@inproceedings{20759, author = {{Gerking, Christopher and Schubert, David}}, booktitle = {{International Conference on Software Architecture (ICSA 2019)}}, title = {{{Component-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architectures}}}, year = {{2019}}, } @inproceedings{23378, author = {{Piskachev, Goran and Do, Lisa Nguyen Quang and Bodden, Eric}}, booktitle = {{Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis}}, title = {{{Codebase-adaptive detection of security-relevant methods}}}, doi = {{10.1145/3293882.3330556}}, year = {{2019}}, } @misc{7628, author = {{Selbach, Nils}}, publisher = {{Universität Paderborn}}, title = {{{Modeling Crypto API usages in OpenSSL's EVP library}}}, year = {{2019}}, } @article{14896, author = {{Dann, Andreas and Hermann, Ben and Bodden, Eric}}, issn = {{0098-5589}}, journal = {{IEEE Transactions on Software Engineering}}, pages = {{1--1}}, title = {{{ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules}}}, doi = {{10.1109/tse.2019.2931331}}, year = {{2019}}, } @inproceedings{14897, author = {{Dann, Andreas and Hermann, Ben and Bodden, Eric}}, booktitle = {{Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis - SOAP 2019}}, isbn = {{9781450367202}}, title = {{{SootDiff: bytecode comparison across different Java compilers}}}, doi = {{10.1145/3315568.3329966}}, year = {{2019}}, } @inproceedings{14899, author = {{Kruger, Stefan and Hermann, Ben}}, booktitle = {{2019 IEEE/ACM 2nd International Workshop on Gender Equality in Software Engineering (GE)}}, isbn = {{9781728122458}}, title = {{{Can an Online Service Predict Gender? On the State-of-the-Art in Gender Identification from Texts}}}, doi = {{10.1109/ge.2019.00012}}, year = {{2019}}, } @inproceedings{7626, author = {{Schubert, Philipp and Hermann, Ben and Bodden, Eric}}, booktitle = {{Proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2019), Held as Part of the European Joint Conferences on Theory and Practice of Software (ETAPS 2019)}}, location = {{Prague, Czech Republic}}, pages = {{393--410}}, title = {{{PhASAR: An Inter-Procedural Static Analysis Framework for C/C++}}}, doi = {{10.1007/978-3-030-17465-1_22}}, volume = {{II}}, year = {{2019}}, } @inproceedings{14898, author = {{Schubert, Philipp and Leer, Richard and Hermann, Ben and Bodden, Eric}}, booktitle = {{Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis - SOAP 2019}}, isbn = {{9781450367202}}, title = {{{Know your analysis: how instrumentation aids understanding static analysis}}}, doi = {{10.1145/3315568.3329965}}, year = {{2019}}, } @unpublished{2711, abstract = {{In recent years, researchers have developed a number of tools to conduct taint analysis of Android applications. While all the respective papers aim at providing a thorough empirical evaluation, comparability is hindered by varying or unclear evaluation targets. Sometimes, the apps used for evaluation are not precisely described. In other cases, authors use an established benchmark but cover it only partially. In yet other cases, the evaluations differ in terms of the data leaks searched for, or lack a ground truth to compare against. All those limitations make it impossible to truly compare the tools based on those published evaluations. We thus present ReproDroid, a framework allowing the accurate comparison of Android taint analysis tools. ReproDroid supports researchers in inferring the ground truth for data leaks in apps, in automatically applying tools to benchmarks, and in evaluating the obtained results. We use ReproDroid to comparatively evaluate on equal grounds the six prominent taint analysis tools Amandroid, DIALDroid, DidFail, DroidSafe, FlowDroid and IccTA. The results are largely positive although four tools violate some promises concerning features and accuracy. Finally, we contribute to the area of unbiased benchmarking with a new and improved version of the open test suite DroidBench.}}, author = {{Pauck, Felix and Bodden, Eric and Wehrheim, Heike}}, booktitle = {{arXiv:1804.02903}}, title = {{{Do Android Taint Analysis Tools Keep their Promises?