Keywords: Machine-processable Business Documents, Service-oriented Systems, Product Line Engineering, Evolution, Co-Evolution, Standardization, Variants, Variability
Astract: Standardized business documents specifying the structure and the semantics of information are essential for enabling information exchange in electronic commerce. The United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT) provides a conceptual approach named Core Components (CCs) for defining business documents. In particular, business documents are defined using conceptual models serving as a basis for generating transfer syntax artifacts, such as XML Schema or RelaxNG schemas. These artifacts are used for defining service interfaces in systems, implemented following the Service-Oriented Architecture paradigm. Different subsidiaries of UN/CEFACT's International Trade and Business Process Groups (TBGs) are involved in defining such reusable building blocks. For instance, TGB3 represents the transport and logistics domain and TGB18 is active in the agriculture area. Consequently, the resulting standardized business documents are defined in an all-embracing manner covering the requirements of various business domains. Therefore, for the application in concrete business scenarios, standardized business documents need customizing for fitting a particular business context.
This results in a subset of the standardized business document which we consider as variants of the standardized business document. However, the CCs approach does not provide concepts for managing variants of business documents. Furthermore, the highly dynamic environment of electronic commerce with ever-changing market requirements typically impacts the structure and the semantics of information conveyed in electronic business transactions. However, evolution of standardized business documents has received little attention so far. For addressing these shortcomings we present the following contributions in this thesis. First, though the domain of business document standardization is not considered as a traditional domain in Software Engineering, we argue that concepts from Product Line Engineering (PLE) support us in dealing with business document variants. Thereby, we tackle the challenges from a different perspective that has not been considered so far. Second, we analyze and formalize variability in the CCs approach by employing, adapting, and extending existing variability concepts from PLE. Third, variability mechanisms are exploited for supporting the process of customizing standardized business documents.
Fourth, concepts are developed for managing access control in the context of PLE for business documents. Fifth, we define a reference model for the collaborative development and maintenance of the reusable building blocks which represents one source of evolution in the CCs approach. Sixth, we present evolution patterns for making evolution challenges more tangible. Seventh, we define model management operators for dealing with evolving business documents. Eighth, the concepts of Service Interface Adapters and Interoperability as a Service are introduced for translating between different versions of a particular business document.

Keywords:
Astract: Electronic data interchange (EDI) is the domain of exchanging business documents in a structured format. Nowadays, these systems take more and more advantage of service-oriented solutions. Nevertheless, a rigorous approach to customize the input and output messages of these services to the context of a business partnership is required. In this paper we suggest a model-driven approach to develop the XML Schemas of input and output messages of Web Services. Since classical data modeling approaches like regular UML class diagrams are not sufficient for modeling business documents, we base our approach on the UN/CEFACT Core Components Technical Specification (CCTS), which does not come with a presentation syntax. Thus, we deliver a UML profile extending class diagrams by CCTS concepts, called UML Profile for Core Components (UPCC). UPCC models are transferred to equivalent XML Schemas following well-defined naming and design rules. In order to allow for an easy search and retrieval of core component business document definitions, a registry is needed. The registry has to handle UPCC models - that are exchanged and stored in XMI - as well as their XML Schema equivalences. In this paper, we extend the ebRIM registry meta model for the special purpose of registering core component artifacts and defining their inter-dependencies.

Keywords:

Keywords:
Astract: Aspect-orientation provides a new way of modularization by clearly separating crosscutting concerns from noncrosscutting ones. While aspect-orientation originally has emerged at the programming level, it now stretches also over other development phases. There are, for example, already several proposals for Aspect-Oriented Modeling (AOM), most of them pursuing distinguished goals, providing different concepts as well as notations, and showing various levels of maturity. Consequently, there is an urgent need to provide an in-depth survey, clearly identifying commonalities and differences between current AOM approaches. Existing surveys in this area focus more on comprehensibility with respect to development phases or evaluated approaches rather than on comparability on bases of a detailed evaluation framework. This article tries to fill this gap focusing on aspect-oriented design modeling. As a prerequisite for an in-depth evaluation, a conceptual reference model is presented as the article's first contribution, centrally capturing the basic design concepts of AOM and their interrelationships in terms of a UML class diagram. Based on this conceptual reference model, an evaluation framework has been designed, resembling the second contribution, by deriving a detailed and well-defined catalogue of evaluation criteria, thereby operationalizing the conceptual reference model. This criteria catalogue is employed together with a running example in order to evaluate a carefully selected set of eight design-level AOM approaches representing the third contribution of the article. This per approach evaluation is complemented with an extensive report on lessons learned, summarizing the approaches' strengths and shortcomings.

