Publications
List of Publications
Business Informatics Group, TU Wien
Reuse in Model-to-Model Transformation Languages: Are we there yet?
A. KuselJ. SchönböckManuel WimmerGerti KappelW. RetschitzeggerW. Schwinger
Kusel, A., Schönböck, J., Wimmer, M., Kappel, G., Retschitzegger, W., & Schwinger, W. (2013). Reuse in Model-to-Model Transformation Languages: Are we there yet? Software and Systems Modeling, 14(2), 537–572. https://doi.org/10.1007/s10270-013-0343-7
Evolution of Business Documents Based on UN/CEFACT's Core Components
Christian PichlerChristian HuemerManuel WimmerKeywords:
Astract: Standardized business documents are a prerequisite for successful information exchange in electronic business transactions. The United Nations Centre for Trade Facilitation and eBusiness (UN/CEFACT) provides a conceptual modeling approach, called Core Components, used by Business Partners (BPs) for defining business document models (BDMs). BDMs are essential for defining service interfaces in service-oriented systems. However, in such a highly dynamic environment with ever-changing market demands, BPs are confronted with the need to revise their BDMs resulting in a multitude of different versions. BPs may dictate the use of new versions of BDMs, but small- and medium-sized enterprises (SMEs) may not always adopt new BDM versions due to the cost and effort involved, inhibiting automated electronic information exchange. In this article, we propose a framework including (i) a classification of the impact of changes in BDMs, (ii) evolution templates for the automated transformation of business documents between different BDM versions, and (iii) mitigation strategies for evolutions where fully-automated and semantic-preserving transformations are not feasible. Having such a framework at hand provides SMEs with a low-cost and light-weight approach for dealing with evolving market requirements and hence evolving business documents. Finally, we analyze the evolution of UN/CEFACT's Cross Industry Invoice which has been mandated to be used for electronic invoicing within the European Union as well as present a critical discussion of the evolution templates defined.
Pichler, C., Huemer, C., & Wimmer, M. (2013). Evolution of Business Documents Based on UN/CEFACT’s Core Components. International Journal of Software and Informatics, 7(2), 331–356. http://hdl.handle.net/20.500.12708/155128
Analyse spezieller Anforderungen an Sicherheitstesttools für GUI-basierte Anwendungen und Entwurf eines toolgestützten methodischen Sicherheitstestvorgehens
Stefan TaberFlorian FankhauserThomas GrechenigKeywords: Software Testing, Security Tests, GUI Testing, GUI, GUI Testing Framework;
Astract: Nowadays most applications use Graphical User Interfaces (GUIs) to interact with the user. Those GUIs are frequently used by attackers to manipulate applications. Although applications are usually tested intensely, the GUIs of the applications are rarely checked with respect to the most critical security aspects. To increase the robustness of the applications, appropriate automated security testing is required the identifies vulnerabilities in the application reliably.
The objective of this master's thesis is to design a comprehensive GUI testing framework that not only allows functional testing of GUIs but also security tests.
First, fundamentals of automated security testing of GUIs and relevant requirements of these are discussed through literature research.
Subsequently, a comparative overview of existing tools for GUI testing is given. This research shows that most of the tools are only suitable for functional testing, where as using these tools for security testing is not feasible. Reasons for that are the lack of support for suitable analytical systems to identify emerging vulnerabilities and a clear separation between test data and test cases. The latter is required for executing the test cases with many different security-relevant test data.
Based on these observations a new platform- and programming language-independent testing framework is designed. It builds on existing solutions to support many different applications with different GUIs (e.g. Java applications and websites). The designed framework supports not only functional testing of the GUIs but particularly considers the special requirements of security tests. The proposed design serves as a model for the development of GUI testing frameworks to increase the quality and security of GUIs.
