Home  Sitemap  Kontakt 





 


TZI

---------------
 
 
Home

Publications of K. Sohr

Journal Articles

  • BIB DOI

    T. Mustafa, K. Sohr. Understanding the Implemented Access Control Policy of Android System Services with Slicing and Extended Static Checking. Int. J. Inf. Secur. August 2015; 14(4):347–366.

    @article{Mustafa:2015:UIA:2807721.2807786,
      author     = {Tanveer Mustafa and Karsten Sohr},
      numpages   = {20},
      publisher  = {Springer-Verlag},
      issue_date = {August 2015},
      doi        = {10.1007/s10207-014-0260-y},
      acmid      = {2807786},
      title      = {Understanding the Implemented Access Control Policy of Android System Services with Slicing and Extended Static Checking},
      url        = {http://dx.doi.org/10.1007/s10207-014-0260-y},
      journal    = {Int. J. Inf. Secur.},
      issn       = {1615-5262},
      number     = {4},
      month      = {August},
      volume     = {14},
      year       = {2015},
      keywords   = {Android, Extended static checking, Java Modeling Language, Slicing},
      pages      = {347--366},
      address    = {Berlin, Heidelberg},
    }
  • BIB DOI

    K. Sohr, M. Kuhlmann, M. Gogolla, H. Hu, G. Ahn. Comprehensive Two-level Analysis of Role-based Delegation and Revocation Policies with UML and OCL. Inf. Softw. Technol. December 2012; 54(12):1396–1417.

    @article{Sohr:2012:CTA:2365358.2365402,
      author     = {Karsten Sohr and Mirco Kuhlmann and Martin Gogolla and Hongxin Hu and Gail-Joon Ahn},
      numpages   = {22},
      publisher  = {Butterworth-Heinemann},
      issue_date = {December, 2012},
      doi        = {10.1016/j.infsof.2012.06.008},
      acmid      = {2365402},
      title      = {Comprehensive Two-level Analysis of Role-based Delegation and Revocation Policies with UML and OCL},
      url        = {http://dx.doi.org/10.1016/j.infsof.2012.06.008},
      journal    = {Inf. Softw. Technol.},
      issn       = {0950-5849},
      number     = {12},
      month      = {December},
      volume     = {54},
      year       = {2012},
      keywords   = {Delegation, OCL, RBAC, Revocation, UML},
      pages      = {1396--1417},
      address    = {Newton, MA, USA},
    }
  • BIB

    M. Bunke, R. Koschke, K. Sohr. Organizing Security Patterns Related to Security and Pattern Recognition Requirements. International Journal On Advances in Security July 2012; 5(1&2):46–67.

    @article{Bunke:IJOAS:2012,
      author    = {Michaela Bunke and Rainer Koschke and Karsten Sohr},
      publisher = {XPS (Xpert Publishing Services)},
      title     = {Organizing Security Patterns Related to Security and Pattern Recognition Requirements},
      journal   = {International Journal On Advances in Security},
      issn      = {1942-2636},
      number    = {1\&2},
      month     = {July},
      volume    = {5},
      year      = {2012},
      pages     = {46--67},
    }
  • BIB DOI

    K. Sohr, M. Drouineaud, G. Ahn, M. Gogolla. Analyzing and Managing Role-Based Access Control Policies. IEEE Trans. on Knowl. and Data Eng. July 2008; 20(7):924–939.

    @article{Sohr:2008:AMR:1383051.1383240,
      author     = {Karsten Sohr and Michael Drouineaud and Gail-Joon Ahn and Martin Gogolla},
      numpages   = {16},
      publisher  = {IEEE Educational Activities Department},
      issue_date = {July 2008},
      doi        = {10.1109/TKDE.2008.28},
      acmid      = {1383240},
      title      = {Analyzing and Managing Role-Based Access Control Policies},
      url        = {http://dx.doi.org/10.1109/TKDE.2008.28},
      journal    = {IEEE Trans. on Knowl. and Data Eng.},
      issn       = {1041-4347},
      number     = {7},
      month      = {July},
      volume     = {20},
      year       = {2008},
      keywords   = {Access controls, Access controls, Protection mechanisms, Protection mechanisms},
      pages      = {924--939},
      address    = {Piscataway, NJ, USA},
    }
  • BIB DOI

    K. Sohr, G. Ahn, L. Migge. Articulating and Enforcing Authorisation Policies with UML and OCL. SIGSOFT Softw. Eng. Notes May 2005; 30(4):1–7.

