P215 - Software Engineering 2013 Workshopband (inkl. Doktorandensymposium)
Autor*innen mit den meisten Dokumenten
Neueste Veröffentlichungen
- KonferenzbeitragHow useful are existing monitoring languages for securing android apps?(Software Engineering 2013 - Workshopband, 2013) Arzt, Steven; Falzon, Kevin; Follner, Andreas; Rasthofer, Siegfried; Bodden, Eric; Stolz, VolkerThe Android operating system is currently dominating the mobile device market in terms of penetration and growth rate. An important contributor to its success are a wealth of cheap and easy-to-install mobile applications, known as apps. Today, installing untrusted apps is the norm, though this comes with risks: malware is ubiquitous and can easily leak confidential and sensitive data. In this work, we investigate the extent to which we can specify complex information flow properties using existing specification languages for runtime monitoring, with the goal to encapsulate potentially harmful apps and prevent private data from leaking. By modelling a set of representative, Android-specific security policies with Tracematches, JavaMOP, Dataflow Pointcuts and PQL, we are able to identify policylanguage features that are crucial for effectively defining runtime-enforceable Android security properties. Our evaluation demonstrates that while certain property languages suit our purposes better than others, they all lack essential features that would, if present, allow users to provide effective security guarantees about apps. We discuss those shortcomings and propose several possible mechanisms to overcome them.
- KonferenzbeitragMD -DSL - eine domänenspezifische Sprache zur Beschreibung und Generierung mobiler Anwendungen(Software Engineering 2013 - Workshopband, 2013) Heitkötter, Henning; Majchrzak, Tim A.; Kuchen, HerbertEntwickler mobiler Anwendungen, sogenannter Apps, stehen einer heterogenen Landschaft an mobilen Plattformen gegenüber, die sich hinsichtlich ihrer Programmierung stark unterscheiden. Häufig sollen zumindest die weit verbreiteten Be- triebssysteme iOS und Android unterstützt werden. Dabei sollen Apps dem nativen, plattformtypischen Aussehen und Verhalten genügen oder zumindest nachempfunden werden. Bestehende Cross-Plattform-Lösungen im mobilen Umfeld unterstützen letztere Anforderung nicht, so dass Entwickler oftmals gezwungen sind, dieselbe App parallel für mehrere Plattformen nativ zu entwickeln. Dies erhöht den Entwicklungsaufwand erheblich, zumal die Implementierung auf einem niedrigen Abstraktionsniveau erfolgt. Dieser Beitrag stellt das Framework MD2 und die domänenspezifische Sprache MD2-DSL vor, die es ermöglicht, Apps mit vorwiegend geschäftlichem Hintergrund auf einem gehobenen Abstraktionsniveau prägnant zu beschreiben. Der modellgetriebene Ansatz MD2 generiert aus den textuellen MD2-DSL-Modellen iOS- und Android-Apps. Die Sprache MD2-DSL enthält Konstrukte zur Abbildung und Umsetzung typischer Anforderungen an Apps und stellt somit eine Alternative zur wiederholten Implementierung einer App auf verschiedenen Plattformen dar.
- KonferenzbeitragCASM: Implementing an Abstract State Machine based Programming Language(Software Engineering 2013 - Workshopband, 2013) Lezuo, Roland; Barany, Gergö; Krall, AndreasIn this paper we present CASM, a general purpose programming language based on abstract state machines (ASMs). We describe the implementation of an interpreter and a compiler for the language. The demand for efficient execution forced us to modify the definition of ASM and we discuss the impact of those changes. A novel feature for ASM based languages is symbolic execution, which we briefly describe. CASM is used for instruction set simulator generation and for semantic description in a compiler verification project. We report on the experience of using the language in those two projects. Finally we position ASM based programming languages as an elegant combination of imperative and functional programming paradigms which may liberate us from the von Neumann style as demanded by John Backus.
- KonferenzbeitragViCE-UPSLA: A visual high level language for accurate simulation of interlocked pipelined processors(Software Engineering 2013 - Workshopband, 2013) Klassen, DennisSimulation of processors is needed in early stages of development to reduce cost and increase quality of processor designs. Suitable simulators can be generated automatically from high-level specifications of the processor architecture. For this purpose, we have developed the domain specific visual language ViCE-UPSLA. It allows to describe pipeline based register-register, register-memory processor architectures and generates efficient simulators for such processors. In this way a variety of processors can be quickly prototyped for validation and evaluation. We have successfully used ViCE-UPSLA to model and simulate a processor with an ARM [ARM00] like architecture.
