Refine
Year of publication
Document Type
- Diploma Thesis (14)
- Study Thesis (13)
- Bachelor Thesis (8)
- Doctoral Thesis (7)
- Master's Thesis (6)
- Part of Periodical (6)
Language
- German (39)
- English (14)
- Multiple languages (1)
Keywords
- Java (3)
- model-based (3)
- Autonome Fahrzeuge (2)
- BPMN (2)
- Computersimulation (2)
- Echtzeitsystem (2)
- Echtzeitsysteme (2)
- Fahrerassistenzsystem (2)
- Modellfahrzeug (2)
- Petri-Netz (2)
Institute
- Institut für Softwaretechnik (54) (remove)
101worker is the modular knowledge engineering component of the 101companies project. It has developed maintainability and performance problems due to growing organically, rather than following best software design practices. This thesis lays out these problems, drafts a set of requirements for refactoring the system and then describes and analyzes the resulting implementation. The solution involves collation of scattered and redundant information, setup of unit and functional test suites and incrementalization of the bus architecture of 101worker.
Software systems have an increasing impact on our daily lives. Many systems process sensitive data or control critical infrastructure. Providing secure software is therefore inevitable. Such systems are rarely being renewed regularly due to the high costs and effort. Oftentimes, systems that were planned and implemented to be secure, become insecure because their context evolves. These systems are connected to the Internet and therefore also constantly subject to new types of attacks. The security requirements of these systems remain unchanged, while, for example, discovery of a vulnerability of an encryption algorithm previously assumed to be secure requires a change of the system design. Some security requirements cannot be checked by the system’s design but only at run time. Furthermore, the sudden discovery of a security violation requires an immediate reaction to prevent a system shutdown. Knowledge regarding security best practices, attacks, and mitigations is generally available, yet rarely integrated part of software development or covering evolution.
This thesis examines how the security of long-living software systems can be preserved taking into account the influence of context evolutions. The goal of the proposed approach, S²EC²O, is to recover the security of model-based software systems using co-evolution.
An ontology-based knowledge base is introduced, capable of managing common, as well as system-specific knowledge relevant to security. A transformation achieves the connection of the knowledge base to the UML system model. By using semantic differences, knowledge inference, and the detection of inconsistencies in the knowledge base, context knowledge evolutions are detected.
A catalog containing rules to manage and recover security requirements uses detected context evolutions to propose potential co-evolutions to the system model which reestablish the compliance with security requirements.
S²EC²O uses security annotations to link models and executable code and provides support for run-time monitoring. The adaptation of running systems is being considered as is round-trip engineering, which integrates insights from the run time into the system model.
S²EC²O is amended by prototypical tool support. This tool is used to show S²EC²O’s applicability based on a case study targeting the medical information system iTrust.
This thesis at hand contributes to the development and maintenance of long-living software systems, regarding their security. The proposed approach will aid security experts: It detects security-relevant changes to the system context, determines the impact on the system’s security and facilitates co-evolutions to recover the compliance with the security requirements.
Program slicing
(2008)
Im Rahmen dieser Diplomarbeit wird das Dienstmodell für Program Slicing, welches von Hannes Schwarz vorgestellt wurde, zu einem komponentenbasierten Referenztool weiterentwickelt und implementiert. Dieses Referenztool verwendet zum Slicen ein Referenzschema für Programmiersprachen, welches ebenfalls in dieser Arbeit eingeführt wird. Die hier eingesetzten Slicing-Verfahren basieren auf diesem Referenzschema. Somit kann das Referenztool als Grundlage zum Slicen von Quellcode in beliebigen Programmiersprachen genutzt werden, wenn das Referenzschema vorab an die Gegebenheiten dieser Sprachen angepasst wird. Exemplarisch wird in dieser Diplomarbeit ein Program Slicing Tool für C-Quellcode entwickelt. Dieses Slicing Tool basiert auf dem Referenztool, in dem es die einzelnen Komponenten des Referenztools bei Bedarf spezialisiert oder in der ursprünglichen Form übernimmt. Damit das Program Slicing Tool als Referenz gelten kann, wird in dieser Arbeit eine einfache, erweiterbare und komponentenbasierte Architektur entwickelt. Diese entsteht durch den Einsatz aktueller Prinzipien der Softwaretechnik.
