Refine
Year of publication
Document Type
- Diploma Thesis (14)
- Study Thesis (13)
- Bachelor Thesis (8)
- Doctoral Thesis (7)
- Master's Thesis (6)
- Part of Periodical (6)
Language
- German (39)
- English (14)
- Multiple languages (1)
Keywords
- Java (3)
- model-based (3)
- Autonome Fahrzeuge (2)
- BPMN (2)
- Computersimulation (2)
- Echtzeitsystem (2)
- Echtzeitsysteme (2)
- Fahrerassistenzsystem (2)
- Modellfahrzeug (2)
- Petri-Netz (2)
Institute
- Institut für Softwaretechnik (54) (remove)
Real-time operating systems for mixed-criticality systems
must support different types of software, such as
real-time applications and general purpose applications,
and, at the same time, must provide strong spatial and
temporal isolation between independent software components.
Therefore, state-of-the-art real-time operating systems
focus mainly on predictability and bounded worst-case behavior.
However, general purpose operating systems such as Linux
often feature more efficient---but less deterministic---mechanisms
that significantly improve the average execution time.
This thesis addresses the combination of the two contradicting
requirements and shows thread synchronization mechanisms
with efficient average-case behavior, but without sacrificing
predictability and worst-case behavior.
This thesis explores and evaluates the design space of fast paths
in the implementation of typical blocking synchronization
mechanisms, such as mutexes, condition variables, counting
semaphores, barriers, or message queues. The key technique here
is to avoid unnecessary system calls, as system calls have high
costs compared to other processor operations available in user
space, such as low-level atomic synchronization primitives.
In particular, the thesis explores futexes, the state-of-the-art
design for blocking synchronization mechanisms in Linux
that handles the uncontended case of thread synchronization
by using atomic operations in user space and calls into the
kernel only to suspend and wake up threads. The thesis also
proposes non-preemptive busy-waiting monitors that use an
efficient priority ceiling mechanism to prevent the lock holder
preemption problem without using system calls, and according
low-level kernel primitives to construct efficient wait and
notify operations.
The evaluation shows that the presented approaches
improve the average performance comparable
to state-of-the-art approaches in Linux.
At the same time, a worst-case timing analysis shows
that the approaches only need constant or bounded temporal
overheads at the operating system kernel level.
Exploiting these fast paths is a worthwhile approach
when designing systems that not only have to fulfill
real-time requirements, but also best-effort workloads.
Since software influences nearly every aspect of everyday life, the security of software systems is more important than ever before. The evaluation of the security of a software system still poses a significant challenge in practice, mostly due to the lack of metrics, which can map the security properties of source code onto numeric values. It is a common assumption, that the occurrence of security vulnerabilities and the quality of the software design stand in direct correlation, but there is currently no clear evidence to support this. A proof of an existing correlation could help to optimize the measurements of program security, making it possible to apply quality measurements to evaluate it. For this purpose, this work evaluates fifty open-source android applications, using three security and seven quality metrics. It also considers the correlations between the metrics. The quality metrics range from simple code metrics to high-level metrics such as object-oriented anti-patterns, which together provide a comprehensive picture of the quality. Two visibility metrics, along with a metric that computes the minimal permission request for mobile applications, were selected to illustrate the security. Using the evaluation projects, it was found that there is a clear correlation between most quality metrics. By contrast, no significant correlations were found using the security metrics. This work discusses the correlations and their causes as well as further recommendations based on the findings.
Im Rahmen dieser Diplomarbeit wird eine Datenbank-Persistenzlösung für die TGraphenbibliothek JGraLab entwickelt. Diese erlaubt das Persistieren von TGraphen in Datenbanken ausgewählter Technologien und sorgt gleichzeitig dafür, dass die Datenbankpersistenz eines TGraphen für den Benutzer transparent bleibt. Nach der Anforderungserhebung und der Recherche zur Bewertung der Tauglichkeit von bereits bestehenden Werkzeugen für dieses Projekt, wird die Anwendungsdomäne erläutert. Anschließend wird dargelegt wie die Persistierung von TGraphen mit allen ihren Eigenschaften in Datenbanken ermöglicht werden kann. Dem schließt sich der konzeptuelle Entwurf an, in dem die Details der Lösung beschrieben werden. Als nächstes wird der objektorientierte Feinentwurf zur Integration der Lösung in die TGraphenbibliothek JGraLab entwickelt, der die Grundlage der programmatischen Umsetzung bildet. Eine Anleitung zur Verwendung der Lösung und eine Bewertung des Laufzeitverhaltens der umgesetzten Implementation schließen die Arbeit ab.
