@techreport{198, author = {{Jazayeri, Bahar and Platenius, Marie Christin and Engels, Gregor and Kundisch, Dennis}}, publisher = {{Universität Paderborn}}, title = {{{Features of IT Service Markets: A Systematic Literature Review (Supplementary Material)}}}, year = {{2016}}, } @inproceedings{199, abstract = {{The provision of IT solutions over electronic marketplaces became prominent in recent years. We call such marketplaces IT service markets. IT service markets have some core architectural building blocks that impact the quality attributes of these markets. However, these building blocks and their impacts are not well-known. Thus, design choices for IT service markets have been made ad-hoc until now. Furthermore, only single aspects of such markets have been investigated until now, but a comprehensive view is missing.In this paper, we identify common features and their interrelations on the basis of a systematic literature review of 60 publications using grounded theory.This knowledge provides an empirical evidence on the interdisciplinary design choices of IT service markets and it serves as a basis to support market providers and developers to integrate market features. Thereby, we make a first step towards the creation of a reference model for IT service markets that provides a holistic integrated view that can be used to create and maintain successful markets in the future.}}, author = {{Jazayeri, Bahar and Platenius, Marie and Engels, Gregor and Kundisch, Dennis}}, booktitle = {{Proceedings of the 14th International Conference on Service Oriented Computing (ICSOC)}}, pages = {{301--316}}, publisher = {{Springer}}, title = {{{Features of IT Service Markets: A Systematic Literature Review}}}, doi = {{10.1007/978-3-319-46295-0_19}}, volume = {{9936}}, year = {{2016}}, } @inproceedings{20556, author = {{Bodden, Eric and I Pun, Ka and Steffen, Martin and Stolz, Volker and Wickert, Anna-Katharina}}, booktitle = {{Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques - 7th International Symposium, ISoLA 2016, Imperial, Corfu, Greece, October 10-14, 2016, Proceedings, Part {I}}}, pages = {{431--445}}, title = {{{Information Flow Analysis for Go}}}, doi = {{10.1007/978-3-319-47166-2_30}}, year = {{2016}}, } @inproceedings{20716, author = {{Bodden, Eric and Eichberg, Michael and I Pun, Ka and Steffen, Martin and Stolz, Volker and Wickert, Anna-Katharina}}, booktitle = {{Nordic Workshop on Programming Theory (NWPT'16)}}, title = {{{Don't let data Go astray---A Context-Sensitive Taint Analysis for Concurrent Programs in Go}}}, year = {{2016}}, } @techreport{20717, author = {{Nguyen Quang Do, Lisa and Ali, Karim and Livshits, Benjamin and Bodden, Eric and Smith, Justin and Murphy-Hill, Emerson}}, keywords = {{ATTRACT, ITSECWEBSITE}}, title = {{{Just-in-Time Static Analysis}}}, doi = {{http://dx.doi.org/10.7939/DVN/10859}}, year = {{2016}}, } @article{20718, author = {{Rasthofer, Siegfried and Arzt, Steven and Bodden, Eric and Miltenberger, Marc}}, journal = {{Datenschutz und Datensicherheit}}, keywords = {{ATTRACT, ITSECWEBSITE}}, pages = {{718--722}}, title = {{{Harvester - Vollautomatische Extraktion von Laufzeitwerten aus obfuskierten Android-Applikationen}}}, doi = {{https://www.springerprofessional.de/en/datenschutz-und-datensicherheit-dud-11-2016/10866536}}, year = {{2016}}, } @inproceedings{20719, author = {{Holzinger, Philipp and Triller, Stefan and Bartel, Alexandre and Bodden, Eric}}, booktitle = {{Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security}}, isbn = {{978-1-4503-4139-4}}, keywords = {{ATTRACT, access control, exploits, java security, security analysis, ITSECWEBSITE}}, pages = {{779--790}}, title = {{{An In-Depth Study of More Than Ten Years of Java Exploitation}}}, doi = {{http://doi.acm.org/10.1145/2976749.2978361}}, year = {{2016}}, } @inproceedings{20720, author = {{Follner, Andreas and Bartel, Alexandre and Peng, Hui and Chang, Yu-Chen and Ispoglou, Kyriakos and Payer, Mathias and Bodden, Eric}}, booktitle = {{International Workshop on Security and Trust Management (STM)}}, pages = {{212--228}}, title = {{{PSHAPE: Automatically Combining Gadgets for Arbitrary Method Execution}}}, year = {{2016}}, } @inproceedings{20721, author = {{Nguyen Quang Do, Lisa and Eichberg, Michael and Bodden, Eric}}, booktitle = {{Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis}}, keywords = {{ATTRACT}}, pages = {{13--17}}, title = {{{Toward an Automated Benchmark Management System}}}, year = {{2016}}, } @inproceedings{20722, author = {{Arzt, Steven and Kussmaul, Tobias and Bodden, Eric}}, booktitle = {{Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis}}, pages = {{1--6}}, title = {{{Towards Cross-Platform Cross-Language Analysis with Soot}}}, year = {{2016}}, } @article{20724, author = {{Follner, Andreas and Bodden, Eric}}, issn = {{2214-2126}}, journal = {{Journal of Information Security and Applications }}, pages = {{16--26}}, title = {{{ROPocop — Dynamic mitigation of code-reuse attacks}}}, doi = {{http://dx.doi.org/10.1016/j.jisa.2016.01.002}}, volume = {{29}}, year = {{2016}}, } @inproceedings{20725, author = {{Follner, Andreas and Bartel, Alexandre and Bodden, Eric}}, booktitle = {{International Symposium on Engineering Secure Software and Systems (ESSoS)}}, title = {{{Analyzing the Gadgets - Towards a Metric to Measure Gadget Quality}}}, year = {{2016}}, } @inproceedings{20726, author = {{Falzon, Kevin and Bodden, Eric}}, booktitle = {{Principles of Security and Trust: 5th International Conference, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016, Eindhoven, The Netherlands, April 2--8, 2016, Proceedings}}, editor = {{Piessens, Frank and Vigan'o, Luca}}, isbn = {{978-3-662-49635-0}}, pages = {{116--138}}, publisher = {{Springer Berlin Heidelberg}}, title = {{{Towards a Comprehensive Model of Isolation for Mitigating Illicit Channels}}}, doi = {{10.1007/978-3-662-49635-0_7}}, year = {{2016}}, } @inproceedings{20727, author = {{Rasthofer, Siegfried and Arzt, Steven and Miltenberger, Marc and Bodden, Eric}}, booktitle = {{Network and Distributed System Security Symposium (NDSS)}}, keywords = {{ATTRACT, ITSECWEBSITE}}, title = {{{Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques}}}, year = {{2016}}, } @inproceedings{20728, author = {{Nadi, Sarah and Krüger, Stefan and Mezini, Mira and Bodden, Eric}}, booktitle = {{International Conference for Software Engineering (ICSE)}}, keywords = {{CROSSING, ITSECWEBSITE}}, pages = {{935--946}}, title = {{{Jumping Through Hoops: Why do Java Developers Struggle With Cryptography APIs?}}}, year = {{2016}}, } @inproceedings{20729, author = {{Arzt, Steven and Bodden, Eric}}, booktitle = {{International Conference for Software Engineering (ICSE)}}, keywords = {{ITSECWEBSITE}}, title = {{{StubDroid: Automatic Inference of Precise Data-flow Summaries for the Android Framework}}}, year = {{2016}}, } @inproceedings{20730, author = {{Eling, N. and Rasthofer, S. and Kolhagen, M. and Bodden, Eric and Buxmann, P.}}, booktitle = {{2016 49th Hawaii International Conference on System Sciences (HICSS)}}, issn = {{1530-1605}}, pages = {{3666--3675}}, title = {{{Investigating Users' Reaction to Fine-Grained Data Requests: A Market Experiment}}}, doi = {{10.1109/HICSS.2016.458}}, year = {{2016}}, } @techreport{20822, abstract = {{Several examples of mechatronic systems can be found nowadays in modern cars, production systems, and medical technology. Day by day, the number of innovative functionalities in such mechatronic systems is increasing. These functionalities are realized with complex software. Such software exhibits hard real-time, safety requirements. The adherence to these requirements must be thoroughly