Łukasz Cyra
Employment
Publications
Filters
total: 20
Catalog Publications
Year 2011
-
SCF - a Framework Supporting Achieving and Assessing Conformity with Standards
PublicationStandards Conformity Framework (SCF) presented in this paper encompasses methods and tools whichprovide support for application of standards and other normative documents. The approach taken focuses ondevelopment, assessment and maintenance of an electronic document which demonstrates conformity. Sucha document contains an argument structure developed in accordance with the Trust-IT methodology. Thepaper discusses details of the...
-
Support for argument structures review and assessment
PublicationArgument structures are commonly used to develop and present cases for safety, security and for other properties of systems. Such structures tend to grow excessively, which causes problems with their review and assessment. Two issues are of particular interest: (1) systematic and explicit assessment of the compelling power of an argument, and (2) communication of the result of such an assessment to relevant recipients. The paper...
Year 2008
-
A method of trust case templates to support standards conformity achievement and assessment
PublicationOsiąganie i ocena zgodności ze standardami stanowi poważne obciążenie finansowe dla współczesnych gospodarek. Pomimo znacznej wagi tego problemu, nie znalazł on jednak zadowalającego przełożenia na rozwiązania dostępne na rynku. W tej pracy zaproponowano metodę nazwaną Standards Conformity Framework (SCF), która wspiera stosowanie standardów. Jest ona oparta na spostrzeżeniu, że osiąganie i ocena zgodności ze standardem polega...
-
An approach to evaluation of arguments in trust cases
PublicationTrustworthiness of IT systems can be justified using the concept of a trust case. A trust case is an argument structure which encompasses justification and evidence supporting claimed properties of a system. It represents explicitly an expert's way of assessing that a certain object has certain properties. Trust cases can be developed collaboratively on the basis of evidence and justification of varying quality. They can be complex...
-
An integrated framework for security protocol analysis
PublicationAssurance of security protocols needs particular attention. Flaws in a protocol can devastate security of the applications that rely on it. Analysis of the protocols is difficult and it is recommended that formal methods are employed to provide for higher levels of assurance. However, the formal methods can cover only a part of the scope of the problem. It is important that the formal models are valid representations of the protocol...
-
Argument strategies and patterns of the Trust-IT framework
PublicationArtykuł dotyczy metodologicznego i narzędziowego środowiska Trust-IT wspierającego budowę dowodów zaufania (ang. trust case), a w szczególności strategii tworzenia dowodu zaufania. Strategia uzależniona jest od właściwości systemu (lub innego rozważanego obiektu), która podlega analizie w ramach dowodu zaufania. W artykule zaprezentowano dwie strategie: oparta na ryzyku i oparta na standardach oraz omówiono kilka często stosowanych...
-
Expert assessment of arguments: a method and its experimental evaluation
PublicationArgument structures are commonly used to develop and present cases for safety, security and other properties. Such argument structures tend to grow excessively. To deal with this problem, appropriate methods of their assessment are required. Two objectives are of particular interest: (1) systematic and explicit assessment of the compelling power of an argument, and (2) communication of the result of such an assessment to relevant...
-
Extending GQM by Argument Structures
PublicationEffective methods for metrics definition are of particular importance, as measurement mechanisms are indispensable in virtually any engineering discipline. The paper describes how the well known Goal-Question-Metric (GQM) method of systematic metrics derivation from measurement goals can be extended by applying argument structures. The proposed approach is called Goal-Argument-Metric (GAM). The general ideas of GQM and GAM are...
-
Representing and appraising Toulmin model arguments in trust cases
PublicationThe paper presents a Toulmin-based argument model used in trust cases, which allows to argue various properties of IT systems. Argument patterns encountered in trust cases are discussed together with some real-life examples. A method of argument appraisal is introduced together with the corresponding aggregation mechanism. Practical applications of trust cases in industrial and research projects are outlined.
-
Standards Conformity Framework in comparison with contemporary methods supporting standards application
PublicationAchieving and assessing conformity with standards and compliance with various sets of requirements generates significant costs for contemporary economies. Great deal of this is spent on fulfilment of safety and security requirements. However, standards application is not supported sufficiently by the tools available on the market. Therefore, Standards Conformity Framework (SCF) containing methods and tools which provide support...