Für die Entwicklung sicherer Softwaresysteme erweitert UMLsec die UML durch die Definition von Sicherheitsanforderungen, die erfüllt sein müssen. In Klassendiagrammen können Attribute und Methoden von Klassen Sicherheitseigenschaften wie secrecy oder integrity haben, auf die nicht authorisierte Klassen keinen Zugriff haben sollten. Vererbungen zwischen Klassen erzeugen eine Komplexität und werfen die Frage auf, wie man mit der Vererbung von Sicherheitseigenschaften umgehen sollte. Neben der Option in sicherheitskritischen Fällen auf Vererbungen zu verzichten, gibt es im Gebiet der objektorientierten Datenbanken bereits viele allgemeine Recherchen über die Auswirkungen von Vererbung auf die Sicherheit. Das Ziel dieser Arbeit ist es, Ähnlichkeiten und Unterschiede von der Datenbankseite und den Klassendiagrammen zu identifizieren und diese Lösungsansätze zu übertragen und zu formalisieren. Eine Implementierung des Modells evaluiert, ob die Lösungen in der Praxis anwendbar sind.
Diese Bachelorarbeit behandelt die Zusammenführung der bereits vorliegenden Winkelrekonstruktions- und Simulationskomponente und erweitert diese mit Funktionen, um die Durchführung von systematischen Tests zu ermöglichen. Hierzu wird die Übergabe von Bildern aus der Simulationskomponente an die Winkelrekonstruktionskomponente ermöglicht. Des weiteren wird eine GUI zur Testlaufsteuerung und Parameterübergabe sowie eine Datenbankanbindung zur Speicherung der verwendeten Einstellungen und erzeugter Daten angebunden. Durch die Analyse der erzeugten Daten zeigt sich eine ausreichende durchschnittliche Präzision von 0.15° und eine maximale Abweichung der einzelnen Winkel von 0.6°. Der größte Gesamtfehler beläuft sich in den Testläufen auf 0.8°. Der Einfluss von fehlerhaften Parametern hat von variable zu Variable unterschiedliche Auswirkungen. So verstärkt ein Fehler in Höhe den Messfehler um ein vielfaches mehr, als ein Fehler in der Länge der Deichsel.
Die Vorwärtsfahrt mit einem einachsigen Anhänger stellt für die meisten Fahrer keine große Schwierigkeit dar. Das Zugfahrzeug gibt die Richtung vor und der Anhänger wird mitgezogen. Jedoch ist das Rückwärtsfahren mit Anhänger für den ungeübten Fahrer oft sehr kompliziert, da die Lenkmanöver für eine bestimmte Richtungsänderung nicht intuitiv sind und ein "Umdenken" erfordern. Will man beispielsweise den Anhänger um eine Linkskurve fahren, so muss das Zugfahrzeug zunächst nach rechts gelenkt werden, damit der Anhänger linksherum geschoben wird. Schnell passieren Fehler und ein Unfall mit Sachschaden kann eine mögliche Folge sein. Besonders Fahrer, die nur gelegentlich mit einem Anhänger unterwegs sind, haben bei der Rückwärtsfahrt mit Anhänger Probleme.
In recent years, traceability has been more and more universally accepted as being a key factor for the success of software development projects. However, the multitude of different, not well-integrated taxonomies, approaches and technologies impedes the application of traceability techniques in practice. This paper presents a comprehensive view on traceability, pertaining to the whole software development process. Based on graph technology, it derives a seamless approach which combines all activities related to traceability information, namely definition, recording, identification, maintenance, retrieval, and utilization in one single conceptual framework. The presented approach is validated in the context of the ReDSeeDS-project aiming at requirements-based software reuse.
