, we proposea representation of these dynamic aspects and enhance ouralgorithms to efficiently capture them. The algorithms areevaluated in terms of scalability and runtime performance, taking into account their adaptability to system changes. Bycombining both algorithms, we envision a global approach toQoS-aware service selection applicable to static and dynamicsystems. We prove our hypothesis by deploying the algorithmsin a Cloud environment (Google App Engine) that allows tosimulate and evaluate different system configurations.

  @inproceedings{BeranVSL_adaptive_2012,
  title = {An Adaptive Heuristic Approach to Service Selection Problems in Dynamic Distributed Systems},
  issn = {1550-5510},
  doi = {10.1109/Grid.2012.26},
  booktitle = {Proceedings of the {IEEE/ACM} International Workshop on Grid Computing},
  author = {Beran, Peter Paul and Vinek, Elisabeth and Schikuta, Erich and Leitner, Maria},
  year = {2012},
  publisher = {{IEEE} Computer Society},
  url = {http://doi.ieeecomputersociety.org/10.1109/Grid.2012.26},
  abstract = {Quality-of-Service (QoS) aware service selectionproblems are a crucial issue in both Grids and distributed, service-oriented systems. When several implementations perservice exist, one has to be selected for each workflow step. Several heuristics have been proposed, including blackboardand genetic algorithms. Their applicability and performancehas already been assessed for static systems. In order to coverreal-world scenarios, the approaches are required to deal withdynamics of distributed systems. In this paper, we proposea representation of these dynamic aspects and enhance ouralgorithms to efficiently capture them. The algorithms areevaluated in terms of scalability and runtime performance, taking into account their adaptability to system changes. Bycombining both algorithms, we envision a global approach toQoS-aware service selection applicable to static and dynamicsystems. We prove our hypothesis by deploying the algorithmsin a Cloud environment (Google App Engine) that allows tosimulate and evaluate different system configurations.},
  pages = {66--75}
  }

2011

• M. Leitner, “Security policies in adaptive process-aware information systems: existing approaches and challenges,” in 2011 sixth international conference on availability, reliability and security (ARES), 2011, p. 686–691. doi:10.1109/ARES.2011.107
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  Enabling security is one of the key challenges in adaptive Process-Aware Information Systems ({PAIS).} Since automating business processes involves many participants, uses private and public data, and communicates with external services security becomes inevitable. In current systems, security is enforced by an access control model and supplementary constraints imposed on workflow activities. However, existing systems provide individual implementations for security policies (e.g. separation of duties) and leave out other constraints (e.g. inter-process constraints). What is missing is a systematic analysis of security policies in {PAIS.} Hence, in this paper, we display state of the art and provide a taxonomy of security policies in {PAIS.} Furthermore, a detailed analysis of research challenges and issues is presented. We will show that there are still shortcomings and identify important requirements for security in {PAIS.} We will also point out open questions related to specifying, modeling, and changing security policies which will provide a road map for future research.

  @inproceedings{Leitner_security_2011,
  title = {Security Policies in Adaptive Process-Aware Information Systems: Existing Approaches and Challenges},
  isbn = {978-1-4577-0979-1},
  shorttitle = {Security Policies in Adaptive Process-Aware Information Systems},
  doi = {10.1109/ARES.2011.107},
  abstract = {Enabling security is one of the key challenges in adaptive Process-Aware Information Systems ({PAIS).} Since automating business processes involves many participants, uses private and public data, and communicates with external services security becomes inevitable. In current systems, security is enforced by an access control model and supplementary constraints imposed on workflow activities. However, existing systems provide individual implementations for security policies (e.g. separation of duties) and leave out other constraints (e.g. inter-process constraints). What is missing is a systematic analysis of security policies in {PAIS.} Hence, in this paper, we display state of the art and provide a taxonomy of security policies in {PAIS.} Furthermore, a detailed analysis of research challenges and issues is presented. We will show that there are still shortcomings and identify important requirements for security in {PAIS.} We will also point out open questions related to specifying, modeling, and changing security policies which will provide a road map for future research.},
  booktitle = {2011 Sixth International Conference on Availability, Reliability and Security ({ARES)}},
  publisher = {{IEEE}},
  author = {Leitner, Maria},
  month = aug,
  year = {2011},
  pages = {686--691},
  url = {http://dx.doi.org/10.1109/ARES.2011.107}
  }