Die Workshop-Reihe 'Algorithmen und Werkzeuge für Petrinetze' wurde 1994 mit dem Ziel initiiert, in der deutschsprachigen Petrinetz-Community den fachlichen Austausch und die inhaltliche Zusammenarbeit zwischen den mit der Entwicklung und Analyse von Algorithmen beschäftigten Arbeitsgruppen und den im Bereich der Implementierung von Werkzeugen tätigen Arbeitsgruppen zu fördern. Der vorliegende Sammelband enthält die Vorträge, die auf dem Workshop präsentiert worden sind. Um auch die Vorstellung von noch unfertigen Ideen oder von in Entwicklung befindlichen Werkzeugen zu ermöglichen, fand wie in den vergangenen Jahren kein formaler Begutachtungsprozess statt. Die eingereichten Beiträge wurden lediglich auf ihre Relevanz für das Workshop-Thema hin geprüft.
Probability propagation nets
(2008)
This work introduces a Petri net representation for the propagation of probabilities and likelihoods, which can be applied to probabilistic Horn abduction, fault trees, and Bayesian networks. These so-called "probability propagation nets" increase the transparency of propagation processes by integrating structural and dynamical aspects into one homogeneous representation. It is shown by means of popular examples that probability propagation nets improve the understanding of propagation processes - especially with respect to the Bayesian propagation algorithms - and thus are well suited for the analysis and diagnosis of probabilistic models. Representing fault trees with probability propagation nets transfers these possibilities to the modeling of technical systems.
Over the past few decades society’s dependence on software systems has grown significantly. These systems are utilized in nearly every matter of life today and often handle sensitive, private data. This situation has turned software security analysis into an essential and widely researched topic in the field of computer science. Researchers in this field tend to make the assumption that the quality of the software systems' code directly affects the possibility for security gaps to arise in it. Because this assumption is based on properties of the code, proving it true would mean that security assessments can be performed on software, even before a certain version of it is released. A study based on this implication has already attempted to mathematically assess the existence of such a correlation, studying it based on quality and security metric calculations. The present study builds upon that study in finding an automatic method for choosing well-fitted software projects as a sample for this correlation analysis and extends the variety of projects considered for the it. In this thesis, the automatic generation of graphical representations both for the correlations between the metrics as well as for their evolution is also introduced. With these improvements, this thesis verifies the results of the previous study with a different and broader project input. It also focuses on analyzing the correlations between the quality and security metrics to real-world vulnerability data metrics. The data is extracted and evaluated from dedicated software vulnerability information sources and serves to represent the existence of proven security weaknesses in the studied software. The study discusses some of the difficulties that arise when trying to gather such information and link it to the difference in the information contained in the repositories of the studied projects. This thesis confirms the significant influence that quality metrics have on each other. It also shows that it is important to view them together as a whole and suppose that their correlation could influence the appearance of unwanted vulnerabilities as well. One of the important conclusions I can draw from this thesis is that the visualization of metric evolution graphs, helps the understanding of the values as well as their connection to each other in a more meaningful way. It allows for better grasp of their influence on each other as opposed to only studying their correlation values. This study confirms that studying metric correlations and evolution trends can help developers improve their projects and prevent them from becoming difficult to extend and maintain, increasing the potential for good quality as well as more secure software code.
Data flow models in the literature are often very fine-grained, which transfers to the data flow analysis performed on them and thus leads to a decrease in the analysis' understandability. Since a data flow model, which abstracts from the majority of implementation details of the program modeled, allows for potentially easier to understand data flow analyses, this master thesis deals with the specification and construction of a highly abstracted data flow model and the application of data flow analyses on this model. The model and the analyses performed on it have been developed in a test-driven manner, so that a wide range of possible data flow scenarios could be covered. As a concrete data flow analysis, a static security check in the form of a detection of insufficient user input sanitization has been performed. To date, there's no data flow model on a similarly high level of abstraction. The proposed solution is therefore unique and facilitates developers without expertise in data flow analysis to perform such analyses.
Im Rahmen dieser Diplomarbeit wird erforscht, wie bestehende Tools zur Berechnung von Softwaremetriken über COBOL-Quelltexte mit den vorhandenen Entwicklerwerkzeugen der Debeka Versicherungsgruppe interoperabel gemacht werden können. Der Text richtet sich primär an Leser aus dem Bereich der Informatik. Zum Verständnis wird ein Wissensstand vergleichbar dem eines Informatikers mit abgeschlossenem Bachelorstudium oder Vordiplom vorausgesetzt.