2025
Hermann, Kevin; Schneider, Simon; Tony, Catherine; Yardim, Asli; Peldszus, Sven; Berger, Thorsten; Scandariato, Riccardo; Sasse, M. Angela; Naiakshina, Alena
A Taxonomy of Functional Security Features and How They Can Be Located Journal Article
In: Empirical Software Engineering (EMSE), vol. 30, no. 117, 2025, (Open Access).
@article{HST+2025,
title = {A Taxonomy of Functional Security Features and How They Can Be Located},
author = {Kevin Hermann and Simon Schneider and Catherine Tony and Asli Yardim and Sven Peldszus and Thorsten Berger and Riccardo Scandariato and M. Angela Sasse and Alena Naiakshina },
doi = {10.1007/s10664-025-10649-7},
year = {2025},
date = {2025-05-28},
urldate = {2025-05-28},
journal = {Empirical Software Engineering (EMSE)},
volume = {30},
number = {117},
abstract = {Security must be considered in almost every software system. Unfortunately, selecting and implementing security features remains a challenge due to the wide variety of security threats and possible countermeasures. While security standards are intended to help developers, they are usually too abstract and vague to help implementing security features, or they merely help configuring such. A resource that describes security features at an abstraction level that lies between high-level (i.e., rather too general) and low-level (i.e., rather too specific) security standards could facilitate secure systems development. This resource should support the selection of appropriate security features to achieve high-level security goals, allow easy retrieval of relevant low-level details, and provide pointers to suitable ways to realize the security features. To realize security features, developers typically use external security libraries or frameworks, to minimize implementation mistakes. Even when using libraries, developers still make mistakes when writing code to integrate them, often resulting in security vulnerabilities. When security incidents occur or the system needs to be audited or maintained, it is essential to know what security features have been implemented and, more importantly, where they are located. This task, commonly referred to as feature location, is often tedious and error-prone. While dedicated feature location techniques exist, they require significant manual effort or adherence to strict development processes, preventing their use. Therefore, we have to support long-term tracking of implemented security features. We present a study of security features presented in the literature and their coverage in popular security frameworks. We contribute (1) a taxonomy of 68 functional implementation-level security features including a mapping to widely used security standards, (2) an examination of 21 popular security frameworks concerning which of these security features they provide, and (3) a discussion on the representation of security features in source code. Our taxonomy aims to aid developers in selecting appropriate security features and security frameworks, as well as relating them to security standards when they need to choose and implement security features for a software system.},
note = {Open Access},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Security must be considered in almost every software system. Unfortunately, selecting and implementing security features remains a challenge due to the wide variety of security threats and possible countermeasures. While security standards are intended to help developers, they are usually too abstract and vague to help implementing security features, or they merely help configuring such. A resource that describes security features at an abstraction level that lies between high-level (i.e., rather too general) and low-level (i.e., rather too specific) security standards could facilitate secure systems development. This resource should support the selection of appropriate security features to achieve high-level security goals, allow easy retrieval of relevant low-level details, and provide pointers to suitable ways to realize the security features. To realize security features, developers typically use external security libraries or frameworks, to minimize implementation mistakes. Even when using libraries, developers still make mistakes when writing code to integrate them, often resulting in security vulnerabilities. When security incidents occur or the system needs to be audited or maintained, it is essential to know what security features have been implemented and, more importantly, where they are located. This task, commonly referred to as feature location, is often tedious and error-prone. While dedicated feature location techniques exist, they require significant manual effort or adherence to strict development processes, preventing their use. Therefore, we have to support long-term tracking of implemented security features. We present a study of security features presented in the literature and their coverage in popular security frameworks. We contribute (1) a taxonomy of 68 functional implementation-level security features including a mapping to widely used security standards, (2) an examination of 21 popular security frameworks concerning which of these security features they provide, and (3) a discussion on the representation of security features in source code. Our taxonomy aims to aid developers in selecting appropriate security features and security frameworks, as well as relating them to security standards when they need to choose and implement security features for a software system.
Peldszus, Sven; Brugali, Davide; Strüber, Daniel; Pelliccione, Patrizio; Berger, Thorsten
Software Reconfiguration in Robotics Journal Article
In: Empirical Software Engineering (EMSE), vol. 30, no. 94, 2025, (Open Access).
@article{PBS+2025,
title = {Software Reconfiguration in Robotics},
author = {Sven Peldszus and Davide Brugali and Daniel Strüber and Patrizio Pelliccione and Thorsten Berger },
doi = {10.1007/s10664-024-10596-9},
year = {2025},
date = {2025-04-08},
urldate = {2025-04-08},
journal = {Empirical Software Engineering (EMSE)},
volume = {30},
number = {94},
abstract = {Robots often need to be reconfigurable—to customize, calibrate, or optimize robots operating in varying environments with different hardware. A particular challenge in robotics is the automated and dynamic reconfiguration to load and unload software components, as well as parameterizing them. Over the last decades, a large variety of software reconfiguration techniques has been presented in the literature, many specifically for robotics systems. Also many robotics frameworks support reconfiguration. Unfortunately, there is a lack of empirical data on the actual use of reconfiguration techniques in real robotics projects and on their realization in robotics frameworks. To advance reconfiguration techniques and support their adoption, we need to improve our empirical understanding of them in practice. We present a study of automated reconfiguration at runtime in the robotics domain. We determine the state-of-the art by reviewing 78 relevant publications on reconfiguration. We determine the state-of-practice by analyzing how four major robotics frameworks support reconfiguration, and how reconfiguration is realized in 48 robotics (sub-)systems. We contribute a detailed analysis of the design space of reconfiguration techniques. We identify trends and research gaps. Our results show a significant discrepancy between the state-of-the-art and the state-of-practice. While the scientific community focuses on complex structural reconfiguration, only parameter reconfiguration is widely used in practice. Our results support practitioners to realize reconfiguration in robotics systems, as well as they support researchers and tool builders to create more effective reconfiguration techniques that are adopted in practice.},
note = {Open Access},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Robots often need to be reconfigurable—to customize, calibrate, or optimize robots operating in varying environments with different hardware. A particular challenge in robotics is the automated and dynamic reconfiguration to load and unload software components, as well as parameterizing them. Over the last decades, a large variety of software reconfiguration techniques has been presented in the literature, many specifically for robotics systems. Also many robotics frameworks support reconfiguration. Unfortunately, there is a lack of empirical data on the actual use of reconfiguration techniques in real robotics projects and on their realization in robotics frameworks. To advance reconfiguration techniques and support their adoption, we need to improve our empirical understanding of them in practice. We present a study of automated reconfiguration at runtime in the robotics domain. We determine the state-of-the art by reviewing 78 relevant publications on reconfiguration. We determine the state-of-practice by analyzing how four major robotics frameworks support reconfiguration, and how reconfiguration is realized in 48 robotics (sub-)systems. We contribute a detailed analysis of the design space of reconfiguration techniques. We identify trends and research gaps. Our results show a significant discrepancy between the state-of-the-art and the state-of-practice. While the scientific community focuses on complex structural reconfiguration, only parameter reconfiguration is widely used in practice. Our results support practitioners to realize reconfiguration in robotics systems, as well as they support researchers and tool builders to create more effective reconfiguration techniques that are adopted in practice.
