Keywords:
Astract: Among the plethora of industrial standards available in the context of smart manufacturing, one series of standards is consistently being mentioned for dealing with manufacturing operations management: IEC 62264. Its second part provides a conceptual model for the description of production systems and their capabilities, including runtime information such as concrete maintenance schedules or achieved production goals. In this work, we present a concrete graphical syntax and toolkit for the creation and presentation of IEC 62264-2 compliant models, using techniques from model-driven (software) engineering. We have evaluated our tool by conducting a user study for assessing its usability and effectiveness.

Keywords: Modeling Languages, MDE, DSML
Astract: Model-driven development (MDD) offers advantages in the development process by raising the level of abstraction and reducing the complexity of a specific domain. Domain-Specific Languages (DSLs) used in MDD raise the productivity for developers and improve communication with domain experts. DSLs can be divided into textual languages (TLs) and graphical languages (GLs). IDEs provide different application programming interfaces (APIs) for developing tool support for various languages. If tool support for a language is required in multiple IDEs, the implementation of the same language has to be repeated for each IDE based on their different APIs. For this purpose, the Language Server Protocol (LSP) for TLs separates the editor interface from the language logic and allows the reuse of one language server implementing the language logic across several LSP-based IDEs. Like the LSP, the Graphical Language Server Protocol (GLSP) was invented to transfer the advantages of extensibility and reusability to GLs. Increased complexity in software development leads to an increased number of errors in programs and models and, therefore, it requires debugging facilities for both TLs and GLs. Therefore, the Debug Adapter Protocol (DAP) was invented to standardize the communication between the IDE and a concrete debugger. The DAP intends that an IDE offers one generic graphical user interface for debugging functionality and that there is one debugger per language implementing the language-specific debug logic that can then be reused among IDEs. This thesis analyzes a way of combining the DAP for TLs and the GLSP for GLs to support model debugging in a web-based environment. Furthermore, it is evaluated whether the well-known debugging concepts for debugging source code can be transferred to GLs. The thesis intends to reuse existing debugging components and frameworks developed for TLs. The results of this work are evaluated in two use cases. The first use case is the running example and aims at investigating whether the DAP for TLs can be reused for GLs. The second use case intends to evaluate the reusability of the developed framework concerning further GLs and domain problems. The case study’s results indicate that the DAP enables efficient multi-editor integration of debuggers, i.e., one language-specific debugger can efficiently be integrated with a DAP-based debugging interface and that a DAP-based debugging interface can efficiently integrate with multiple language-specific debuggers. Further, the results show that the developed debugging framework meets the requirements of a modern debugger and facilitates the integration of debugging support for further GLs.

Keywords: behaviour-driven development, model-based testing, behaviour-driven testing
Astract: Behaviour-driven development (BDD) is a strategy to describe a system’s specification using a business domain language: “Given a precondition; “When” some action is performed; “Then” an outcome is achieved'' (GWT). This style improves the communication between the involved parties and the resulting specification can be leveraged to drive automated tests. While this approach works well in practice, it suffers from some disadvantages: It is informal and verbose, thus bearing the risk of failing to specify all parts of a system.Model-based testing (MBT) is a structured approach for automatically generating test cases. It is well-suited for describing complex interactions and cross-linked code paths using models. Even basic graphical state machines can define what takes many pages to write down in natural language. Models describe a system on a higher level of abstraction and allow to quickly recreate test cases in the event that the behaviour of the system changes or gets extended.This thesis presents a testing approach that combines BDD with MBT based on state machine models to automate the process of writing BDD tests. A prototype generating BDD tests from graphical state machine models has been developed and evaluated in a case study with promising results: The generated test cases covered the functionality of the tested system, and the effort to create them was comparable to writing similar test cases by hand. A survey among practitioners showed that while users were able to identify automatically generated BDD tests, in some instances, they preferred them over manually written ones.