• M. Leitner, S. Rinderle-Ma, and J. Mangler, “AW-RBAC: access control in adaptive workflow systems,” in 2011 sixth international conference on availability, reliability and security (ARES), 2011, p. 27–34. doi:10.1109/ARES.2011.15
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  Flexibility is one of the key challenges for Workflow Systems nowadays. Typically, a workflow covers the following four aspects which might all be subject to change: control flow, data flow, organizational structures, and application components (services). Existing work in research and practice shows that changes must be applied in a controlled manner in order to avoid security problems. In this context, attempts have been made to manage administrative or operative changes using role-based access control ({RBAC)} models. However, most approaches focus on either administrative changes such as role updating and administration or operative changes, for example, inserting a new activity into a running workflow instance. The distinct handling of certain changes is cumbersome and hence should be reduced by introducing a {RBAC} model that pays attention to all kinds of possible workflow changes. Hence, in this paper, we present an extended {RBAC} model for adaptive workflow systems ({AW-RBAC)} that includes change operations and a variety of objects that are subject to change within workflow systems. Under such a model supervised administrative and operative changes can be enforced on a set of objects in workflow systems. Doing so, the {AW-RBAC} model improves security during workflow changes and reduces administration costs. The {AW-RBAC} model is evaluated by means of practical examples and a proof-of-concept implementation.

  @inproceedings{LeitnerRM_aw-rbac:_2011,
  title = {{AW-RBAC:} Access Control in Adaptive Workflow Systems},
  isbn = {978-1-4577-0979-1},
  shorttitle = {{AW-RBAC}},
  abstract = {Flexibility is one of the key challenges for Workflow Systems nowadays. Typically, a workflow covers the following four aspects which might all be subject to change: control flow, data flow, organizational structures, and application components (services). Existing work in research and practice shows that changes must be applied in a controlled manner in order to avoid security problems. In this context, attempts have been made to manage administrative or operative changes using role-based access control ({RBAC)} models. However, most approaches focus on either administrative changes such as role updating and administration or operative changes, for example, inserting a new activity into a running workflow instance. The distinct handling of certain changes is cumbersome and hence should be reduced by introducing a {RBAC} model that pays attention to all kinds of possible workflow changes. Hence, in this paper, we present an extended {RBAC} model for adaptive workflow systems ({AW-RBAC)} that includes change operations and a variety of objects that are subject to change within workflow systems. Under such a model supervised administrative and operative changes can be enforced on a set of objects in workflow systems. Doing so, the {AW-RBAC} model improves security during workflow changes and reduces administration costs. The {AW-RBAC} model is evaluated by means of practical examples and a proof-of-concept implementation.},
  language = {English},
  booktitle = {2011 Sixth International Conference on Availability, Reliability and Security ({ARES)}},
  publisher = {{IEEE}},
  author = {Leitner, Maria and Rinderle-Ma, Stefanie and Mangler, Jurgen},
  month = aug,
  year = {2011},
  pages = {27--34},
  url = {http://dx.doi.org/10.1109/ARES.2011.15},
  doi = {10.1109/ARES.2011.15}
  }

• M. Leitner, J. Mangler, and S. Rinderle-Ma, “SPRINT-Responsibilities: design and development of security policies in process-aware information systems,” Journal of wireless mobile networks, ubiquitous computing, and dependable applications (JoWUA), vol. 2, iss. 4, p. 4–26, 2011.
  [BibTeX] [URL]

  @article{LeitnerMR_sprint-responsibilities:_2011,
  title = {{SPRINT-Responsibilities:} Design and Development of Security Policies in Process-aware Information Systems},
  volume = {2},
  number = {4},
  journal = {Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications ({JoWUA)}},
  author = {Leitner, Maria and Mangler, Juergen and Rinderle-Ma, Stefanie},
  year = {2011},
  url = {http://isyou.info/jowua/papers/jowua-v2n4-1.pdf},
  note = {Open Access},
  note = {Process-Aware Information Systems (PAIS) enable the definition, execution, and management of business processes. Typically, processes are specified by control flow, data flow, and users or services, authorized to execute process tasks. During process execution, it is often necessary to access sensitive data such as patient or customer information. To secure this confidential data, the use of security policies becomes an essential factor for the application of PAIS in practice. In general, PAIS security policies are specified based on access rules and authorization constraints. On top of these rules, context policies referring to data, location, or time might pose restrictions. Over the years, several approaches for modeling and enforcing security policies in PAIS have appeared. Many of them restrict security policy specification to access rules and authorization constraints, but neglect additional properties such as context information. As a further limitation, security policies are often defined in a heterogeneous way: whereas access rules are mostly defined at process task level leading to a merge of process logic and security aspects, additional policies such as authorization constraints are defined separately from the process logic. Consequently, security policies are not stored and managed centrally, but are rather distributed over different PAIS components, for example, the process model repository or the organizational model manager. In this paper, we introduce the formal concepts behind our SPRINT approach that aims at the consequent separation of security policies and process logic. Specifically, the SPRINT security policy data model and design methodology based on the concepts of responsibilities, permissions, and constraints will be provided. The concepts are evaluated based on a comparison with existing PAIS and a demonstration of the SPRINT prototype. The goal is to unify diverse security policies in different PAIS subsystems, to make security policies independent of these subsystems in order to restrain complexity from process modeling and evolution, and to allow for comprehensive security policy development and maintenance.},
  pages = {4--26}
  }

