Lesegruppe

In der Lesegruppe werden zweiwöchentlich wissenschaftliche Publikationen anderer Forschergruppen vorgestellt und diskutiert. Die Veranstaltung dient der Herstellung eines gemeinsamen Wissensstandes und des Austausches von Doktoranden/-innen und Betreuer/-innen. Jede/-r Teilnehmer/-in kann (und sollte) eigene Vorschläge für zu besprechende Publikationen einbringen.

Einladungslink zu Microsoft Teams

Sie können dem Team mit folgendem Link beitreten: http://connect.studium.kit.edu/teams/join/i2zwI8R58J

Link zum Team: https://teams.microsoft.com/l/team/19%3aede66f482bd94928b260e22292b8d41d%40thread.tacv2/conversations?groupId=a0cbe15d-dc9a-4162-8796-3417d585dcae&tenantId=4f5eec75-46fd-43f8-8d24-62bebd9771e5

Allgemeine Informationen

Ziel der Lesegruppe ist es, innerhalb der Gruppe einen gemeinsamen Wissenstand zu schaffen, sich bei Verständnisfragen gegenseitig zu unterstützen und einen Rahmen für organisierte und fokussierte Fachdiskussionen zu geben. Die Lesegruppe ist auch eine Hilfe für Studierende, um verwandte Arbeiten bei Abschlussarbeiten einzuordnen und zu bewerten. Hier können die Studierenden gelesene oder verwandte Publikationen vorstellen und Feedback bekommen.

Die Teilnahme interessierter Studierender ist explizit erwünscht, aber auch alle anderen Interessenten/-innen sind herzlich willkommen. Keine Angst: Die Inhalte der Publikationen werden nicht "abgefragt", müssen vorher nicht verstanden und auch nicht zwingend gelesen worden sein. Die wichtigste Einsicht in der Lesegruppe ist es, zu lernen, wie Publikationen kritisch gelesen werden, und worauf es dabei ankommt.

Der Ablauf ist immer wie folgt: In der Ankündigung (per E-Mail und hier auf der Wiki-Seite) wird der zu lesende Artikel veröffenlticht. In der Lesegruppe selbst wird der Artikel (oder in bei sehr verwandten Artikeln auch mehrere) vorgestellt (mit Fokus auf die wichtigen Stellen) und der Artikel und dazu offene Fragen diskutiert.

Das ganze soll für alle eine Veranstaltung mit geringem Mehraufwand sein:

• Nicht alle Teilnehmer müssen die relevanten Artikel bis auf das letzte Bit kennen und der Vortragende darf auch durchaus selbst offene Fragen beisteuern.
• Tipps für Vortragende

Leistungspunkte

Die Lesegruppe kann als Lehrveranstaltung mit einem ECTS-Punkt im Bereich "Überfachliche Qualifikationen" angerechnet werden. Um den Leistungspunkt zu erhalten, gibt es zwei Voraussetzungen, die beide erfüllt sein müssen:

• Teilnahme an der Lesegruppe über ein Semester (entsprechend länger, wenn nicht alle Termine regelmäßig besucht werden oder die Veranstaltung zu selten stattfindet).
• Das Vorstellen einer Publikation. Dieser Beitrag und die Diskussionsbeiträge gelten als Grundlage für die Leistungsbewertung.
• Die Lesegruppe ist eine unbenotete Studienleistung.
• Die Lesegruppe kann leider nicht für das Bachelor-Studium angerechnet werden.

Dennoch wird, gerade in Anbetracht der Vielfalt von Themen, die regelmäßige Teilnahme an Diskussionen nicht verlangt. Wer nur in aktuelle Themen hineinschnuppern möchte ohne den Leistungspunkt erhalten zu wollen, ist auch ohne eigene Beiträge jederzeit willkommen.

Meldet euch bei Interesse und Fragen beim Lesegruppen-Beauftragten, um die Details zu klären. Weitere Informationen können ebenfalls dem Modulhandbuch entnommen werden.

Termine

Die Lesegruppe findet in der Regel in ungeraden Kalenderwochen statt und beginnt in der zweiten Vorlesungswoche.

Kommende Termine

Mittwoch, 20. Oktober 2021, 12:00–13:00 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Frederik Reiche	Eintrag bearbeiten
Forschungsgruppe
Titel
Autoren
PDF
URL
BibTeX
Abstract

Um einen neuen Termin anzulegen, bitte das Datum hier eintragen:

 

Vergangene Termine

Mittwoch, 14. Juli 2021, 12:00–13:00 Uhr (Teams)

Vortragende-/r	Dirk Neumann	Eintrag bearbeiten
Forschungsgruppe	Student
Titel	A systematic literature review of cross-domain model consistency checking by model management tools
Autoren	Weslley Torres, Mark G. J. van den Brand & Alexander Serebrenik
PDF	https://link.springer.com/content/pdf/10.1007/s10270-020-00834-1.pdf
URL	https://link.springer.com/article/10.1007/s10270-020-00834-1
BibTeX	https://dblp.org/rec/journals/sosym/TorresBS21.html?view=bibtex
Abstract	Objective: The goal of this study is to identify gaps and challenges related to cross-domain model management focusing on consistency checking. Method We conducted a systematic literature review. We used the keyword-based search on Google Scholar, and we identified 618 potentially relevant studies; after applying inclusion and exclusion criteria, 96 papers were selected for further analysis. Results The main findings/contributions are: (i) a list of available tools used to support model management; (ii) 40% of the tools can provide consistency checking on models of different domains and 25% on models of the same domain, and 35% do not provide any consistency checking; (iii) available strategies to keep the consistency between models of different domains are not mature enough; (iv) most of the tools that provide consistency checking on models of different domains can only capture up to two inconsistency types; (v) the main challenges associated with tools that manage models on different domains are related to interoperability between tools and the consistency maintenance. Conclusion: The results presented in this study can be used to guide new research on maintaining the consistency between models of different domains. Example of further research is to investigate how to capture the Behavioral and Refinement inconsistency types. This study also indicates that the tools should be improved in order to address, for example, more kinds of consistency check.

Mittwoch, 30. Juni 2021, 12:00–13:00 Uhr (Teams)

Vortragende-/r	Maximilian Walter	Eintrag bearbeiten
Forschungsgruppe	SDQ
Titel	From product recommendation to cyber-attack prediction: generating attack graphs and predicting future attacks
Autoren	Nikolaos Polatidis, Elias Pimenidis, Michalis Pavlidis, Spyridon Papastergiou, Haralambos Mouratidis
PDF
URL	https://doi.org/10.1007/s12530-018-9234-z
BibTeX
Abstract	Modern information society depends on reliable functionality of information systems infrastructure, while at the same time the number of cyber-attacks has been increasing over the years and damages have been caused. Furthermore, graphs can be used to show paths than can be exploited by attackers to intrude into systems and gain unauthorized access through vulnerability exploitation. This paper presents a method that builds attack graphs using data supplied from the maritime supply chain infrastructure. The method delivers all possible paths that can be exploited to gain access. Then, a recommendation system is utilized to make predictions about future attack steps within the network. We show that recommender systems can be used in cyber defense by predicting attacks. The goal of this paper is to identify attack paths and show how a recommendation method can be used to classify future cyber-attacks in terms of risk management. The proposed method has been experimentally evaluated and validated, with the results showing that it is both practical and effective.

Mittwoch, 16. Juni 2021, 12:00–12:00 Uhr (https://teams.microsoft.com/l/team/19%3aede66f482bd94928b260e22292b8d41d%40thread.tacv2/conversations?groupId=a0cbe15d-dc9a-4162-8796-3417d585dcae&tenantId=4f5eec75-46fd-43f8-8d24-62bebd9771e5)

Vortragende-/r	Jan Keim	Eintrag bearbeiten
Forschungsgruppe	ARE
Titel	Explicit Alignment of Requirements and Architecture in Agile Development
Autoren	Sabine Molenaar, Tjerk Spijkman, Fabiano Dalpiaz, Sjaak Brinkkemper
PDF	https://link.springer.com/content/pdf/10.1007/978-3-030-44429-7.pdf
URL	https://link.springer.com/chapter/10.1007/978-3-030-44429-7 13
BibTeX	https://citation-needed.springer.com/v2/references/10.1007/978-3-030-44429-7 13?format=bibtex&flavour=citation
Abstract

Mittwoch, 2. Juni 2021, 12:00–13:00 Uhr (https://teams.microsoft.com/l/team/19%3aede66f482bd94928b260e22292b8d41d%40thread.tacv2/conversations?groupId=a0cbe15d-dc9a-4162-8796-3417d585dcae&tenantId=4f5eec75-46fd-43f8-8d24-62bebd9771e5)

Vortragende-/r	Dieser Termin fällt aus!	Eintrag bearbeiten
Forschungsgruppe
Titel
Autoren
PDF
URL
BibTeX
Abstract