}}}, year = {{2018}}, } @inproceedings{20530, author = {{Bodden, Eric and Nguyen Quang Do, Lisa}}, booktitle = {{Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, {SE} 2018, 5.-9. M{\"{a}}rz 2018, Ulm, Germany.}}, isbn = {{978-3-88579-673-2}}, pages = {{205--208}}, title = {{{Explainable Static Analysis}}}, year = {{2018}}, } @article{20543, author = {{Nguyen Quang Do, Lisa and Krüger, Stefan and Hill, Patrick and Ali, Karim and Bodden, Eric}}, issn = {{2326-3881}}, journal = {{IEEE Transactions on Software Engineering}}, keywords = {{Debugging, Static analysis, Tools, Computer bugs, Standards, Writing, Encoding, Testing and Debugging, Program analysis, Development tools, Integrated environments, Graphical environments, Usability testing}}, pages = {{1--1}}, title = {{{Debugging Static Analysis}}}, doi = {{10.1109/TSE.2018.2868349}}, year = {{2018}}, } @proceedings{20544, editor = {{Tichy, Matthias and Bodden, Eric and Kuhrmann, Marco and Wagner, Stefan and Steghöfer, Jan-Philipp}}, isbn = {{978-3-88579-673-2}}, publisher = {{Gesellschaft für Informatik}}, title = {{{Software Engineering und Software Management 2018, Fachtagung des GI-Fachbereichs Softwaretechnik, SE 2018, 5.-9. März 2018, Ulm, Germany}}}, volume = {{{P-279}}}, year = {{2018}}, } @proceedings{20545, editor = {{Tip, Frank and Bodden, Eric}}, publisher = {{ACM}}, title = {{{Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, Amsterdam, The Netherlands, July 16-21, 2018}}}, year = {{2018}}, } @inproceedings{20546, author = {{Gerking, Christopher and Schubert, David and Bodden, Eric}}, booktitle = {{Engineering Secure Software and Systems}}, editor = {{Payer, Mathias and Rashid, Awais and Such, Jose M.}}, pages = {{27--43}}, publisher = {{Springer International Publishing}}, title = {{{Model Checking the Information Flow Security of Real-Time Systems}}}, year = {{2018}}, } @inproceedings{20547, author = {{Nguyen Quang Do, Lisa and Bodden, Eric}}, booktitle = {{Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering}}, isbn = {{978-1-4503-5573-5}}, keywords = {{Gamification, Integrated Environments, Program analysis}}, pages = {{714--718}}, publisher = {{ACM}}, title = {{{Gamifying Static Analysis}}}, doi = {{10.1145/3236024.3264830}}, year = {{2018}}, } @inproceedings{20548, author = {{Bodden, Eric}}, booktitle = {{ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2018)}}, isbn = {{978-1-4503-5939-9}}, keywords = {{ATTRACT, ITSECWEBSITE}}, pages = {{85--93}}, publisher = {{ACM}}, title = {{{The Secret Sauce in Efficient and Precise Static Analysis: The Beauty of Distributive, Summary-based Static Analyses (and How to Master Them)}}}, doi = {{10.1145/3236454.3236500}}, year = {{2018}}, } @inproceedings{20549, author = {{Geismann, Johannes and Gerking, Christopher and Bodden, Eric}}, booktitle = {{International Conference on Software and System Processes (ICSSP)}}, keywords = {{ITSECWEBSITE}}, title = {{{Towards Ensuring Security by Design in Cyber-Physical Systems Engineering Processes}}}, year = {{2018}}, } @inproceedings{20550, author = {{Bodden, Eric}}, booktitle = {{Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results}}, isbn = {{978-1-4503-5662-6}}, keywords = {{ATTRACT, ITSECWEBSITE}}, pages = {{45--48}}, publisher = {{ACM}}, title = {{{Self-adaptive Static Analysis}}}, doi = {{10.1145/3183399.3183401}}, year = {{2018}}, } @inproceedings{20551, author = {{Nguyen Quang Do, Lisa and Krüger, Stefan and Hill, Patrick and Ali, Karim and Bodden, Eric}}, booktitle = {{International Conference for Software Engineering (ICSE), Tool Demonstrations Track}}, keywords = {{ATTRACT, ITSECWEBSITE}}, title = {{{VISUFLOW, a Debugging Environment for Static Analyses}}}, year = {{2018}}, } @phdthesis{20779, abstract = {{Der hohe Grad an Innovation in mechatronischen Systemen führt zu sogenannten Cyber-Physical Systems (CPS). Diese haben eine komplexe Funktionalität und Kommunikation. Wie sicherheitskritisch