proseminar: modellbasierte ......symposium on software testing and analysis (issta '11). acm,...
Post on 01-Oct-2020
9 Views
Preview:
TRANSCRIPT
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 1
Themenvorstellung – 27. April 2017
Matthias Becker – Abteilung Softwaretechnik
PROSEMINAR: MODELLBASIERTE SOFTWAREENTWICKLUNG FÜR SOFTWARE-INTENSIVE SYSTEME
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 2
AGENDA
1. Grundlegende Anforderungen
2. Vorläufige Termine
3. Seminarrichtlinien
4. Vorstellung der Themen
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 3
Erstellen einer wissenschaftlichen Ausarbeitung
Selbständige Recherche und Ausarbeitung
Umfang von ca. 20 Seiten, geschrieben in LaTeX
Internes Peer-Review unter Seminar-Teilnehmern
Feedback und Beratung durch Wissenschaftliche Mitarbeiter
Erstellen und Präsentieren eines wissenschaftlichen Vortrags
Vortrag im Rahmen des Blockseminar (insges. 30 Minuten)
20 Minuten Zeit für den Inhalt
10 Minuten Zeit für Fragen/Diskussion
Grundlegende Anforderungen
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 4
27.04., 14 - 16 Uhr: Themenvorstellung
04.05., 14 - 16 Uhr: Themenzuordnung, Einführung in wissenschaftl. Arbeiten
Termine für Abgaben (jeweils 23:59 Uhr MESZ):
Do, 18.05. Gliederung und Literatur (Student)
Do, 08.06. Review-Version Seminararbeit (Student)
Fr, 09.06. Verteilung der Peer-Reviews (Betreuer)
Do, 15.06. Fertigstellung Peer-Review (Student)
Do, 22.06. Präsentation für Betreuer-Feedback (Student)
Do, 29.06. Feedback zur Präsentation durch Betreuer (Betreuer)
Do, 03.08. „Camera-Ready“-Version der Seminararbeit (Student)
Do, 10.08. Feedback zur Seminararbeit durch Betreuer (Betreuer)
Do, 31.08. Abgabe der finalen Seminararbeit (Student)
Präsentationen (als Blockseminar): Do, 20.07.
Vorläufige Termine
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 5
Donnerstag, 04.05., 14:00 Uhr (c.t.) in ZM1.02-48
Festlegung der Themen
Vorstellung der Seminarrichtlinien
Teilnahme ist Pflicht
Vergabe der Themen
Umfrage zu Themeninteresse: https://goo.gl/ZRQZLP
Minimierung von Konflikten, sonst First-Come, First-Served
Umfrage wird heute um 17:00 Uhr geöffnet und Mittwoch, den 03.05.,um 16 Uhr geschlossen
Seminarrichtlinien
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 6
AGENDA
1. Grundlegende Anforderungen
2. Vorläufige Termine
3. Seminarrichtlinien
4. Vorstellung der Themen
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 7
Innovationsregion Ostwestfalen-Lippe
Leitprojekte
19,7..
2009 2013
27,9%Jahres-
umsatz
(Mrd. €)
Beschäfti-
gung
94.000..
2009 2013
15,2%
Eckdaten
Einwohner: 2 Mio.
Fläche: 6.500 km²
Vitale Industrie
Maschinenbau, Elektro/Elektronik, Automobilzulieferer
Starke Marken, Hidden Champions, unabhängige Familienunternehmen
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 8
Innovationsregion Ostwestfalen-Lippe
Leitprojekte
19,7..
2009 2013
27,9%Jahres-
umsatz
(Mrd. €)
Beschäfti-
gung
94.000..
2009 2013
15,2%
Eckdaten
Einwohner: 2 Mio.
Fläche: 6.500 km²
Vitale Industrie
Maschinenbau, Elektro/Elektronik, Automobilzulieferer
Starke Marken, Hidden Champions, unabhängige Familienunternehmen
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 9
Fraunhofer IEMExpertise für intelligente technische Systeme
Fraunhofer-Einrichtung für Entwurfstechnik Mechatronik IEM
Start am 1. März 2011 als Projektgruppe für Entwurfstechnik Mechatronik des Fraunhofer IPT, Aachen
Seit 1. Januar 2017 eigenständiges Fraunhofer-Institut für Entwurfstechnik Mechatronik IEM
Derzeit 95 Mitarbeiterinnen und Mitarbeiter
Heinz Nixdorf Institut
Forschungszentrum der Universität Paderborn, gegründet 1987
Derzeit ca. 200 Mitarbeiterinnen und Mitarbeiter sowie 9 Professuren
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 10
Intelligente Technische Systeme
… interagieren mit dem Umfeld und passen
sich diesem autonom an (adaptiv),
… bewältigen auch unerwartete und vom
Entwickler nicht berücksichtigte Situationen
in einem dynamischen Umfeld (robust),
… antizipieren auf Basis von Erfahrungswissen
die künftigen Wirkungen von Einflüssen und
mögliche Zustände (vorausschauend),
… berücksichtigen das spezifische Benutzer-
verhalten (benutzungsfreundlich).
