Purpose The purpose of this study is to empirically analyse the key factors that influence adoption financial technology innovation in country Germany. advancement mobile devices and their usage have increased uptake (FinTech) innovation. Financial sectors startups see FinTech as a gateway increase business opportunities, but applications other platforms must be launched explore such opportunities. Mobile application security threats tremendously become challenge for both users innovators....

Purpose The aim of this study is to encourage management boards recognize that employees play a major role in the information security. Thus, these issues need be addressed efficiently, especially organizations which data are valuable asset. Design/methodology/approach Before developing instrument for survey, first, effective measurement built upon existing literature review was identified and developed survey questionnaires were set according past studies findings based on qualitative...

Developing security-critical systems is difficult and there are many well-known examples of security weaknesses exploited in practice. Thus a sound methodology supporting secure development urgently needed.We present an extensible verification framework for verifying UML models requirements. In particular, it includes various plugins performing different analyses on the extension UMLsec UML. Here, we concentrate automated theorem prover binding to verify properties which make use...

Given the explosive growth of digitally stored information in modern enterprises, distributed systems together with search engines are increasingly used companies. By enabling user to all relevant sources one single query, however, crucial risks concerning security arise. In order make these applications secure, it is not sufficient penetrate- and-patch past system development, but analysis has be an integral part design process for such systems. This work presents experiences and results a...

Consider the problem of verifying security properties a cryptographic protocol coded in C. We propose an automatic solution that needs neither pre-existing description nor manual annotation source code. First, symbolically execute C program to obtain symbolic descriptions for network messages sent by protocol. Second, apply algebraic rewriting process calculus description. Third, run existing analyser (ProVerif) prove or find attacks. formalise our algorithm and appeal results ProVerif...

Today many software systems need to take into account security considerations. While Software Engineering has been quite successful in ensuring that satisfy non-functional requirements such as dependability, less work done wrt. requirements.In this we present a engineering method aiming facilitate secure development, which is based on an extension of UML called UMLsec.

Mobile communication systems are increasingly used in companies. In order to make these applications secure, the security analysis has be an integral part of system design and IT management process for such mobile systems. This work presents experiences results from a architecture at large German telecommunications company, by making use approach Model-based Security Engineering that is based on UML extension UMLsec. The focus lies mechanisms policies which were analyzed using UMLsec method...

According to Article 35 of the General Data Protection Regulation (GDPR), data controllers are obligated conduct a privacy impact assessment (PIA) ensure protection sensitive data. Failure properly protect may affect subjects negatively, and damage reputation processors. Existing PIA approaches cannot be easily conducted, since they mainly abstract or imprecise. Moreover, lack methodology concerning design IT systems. We propose novel support by performing model-based security analyses in...

Abstract Requirements are inherently prone to conflicts. Security, data-minimization, and fairness requirements no exception. Importantly, undetected conflicts between such can lead severe effects, including privacy infringement legal sanctions. Detecting security, is a challenging task, as context-specific their detection requires thorough understanding of the underlying business processes. For example, process may require anonymous execution task that writes data into secure storage, where...

Determining the security properties satisfied by software using cryptography is difficult: Security requirements such as secrecy, integrity and authenticity of data are notoriously hard to establish, especially in context cryptographic interactions. Nevertheless, little attention has been paid so far verification implementations with respect secure use cryptography. We propose an approach automated theorem provers for first-order logic formally verify crypto-based Java implementations, based...