Publications
List of Publications
Business Informatics Group, TU Wien
Shell activity logging and auditing in exercise environments of security Lectures using OSS
Florian PritzFlorian FankhauserThomas GrechenigKeywords: IT Security, Activity Auditing, Log Management, Logging, Open Source Software
Astract: Activity auditing is the practice of recording activities on a system and later analysing them regarding abuse of the system or for unauthorized activity. Being able to audit a system is also necessary to comply with certain regulations and certifications that restrict system and information usage. An auditor can use the audit log data to verify that the organisations systems, and the information that is stored on them, were used in accordance with the requirements of the relevant regulations. By proving such compliance, auditing not only allows detection of abuse, but also allows the organisation to prove their accountability by showing that they adhere to strict standards. An example where auditing system usage is useful can be found in exercise environments at universities. Various security courses provide exercises where students can try security related tasks on (virtual) machines and experiment with security tools in a controlled environment. Students reach this environment from the internet by using Secure Shell (SSH). This environment may deliberately contain vulnerable services or software for teaching purposes, but students are not allowed to misuse the environment by attacking it or other hosts on the internet. The purpose of this thesis is to develop an activity auditing concept that allows the course administration to track abuse of the environment back to an attacker. To achieve this goal, this thesis uses expert interviews, threat modelling techniques and risk management methods to determine the requirements for an activity auditing solution. It further performs a literature review to supplement the requirements profile. The identified requirements profile is compared with published solutions and, based on the obtained overall picture, an adequate solution concept is created. This concept is then implemented as a proof of concept implementation. The implementation is evaluated and tested to show that the identified requirements are fulfilled. A central element of the concept is the recording of all activities without exception by logging all inand output data that is being transfered via Secure Shell (SSH). The concept records all student activity by recording all inand output data sent over the encrypted SSH connection. The resulting activity audit logs can then be forensically examined and they can be replayed for additional insights. Finally, the work shows if and to what extent the solution concept is fit for use in different environments.
Pritz, F. (2019). Shell activity logging and auditing in exercise environments of security Lectures using OSS [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2019.65385
BIM and blockchain : a decentralized solution for a change management workflow in construction projects
David PeherstorferGalina PaskalevaManuel WimmerKeywords: •Building Information Modelling, Blockchain, Smart Contracts, Ethereum, Construction
Astract: There is a big potential for process optimizations, due to the digitalization gap in the construction business. New digital technologies, as the Building Information Modelling (BIM), are increasingly being adapted by the stakeholders in this area. On the other hand, blockchain is a very new and innovative technology domain which has grown immensely in the last several years, and where people are now trying to find the right use-cases. Especially, the even newer field of smart contract development has opened the door for a large amount of possible applications, where it is neither clear if these can actually be implemented as envisioned, nor if there is even a need for a decentralized solution at all. In a construction project, changes on BIM models are only to be approved by the appropriate stakeholder. Therefore, we have combined the BIM models, which are stored using a Git repository, with a release management workflow, which is realised as a smart contract on the Ethereum blockchain.This enables the workflow to be transparent, traceable and its results to be immutable. The goal of this work is to create a prototype and compare it to other (off-chain) solutions and to evaluate if an application of a combination of BIM and blockchain yields an advantage in terms of costs and security.
Peherstorfer, D. (2019). BIM and blockchain : a decentralized solution for a change management workflow in construction projects [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2019.58609
A Feature-Based Classification of Formal Verification Techniques for Software Models
Sebastian GabmeyerPetra KaufmannMartina SeidlMartin GogollaGerti Kappel
Gabmeyer, S., Kaufmann, P., Seidl, M., Gogolla, M., & Kappel, G. (2019). A Feature-Based Classification of Formal Verification Techniques for Software Models. Software and Systems Modeling, 18(1), 473–498. https://doi.org/10.1007/s10270-017-0591-z
Modeling Variability and Persisting Configurations in OPC UA
Bernhard WallyChristian HuemerAlexandra MazakManuel WimmerRadek ŠindelářPeter ButalaEdvard GovekarRok VrabicKeywords:
Astract: Variability is crucial in the design of many advanced goods and it is also receiving increasing attention in production systems engineering. Since OPC Unified Architecture plays an important role when it comes to standardized information exchange in modern production systems, it can be a melting pot for information from various engineering domains, such as product design and production engineering - thus, it is an ideal place to hold variability information of products and production systems alike. Based on an initial variability information model we propose additional concepts for the persisting of configurations.