- Editiertes Buch
- KonferenzbeitragScribble - A framework for integrating intelligent input methods into graphical diagram editors(Software Engineering 2013 - Workshopband, 2013) Scharf, AndreasCreating modern software is a challenging but also a very creative task. Especially in early development phases like requirements engineering or architectural design software engineers use different mediums to manifest their thoughts and to discuss possible ambiguities. These mediums range from analog tools like pen & paper or whiteboards to digital ones like tablet pc's or smartboards. Whereas editing capabilities for analog mediums are restricted to add/remove operations, there already is great support in the digital world to later move, rotate or even share thoughts and diagrams with distributed teams. In addition the tool support for creating complex diagrams used to express software architecture and design along with sophisticated techniques like code generation is large. However, most of these tools restrict the user input to valid data, decreasing the software engineers flexibility which is why they often fall back to non formal tools. This doctoral thesis aims to combine the flexibility of informal sketching with the power of formal software engineering tools. As part of this thesis, a new generic framework will be created which dynamically augments new and already existing diagram editors with sketch-based input features.
- KonferenzbeitragEine Multikanal-Architektur für adaptive, webbasierte Frontendsysteme und deren Erweiterbarkeit durch Variantenbildung(Software Engineering 2013 - Workshopband, 2013) Hitz, Michael ThomasDer in den letzten Jahren stark gestiegene Bedarf an webbasierten Zugängen zu den Systemen eines Unternehmens für unterschiedliche Nutzergruppen (fachliche Kanäle) führte häufig dazu, dass parallel monolithische, siloartige Frontend-Systeme entstanden sind, welche in Wartung und Weiterentwicklung durch die resultierenden Redundanzen hohe Kosten verursachen. In den letzten Jahren rückten zudem neue Technologien wie mobile Geräte weiter in den Fokus, die neben den fachlichen Kanälen eigene Anforderungen an die Darstellung und die Prozesse haben und damit die Komplexität weiter erhöhen. Um schnell und kosteneffizient auf den Markt reagieren zu können, bedarf es einer Lösung, welche Funktionalitäten kanalübergreifend wiederverwendbar macht und bei Änderungen oder kanalspezifischen Erweiterungen Redundanzen durch Bildung von Varianten vorhandener Oberflächen und Prozesse vermeidet.
- KonferenzbeitragErweiterung von domänenspezifischen Sprachen um benutzerdefinierte Werttypen(Software Engineering 2013 - Workshopband, 2013) Zahner, ChristinDomänenspezifische Sprachen unterstützen die Modellierung von Konzepten einer bestimmten Domäne. Mit Blick auf die Formulierung von Ausdrücken beschränken sich textuelle DSLs allerdings häufig auf die Unterstützung von primitiven Typen und Aufzählungstypen. Fachliche Konzepte, wie Geldbeträge oder Postleitzahlen, die zeitund zustandslos modellierbar wären, sind nur schwer in eine DSL zu integrieren. Dieser Beitrag stellt Ansätze vor, um die Ausdruckskraft von DSLs um benutzerdefinierte Werttypen zu erweitern.
- KonferenzbeitragMulti-language refactoring with dimensions of semantics-preservation(Software Engineering 2013 - Workshopband, 2013) Schink, HagenToday, software developers utilize different general-purpose (GPL) and domain-specific languages (DSL) to implement multi-language software applications (MLSA). MLSAs, thus, contain artifacts of different GPLs and DSLs, e.g., sourcecode files and configurations. In a recent study we found that refactoring an artifact can break artifact interaction and that interaction cannot be re-established by additional refactorings. In this paper we propose an approach that supports developers in understanding and adapting changes to artifact interaction due to refactoring.
- KonferenzbeitragGuiding transaction design through architecture-level performance and data consistency prediction(Software Engineering 2013 - Workshopband, 2013) Merkle, PhilippDesigning transactional software which operates not only in a timely fashion but also preserves data consistency is challenging. While it is easy to preserve data consistency by choosing a high isolation level, this can quickly become a performance bottleneck due to limited concurrency. Conversely, relaxing the isolation between concurrent transactions may lead to data inconsistencies. Solving this tradeoff systematically requires quantitative knowledge on the relation between transaction performance and the likelihood of data consistency violations under a given isolation level. Architecture-level performance prediction is a promising approach to address the first half of this trade-off but often neglects the influence of transactions. The second half-data consistency-is not addressed at all by existing approaches. Therefore, we plan to integrate transaction modelling into the Palladio approach for componentbased software quality prediction. This creates the opportunity to predict not only performance metrics more accurately, but also to estimate data consistency violations.