Year 2007
-
Balancing agility and discipline in a research project
PublicationSuccessful software development requires both agility and discipline. Optimal selection of methods, however, is not an easy task. The problem becomes even more difficult for long lasting projects. Appropriate selection of methods involving skillful introduction and abandonment of certain practices in time makes the whole process dynamic. The paper presents in this context a research project which was realized in a few iterations....
-
Extending GQM by argument structures
PublicationEffective metrics definition methods are of particular importance, as measurement mechanisms are indispensable in virtually any engineering discipline. The paper describes how the well known Goal-Question-Metric (GQM) method of systematic metrics derivation from measurement goals can be extended by applying argument structures. The proposed approach is called Goal-Argument-Metric (GAM). We briefly introduce general ideas of GQM...
-
Standard Compliance Framework for effective requirements communication
PublicationStandard Compliance Framework (SCF) is a framework, which supports application of standards at the stages of achieving, assessing and maintaining the compliance. It uses Trust Case language to develop argument structures demonstrating compliance with standards. The paper presents how SCF is applied to increase effectiveness of requirements communication. Relevant mechanisms of the framework are thoroughly described referring to...
-
Supporting compliance with safety standards by trust case templates
PublicationStandard Compliance (SC) Framework presented in this paper encompasses methods and tools which provide support for application of standards. The framework is based on trust case methodology. A trust case is a data structure which represents a justification that an object (a system, an infrastructure, an organization) exhibits certain properties. It contains an argument and related evidence which support claimed properties. A trust...
-
Supporting Compliance with Security Standards by Trust Case Templates
PublicationTrust Cases are used to justify that a given object (a system, an infrastructure, an organization) exhibits certain properties. One of possible applications of trust cases is related to the processes of achieving and demonstrating the compliance with standards. A Trust Case Template derived from a given standard constitutes a skeleton of justification (encompassing evidence and argumentation) of the compliance with the standard....
-
Using argument structures to create a measurement plan
PublicationWhile planning an experiment the same question always arises: What are the goals of the experiment and which measurements are needed to demonstrate that the goals have been achieved? Deciding about the extent of raw data to be collected, the metrics to be constructed on those data and the interpretation of the metrics with respect to the assumed goals is by no means a trivial task. In this paper we show how a well known Gal-Question-Metrics...
-
Zaawansowane rozwiązania projektowe aplikacji typu Rich Internet Application
PublicationRich Internet Application (RIA) jest modelem aplikacji internetowych zyskującym w ostatnim czasie coraz większą popularność. Jednym ze sposobów jego realizacji jest paradygmat AJAX. Stosowane w nowatorski sposób, istniejące od wielu lat technologie pozwalają osiągnąć niespotykane dotąd możliwości. Wieloletnie doświadczenia programistów powodują jednak, że w aplikacjach tego typu stosuje się często rozwiązania projektowe przeznaczone...
Year 2006
-
Praca z normą Common Criteria wspomagana szablonami Trust Case
PublicationTrust Case stanowi strukturę danych zawierającą argumentację oraz związany z nią materiał dowodowy uzasadniający, że interesujący nas obiekt (system, infrastruktura, organizacja) posiada wskazane własności. Metoda jest przedmiotem intensywnych badań. Jeden z kierunków rozwoju dotyczy tworzenia szablonów oceny zgodności ze standardami. Szablon Trust Case jest odwzorowaniem wymagań zawartych w normie w strukturę drzewa dowodowego....
-
Wykorzystanie programu AutoFocus do analizy protokołów kryptograficznych
PublicationAutoFocus jest narzędziem wspomagającym wytwarzanie systemów wbudowanych charakteryzujących się wysoką niezawodnością. Artykuł prezentuje studium przypadku zastosowania narzędzia i związanej z nim metody formalnej Focus do analizy bezpieczeństwa (ang. security) protokołu tworzenia podpisu cyfrowego w środowisku rozproszonym. Zastosowana metoda formalna wykorzystana została jako ostatni etap zintegrowanej metody oceny protokołów...
-
Zastosowanie szablonów Trust Case w pracy z normą BS 7799
PublicationTrust Case stanowi strukturę danych zawierającą argumentację oraz związany z nią materiał dowodowy uzasadniający, że interesujący nas obiekt (system, infrastruktura, organizacja) posiada wskazane własności. Wykorzystanie Trust Case do analizy i uzasadniania zaufania do systemów IT jest przedmiotem aktywnych badań. Podejście to znalazło zastosowanie w stosunku do systemów związanych z bezpieczeństwem (ang. safety critical), a ostatnio...
seen 766 times