Program slicing is a technique for extracting that parts of a program which influence a previously defined, so-called slicing criterion. The latter mostly takes the form of a source code statement and a set of variables. Over the years an abundance of variants and enhancements has evolved from the original notion of a program slice. One of these developments is called chopping. A chop only contains those statements which are necessary to sustain the effects of a certain statement on another statement. Corresponding to the slicing criterion, the two statements have to be available in advance. This diploma thesis deals with the development of a service model in order to support the computation of a slice or a chop, given an original program and a slicing or chopping criterion respectively. A service model is a framework of communicating services so that each service performs a specific task within the concept of program slicing. The three main tasks, without considering further decomposition, are the mapping of program code into a representation suitable for slicing, the slicing itself and the display of the slice as code. The key benefit of service-orientation is that a service encapsulates the underlying algorithms. Hence the possibility of improving or substituting them without changing the interfaces of the related service relieves the developer of the need of adapting adjoining services. Thus, service-orientation fosters maintainability and improvability. Besides the definition of the services, this thesis also partially formally defines the data flow between them, i.e. their interfaces. It also features graph class definitions for most data structures. An accurate description of the interfaces encourages reuse, provided the services are of adequate granularity.
In dieser Arbeit wird ein zweigeteilter Regler für die Pfadverfolgung eines Modellfahrzeugs mit einachsigem Anhänger entwickelt. Darüber hinaus wird ein Beweis für die Stabilität und die Konvergenzeigenschaft der gefundenen Regelungsgesetze geliefert. Das Verfahren wird anschließend in die bestehende Steuersoftware des Versuchsfahrzeuges integriert und eine Testumgebung erstellt, um das Regelungsverfahren damit abschließend zu evaluieren.
Code package managers like Cabal track dependencies between packages. But packages rarely use the functionality that their dependencies provide. This leads to unnecessary compilation of unused parts and to speculative conflicts between package versions where there are no conflicts. In two case studies we show how relevant these two problems are. We then describe how we could avoid them by tracking dependencies not between packages but between individual code fragments.
Im Rahmen dieser Diplomarbeit wird ein TGraph-basiertes Modell-Vergleichsverfahren entwickelt. Dieses Verfahren soll eine anwendbare Berechnung von Deltas für TGraph-basierte Modelle ermöglichen. Modelle können durch TGraphen repräsentiert werden. Für die Erzeugung und Verarbeitung von TGraphen wurde am Institut für Softwaretechnik das Java Graph Laboratory, kurz JGraLab, entwickelt. Es handelt sich dabei um eine Java Klassenbibliothek, die eine hoch effiziente API zur Verarbeitung von TGraphen bereitstellt. [Ebe87, ERW08, ERSB08] Basierend auf der JGraLab API wird ein System entwickelt, das unterschiedliche Werkzeuge zur Verwaltung von Modellen bereitstellt. Der Fokus dieser Diplomarbeit liegt dabei auf der Entwicklung eines Werkzeugs, das zu zwei gegebenen TGraphen ein Delta berechnet.
Web application testing is an active research area. Garousi et al. did a systematic mapping study and classified 79 papers published between 2000-2011. However, there seems to be a lack of information exchange between the scientific community and tool developers.
This thesis systematically analyzes the field of functional, system level web application testing tools. 194 candidate tools were collected in the tool search and screened, with 23 tools being selected as foundation of this thesis. These 23 tools were systematically used to generate a feature model of the domain. The methodology to support this is an additional contribution of this thesis. It processes end user documentation of tools belonging to an examined domain and creates a feature model. The feature model gives an overview over the existing features, their alternatives and their distribution. It can be used to identify trends and problems, extraordinary features, help decision making of tool purchase or guide scientists how to focus research.
Data-minimization and fairness are fundamental data protection requirements to avoid privacy threats and discrimination. Violations of data protection requirements often result from: First, conflicts between security, data-minimization and fairness requirements. Second, data protection requirements for the organizational and technical aspects of a system that are currently dealt with separately, giving rise to misconceptions and errors. Third, hidden data correlations that might lead to influence biases against protected characteristics of individuals such as ethnicity in decision-making software. For the effective assurance of data protection needs,
it is important to avoid sources of violations right from the design modeling phase. However, a model-based approach that addresses the issues above is missing.