solche Systeme sind, wird durch sogenannte Sicherheits-Integritätslevel (SIL) kategorisiert, die durch Normen wie der ISO 26262 definiert werden. Ein bestimmter SIL beschreibt nicht nur die Höhe des Gefährdungsrisikos, sondern diktiert auch den erforderlichen Grad an Sorgfalt bei der Entwicklung des Systems. Ein hoher SIL erfordert die Anwendung von Safety-Maßnahmen mit einem hohen Sorgfaltsgrad in allen Phasen der Entwicklung und impliziert daher einen hohen Safety-Aufwand. SIL-Tailoring ist ein Mittel um den Safety-Aufwand zu reduzieren, indem man Subsystemen geringere SILs zuordnet, falls sie von kritischeren Subsystemen getrennt sind oder redundante Safety-Anforderungen erfüllen. Um den nötigen Safety-Aufwand zu planen, sollten Möglichkeiten für SIL-Tailoring so früh wie möglich identifiziert werden - d.h. bereits in der Anforderungsanalyse. Durch die Komplexität von CPS, ist es schwierig valide SIL-Tailorings zu finden. Die Validität von SIL-Tailorings muss durch Analyse von Fehlerpropagierungspfaden geprüft und durch Argumente im Safety Case begründet werden. Der Beitrag dieser Dissertation ist ein systematischer, tool-unterstützter SIL-Tailoring-Prozess, der im Safety Requirements Engineering angewendet wird. Der Prozess nutzt eine modell-basierte, formale Anforderungsspezifikation und stellt einen Katalog von Anforderungsmustern bereit. Basierend auf diesen Anforderungen werden Fehlerpropagierungsmodelle generiert und Subsystemen automatisch SILs zugeordnet. Das minimiert den Sicherheitsanalyseaufwand. Aus den generierten Ergebnissen wird automatisch ein Safety Case mit Argumenten für die SIL-Tailoring-Validität abgeleitet.}}, author = {{Fockel, Markus}}, publisher = {{Fakultät für Elektrotechnik, Informatik und Mathematik, Universität Paderborn}}, title = {{{Safety Requirements Engineering for Early SIL Tailoring}}}, doi = {{10.17619/UNIPB/1-490}}, year = {{2018}}, } @inproceedings{20781, author = {{Gerking, Christopher and Schubert, David}}, booktitle = {{European Conference on Software Architecture (ECSA 2018)}}, number = {{11048}}, pages = {{147--155}}, publisher = {{Springer}}, title = {{{Towards Preserving Information Flow Security on Architectural Composition of Cyber-Physical Systems}}}, doi = {{10.1007/978-3-030-00761-4_10}}, year = {{2018}}, } @inproceedings{20784, author = {{Geismann, Johannes}}, booktitle = {{IEEE International Conference on Software Architecture Companion (ICSA-C 2018) }}, pages = {{41--42}}, publisher = {{IEEE}}, title = {{{Traceable Threat Modeling for Safety-critical Systems}}}, doi = {{10.1109/ICSA-C.2018.00017}}, year = {{2018}}, } @inproceedings{20785, abstract = {{Cyber-physical Systems are distributed, embedded systems that interact with their physical environment. Typically, these systems consist of several Electronic Control Units using multiple processing cores for the execution. Many systems are applied in safety-critical contexts and have to fulfill hard real-time requirements. The model-driven engineering paradigm enables system developers to consider all requirements in a systematical manner. In the software design phase, they prove the fulfillment of the requirements using model checking. When deploying the software to the executing platform, one important task is to ensure that the runtime scheduling does not violate the verified requirements by neglecting the model checking assumptions. Current model-driven approaches do not consider the problem of deriving feasible execution schedules for embedded multi-core platforms respecting hard real-time requirements. This paper extends the previous work on providing an approach for a semi-automatic synthesis of behavioral models into a deterministic real-time scheduling. We add an approach for the partitioning and mapping development tasks. This extended approach enables the utilization of parallel resources within a single ECU considering the verification assumptions by extending the open tool platform App4mc. We evaluate our approach using an