Taber, S. (2013). Analyse spezieller Anforderungen an Sicherheitstesttools für GUI-basierte Anwendungen und Entwurf eines toolgestützten methodischen Sicherheitstestvorgehens [Diploma Thesis, Technische Universität Wien]. reposiTUm. http://hdl.handle.net/20.500.12708/159704
Keywords:
Astract: UML is a standardized modeling language that is used in many application domains. Many companies use UML within their processes, and many UML models exist in different domains. With UML, a variety of systems can be modeled, for example software systems, business processes, and production processes. Since UML is a language that is used for many application domains, the question arises how UML is used in practice. Currently, there are only a few empirical studies about the practical use of UML. None of these studies has analyzed real world models. In most cases the usage of UML has been analyzed by surveys or investigating current UML literature and UML modeling tools. Therefore, this work is devoted to the research question of how UML is used in practice and tries to answer this question by analyzing real world models. In particular, the following questions are answered: Which UML language units are used? Which UML language concepts are used? Which UML diagrams are used? Which relationships are used between UML concepts of different UML language units? Which UML profiles are used to provide additional information in UML models? To answer these questions, 92 UML models, which are publicly accessible on the Web and created with the Enterprise Architect (EA) modeling tool, were quantitatively analyzed. EA was chosen as modeling tool because it provides its own API which enables to access the content of a model with script languages such as JavaScript or Visual Basic. The results gave an insight into the usage of UML. Particularly, it could be determined which of the considered UML concepts and UML diagrams were often used and which were rarely used. Furthermore, the results showed between which UML language units more or less relationships were modeled. UML profiles were used quite commonly, but only a few different UML profileshave been used. Finally, the master thesis revealed that further evaluations concerning the usage of UML are needed to obtain more reliable data about how UML is used in practice.
Bohn, A. (2013). Towards an understanding of the practical use of UML [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2013.21928
Keywords:
Astract: This book constitutes the refereed proceedings of the 6th International Conference on Theory and Practice of Model Transformations, ICMT 2013, held in Budapest, Hungary, in June 2013. The 13 full papers and 5 tool and application demonstrations were carefully selected from 58 submissions. The papers are grouped in topical sections which focus on new programming models, tools and applications, evolution and synchronization, transformation engineering, and testing.
Duddy, K., & Kappel, G. (Eds.). (2013). Theory and Practice of Model Transformations. Springer LNCS. https://doi.org/10.1007/978-3-642-38883-5
2013 IEEE International Conference on Business Informatics
Birgit HofreiterKwei-Jay LinChristian HuemerErik ProperJorge SanzKeywords:
Astract: The IEEE Conference on Business Informatics (CBI) constitutes the next step in the evolution of the IEEE Conference on e-Commerce and Enterprise Computing (CEC). The first event under this new banner takes place in Vienna, Austria, July 15 - 18, 2013. The change in the name and scope of the conference is congruent to the renaming of the IEEE Technical Committee on e-Commerce to the IEEE Technical Committee on Business Informatics and Systems (TCBIS).
In summary, the program of CBI 2013 consists of nine key note presentations on the research domains, 15 academic paper sessions, three industry paper sessions, three workshops, a tutorial and a panel. We are looking forward to innovative research results and high quality contributions on a broad range of business informatics. This has been guaranteed by a very selective paper selection process. In total we received 103 submissions from 29 countries to the research tracks of the conference. Each submission received at least three review reports, whereby the reviews were based on five criteria: relevance to the subject of the conference track, originality, technical depth, potential impact on the community, and presentation. Out of the total amount of 103 submissions, the program committee selected 26 full papers in the research track. This results in an acceptance rate of 25% for full research papers. Furthermore, 16 short papers were accepted. In addition, these proceedings include 9 papers of the industry track, and 13 papers of the workshops.
Hofreiter, B., Lin, K.-J., Huemer, C., Proper, E., & Sanz, J. (Eds.). (2013). 2013 IEEE International Conference on Business Informatics. IEEE Computer Society. http://hdl.handle.net/20.500.12708/23695
Keywords:
Astract: This book constitutes the refereed proceedings of the 14th International Conference on Electronic Commerce and Web Technologies (EC-Web) held in Prague, Czech Republic, in August 2013. In 2013, EC-Web focused on recommender systems, semantic e-business, business services and process management, and agent-based e-commerce. The 13 full and 6 short papers accepted for EC-Web, selected from 43 submissions, were carefully reviewed based on their originality, quality, relevance, and presentation.