• M. Leitner, S. Rinderle-Ma, and J. Mangler, “Responsibility-driven design and development of process-aware security policies,” in 2011 sixth international conference on availability, reliability and security (ARES), 2011, p. 334–341. doi:10.1109/ARES.2011.56
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  Process-Aware Information Systems (PAIS) enable the automated support of business processes that are executed by a combination of human actors and systems. As processes typically require access to sensitive data, security policies are of high importance. Typically security policies in PAIS range from access rules and authorization constraints to context policies (location, time) and are scattered over the multitude of heterogeneous PAIS components, i.e. process models, repositories, organizational structures, etc. Currently, different approaches for modeling and enforcing security policies exist that assume a set of explicitly defined security policies. Because of aforementioned heterogeneity, these approaches are suboptimal for PAIS. In order to improve upon existing approaches we present a security policy data model and design methodology, based on the concept of responsibilities, permissions and constraints. The goal is to not only unify diverse security policies in different PAIS subsystems, but also to make security policies independent of these subsystems to restrain complexity from process modeling and evolution, and to allow for comprehensive security policy development and maintenance.

  @inproceedings{LeitnerRM_responsibility-driven_2011,
  title = {Responsibility-driven Design and Development of Process-aware Security Policies},
  booktitle = {2011 Sixth International Conference on Availability, Reliability and Security ({ARES)}},
  publisher = {{IEEE}},
  author = {Leitner, Maria and Rinderle-Ma, Stefanie and Mangler, Juergen},
  year = {2011},
  abstract = {Process-Aware Information Systems (PAIS) enable the automated support of business processes that are executed by a combination of human actors and systems. As processes typically require access to sensitive data, security policies are of high importance. Typically security policies in PAIS range from access rules and authorization constraints to context policies (location, time) and are scattered over the multitude of heterogeneous PAIS components, i.e. process models, repositories, organizational structures, etc. Currently, different approaches for modeling and enforcing security policies exist that assume a set of explicitly defined security policies. Because of aforementioned heterogeneity, these approaches are suboptimal for PAIS. In order to improve upon existing approaches we present a security policy data model and design methodology, based on the concept of responsibilities, permissions and constraints. The goal is to not only unify diverse security policies in different PAIS subsystems, but also to make security policies independent of these subsystems to restrain complexity from process modeling and evolution, and to allow for comprehensive security policy development and maintenance.},
  url = {http://dx.doi.org/10.1109/ARES.2011.56},
  pages = {334--341},
  doi = {10.1109/ARES.2011.56}
  }

2010

• S. Rinderle-Ma and M. Leitner, “On evolving organizational models without losing control on authorization constraints in web service orchestrations,” in Proceedings of the 12th IEEE conference on commerce and enterprise computing (CEC), 2010, p. 128–135. doi:10.1109/CEC.2010.17
  [BibTeX] [Abstract] [URL] [Download PDF]
  

  Providing adequate access control is crucial for the proper execution of any Web Service ({WS)} orchestration. Typically, access rules and authorization constraints are defined for a {WS} orchestration and are resolved over an organizational model at runtime in order to find authorized users to perform orchestration tasks. As known from many practical studies, organizational models are frequently subject to change (e.g., outsourcing or restructuring). Although the effects of organizational changes on access rules have been investigated so far, their effects on authorization constraints remain still completely unclear, albeit violating authorization constraints might lead to severe problems such as security holes. In this paper, we systematically investigate the effects of organizational changes on authorization constraints and propose different strategies to cope with possible violations. We evaluate our results along the most common types of authorization constraints and discuss the impact of the selected implementation choice.

  @inproceedings{Rinderle-maL_evolving_2010,
  title = {On Evolving Organizational Models without Losing Control on Authorization Constraints in Web Service Orchestrations},
  isbn = {978-1-4244-8433-1},
  doi = {10.1109/CEC.2010.17},
  abstract = {Providing adequate access control is crucial for the proper execution of any Web Service ({WS)} orchestration. Typically, access rules and authorization constraints are defined for a {WS} orchestration and are resolved over an organizational model at runtime in order to find authorized users to perform orchestration tasks. As known from many practical studies, organizational models are frequently subject to change (e.g., outsourcing or restructuring). Although the effects of organizational changes on access rules have been investigated so far, their effects on authorization constraints remain still completely unclear, albeit violating authorization constraints might lead to severe problems such as security holes. In this paper, we systematically investigate the effects of organizational changes on authorization constraints and propose different strategies to cope with possible violations. We evaluate our results along the most common types of authorization constraints and discuss the impact of the selected implementation choice.},
  language = {English},
  booktitle = {Proceedings of the 12th {IEEE} Conference on Commerce and Enterprise Computing ({CEC)}},
  publisher = {{IEEE}},
  url = {http://dx.doi.org/10.1109/CEC.2010.17},
  author = {Rinderle-Ma, Stefanie and Leitner, Maria},
  month = nov,
  year = {2010},
  pages = {128--135}
  }