example of a distributed automotive system with hard real-time requirements specified with the MechatronicUML method. }}, author = {{Geismann, Johannes and Höttger, Robert and Krawczyk, Lukas and Pohlmann, Uwe and Schmelter, David}}, booktitle = {{Model-Driven Engineering and Software Development}}, editor = {{Pires, Luís Ferreira and Hammoudi, Slimane and Selic, Bran}}, pages = {{72--93}}, publisher = {{Springer International Publishing}}, title = {{{Automated Synthesis of a Real-Time Scheduling for Cyber-Physical Multi-core Systems}}}, doi = {{10.1007/978-3-319-94764-8_4}}, volume = {{1}}, year = {{2018}}, } @phdthesis{20789, author = {{Pohlmann, Uwe}}, publisher = {{Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik}}, title = {{{A Model-driven Software Construction Approach for Cyber-physical Systems}}}, year = {{2018}}, } @inproceedings{4999, author = {{Pauck, Felix and Bodden, Eric and Wehrheim, Heike}}, booktitle = {{Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering - ESEC/FSE 2018}}, isbn = {{9781450355735}}, publisher = {{ACM Press}}, title = {{{Do Android taint analysis tools keep their promises?}}}, doi = {{10.1145/3236024.3236029}}, year = {{2018}}, } @inproceedings{5203, author = {{Krüger, Stefan and Späth, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira}}, booktitle = {{European Conference on Object-Oriented Programming (ECOOP)}}, keywords = {{ITSECWEBSITE, CROSSING}}, pages = {{10:1--10:27}}, title = {{{CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs}}}, year = {{2018}}, } @misc{1044, author = {{Leer, Richard}}, publisher = {{Universität Paderborn}}, title = {{{Measuring Performance of a Static Analysis Framework with an application to Immutability Analysis}}}, year = {{2018}}, } @misc{1045, author = {{Strüwer, Jan Niclas}}, publisher = {{Universität Paderborn}}, title = {{{Interactive Data Visualization for Exploded Supergraphs}}}, year = {{2018}}, } @inbook{20552, abstract = {{Das Zukunftsszenario der Industrie 4.0 ist gepr{\"a}gt durch einen massiven Anstieg der unternehmens{\"u}bergreifenden Vernetzung. Um einer Bedrohung durch unautorisierte Weitergabe oder Sabotage vertraulicher Daten entgegenzuwirken, muss der Informationssicherheit bereits im Entwurf der cyber-physischen Produktionssysteme ein hoher Stellenwert einger{\"a}umt werden. Dieses Paradigma wird als Security by Design bezeichnet. {\"U}ber den gesamten Entstehungsprozess hinweg muss nachverfolgt werden k{\"o}nnen, ob die Systeme spezifische Anforderungen an die Informationssicherheit erf{\"u}llen und damit die Eigenschaft der Industrial Security gew{\"a}hrleisten. Dieser Beitrag stellt einen Entwurfsansatz zur Nachverfolgung der Informationssicherheit vor, der durch Integration softwaretechnischer Methoden in das Systems Engineering eine Entwicklung nach dem Paradigma Security by Design erm{\"o}glicht.}}, author = {{Gerking, Christopher and Bodden, Eric and Schäfer, Wilhelm}}, booktitle = {{Handbuch Gestaltung digitaler und vernetzter Arbeitswelten}}, editor = {{Maier, Günter W. and Engels, Gregor and Steffen, Eckhard}}, isbn = {{978-3-662-52903-4}}, keywords = {{ITSECWEBSITE}}, pages = {{1--24}}, publisher = {{Springer Berlin Heidelberg}}, title = {{{Industrial Security by Design}}}, doi = {{10.1007/978-3-662-52903-4_8-1}}, year = {{2017}}, } @article{20553, abstract = {{Finding and fixing software vulnerabilities have become a major struggle for most software development companies. While generally without alternative, such fixing efforts are a major cost factor, which is why companies have a vital interest in focusing their secure software development activities such that they obtain an optimal return on this investment. We investigate, in this paper, quantitatively the major factors that impact the time it takes to fix a given security issue based on data collected automatically within SAP's secure development process, and we show how the issue fix time could be used to monitor the fixing process. We use three machine learning methods