Keywords: IT Security, Activity Auditing, Log Management, Logging, Open Source Software
Astract: Activity auditing is the practice of recording activities on a system and later analysing them regarding abuse of the system or for unauthorized activity. Being able to audit a system is also necessary to comply with certain regulations and certifications that restrict system and information usage. An auditor can use the audit log data to verify that the organisations systems, and the information that is stored on them, were used in accordance with the requirements of the relevant regulations. By proving such compliance, auditing not only allows detection of abuse, but also allows the organisation to prove their accountability by showing that they adhere to strict standards. An example where auditing system usage is useful can be found in exercise environments at universities. Various security courses provide exercises where students can try security related tasks on (virtual) machines and experiment with security tools in a controlled environment. Students reach this environment from the internet by using Secure Shell (SSH). This environment may deliberately contain vulnerable services or software for teaching purposes, but students are not allowed to misuse the environment by attacking it or other hosts on the internet. The purpose of this thesis is to develop an activity auditing concept that allows the course administration to track abuse of the environment back to an attacker. To achieve this goal, this thesis uses expert interviews, threat modelling techniques and risk management methods to determine the requirements for an activity auditing solution. It further performs a literature review to supplement the requirements profile. The identified requirements profile is compared with published solutions and, based on the obtained overall picture, an adequate solution concept is created. This concept is then implemented as a proof of concept implementation. The implementation is evaluated and tested to show that the identified requirements are fulfilled. A central element of the concept is the recording of all activities without exception by logging all inand output data that is being transfered via Secure Shell (SSH). The concept records all student activity by recording all inand output data sent over the encrypted SSH connection. The resulting activity audit logs can then be forensically examined and they can be replayed for additional insights. Finally, the work shows if and to what extent the solution concept is fit for use in different environments.

Keywords: •Building Information Modelling, Blockchain, Smart Contracts, Ethereum, Construction
Astract: There is a big potential for process optimizations, due to the digitalization gap in the construction business. New digital technologies, as the Building Information Modelling (BIM), are increasingly being adapted by the stakeholders in this area. On the other hand, blockchain is a very new and innovative technology domain which has grown immensely in the last several years, and where people are now trying to find the right use-cases. Especially, the even newer field of smart contract development has opened the door for a large amount of possible applications, where it is neither clear if these can actually be implemented as envisioned, nor if there is even a need for a decentralized solution at all. In a construction project, changes on BIM models are only to be approved by the appropriate stakeholder. Therefore, we have combined the BIM models, which are stored using a Git repository, with a release management workflow, which is realised as a smart contract on the Ethereum blockchain.This enables the workflow to be transparent, traceable and its results to be immutable. The goal of this work is to create a prototype and compare it to other (off-chain) solutions and to evaluate if an application of a combination of BIM and blockchain yields an advantage in terms of costs and security.

Keywords:

Keywords:
Astract: Variability is crucial in the design of many advanced goods and it is also receiving increasing attention in production systems engineering. Since OPC Unified Architecture plays an important role when it comes to standardized information exchange in modern production systems, it can be a melting pot for information from various engineering domains, such as product design and production engineering - thus, it is an ideal place to hold variability information of products and production systems alike. Based on an initial variability information model we propose additional concepts for the persisting of configurations.

Keywords:
Astract: Although Model-Based Software Engineering (MBE) is a widely accepted Software Engineering (SE) discipline, no agreed-upon core set of concepts and practices (i.e., a Body of Knowledge) has been defined for it yet. With the goals of characterizing the contents of the MBE discipline, promoting a global consistent view of it, clarifying its scope with regard to other SE disciplines, and defining a foundation for the development of educational curricula on MBE, this paper proposes the contents for a Body of Knowledge for MBE. We also describe the methodology that we have used to come up with the proposed list of contents, as well as the results of a survey study that we conducted to sound out the opinion of the community on the importance of the proposed topics and their level of coverage in the existing SE curricula.

Keywords:
Astract: Model-driven engineering (MDE) provides tools and methods for the manipulation of formal models. In this letter, we leverage MDE for the transformation of production system models into flat files that are understood by general purpose planning tools and that enable the computation of "plans", i.e., sequences of production steps that are required to reach certain production goals. These plans are then merged back into the production system model, thus enriching the formalized production system knowledge.

Keywords: classification modelling; request for tender; RFT
Astract: In the tender process, the customer publishes a request for tender (RFT) document containing a large list of contractly binding requirements. Suppliers need to process all of them and come up with solutions for each requirement. This thesis is written in cooperation with an industry partner on the supplier side. Since not a single person can answer all requirements, these are further assigned to responsible experts. This split is performed based on roles within the project, such as project management or technical experts for some of the companys products. Within this thesis, such a role is abstractly called subsystem. This assignment is done manually by a single person, making this task tedious and time-consuming. To support the partner, a machine learning approach is developed to automatically assign requirements to subsystems. In a literature review, suitable machine learning methods are identified, which are then compared in a benchmark to find the best configuration for each of four selected subsystems. These configurations are then checked upon generalization by evaluating them on five additional subsystems. The reasons for false classification are then identified in an interview with the person, who is currently in charge with the assignment.

Keywords:
Astract: This joint volume of proceedings gathers together papers from the satellite and collocated events with MODELS 2019 including the workshops (listed below), Educators and Doctoral Symposia, and Posters and Tools & Demonstrations sessions. These events were all held during the ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems (MODELS), September 15th- 20th, 2019. MODELS is the premier conference series for model-based software and systems engineering covering all aspects of modeling from languages and methods to tools and applications, and has done so since 1998. The many workshops at MODELS (see the list below) provide devoted meetings for discussion and sharing of ideas relevant to a specific topic. The Tool and Demonstrations event recognizes the importance of tools to MDE, and includes submissions of both industry and research tools. The Posters session provides a venue for researchers to present and receive feedback on early and ongoing projects, innovative applications of existing tools, and ideas for novel applications in the area of MDE. The Doctoral Symposium and ACM Student Research Competition support student research. The Educators Symposium provides a venue for educators interested in MDE to gather to share ideas and discuss relevant topics and trends. The Doctoral Symposium enables young researchers to present receive feedback on their existing and planned research projects from their fellow students and experienced faculty mentors in the area of MDE.

Keywords:
Astract: The CPS/IoT Ecosystem project aims to build an IoT infrastructure that will be used as a platform for research and education in multiple disciplines related to CPS and IoT. The main objective is to provide a real-world infrastructure, and allow students and researchers explore its capabilities on actual use cases.

Keywords:
Astract: Smart production systems need to be able to adapt to changing environments and market needs. They have to reflect changes in (i) the reconfiguration of the production systems themselves, (ii) the processes they perform or (iii) the products they produce. Manual intervention for system adaptation is costly and potentially error-prone. In this article, we propose a model-driven approach for the automatic generation and regeneration of production plans that can be triggered anytime a change in any of the three aforementioned parameters occurs.