Mittwoch, 19. Mai 2021, 10:30–11:30 Uhr (https://teams.microsoft.com/l/team/19%3aede66f482bd94928b260e22292b8d41d%40thread.tacv2/conversations?groupId=a0cbe15d-dc9a-4162-8796-3417d585dcae&tenantId=4f5eec75-46fd-43f8-8d24-62bebd9771e5)

Vortragende-/r	Dominik Fuchß	Eintrag bearbeiten
Forschungsgruppe	MCSE
Titel	Arrow R-CNN for handwritten diagram recognition
Autoren	Bernhard Schäfer, Margret Keuper, Heiner Stuckenschmidt
PDF	https://link.springer.com/content/pdf/10.1007/s10032-020-00361-1.pdf
URL	https://doi.org/10.1007/s10032-020-00361-1
BibTeX	https://sdqweb.ipd.kit.edu/wiki-intern/BibTeX-Eintrag/Schäfer21
Abstract	We address the problem of offline handwritten diagram recognition. Recently, it has been shown that diagram symbols can be directly recognized with deep learning object detectors. However, object detectors are not able to recognize the diagram structure.We propose Arrow R-CNN, the first deep learning system for joint symbol and structure recognition in handwritten diagrams. Arrow R-CNN extends the Faster R-CNN object detector with an arrow head and tail keypoint predictor and a diagram-aware postprocessing method. We propose a network architecture and data augmentation methods targeted at small diagram datasets. Our diagram-aware postprocessing method addresses the insufficiencies of standard Faster R-CNN postprocessing. It reconstructs a diagram from a set of symbol detections and arrow keypoints. Arrow R-CNN improves state-of-the-art substantially: on a scanned flowchart dataset, we increase the rate of recognized diagrams from 37.7 to 78.6%.

Mittwoch, 5. Mai 2021, 12:00–13:00 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Dieser Termin fällt aus!	Eintrag bearbeiten
Forschungsgruppe	ARE
Titel
Autoren
PDF
URL
BibTeX
Abstract

Mittwoch, 21. April 2021, 12:00–13:00 Uhr (https://teams.microsoft.com/l/team/19%3aede66f482bd94928b260e22292b8d41d%40thread.tacv2/conversations?groupId=a0cbe15d-dc9a-4162-8796-3417d585dcae&tenantId=4f5eec75-46fd-43f8-8d24-62bebd9771e5)

Vortragende-/r	Erik Burger	Eintrag bearbeiten
Forschungsgruppe	MDSD
Titel	Consistent change propagation within models
Autoren	Roland Kretschmer, Djamel Eddine Khelladi, Roberto Erick Lopez-Herrejon & Alexander Egyed
PDF	https://rdcu.be/ci2cS
URL	https://link.springer.com/article/10.1007/s10270-020-00823-4
BibTeX	https://dblp.org/rec/journals/sosym/KretschmerKLE21.html?view=bibtex
Abstract	Developers change models with clear intentions—e.g., for refactoring, defects removal, or evolution. However, in doing so, developers are often unaware of the consequences of their changes. Changes to one part of a model may affect other parts of the same model and/or even other models, possibly created and maintained by other developers. The consequences are incomplete changes and with it inconsistencies within or across models. Extensive works exist on detecting and repairing inconsistencies. However, the literature tends to focus on inconsistencies as errors in need of repairs rather than on incomplete changes in need of further propagation. Many changes are non-trivial and require a series of coordinated model changes. As developers start changing the model, intermittent inconsistencies arise with other parts of the model that developers have not yet changed. These inconsistencies are cues for incomplete change propagation. Resolving these inconsistencies should be done in a manner that is consistent with the original changes. We speak of consistent change propagation. This paper leverages classical inconsistency repair mechanisms to explore the vast search space of change propagation. Our approach not only suggests changes to repair a given inconsistency but also changes to repair inconsistencies caused by the aforementioned repair. In doing so, our approach follows the developer’s intent where subsequent changes may not contradict or backtrack earlier changes. We argue that consistent change propagation is essential for effective model-driven engineering. Our approach and its tool implementation were empirically assessed on 18 case studies from industry, academia, and GitHub to demonstrate its feasibility and scalability. A comparison with two versioned models shows that our approach identifies actual repair sequences that developers had chosen. Furthermore, an experiment involving 22 participants shows that our change propagation approach meets the workflow of how developers handle changes by always computing the sequence of repairs resulting from the change propagation.

Mittwoch, 10. Februar 2021, 12:00–13:00 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Sophie Schulz	Eintrag bearbeiten
Forschungsgruppe	ARE
Titel	'Think secure from the beginning': A Survey with Software Developers
Autoren	Hala Assal, Sonia Chiasson
PDF
URL	https://dl.acm.org/doi/10.1145/3290605.3300519
BibTeX
Abstract	Vulnerabilities persist despite existing software security initiatives and best practices. This paper focuses on the human factors of software security, including human behaviour and motivation. We conducted an online survey to explore the interplay between developers and software security processes, e.g., we looked into how developers influence and are influenced by these processes. Our data included responses from 123 software developers currently employed in North America who work on various types of software applications. Whereas developers are often held responsible for security vulnerabilities, our analysis shows that the real issues frequently stem from a lack of organizational or process support to handle security throughout development tasks. Our participants are self-motivated towards software security, and the majority did not dismiss it but identified obstacles to achieving secure code. Our work highlights the need to look beyond the individual, and take a holistic approach to investigate organizational issues influencing software security.

Mittwoch, 27. Januar 2021, 12:00–13:00 Uhr (Microsoft Teams)

Vortragende-/r	Yves Kirschner	Eintrag bearbeiten
Forschungsgruppe	ARE
Titel	An Empirical Study of Architectural Decay in Open-Source Software
Autoren	Duc Le, Daniel Link, Arman Shahbazian and Nenad Medvidovic
PDF	https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8417151
URL	https://doi.org/10.1109/ICSA.2018.00027
BibTeX	https://ieeexplore.ieee.org/xpl/downloadCitations?recordIds=8417151&download-format=download-bibtex&citations-format=citation-only
Abstract	Architecture is the set of principal design decisions about a software system. In practice, new architectural decisions are added and existing ones reversed or modified throughout a system's lifetime. Frequently, these decisions deviate from the architect's well-considered intent, and software systems regularly exhibit increased architectural decay as they evolve. The manifestations of such ill-considered design decisions are seen as “architectural smells”. To date, there has been no in-depth study of the characteristics or trends involving this phenomenon. Instead, when referring to architectural smells and their negative effects, both researchers and practitioners had to rely on folklore and their personal, inherently limited experience. In this paper, we report on the systematic step we have taken in investigating the nature and impact of architectural smells. We have selected a set of representative architectural smells from literature and analyzed their instances in 421 versions from 8 open-source software systems. We have (1) developed algorithms to automatically detect instances of multiple architectural smell types, and (2) analyzed relationships between the detected smells and the lists of issues reported in the systems' respective issue trackers. Our study shows that architectural smells have tangible negative consequences in the form of implementation issues as well as code commits requiring increased maintenance effort throughout a system's lifetime.

Mittwoch, 13. Januar 2021, 12:00–13:00 Uhr (MS Teams)

Vortragende-/r	Sebastian Hahner	Eintrag bearbeiten
Forschungsgruppe	QSE
Titel	Uncertainties in the modeling of self-adaptive systems: a taxonomy and an example of availability evaluation
Autoren	D. Perez-Palacin, R. Mirandola
PDF	https://dl.acm.org/doi/pdf/10.1145/2568088.2568095
URL	https://dl.acm.org/doi/10.1145/2568088.2568095
BibTeX	https://dblp.uni-trier.de/rec/conf/wosp/Perez-PalacinM14.html?view=bibtex
Abstract	The complexity of modern software systems has grown enormously in the past years with users always demanding for new features and better quality of service. Besides, software is often embedded in dynamic contexts, where requirements, environment assumptions, and usage profiles continuously change. As an answer to this need, it has been proposed the usage of self-adaptive systems. Self-adaptation endows a system with the capability to accommodate its execution to different contexts in order to achieve continuous satisfaction of requirements. Often, self-adaptation process also makes use of runtime model evaluations to decide the changes in the system. However, even at runtime, context information that can be managed by the system is not complete or accurate; i.e, it is still subject to some uncertainties. This work motivates the need for the consideration of the concept of uncertainty in the model-based evaluation as a primary actor, classifies the avowed uncertainties of self-adaptive systems, and illustrates examples of how different types of uncertainties are present in the modeling of system characteristics for availability requirement satisfaction.