and evaluate their predictive power in predicting the time to fix issues. Interestingly, the models indicate that vulnerability type has less dominant impact on issue fix time than previously believed. The time it takes to fix an issue instead seems much more related to the component in which the potential vulnerability resides, the project related to the issue, the development groups that address the issue, and the closeness of the software release date. This indicates that the software structure, the fixing processes, and the development groups are the dominant factors that impact the time spent to address security issues. SAP can use the models to implement a continuous improvement of its secure software development process and to measure the impact of individual improvements. The development teams at SAP develop different types of software, adopt different internal development processes, use different programming languages and platforms, and are located in different cities and countries. Other organizations, may use the results---with precaution---and be learning organizations.}}, author = {{Ben Othmane, Lotfi and Chehrazi, Golriz and Bodden, Eric and Tsalovski, Petar and Brucker, Achim D.}}, issn = {{2364-1541}}, journal = {{Data Science and Engineering}}, number = {{2}}, pages = {{107--124}}, title = {{{Time for Addressing Software Security Issues: Prediction Models and Impacting Factors}}}, doi = {{https://doi.org/10.1007/s41019-016-0019-8}}, volume = {{2}}, year = {{2017}}, } @techreport{20554, author = {{Bodden, Eric}}, title = {{{Self-adaptive static analysis}}}, year = {{2017}}, } @techreport{20555, author = {{Krüger, Stefan and Späth, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira}}, keywords = {{ITSECWEBSITE}}, pages = {{arXiv:1710.00564}}, title = {{{CrySL: Validating Correct Usage of Cryptographic APIs}}}, year = {{2017}}, } @article{20557, author = {{Lillack, Max and Kästner, Christian and Bodden, Eric}}, issn = {{0098-5589}}, journal = {{IEEE Transactions on Software Engineering}}, keywords = {{Androids, Bluetooth, Humanoid robots, Java, Software, Tools, Configuration options, Static analysis, Variability mining}}, number = {{99}}, pages = {{1--1}}, title = {{{Tracking Load-time Configuration Options}}}, doi = {{10.1109/TSE.2017.2756048}}, volume = {{PP}}, year = {{2017}}, } @inproceedings{20558, author = {{Krüger, Stefan and Nadi, Sarah and Reif, Michael and Ali, Karim and Mezini, Mira and Bodden, Eric and Göpfert, Florian and Günther, Felix and Weinert, Christian and Demmler, Daniel and Kamath, Ram}}, booktitle = {{International Conference on Automated Software Engineering (ASE 2017), Tool Demo Track}}, keywords = {{ITSECWEBSITE, CROSSING}}, title = {{{CogniCrypt: Supporting Developers in using Cryptography}}}, year = {{2017}}, } @inproceedings{20559, author = {{Do, Lisa Nguyen Quang and Ali, Karim and Livshits, Benjamin and Bodden, Eric and Smith, Justin and Murphy-Hill, Emerson}}, booktitle = {{Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis}}, isbn = {{978-1-4503-5076-1}}, keywords = {{Just-in-Time, Layered analysis, Static analysis}}, pages = {{307--317}}, publisher = {{ACM}}, title = {{{Just-in-time Static Analysis}}}, doi = {{10.1145/3092703.3092705}}, year = {{2017}}, } @inproceedings{20715, author = {{Nguyen Quang Do, Lisa and Ali, Karim and Livshits, Benjamin and Bodden, Eric and Smith, Justin and Murphy-Hill, Emerson}}, booktitle = {{International Conference for Software Engineering (ICSE), Tool Demonstrations Track}}, keywords = {{ATTRACT, ITSECWEBSITE}}, title = {{{Cheetah: Just-in-Time Taint Analysis for Android Apps}}}, year = {{2017}}, } @inproceedings{20792, author = {{Schivo, Stefano and Yildiz., Bugra M. and Ruijters, Enno and Gerking, Christopher and Kumar, Rajesh and Dziwok, Stefan and Rensink, Arend and Stoelinga, Mariëlle}}, booktitle = {{Dependable Software Engineering, 3rd International Symposium (SETTA 2017)}}, editor = {{Larsen, Kim G. and Sokolsky, Oleg and Wang, Ji}}, number = {{10606}}, pages = {{319--336}}, publisher = {{Springer}}, title = {{{How to Efficiently Build a Front-End Tool for UPPAAL: A Model-Driven Approach}}}, doi = {{10.1007/978-3-319-69483-2_19}}, year = {{2017}}, } @phdthesis{20794, abstract = {{Cyber-physische Systeme (CPSs) sind die nächste Generation von eingebetteten Systemen, die fortwährend ihre Zusammenarbeit koordinieren, um anspruchsvolle Funktionen zu erfüllen. Die Koordination zwischen ihnen kann in Software mittels asynchroner Nachrichtenkommunikation realisiert werden. Um die funktionale Korrektheit der Software zu gewährleisten, ist aufgrund der Kritikalität dieser Systeme eine formale Verifikation wie z.B. Model Checking notwendig. Die Eingabesprache eines Model Checkers unterstützt jedoch domänenspezifische Aspekte wie asynchrone Kommunikation nicht direkt, wodurch diese vom Softwareingenieur mittels zahlreicher Modellelemente spezifiziert werden müssen. Dies ist hochgradig komplex und somit fehleranfällig. Im Rahmen dieser Arbeit wird eine modellgetriebene Methode zur domänenspezifischen Spezifikation und vollautomatischen Verifikation der nachrichtenbasierten Koordination von CPSs präsentiert. Mit Hilfe dieser Methode kann der Softwareingenieur die Koordination kompakt modellieren und muss nicht länger verstehen, wie seine Spezifikation auf der Ebene des Model Checkers ausgedrückt wird. Insgesamt wird die Komplexität für den Softwareingenieur somit deutlich handhabbarer. Bezüglich der Spezifikation einer solchen Koordination definiert die Arbeit eine domänenspezifische Sprache namens Real-Time Coordination Protocols (RTCPs). Darüber hinaus wird eine domänenspezifische Sprache zur Spezifikation von Verifikationseigenschaften eingeführt und Entwurfsmuster für RTCPs präsentiert, um die Anzahl der Modellierungsfehler zu senken.}}, author = {{Dziwok, Stefan}}, publisher = {{Paderborn University}}, title = {{{Specification and Verification for Real-Time Coordination Protocols of Cyber-physical Systems}}}, year = {{2017}}, } @inproceedings{20797, author = {{Gerking, Christopher and Schubert, David and Budde, Ingo}}, booktitle = {{Theory and Practice of Model Transformation, 10th International Conference (ICMT 2017)}}, editor = {{Guerra, Esther and van den Brand, Mark}}, number = {{10374}}, pages = {{19--34}}, publisher = {{Springer}}, title = {{{Reducing the Verbosity of Imperative Model Refinements by using General-Purpose Language Facilities}}}, year = {{2017}}, } @inproceedings{20804, abstract = {{Modern Cyber-physical Systems are executed in physical environments and distributed over several Electronic Control Units using multiple cores for execution. These systems perform safety-critical tasks and, therefore, have to fulfill hard real-time requirements. To face these requirements systematically, system engineers de- velop these systems model-driven and prove the fulfillment of these requirements via model checking. It is important to ensure that the runtime scheduling does not violate the verified requirements by neglecting the model checking assumptions. Currently, there is a gap in the process for model-driven approaches to derive a feasible runtime scheduling that respects these assumptions. In this paper, we present an approach for a semi- automatic synthesis of behavioral models into a deterministic scheduling that respects real-time requirements at runtime. We evaluate our approach using an example of a distributed automotive system with hard real-time requirements specified with the MechatronicUML method.