proseminar: modellbasierte ......symposium on software testing and analysis (issta '11). acm,...

© Fraunhofer IEM / Heinz Nixdorf InstitutFolie 1

Themenvorstellung – 27. April 2017

Matthias Becker – Abteilung Softwaretechnik

PROSEMINAR: MODELLBASIERTE SOFTWAREENTWICKLUNG FÜR SOFTWARE-INTENSIVE SYSTEME


AGENDA

1. Grundlegende Anforderungen

2. Vorläufige Termine

3. Seminarrichtlinien

4. Vorstellung der Themen


Erstellen einer wissenschaftlichen Ausarbeitung

Selbständige Recherche und Ausarbeitung

Umfang von ca. 20 Seiten, geschrieben in LaTeX

Internes Peer-Review unter Seminar-Teilnehmern

Feedback und Beratung durch Wissenschaftliche Mitarbeiter

Erstellen und Präsentieren eines wissenschaftlichen Vortrags

Vortrag im Rahmen des Blockseminar (insges. 30 Minuten)

20 Minuten Zeit für den Inhalt

10 Minuten Zeit für Fragen/Diskussion

Grundlegende Anforderungen


27.04., 14 - 16 Uhr: Themenvorstellung

04.05., 14 - 16 Uhr: Themenzuordnung, Einführung in wissenschaftl. Arbeiten

Termine für Abgaben (jeweils 23:59 Uhr MESZ):

Do, 18.05. Gliederung und Literatur (Student)

Do, 08.06. Review-Version Seminararbeit (Student)

Fr, 09.06. Verteilung der Peer-Reviews (Betreuer)

Do, 15.06. Fertigstellung Peer-Review (Student)

Do, 22.06. Präsentation für Betreuer-Feedback (Student)

Do, 29.06. Feedback zur Präsentation durch Betreuer (Betreuer)

Do, 03.08. „Camera-Ready“-Version der Seminararbeit (Student)

Do, 10.08. Feedback zur Seminararbeit durch Betreuer (Betreuer)

Do, 31.08. Abgabe der finalen Seminararbeit (Student)

Präsentationen (als Blockseminar): Do, 20.07.

Vorläufige Termine


Donnerstag, 04.05., 14:00 Uhr (c.t.) in ZM1.02-48

Festlegung der Themen

Vorstellung der Seminarrichtlinien

Teilnahme ist Pflicht

Vergabe der Themen

Umfrage zu Themeninteresse: https://goo.gl/ZRQZLP

Minimierung von Konflikten, sonst First-Come, First-Served

Umfrage wird heute um 17:00 Uhr geöffnet und Mittwoch, den 03.05.,um 16 Uhr geschlossen

Seminarrichtlinien

https://goo.gl/ZRQZLP


AGENDA






Innovationsregion Ostwestfalen-Lippe

Leitprojekte

19,7..

2009 2013

27,9%Jahres-

umsatz

(Mrd. €)

Beschäfti-

gung

94.000..

2009 2013

15,2%

Eckdaten

Einwohner: 2 Mio.

Fläche: 6.500 km²

Vitale Industrie

Maschinenbau, Elektro/Elektronik, Automobilzulieferer

Starke Marken, Hidden Champions, unabhängige Familienunternehmen

//upload.wikimedia.org/wikipedia/de/7/75/WAGO-Logo.svg

//upload.wikimedia.org/wikipedia/de/0/00/Harting-Logo.svg

//upload.wikimedia.org/wikipedia/commons/6/6b/Weidm%C3%BCller_Logo.jpg

//upload.wikimedia.org/wikipedia/de/5/5b/Phoenix_Contact_Logo.svg


Fraunhofer IEMExpertise für intelligente technische Systeme

Fraunhofer-Einrichtung für Entwurfstechnik Mechatronik IEM

Start am 1. März 2011 als Projektgruppe für Entwurfstechnik Mechatronik des Fraunhofer IPT, Aachen

Seit 1. Januar 2017 eigenständiges Fraunhofer-Institut für Entwurfstechnik Mechatronik IEM

Derzeit 95 Mitarbeiterinnen und Mitarbeiter

Heinz Nixdorf Institut

Forschungszentrum der Universität Paderborn, gegründet 1987

Derzeit ca. 200 Mitarbeiterinnen und Mitarbeiter sowie 9 Professuren


Intelligente Technische Systeme

… interagieren mit dem Umfeld und passen

sich diesem autonom an (adaptiv),

… bewältigen auch unerwartete und vom

Entwickler nicht berücksichtigte Situationen

in einem dynamischen Umfeld (robust),

… antizipieren auf Basis von Erfahrungswissen

die künftigen Wirkungen von Einflüssen und

mögliche Zustände (vorausschauend),

… berücksichtigen das spezifische Benutzer-

verhalten (benutzungsfreundlich).