Keywords: ISO 26262, EN 50128, DO-178, IEC 61508, MBSE, model-based systems engineering, model-based software engineering, model-driven systems engineering, model-driven software engineering, model-based methods, safety-critical systems, safety life cycle, Systematic Mapping Study, SysML, SysML extension, UML profile, ASIL, ASI, decomposition, ASIL tailoring, safety goal, safety requirement, Automotive Safety Integrity Level, document-centric, international standards for functional safety, design-science research, DSL development, requirement diagram, block diagram, Enterprise Architect, MDG
Astract: Since the release of the IEC 61508 international standard for Functional Safety of Electrical/Electronic/Programmable Electronic (E/E/PE) Safety-related Systems and its specific variants, classical methods of system development have quickly reached their limits due to sophisticated safety requirements such as full traceability. One possible approach to address the issue of managing the ever increasing complexity in the development processes of certified safety-critical systems is model-based systems engineering (MBSE). Different model-based methods are applied depending on their safety-critical domains and specific safety standards such as the ISO 26262 for functional safety of road vehicles rather than applying a set of general methods based only on the parent standard IEC 61508. The first part of the work comprises a Systematic Mapping Study (SMS) investigating and classifying a high number of scientific publications to analyze the similarities and differences of the applied model-based methods and their reasons of application in the standards IEC 61508, ISO 26262 for road vehicles, EN 50128 for railway systems, and DO-178 for airborne systems. Based on the results, a Systematic Map is created in order to identify patterns of model-based methods in different sectors of industry. The second part of the thesis addresses the question of an appropriate means to represent the ISO 26262 Automotive Safety Integrity Level (ASIL) tailoring and decomposition concept in a SysML extension. This includes the development of a SysML profile, a use case, and a descriptive evaluation based on the requirements specified in the ISO 26262 series of standards. This SysML profile can help to simplify the modeling and decomposition requirements for the Automotive Safety Integrity Level concept.

Keywords:
Astract: Es gibt zahlreiche Publikationen, die die digitale Transformation im Tief- und Tunnelbau propagieren. Als Lösungsansatz wird dabei immer wieder Building Information Modeling (BIM) genannt und die Umsetzung der digitalen Transformation basierend auf dieser Methodik gefordert. Der prototypische Charakter eines Tunnelbauprojekts erschwert jedoch eine standardisierte Vorgehensweise. Hinzu kommt, dass die beteiligten Fachdisziplinen für unterschiedliche Gewerke individuelle Softwaretools mit proprietären (nicht standardisierten) Datenformaten nutzen. Durch diese in sich geschlossenen Datenmodelle ist eine offene BIM Arbeitsweise (Open BIM) nur schwer zu realisieren. Das hat der Lehrstuhl für Subsurface Engineering an der Montanuniversität Leoben zum Anlass genommen und zwei anwendungsorientierte Forschungsprojekte zur digitalen Transformation im Tief- und Tunnelbau lanciert, deren Inhalte in diesem Artikel kurz vorgestellt werden. Das „Zentrum am Berg (ZaB)“ dient in beiden Projekten als zentrale Infrastruktur zu Evaluierungszwecken.

Keywords:

Keywords:
Astract: This year´s 39th ER conference is dedicated to a topic that represents a phenomenonunprecedented in the history of humankind. The digital transformation encompasses allareas of life and work. It is accompanied by new types of services, new forms ofdivision of labor, interpersonal interaction, and international cooperation. It thus has adirect impact on how we see the world and what perspectives we develop for our futurelives. Last but not least, we can assume that the ongoing digitalization will also have alasting impact on scientific research. Conceptual modeling is of central importance forthe successful management of the digital transformation. On the one hand, all areas oflife and work are increasingly permeated by software. Conceptual models are requirednot only for the development of software, but also for the appropriate structuring ofdata. They promote reuse, integration, and integrity. Furthermore, conceptual modelsare also suitable for supporting the use of software. They help to open the black box asto which software often presents itself and thus contribute to transparency and userempowerment. At the same time, the digital transformation also brings with it specificchallenges for modeling research. In order to support the design of software that can beadapted to profound changes of requirements, powerful abstractions are needed that arebeyond the capabilities of today´s prevalent modeling languages. In addition, AIresearch, especially in thefield of machine learning, is associated with aquasi-existential challenge of modeling research. Thus, some proponents of AI researchalready foresee the end of traditional conceptual modeling. It would last too long andwould be too expensive. It could be better handled by machines. Such daringhypotheses may be seen as a threat. But above all they are an occasion to reflect onfundamental questions of conceptual modeling, such as the difference between con-cepts and classifications or between human thought and data processing. Probably thecentral question is not whether and when machine learning can take over the humanactivity of conceptual modeling, but how the inductive analysis of large amounts ofdata and human abstraction can be synergistically combined.Given the fascination that the digital transformation holds for conceptual modelingresearch, it is not surprising that we were able to quickly agree on this conference topicduring last year´s ER conference in Salvador, Brazil. At that time, none of us had anyidea that the digital transformation would be significant for the conference in a com-pletely different, less-than-pleasant way. The ongoing COVID-19 pandemic made itnecessary for this year´s conference not to take place as usual: colleagues could notmeet for personal exchange and there was no opportunity to get to know a foreign cityand enjoy local food. This was all the more regrettable as Vienna is one of the world´smost attractive conference venues. COVID-19 also meant that many of us were bur-dened with additional obligations. We therefore considered it appropriate to extend thedeadline for the submission of contributions. Unfortunately, this put increased timepressure on the review process. Nevertheless, we are glad that in the end the reviewswere received on time. Thefirst-time organization of the ER as a virtual conference was associated with anumber of challenges. For example, organizing the program proved to be difficultbecause it was almost impossible tofind a schedule that would accommodate the manytime zones in which the participants would be located during the conference. We wereforced to make compromises here, which led to considerable limitations for individualtime zones. We regret this very much and hope for the understanding of those con-cerned. In addition, it was not possible to foresee the impact that virtualization wouldhave on the number of submissions. We are glad that the response to the call wasconsiderable despite the crisis. A total of 143 contributions were submitted, of which28 were accepted as regular papers and 16 as short papers. The papers cover a broadspectrum of innovative topics, thus underlining the great importance and attractivenessof research on conceptual modeling.We hope that the papers willfind your interest and wish you an inspiring read.Finally, we would like to thank the authors, whose contributions made the conferencepossible, the many reviewers for their outstanding commitment in preparing more than400 expert opinions, and last but not least the senior editors, without whose support wewould not have been able to cope with the evaluation of the expert opinions.