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 11
Neudefinition der industriellen Grenzen durch
intelligente technische Systeme
Internet der Dinge und Dienste
Land-
wirtschafts-
verwaltungs-
system
Wetter-
daten-
system
Saatgut-
optimie-
rungs-
system
Internet der Dinge
Ackerfräse
Mähdrescher
Land-
maschinen
System
z.B. Security
z.B. Data Analytics
Smartes, vernetztes Produkt
Smartes Produkt
Produkt
z.B. Software
z.B. Communication
Nach PORTER UND HEPPELMANN, 2014
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 12
Herausforderung in der Produktentwicklung
Internet der Dinge und Dienste
Land-
wirtschafts-
verwaltungs-
system
Wetter-
daten-
system
Saatgut-
optimie-
rungs-
system
Internet der Dinge
Ackerfräse
Mähdrescher
Land-
maschinen
SystemSmartes, vernetztes Produkt
Smartes Produkt
Produkt
Leistungsfähigkeit disziplinspezifischer Entwicklungsmethoden
Produktkomplexität
Zeit
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 13
AGENDA
1. Grundlegende Anforderungen
2. Vorläufige Termine
3. Seminarrichtlinien
4. Vorstellung der Themen
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 14
VORSTELLUNG DER THEMEN
1. Improving the Software Engineering Process
2. Safety & Security in Software Engineering
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 15
IMPROVING THE SOFTWARE ENGINEERING PROCESS
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 16
Problem:
Scenario-based specification of requirements aims to cope with the complexity of the system under development
Challenge: synthesis of a sound, generalized requirements specification from a set of scenarios
Approach:
Machine Learning is used to generalize requirement specifications from a set of positive and negative input examples
Your tasks:
Present an overview about the approach; explain the used data structure and evolutionary algorithm
Literature:[Rooijen, L. v. and Hamann, H. 2016. Requirements Specification-by-Example Using a Multi-objective Evolutionary Algorithm. In 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW), 3–9. DOI=10.1109/REW.2016.015.]
Requirements Specification-by-ExampleSupervisor: David Schmelter
Positive Examples Negative Examples
Generalized Specification
1
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 17
Problem:
Product Lines can often be configured using a wide array of options
Challenging to maintain and develop the system, as many different combinations arise
Not apparent what consequences a code change has
Approach:
Use of a configuration-aware change impact analysis to determine possible consequences of a change
Your task:
Describe the approach using an own example and highlight its advantages and limitations
Literature:
[F. Angerer, A. Grimmer, H. Prähofer, and P. Grünbacher, “Configuration-aware change impact analysis,” in Proceedings ofthe 30th IEEE/ACM International Conference on Automated Software Engineering (ASE 2015) . IEEE, 2015]
Configuration-Aware Change Impact AnalysisSupervisor: Sven Merschjohann
2
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 18
Approach:
Currently there exist different ML libraries. Each offers different set of methods for data analysis.
The focus should be on Java libraries but can include C/C++ libs
E.g. Java-ML & Deeplearning4j
Your task:
Investigate:
Benefits of using a ML library
Can they bring more value in compare to custom solution?
Potential benefits of existing libraries and their comparison
Easy to use? Performance? Scalability?
Which ML methods do they use?
Can libraries be classified in some way?
Machine Learning LibrariesSupervisor: Faruk Pasic
3
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 19
SAFETY & SECURITY IN SOFTWARE ENGINEERING
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 20
Problem:
Hosed-based Intrusion Detection Systems (HIDS) offer high visibility but sacrifice attack resistance
Network-based Intrusion Detection Systems (NIDS) offer high attack resistance at the cost of visibility
Approach:
Garfinkel and Mendel use virtual machine monitor technology to pull the IDS “outside” of the host. Hereby, they increase attack resistance while providing high visibility.
Your tasks:
Present the approach of Garfinkel and Rosenblum; focus on the measures ensuring high attack resistance and visibility
Literature:[Tal Garfinkel and Mendel Rosenblum. "A Virtual Machine Introspection Based Architecture for Intrusion Detection." In Ndss, vol. 3, no. 2003, pp. 191-206. 2003.]