Neudefinition der industriellen Grenzen durch

intelligente technische Systeme

Internet der Dinge und Dienste

Land-

wirtschafts-

verwaltungs-

system

Wetter-

daten-

system

Saatgut-

optimie-

rungs-

system

Internet der Dinge

Ackerfräse

Mähdrescher

Land-

maschinen

System

z.B. Security

z.B. Data Analytics

Smartes, vernetztes Produkt

Smartes Produkt

Produkt

z.B. Software

z.B. Communication

Nach PORTER UND HEPPELMANN, 2014


Herausforderung in der Produktentwicklung

Internet der Dinge und Dienste

Land-

wirtschafts-

verwaltungs-

system

Wetter-

daten-

system

Saatgut-

optimie-

rungs-

system

Internet der Dinge

Ackerfräse

Mähdrescher

Land-

maschinen

SystemSmartes, vernetztes Produkt

Smartes Produkt

Produkt

Leistungsfähigkeit disziplinspezifischer Entwicklungsmethoden

Produktkomplexität

Zeit


AGENDA






VORSTELLUNG DER THEMEN

1. Improving the Software Engineering Process

2. Safety & Security in Software Engineering


IMPROVING THE SOFTWARE ENGINEERING PROCESS


Problem:

Scenario-based specification of requirements aims to cope with the complexity of the system under development

Challenge: synthesis of a sound, generalized requirements specification from a set of scenarios

Approach:

Machine Learning is used to generalize requirement specifications from a set of positive and negative input examples

Your tasks:

Present an overview about the approach; explain the used data structure and evolutionary algorithm

Literature:[Rooijen, L. v. and Hamann, H. 2016. Requirements Specification-by-Example Using a Multi-objective Evolutionary Algorithm. In 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW), 3–9. DOI=10.1109/REW.2016.015.]

Requirements Specification-by-ExampleSupervisor: David Schmelter

Positive Examples Negative Examples

Generalized Specification

1


Problem:

Product Lines can often be configured using a wide array of options

Challenging to maintain and develop the system, as many different combinations arise

Not apparent what consequences a code change has

Approach:

Use of a configuration-aware change impact analysis to determine possible consequences of a change

Your task:

Describe the approach using an own example and highlight its advantages and limitations

Literature:

[F. Angerer, A. Grimmer, H. Prähofer, and P. Grünbacher, “Configuration-aware change impact analysis,” in Proceedings ofthe 30th IEEE/ACM International Conference on Automated Software Engineering (ASE 2015) . IEEE, 2015]

Configuration-Aware Change Impact AnalysisSupervisor: Sven Merschjohann

2


Approach:

Currently there exist different ML libraries. Each offers different set of methods for data analysis.

The focus should be on Java libraries but can include C/C++ libs

E.g. Java-ML & Deeplearning4j

Your task:

Investigate:

Benefits of using a ML library

Can they bring more value in compare to custom solution?

Potential benefits of existing libraries and their comparison

Easy to use? Performance? Scalability?

Which ML methods do they use?

Can libraries be classified in some way?

Machine Learning LibrariesSupervisor: Faruk Pasic

3


SAFETY & SECURITY IN SOFTWARE ENGINEERING


Problem:

Hosed-based Intrusion Detection Systems (HIDS) offer high visibility but sacrifice attack resistance

Network-based Intrusion Detection Systems (NIDS) offer high attack resistance at the cost of visibility

Approach:

Garfinkel and Mendel use virtual machine monitor technology to pull the IDS “outside” of the host. Hereby, they increase attack resistance while providing high visibility.

Your tasks:

Present the approach of Garfinkel and Rosenblum; focus on the measures ensuring high attack resistance and visibility

Literature:[Tal Garfinkel and Mendel Rosenblum. "A Virtual Machine Introspection Based Architecture for Intrusion Detection." In Ndss, vol. 3, no. 2003, pp. 191-206. 2003.]