Hermann, Kevin; Peldszus, Sven; Steghöfer, Jan-Philipp; Berger, Thorsten
An Exploratory Study on the Engineering of Security Features Proceedings Article
In: Proceedings of the 47th International Conference on Software Engineering (ICSE), 2025.
@inproceedings{ICSE215a,
title = {An Exploratory Study on the Engineering of Security Features},
author = {Kevin Hermann and Sven Peldszus and Jan-Philipp Steghöfer and Thorsten Berger },
doi = {10.1109/ICSE55347.2025.00184},
year = {2025},
date = {2025-00-00},
urldate = {2025-00-00},
booktitle = {Proceedings of the 47th International Conference on Software Engineering (ICSE)},
journal = {Proceedings of the International Conference on Software Engineering (ICSE)},
abstract = {Software security is of utmost importance for most software systems. Developers must systematically select, plan, design, implement, and especially, maintain and evolve security features—functionalities to mitigate attacks or protect personal data such as cryptography or access control—to ensure the security of their software. Although security features are usually available in libraries, integrating security features requires writing and maintaining additional security-critical code. While there have been studies on the use of such libraries, surprisingly little is known about how developers engineer security features, how they select what security features to implement and which ones may require custom implementation, and the implications for maintenance. As a result, we currently rely on assumptions that are largely based on common sense or individual examples. However, to provide them with effective solutions, researchers need hard empirical data to understand what practitioners need and how they view security—data that we currently lack. To fill this gap, we contribute an exploratory study with 26 knowledgeable industrial participants. We study how security features of software systems are selected and engineered in practice, what their code-level characteristics are, and what challenges practitioners face. Based on the empirical data gathered, we provide insights into engineering practices and validate four common assumptions.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Software security is of utmost importance for most software systems. Developers must systematically select, plan, design, implement, and especially, maintain and evolve security features—functionalities to mitigate attacks or protect personal data such as cryptography or access control—to ensure the security of their software. Although security features are usually available in libraries, integrating security features requires writing and maintaining additional security-critical code. While there have been studies on the use of such libraries, surprisingly little is known about how developers engineer security features, how they select what security features to implement and which ones may require custom implementation, and the implications for maintenance. As a result, we currently rely on assumptions that are largely based on common sense or individual examples. However, to provide them with effective solutions, researchers need hard empirical data to understand what practitioners need and how they view security—data that we currently lack. To fill this gap, we contribute an exploratory study with 26 knowledgeable industrial participants. We study how security features of software systems are selected and engineered in practice, what their code-level characteristics are, and what challenges practitioners face. Based on the empirical data gathered, we provide insights into engineering practices and validate four common assumptions.
Sens, Yorick; Knopp, Henriette; Peldszus, Sven; Berger, Thorsten
A Large-Scale Study of Model Integration in ML-Enabled Software Systems Proceedings Article
In: Proceedings of the 47th International Conference on Software Engineering (ICSE), 2025.
@inproceedings{ICSE2025b,
title = {A Large-Scale Study of Model Integration in ML-Enabled Software Systems},
author = {Yorick Sens and Henriette Knopp and Sven Peldszus and Thorsten Berger},
doi = {10.1109/ICSE55347.2025.00185},
year = {2025},
date = {2025-00-00},
urldate = {2025-00-00},
booktitle = {Proceedings of the 47th International Conference on Software Engineering (ICSE)},
journal = {Proceedings of the International Conference on Software Engineering (ICSE)},
abstract = {The rise of machine learning (ML) and its integration into software systems has drastically changed development practices. While software engineering traditionally focused on manually created code artifacts with dedicated processes and architectures, ML-enabled systems require additional data-science methods and tools to create ML artifacts---especially ML models and training data. However, integrating models into systems, and managing the many different artifacts involved, is far from trivial. ML-enabled systems can easily have multiple ML models that interact with each other and with traditional code in intricate ways. Unfortunately, while challenges and practices of building ML-enabled systems have been studied, little is known about the characteristics of real-world ML-enabled systems beyond isolated examples. Improving engineering processes and architectures for ML-enabled systems requires improving the empirical understanding of these systems. We present a large-scale study of 2,928 open-source ML-enabled software systems. We classified and analyzed them to determine system characteristics, model and code reuse practices, and architectural aspects of integrating ML models. Our findings show that these systems still mainly consist of traditional source code, and that ML model reuse through code duplication or pre-trained models is common. We also identified different ML integration patterns and related implementation practices. We hope that our results help improve practices for integrating ML models, bringing data science and software engineering closer together.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The rise of machine learning (ML) and its integration into software systems has drastically changed development practices. While software engineering traditionally focused on manually created code artifacts with dedicated processes and architectures, ML-enabled systems require additional data-science methods and tools to create ML artifacts---especially ML models and training data. However, integrating models into systems, and managing the many different artifacts involved, is far from trivial. ML-enabled systems can easily have multiple ML models that interact with each other and with traditional code in intricate ways. Unfortunately, while challenges and practices of building ML-enabled systems have been studied, little is known about the characteristics of real-world ML-enabled systems beyond isolated examples. Improving engineering processes and architectures for ML-enabled systems requires improving the empirical understanding of these systems. We present a large-scale study of 2,928 open-source ML-enabled software systems. We classified and analyzed them to determine system characteristics, model and code reuse practices, and architectural aspects of integrating ML models. Our findings show that these systems still mainly consist of traditional source code, and that ML model reuse through code duplication or pre-trained models is common. We also identified different ML integration patterns and related implementation practices. We hope that our results help improve practices for integrating ML models, bringing data science and software engineering closer together.