    @article{Sohr:2005:AEA:1082983.1083215,
      author     = {Karsten Sohr and Gail-Joon Ahn and Lars Migge},
      numpages   = {7},
      publisher  = {ACM},
      issue_date = {July 2005},
      doi        = {10.1145/1082983.1083215},
      acmid      = {1083215},
      title      = {Articulating and Enforcing Authorisation Policies with UML and OCL},
      url        = {http://doi.acm.org/10.1145/1082983.1083215},
      journal    = {SIGSOFT Softw. Eng. Notes},
      issn       = {0163-5948},
      number     = {4},
      month      = {May},
      volume     = {30},
      year       = {2005},
      pages      = {1--7},
      address    = {New York, NY, USA},
    }

Conference and Workshop Articles

  • BIB

    B. Berger, K. Sohr, R. Koschke. Automatically Extracting Threats from Extended Data Flow Diagrams. J. Caballero, E. Bodden, E. Athanasopoulos, editors, International Symposium on Engineering Secure Software and Systems: 8th International Symposium, ESSoS 2016, London, UK, April 6–8, 2016. Proceedings, Springer Verlag, 2016; 56–71.

    @inproceedings{Berger:ESSOS:16,
      author    = {Bernhard Berger and Karsten Sohr and Rainer Koschke},
      editor    = {Juan Caballero and Eric Bodden and Elias Athanasopoulos},
      publisher = {Springer Verlag},
      isbn      = {978-3-319-30806-7},
      title     = {Automatically Extracting Threats from Extended Data Flow Diagrams},
      series    = {Lecture Notes in Computer Science},
      booktitle = {International Symposium on Engineering Secure Software and Systems: 8th International Symposium, ESSoS 2016, London, UK, April 6--8, 2016. Proceedings},
      year      = {2016},
      pages     = {56--71},
    }
  • BIB DOI

    L. Hamann, K. Sohr, M. Gogolla. Monitoring Database Access Constraints with an RBAC Metamodel: A Feasibility Study. F. Piessens, J. Caballero, N. Bielova, editors, Proceedings of the 7th International Symposium on Engineering Secure Software and Systems, Springer International Publishing, 2015; 211–226. Cham.

    @inproceedings{Hamann2015,
      author    = {Lars Hamann and Karsten Sohr and Martin Gogolla},
      editor    = {Frank Piessens and Juan Caballero and Nataliia Bielova},
      publisher = {Springer International Publishing},
      doi       = {10.1007/978-3-319-15618-7_16},
      isbn      = {978-3-319-15618-7},
      title     = {Monitoring Database Access Constraints with an RBAC Metamodel: A Feasibility Study},
      url       = {http://dx.doi.org/10.1007/978-3-319-15618-7_16},
      booktitle = {Proceedings of the 7th International Symposium on Engineering Secure Software and Systems},
      address   = {Cham},
      location  = {Milan, Italy},
      year      = {2015},
      pages     = {211--226},
    }
  • BIB

    S. Bartsch, B. Berger, E. Bodden, A. Brucker, J. Heider, M. Kus, S. \"Maseberg, K. Sohr, M. Volkamer. Zertifizierte Datensicherheit für Android-Anwendungen auf Basis statischer Programmanalysen. V. Stefan, E. Weippl, editors, Sicherheit 2014 Sicherheit, Schutz und Zuverlässigkeit, volume 228 of LNI, GI, 2014; 283–291.

    @inproceedings{Bartsch:GI:2014,
      author    = {Steffen Bartsch and Bernhard Berger and Eric Bodden and Achim Brucker and Jens Heider and Mehmet Kus and S{\"o}nke Maseberg and Karsten Sohr and Melanie Volkamer},
      editor    = {Volkmar Stefan and Edgar Weippl},
      publisher = {GI},
      isbn      = {978-3-88579-622-0},
      title     = {Zertifizierte Datensicherheit f{\"u}r Android-Anwendungen auf Basis statischer Programmanalysen},
      series    = {LNI},
      booktitle = {Sicherheit 2014 Sicherheit, Schutz und Zuverl{\"a}ssigkeit},
      volume    = {228},
      year      = {2014},
      pages     = {283--291},
    }
  • BIB

    S. Bartsch, B. Berger, M. Bunke, K. Sohr. The Transitivity-of-Trust Problem in Android Application Interaction. Eighth International Conference on Availability, Reliability and Security (ARES), 2013, IEEE Computer Society Press, 2013; 291–296.