analyzed and verified. Moreover, to obtain a significant increment in the reliability, performance, and efficiency of such software, it needs to maintain the self-adaptation of its properties. In order to develop such systems with a high quality and within a short time, we need a systematic and consistent design method. For this purpose, the software engineering group at the University of Paderborn and the Fraunhofer IEM in Paderborn propose the MechatronicUML method. This method provides a comprehensive model-driven process support, that starts from requirements and reaches the executable software after passing through several design and analysis steps. This process improves the comprehension during development and makes complex systems manageable. MechatronicUML emphasizes mainly on: (1) modeling and (formal) verification of reconfigurable software architectures, (2) the coordination among system components in such architectures, and (3) the integration of discrete software events with the continuous behavior of control devices.}}, author = {{Dziwok, Stefan and Pohlmann, Uwe and Piskachev, Goran and Schubert, David and Thiele, Sebastian and Gerking, Christopher}}, title = {{{The MechatronicUML Design Method: Process and Language for Platform-Independent Modeling}}}, year = {{2016}}, } @techreport{20823, abstract = {{In this technical report, we present the MechatronicUML requirements engineering method. The method encompasses a process and a scenario-based modeling language for the documentation and analysis of requirements on the message-based interaction behavior of software-intensive systems. The modeling language uses a scenario notation based on Modal Sequence Diagrams (MSDs), which borrows concepts of UML Interactions as well as of Live Sequence Charts. Furthermore, we introduce the so-called Emergency Braking & Evasion System (EBEAS) as a running example, which is based on current and upcoming real-world driver assistance systems. }}, author = {{Holtmann, Jörg and Fockel, Markus and Koch, Thorsten and Schmelter, David and Brenner, Christian and Bernijazov, Ruslan and Sander, Marcel}}, title = {{{The MechatronicUML Requirements Engineering Method: Process and Language}}}, doi = {{10.13140/RG.2.2.33223.29606}}, year = {{2016}}, } @inproceedings{20825, abstract = {{Das Systemmodell ist der Kern des Model-Based Systems Engineering (MBSE). Während jedoch im Systems Engineering dem Zusammenspiel von Produkt und Projekt ein hoher Stellenwert beigemessen wird, liegt der Fokus im MBSE noch sehr stark auf technischen Prozessen. Im Hinblick auf die Idee des Systemmodells als zentrale Datenquelle sollten auch Stakeholder jenseits der direkten Entwicklungsaktivitäten das Systemmodell entsprechend nutzen können und davon profitieren. Dazu wird ein Demonstrator vorgestellt, welcher die Anwendung einer Komplexitätsanalyse auf Basis des Systemmodells mechatronischer Systeme stellvertretend für Methoden in Sinne der technischen Managementprozesse der ISO/IEC 15288 aufzeigt. Grundlage des Demonstrators bildet das Systemmodell eines Pedelecs. Die darin modellierten Strukturen dienen als Input für die Komplexitätsanalyse. Über die automatisierte Anwendung der Komplexitätsanalyse ergibt sich als Output ein Portfolio, das die Komplexität der funktionserfüllenden Komponenten mit der Bewertung der Funktionalität in Beziehung setzt und somit eine Beurteilung und entsprechende Handlungsempfehlungen der Komponenten ermöglicht.}}, author = {{Greinert, Matthias and Tschirner, Christian and Holtmann, Jörg}}, booktitle = {{Tag des Systems Engineering 2016}}, pages = {{77--86}}, publisher = {{Gesellschaft f{\"u}r Systems Engineering e.V.}}, title = {{{Anwendung von Methoden der Produktentstehung auf Basis des Systemmodells mechatronischer Systeme}}}, doi = {{10.3139/9783446451414.008}}, year = {{2016}}, }