@inproceedings{33711,
author = {{Gollner, Denis and Klausmann, Tobias and Rasor, Rik and Dumitrescu, Roman}},
booktitle = {{2022 IEEE 5th International Conference on Industrial Cyber-Physical Systems (ICPS)}},
publisher = {{IEEE}},
title = {{{Use Case Driven Digital Twin Generation}}},
doi = {{10.1109/icps51978.2022.9816907}},
year = {{2022}},
}
@article{33718,
author = {{Gabriel, Stefan and Bentler, Dominik and Grote, Eva-Maria and Junker, Caroline and Wendischhoff, David Meyer zu and Bansmann, Michael and Latos, Benedikt and Hobscheidt, Daniela and Kühn, Arno and Dumitrescu, Roman}},
issn = {{2212-8271}},
journal = {{Procedia CIRP}},
keywords = {{General Medicine}},
pages = {{431--436}},
publisher = {{Elsevier BV}},
title = {{{Requirements analysis for an intelligent workforce planning system: a socio-technical approach to design AI-based systems}}},
doi = {{10.1016/j.procir.2022.05.274}},
volume = {{109}},
year = {{2022}},
}
@article{33716,
author = {{Förster, Magdalena and Kürpick, Christian and Hobscheidt, Daniela and Kühn, Arno and Dumitrescu, Roman}},
issn = {{2212-8271}},
journal = {{Procedia CIRP}},
keywords = {{General Medicine}},
pages = {{322--327}},
publisher = {{Elsevier BV}},
title = {{{Cross-industry methods for strategic planning of the digital transformation of small and medium sized enterprises}}},
doi = {{10.1016/j.procir.2022.05.257}},
volume = {{109}},
year = {{2022}},
}
@article{33717,
author = {{Kharatyan, Aschot and Günther, Matthias and Anacker, Harald and Japs, Sergej and Dumitrescu, Roman}},
issn = {{2212-8271}},
journal = {{Procedia CIRP}},
keywords = {{General Medicine}},
pages = {{586--591}},
publisher = {{Elsevier BV}},
title = {{{Security- and Safety-Driven Functional Architecture Development Exemplified by Automotive Systems Engineering}}},
doi = {{10.1016/j.procir.2022.05.299}},
volume = {{109}},
year = {{2022}},
}
@article{33719,
author = {{Humpert, Lynn and Röhm, Benjamin and Anacker, Harald and Dumitrescu, Roman and Anderl, Reiner}},
issn = {{2212-8271}},
journal = {{Procedia CIRP}},
keywords = {{General Medicine}},
pages = {{215--220}},
publisher = {{Elsevier BV}},
title = {{{Method for direct end customer integration into the agile product development}}},
doi = {{10.1016/j.procir.2022.05.239}},
volume = {{109}},
year = {{2022}},
}
@article{33810,
author = {{Koldewey, Christian and Hobscheidt, Daniela and Pierenkemper, Christoph and Kühn, Arno and Dumitrescu, Roman}},
journal = {{Sci}},
number = {{4}},
publisher = {{MDPI}},
title = {{{Increasing Firm Performance through Industry 4.0—A Method to Define and Reach Meaningful Goals}}},
doi = {{https://doi.org/10.3390/sci4040039}},
volume = {{39}},
year = {{2022}},
}
@article{33720,
author = {{Göllner, Denis and Rasor, Rik and Anacker, Harald and Dumitrescu, Roman}},
issn = {{2212-8271}},
journal = {{Procedia CIRP}},
keywords = {{General Medicine}},
pages = {{1089--1094}},
publisher = {{Elsevier BV}},
title = {{{Collaborative Modeling of Interoperable Digital Twins in a SoS Context}}},
doi = {{10.1016/j.procir.2022.05.113}},
volume = {{107}},
year = {{2022}},
}
@article{30193,
abstract = {{The successful planning of future product generations requires reliable insights into the actual products’ problems and potentials for improvement. A valuable source for these insights is the product use phase. In practice, product planners are often forced to work with assumptions and speculations as insights from the use phase are insufficiently identified and documented. A new opportunity to address this problem arises from the ongoing digitalization that enables products to generate and collect data during their utilization. Analyzing these data could enable their manufacturers to generate and exploit insights concerning product performance and user behavior, revealing problems and potentials for improvement. However, research on analyzing use phase data in product planning of manufacturing companies is scarce. Therefore, we conducted an exploratory interview study with decision-makers of eight manufacturing companies. The result of this paper is a detailed description of the potentials and challenges that the interviewees associated with analyzing use phase data in product planning. The potentials explain the intended purpose and generic application examples. The challenges concern the products, the data, the customers, the implementation, and the employees. By gathering the potentials and challenges through expert interviews, our study structures the topic from the perspective of the potential users and shows the needs for future research.}},