Mittwoch, 16. Dezember 2020, 12:00–13:00 Uhr (Teams)

Vortragende-/r	Larissa Schmid	Eintrag bearbeiten
Forschungsgruppe	ARE
Titel	Fast Multi-Parameter Performance Modeling
Autoren	Alexandru Calotoiu, David Beckingsale, Christopher W. Earl, Torsten Hoefler, Ian Karlin, Martin Schulz, Felix Wolf
PDF	https://apps.fz-juelich.de/jsc-pubsystem/aigaion/attachments/fastmultiparam.pdf-f839eba376c6d61a8c4cab9860b6b3bf.pdf
URL	http://ieeexplore.ieee.org/document/7776507/
BibTeX	https://apps.fz-juelich.de/jsc-pubsystem/pub-webpages/general/get bibtex.php?pubid=1731
Abstract	Tuning large applications requires a clever exploration of the design and configuration space. Especially on supercomputers, this space is so large that its exhaustive traversal via performance experiments becomes too expensive, if not impossible. Manually creating analytical performance models provides insights into optimization opportunities but is extremely laborious if done for applications of realistic size. If we must consider multiple performance-relevant parameters and their possible interactions, a common requirement, this task becomes even more complex. We build on previous work on automatic scalability modeling and significantly extend it to allow insightful modeling of any combination of application execution parameters. Multi-parameter modeling has so far been outside the reach of automatic methods due to the exponential growth of the model search space. We develop a new technique to traverse the search space rapidly and generate insightful performance models that enable a wide range of uses from performance predictions for balanced machine design to performance tuning.

Mittwoch, 2. Dezember 2020, 12:00–13:00 Uhr (MS Teams)

Vortragende-/r	Daniel Zimmermann	Eintrag bearbeiten
Forschungsgruppe	AbQP
Titel	ViZDoom Competitions: Playing Doom from Pixels
Autoren	Marek Wydmuch, Michał Kempka, Wojciech Jaśkowski
PDF	https://arxiv.org/pdf/1809.03470.pdf
URL	https://arxiv.org/abs/1809.03470
BibTeX	https://dblp.uni-trier.de/rec/journals/corr/abs-1809-03470.html?view=bibtex
Abstract	This paper presents the first two editions of Visual Doom AI Competition, held in 2016 and 2017. The challenge was to create bots that compete in a multi-player deathmatch in a first-person shooter (FPS) game, Doom. The bots had to make their decisions based solely on visual information, i.e., a raw screen buffer. To play well, the bots needed to understand their surroundings, navigate, explore, and handle the opponents at the same time. These aspects, together with the competitive multi-agent aspect of the game, make the competition a unique platform for evaluating the state of the art reinforcement learning algorithms. The paper discusses the rules, solutions, results, and statistics that give insight into the agents' behaviors. Best-performing agents are described in more detail. The results of the competition lead to the conclusion that, although reinforcement learning can produce capable Doom bots, they still are not yet able to successfully compete against humans in this game. The paper also revisits the ViZDoom environment, which is a flexible, easy to use, and efficient 3D platform for research for vision-based reinforcement learning, based on a well-recognized first-person perspective game Doom.

Mittwoch, 18. November 2020, 12:00–13:00 Uhr (Teams)

Vortragende-/r	Sandro Koch	Eintrag bearbeiten
Forschungsgruppe	AbQP
Titel	A Layered Reference Architecture for Metamodels to Tailor Quality Modeling and Analysis
Autoren	Misha Strittmatter, Robert Heinrich, Ralf Reussner
PDF	http://sdqweb.ipd.kit.edu/publications/pdfs/heinrich2019a.pdf
URL	https://ieeexplore.ieee.org/document/8662719
BibTeX	https://sdq.ipd.kit.edu/fileadmin/publications/article strittmatter bib.html#heinrich2019a
Abstract	Nearly all facets of our everyday life strongly depend on software-intensive systems. Besides correctness, highly relevant quality properties of these systems include performance, as directly perceived by the user, and maintainability, as an important decision factor for evolution. These quality properties strongly depend on architectural design decisions. Hence, to ensure high quality, research and practice is interested in approaches to analyze the system architecture for quality properties. Therefore, models of the system architecture are created and used for analysis. Many different languages (often defined by metamodels) exist to model the systems and reason on their quality. Such languages are mostly specific to quality properties, tools or development paradigms. Unfortunately, the creation of a specific model for any quality property of interest and any different tool used is simply infeasible. Current metamodels for quality modeling and analysis are often not designed to be extensible and reusable. Experience from generalizing and extending metamodels result in hard to evolve and overly complex metamodels. A systematic way of creating, extending and reusing metamodels for quality modeling and analysis, or parts of them, does not exist yet. When comparing metamodels for different quality properties, however, substantial parts show quite similar language features. This leads to our approach to define the first reference architecture for metamodels for quality modeling and analysis. A reference architecture in software engineering provides a general architecture for a given application domain. In this paper, we investigate the applicability of modularization concepts from object-oriented design and the idea of a reference architecture to metamodels for quality modeling and analysis to systematically create, extend and reuse metamodel parts. Thus, the reference architecture allows to tailor metamodels. Requirements on the reference architecture are gathered from...

Mittwoch, 4. November 2020, 11:30–12:30 Uhr (Digital)

Vortragende-/r	Timur Sağlam	Eintrag bearbeiten
Forschungsgruppe	MDSD
Titel	Is automated grading of models effective? assessing automated grading of class diagrams
Autoren	Weiyi Bian, Omar Alam, Jörg Kienzle
PDF	https://dl.acm.org/doi/pdf/10.1145/3365438.3410944
URL	https://dl.acm.org/doi/abs/10.1145/3365438.3410944
BibTeX	https://dblp.org/rec/conf/models/BianAK20.html?view=bibtex
Abstract	Learning how to model the structural properties of a problem domain or an object-oriented design in the form of a class diagram is an essential learning task in many software engineering courses. Since the grading of models is a time-consuming activity, automated grading approaches have been developed to assist the instructor by speeding up the grading process, as well as ensuring consistency and fairness for large classrooms. This paper empirically evaluates the efficacy of one such automated grading approach when applied in two real world settings: a beginner undergraduate class of 103 students required to create an object-oriented design model, and an advanced undergraduate class of 89 students elaborating a domain model. The results of the experiment highlight a) the need to adapt the grading strategy and strictness to the level of the students and the grading style of the instructor, and b) the importance of considering multiple solution variants when grading. Modifications to the grading algorithm are proposed and validated experimentally.

Mittwoch, 15. Juli 2020, 11:30–12:30 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Christopher Gerking	Eintrag bearbeiten
Forschungsgruppe	MDSD
Titel	Assessing and improving the quality of security methodologies for distributed systems
Autoren	Anton V. Uzunov, Eduardo B. Fernandez, Katrina Falkner
PDF	https://doi.org/10.1002/smr.1980
URL	https://doi.org/10.1002/smr.1980
BibTeX	https://sdqweb.ipd.kit.edu/wiki/BibTeX-Eintrag/Uzunov18
Abstract	Security methodologies represent systematic approaches for introducing security attributes into a system throughout the development lifecycle. While isolated attempts have been made to demonstrate the value of particular security methodologies, the “quality” of security methodologies, as such, has never been given due consideration; indeed, it has never been studied as a self‐standing topic. The literature therefore entirely lacks supportive artifacts that can provide a basis for assessing, and hence for improving, a security methodology's quality. In this paper, we fill the aforementioned gap by proposing a comprehensive quality framework and accompanying process, within the context of an existing approach to engineering security methodologies, which can be used for both (bottom‐up) quality assessment and (top‐down) quality improvement. The main framework elements can be extended and customized to allow an essentially arbitrary range of methodology features to be considered, thus forming a basis for flexible, fine‐grained quality control. We demonstrate the bottom‐up application of the latter framework and process on three real‐life security methodologies for distributed systems, taken as case studies. Based on the assessment results, we subsequently show in detail (for one) and briefly discuss (for the remaining set) how the case study methodologies can be re‐engineered to improve their quality.

Mittwoch, 1. Juli 2020, 11:30–12:30 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Stephan Seifermann	Eintrag bearbeiten
Forschungsgruppe	AbQP
Titel	RADAR: A Lightweight Tool for Requirements and Architecture Decision Analysis
Autoren	Saheed A. Busari, Emmanuel Letier
PDF	http://www0.cs.ucl.ac.uk/staff/S.Busari/RADAR/radar icse17.pdf
URL	https://ieeexplore.ieee.org/document/7985693
BibTeX	https://dblp.uni-trier.de/rec/bib1/conf/icse/BusariL17.bib
Abstract	Uncertainty and conflicting stakeholders' objectives make many requirements and architecture decisions particularly hard. Quantitative probabilistic models allow software architects to analyse such decisions using stochastic simulation and multi-objective optimisation, but the difficulty of elaborating the models is an obstacle to the wider adoption of such techniques. To reduce this obstacle, this paper presents a novel modelling language and analysis tool, called RADAR, intended to facilitate requirements and architecture decision analysis. The language has relations to quantitative AND/OR goal models used in requirements engineering and to feature models used in software product lines. However, it simplifies such models to a minimum set of language constructs essential for decision analysis. The paper presents RADAR's modelling language, automated support for decision analysis, and evaluates its application to four real-world examples.