To handle the issues above, this thesis introduces a model-based methodology called MoPrivFair (Model-based Privacy & Fairness). MoPrivFair comprises three sub-frameworks: First, a framework that extends the SecBPMN2 approach to allow detecting conflicts between security, data-minimization and fairness requirements. Second, a framework for enforcing an integrated data-protection management throughout the development process based on a business processes model (i.e., SecBPMN2 model) and a software architecture model (i.e., UMLsec model) annotated with data protection requirements while establishing traceability. Third, the UML extension UMLfair to support individual fairness analysis and reporting discriminatory behaviors. Each of the proposed frameworks is supported by automated tool support.
We validated the applicability and usability of our conflict detection technique based on a health care management case study, and an experimental user study, respectively. Based on an air traffic management case study, we reported on the applicability of our technique for enforcing an integrated data-protection management. We validated the applicability of our individual fairness analysis technique using three case studies featuring a school management system, a delivery management system and a loan management system. The results show a promising outlook on the applicability of our proposed frameworks in real-world settings.
Probability propagation nets
(2008)
This work introduces a Petri net representation for the propagation of probabilities and likelihoods, which can be applied to probabilistic Horn abduction, fault trees, and Bayesian networks. These so-called "probability propagation nets" increase the transparency of propagation processes by integrating structural and dynamical aspects into one homogeneous representation. It is shown by means of popular examples that probability propagation nets improve the understanding of propagation processes - especially with respect to the Bayesian propagation algorithms - and thus are well suited for the analysis and diagnosis of probabilistic models. Representing fault trees with probability propagation nets transfers these possibilities to the modeling of technical systems.
This document presents a concept of a "web usage mining system". The main purpose of this work is to cover situations, in which high traffic will cause traditional approaches to collapse. Therefore, it presents several measuring methods and acquisition techniques, and provides strategies that allow pertinent storage and querying complexity even in high traffic domains.
Mapping ORM to TGraph
(2017)
Object Role Modeling (ORM) is a semantic modeling language used to describe objects and their relations amongst each other. Both objects and relations may be subject to rules or ORM constraints.
TGraphs are ordered, attributed, typed and directed graphs. The type of a TGraph and its components, the edges and vertices, is defined using the schema language graph UML (grUML), a profiled version of UML class diagrams. The goal of this thesis is to map ORM schemas to grUML schemas in order to be able to represent ORM schema instances as TGraphs.
Up to this point, the preferred representation for ORM schema instances is in form of relational tables. Though mappings from ORM schemas to relational schemas exist, those publicly available do not support most of the constraints ORM has to offer.
Constraints can be added to grUML schemas using the TGraph query language GReQL, which can efficiently check whether a TGraph validates the constraint or not. The graph library JGraLab provides efficient implementations of TGraphs and their query language GReQL and supports the generation of grUML schemas.
The first goal of this work is to perform a complete mapping from ORM schemas to grUML schemas, using GReQL to sepcify constraints. The second goal is to represent ORM instances in form of TGraphs.
This work gives an overview of ORM, TGraphs, grUML and GReQL and the theoretical mapping from ORM schemas to grUML schemas. It also describes the implementation of this mapping, deals with the representation of ORM schema instances as TGraphs and the question how grUML constraints can be validated.
Data flow models in the literature are often very fine-grained, which transfers to the data flow analysis performed on them and thus leads to a decrease in the analysis' understandability. Since a data flow model, which abstracts from the majority of implementation details of the program modeled, allows for potentially easier to understand data flow analyses, this master thesis deals with the specification and construction of a highly abstracted data flow model and the application of data flow analyses on this model. The model and the analyses performed on it have been developed in a test-driven manner, so that a wide range of possible data flow scenarios could be covered. As a concrete data flow analysis, a static security check in the form of a detection of insufficient user input sanitization has been performed. To date, there's no data flow model on a similarly high level of abstraction. The proposed solution is therefore unique and facilitates developers without expertise in data flow analysis to perform such analyses.