    @inproceedings{Bartsch:ARES:2013,
      author    = {Steffen Bartsch and Bernhard Berger and Michaela Bunke and Karsten Sohr},
      publisher = {IEEE Computer Society Press},
      booktitle = {Eighth International Conference on Availability, Reliability and Security (ARES), 2013},
      year      = {2013},
      pages     = {291--296},
      title     = {The Transitivity-of-Trust Problem in Android Application Interaction},
    }
  • BIB DOI

    B. Berger, K. Sohr, R. Koschke. Extracting and Analyzing the Implemented Security Architecture of Business Applications. A. Cleve, F. Ricca, M. Cerioli, editors, European Conference on Software Maintenance and Reengineering, IEEE Computer Society Press, 2013; 285–294.

    @inproceedings{berger:csmr:13,
      author    = {Bernhard Berger and Karsten Sohr and Rainer Koschke},
      editor    = {Anthony Cleve and Fillipo Ricca and Maura Cerioli},
      publisher = {IEEE Computer Society Press},
      doi       = {http://dx.doi.org/10.1109/CSMR.2013.37},
      isbn      = {978-0-7695-4948-4},
      title     = {Extracting and Analyzing the Implemented Security Architecture of Business Applications},
      booktitle = {European Conference on Software Maintenance and Reengineering},
      issn      = {1534-5351},
      year      = {2013},
      keywords  = {reverse engineering;software security;static analysis;threat modeling},
      pages     = {285--294},
    }
  • BIB DOI

    C. Rubio-Medrano, G. Ahn, K. Sohr. Verifying Access Control Properties with Design by Contract: Framework and Lessons Learned. Proceedings of the 2013 IEEE 37th Annual Computer Software and Applications Conference, IEEE Computer Society, 2013; 21–26. Washington, DC, USA.

    @inproceedings{Rubio-Medrano:2013:VAC:2546398.2546459,
      author    = {Carlos Rubio-Medrano and Gail-Joon Ahn and Karsten Sohr},
      numpages  = {6},
      publisher = {IEEE Computer Society},
      doi       = {10.1109/COMPSAC.2013.7},
      isbn      = {978-0-7695-4986-6},
      title     = {Verifying Access Control Properties with Design by Contract: Framework and Lessons Learned},
      url       = {http://dx.doi.org/10.1109/COMPSAC.2013.7},
      series    = {COMPSAC '13},
      booktitle = {Proceedings of the 2013 IEEE 37th Annual Computer Software and Applications Conference},
      acmid     = {2546459},
      year      = {2013},
      keywords  = {security, access control, formal verification},
      pages     = {21--26},
      address   = {Washington, DC, USA},
    }
  • BIB

    B. Berger, K. Sohr. An Approach to Detecting Inter-Session Data Flow Induced by Object Pooling. D. Gritzalis, S. Furnell, M. Theoharidou, editors, Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Heraklion, Crete, Greece, June 4-6, 2012. Proceedings, volume 376 of IFIP Advances in Information and Communication Technology, Springer Verlag, 2012; 25–36.

    @inproceedings{Berger:SEC:12,
      author    = {Bernhard Berger and Karsten Sohr},
      editor    = {Dimitris Gritzalis and Steven Furnell and Marianthi Theoharidou},
      publisher = {Springer Verlag},
      isbn      = {978-3-642-30435-4},
      title     = {An Approach to Detecting Inter-Session Data Flow Induced by Object Pooling},
      series    = {IFIP Advances in Information and Communication Technology},
      booktitle = {Information Security and Privacy Research - 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Heraklion, Crete, Greece, June 4-6, 2012. Proceedings},
      volume    = {376},
      year      = {2012},
      pages     = {25--36},
    }
  • BIB

    B. Berger, M. Bunke, K. Sohr. An Android Security Case Study with Bauhaus. Working Conference on Reverse Engineering, IEEE Computer Society Press, 2011; 179–183.

