Files
logseq/pages/ECMFA2025-10.md
2025-06-05 22:07:12 +02:00

37 lines
2.7 KiB
Markdown
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
type:: [[REVIEWS]]
tags::
year:: 2025
venue:: [[ECMFA]]
full-title:: Support for model-based data sovereignty analysis
date-start:: [[16-01-2025]] - 00:28
date-submitted::
external-links::
status:: [[DONE]]
deadline-submission::
file::
parent::
todoist::
- ### [[Highlights]]
-
- ### [[Comments]]
- **Summary**
This paper proposes adopting model-based analysis techniques to ensure data sovereignty in data space systems. In particular, data security, privacy, and sovereignty requirements (outlined in the IDS-RAM  and Dataspace Protocol) are mapped with existing UMLsec checks. Two novel checks are introduced as extensions of UMLSec. The approach has been evaluated on a case study based on the European Health Data Space (EHDS).
- **Comments**
I have several concerns about the paper that are mainly related to presentation and evaluation, as discussed below:
- The methodology for mapping IDS-RAM requirements to UMLsec checks is not fully clear. For instance, the process of distinguishing in Section 3 "partial support" versus "no support" is not elaborated.
- The evaluation relies on a case study without clarifying the research questions that the authors wanted to answer using the performed evaluation.
- The lack of concrete examples for the UMLsec checks and their implementation is an important limitation of the paper. The paper mentions mappings to UMLsec checks but does not provide detailed explanatory examples to illustrate how these mappings are practically realized.
- The evaluation of the proposed checks lacks depth. While the paper mentions code coverage metrics (e.g., 89.9% for the Usage Control Check), it does not explain the implications of such a result in practice. Additionally, the results of the executed check are not sufficiently contextualized.
- The paper assumes familiarity with UMLsec and its extensions, providing minimal background on these concepts. A brief overview of UMLsec and related methodologies would enhance accessibility for a broader audience.
- The discussion section mentions the need for future work to address granular requirements of IDS-RAM. However, the paper does not specify which requirements remain unaddressed.
- The description of the verification process is vague. The paper mentions that UML diagrams are iteratively corrected and analyzed until all checks are successful, but the criteria and process for these corrections are not clearly defined.
- ### [[REVIEWS/Notes]]
- ### YELLOW CONCERNS
background-color:: yellow
- {{query (and [[ffd400]] [[ECMFA2025-10]] )}}
collapsed:: true
- ### ❓️Questions
- {{query (and [[question]] [[ECMFA2025-10]] )[[question]]}}
query-table:: true
query-properties:: [:block]