Mittwoch, 24. Juni 2020, 11:30–12:30 Uhr (https://global.gotomeeting.com/join/121469005)

Vortragende-/r	Emre Taşpolatoğlu	Eintrag bearbeiten
Forschungsgruppe	QSE
Titel	Reusable Formal Models for Secure Software Architectures
Autoren	Thomas Heyman, Riccardo Scandariato, Wouter Joosen
PDF	https://ieeexplore.ieee.org/document/6337760
URL	https://ieeexplore.ieee.org/document/6337760
BibTeX	https://www.researchgate.net/publication/261127603 Reusable Formal Models for Secure Software Architectures/citation/download
Abstract	Formal modelling techniques are often disregarded as their semantics are too distant from the mainstream practice of software architecture design, which is dominated by the use of component based modelling and patterns. This paper advocates the need for formal modelling techniques for humans, i.e., software architects who need to precisely ascertain the security properties of their design models. We contribute a technique that enables architects to more easily construct verified, secure architecture designs by assembling already verified security pattern models. Our approach is illustrated with a pattern language for accountability. It is validated by an observational study that shows that the approach produces reusable results, and is able to uncover relevant architectural security flaws.

Mittwoch, 3. Juni 2020, 11:30–12:30 Uhr (https://global.gotomeeting.com/join/121469005)

Vortragende-/r	Manar Mazkatli	Eintrag bearbeiten
Forschungsgruppe	ARE
Titel	Continuous software engineering: A roadmap and agenda
Autoren	Brian Fitzgerald, Klaas-Jan Stol
PDF	https://www.sciencedirect.com/science/article/pii/S0164121215001430
URL	https://www.sciencedirect.com/science/article/pii/S0164121215001430
BibTeX	https://dblp.org/rec/bibtex/journals/jss/FitzgeraldS17
Abstract	Throughout its short history, software development has been characterized by harmful disconnects between important activities such as planning, development and implementation. The problem is further exacerbated by the episodic and infrequent performance of activities such as planning, testing, integration and releases. Several emerging phenomena reflect attempts to address these problems. For example, Continuous Integration is a practice which has emerged to eliminate discontinuities between development and deployment. In a similar vein, the recent emphasis on DevOps recognizes that the integration between software development and its operational deployment needs to be a continuous one. We argue a similar continuity is required between business strategy and development, BizDev being the term we coin for this. These disconnects are even more problematic given the need for reliability and resilience in the complex and data-intensive systems being developed today. We identify a number of continuous activities which together we label as ‘Continuous *’ (i.e. Continuous Star) which we present as part of an overall roadmap for Continuous Software engineering. We argue for a continuous (but not necessarily rapid) software engineering delivery pipeline. We conclude the paper with a research agenda.

Mittwoch, 20. Mai 2020, 11:30–12:30 Uhr (https://global.gotomeeting.com/join/121469005)

Vortragende-/r	Jörg Henß	Eintrag bearbeiten
Forschungsgruppe	AbQP
Titel	A Pattern Language for Scientific Simulations.
Autoren	Susan Stepney
PDF	https://www-users.cs.york.ac.uk/susan/bib/ss/swe/cosmos12-patt.htm
URL	https://www-users.cs.york.ac.uk/susan/bib/ss/swe/cosmos12-patt.htm
BibTeX	https://sdqweb.ipd.kit.edu/wiki/BibTeX-Eintrag/Stepney12
Abstract	For computer-based simulations to be scientifically useful and scientifically credible, they need to be developed to high standards, and argued fit-for-purpose. The CoSMoS project has developed an approach to support such development, and codified its approach in a pattern language. Here we overview this pattern language, and discuss several example simulation development patterns and antipatterns.

Mittwoch, 6. Mai 2020, 11:30–12:30 Uhr (https://global.gotomeeting.com/join/121469005)

Vortragende-/r	Dominik Werle	Eintrag bearbeiten
Forschungsgruppe	ARE
Titel	Do Developers Discover New Tools On The Toilet?
Autoren	Emerson Murphy-Hill, Edward K. Smith, Caitlin Sadowski, Ciera Jaspan, Collin Winter, Matthew Jorde, Andrea Knight, Andrew Trenk, Steve Gross
PDF	https://ieeexplore.ieee.org/document/8812046
URL	https://ieeexplore.ieee.org/document/8812046
BibTeX	https://dblp.uni-trier.de/rec/bibtex/conf/icse/Murphy-HillSSJW19
Abstract	Maintaining awareness of useful tools is a substantial challenge for developers. Physical newsletters are a simple technique to inform developers about tools. In this paper, we evaluate such a technique, called Testing on the Toilet, by performing a mixed-methods case study. We first quantitatively evaluate how effective this technique is by applying statistical causal inference over six years of data about tools used by thousands of developers. We then qualitatively contextualize these results by interviewing and surveying 382 developers, from authors to editors to readers. We found that the technique was generally effective at increasing software development tool use, although the increase varied depending on factors such as the breadth of applicability of the tool, the extent to which the tool has reached saturation, and the memorability of the tool name.

Mittwoch, 22. April 2020, 11:30–12:30 Uhr (https://global.gotomeeting.com/join/121469005)

Vortragende-/r	Hamideh Hajiabadi	Eintrag bearbeiten
Forschungsgruppe	ARE
Titel	What Do Developers Ask About {ML} Libraries? {A} Large-scale Study Using Stack Overflow
Autoren	Md Johirul Islam and Hoan Anh Nguyen and Rangeet Pan and Hridesh Rajan
PDF	http://arxiv.org/abs/1906.11940
URL	http://arxiv.org/abs/1906.11940
BibTeX	https://dblp.uni-trier.de/rec/bibtex/journals/corr/abs-1906-11940
Abstract	Modern software systems are increasingly including machine learning (ML) as an integral component. However, we do not yet understand the difficulties faced by software developers when learning about ML libraries and using them within their systems. To that end, this work reports on a detailed (manual) examination of 3,243 highly-rated Q&A posts related to ten ML libraries, namely Tensorflow, Keras, scikit-learn, Weka, Caffe, Theano, MLlib, Torch, Mahout, and H2O, on Stack Overflow, a popular online technical Q&A forum. We classify these questions into seven typical stages of an ML pipeline to understand the correlation between the library and the stage. Then we study the questions and perform statistical analysis to explore the answer to four research objectives (finding the most difficult stage, understanding the nature of problems, nature of libraries and studying whether the difficulties stayed consistent over time). Our findings reveal the urgent need for software engineering (SE) research in this area. Both static and dynamic analyses are mostly absent and badly needed to help developers find errors earlier. While there has been some early research on debugging, much more work is needed. API misuses are prevalent and API design improvements are sorely needed. Last and somewhat surprisingly, a tug of war between providing higher levels of abstractions and the need to understand the behavior of the trained model is prevalent.

Mittwoch, 29. Januar 2020, 11:30–12:30 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Angelika Kaplan	Eintrag bearbeiten
Forschungsgruppe	Architecture-based Quality Prediction
Titel	A categorization scheme for software engineering conference papers and its application
Autoren	Antonia Bertolinoa, Antonello Calabròa, Francesca Lonettia, Eda Marchettia, Breno Miranda
PDF	http://isiarticles.com/bundles/Article/pre/pdf/137278.pdf
URL	https://www.sciencedirect.com/science/article/pii/S0164121217302844
BibTeX	https://sdqweb.ipd.kit.edu/wiki/BibTeX-Eintrag/Bertolinoa18
Abstract	Background: In Software Engineering (SE), conference publications have high importance both in effective communication and in academic careers. Researchers actively discuss how a paper should be organized to be accepted in mainstream conferences. Aiming: This work tackles the problem of generalizing and characterizing the type of papers accepted at SE conferences. Method: The paper offers a new perspective in the analysis of SE literature: a categorization scheme for SE papers is obtained by merging, extending and revising related proposals from a few existing studies. The categorization scheme is used to classify the papers accepted at three top-tier SE conferences during five years (2012–2016). Results: While a broader experience is certainly needed for validation and fine-tuning, preliminary outcomes can be observed relative to what problems and topics are addressed, what types of contributions are presented and how they are validated. Conclusions: The results provide insights to paper writers, paper reviewers and conference organizers in focusing their future efforts, without any intent to provide judgments or authoritative guidelines.