    @inproceedings{Berger:WCRE:11,
      author    = {Bernhard Berger and Michaela Bunke and Karsten Sohr},
      publisher = {IEEE Computer Society Press},
      booktitle = {Working Conference on Reverse Engineering},
      year      = {2011},
      pages     = {179--183},
      title     = {An Android Security Case Study with Bauhaus},
    }
  • BIB

    M. Bunke, R. Koschke, K. Sohr. Application-Domain Classification for Security Patterns. International Conferences on Pervasive Patterns and Applications (PATTERNS), XPS (Xpert Publishing Services), 2011; 138–143. IARIA Conferences.

    @inproceedings{Bunke:PATTERNS:11,
      author       = {Michaela Bunke and Rainer Koschke and Karsten Sohr},
      publisher    = {XPS (Xpert Publishing Services)},
      isbn         = {978-1-61208-158-8},
      title        = {Application-Domain Classification for Security Patterns},
      booktitle    = {International Conferences on Pervasive Patterns and Applications (PATTERNS)},
      year         = {2011},
      organization = {IARIA Conferences},
      pages        = {138--143},
    }
  • BIB

    M. Bunke, K. Sohr. An Architecture-Centric Approach to Detecting Security Patterns in Software. International Symposium on Engineering Secure Software and Systems, volume 6542 of Lecture Notes in Computer Science, Springer Verlag, 2011; 156–166.

    @inproceedings{Bunke:ESSOS:2011,
      author    = {Michaela Bunke and Karsten Sohr},
      publisher = {Springer Verlag},
      isbn      = {978-3-642-19124-4},
      title     = {An Architecture-Centric Approach to Detecting Security Patterns in Software},
      series    = {Lecture Notes in Computer Science},
      booktitle = {International Symposium on Engineering Secure Software and Systems},
      volume    = {6542},
      year      = {2011},
      pages     = {156--166},
    }
  • BIB DOI

    M. Kuhlmann, K. Sohr, M. Gogolla. Comprehensive Two-Level Analysis of Static and Dynamic RBAC Constraints with UML and OCL. Proceedings of the 2011 Fifth International Conference on Secure Software Integration and Reliability Improvement, IEEE Computer Society, 2011; 108–117. Washington, DC, USA.

    @inproceedings{Kuhlmann:2011:CTA:2061041.2061931,
      author    = {Mirco Kuhlmann and Karsten Sohr and Martin Gogolla},
      numpages  = {10},
      publisher = {IEEE Computer Society},
      doi       = {10.1109/SSIRI.2011.18},
      isbn      = {978-0-7695-4453-3},
      title     = {Comprehensive Two-Level Analysis of Static and Dynamic RBAC Constraints with UML and OCL},
      url       = {http://dx.doi.org/10.1109/SSIRI.2011.18},
      series    = {SSIRI '11},
      booktitle = {Proceedings of the 2011 Fifth International Conference on Secure Software Integration and Reliability Improvement},
      acmid     = {2061931},
      year      = {2011},
      keywords  = {RBAC, Security, Reliability, Modeling, UML/OCL, Analysis},
      pages     = {108--117},
      address   = {Washington, DC, USA},
    }
  • BIB DOI

    K. Sohr, T. Mustafa, A. Nowak. Software Security Aspects of Java-based Mobile Phones. Proceedings of the 2011 ACM Symposium on Applied Computing, ACM, 2011; 1494–1501. New York, NY, USA.

    @inproceedings{Sohr:2011:SSA:1982185.1982506,
      author    = {Karsten Sohr and Tanveer Mustafa and Adrian Nowak},
      numpages  = {8},
      publisher = {ACM},
      doi       = {10.1145/1982185.1982506},
      isbn      = {978-1-4503-0113-8},
      title     = {Software Security Aspects of Java-based Mobile Phones},
      url       = {http://doi.acm.org/10.1145/1982185.1982506},
      series    = {SAC '11},
      booktitle = {Proceedings of the 2011 ACM Symposium on Applied Computing},
      acmid     = {1982506},
      location  = {TaiChung, Taiwan},
      year      = {2011},
      keywords  = {Java security, mobile phone, static security analysis},
      pages     = {1494--1501},
      address   = {New York, NY, USA},
    }
  • BIB

    K. Sohr, B. Berger. Idea: Towards Architecture-Centric Security Analysis of Software. F. Massacci, D. Wallach, N. Zannone, editors, International Symposium on Engineering Secure Software and Systems, volume 5965 of Lecture Notes in Computer Science, Springer Verlag, 2010; 70–78.