2024
Peldszus, Sven; Knopp, Henriette; Sens, Yorick; Berger, Thorsten
Towards ML-Integration and Training Patterns for AI-Enabled Systems Proceedings Article
In: Proceedings of the International Conference on Bridging the Gap between AI and Reality (AISOLA), pp. 434–452, 2024, (open access).
@inproceedings{AISOLA2024,
title = {Towards ML-Integration and Training Patterns for AI-Enabled Systems},
author = {Sven Peldszus and Henriette Knopp and Yorick Sens and Thorsten Berger},
doi = {10.1007/978-3-031-73741-1_26},
year = {2024},
date = {2024-10-31},
urldate = {2024-10-31},
booktitle = {Proceedings of the International Conference on Bridging the Gap between AI and Reality (AISOLA)},
pages = {434–452},
abstract = {Machine learning (ML) has improved dramatically over the last decade. ML models have become a fundamental part of intelligent software systems, many of which are safety-critical. Since ML models have complex lifecycles, they require dedicated methods and tools, such as pipeline automation or experiment management. Unfortunately, the current state of the art is model-centric, disregarding the challenges of engineering systems with multiple ML models that need to interact to realize complex functionality. Consider, for instance, robotics or autonomous driving systems, where perception architectures can easily incorporate more than 30 ML models. Developing such multi-ML model systems requires architectures that can integrate and chain ML components. Maintaining and evolving them requires tackling the combinatorial explosion when re-training ML components, often exploring different (hyper-)parameters, features, training algorithms, or other ML artifacts. Addressing these problems requires systems-centric methods and tools. In this work, we discuss characteristics of multi-ML-model systems and challenges of engineering them. Inspired by such systems in the autonomous driving domain, our focus is on experiment-management tooling, which supports tracking and reasoning about the training process for ML models. Our analysis reveals their concepts, but also their limitations when engineering multi-ML-model systems, especially due to their model-centric focus. We discuss possible integration patterns and ML training to facilitate the effective and efficient development, maintenance, and evolution of multi-ML-model systems. Furthermore, we describe real-world multi-ML-model systems, providing early results from identifying and analyzing open-source systems from GitHub.},
note = {open access},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Machine learning (ML) has improved dramatically over the last decade. ML models have become a fundamental part of intelligent software systems, many of which are safety-critical. Since ML models have complex lifecycles, they require dedicated methods and tools, such as pipeline automation or experiment management. Unfortunately, the current state of the art is model-centric, disregarding the challenges of engineering systems with multiple ML models that need to interact to realize complex functionality. Consider, for instance, robotics or autonomous driving systems, where perception architectures can easily incorporate more than 30 ML models. Developing such multi-ML model systems requires architectures that can integrate and chain ML components. Maintaining and evolving them requires tackling the combinatorial explosion when re-training ML components, often exploring different (hyper-)parameters, features, training algorithms, or other ML artifacts. Addressing these problems requires systems-centric methods and tools. In this work, we discuss characteristics of multi-ML-model systems and challenges of engineering them. Inspired by such systems in the autonomous driving domain, our focus is on experiment-management tooling, which supports tracking and reasoning about the training process for ML models. Our analysis reveals their concepts, but also their limitations when engineering multi-ML-model systems, especially due to their model-centric focus. We discuss possible integration patterns and ML training to facilitate the effective and efficient development, maintenance, and evolution of multi-ML-model systems. Furthermore, we describe real-world multi-ML-model systems, providing early results from identifying and analyzing open-source systems from GitHub.
Lohr, Matthias; Peldszus, Sven; Jürjens, Jan; Staab, Steffen
Fast, Favorable, and Fair Blockchain-based Exchange of Digital Goods using State Channels Proceedings Article
In: Proceedings of the 6th IEEE International Conference on Blockchain and Cryptocurrency (ICBC), 2024.
@inproceedings{LPJ+20024,
title = {Fast, Favorable, and Fair Blockchain-based Exchange of Digital Goods using State Channels},
author = {Lohr, Matthias and Peldszus, Sven and Jürjens, Jan and Staab, Steffen},
url = {https://peldszus.com/wp-content/uploads/2024/04/fairsce.pdf},
year = {2024},
date = {2024-05-27},
urldate = {2024-05-27},
booktitle = {Proceedings of the 6th IEEE International Conference on Blockchain and Cryptocurrency (ICBC)},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Peldszus, Sven; Bürger, Jens; Jürjens, Jan
UMLsecRT: Reactive Security Monitoring of Java Applications With Round-Trip Engineering Journal Article
In: IEEE Transactions on Software Engineering (TSE), vol. 50, no. 1, pp. 16–47, 2024.