Huemer, C., & Lops, P. (Eds.). (2013). E-Commerce, and Web Technologies. Springer, Lecture Notes in Business Information Processing (LNBIP). https://doi.org/10.1007/978-3-642-39878-0
Conceptualization of feature models for multi-client capable mobile applications
Philip MesslehnerChristian HuemerKeywords:
Astract: Nowadays, an increasing amount of data is stored in the cloud. At the same time, companies start using mobile applications to operate and improve their business processes. However, mobile applications offered by the cloud-storage providers do not satisfy the needs of such companies. The following three problems have been identified which prevent the usage of these applications. First of all, the feature set of these applications is definite. Therefore, companies are not able to extend the applications to meet their requirements to handle their business processes. In addition, the applications do not enable the companies to apply their corporate identity on the user interface. And, finally, companies want to have control over the distribution of their applications and decide which users are allowed to download and use their applications. The different kinds of variability encountered result from the various requirements of each company. The solution for these problems is to systematically deal with variability in such applications. Therefore, this thesis applies concepts from product line engineering to the domain of mobile applications. Hence, this thesis defines a feature model corresponding to the users requirements. Furthermore, concepts and techniques have been developed for implementing variability mechanisms in Objective-C. Consequently, a software product line has been created using these developed tools and the corresponding feature model. This allows the efficient derivation of customized products based on the software product line. The resulting approach based on software product lines allows to create a flexible application which is extendable with custom modules and components requested by users. Through this customization and extension the application's features are adapted to the company's business processes.
Messlehner, P. (2013). Conceptualization of feature models for multi-client capable mobile applications [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2013.22603
Keywords:
Astract: As the approach of Model-Driven Engineering (MDE) is becoming mainstream in modern software development practices, there is a growing variety of tools to support the lifecycle of modeling artifacts. Standards such as Meta-Object Facility (MOF) defined by the Object Management Group (OMG) help to avoid information loss when trying to integrate multiple modeling tools across their technical boundaries. The Eclipse-based modeling tool SERAPIS by Sphinx IT Consulting defines a proprietary meta-language which is not compliant to MOF or any other modeling standard. As a consequence, metamodels specified in this meta-language and therefore also the instantiations of these metamodels cannot be interchanged with existing tools based on standards such as MOF which results in a vendor-lock for customers. The contribution of this master thesis is to develop a transformation approach allowing to translate metamodels and models from the SERAPIS technical space to the Eclipse Modeling Framework (EMF), which employs the meta-language Ecore as the de facto standard corresponding to MOF. The strategy to achieve this is based on an approach presented in the Ph.D. thesis by Dr. Manuel Wimmer who suggests a semi-automatic transformation for metamodels by mapping the corresponding meta-languages. Moreover, we specialize this approach to also enable the automatic transformation of SERAPIS models based on the mappings of their metamodels. The transformation approach developed in this work is implemented in the Eclipse IDE in order to prove its feasibility and to evaluate the generated results.
Margreiter, G. (2013). SERAPIS 2 Ecore - bridging two modeling spaces in Eclipse [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2013.21938
Guided Merging of Sequence Diagrams
Magdalena WidlArmin BierePetra KaufmannUwe EglyMarijn HeuleGerti KappelMartina SeidlHans Tompits
Widl, M., Biere, A., Kaufmann, P., Egly, U., Heule, M., Kappel, G., Seidl, M., & Tompits, H. (2013). Guided Merging of Sequence Diagrams. In Software Language Engineering (pp. 164–183). Lecture Notes in Computer Science Volume 7745. https://doi.org/10.1007/978-3-642-36089-3_10