Mittwoch, 15. Januar 2020, 11:30–12:30 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Sebastian Hahner	Eintrag bearbeiten
Forschungsgruppe	Student
Titel	Domain-Specific Languages: A Systematic Mapping Study
Autoren	Tomaž Kosara, Sudev Bohrab, Marjan Mernika
PDF	https://www.sciencedirect.com/science/article/pii/S0950584915001858/pdfft?md5=96edbfda13341a01a1162bb798c65576&pid=1-s2.0-S0950584915001858-main.pdf
URL	https://doi.org/10.1016/j.infsof.2015.11.001
BibTeX	https://sdqweb.ipd.kit.edu/wiki/BibTeX-Eintrag/Kosara
Abstract	In this study we report on a Systematic Mapping Study (SMS) for Domain-Specific Languages (DSLs), based on an automatic search including primary studies from journals, conferences, and workshops during the period from 2006 until 2012. Objective: The main objective of the described work was to perform an SMS on DSLs to better understand the DSL research field, identify research trends, and any possible open issues. The set of research questions was inspired by a DSL survey paper published in 2005. Method: We conducted a SMS over 5 stages: defining research questions, conducting the search, screening, classifying, and data extraction. Our SMS included 1153 candidate primary studies from the ISI Web of Science and ACM Digital Library, 390 primary studies were classified after screening. Results: This SMS discusses two main research questions: research space and trends/demographics of the literature within the field of DSLs. Both research questions are further subdivided into several research sub-questions. The results from the first research question clearly show that the DSL community focuses more on the development of new techniques/methods rather than investigating the integrations of DSLs with other software engineering processes or measuring the effectiveness of DSL approaches. Furthermore, there is a clear lack of evaluation research. Amongst different DSL development phases more attention is needed in regard to domain analysis, validation, and maintenance. The second research question revealed that the number of publications remains stable, and has not increased over the years. Top cited papers and venues are mentioned, as well as identifying the more active institutions carrying DSL research. Conclusion: The statistical findings regarding research questions paint an interesting picture about the mainstreams of the DSL community, as well as open issues where researchers can improve their research in their future work.

Mittwoch, 18. Dezember 2019, 11:30–12:30 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Thomas Kühn	Eintrag bearbeiten
Forschungsgruppe	MDSD
Titel	Two papers: "Why LINQ Matters: Cloud Composability Guaranteed", and "Your Mouse is a Database".
Autoren	"Brian Beckman, Microsoft Corporation" and "Erik Meijer"
PDF	https://dl.acm.org/ft gateway.cfm?id=2169076&ftid=1186267&dwn=1 and https://dl.acm.org/ft gateway.cfm?id=2141937&ftid=1139058&dwn=1
URL	https://dl.acm.org/citation.cfm?id=2141937 and https://dl.acm.org/citation.cfm?id=2160735
BibTeX	https://sdqweb.ipd.kit.edu/wiki/BibTeX-Eintrag/Beckman12 and https://sdqweb.ipd.kit.edu/wiki/BibTeX-Eintrag/Meijer12
Abstract	"The benefits of composability are becoming clear in software engineering." and "Web and mobile applications are increasingly composed of asynchronous and realtime streaming services and push notifications."

Mittwoch, 4. Dezember 2019, 11:30–12:30 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Paul Skopnik	Eintrag bearbeiten
Forschungsgruppe	Student
Titel	Scalable Approaches for Test Suite Reduction
Autoren	Emilio Cruciani ; Breno Miranda ; Roberto Verdecchia ; Antonia Bertolino
PDF	https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8812048
URL	https://ieeexplore.ieee.org/document/8812048
BibTeX	https://sdqweb.ipd.kit.edu/wiki-intern/BibTeX-Eintrag/Cruciani2019
Abstract	Test suite reduction approaches aim at decreasing software regression testing costs by selecting a representative subset from large-size test suites. Most existing techniques are too expensive for handling modern massive systems and moreover depend on artifacts, such as code coverage metrics or specification models, that are not commonly available at large scale. We present a family of novel very efficient approaches for similarity-based test suite reduction that apply algorithms borrowed from the big data domain together with smart heuristics for finding an evenly spread subset of test cases. The approaches are very general since they only use as input the test cases themselves (test source code or command line input). We evaluate four approaches in a version that selects a fixed budget B of test cases, and also in an adequate version that does the reduction guaranteeing some fixed coverage. The results show that the approaches yield a fault detection loss comparable to state-of-the-art techniques, while providing huge gains in terms of efficiency. When applied to a suite of more than 500K real world test cases, the most efficient of the four approaches could select B test cases (for varying B values) in less than 10 seconds.

Mittwoch, 20. November 2019, 11:30–12:30 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Martina Rapp	Eintrag bearbeiten
Forschungsgruppe	AbQP
Titel	Supporting Architectural Decision Making on Data Management in Microservice Architectures
Autoren	Evangelos Ntentos, Uwe Zdun, Konstantinos Plakidas, Daniel Schall, Fei Li, Sebastian Meixner
PDF	https://link.springer.com/content/pdf/10.1007/978-3-030-29983-5 2.pdf
URL	https://doi.org/10.1007/978-3-030-29983-5 2
BibTeX	https://sdqweb.ipd.kit.edu/wiki/BibTeX-Eintrag/Ntentos2019
Abstract	Today many service-based systems follow the microservice architecture style. As microservices are used to build distributed systems and promote architecture properties such as independent service development, polyglot technology stacks including polyglot persistence, and loosely coupled dependencies, architecting data management is crucial in most microservice architectures. Many patterns and practices for microservice data management architectures have been proposed, but are today mainly informally discussed in the so-called “grey literature”: practitioner blogs, experience reports, and system documentations. As a result, the architectural knowledge is scattered across many knowledge sources that are usually based on personal experiences, inconsistent, and, when studied on their own, incomplete. In this paper we report on a qualitative, in-depth study of 35 practitioner descriptions of best practices and patterns on microservice data management architectures. Following a model-based qualitative research method, we derived a formal architecture decision model containing 325 elements and relations. Comparing the completeness of our model with an existing pattern catalog, we conclude that our architectural decision model substantially reduces the effort needed to sufficiently understand microservice data management decisions, as well as the uncertainty in the design process.

Mittwoch, 6. November 2019, 11:30–12:30 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Snigdha Singh	Eintrag bearbeiten
Forschungsgruppe	ARE
Titel	A Survey of Software Quality for MachineLearning Applications
Autoren	Satoshi Masuda, Kohichi Ono, Toshiaki Yasue, Nobuhiro HosokawaIBM Research, TokyoChuou-ku, Tokyo, Japan
PDF	https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8411764&isnumber=8411704
URL	https://ieeexplore.ieee.org/document/8411764/references#references
BibTeX	https://sdqweb.ipd.kit.edu/wiki/BibTeX-Eintrag/Masuda2018
Abstract	Machine learning (ML) is now widespread. Traditional software engineering can be applied to the development of ML applications. However, we have to consider specific problems with ML applications in terms of their quality. In this paper, we present a survey of software quality for ML applications to consider the quality of ML applications as an emerging discussion. From this survey, we raised problems with ML applications and discovered software engineering approaches and software testing research areas to solve these problems. We classified survey targets into Academic Conferences, Magazines, and Communities. We targeted 16 academic conferences on artificial intelligence and software engineering, including 78papers. We targeted 5 Magazines, including 22 papers. The results indicated key areas, such as deep learning, fault localization,and prediction, to be researched with software engineering and testing.

Mittwoch, 23. Oktober 2019, 11:30–12:30 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Emre Taşpolatoğlu	Eintrag bearbeiten
Forschungsgruppe	Quality-driven System Evolution
Titel	Bitcoin: A Peer-to-Peer Electronic Cash System
Autoren	Satoshi Nakamoto
PDF	https://bitcoin.org/bitcoin.pdf
URL	https://bitcoin.org/bitcoin.pdf
BibTeX	https://www.bibsonomy.org/bibtex/423c2cdff70ba0cd0bca55ebb164d770
Abstract	A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.

Mittwoch, 17. Juli 2019, 11:30–12:30 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Max Scheerer	Eintrag bearbeiten
Forschungsgruppe	AbQP
Titel	Software Engineering for Machine Learning: A Case Study
Autoren	Andrew Begel, Christian Bird, Robert DeLine, Harald Gall, Ece Kamar, Nachiappan Nagappan, Besmira Nushi, and Thomas Zimmermann, Amershi Saleema
PDF	https://andrewbegel.com/papers/Software Engineering for ML.pdf
URL	https://dl.acm.org/citation.cfm?id=3339967
BibTeX	https://dblp.org/rec/bibtex/conf/icse/AmershiBBDGKNN019
Abstract	Recent advances in machine learning have stimulated widespread interest within the Information Technology sector on integrating AI capabilities into software and services. This goal has forced organizations to evolve their development processes. We report on a study that we conducted on observing software teams at Microsoft as they develop AI-based applications. We consider a nine-stage workflow process informed by prior experiences developing AI applications (e.g., search and NLP) and data science tools (e.g. application diagnostics and bug reporting). We found that various Microsoft teams have united this workflow into preexisting, well-evolved, Agile-like software engineering processes, providing insights about several essential engineering challenges that organizations may face in creating large-scale AI solutions for the marketplace. We collected some best practices from Microsoft teams to address these challenges. In addition, we have identified three aspects of the AI domain that make it fundamentally different from prior software application domains: 1) discovering, managing, and versioning the data needed for machine learning applications is much more complex and difficult than other types of software engineering, 2) model customization and model reuse require very different skills than are typically found in software teams, and 3) AI components are more difficult to handle as distinct modules than traditional software components --- models may be "entangled" in complex ways and experience non-monotonic error behavior. We believe that the lessons learned by Microsoft teams will be valuable to other organizations.