Wally, B., Huemer, C., Mazak, A., Wimmer, M., & Šindelář, R. (2019). Modeling Variability and Persisting Configurations in OPC UA. In P. Butala, E. Govekar, & R. Vrabic (Eds.), 52nd CIRP Conference on Manufacturing Systems (CMS), Ljubljana, Slovenia, June 12-14, 2019 (pp. 13–18). Elsevier BV. https://doi.org/10.1016/j.procir.2019.03.003
Contents for a Model-Based Software Engineering Body of Knowledge
Loli BurgueñoFederico CiccozziMichalis FamelisGerti KappelLeen LambersSebastien MosserRichard F. PaigeAlfonso PierantonioArend RensinkRick SalayGabriele TaentzerAntonio VallecilloManuel WimmerKeywords:
Astract: Although Model-Based Software Engineering (MBE) is a widely accepted Software Engineering (SE) discipline, no agreed-upon core set of concepts and practices (i.e., a Body of Knowledge) has been defined for it yet. With the goals of characterizing the contents of the MBE discipline, promoting a global consistent view of it, clarifying its scope with regard to other SE disciplines, and defining a foundation for the development of educational curricula on MBE, this paper proposes the contents for a Body of Knowledge for MBE. We also describe the methodology that we have used to come up with the proposed list of contents, as well as the results of a survey study that we conducted to sound out the opinion of the community on the importance of the proposed topics and their level of coverage in the existing SE curricula.
Burgueño, L., Ciccozzi, F., Famelis, M., Kappel, G., Lambers, L., Mosser, S., Paige, R. F., Pierantonio, A., Rensink, A., Salay, R., Taentzer, G., Vallecillo, A., & Wimmer, M. (2019). Contents for a Model-Based Software Engineering Body of Knowledge. Software and Systems Modeling, 18(6), 3193–3205. https://doi.org/10.1007/s10270-019-00746-9
Flexible Production Systems: Automated Generation of Operations Plans based on ISA-95 and PDDL
Bernhard WallyJiri VyskocilPetr NovakChristian HuemerRadek SindelarPetr KaderaAlexandra MazakManuel WimmerKeywords:
Astract: Model-driven engineering (MDE) provides tools and methods for the manipulation of formal models. In this letter, we leverage MDE for the transformation of production system models into flat files that are understood by general purpose planning tools and that enable the computation of "plans", i.e., sequences of production steps that are required to reach certain production goals. These plans are then merged back into the production system model, thus enriching the formalized production system knowledge.
Wally, B., Vyskocil, J., Novak, P., Huemer, C., Sindelar, R., Kadera, P., Mazak, A., & Wimmer, M. (2019). Flexible Production Systems: Automated Generation of Operations Plans based on ISA-95 and PDDL. IEEE Robotics and Automation Letters, 4(4), 4062–4069. https://doi.org/10.1109/lra.2019.2929991
Klassifizierung von Anforderungen aus Ausschreibungen
Alexander SchörghuberAlexandra Mazak-HuemerGerti KappelKeywords: classification modelling; request for tender; RFT
Astract: In the tender process, the customer publishes a request for tender (RFT) document containing a large list of contractly binding requirements. Suppliers need to process all of them and come up with solutions for each requirement. This thesis is written in cooperation with an industry partner on the supplier side. Since not a single person can answer all requirements, these are further assigned to responsible experts. This split is performed based on roles within the project, such as project management or technical experts for some of the companys products. Within this thesis, such a role is abstractly called subsystem. This assignment is done manually by a single person, making this task tedious and time-consuming. To support the partner, a machine learning approach is developed to automatically assign requirements to subsystems. In a literature review, suitable machine learning methods are identified, which are then compared in a benchmark to find the best configuration for each of four selected subsystems. These configurations are then checked upon generalization by evaluating them on five additional subsystems. The reasons for false classification are then identified in an interview with the person, who is currently in charge with the assignment.