Virtual Machine Introspection Based Architecture for Intrusion DetectionSupervisor: David Schubert

4


Secure network architectures in the Internet of ThingsSupervisor: Christian Stritzke

Problem:

• Connected IoT-Devices cause a drastic increase in network traffic

• A reasonable quality of service and security has to be maintained

• New network architectures and technologies have to tackle these challenges

Tasks :

• Read up on current networking technologies for IoT appliances (Wireless Sensor networks, Software-defined networking, Ad Hoc Networks)

• Find example scenarios to depict the challenges in the IoT sector

• Research and present solutions which tackle these challenges

Literatur:

O. Flauzac, C. González, A. Hachani and F. Nolot, "SDN Based Architecture for IoT and Improvement of the Security," 2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops, Gwangiu, 2015, pp. 688-693.doi: 10.1109/WAINA.2015.110URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096257&isnumber=7096097

Jiong Jin; Gubbi, J.; Tie Luo; Palaniswami, M., "Network architecture and QoS issues in the internet of things for a smart city," Communications and Information Technologies (ISCIT), 2012 International Symposium on , vol., no., pp.956,961, 2-5 Oct. 2012

5

http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096257&isnumber=7096097


Problem:

Developing static analyses is a complex task

Existing frameworks provide infrastructure for specifying customized analyses, but developers who want to use them are required to deeply understand the mechanisms behind static analysis

To fill this gap, researches propose methods for automatic translation of vulnerability specifications into customized static analyses

Approach:

The developer specifies a given vulnerability (e.g. SQL Injection, Buffer Overflow)

The framework translates the specification into a data flow analysis problem and scans the targeted program

Your task:

Describe and compare the approaches of Le et al. and Livshits et al.

Literature:[Wei Le and Mary Lou Soffa. 2011. Generating analyses for detecting faults in path segments. In Proceedings of the 2011 International Symposium on Software Testing and Analysis (ISSTA '11). ACM, New York, NY, USA, 320-330.][V. Benjamin Livshits and Monica S. Lam. 2005. Finding security vulnerabilities in java applications with static analysis. In Proceedings ofthe 14th conference on USENIX Security Symposium - Volume 14 (SSYM'05), Vol. 14. USENIX Association, Berkeley, CA, USA, 18-18. ][Michael Martin, Benjamin Livshits, and Monica S. Lam. 2005. Finding application errors and security flaws using PQL: a program query language. In Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications (OOPSLA '05). ACM, New York, NY, USA, 365-383.]

Translating Vulnerability Specifications into Static AnalysesSupervisor: Goran Piskachev

6


Problem:

Implementations of software evolve and are affected by constant change

…but the quality of the implementation, including the derived security, has to be ensured

Minor modification to the code easily break the complete security model

Approach:

The developer specifies constraint in the code

From the constraints a static model of the program’s behavior is build

The model is solved and potentially invalidated constraints are reported to the developer

Your task:

Describe the proposed approach and highlight its advantages and disadvantages

Literature:[Fähndrich, M.; Logozzo, F.: “Static Contract Checking with Abstract Interpretation”. Formal Verification of Object-Oriented Software -International Conference, FoVeOOS 2010, Paris, France, June 28-30, 2010][Christakis, M.; Müller, P.; Wüstholz, V.: “An Experimental Evaluation of Deliberate Unsoundness in a Static Program Analyzer”. Verification, Model Checking, and Abstract Interpretation - 16th International Conference, VMCAI 2015, Mumbai, India, January 12-14, 2015]

Static Analysis Based on User-Defined ConstraintsSupervisor: Johannes Späth

7


Problem:

The safety of software-intensive systems has to be assured

Safety measures applied during development have to be documented in a “safety case”

Creating and maintaining this safety assurance argument in parallel to development is time-consuming

Approach:

Use a model-based language to specify the safety argument in parallel tomodel-based development and improve traceability

Use argument “design patterns” and automate tedious modeling tasks

Your task:

Describe the Goal Structuring Notation, safety case patterns, and their automatic application

Literature:[KELLY, T. P.; MCDERMID, J. A.: “Safety Case Construction and Reuse Using Patterns”. In: 16th Int. Conf. on Computer Safety, Reliability, and Security (SAFECOMP 97). York, UK, 1997. DOI: 10.1007/978-1-4471-0997-6_5.][DENNEY, EWEN; PAI, GANESH: “A Formal Basis for Safety Case Patterns”. In: 32nd Int. Conf. on Computer Safety, Reliability, and Security (SAFECOMP 2013). Toulouse, France, 2013. DOI: 10.1007/978-3-642-40793-2_3.]

Pattern-Based Safety Assurance ArgumentsSupervisor: Markus Fockel

8


Donnerstag, 04.05., 14:00 Uhr (c.t.) in ZM1.02-48

Festlegung der Themen

Vorstellung der Seminarrichtlinien

Teilnahme ist Pflicht

Vergabe der Themen

Umfrage (Optionen sehr interessiert, interessiert, nicht interessiert)

Minimierung von Konflikten, sonst First-Come, First-Served

Umfrage wird heute um 17:00 Uhr geöffnet und Mittwoch, den 03.05.,um 16 Uhr geschlossen

Seminarrichtlinien

proseminar: modellbasierte ......symposium on software testing and analysis (issta '11). acm,...

Documents