Mittwoch, 3. Juli 2019, 11:30–12:30 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Dominik Fuchß	Eintrag bearbeiten
Forschungsgruppe
Titel	Improving the Consistency and Usefulness of Architecture Descriptions: Guidelines for Architects
Autoren	Rebekka Wohlrab, Ulf Eliasson, Patrizio Pelliccione, and Rogardt Heldal
PDF	https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8703919
URL	https://doi.org/10.1109/ICSA.2019.00024
BibTeX	https://ieeexplore.ieee.org/xpl/downloadCitations?recordIds=8703919&download-format=download-bibtex&citations-format=citation-only
Abstract	The need to support software architecture evolution has been well recognized, even more since the rise of agile methods. However, assuring the conformance between architecture descriptions and the implementation remains challenging. Inconsistencies emanate among multiple architecture descriptions, and between architecture descriptions and code. As a consequence, architecture descriptions are not always trusted and used to the extent that their authors wish for. In this paper, we present two surveys with 93 and 72 participants to examine architectural inconsistencies, with a focus on how they evolve over time and can be mitigated using practical guidelines. We identified the importance of capturing emerging elements to keep the architecture description consistent with the implementation, and consider the current-state and future-state architecture separately. Consequences of inconsistencies typically arise at later stages, especially if an architecture description concerns multiple teams. Our guidelines suggest to limit the upfront architecture to stable decisions, while paying attention to concerns that matter across team borders. In the ideal case, companies should aim to integrate architects into the teams to capture emerging aspects with time.

Mittwoch, 19. Juni 2019, 11:30–12:30 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Yves Kirschner	Eintrag bearbeiten
Forschungsgruppe	ARE
Titel	An Empirical Study of Architectural Decay in Open-Source Software
Autoren	Duc Le, Daniel Link, Arman Shahbazian and Nenad Medvidovic
PDF	https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8417151
URL	https://doi.org/10.1109/ICSA.2018.00027
BibTeX	https://ieeexplore.ieee.org/xpl/downloadCitations?recordIds=8417151&download-format=download-bibtex&citations-format=citation-only
Abstract	Architecture is the set of principal design decisions about a software system. In practice, new architectural decisions are added and existing ones reversed or modified throughout a system's lifetime. Frequently, these decisions deviate from the architect's well-considered intent, and software systems regularly exhibit increased architectural decay as they evolve. The manifestations of such ill-considered design decisions are seen as “architectural smells”. To date, there has been no in-depth study of the characteristics or trends involving this phenomenon. Instead, when referring to architectural smells and their negative effects, both researchers and practitioners had to rely on folklore and their personal, inherently limited experience. In this paper, we report on the systematic step we have taken in investigating the nature and impact of architectural smells. We have selected a set of representative architectural smells from literature and analyzed their instances in 421 versions from 8 open-source software systems. We have (1) developed algorithms to automatically detect instances of multiple architectural smell types, and (2) analyzed relationships between the detected smells and the lists of issues reported in the systems' respective issue trackers. Our study shows that architectural smells have tangible negative consequences in the form of implementation issues as well as code commits requiring increased maintenance effort throughout a system's lifetime.

Mittwoch, 5. Juni 2019, 11:30–12:30 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Emre Taşpolatoğlu	Eintrag bearbeiten
Forschungsgruppe	QSE
Titel	The Security Twin Peaks
Autoren	Thomas Heyman, Koen Yskout, Riccardo Scandariato, Holger Schmidt, Yijun Yu
PDF	https://link.springer.com/content/pdf/10.1007/978-3-642-19125-1 13.pdf
URL	https://link.springer.com/chapter/10.1007/978-3-642-19125-1 13
BibTeX	https://citation-needed.springer.com/v2/references/10.1007/978-3-642-19125-1 13?format=bibtex&flavour=citation
Abstract	The feedback from architectural decisions to the elaboration of requirements is an established concept in the software engineering community. However, pinpointing the nature of this feedback in a precise way is a largely open problem. Often, the feedback is generically characterized as additional qualities that might be affected by an architect’s choice. This paper provides a practical perspective on this problem by leveraging architectural security patterns. The contribution of this paper is the Security Twin Peaks model, which serves as an operational framework to co-develop security in the requirements and the architectural artifacts.

Mittwoch, 22. Mai 2019, 11:30–12:30 Uhr (Gebäude 50.34, Raum 333)

Vortragende-/r	Maximilian Walter	Eintrag bearbeiten
Forschungsgruppe	Architecture-based Quality Prediction
Titel	Privacy Requirements: Present & Future
Autoren	P. Anthonysamy and A. Rashid and R. Chitchyan
PDF	https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7961663
URL	https://ieeexplore.ieee.org/document/7961663
BibTeX	https://dblp.org/rec/bibtex/conf/icse/AnthonysamyRC17
Abstract	Software systems are increasingly open, handle largeamounts of personal or other sensitive data and are intricately linked with the daily lives of individuals and communities.This poses a range of privacy requirements. Such privacy requirements are typically treated as instances of requirements pertaining to compliance, traceability, access control, verification or usability. Though important, such approaches assume that the scope for the privacy requirements can be established a priori and that such scope does not vary drastically once the system is deployed. User data and information, however, exists in an open, hyper-connected and potentially “unbounded” environment. Furthermore, “privacy requirements – present” and “privacy requirements – future” may differ significantly as the privacy implications are often emergent a posteriori. Effective treatment of privacy requirements, therefore, requires techniques and approaches that fit with the inherent openness and fluidity of the environment through which user data and information flows. This paper surveys state of the art and presents some potential directions in the way privacy requirements should be treated. We reflect on the limitations of existing approaches with regards to unbounded privacy requirements and highlight a set of key challenges for requirements engineering research with regards to managing privacy in such unbounded settings.

Mittwoch, 8. Mai 2019, 11:15–12:15 Uhr (Gebäude 50.34, Raum 348)

Vortragende-/r	Jan Keim	Eintrag bearbeiten
Forschungsgruppe	ARE
Titel	Neural Code Comprehension: A Learnable Representation of Code Semantics
Autoren	Tal Ben-Nun, Alice Shoshana Jakobovits, Torsten Hoefler
PDF	http://papers.nips.cc/paper/7617-neural-code-comprehension-a-learnable-representation-of-code-semantics.pdf
URL	http://papers.nips.cc/paper/7617-neural-code-comprehension-a-learnable-representation-of-code-semantics
BibTeX	http://papers.nips.cc/paper/7617-neural-code-comprehension-a-learnable-representation-of-code-semantics/bibtex
Abstract	With the recent success of embeddings in natural language processing, research has been conducted into applying similar methods to code analysis. Most works attempt to process the code directly or use a syntactic tree representation, treating it like sentences written in a natural language. However, none of the existing methods are sufficient to comprehend program semantics robustly, due to structural features such as function calls, branching, and interchangeable order of statements. In this paper, we propose a novel processing technique to learn code semantics, and apply it to a variety of program analysis tasks. In particular, we stipulate that a robust distributional hypothesis of code applies to both human- and machine-generated programs. Following this hypothesis, we define an embedding space, inst2vec, based on an Intermediate Representation (IR) of the code that is independent of the source programming language. We provide a novel definition of contextual flow for this IR, leveraging both the underlying data- and control-flow of the program. We then analyze the embeddings qualitatively using analogies and clustering, and evaluate the learned representation on three different high-level tasks. We show that even without fine-tuning, a single RNN architecture and fixed inst2vec embeddings outperform specialized approaches for performance prediction (compute device mapping, optimal thread coarsening); and algorithm classification from raw code (104 classes), where we set a new state-of-the-art.