@article{PBJ2024,
title = {UMLsecRT: Reactive Security Monitoring of Java Applications With Round-Trip Engineering},
author = {Sven Peldszus and Jens Bürger and Jan Jürjens},
url = {https://peldszus.com/wp-content/uploads/2024/01/2024-TSE-UMLsecRT-preprint.pdf},
doi = {10.1109/TSE.2023.3326366},
year = {2024},
date = {2024-01-01},
journal = {IEEE Transactions on Software Engineering (TSE)},
volume = {50},
number = {1},
pages = {16--47},
abstract = {Today's software systems tend to be long-living and often process security-critical data, so keeping up with ever-changing security measures, attacks, and mitigations is critical to maintaining their security. While it has become common practice to consider security aspects during the design of a system, OWASP still identifies insecure design as one of the top 10 threats to security. Furthermore, even if the planned design is secure, verifying that the planned security assumptions hold at run-time and investigating any violations that may have occurred is cumbersome. In particular, the configuration of run-time monitors such as the Java Security Manager, which could enforce design-time security assumptions, is non-trivial and therefore used in practice rarely. To address these challenges, we present UMLsecRT for automatically supporting model-based security engineering with run-time monitoring of design-time security specifications and round-trip engineering for propagating run-time observations to the design level. Following the established security-by-design approach UMLsec, security experts annotate system models with security properties that UMLsecRT automatically synchronizes with corresponding source code annotations for the automatic configuration of UMLsecRT's run-time monitor. To this end, UMLecRT monitors these security properties at run-time without additional effort to specify monitoring policies. Developers can define mitigations for attacks detected at run-time in advance by adjusting the automatically synchronized annotations at implementation time. Triggered by a security violation, UMLsecRT can adapt the design-time models based on run-time findings to facilitate the investigation of security violations. We evaluated UMLsecRT concerning its effectiveness and applicability to security violations extracted from real-world attacks and the DaCapo benchmark, conducted user studies on the usability of the adapted models and the feasibility of UMLsecRT in practice, especially concerning countermeasures, and investigated the scalability of UMLsecRT. To study the applicability of the whole development process, we applied UMLsecRT in two case studies to the Eclipse Secure Storage and the electronic health record system iTrust.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Today's software systems tend to be long-living and often process security-critical data, so keeping up with ever-changing security measures, attacks, and mitigations is critical to maintaining their security. While it has become common practice to consider security aspects during the design of a system, OWASP still identifies insecure design as one of the top 10 threats to security. Furthermore, even if the planned design is secure, verifying that the planned security assumptions hold at run-time and investigating any violations that may have occurred is cumbersome. In particular, the configuration of run-time monitors such as the Java Security Manager, which could enforce design-time security assumptions, is non-trivial and therefore used in practice rarely. To address these challenges, we present UMLsecRT for automatically supporting model-based security engineering with run-time monitoring of design-time security specifications and round-trip engineering for propagating run-time observations to the design level. Following the established security-by-design approach UMLsec, security experts annotate system models with security properties that UMLsecRT automatically synchronizes with corresponding source code annotations for the automatic configuration of UMLsecRT's run-time monitor. To this end, UMLecRT monitors these security properties at run-time without additional effort to specify monitoring policies. Developers can define mitigations for attacks detected at run-time in advance by adjusting the automatically synchronized annotations at implementation time. Triggered by a security violation, UMLsecRT can adapt the design-time models based on run-time findings to facilitate the investigation of security violations. We evaluated UMLsecRT concerning its effectiveness and applicability to security violations extracted from real-world attacks and the DaCapo benchmark, conducted user studies on the usability of the adapted models and the feasibility of UMLsecRT in practice, especially concerning countermeasures, and investigated the scalability of UMLsecRT. To study the applicability of the whole development process, we applied UMLsecRT in two case studies to the Eclipse Secure Storage and the electronic health record system iTrust.
Peldszus, Sven
Security Compliance in Model-Driven Software Development Book Chapter
In: Bodden, Eric; Felderer, Michael; Hasselbring, Wilhelm; Herber, Paula; Koziolek, Heiko; Lilienthal, Carola; Matthes, Florian; Prechelt, Lutz; Rumpe, Bernhard; Schaefer, Ina (Ed.): Ernst Denert Award for Software Engineering 2022: Practice Meets Foundations, pp. 73–104, Springer, 2024, ISBN: 978-3-031-44412-8, (open access).