    @inproceedings{Sohr:ESSOS:2010,
      author    = {Karsten Sohr and Bernhard Berger},
      editor    = {Fabio Massacci and Dan Wallach and Nicola Zannone},
      publisher = {Springer Verlag},
      isbn      = {978-3-642-11746-6},
      title     = {Idea: Towards Architecture-Centric Security Analysis of Software},
      series    = {Lecture Notes in Computer Science},
      booktitle = {International Symposium on Engineering Secure Software and Systems},
      volume    = {5965},
      year      = {2010},
      pages     = {70--78},
    }
  • BIB DOI

    K. Sohr, T. Mustafa, X. Bao, G. Ahn. Enforcing Role-Based Access Control Policies in Web Services with UML and OCL. Proceedings of the 2008 Annual Computer Security Applications Conference, IEEE Computer Society, 2008; 257–266. Washington, DC, USA.

    @inproceedings{Sohr:2008:ERA:1468162.1468214,
      author    = {Karsten Sohr and Tanveer Mustafa and Xinyu Bao and Gail-Joon Ahn},
      numpages  = {10},
      publisher = {IEEE Computer Society},
      doi       = {10.1109/ACSAC.2008.35},
      isbn      = {978-0-7695-3447-3},
      title     = {Enforcing Role-Based Access Control Policies in Web Services with UML and OCL},
      url       = {http://dx.doi.org/10.1109/ACSAC.2008.35},
      series    = {ACSAC '08},
      booktitle = {Proceedings of the 2008 Annual Computer Security Applications Conference},
      acmid     = {1468214},
      year      = {2008},
      pages     = {257--266},
      address   = {Washington, DC, USA},
    }
  • BIB DOI

    A. Schaad, V. Lotz, K. Sohr. A Model-checking Approach to Analysing Organisational Controls in a Loan Origination Process. Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, ACM, 2006; 139–149. New York, NY, USA.

    @inproceedings{Schaad:2006:MAA:1133058.1133079,
      author    = {Andreas Schaad and Volkmar Lotz and Karsten Sohr},
      numpages  = {11},
      publisher = {ACM},
      doi       = {10.1145/1133058.1133079},
      isbn      = {1-59593-353-0},
      title     = {A Model-checking Approach to Analysing Organisational Controls in a Loan Origination Process},
      url       = {http://doi.acm.org/10.1145/1133058.1133079},
      series    = {SACMAT '06},
      booktitle = {Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies},
      acmid     = {1133079},
      location  = {Lake Tahoe, California, USA},
      year      = {2006},
      keywords  = {delegation, model-checking, organisational control, revocation, separation},
      pages     = {139--149},
      address   = {New York, NY, USA},
    }
  • BIB DOI

    K. Sohr, G. Ahn, M. Gogolla, L. Migge. Specification and Validation of Authorisation Constraints Using UML and OCL. Proceedings of the 10th European Conference on Research in Computer Security, Springer-Verlag, 2005; 64–79. Berlin, Heidelberg.

    @inproceedings{Sohr:2005:SVA:2156732.2156737,
      author    = {Karsten Sohr and Gail-Joon Ahn and Martin Gogolla and Lars Migge},
      numpages  = {16},
      publisher = {Springer-Verlag},
      doi       = {10.1007/11555827_5},
      isbn      = {3-540-28963-1, 978-3-540-28963-0},
      title     = {Specification and Validation of Authorisation Constraints Using UML and OCL},
      url       = {http://dx.doi.org/10.1007/11555827_5},
      series    = {ESORICS'05},
      booktitle = {Proceedings of the 10th European Conference on Research in Computer Security},
      acmid     = {2156737},
      location  = {Milan, Italy},
      year      = {2005},
      pages     = {64--79},
      address   = {Berlin, Heidelberg},
    }





Arbeitsgruppe

Forschung

Lehre

Publikationen

Service

Kontakt

 

---------
BEDIENUNG
---------


SEITENINHALT DRUCKEN

LESEZEICHEN SETZEN

ENGLISH VERSION  






  SEITENANFANG
Hier geht es zur Homepage des Fachbereiches 03 der Universität Bremen Hier geht es zur Homepage der Informatik des Fachbereiches 03 der Universität Bremen Hier geht es zur Homepage der Universität Bremen