Keywords:
Astract: Voice over Internet Protocol based systems replace phone lines in many scenarios and are in wide use today. Automated security tests of such systems are required to detect implementation and configuration mistakes early and in an efficient way. In this paper we present a plugin for our fuzzer framework fuzzolution to automatically detect security vulnerabilities in Session Initiation Protocol based Voice over Internet Protocol softphones, which are examples for endpoints in such telephone systems. The presented approach automates the interaction with the Graphical User Interface of the softphones during test execution and also observes the behavior of the softphones using multiple metrics. Results of testing two open source softphones by using our fuzzer showed that various unknown vulnerabilities could be identified with the implemented plugin for our fuzzing framework.

Keywords:
Astract: Voice over IP (VoIP) is in wide use today, replacing phone lines in many scenarios. However, often, security isn't considered well enough, even though many security attacks are already known. More research on VoIP security is needed to enhance the level of security of VoIP systems and to show the implications of failing to take appropriate security measures. This paper presents a short introduc- tion in testing VoIP components, proposes an architecture and implementation of a robust, flexible and efficient VoIP test environment for security related tests. Experiences us- ing the implemented environment for different VoIP security tests are shown to demonstrate the suitability of the pro- posed test environment for research and teaching purposes

Keywords:
Astract: When software is developed in teams - the standard way software is developed today - versioning systems are the first choice for the management of collaboration. From a technical point of view, versioning systems have to face several challenges. Depending on the applied versioning paradigm, functionalities such as synchronous editing, branching, storing different versions, merging, etc. are required. Since much effort has been spent into realizing these tasks, measurable progress has been achieved over the last decades. Unfortunately, a lack of empirical studies exists to find out the actual requirements arising from practice. Therefore, we conducted an online survey and interviewed representative users of versioning systems from academia and industry. Special emphasis is on the versioning of software models, which are nowadays becoming more and more important as there is a trend to model-driven software engineering. The results of our empirical studies show that not all requirements of developers are satisfied by current versioning systems. Especially, more emphasis has to be put on the management of collaborative development, e.g., the division of work and the management of conflicts.

Keywords:

Keywords:
Astract: In the context of model-based tool integration, model transformation languages are the first choice for realizing model exchange between heterogenous tools. However, the lack of a conceptual view on the integration problem and appropriate reuse mechanisms for already existing integration knowledge forces the developer to define model transformation code again and again for certain recurring integration problems in an implementation-oriented manner resulting in low productivity and maintainability of integration solutions. In this chapter, we summarize our work on a framework for model-based tool integration which is based on well-established conceptual modeling techniques. It allows to design integration models on a conceptual level in terms of UML component diagrams. Not only the design-time is supported by conceptual models, but also the runtime, i.e., the execution of integration models, is represented by conceptual models in terms of Coloured Petri Nets. Furthermore, we show how reusable integration components for resolving structural metamodel heterogeneities, which are one of the most frequently recurring integration problems, can be implemented within our framework.

Keywords:
Astract: Integrating Semantic Web concepts into the domain of e-business is a hot topic. However, most of the efforts spent so far concentrated on the improvement on B2C (business-to-consumer) e-commerce applications, achieved by semantic enrichment of information. With the growing importance of Service Oriented Architectures (SOA) companies started to move into the section of the Electronic Data Interchange (EDI), where applications exchange their business information semi-automatically. This B2B (business-to-business) electronic commerce is driven by aligning the internal business processes of companies to publicly available business processes. Thereby companies often do not consider the economic drivers of their business processes, which leads to incompatibilities between management, administration and technical layers. This chapter covers the two major domains of e-business / e-commerce, namely B2B and B2C. In the first, a model-driven approach towards B2B IT solutions is introduced, covering semantic aspects dealing with business models, business process models, and business document models. In the second application domain, the basic concepts of Semantic Web in the area of B2C electronic commerce are examined using a representative example from the e-tourism domain.