@inbook{Peldszus2024,
title = {Security Compliance in Model-Driven Software Development},
author = {Sven Peldszus},
editor = {Eric Bodden and Michael Felderer and Wilhelm Hasselbring and Paula Herber and Heiko Koziolek and Carola Lilienthal and Florian Matthes and Lutz Prechelt and Bernhard Rumpe and Ina Schaefer},
url = {https://doi.org/10.1007/978-3-031-44412-8_4},
doi = {10.1007/978-3-031-44412-8_4},
isbn = {978-3-031-44412-8},
year = {2024},
date = {2024-01-01},
urldate = {2024-01-01},
booktitle = {Ernst Denert Award for Software Engineering 2022: Practice Meets Foundations},
pages = {73–104},
publisher = {Springer},
abstract = {To ensure the security of a software system, it is vital to keep up with changing security precautions, attacks, and mitigations. Although model-based development enables addressing security already at design-time, design models are often inconsistent with the implementation or among themselves. Such inconsistencies hinder the effective realization and verification of secure software systems. In addition, variants of software systems are another burden to developing secure systems. Vulnerabilities must be identified and fixed on all variants or else attackers could be well-guided in attacking unfixed variants. To ensure security in this context, in the thesis (Peldszus, Security Compliance in Model-driven Development of Software Systems in Presence of Long-Term Evolution and Variants. Springer, Berlin; 2022), we present GRaViTY, an approach that allows security experts to specify security requirements on the most suitable system representation. To preserve security, based on continuous automated change propagation, GRaViTY automatically checks all system representations against these security requirements. To systematically improve the object-oriented design of a software-intensive system, GRaViTY provides security-preserving refactorings. For both continuous security compliance checks and refactorings, we show the application to variant-rich software systems. To support legacy systems, GRaViTY allows to automatically reverse-engineer variability-aware UML models and semi-automatically map existing design models to the implementation. Besides evaluations of the individual contributions, we demonstrate applicability of the approach in two real-world case studies, the iTrust electronics health records system and the Eclipse Secure Storage. This book chapter provides a summary of the thesis, focusing on the addressed problems, identified and answered research questions, the general solution, and its application of it to two case studies. For details on the individual solutions, please refer to the thesis and the corresponding publications referenced in this book chapter.},
note = {open access},
keywords = {},
pubstate = {published},
tppubtype = {inbook}
}
To ensure the security of a software system, it is vital to keep up with changing security precautions, attacks, and mitigations. Although model-based development enables addressing security already at design-time, design models are often inconsistent with the implementation or among themselves. Such inconsistencies hinder the effective realization and verification of secure software systems. In addition, variants of software systems are another burden to developing secure systems. Vulnerabilities must be identified and fixed on all variants or else attackers could be well-guided in attacking unfixed variants. To ensure security in this context, in the thesis (Peldszus, Security Compliance in Model-driven Development of Software Systems in Presence of Long-Term Evolution and Variants. Springer, Berlin; 2022), we present GRaViTY, an approach that allows security experts to specify security requirements on the most suitable system representation. To preserve security, based on continuous automated change propagation, GRaViTY automatically checks all system representations against these security requirements. To systematically improve the object-oriented design of a software-intensive system, GRaViTY provides security-preserving refactorings. For both continuous security compliance checks and refactorings, we show the application to variant-rich software systems. To support legacy systems, GRaViTY allows to automatically reverse-engineer variability-aware UML models and semi-automatically map existing design models to the implementation. Besides evaluations of the individual contributions, we demonstrate applicability of the approach in two real-world case studies, the iTrust electronics health records system and the Eclipse Secure Storage. This book chapter provides a summary of the thesis, focusing on the addressed problems, identified and answered research questions, the general solution, and its application of it to two case studies. For details on the individual solutions, please refer to the thesis and the corresponding publications referenced in this book chapter.
2023
Peldszus, Sven; Akopian, Noubar; Berger, Thorsten
RobotBT: Behavior-Tree-Based Test-Case Specification for the Robot Framework Proceedings Article
In: Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), pp. 1503–1506, 2023, (Open Access).
@inproceedings{PAB2023,
title = {RobotBT: Behavior-Tree-Based Test-Case Specification for the Robot Framework},
author = {Sven Peldszus and Noubar Akopian and Thorsten Berger},
url = {https://www.youtube.com/watch?v=zPK8RdMmFaM
https://peldszus.com/wp-content/uploads/2023/07/2023-ISSTA-RobotBT.pdf},
doi = {10.1145/3597926.3604924},
year = {2023},
date = {2023-07-18},
urldate = {2023-07-18},
booktitle = {Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)},
pages = {1503–1506},
abstract = {The Robot Framework is a popular and widely used test automation framework that abstracts test case specifications toward natural language specifications. This makes it well suited for implementing high-level test cases, at least as long as the functions provided by Robot can support the intended functionality. For more complicated test cases, custom and often deeply nested functionality specifications are required, and the readability of Robot test cases tends to decrease. We present RobotBT, a library for the Robot framework that addresses these shortcomings by adding support for specifying test cases using behavior trees. Behavior trees are a comprehensive method for specifying complex behaviors based on a control flow model that orchestrates the execution of functionality. We evaluated RobotBT on a test suite for GUI testing from G DATA CyberDefense AG and interviewed their engineers about the usability, readability, and applicability of RobotBT. Our results show that BTs improve the expressiveness and readability of Robot Framework test cases and are applicable to practical problems.},
howpublished = {ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023), Tool Demos},
note = {Open Access},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The Robot Framework is a popular and widely used test automation framework that abstracts test case specifications toward natural language specifications. This makes it well suited for implementing high-level test cases, at least as long as the functions provided by Robot can support the intended functionality. For more complicated test cases, custom and often deeply nested functionality specifications are required, and the readability of Robot test cases tends to decrease. We present RobotBT, a library for the Robot framework that addresses these shortcomings by adding support for specifying test cases using behavior trees. Behavior trees are a comprehensive method for specifying complex behaviors based on a control flow model that orchestrates the execution of functionality. We evaluated RobotBT on a test suite for GUI testing from G DATA CyberDefense AG and interviewed their engineers about the usability, readability, and applicability of RobotBT. Our results show that BTs improve the expressiveness and readability of Robot Framework test cases and are applicable to practical problems.
Tuma, Katja; Peldszus, Sven; Strüber, Daniel; Scandariato, Riccardo; Jürjens, Jan
Checking Security Compliance between Models and Code Journal Article
In: Software and Systems Modeling (SoSyM), vol. 22, iss. 1, pp. 273–296, 2023, (Open Access).
@article{TPS+2022,
title = {Checking Security Compliance between Models and Code},
author = {Katja Tuma and Sven Peldszus and Daniel Strüber and Riccardo Scandariato and Jan Jürjens},
doi = {10.1007/s10270-022-00991-5},
year = {2023},
date = {2023-02-01},
urldate = {2022-03-18},
journal = {Software and Systems Modeling (SoSyM)},
volume = {22},
issue = {1},
pages = {273–296},
abstract = {It is challenging to verify that the planned security mechanisms are actually implemented in the software. In the context of model-based development, the implemented security mechanisms must capture all intended security properties that were considered in the design models. Assuring this compliance manually is labor-intensive and can be error-prone. This work introduces the first semi-automatic technique for secure data flow compliance checks between design models and code. We develop heuristic-based automated mappings between a design-level model (SecDFD, provided by humans) and a code-level representation (Program Model, automatically extracted from the implementation) in order to guide users in discovering compliance violations, and hence, potential security flaws in the code. These mappings enable an automated, and project-specific static analysis of the implementation with respect to the desired security properties of the design model. We developed two types of security compliance checks and evaluated the entire approach on open source Java projects.},
note = {Open Access},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
It is challenging to verify that the planned security mechanisms are actually implemented in the software. In the context of model-based development, the implemented security mechanisms must capture all intended security properties that were considered in the design models. Assuring this compliance manually is labor-intensive and can be error-prone. This work introduces the first semi-automatic technique for secure data flow compliance checks between design models and code. We develop heuristic-based automated mappings between a design-level model (SecDFD, provided by humans) and a code-level representation (Program Model, automatically extracted from the implementation) in order to guide users in discovering compliance violations, and hence, potential security flaws in the code. These mappings enable an automated, and project-specific static analysis of the implementation with respect to the desired security properties of the design model. We developed two types of security compliance checks and evaluated the entire approach on open source Java projects.
