@inproceedings{53811, abstract = {{Persistent security challenges plague DevOps teams due to a deficiency in expertise regarding security tools and methods, as evidenced by frequent security incidents. Existing maturity models fail to adequately address the specific needs of DevOps teams. In response, this paper proposes "Security Belts," a novel maturity model inspired by martial arts ranking systems. This model aims to assist DevOps teams in enhancing their security capabilities by providing a structured approach, starting with fundamental activities and progressing to more advanced techniques. Drawing from the experiences of monitoring 21 teams, the paper presents lessons learned and offers actionable advice for refining maturity models tailored to software quality improvement.}}, author = {{Taaibi, Samira and Dziwok, Stefan and Hermerschmidt, Lars and Koch, Thorsten and Merschjohann, Sven and Vollmary, Mark}}, keywords = {{Software security, maturity model}}, location = {{Salt Lake City}}, title = {{{Security Belts: A Maturity Model for DevOps Teams to Increase the Software Security of their Product - An Experience Report}}}, year = {{2024}}, } @inproceedings{29844, author = {{Koch, Thorsten and Trippel, Sascha and Dziwok, Stefan and Bodden, Eric}}, booktitle = {{Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development}}, publisher = {{SCITEPRESS - Science and Technology Publications}}, title = {{{Integrating Security Protocols in Scenario-based Requirements Specifications}}}, doi = {{10.5220/0010783300003119}}, year = {{2022}}, } @inproceedings{33837, author = {{Piskachev, Goran and Dziwok, Stefan and Koch, Thorsten and Merschjohann, Sven and Bodden, Eric}}, title = {{{How far are German companies in improving security through static program analysis tools?}}}, year = {{2022}}, } @unpublished{23534, abstract = {{In recent years, the World Economic Forum has identified software security as the most significant technological risk to the world's population, as software-intensive systems process critical data and provide critical services. This raises the question of the extent to which German companies are addressing software security in developing and operating their software products. This paper reports on the results of an extensive study among developers, product owners, and managers to answer this question. Our results show that ensuring security is a multi-faceted challenge for companies, involving low awareness, inaccurate self-assessment, and a lack of competence on the topic of secure software development among all stakeholders. The current situation in software development is therefore detrimental to the security of software products in the medium and long term.}}, author = {{Dziwok, Stefan and Koch, Thorsten and Merschjohann, Sven and Budweg, Boris and Leuer, Sebastian}}, booktitle = {{arXiv:2108.11752}}, title = {{{AppSecure.nrw Software Security Study}}}, year = {{2021}}, } @inproceedings{20518, author = {{Koch, Thorsten and Dziwok, Stefan and Holtmann, Jörg and Bodden, Eric}}, booktitle = {{ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20)}}, publisher = {{ACM}}, title = {{{Scenario-based Specification of Security Protocols and Transformation to Security Model Checkers}}}, doi = {{10.1145/3365438.3410946}}, year = {{2020}}, } @inproceedings{20347, author = {{Pasic, Faruk and Wohlers, Benedict and Dziwok, Stefan and Becker, Matthias and Heinrich, Matthias}}, booktitle = {{2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA)}}, pages = {{1469--1472}}, title = {{{A KPI-based Condition Monitoring System for the Beer Brewing Process}}}, year = {{2019}}, } @inproceedings{20757, author = {{Fazal-Baqaie, Masud and Strüwer, Jan-Niclas and Schmelter, David and Dziwok, Stefan}}, booktitle = {{Projektmanagement und Vorgehensmodelle 2019 (PVM 2019)}}, editor = {{Mikusz, Martin}}, publisher = {{Lecture Notes in Informatics (LNI)}}, title = {{{Coaching on the Job bei Unternehmen des Maschinen- und Anlagenbaus - Wissenslücken schließen zur Weiterpflege modernisierter IT-Anwendungen}}}, year = {{2019}}, } @article{20761, abstract = {{The processes for manufacturing and operating modern technical products require expertise in multiple disciplines like mechanical engineer-ing, electrical engineering, and software engineering. Assessing the current condition and quality of these processes and the machines in-volved is challenging due to the inherent complexity of the products and the required expertise in multiple engineering domains. Globaliza-tion and increasing competition make it necessary to reduce production costs while at the same time ensuring high throughput and product quality. Without the ability to precisely assess the condition and quality of production processes and involved machines, taking action to steer these metrics is nearly impossible and results in unnecessary high production costs. In our previous publications, we introduced the concept of Key Performance Indicators (KPIs) for mechatronic systems as a concept to assess the condition and quality of products and production processes in a graspable yet substantial and efficient way. In this paper, we further refine our KPI concepts und evaluate them for two different use cases: we apply our KPI concept to a manufacturing process in the mechatronic system domain and an operation process in the food production domain. We provide detailed insights in how we applied our concepts within these domains and report about lessons learned. In addition, we provide a business case estimation for our soft-ware solution that assesses the KPIs of our food production domain example.