author = {{Meyer, Maurice and Fichtler, Timm and Koldewey, Christian and Dumitrescu, Roman}},
issn = {{0890-0604}},
journal = {{Artificial Intelligence for Engineering Design, Analysis and Manufacturing}},
keywords = {{Artificial Intelligence, Industrial and Manufacturing Engineering}},
publisher = {{Cambridge University Press (CUP)}},
title = {{{Potentials and challenges of analyzing use phase data in product planning of manufacturing companies}}},
doi = {{10.1017/s0890060421000408}},
volume = {{36}},
year = {{2022}},
}
@article{33710,
abstract = {{Abstract
Um global erfolgreich zu bleiben, wird es bald nicht mehr ausreichen, Kriterien wie ein gutes Produktdesign zu erfüllen. Stattdessen muss der Kundennutzen kontinuierlich über den Produktlebenszyklus hinaus gesteigert werden. Tech-Konzerne verzeichnen bereits Erfolge und verkörpern den Wandel schon heute. Vor diesem Hintergrund ist ein neues Leitbild in der Entwicklung und dem Betrieb von zukünftigen, technischen Systemen erforderlich. EngOps soll diesen Bedarf decken und steht für die agile Kollaboration zwischen Engineering und Operations. Alle Teile des Unternehmens sollen ständig miteinander kooperieren, um so beispielsweise wandelbare Produkte auch nach dem Verkauf entwickeln zu können.}},
author = {{Anacker, Harald and Dumitrescu, Roman and Michels, Nico and Rasor, Rik}},
issn = {{2511-0896}},
journal = {{Zeitschrift für wirtschaftlichen Fabrikbetrieb}},
keywords = {{Management Science and Operations Research, Strategy and Management, General Engineering}},
number = {{6}},
pages = {{405--409}},
publisher = {{Walter de Gruyter GmbH}},
title = {{{EngOps – Ein Leitbild für das agile Zusammenwirken von Engineering und Operations}}},
doi = {{10.1515/zwf-2022-1069}},
volume = {{117}},
year = {{2022}},
}
@article{33835,
abstract = {{
Nowadays, an increasing number of applications uses deserialization. This technique, based on rebuilding the instance of objects from serialized byte streams, can be dangerous since it can open the application to attacks such as remote code execution (RCE) if the data to deserialize is originating from an untrusted source. Deserialization vulnerabilities are so critical that they are in OWASP’s list of top 10 security risks for web applications. This is mainly caused by faults in the development process of applications and by flaws in their dependencies, i.e., flaws in the libraries used by these applications. No previous work has studied deserialization attacks in-depth: How are they performed? How are weaknesses introduced and patched? And for how long are vulnerabilities present in the codebase? To yield a deeper understanding of this important kind of vulnerability, we perform two main analyses: one on attack gadgets, i.e., exploitable pieces of code, present in Java libraries, and one on vulnerabilities present in Java applications. For the first analysis, we conduct an exploratory large-scale study by running 256 515 experiments in which we vary the versions of libraries for each of the 19 publicly available exploits. Such attacks rely on a combination of
gadgets
present in one or multiple Java libraries. A gadget is a method which is using objects or fields that can be attacker-controlled. Our goal is to precisely identify library versions containing gadgets and to understand how gadgets have been introduced and how they have been patched. We observe that the modification of one innocent-looking detail in a class – such as making it
public
– can already introduce a gadget. Furthermore, we noticed that among the studied libraries, 37.5% are not patched, leaving gadgets available for future attacks.