}}, author = {{Geismann, Johannes and Pohlmann, Uwe and Schmelter, David}}, booktitle = {{Proceedings of the 5th International Conference on Model-Driven Engineering and Software Development}}, title = {{{Towards an Automated Synthesis of a Real-time Scheduling for Cyber-physical Multi-core Systems}}}, year = {{2017}}, } @phdthesis{20805, author = {{Becker, Matthias}}, publisher = {{Universität Paderborn, Heinz Nixdorf Institut, Softwaretechnik}}, title = {{{Engineering Self-Adaptive Systems with Simulation-Based Performance Prediction}}}, year = {{2017}}, } @inproceedings{5204, author = {{Späth, Johannes and Ali, Karim and Bodden, Eric}}, booktitle = {{2017 International Conference on Object-Oriented Programming, Languages and Applications (OOPSLA/SPLASH)}}, keywords = {{ATTRACT, ITSECWEBSITE, CROSSING}}, publisher = {{ACM Press}}, title = {{{IDEal: Efficient and Precise Alias-aware Dataflow Analysis}}}, year = {{2017}}, } @article{5209, author = {{Fischer, Andreas and Fuhry, Benny and Kerschbaum, Florian and Bodden, Eric}}, journal = {{CoRR}}, title = {{{Computation on Encrypted Data using Data Flow Authentication}}}, volume = {{abs/1710.00390}}, year = {{2017}}, } @phdthesis{102, author = {{Becker, Matthias}}, publisher = {{Universität Paderborn}}, title = {{{Engineering Self-Adaptive Systems with Simulation-Based Performence Prediction}}}, doi = {{10.17619/UNIPB/1-133}}, year = {{2017}}, } @phdthesis{195, author = {{Platenius, Marie Christin}}, publisher = {{Universität Paderborn}}, title = {{{Fuzzy Matching of Comprehensive Service Specifications}}}, year = {{2016}}, } @techreport{198, author = {{Jazayeri, Bahar and Platenius, Marie Christin and Engels, Gregor and Kundisch, Dennis}}, publisher = {{Universität Paderborn}}, title = {{{Features of IT Service Markets: A Systematic Literature Review (Supplementary Material)}}}, year = {{2016}}, } @inproceedings{199, abstract = {{The provision of IT solutions over electronic marketplaces became prominent in recent years. We call such marketplaces IT service markets. IT service markets have some core architectural building blocks that impact the quality attributes of these markets. However, these building blocks and their impacts are not well-known. Thus, design choices for IT service markets have been made ad-hoc until now. Furthermore, only single aspects of such markets have been investigated until now, but a comprehensive view is missing.In this paper, we identify common features and their interrelations on the basis of a systematic literature review of 60 publications using grounded theory.This knowledge provides an empirical evidence on the interdisciplinary design choices of IT service markets and it serves as a basis to support market providers and developers to integrate market features. Thereby, we make a first step towards the creation of a reference model for IT service markets that provides a holistic integrated view that can be used to create and maintain successful markets in the future.}}, author = {{Jazayeri, Bahar and Platenius, Marie and Engels, Gregor and Kundisch, Dennis}}, booktitle = {{Proceedings of the 14th International Conference on Service Oriented Computing (ICSOC)}}, pages = {{301--316}}, publisher = {{Springer}}, title = {{{Features of IT Service Markets: A Systematic Literature Review}}}, doi = {{10.1007/978-3-319-46295-0_19}}, volume = {{9936}}, year = {{2016}}, } @inproceedings{20556, author = {{Bodden, Eric and I Pun, Ka and Steffen, Martin and Stolz, Volker and Wickert, Anna-Katharina}}, booktitle = {{Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques - 7th International Symposium, ISoLA 2016, Imperial, Corfu, Greece, October 10-14, 2016, Proceedings, Part {I}}}, pages = {{431--445}}, title = {{{Information Flow Analysis for Go}}}, doi = {{10.1007/978-3-319-47166-2_30}}, year = {{2016}}, } @inproceedings{20716, author = {{Bodden, Eric and Eichberg, Michael and I Pun, Ka and Steffen, Martin and Stolz, Volker and Wickert, Anna-Katharina}}, booktitle = {{Nordic Workshop on Programming Theory (NWPT'16)}}, title = {{{Don't let data Go astray---A Context-Sensitive Taint Analysis for Concurrent Programs in Go}}}, year = {{2016}}, } @techreport{20717, author = {{Nguyen Quang Do, Lisa and Ali, Karim and Livshits, Benjamin and Bodden, Eric and Smith, Justin and Murphy-Hill, Emerson}}, keywords = {{ATTRACT, ITSECWEBSITE}}, title = {{{Just-in-Time Static Analysis}}}, doi = {{http://dx.doi.org/10.7939/DVN/10859}}, year = {{2016}}, }