Mittwoch, 30. Januar 2019, 11:15–12:15 Uhr (Gebäude 50.34, Raum 348)

Vortragende-/r	Frederik Reiche	Eintrag bearbeiten
Forschungsgruppe
Titel	Automated software architecture security risk analysis using formalized signatures
Autoren	Mohamed Almorsy, John Grundy, and Amani S. Ibrahim
PDF	https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6606612
URL	https://dl.acm.org/citation.cfm?id=2486875
BibTeX	https://dl.acm.org/downformats.cfm?id=2486875&parent id=2486788&expformat=bibtex
Abstract	Reviewing software system architecture to pinpoint potential security flaws before proceeding with system development is a critical milestone in secure software development lifecycles. This includes identifying possible attacks or threat scenarios that target the system and may result in breaching of system security. Additionally we may also assess the strength of the system and its security architecture using well-known security metrics such as system attack surface, Compartmentalization, least-privilege, etc. However, existing efforts are limited to specific, predefined security properties or scenarios that are checked either manually or using limited toolsets. We introduce a new approach to support architecture security analysis using security scenarios and metrics. Our approach is based on formalizing attack scenarios and security metrics signature specification using the Object Constraint Language (OCL). Using formal signatures we analyse a target system to locate signature matches (for attack scenarios), or to take measurements (for security metrics). New scenarios and metrics can be incorporated and calculated provided that a formal signature can be specified. Our approach supports defining security metrics and scenarios at architecture, design, and code levels. We have developed a prototype software system architecture security analysis tool. To the best of our knowledge this is the first extensible architecture security risk analysis tool that supports both metric-based and scenario-based architecture security analysis. We have validated our approach by using it to capture and evaluate signatures from the NIST security principals and attack scenarios defined in the CAPEC database.

Mittwoch, 16. Januar 2019, 11:15–12:15 Uhr (Gebäude 50.34, Raum 348)

Vortragende-/r	Nico Kopp	Eintrag bearbeiten
Forschungsgruppe	MDSD
Titel	Verification of Safety
Autoren	N.G.Leveson
PDF
URL	https://doi.org/10.1016/S1474-6670(17)61779-8
BibTeX
Abstract	Safety has often been equated with reliability and robustness. However, safety needs to be treated as a separate and important system quality. In this paper, software safety is distinguished from these other qualities and formally defined. The paper also examines the possibility of using three different verification approaches - state machines, temporal logic, and fault trees - to verify software safety.

Mittwoch, 19. Dezember 2018, 11:15–12:15 Uhr (Gebäude 50.34, Raum 348)

Vortragende-/r	Erik Burger	Eintrag bearbeiten
Forschungsgruppe	MDSD
Titel	Model-driven performance prediction of systems of systems
Autoren	Katrina Falkner, Claudia Szabo, Vanea Chiprianov, Gavin Puddy, Marianne Rieckmann, Dan Fraser, Cathlyn Aston
PDF	https://link.springer.com/content/pdf/10.1007/s10270-016-0547-8.pdf
URL	https://link.springer.com/article/10.1007/s10270-016-0547-8
BibTeX	https://citation-needed.springer.com/v2/references/10.1007/s10270-016-0547-8?format=bibtex&flavour=citation
Abstract	Systems of systems exhibit characteristics that pose difficulty in modelling and predicting their overall performance capabilities, including the presence of operational independence, emergent behaviour, and evolutionary development. When considering systems of systems within the autonomous defence systems context, these aspects become increasingly critical, as constraints on the performance of the final system are typically driven by hard constraints on space, weight and power. System execution modelling languages and tools permit early prediction of the performance of model-driven systems; however, the focus to date has been on understanding the performance of a model rather than determining whether it meets performance requirements, and only subsequently carrying out analysis to reveal the causes of any requirement violations. Moreover, such an analysis is even more difficult when applied to several systems cooperating to achieve a common goal—a system of systems. In this article, we propose an integrated approach to performance prediction of model-driven real-time embedded defence systems and systems of systems. Our architectural prototyping system supports a scenario-driven experimental platform for evaluating model suitability within a set of deployment and real-time performance constraints. We present an overview of our performance prediction system, demonstrating the integration of modelling, execution and performance analysis, and discuss a case study to illustrate our approach.

Mittwoch, 5. Dezember 2018, 11:15–12:15 Uhr (Gebäude 50.34, Raum 348)

Vortragende-/r	Sebastian Krach	Eintrag bearbeiten
Forschungsgruppe	ABQP
Titel	A functional reference architecture for autonomous driving
Autoren	Sagar Behere and Martin Törngren
PDF
URL	https://doi.org/10.1016/j.infsof.2015.12.008.
BibTeX
Abstract	Context As autonomous driving technology matures toward series production, it is necessary to take a deeper look at various aspects of electrical/electronic (E/E) architectures for autonomous driving. Objective This paper describes a functional reference architecture for autonomous driving, along with various considerations that influence such an architecture. The functionality is described at the logical level, without dependence on specific implementation technologies. Method Engineering design has been used as the research method, which focuses on creating solutions intended for practical application. The architecture has been refined and applied over a 5 year period to the construction of prototype autonomous vehicles in three different categories, with both academic and industrial stakeholders. Results The architectural components are divided into categories pertaining to (i) perception, (ii) decision and control, and (iii) vehicle platform manipulation. The architecture itself is divided into two layers comprising the vehicle platform and a cognitive driving intelligence. The distribution of components among the architectural layers considers two extremes: one where the vehicle platform is as “dumb” as possible, and the other, where the vehicle platform can be treated as an autonomous system with limited intelligence. We recommend a clean split between the driving intelligence and the vehicle platform. The architecture description includes identification of stakeholder concerns, which are grouped under the business and engineering categories. A comparison with similar architectures is also made, wherein we claim that the presence of explicit components for world modeling, semantic understanding, and vehicle platform abstraction seem unique to our architecture. Conclusion The concluding discussion examines the influences of implementation technologies on functional architectures and how an architecture is affected when a human driver is replaced by a computer. The discussion also proposes that reduction and acceleration of testing, verification, and validation processes is the key to incorporating continuous deployment processes. Keywords: Autonomous driving; Functional architecture; E/E architecture; Reference architecture

Mittwoch, 7. November 2018, 11:30–12:30 Uhr (Gebäude 50.34, Raum 348)

Vortragende-/r	Daniel Zimmermann	Eintrag bearbeiten
Forschungsgruppe	MDSD
Titel	A Fast and Elitist Multiobjective Genetic Algorithm: NSGA-II
Autoren	Kalyanmoy Deb, Associate Member, IEEE, Amrit Pratap, Sameer Agarwal, and T. Meyarivan
PDF	https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=996017
URL	https://ieeexplore.ieee.org/document/996017
BibTeX	https://dblp.uni-trier.de/rec/bibtex/journals/tec/DebAPM02
Abstract	Multiobjective evolutionary algorithms (EAs) that use nondominated sorting and sharing have been criticized mainly for their: 1) O(MN^3) computational complexity (where M is the number of objectives and N is the population size); 2) nonelitism approach; and 3) the need for specifying a sharing parameter. In this paper, we suggest a nondominated sorting-based multiobjective EA (MOEA), called nondominated sorting genetic algorithm II (NSGA-II), which alleviates all the above three difficulties. Specifically, a fast nondominated sorting approach with O(MN^2) computational complexity is presented. Also, a selection operator is presented that creates a mating pool by combining the parent and offspring populations and selecting the best (with respect to fitness and spread) N solutions. Simulation results on difficult test problems show that the proposed NSGA-II, in most problems, is able to find much better spread of solutions and better convergence near the true Pareto-optimal front compared to Pareto-archived evolution strategy and strength-Pareto EA—two other elitist MOEAs that pay special attention to creating a diverse Pareto-optimal front. Moreover, we modify the definition of dominance in order to solve constrained multiobjective problems efficiently. Simulation results of the constrained NSGA-II on a number of test problems, including a five-objective seven-constraint nonlinear problem, are compared with another constrained multiobjective optimizer and much better performance of NSGA-II is observed.

Mittwoch, 24. Oktober 2018, 11:30–12:30 Uhr (Gebäude 50.34, Raum 348)

Vortragende-/r	Sandro Koch	Eintrag bearbeiten
Forschungsgruppe	QSE
Titel	Henshin: advanced concepts and tools for in-place EMF model transformations
Autoren	Thorsten Arendt, Enrico Biermann, Stefan Jurack, Christian Krause, Gabriele Taentzer
PDF
URL	https://link.springer.com/chapter/10.1007/978-3-642-16145-2 9
BibTeX
Abstract	The Eclipse Modeling Framework (EMF) provides modeling and code generation facilities for Java applications based on structured data models. Henshin is a new language and associated tool set for in-place transformations of EMF models. The Henshin transformation language uses pattern-based rules on the lowest level, which can be structured into nested transformation units with well-defined operational semantics. So-called amalgamation units are a special type of transformation units that provide a forall-operator for pattern replacement. For all of these concepts, Henshin offers a visual syntax, sophisticated editing functionalities, execution and analysis tools. The Henshin transformation language has its roots in attributed graph transformations, which offer a formal foundation for validation of EMF model transformations. The transformation concepts are demonstrated using two case studies: EMF model refactoring and meta-model evolution.