}}, author = {{Wohlers, Benedict and Dziwok, Stefan and Pasic, Faruk and Lipsmeier, Andre and Becker, Matthias}}, journal = {{International Journal of Production Economics}}, title = {{{Monitoring and Control of Production Processes based on Key Performance Indicators for Mechatronic Systems}}}, year = {{2019}}, } @inproceedings{21929, author = {{Altemeier, Katharina and Becker, Matthias and Dziwok, Stefan and Koch, Thorsten and Merschjohann, Sven}}, booktitle = {{Projektmanagement und Vorgehensmodelle 2019 (PVM 2019)}}, editor = {{Mikusz, Martin}}, publisher = {{Gesellschaft für Informatik e.V.}}, title = {{{Was fehlt (bisher) um Apps sicher zu entwickeln? - Prozesse, Werkzeuge und Schulungen für sichere Apps by Design}}}, year = {{2019}}, } @article{20787, author = {{Wohlers, Benedict and Dziwok, Stefan and Schmelter, David and Lorenz, Wadim}}, journal = {{Advances in Manufacturing, Production Management and Process Control - AHFE 2018}}, pages = {{398--410}}, title = {{{Improving Quality Control of Mechatronic Systems Using KPI-Based Statistical Process Control}}}, year = {{2018}}, } @inproceedings{20792, author = {{Schivo, Stefano and Yildiz., Bugra M. and Ruijters, Enno and Gerking, Christopher and Kumar, Rajesh and Dziwok, Stefan and Rensink, Arend and Stoelinga, Mariëlle}}, booktitle = {{Dependable Software Engineering, 3rd International Symposium (SETTA 2017)}}, editor = {{Larsen, Kim G. and Sokolsky, Oleg and Wang, Ji}}, number = {{10606}}, pages = {{319--336}}, publisher = {{Springer}}, title = {{{How to Efficiently Build a Front-End Tool for UPPAAL: A Model-Driven Approach}}}, doi = {{10.1007/978-3-319-69483-2_19}}, year = {{2017}}, } @phdthesis{20794, abstract = {{Cyber-physische Systeme (CPSs) sind die nächste Generation von eingebetteten Systemen, die fortwährend ihre Zusammenarbeit koordinieren, um anspruchsvolle Funktionen zu erfüllen. Die Koordination zwischen ihnen kann in Software mittels asynchroner Nachrichtenkommunikation realisiert werden. Um die funktionale Korrektheit der Software zu gewährleisten, ist aufgrund der Kritikalität dieser Systeme eine formale Verifikation wie z.B. Model Checking notwendig. Die Eingabesprache eines Model Checkers unterstützt jedoch domänenspezifische Aspekte wie asynchrone Kommunikation nicht direkt, wodurch diese vom Softwareingenieur mittels zahlreicher Modellelemente spezifiziert werden müssen. Dies ist hochgradig komplex und somit fehleranfällig. Im Rahmen dieser Arbeit wird eine modellgetriebene Methode zur domänenspezifischen Spezifikation und vollautomatischen Verifikation der nachrichtenbasierten Koordination von CPSs präsentiert. Mit Hilfe dieser Methode kann der Softwareingenieur die Koordination kompakt modellieren und muss nicht länger verstehen, wie seine Spezifikation auf der Ebene des Model Checkers ausgedrückt wird. Insgesamt wird die Komplexität für den Softwareingenieur somit deutlich handhabbarer. Bezüglich der Spezifikation einer solchen Koordination definiert die Arbeit eine domänenspezifische Sprache namens Real-Time Coordination Protocols (RTCPs). Darüber hinaus wird eine domänenspezifische Sprache zur Spezifikation von Verifikationseigenschaften eingeführt und Entwurfsmuster für RTCPs präsentiert, um die Anzahl der Modellierungsfehler zu senken.}}, author = {{Dziwok, Stefan}}, publisher = {{Paderborn University}}, title = {{{Specification and Verification for Real-Time Coordination Protocols of Cyber-physical Systems}}}, year = {{2017}}, } @inproceedings{20796, author = {{Wohlers, Benedict and Dziwok, Stefan and Bremer, Christian and Schmelter, David and Lorenz, Wadim}}, booktitle = {{Proceedings of the 24th International Conference on Production Research (ICPR)}}, publisher = {{DEStech Publications, Inc.