Schörghuber, A. (2019). Klassifizierung von Anforderungen aus Ausschreibungen [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2019.53447
2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems Companion
Loli BurgueñoAlexander PretschnerSebastian VossMichel ChaudronJörg KienzleMarkus VölterSébastien GérardMansooreh ZahediErwan BousseArend RensinkFiona PolackGregor EngelsGerti KappelKeywords:
Astract: This joint volume of proceedings gathers together papers from the satellite and collocated events with MODELS 2019 including the workshops (listed below), Educators and Doctoral Symposia, and Posters and Tools & Demonstrations sessions. These events were all held during the ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems (MODELS), September 15th- 20th, 2019. MODELS is the premier conference series for model-based software and systems engineering covering all aspects of modeling from languages and methods to tools and applications, and has done so since 1998. The many workshops at MODELS (see the list below) provide devoted meetings for discussion and sharing of ideas relevant to a specific topic. The Tool and Demonstrations event recognizes the importance of tools to MDE, and includes submissions of both industry and research tools. The Posters session provides a venue for researchers to present and receive feedback on early and ongoing projects, innovative applications of existing tools, and ideas for novel applications in the area of MDE. The Doctoral Symposium and ACM Student Research Competition support student research. The Educators Symposium provides a venue for educators interested in MDE to gather to share ideas and discuss relevant topics and trends. The Doctoral Symposium enables young researchers to present receive feedback on their existing and planned research projects from their fellow students and experienced faculty mentors in the area of MDE.
Burgueño, L., Pretschner, A., Voss, S., Chaudron, M., Kienzle, J., Völter, M., Gérard, S., Zahedi, M., Bousse, E., Rensink, A., Polack, F., Engels, G., & Kappel, G. (Eds.). (2019). 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems Companion. IEEE C.P.S. Publishing Services. https://doi.org/10.1109/models-c48269.2019
CPS/IoT Ecosystem: A Platform for Research and Education
Haris IsakovicDenise RatasichChristian HirschMichael PlatzerBernhard WallyThomas RauschDejan NickovicWillibald KrennGerti KappelSchahram DustdarRadu GrosuRoger ChamberlainWalid TahaMartin TörngrenKeywords:
Astract: The CPS/IoT Ecosystem project aims to build an IoT infrastructure that will be used as a platform for research and education in multiple disciplines related to CPS and IoT. The main objective is to provide a real-world infrastructure, and allow students and researchers explore its capabilities on actual use cases.
Isakovic, H., Ratasich, D., Hirsch, C., Platzer, M., Wally, B., Rausch, T., Nickovic, D., Krenn, W., Kappel, G., Dustdar, S., & Grosu, R. (2019). CPS/IoT Ecosystem: A Platform for Research and Education. In R. Chamberlain, W. Taha, & M. Törngren (Eds.), Cyber Physical Systems. Model-Based Design (pp. 206–213). Springer International Publishing. https://doi.org/10.1007/978-3-030-23703-5_12
Production Planning with IEC 62264 and PDDL
Bernhard WallyJiří VyskočilPetr NovakChristian HuemerRadek SindelarP. KaderaAlexandra MazakManuel WimmerKeywords:
Astract: Smart production systems need to be able to adapt to changing environments and market needs. They have to reflect changes in (i) the reconfiguration of the production systems themselves, (ii) the processes they perform or (iii) the products they produce. Manual intervention for system adaptation is costly and potentially error-prone. In this article, we propose a model-driven approach for the automatic generation and regeneration of production plans that can be triggered anytime a change in any of the three aforementioned parameters occurs.
Wally, B., Vyskočil, J., Novak, P., Huemer, C., Sindelar, R., Kadera, P., Mazak, A., & Wimmer, M. (2019). Production Planning with IEC 62264 and PDDL. In Proceedings of the 17th IEEE International Conference on Industrial Informatics (INDIN 2019) (pp. 492–499). IEEE. http://hdl.handle.net/20.500.12708/57844