Mittwoch, 4. Juli 2018, 11:30–12:30 Uhr (Gebäude 50.34, Raum 348)

Vortragende-/r	Manar Mazkatli	Eintrag bearbeiten
Forschungsgruppe	ARE & QSE
Titel	WESSBAS: extraction of probabilistic workload specifications for load testing and performance prediction—a model-driven approach for session-based application systems
Autoren	Wilhelm Hasselbring, Helmut Krcmar, Christian Vögele, André van Hoorn, Eike Schulz
PDF	https://link.springer.com/article/10.1007/s10270-016-0566-5
URL	https://doi.org/10.1007/s10270-016-0566-5
BibTeX	http://dblp.org/rec/bibtex/journals/sosym/VogeleHSHK18
Abstract	The specification of workloads is required in order to evaluate performance characteristics of application systems using load testing and model-based performance prediction. Defining workload specifications that represent the real workload as accurately as possible is one of the biggest challenges in both areas. To overcome this challenge, this paper presents an approach that aims to automate the extraction and transformation of workload specifications for load testing and model-based performance prediction of session-based application systems. The approach (WESSBAS) comprises three main components. First, a system- and tool-agnostic domain-specific language (DSL) allows the layered modeling of workload specifications of session-based systems. Second, instances of this DSL are automatically extracted from recorded session logs of production systems. Third, these instances are transformed into executable workload specifications of load generation tools and model-based performance evaluation tools.We present transformations to the common load testing tool Apache JMeter and to the Palladio Component Model. Our approach is evaluated using the industry-standard benchmark SPECjEnterprise2010 and the World Cup 1998 access logs.Workload-specific characteristics (e.g., session lengths and arrival rates) and performance characteristics (e.g., response times and CPU utilizations) show that the extracted workloads match the measured workloads with high accuracy.

Mittwoch, 20. Juni 2018, 11:30–12:30 Uhr (Gebäude 50.34, Raum 348)

Vortragende-/r	Stephan Seifermann	Eintrag bearbeiten
Forschungsgruppe	ARE & QSE
Titel	Modeling and enforcing secure object flows in process-driven SOAs: an integrated model-driven approach
Autoren	Bernhard Hoisl, Stefan Sobernig, Mark Strem beck
PDF	https://link.springer.com/content/pdf/10.1007/s10270-012-0263-y.pdf
URL	https://link.springer.com/article/10.1007/s10270-012-0263-y
BibTeX	https://dblp.uni-trier.de/rec/bibtex/journals/sosym/HoislSS14
Abstract	In this paper, we present an integrated model-driven approach for the specification and the enforcement of secure object flows in process-driven service-oriented architectures (SOA). In this context, a secure object flow ensures the confidentiality and the integrity of important objects (such as business contracts or electronic patient records) that are passed between different participants in SOA-based business processes. We specify a formal and generic metamodel for secure object flows that can be used to extend arbitrary process modeling languages. To demonstrate our approach, we present a UML extension for secure object flows. Moreover, we describe how platform-independent models are mapped to platform-specific software artifacts via automated model transformations. In addition, we give a detailed description of how we integrated our approach with the Eclipse modeling tools.

Mittwoch, 6. Juni 2018, 11:30–12:30 Uhr (Gebäude 50.34, Raum 348)

Vortragende-/r	Maximilian Eckert	Eintrag bearbeiten
Forschungsgruppe	-
Titel	Concern-oriented Software Design
Autoren	Omar Alam, Jörg Kienzle, Gunter Mussbacher
PDF	https://dl.acm.org/citation.cfm?id=2945982
URL	https://dl.acm.org/citation.cfm?id=2945982
BibTeX
Abstract	There exist many solutions to solve a given design problem, and it is difficult to capture the essence of a solution and make it reusable for future designs. Furthermore, many variations of a given solution may exist, and choosing the best alternative depends on application-specific high-level goals and non-functional requirements. This paper proposes Concern-Oriented Software Design, a modelling technique that focuses on concerns as units of reuse. A concern groups related models serving the same purpose, and provides three interfaces to facilitate reuse. The variation interface presents the design alternatives and their impact on non-functional requirements. The customization interface of the selected alternative details how to adapt the generic solution to a specific context. Finally, the usage interface specifies the provided behavior. We illustrate our approach by presenting the concern models of variations of the Observer design pattern, which internally depends on the Association concern to link observers and subjects

Mittwoch, 23. Mai 2018, 11:30–12:30 Uhr (Gebäude 50.34, Raum 348)

Vortragende-/r	Heiko Klare	Eintrag bearbeiten
Forschungsgruppe	MDSD
Titel	Bidirectional Transformations in the Large
Autoren	Perdita Stevens
PDF	https://sdqweb.ipd.kit.edu/lehre/lesegruppe/stevens2017a.pdf
URL	https://ieeexplore.ieee.org/document/8101241/
BibTeX	https://dblp.org/rec/bibtex/conf/models/Stevens17
Abstract	The model-driven development of systems involves multiple models, metamodels and transformations, and relationships between them. A bidirectional transformation (bx) is usually defined as a means of maintaining consistency between "two (or more)" models. This includes cases where one model may be generated from one or more others, as well as more complex ("symmetric") cases where models record partially overlapping information. In recent years binary bx, those relating two models, have been extensively studied. Multiary bx, those relating more than two models, have received less attention. In this paper we consider how a multiary consistency relation may be defined in terms of binary consistency relations, and how consistency restoration may be carried out on a network of models and relationships between them. We relate this to megamodelling and discuss further research that is needed.

Mittwoch, 9. Mai 2018, 11:30–12:30 Uhr (Gebäude 50.34, Raum 348)

Vortragende-/r	Dominik Werle	Eintrag bearbeiten
Forschungsgruppe	ARE & QSE
Titel	The Future of Software Performance Engineering
Autoren	Murray Woodside, Greg Franks, Dorina C. Petriu
PDF	https://doi.org/10.1109/FOSE.2007.32
URL	https://doi.org/10.1109/FOSE.2007.32
BibTeX	http://dblp.uni-trier.de/rec/bibtex/conf/icse/WoodsideFP07
Abstract	Performance is a pervasive quality of software systems; everything affects it, from the software itself to all underlying layers, such as operating system, middleware, hardware, communication networks, etc. Software Performance Engineering encompasses efforts to describe and improve performance, with two distinct approaches: an early-cycle predictive model-based approach, and a late-cycle measurement-based approach. Current progress and future trends within these two approaches are described, with a tendency (and a need) for them to converge, in order to cover the entire development cycle.

Mittwoch, 25. April 2018, 11:30–12:30 Uhr (Gebäude 50.34, Raum 348)

Vortragende-/r	-	Eintrag bearbeiten
Forschungsgruppe	-
Titel	Ausgefallen wegen Korrektur
Autoren
PDF
URL
BibTeX
Abstract

Frühere Termine sind im Archiv zu finden.

Vorgeschlagene Artikel

Jeder, der einen interessanten Artikel in der Lesegruppe vorstellen möchte, kann sich hier eintragen (bitte eigenen Namen nicht vergessen!) oder eine Email an Emre Taspolatoglu or Manar Mazkatli schreiben.

Mögliche Papers:

• Best-Paper von ICSA, ECSA oder einer der relevanten Konferenzen
• Grundlegende Papers zu Clean Code
• Papers zu GQM

Mögliche Kandidaten:

• Performance Evaluation of Component-based Software Systems: A Survey – Koziolek [PDF fulltext] [BibTeX]
• A Flexible Infrastructure for Multi Level Language Engineering – Atkinson, Gutheil, Kennel [www]
• Foundations for the study of software architecture – Perry, Wolf [www]
• Defect Frequency and Design Patterns: An Empirical Study of Industrial Code – Vokac [www]
• Aligning Organizations Through Measurement - The GQM+Strategies Approach - Basili, Trendowicz, Kowalczyk, Heidrich, Seaman, Münch, Rombach [doi]
• Object-Oriented Modeling with Adora - Glinz, Berner, Joos [www]
• Software Aging - Parnas [www]
• Practical relevance of software engineering research: synthesizing the community’s voice - Garousi, Borg, Oivo www
• Weitere bitte hier eintragen

Studenten, die nach einer guten Publikation suchen, die sie in der Lesegruppe vorstellen können, seien auf folgende Standardpublikationen hingewiesen:

• The Past, Present, and Future of Software Architecture - Kruchten, Obbink, Stafford [PDF fulltext] [BibTeX]
  Viele der in diesem Einführungsartikel genannten Publikationen stellen Meilensteine der Softwaretechnik dar, es eignen sich fast alle für die Vorstellung in der Lesegruppe.

Organisation (intern)