7th International Conference on
Enterprise Information Systems


Full Paper Submission: deadline passed
Position Paper Submission:
deadline passed
Author Notification:
deadline passed
Final Camera-Ready Submission and Registration:
deadline passed
Conference date:
deadline passed


Call For Papers
Doctoral Consortium
Program Committee
Keynote Lectures
Special Sessions

Paper Submission
Paper Templates
Reviewers Only

Conference Program
Local Information
Social Events

Organizing Committee
Hall of Fame

Organized by:


Co-organized by:

A tutorial is a specialized session on a particular topic, which may including or not practical training, lectured by an instructor who is an expert in that topic. The duration of tutorials can be 3 hours (half-day) with a break or 6 hours (full-day) with three breaks, including one for lunch.

 Tutorial 1
 Security patterns and secure systems design using UML

Prof. Eduardo B. Fernandez

Web Page

Download presentation

Brief Bio of Prof. Eduardo B. Fernandez

Eduardo B. Fernandez (Eduardo Fernandez-Buglioni) is a professor in the Department of Computer Science and Engineering at Florida Atlantic University in Boca Raton, Florida. He has published numerous papers on authorization models, object-oriented analysis and design, and fault-tolerant systems. He has written three books on these subjects. He has lectured all over the world at both academic and industrial meetings. He has created and taught several graduate and undergraduate courses and industrial tutorials. His current interests include patterns for object-oriented design and web services security. He holds a MS degree in Electrical Engineering from Purdue University and a Ph.D. in Computer Science from UCLA. He is a Senior Member of the IEEE, and a Member of ACM. He is an active consultant for industry, including assignments with IBM, Allied Signal, Motorola, Harris, Lucent, and others. He is also a frequent proposal reviewer for NSF.


Analysis and design patterns are well established as a convenient and reusable way to build high-quality object-oriented software. Patterns combine experience and good practices to develop basic models that can be used for new designs. Security patterns join the extensive knowledge accumulated about security with the structure provided by patterns to provide guidelines for secure system design and evaluation. We show a variety of security patterns and their use in the construction of secure systems. These patterns include Authentication, Authorization, Role-based Access Control, Firewalls, Protected Execution Environment, and others. We combine some of these patterns to build Single-Sign-On architectures, web services authorization, authorized applications, and others. We apply these patterns through a secure system development method that use different mechanisms based on a hierarchical architecture whose layers define the scope of each security mechanism. First, the possible attacks and the rights of the users are defined from extended Use Cases using a Role-Based Access Control (RBAC) model. These rights are then reflected in the conceptual class model. We then define additional security constraints that apply to distribution and concurrency aspects, as well as navigational user interfaces. In the implementation levels we select patterns, components, and languages to realize the needed functions. We use a catalog of security patterns that help defining the security mechanisms at each architectural level and at each development stage. The patterns are shown using UML models and examples are taken from out forthcoming book “Security Patterns”. Attendees will be able to understand security patterns and how can they be used to build secure systems.

In his presentation, Prof. Fernandez will address:

- Introduction
- Internet security issues---recent attacks, vulnerabilities, threats
- Object-oriented design and patterns--- need for good software engineering, analysis and design patterns
- Security models and their patterns---policies, access matrix, multilevel models, RBAC
- Relating attacks to use cases.
- Defining authorizations from use cases---nonfunctional aspects of use cases, RBAC and security policies
- Authorized conceptual model
- Secure system architectures---effect of distribution and user interfaces
- Web application servers and components---mapping RBAC to components, J2EE and .NET
- Patterns for web services, firewalls, and IDS.
- Coordination across levels---mapping of authorizations across architectural levels
- Conclusions---the future

 Tutorial 2
 Enterprise Ontology

Dr. Jan Dietz

Web Page

Download presentation

Brief Bio of Dr. Jan Dietz

Jan Dietz is Professor in Information Systems Design in the Department of Computer Science at Delft University of Technology (The Netherlands). He has designed and implemented a variety of information systems, and he has published about 200 scientific and professional papers as well as several books. He is member of IFIP WG8.1 (Design and Evaluation of Information Systems). He has been lecturer in many post graduate courses, and he has held several managerial positions in organizing these courses. Next to that he has done consultancy work in all kinds of enterprises. His core interests are in modelling, redesigning and re-engineering business processes, and in designing and engineering advanced ICT-applications to support them. In this area he has (co)supervised over 150 M.Sc.’s and 10 Ph.D.’s. His current passion is enterprise ontology and enterprise architecture. Jan Dietz is the spiritual father of DEMO (Design & Engineering Methodology for Organizations) and is co-founder of the DEMO Knowledge Center (www.demo.nl).


Managing an enterprise, (re)designing and (re)engineering an enterprise, as well as getting services from an enterprise as a client or collaborating with it as partner in a network, is far more complicated nowadays than it was in the past. These problems are rather well known, as is the role that information systems play. Their complexity can only be mastered if two conditions are fulfilled. The first is that one disposes of an appropriate theory about the ‘construction’ and ‘operation’ of enterprises. The other condition is that there are appropriate methodologies, which are based on that theory. The theory should lead to a conception of an enterprise that is coherent, comprehensive, consistent and concise, and that only contains the essence of the construction and operation of an enterprise, its deep structure, abstracted from all realisation and implementation issues. We will call such a conception an enterprise ontology. The author’s interest in enterprise ontology is motivated by the sense that a vigorous counterbalance is needed to the current dominant technocratic and bureaucratic way of thinking. As an example, the implementation of an ERP package in an enterprise may easily take several years and cost a huge amount of money. This money is partly spent to having the supplier of the package (or some intermediary company) explain how to use it, and partly to have the enterprise adapt the current way of working such that it fits the straitjacket of the ERP package. Another example is the attempt by people to get the service that companies and governmental agencies say they will get in their advertisements. Often one ends up by not having got the service but by being frustrated. In both cases the cause of the failure is that the construction and operation of these systems is completely opaque, while their being transparent is a prerequisite for solving the problems. The transparency of the operation of enterprises should be no less than a civil right already; it will become indispensable in a future cyber culture. In this tutorial a theory of enterprises is presented that offers the transparency that is needed. Next a practical method is discussed and exercised, which provides effective help in builiding enterpirse ontologies. Several example cases illustrate the notion of enterprise ontology and its practical applications.

In his presentation, Prof. Dietz will address:

- Introduction: the problems
- The notion of enterprise ontology
- The role of enterprise ontology in (re)designing business processes
- The role of enterprise ontology in (re)engineering business processes
- The
Y-theory about the construction and operation of organizations
- The DEMO methodology for developing enterprise ontologies
- Example cases and exercises
- Reflection and conslusion



Page Updated on 04-07-2005

Copyright © INSTICC