Virtual Machine Introspection Based Architecture for Intrusion DetectionSupervisor: David Schubert
4
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 21
Secure network architectures in the Internet of ThingsSupervisor: Christian Stritzke
Problem:
• Connected IoT-Devices cause a drastic increase in network traffic
• A reasonable quality of service and security has to be maintained
• New network architectures and technologies have to tackle these challenges
Tasks :
• Read up on current networking technologies for IoT appliances (Wireless Sensor networks, Software-defined networking, Ad Hoc Networks)
• Find example scenarios to depict the challenges in the IoT sector
• Research and present solutions which tackle these challenges
Literatur:
O. Flauzac, C. González, A. Hachani and F. Nolot, "SDN Based Architecture for IoT and Improvement of the Security," 2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops, Gwangiu, 2015, pp. 688-693.doi: 10.1109/WAINA.2015.110URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096257&isnumber=7096097
Jiong Jin; Gubbi, J.; Tie Luo; Palaniswami, M., "Network architecture and QoS issues in the internet of things for a smart city," Communications and Information Technologies (ISCIT), 2012 International Symposium on , vol., no., pp.956,961, 2-5 Oct. 2012
5
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 22
Problem:
Developing static analyses is a complex task
Existing frameworks provide infrastructure for specifying customized analyses, but developers who want to use them are required to deeply understand the mechanisms behind static analysis
To fill this gap, researches propose methods for automatic translation of vulnerability specifications into customized static analyses
Approach:
The developer specifies a given vulnerability (e.g. SQL Injection, Buffer Overflow)
The framework translates the specification into a data flow analysis problem and scans the targeted program
Your task:
Describe and compare the approaches of Le et al. and Livshits et al.
Literature:[Wei Le and Mary Lou Soffa. 2011. Generating analyses for detecting faults in path segments. In Proceedings of the 2011 International Symposium on Software Testing and Analysis (ISSTA '11). ACM, New York, NY, USA, 320-330.][V. Benjamin Livshits and Monica S. Lam. 2005. Finding security vulnerabilities in java applications with static analysis. In Proceedings ofthe 14th conference on USENIX Security Symposium - Volume 14 (SSYM'05), Vol. 14. USENIX Association, Berkeley, CA, USA, 18-18. ][Michael Martin, Benjamin Livshits, and Monica S. Lam. 2005. Finding application errors and security flaws using PQL: a program query language. In Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications (OOPSLA '05). ACM, New York, NY, USA, 365-383.]
Translating Vulnerability Specifications into Static AnalysesSupervisor: Goran Piskachev
6
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 23
Problem:
Implementations of software evolve and are affected by constant change
…but the quality of the implementation, including the derived security, has to be ensured
Minor modification to the code easily break the complete security model
Approach:
The developer specifies constraint in the code
From the constraints a static model of the program’s behavior is build
The model is solved and potentially invalidated constraints are reported to the developer
Your task:
Describe the proposed approach and highlight its advantages and disadvantages
Literature:[Fähndrich, M.; Logozzo, F.: “Static Contract Checking with Abstract Interpretation”. Formal Verification of Object-Oriented Software -International Conference, FoVeOOS 2010, Paris, France, June 28-30, 2010][Christakis, M.; Müller, P.; Wüstholz, V.: “An Experimental Evaluation of Deliberate Unsoundness in a Static Program Analyzer”. Verification, Model Checking, and Abstract Interpretation - 16th International Conference, VMCAI 2015, Mumbai, India, January 12-14, 2015]
Static Analysis Based on User-Defined ConstraintsSupervisor: Johannes Späth
7
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 24
Problem:
The safety of software-intensive systems has to be assured
Safety measures applied during development have to be documented in a “safety case”
Creating and maintaining this safety assurance argument in parallel to development is time-consuming
Approach:
Use a model-based language to specify the safety argument in parallel tomodel-based development and improve traceability
Use argument “design patterns” and automate tedious modeling tasks
Your task:
Describe the Goal Structuring Notation, safety case patterns, and their automatic application
Literature:[KELLY, T. P.; MCDERMID, J. A.: “Safety Case Construction and Reuse Using Patterns”. In: 16th Int. Conf. on Computer Safety, Reliability, and Security (SAFECOMP 97). York, UK, 1997. DOI: 10.1007/978-1-4471-0997-6_5.][DENNEY, EWEN; PAI, GANESH: “A Formal Basis for Safety Case Patterns”. In: 32nd Int. Conf. on Computer Safety, Reliability, and Security (SAFECOMP 2013). Toulouse, France, 2013. DOI: 10.1007/978-3-642-40793-2_3.]
Pattern-Based Safety Assurance ArgumentsSupervisor: Markus Fockel
8
© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 25
Donnerstag, 04.05., 14:00 Uhr (c.t.) in ZM1.02-48
Festlegung der Themen
Vorstellung der Seminarrichtlinien
Teilnahme ist Pflicht
Vergabe der Themen
Umfrage (Optionen sehr interessiert, interessiert, nicht interessiert)
Minimierung von Konflikten, sonst First-Come, First-Served
Umfrage wird heute um 17:00 Uhr geöffnet und Mittwoch, den 03.05.,um 16 Uhr geschlossen
Seminarrichtlinien
top related