2022
Barros, Djonathan; Peldszus, Sven; Assunção, Wesley K. G.; Berger, Thorsten
Editing Support for Software Languages: Implementation Practices in Language Server Protocols Proceedings Article
In: MODELS, 2022.
@inproceedings{Barros2022,
title = {Editing Support for Software Languages: Implementation Practices in Language Server Protocols},
author = {Djonathan Barros and Sven Peldszus and Wesley K. G. Assunção and Thorsten Berger},
url = {https://peldszus.com/wp-content/uploads/2022/08/2022-models-lspstudy.pdf},
year = {2022},
date = {2022-10-23},
urldate = {2022-10-23},
booktitle = {MODELS},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Peldszus, Sven
2022.
@phdthesis{Peldszus2022,
title = {Security Compliance in Model-driven Development of Software Systems in Presence of Long-Term Evolution and Variants},
author = {Sven Peldszus},
url = {https://peldszus.com/phd-thesis-peldszus-2021-submitted-version/},
doi = {10.1007/978-3-658-37665-9},
year = {2022},
date = {2022-07-01},
urldate = {2022-07-01},
publisher = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {phdthesis}
}
2021
Peldszus, Sven; Bürger, Jens; Kehrer, Timo; Jürjens, Jan
Ontology-Driven Evolution of Software Security Journal Article
In: Data & Knowledge Engineering (DKE), vol. 134, 2021.
@article{PBKJ2021,
title = {Ontology-Driven Evolution of Software Security},
author = {Sven Peldszus and Jens Bürger and Timo Kehrer and Jan Jürjens},
doi = {10.1016/j.datak.2021.101907},
year = {2021},
date = {2021-01-01},
journal = {Data & Knowledge Engineering (DKE)},
volume = {134},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
2020
Ruland, Sebastian; Kulcsár, Géza; Leblebici, Erhan; Peldszus, Sven; Lochau, Malte
On Controlling the Attack Surface of Object-Oriented Refactorings Proceedings Article
In: Proceedings of the Conference on Software Engineering (SE), pp. 89–90, Gesellschaft für Informatik e.V., 2020, (Open Access).
@inproceedings{RKL+2020,
title = {On Controlling the Attack Surface of Object-Oriented Refactorings},
author = {Sebastian Ruland and Géza Kulcsár and Erhan Leblebici and Sven Peldszus and Malte Lochau},
doi = {10.18420/SE2020_26},
year = {2020},
date = {2020-02-01},
booktitle = {Proceedings of the Conference on Software Engineering (SE)},
pages = {89--90},
publisher = {Gesellschaft für Informatik e.V.},
note = {Open Access},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Peldszus, Sven; Tuma, Katja; Strüber, Daniel; Jürjens, Jan; Scandariato, Riccardo
Secure Data-Flow Compliance Checks between Models and Code based on Automated Mappings (Summary) Proceedings Article
In: Proceedings of the Conference on Software Engineering (SE), pp. 51–52, Gesellschaft für Informatik e.V., 2020, (Open Access).
@inproceedings{PTS+2020,
title = {Secure Data-Flow Compliance Checks between Models and Code based on Automated Mappings (Summary)},
author = {Sven Peldszus and Katja Tuma and Daniel Strüber and Jan Jürjens and Riccardo Scandariato},
doi = {10.18420/SE2020_13},
year = {2020},
date = {2020-02-01},
booktitle = {Proceedings of the Conference on Software Engineering (SE)},
pages = {51--52},
publisher = {Gesellschaft für Informatik e.V.},
note = {Open Access},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Peldszus, Sven
Model-driven Development of Evolving Secure Software Systems Proceedings Article
In: Proceedings of the 7th Collaborative Workshop on Evolution and Maintenance of Long-Living Software Systems, 2020.
@inproceedings{Pel2020,
title = {Model-driven Development of Evolving Secure Software Systems},
author = {Sven Peldszus},
year = {2020},
date = {2020-02-01},
booktitle = {Proceedings of the 7th Collaborative Workshop on Evolution and Maintenance of Long-Living Software Systems},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Lohr, Matthias; Peldszus, Sven
Maintenance of Long Living Smart Contracts Proceedings Article
In: Proceedings of the 7th Collaborative Workshop on Evolution and Maintenance of Long-Living Software Systems, 2020.
@inproceedings{LP2020,
title = {Maintenance of Long Living Smart Contracts},
author = {Matthias Lohr and Sven Peldszus},
year = {2020},
date = {2020-02-01},
booktitle = {Proceedings of the 7th Collaborative Workshop on Evolution and Maintenance of Long-Living Software Systems},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Peldszus, Sven; Ahmadian, Amir Shayan; Salnitri, Mattia; Jürjens, Jan; Pavlidis, Michalis; Mouratidis, Haralambos
Visual Privacy Management Book Chapter
In: Salnitri, Mattia; Jürjens, Jan; Mouratidis, Haralambos; Mancini, Loredana; Giorgini, Paolo (Ed.): Chapter Visual Privacy Management, pp. 77-108, Springer, 2020.
