Auflistung nach Autor:in "Seifermann, Stephan"
1 - 10 von 12
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragCatching Up with State of the Art Continuous Integration Pipelines in Palladio — An Experience Report(Softwaretechnik-Trends Band 40, Heft 3, 2020) Seifermann, Stephan; Krach, SebastianPalladio is a fairly large research project providing various software artifacts. The large amount of maintained projects makes Continuous Integration (CI) vital. However, CI is more useful if the source of a detected problem becomes clear. The earlier CI infrastructure did often not allow tracing back problems and even made adding new projects challenging. In 2018, we decided to completely rebuild the whole CI infrastructure and the organization of source code to catch up with the state of the art. Two years later, we can now report on our experience in migrating such large projects as well as on the benefits of spending the effort in this migration.
- ZeitschriftenartikelChallenges in Secure Software Evolution - The Role of Software Architecture(Softwaretechnik-Trends Band 36, Heft 1, 2016) Seifermann, Stephan; Taşpolatoğlu, Emre; Reussner, Ralf; Heinrich, RobertChallenges in Secure Software Evolution - The Role of Software ArchitectureAchieving quality properties for software systems and maintaining them during evolution is challenging. Especially, security properties often degrade during software evolution. This is often not noticed and can lead to monetary loss and serious damage to the company’s image. Approaches for maintaining security properties exist but fail to exploit the knowledge of the architectural design phase. This results in high effort and slow reactions on evolutionary changes. In this paper, we describe five key challenges in maintaining security properties during software evolution and show how architecture supports mastering them.
- ZeitschriftenartikelChallenges to Trading-Off Performance and Privacy of Component-Based Systems(Softwaretechnik-Trends Band 36, Heft 4, 2016) Seifermann, Stephan; Yurchenko, Kateryna; Kramer, Max E.Determining privacy properties of software systems is essential for certification in certain domains and gains importance for users of software services. Late discovery of degraded privacy properties during development phases makes fixing issues hard and expensive. Approaches that focus on architectural privacy predictions are rare and often do not integrate well with existing tools for performance predictions so that trade-off analyses are not supported. In this paper, we suggest extending the Palladio Component Model (PCM) by means of modeling privacy requirements to support privacy predictions, code generation, and verification, as well as trade-off decisions. The goal of this integration with PCM is to support the development of quality-aware component-based architectures: Our approach will allow trade-offs for privacy and performance properties during the early design and will ease the verification of the implementation.
- KonferenzbeitragData Stream Operations as First-Class Entities in Palladio(Softwaretechnik-Trends Band 39, Heft 4, 2019) Werle, Dominik; Seifermann, Stephan; Koziolek, AnneThe Palladio Component Model (PCM) is an approach to simulate the performance of software systems using a component-based modeling language. When simulating PCM models, requests only influence each other if they compete for the same resources. However, for some applications, such as data stream processing, it is not realistic for requests to be this independent. For example, it is common to group requests in windows over time or to join data streams. Modeling the resulting behavior and resource demands in the system via stochastic approximations is possible but has drawbacks. It requires additional effort for determining the approximation and it may require spreading information across model elements that should be encapsulated in one place. In this paper, we propose a way of modeling interaction between requests that is similar to query languages for data streams. Thus, we introduce state into models without sacrificing the understandability and composability of the model.
- KonferenzbeitragDatenzentrische Softwarearchitekturen(Software Engineering 2020, 2020) Seifermann, Stephan; Heinrich, Robert; Reussner, RalfDie Definition und Umsetzung von Sicherheitsanforderungen ist für alle Arten von Anwendungen essentiell, jedoch in komplexen Softwaresystemen nicht trivial. Verletzungen müssen so früh wie möglich erkannt werden, um sie kosteneffizient beheben zu können. In frühen Entwicklungsstadien können Entwurfszeitanalysen genutzt werden. Datenflussorientierte Analysen erlauben hier das Formulieren von Analysezielen in der Anforderungsterminologie, sind jedoch nicht gut in bestehende architekturelle Beschreibungssprachen (ADLs) integriert. In unserem Ansatz haben wir daher Datenflussmodellierung in die ADL Palladio integriert, um Analysen bzgl. der Einhaltung von Vertraulichkeitsanforderungen durchführen zu können. Eine Evaluierung mittels zweier Fallstudien zeigte, dass eine gute Präzision mittels der Analyse erreicht werden kann
- TextdokumentDefining a Security-Oriented Evolution Scenario for the CoCoME Case Study(Softwaretechnik-Trends: Vol. 37, No. 2, 2017) Pilipchuk, Roman; Seifermann, Stephan; Taspolatoglu, EmreInformation systems are subject to continuous change. In order to conduct empirical research on methods for software evolution, CoCoME was developed as a community-driven case study system. It is, however, not suitable for the validation of security-related approaches, as neither security nor privacy have been addressed in any evolution scenario. We elicited 53 secu- rity requirements coming from law, security guidelines and known threats. In this paper, we present three out of twelve security requirement categories including one representative requirement and share our experience in building the foundation for a security-oriented evolution scenario. Researchers in the field of secure software evolution can validate their approaches using this future evolution scenario.
- ZeitschriftenartikelLeveraging State to Facilitate Separation of Concerns in Reuse-oriented Performance Models(Softwaretechnik-Trends Band 37, Heft 3, 2017) Werle, Dominik; Seifermann, Stephan; Krach, Sebastian D.Each of the five dedicated roles of the Palladio process considers one or more concerns that form a performance prediction model, altogether. Modeling systems that vary their behavior based on a request history, however, requires to break role separation and create dependencies between concerns, thus reducing the reusability of components. Model elements that allow expressing such behavior while maintaining role separation do not exist. We propose a model extension that allows expressing behavior statefully and a transformation to a basic stateless Palladio model. This allows to maintain the role separation and thereby the reusability of components without the need for changes of existing analyses.
- KonferenzbeitragMapping Data Flow Models to the Palladio Component Model(Softwaretechnik-Trends Band 39, Heft 4, 2019) Seifermann, Stephan; Werle, Dominik; Ebada, MazenPredicting quality properties such as privacy are reasonable use cases for Data Flow Models (DFMs). For other use cases such as performance prediction, component-based software architecture models focusing on control flows are more suitable. Designers can derive a Control Flow Model (CFM) from a DFM but they have to make numerous design decisions like defining operation signatures. Currently, this derivation is a creative process without a clear design space and without guidelines for navigating this space. In this paper, we present design alternatives for given data flow examples and derive mapping rules that allow to choose between reasonable alternatives. Our results are a first step towards a catalogue of rules for deriving CFMs from DFMs in a systematic way and providing semi-automated transformations.
- KonferenzbeitragA Taxonomy of Dynamic Changes Affecting Confidentiality(Softwaretechnik-Trends Band 40, Heft 2, 2020) Walter, Maximilian; Seifermann, Stephan; Heinrich, RobertIndustry 4.0 facilitates dynamic production processes for highly tailored individual products that require intense cooperation between different organisations. The enabler of such cooperation are cyber-physical systems (CPSs). A set of policies also considering dynamic changes of a request context during runtime has to protect the confidentiality of involved systems. Analysing policy effectiveness already during design time can avoid costly confidentiality flaws. However, the changes that can be evaluated during design time are not clear. Therefore, we identified typical dynamic changes from use cases we gathered with two industrial partners and categorized them accordingly.
- KonferenzbeitragTowards Collaboration on Accessible UML Models(Mensch und Computer 2015 – Workshopband, 2015) Seifermann, Stephan; Groenda, Henning