For the second analysis, we manually analyze 104 deserialization vulnerabilities CVEs to understand how vulnerabilities are introduced and patched in real-life Java applications. Results indicate that the vulnerabilities are not always completely patched or that a workaround solution is proposed. With a workaround solution, applications are still vulnerable since the code itself is unchanged.}},
author = {{Sayar, Imen and Bartel, Alexandre and Bodden, Eric and Le Traon, Yves}},
issn = {{1049-331X}},
journal = {{ACM Transactions on Software Engineering and Methodology}},
keywords = {{Software}},
publisher = {{Association for Computing Machinery (ACM)}},
title = {{{An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities}}},
doi = {{10.1145/3554732}},
year = {{2022}},
}
@article{33836,
author = {{Piskachev, Goran and Späth, Johannes and Budde, Ingo and Bodden, Eric}},
journal = {{Empirical Software Engineering}},
number = {{5}},
pages = {{1–33}},
publisher = {{Springer}},
title = {{{Fluently specifying taint-flow queries with fluentTQL}}},
volume = {{27}},
year = {{2022}},
}
@inproceedings{33838,
author = {{Krishnamurthy, Ranjith and Piskachev, Goran and Bodden, Eric}},
title = {{{To what extent can we analyze Kotlin programs using existing Java taint analysis tools?}}},
year = {{2022}},
}
@inproceedings{33837,
author = {{Piskachev, Goran and Dziwok, Stefan and Koch, Thorsten and Merschjohann, Sven and Bodden, Eric}},
title = {{{How far are German companies in improving security through static program analysis tools?}}},
year = {{2022}},
}
@article{20731,
abstract = {{We present a novel algorithm that allows us to gain detailed insight into the effects of sparsity in linear and nonlinear optimization, which is of great importance in many scientific areas such as image and signal processing, medical imaging, compressed sensing, and machine learning (e.g., for the training of neural networks). Sparsity is an important feature to ensure robustness against noisy data, but also to find models that are interpretable and easy to analyze due to the small number of relevant terms. It is common practice to enforce sparsity by adding the ℓ1-norm as a weighted penalty term. In order to gain a better understanding and to allow for an informed model selection, we directly solve the corresponding multiobjective optimization problem (MOP) that arises when we minimize the main objective and the ℓ1-norm simultaneously. As this MOP is in general non-convex for nonlinear objectives, the weighting method will fail to provide all optimal compromises. To avoid this issue, we present a continuation method which is specifically tailored to MOPs with two objective functions one of which is the ℓ1-norm. Our method can be seen as a generalization of well-known homotopy methods for linear regression problems to the nonlinear case. Several numerical examples - including neural network training - demonstrate our theoretical findings and the additional insight that can be gained by this multiobjective approach.}},
author = {{Bieker, Katharina and Gebken, Bennet and Peitz, Sebastian}},
journal = {{IEEE Transactions on Pattern Analysis and Machine Intelligence}},
number = {{11}},
pages = {{7797--7808}},
publisher = {{IEEE}},
title = {{{On the Treatment of Optimization Problems with L1 Penalty Terms via Multiobjective Continuation}}},
doi = {{10.1109/TPAMI.2021.3114962}},
volume = {{44}},
year = {{2022}},
}
@inproceedings{30987,
author = {{Kostitsyna, Irina and Scheideler, Christian and Warner, Daniel}},
booktitle = {{1st Symposium on Algorithmic Foundations of Dynamic Networks (SAND 2022)}},
editor = {{Aspnes, James and Michail, Othon}},
isbn = {{978-3-95977-224-2}},
issn = {{1868-8969}},
pages = {{23:1–23:3}},
publisher = {{Schloss Dagstuhl – Leibniz-Zentrum für Informatik}},
title = {{{Brief Announcement: Fault-Tolerant Shape Formation in the Amoebot Model}}},
doi = {{10.4230/LIPIcs.SAND.2022.23}},