@inbook{PAS+2020,
title = {Visual Privacy Management},
author = {Sven Peldszus and Amir Shayan Ahmadian and Mattia Salnitri and Jan Jürjens and Michalis Pavlidis and Haralambos Mouratidis},
editor = {Mattia Salnitri and Jan Jürjens and Haralambos Mouratidis and Loredana Mancini and Paolo Giorgini},
doi = {10.1007/978-3-030-59944-7_4},
year = {2020},
date = {2020-01-01},
pages = {77-108},
publisher = {Springer},
chapter = {Visual Privacy Management},
keywords = {},
pubstate = {published},
tppubtype = {inbook}
}
2019
Peldszus, Sven; Tuma, Katja; Strüber, Daniel; Jürjens, Jan; Scandariato, Riccardo
Secure Data-Flow Compliance Checks between Models and Code based on Automated Mappings Proceedings Article
In: Proceedings of the 22nd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems (MODELS), 2019.
@inproceedings{PTS+2019,
title = {Secure Data-Flow Compliance Checks between Models and Code based on Automated Mappings},
author = {Sven Peldszus and Katja Tuma and Daniel Strüber and Jan Jürjens and Riccardo Scandariato},
year = {2019},
date = {2019-01-01},
booktitle = {Proceedings of the 22nd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems (MODELS)},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
2018
Strüber, Daniel; Peldszus, Sven; Jürjens, Jan
Taming Multi-Variability of Software Product Line Transformations Proceedings Article
In: Proceedings of the 21st International Conference on Fundamental Approaches in Software Engineering (FASE), pp. 337–355, 2018, (Open Access).
@inproceedings{SPJ2018,
title = {Taming Multi-Variability of Software Product Line Transformations},
author = {Daniel Strüber and Sven Peldszus and Jan Jürjens},
doi = {10.1007/978-3-319-89363-1_19},
year = {2018},
date = {2018-04-01},
booktitle = {Proceedings of the 21st International Conference on Fundamental Approaches in Software Engineering (FASE)},
pages = {337--355},
note = {Open Access},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Ruland, Sebastian; Kulcsár, Géza; Leblebici, Erhan; Peldszus, Sven; Lochau, Malte
Controlling the Attack Surface of Object-Oriented Refactorings Proceedings Article
In: Proceedings of the 21st International Conference on Fundamental Approaches in Software Engineering (FASE), pp. 38–55, 2018, (Open Access).
@inproceedings{RKL+2018,
title = {Controlling the Attack Surface of Object-Oriented Refactorings},
author = {Sebastian Ruland and Géza Kulcsár and Erhan Leblebici and Sven Peldszus and Malte Lochau},
doi = {10.1007/978-3-319-89363-1_3},
year = {2018},
date = {2018-04-01},
booktitle = {Proceedings of the 21st International Conference on Fundamental Approaches in Software Engineering (FASE)},
pages = {38--55},
note = {Open Access},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Peldszus, Sven; Strüber, Daniel; Jürjens, Jan
Model-Based Security Analysis of Feature-Oriented Software Product Lines Proceedings Article
In: Proceedings of the 17th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences (GPCE), 2018.
@inproceedings{PSJ2018,
title = {Model-Based Security Analysis of Feature-Oriented Software Product Lines},
author = {Sven Peldszus and Daniel Strüber and Jan Jürjens},
doi = {10.1145/3278122.3278126},
year = {2018},
date = {2018-01-01},
booktitle = {Proceedings of the 17th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences (GPCE)},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Peldszus, Sven; Kulcsár, Géza; Lochau, Malte; Schulze, Sandro
On Continuous Detection of Design Flaws in Evolving Object-Oriented Programs using Incremental Multi-pattern Matching Proceedings Article
In: Proceedings of the Conference on Software Engineering (SE), Gesellschaft für Informatik, 2018, (Open Access).
@inproceedings{PKLS2018,
title = {On Continuous Detection of Design Flaws in Evolving Object-Oriented Programs using Incremental Multi-pattern Matching},
author = {Sven Peldszus and Géza Kulcsár and Malte Lochau and Sandro Schulze},
year = {2018},
date = {2018-01-01},
booktitle = {Proceedings of the Conference on Software Engineering (SE)},
publisher = {Gesellschaft für Informatik},
note = {Open Access},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
2017
Peldszus, Sven; Cirullies, Jan; Jürjens, Jan
Sicherheitszertifizierung für die Digitale Transformation -- Anwendung auf den Industrial Data Space Proceedings Article
In: Proceedings of the 25th Software-QS-Tag, 2017, (Best Paper Award).
@inproceedings{PCJ2017,
title = {Sicherheitszertifizierung für die Digitale Transformation -- Anwendung auf den Industrial Data Space},
author = {Sven Peldszus and Jan Cirullies and Jan Jürjens},
year = {2017},
date = {2017-10-01},
booktitle = {Proceedings of the 25th Software-QS-Tag},
note = {Best Paper Award},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Ahmadian, Amir Shayan; Peldszus, Sven; Ramadan, Qusai; Jürjens, Jan
Model-based Privacy and Security Analysis with CARiSMA Proceedings Article
In: Proceedings of 2017 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE), pp. 989–993, 2017.
@inproceedings{APRJ2017,
title = {Model-based Privacy and Security Analysis with CARiSMA},
author = {Amir Shayan Ahmadian and Sven Peldszus and Qusai Ramadan and Jan Jürjens},
doi = {10.1145/3106237.3122823},
year = {2017},
date = {2017-09-01},
booktitle = {Proceedings of 2017 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE)},
pages = {989--993},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Peldszus, Sven; Bürger, Jens; Strüber, Daniel
Detecting and Preventing Power Outages in a Smart Grid using eMoflon Proceedings Article
In: Garcia-Dominguez, Antonio; Hinkel, Georg; Křikava, Filip (Ed.): Proceedings of the 10th Transformation Tool Contest (TTC), pp. 19–23, 2017, (Open Access).
