Files
logseq/pages/ECMFA2025-10.md
2025-06-05 22:07:12 +02:00

2.7 KiB
Raw Permalink Blame History

type:: REVIEWS tags:: year:: 2025 venue:: ECMFA full-title:: Support for model-based data sovereignty analysis date-start:: 16-01-2025 - 00:28 date-submitted:: external-links:: status:: DONE deadline-submission:: file:: parent:: todoist::

- ### [[Highlights]]
	-
- ### [[Comments]]
	- **Summary**
	  This paper proposes adopting model-based analysis techniques to ensure data sovereignty in data space systems. In particular, data security, privacy, and sovereignty requirements (outlined in the IDS-RAM  and Dataspace Protocol) are mapped with existing UMLsec checks. Two novel checks are introduced as extensions of UMLSec. The approach has been evaluated on a case study based on the European Health Data Space (EHDS).
	- **Comments**
	  I have several concerns about the paper that are mainly related to presentation and evaluation, as discussed below:
		- The methodology for mapping IDS-RAM requirements to UMLsec checks is not fully clear. For instance, the process of distinguishing in Section 3 "partial support" versus "no support" is not elaborated.
		- The evaluation relies on a case study without clarifying the research questions that the authors wanted to answer using the performed evaluation.
		- The lack of concrete examples for the UMLsec checks and their implementation is an important limitation of the paper. The paper mentions mappings to UMLsec checks but does not provide detailed explanatory examples to illustrate how these mappings are practically realized.
		- The evaluation of the proposed checks lacks depth. While the paper mentions code coverage metrics (e.g., 89.9% for the Usage Control Check), it does not explain the implications of such a result in practice. Additionally, the results of the executed check are not sufficiently contextualized.
		- The paper assumes familiarity with UMLsec and its extensions, providing minimal background on these concepts. A brief overview of UMLsec and related methodologies would enhance accessibility for a broader audience.
		- The discussion section mentions the need for future work to address granular requirements of IDS-RAM. However, the paper does not specify which requirements remain unaddressed.
		- The description of the verification process is vague. The paper mentions that UML diagrams are iteratively corrected and analyzed until all checks are successful, but the criteria and process for these corrections are not clearly defined.
- ### [[REVIEWS/Notes]]
- ### YELLOW CONCERNS
  background-color:: yellow
	- {{query (and [[ffd400]] [[ECMFA2025-10]] )}}
	  collapsed:: true
- ### ❓️Questions
	- {{query (and [[question]] [[ECMFA2025-10]] )[[question]]}}
	  query-table:: true
	  query-properties:: [:block]