volume = {{221}},
year = {{2022}},
}
@article{33956,
abstract = {{Abstract
Smart Services eröffnen vielfältige Geschäftsmöglichkeiten für produzierende Unternehmen und erfordern zugleich einschneidende Anpassungen ihrer häufig historisch gewachsenen Wertschöpfung. Dieser Beitrag zeigt eine Web-Applikation, die es produzierenden Unternehmen erlaubt, die erforderliche Smart-Service-Transformation zu planen. Dafür werden umfassendes Lösungswissen bereitgestellt und eine individuelle Gestaltungsempfehlungen für die zukünftige Wertschöpfung als Smart-Service-Anbieter gegeben.}},
author = {{Reinhold, Jannik and Siewert, Michael and Scholtysik, Michel and Rasor, Anja and Koldewey, Christian and Dumitrescu, Roman}},
issn = {{2511-0896}},
journal = {{Zeitschrift für wirtschaftlichen Fabrikbetrieb}},
keywords = {{Management Science and Operations Research, Strategy and Management, General Engineering}},
number = {{5}},
pages = {{312--316}},
publisher = {{Walter de Gruyter GmbH}},
title = {{{Software-gestützte Planung der Smart-Service-Transformation}}},
doi = {{10.1515/zwf-2022-1048}},
volume = {{117}},
year = {{2022}},
}
@inproceedings{33706,
author = {{Panzner, Melina and Meyer, Maurice and Enzberg, Sebastian von and Dumitrescu, Roman}},
booktitle = {{Procedia CIRP}},
issn = {{2212-8271}},
keywords = {{General Medicine}},
pages = {{580--585}},
publisher = {{Elsevier BV}},
title = {{{Business-to-Analytics Canvas - Translation of Product Planning-Related Business Use Cases into Concrete Data Analytics Tasks}}},
doi = {{10.1016/j.procir.2022.05.298}},
volume = {{109}},
year = {{2022}},
}
@article{33955,
author = {{Reinhold, Jannik and Koldewey, Christian and Dumitrescu, Roman}},
issn = {{2212-8271}},
journal = {{Procedia CIRP}},
keywords = {{General Medicine}},
pages = {{413--418}},
publisher = {{Elsevier BV}},
title = {{{Value Creation Framework and Roles for Smart Services}}},
doi = {{10.1016/j.procir.2022.05.271}},
volume = {{109}},
year = {{2022}},
}
@misc{33959,
abstract = {{Recent studies have revealed that 87 % to 96 % of the Android apps using cryptographic APIs have a misuse which may cause security vulnerabilities. As previous studies did not conduct a qualitative examination of the validity and severity of the findings, our objective was to understand the findings in more depth. We analyzed a set of 936 open-source Java applications for cryptographic misuses. Our study reveals that 88.10 % of the analyzed applications fail to use cryptographic APIs securely. Through our manual analysis of a random sample, we gained new insights into effective false positives. For example, every fourth misuse of the frequently misused JCA class MessageDigest is an effective false positive due to its occurrence in a non-security context. As we wanted to gain deeper insights into the security implications of these misuses, we created an extensive vulnerability model for cryptographic API misuses. Our model includes previously undiscussed attacks in the context of cryptographic APIs such as DoS attacks. This model reveals that nearly half of the misuses are of high severity, e.g., hard-coded credentials and potential Man-in-the-Middle attacks.}},
author = {{Wickert, Anna-Katharina and Baumgärtner, Lars and Schlichtig, Michael and Mezini, Mira}},
title = {{{To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild}}},
doi = {{10.48550/ARXIV.2209.11103}},
year = {{2022}},
}
@inproceedings{33967,
author = {{Aguiliera, Marcos and Richa, Andréa W. and Schwarzmann, Alexander A. and Panconesi, Alessandro and Scheideler, Christian and Woelfel, Philipp}},
booktitle = {{PODC ’22: ACM Symposium on Principles of Distributed Computing, Salerno, Italy, July 25 - 29, 2022}},
editor = {{Milani, Alessia and Woelfel, Philipp}},
pages = {{1}},
publisher = {{ACM}},
title = {{{2022 Edsger W. Dijkstra Prize in Distributed Computing}}},
doi = {{10.1145/3519270.3538411}},
year = {{2022}},
}