@inproceedings{PBS2017,
title = {Detecting and Preventing Power Outages in a Smart Grid using eMoflon},
author = {Sven Peldszus and Jens Bürger and Daniel Strüber},
editor = {Antonio Garcia-Dominguez and Georg Hinkel and Filip Křikava},
year = {2017},
date = {2017-07-01},
booktitle = {Proceedings of the 10th Transformation Tool Contest (TTC)},
pages = {19--23},
series = {CEUR Workshop Proceedings},
note = {Open Access},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Peldszus, Sven; Jürjens, Jan
Werkzeuggestützte Sicherheitszertifizierung -- Anwendung auf den Industrial Data Space Proceedings Article
In: Conference Journal 2017 -- Interesting Insights into Professional Practice -- Papers of Lecturers at the Software Quality Days, pp. 10–14, Software Quality Lab GmbH, 2017.
@inproceedings{PJ2017,
title = {Werkzeuggestützte Sicherheitszertifizierung -- Anwendung auf den Industrial Data Space},
author = {Sven Peldszus and Jan Jürjens},
url = {http://sven.peldszus.com/home/2017-werkzeuggestuetztesicherheitszertifizierung/},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {Conference Journal 2017 -- Interesting Insights into Professional Practice -- Papers of Lecturers at the Software Quality Days},
pages = {10--14},
publisher = {Software Quality Lab GmbH},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
2016
Peldszus, Sven; Kulcsár, Géza; Lochau, Malte; Schulze, Sandro
Continuous Detection of Design Flaws in Evolving Object-Oriented Programs using Incremental Multi-pattern Matching Proceedings Article
In: Proceedings of the 31st International Conference on Automated Software Engineering (ASE), 2016.
@inproceedings{PKLS2016,
title = {Continuous Detection of Design Flaws in Evolving Object-Oriented Programs using Incremental Multi-pattern Matching},
author = {Sven Peldszus and Géza Kulcsár and Malte Lochau and Sandro Schulze},
url = {http://sven.peldszus.com/home/ase16main-mainp259-p-b618b2e-27986-preprint/},
doi = {10.1145/2970276.2970338},
year = {2016},
date = {2016-09-01},
urldate = {2016-09-01},
booktitle = {Proceedings of the 31st International Conference on Automated Software Engineering (ASE)},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
2015
Peldszus, Sven; Kulcsár, Géza; Lochau, Malte
A Solution to the Java Refactoring Case Study using eMoflon Proceedings Article
In: Horn, Tassilo; Krikava, Filip; Rose, Louis (Ed.): Proceedings of the 8th Transformation Tool Contest (TTC), pp. 118–122, 2015, (Open Access).
@inproceedings{PKL2015,
title = {A Solution to the Java Refactoring Case Study using eMoflon},
author = {Sven Peldszus and Géza Kulcsár and Malte Lochau},
editor = {Tassilo Horn and Filip Krikava and Louis Rose},
url = {https://ceur-ws.org/Vol-1524/paper20.pdf},
year = {2015},
date = {2015-07-01},
urldate = {2015-07-01},
booktitle = {Proceedings of the 8th Transformation Tool Contest (TTC)},
pages = {118--122},
series = {CEUR Workshop Proceedings},
note = {Open Access},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Kulcsár, Géza; Peldszus, Sven; Lochau, Malte
Object-oriented Refactoring of Java Programs using Graph Transformation Proceedings Article
In: Horn, Tassilo; Krikava, Filip; Rose, Louis (Ed.): Proceedings of the 8th Transformation Tool Contest (TTC), pp. 53–82, 2015, (Open Access).
@inproceedings{KPL2015,
title = {Object-oriented Refactoring of Java Programs using Graph Transformation},
author = {Géza Kulcsár and Sven Peldszus and Malte Lochau},
editor = {Tassilo Horn and Filip Krikava and Louis Rose},
url = {https://ceur-ws.org/Vol-1524/paper3.pdf},
year = {2015},
date = {2015-07-01},
urldate = {2015-07-01},
booktitle = {Proceedings of the 8th Transformation Tool Contest (TTC)},
pages = {53--82},
series = {CEUR Workshop Proceedings},
note = {Open Access},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Peldszus, Sven; Kulcsár, Géza; Lochau, Malte; Schulze, Sandro
Incremental Co-Evolution of Java Programs based on Bidirectional Graph Transformation Proceedings Article
In: Proceedings of the Principles and Practices of Programming on The Java Platform (PPPJ), pp. 138–151, ACM, 2015.
@inproceedings{PKLS2015,
title = {Incremental Co-Evolution of Java Programs based on Bidirectional Graph Transformation},
author = {Sven Peldszus and Géza Kulcsár and Malte Lochau and Sandro Schulze},
doi = {10.1145/2807426.2807438},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
booktitle = {Proceedings of the Principles and Practices of Programming on The Java Platform (PPPJ)},
pages = {138--151},
publisher = {ACM},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
2014
Lochau, Malte; Peldszus, Sven; Kowal, Matthias; Schaefer, Ina
Model-Based Testing Proceedings Article
In: Formal Methods for Executable Software Models - 14th International School on Formal Methods for the Design of Computer, Communication, and Software Systems (SFM), pp. 310–342, Springer, 2014.
@inproceedings{LPKS2014,
title = {Model-Based Testing},
author = {Malte Lochau and Sven Peldszus and Matthias Kowal and Ina Schaefer},
doi = {10.1007/978-3-319-07317-0_8},
year = {2014},
date = {2014-01-01},
urldate = {2014-01-01},
booktitle = {Formal Methods for Executable Software Models - 14th International School on Formal Methods for the Design of Computer, Communication, and Software Systems (SFM)},
pages = {310--342},
publisher = {Springer},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}