}}, title = {{{Improving the Product Control of Mechatronic Systems Using Key Performance Indicators}}}, year = {{2017}}, } @techreport{20822, abstract = {{Several examples of mechatronic systems can be found nowadays in modern cars, production systems, and medical technology. Day by day, the number of innovative functionalities in such mechatronic systems is increasing. These functionalities are realized with complex software. Such software exhibits hard real-time, safety requirements. The adherence to these requirements must be thoroughly analyzed and verified. Moreover, to obtain a significant increment in the reliability, performance, and efficiency of such software, it needs to maintain the self-adaptation of its properties. In order to develop such systems with a high quality and within a short time, we need a systematic and consistent design method. For this purpose, the software engineering group at the University of Paderborn and the Fraunhofer IEM in Paderborn propose the MechatronicUML method. This method provides a comprehensive model-driven process support, that starts from requirements and reaches the executable software after passing through several design and analysis steps. This process improves the comprehension during development and makes complex systems manageable. MechatronicUML emphasizes mainly on: (1) modeling and (formal) verification of reconfigurable software architectures, (2) the coordination among system components in such architectures, and (3) the integration of discrete software events with the continuous behavior of control devices.}}, author = {{Dziwok, Stefan and Pohlmann, Uwe and Piskachev, Goran and Schubert, David and Thiele, Sebastian and Gerking, Christopher}}, title = {{{The MechatronicUML Design Method: Process and Language for Platform-Independent Modeling}}}, year = {{2016}}, } @techreport{20977, author = {{Schäfer, Wilhelm and Dziwok, Stefan and Pohlmann, Uwe and Bobolz, Jan and Czech, Mike and Dann, Andreas Peter and Geismann, Johannes and Hüwe, Marcus and Krieger, Arthur and Piskachev, Goran and Schubert, David and Wohlrab, Rebekka}}, title = {{{Seminar Theses of the Project Group Cybertron}}}, year = {{2015}}, } @techreport{20832, author = {{Schäfer, Wilhelm and Dziwok, Stefan and Pohlmann, Uwe and Bobolz, Jan and Czech, Mike and Dann, Andreas Peter and Geismann, Johannes and Hüwe, Marcus and Krieger, Arthur and Piskachev, Goran and Schubert, David and Wohlrab, Rebekka}}, title = {{{Seminar Theses of the Project Group Cybertron}}}, year = {{2015}}, } @book{28193, abstract = {{Cooperative cyber-physical systems (CCPS) are driven by the tight coordination between computational components, physical sensors and actuators, and the interaction with each other over system bounds. The software development of CCPS is getting more complex because of the tight integration, heterogeneous technologies, as well as safety and timing requirements. Therefore, new engineering approaches, such as model-driven development methods, are required, along with communication architectures with self-* capabilities. Both will support the developer in specifying such a system effectively and efficiently. However, the application of such techniques to the development of CCPS has not been addressed sufficiently so far. This paper presents an experience report of developing a cooperative delta-robot system that juggles a ball without a central control or camera system. For the development, an intelligent network architecture and model-driven development method for CCPS are applied. }}, author = {{Gausemeier, J{\"u}rgen and Tr{\"a}chtler, Ansgar and Sch{\"a}fer, Wilhelm and Anacker, Harald and Bauer, Frank and Borcherding, Holger and Dziwok, Stefan and Frank, Ursula and Herden, Rudolf and Hoppe, Gerd and Just, Viktor and Kiele-Dunsche, Markus and Kruse, Daniel and Oesters{\"o}tebier, Felix and Papenfort, Josef and Pohlmann, Uwe and Reddehase, Hendrik and Rieke, Jan and Schierbaum, Thomas and Seifert, Lars and Stichweh, Heiko and Teichrieb, Heinrich and Wagner, Robert and Wessels, Sebastian}}, publisher = {{Carl Hanser Verlag}}, title = {{{Semantische Technologien im Entwurf mechatronischer Systeme: Effektiver Austausch von L{\"o}sungswissen in Branchenwertsch{\"o}pfungsketten}}}, year = {{2014}}, } @inproceedings{20907, author = {{Becker, Steffen and Dziwok, Stefan and Gerking, Christopher and Heinzemann, Christian and Schäfer, Wilhelm and Meyer, Matthias and Pohlmann, Uwe}}, booktitle = {{Proceedings of the 36th International Conference on Software Engineering (Posters)}}, publisher = {{ACM, New York, NY, USA}}, title = {{{The MechatronicUML Method: Model-Driven Software Engineering of Self-Adaptive Mechatronic Systems}}}, year = {{2014}}, } @inproceedings{20908, author = {{Pohlmann, Uwe and Dziwok, Stefan and Meyer, Matthias and Tichy, Matthias and Thiele, Sebastian}}, booktitle = {{Proceedings of the 7th International ICST Conference on Simulation Tools and Techniques}}, title = {{{A Modelica Coordination Pattern Library for Cyber-Physical Systems}}}, year = {{2014}}, } @techreport{20909, author = {{Becker, Steffen and Dziwok, Stefan and Gerking, Christopher and Schäfer, Wilhelm and Heinzemann, Christian and Thiele, Sebastian and Meyer, Matthias and Priesterjahn, Claudia and Pohlmann, Uwe and Tichy, Matthias}}, title = {{{The MechatronicUML Design Method - Process and Language for Platform-Independent Modeling}}}, year = {{2014}}, }