Keywords:
Astract: Legacy systems and their associated data models often evolve into large, monolithic artifacts. This threatens comprehensibility and maintainability by human beings. Breaking down a monolith into a modular structure is an established technique in software engineering. Several previous works aimed to adapt modularization also for conceptual data models. However, we currently see a research gap manifested in the absence of: (i) a flexible and extensible modularization concept for Entity Relationship (ER) models; (ii) of openly available tool support; and (iii) empirical evaluation. With this paper, we introduce a generic encoding of a modularization concept for ER models which enables the use of meta-heuristic search approaches. For the efficient application we introduce the ModulER tool. Eventually, we report on a twofold evaluation: First, we demonstrate feasibility and performance of the approach by two demonstration cases. Second, we report on an initial empirical experiment and a survey we conducted with modelers to compare automated modularizations with manually created ones and to better understand how humans approach ER modularization.

Keywords: Model-Driven Software Engineering, Model-Driven, Industry 4.0, Automated Production Planning, PDDL, ISA-95, IEC-62264, Automated Planning, Model Transformation
Astract: The still ongoing globalization has brought all kinds of manufacturing companies in a difficult position. In order to be competitive, they have to adapt to the market and customer needs as quickly as possible. This adaption also includes the ability to produce new goods as fast as possible, but in old-fashioned manufacturing companies the creation of a production plan often is laborious. Another issue to put focus on is the organization of such production environments. In every structurized production plant there is a model (not necessarily an explicit one) of all the machines, equipment and material the production uses and produces. So if this information of the environment with all dependencies and relations already exists, why not using it for the plan generation? Various publications present ways of how such a flexible factory should look like. This approach relies on the a production environment and its products represented as models. Since this approach optimally should also be implemented in real-life manufacturing companies, testing this approach and evaluating the performance and the quality of the generated plans is crucial. Therefore, in this thesis the author continues the ongoing implementation of a specific production environment and collects performance data in order to provide an overview of the variants and options that bring the best performance.

Keywords: Android Application Security, Automated Security Classification, Google Play Store Security Evaluation, TaaS, Microservice based Framework, OWASP Mobile Top 10, CMU-Rules
Astract: The operating system Android is with almost 85% market share worldwide in a leading position and the Android Google Play Store counts around 2.8 million mobile applications. However, the threats these applications involve remain often untold. In the last few years publications and tools with a focus on security areas such as communication, cryptography and data access or data storage have been published. To compose the functionality of different analysis tools and to accomplish an automated security classification of Android applications with a focus on IT-Security, a web-based Testing as a Service (TaaS) framework has been implemented, which integrates various existing security analysis tools. Based on the analysis results of the integrated tools and the recommendations of the Open Web Application Security Project (OWASP) Top 10 as well as the rules of the CERT Department of the Software Engineering Institute of Carnegie Mellon University (CMU) the framework identifies the security class of the analyzed applications. In order to identify the most common security threats and issues, the most secure and vulnerable Google Play Store categories as well as the changes in the security field of cryptography in the last six years, an evaluation was conducted as part of the thesis to automatically determine the security of 100 android applications from 58 different Google Play Store categories that include categories such as Android Wear, Business or Finance. Analyzing the 5.800 Google Play Store applications using the framework attached tools, as well as the security classification of the defined categories Insufficient Attack Protection, Security Invalidation, Access Control, Sensitive Data Leakage and Input Validation resulted in at least one security issue in about 76% of the evaluated applications. The result of critical or insecure classified applications varied in different Google Play Store categories, with lower rates of critical applications found in security-critical categories such as Business, Family Education, Finance and Medical. Most of the issues were located in the Security Invalidation category or more precisely in the areas of Certificate Validation and Cryptography. In the field of Cryptography rules concerning the usage of Electronic Code Book Mode (ECB), Cipher Block Chaining Mode (CBC) with non-random Initialization Vector (IV) as well as static seeds have been evaluated and resulted overall in a decline of problems in the past six years.