Publications
List of Publications
Business Informatics Group, TU Wien
Keywords: Machine-processable Business Documents, Service-oriented Systems, Product Line Engineering, Evolution, Co-Evolution, Standardization, Variants, Variability
Astract: Standardized business documents specifying the structure and the semantics of information are essential for enabling information exchange in electronic commerce. The United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT) provides a conceptual approach named Core Components (CCs) for defining business documents. In particular, business documents are defined using conceptual models serving as a basis for generating transfer syntax artifacts, such as XML Schema or RelaxNG schemas. These artifacts are used for defining service interfaces in systems, implemented following the Service-Oriented Architecture paradigm. Different subsidiaries of UN/CEFACT's International Trade and Business Process Groups (TBGs) are involved in defining such reusable building blocks. For instance, TGB3 represents the transport and logistics domain and TGB18 is active in the agriculture area. Consequently, the resulting standardized business documents are defined in an all-embracing manner covering the requirements of various business domains. Therefore, for the application in concrete business scenarios, standardized business documents need customizing for fitting a particular business context.
This results in a subset of the standardized business document which we consider as variants of the standardized business document. However, the CCs approach does not provide concepts for managing variants of business documents. Furthermore, the highly dynamic environment of electronic commerce with ever-changing market requirements typically impacts the structure and the semantics of information conveyed in electronic business transactions. However, evolution of standardized business documents has received little attention so far. For addressing these shortcomings we present the following contributions in this thesis. First, though the domain of business document standardization is not considered as a traditional domain in Software Engineering, we argue that concepts from Product Line Engineering (PLE) support us in dealing with business document variants. Thereby, we tackle the challenges from a different perspective that has not been considered so far. Second, we analyze and formalize variability in the CCs approach by employing, adapting, and extending existing variability concepts from PLE. Third, variability mechanisms are exploited for supporting the process of customizing standardized business documents.
Fourth, concepts are developed for managing access control in the context of PLE for business documents. Fifth, we define a reference model for the collaborative development and maintenance of the reusable building blocks which represents one source of evolution in the CCs approach. Sixth, we present evolution patterns for making evolution challenges more tangible. Seventh, we define model management operators for dealing with evolving business documents. Eighth, the concepts of Service Interface Adapters and Interoperability as a Service are introduced for translating between different versions of a particular business document.
Pichler, C. (2011). Variants and evolution of business document models [Dissertation, Technische Universität Wien]. reposiTUm. http://hdl.handle.net/20.500.12708/161504
Registry support for core component-based business document models
Philipp LieglChristian HuemerChristian PichlerKeywords:
Astract: Electronic data interchange (EDI) is the domain of exchanging business documents in a structured format. Nowadays, these systems take more and more advantage of service-oriented solutions. Nevertheless, a rigorous approach to customize the input and output messages of these services to the context of a business partnership is required. In this paper we suggest a model-driven approach to develop the XML Schemas of input and output messages of Web Services. Since classical data modeling approaches like regular UML class diagrams are not sufficient for modeling business documents, we base our approach on the UN/CEFACT Core Components Technical Specification (CCTS), which does not come with a presentation syntax. Thus, we deliver a UML profile extending class diagrams by CCTS concepts, called UML Profile for Core Components (UPCC). UPCC models are transferred to equivalent XML Schemas following well-defined naming and design rules. In order to allow for an easy search and retrieval of core component business document definitions, a registry is needed. The registry has to handle UPCC models - that are exchanged and stored in XMI - as well as their XML Schema equivalences. In this paper, we extend the ebRIM registry meta model for the special purpose of registering core component artifacts and defining their inter-dependencies.
Liegl, P., Huemer, C., & Pichler, C. (2011). Registry support for core component-based business document models. Service Oriented Computing and Applications, 5(3), 183–202. https://doi.org/10.1007/s11761-011-0084-9
New Media in Teaching UML in the Large - an Experience Report
Marion ScholzKonrad WielandChristian Huemer
Scholz, M., Wieland, K., & Huemer, C. (2011). New Media in Teaching UML in the Large - an Experience Report. Electronic Communications of the EASST, 34: SOFTWARE MODELING IN EDUCATION AT MODELS 2010(34). http://hdl.handle.net/20.500.12708/162220
A survey on UML-based aspect-oriented design modeling
Manuel WimmerAndrea SchauerhuberGerti KappelWerner RetschitzeggerWieland SchwingerElizabeth KapsammerKeywords:
Astract: Aspect-orientation provides a new way of modularization by clearly separating crosscutting concerns from noncrosscutting ones. While aspect-orientation originally has emerged at the programming level, it now stretches also over other development phases. There are, for example, already several proposals for Aspect-Oriented Modeling (AOM), most of them pursuing distinguished goals, providing different concepts as well as notations, and showing various levels of maturity. Consequently, there is an urgent need to provide an in-depth survey, clearly identifying commonalities and differences between current AOM approaches. Existing surveys in this area focus more on comprehensibility with respect to development phases or evaluated approaches rather than on comparability on bases of a detailed evaluation framework.
This article tries to fill this gap focusing on aspect-oriented design modeling. As a prerequisite for an in-depth evaluation, a conceptual reference model is presented as the article's first contribution, centrally capturing the basic design concepts of AOM and their interrelationships in terms of a UML class diagram. Based on this conceptual reference model, an evaluation framework has been designed, resembling the second contribution, by deriving a detailed and well-defined catalogue of evaluation criteria, thereby operationalizing the conceptual reference model. This criteria catalogue is employed together with a running example in order to evaluate a carefully selected set of eight design-level AOM approaches representing the third contribution of the article. This per approach evaluation is complemented with an extensive report on lessons learned, summarizing the approaches' strengths and shortcomings.
Wimmer, M., Schauerhuber, A., Kappel, G., Retschitzegger, W., Schwinger, W., & Kapsammer, E. (2011). A survey on UML-based aspect-oriented design modeling. ACM Computing Surveys, 43(4), 1–33. https://doi.org/10.1145/1978802.1978807
Security test approach for automated detection of vulnerabilities of sip-based voip softphones.
Christian SchanesStefan TaberKarin PoppFlorian FankhauserThomas GrechenigKeywords:
Astract: Voice over Internet Protocol based systems replace phone lines in
many scenarios and are in wide use today. Automated security tests
of such systems are required to detect implementation and configuration
mistakes early and in an efficient way. In this paper we present
a plugin for our fuzzer framework fuzzolution to automatically detect
security vulnerabilities in Session Initiation Protocol based Voice
over Internet Protocol softphones, which are examples for endpoints
in such telephone systems. The presented approach automates the interaction
with the Graphical User Interface of the softphones during test execution
and also observes the behavior of the softphones using multiple metrics.
Results of testing two open source softphones by using our fuzzer
showed that various unknown vulnerabilities could be identified with
the implemented plugin for our fuzzing framework.
Schanes, C., Taber, S., Popp, K., Fankhauser, F., & Grechenig, T. (2011). Security test approach for automated detection of vulnerabilities of sip-based voip softphones. International Journal On Advances in Security, 4(1 & amp;2), 95–105. http://hdl.handle.net/20.500.12708/163156
Security test environment for voip research
Florian FankhauserMaximilian RonnigerChristian SchanesThomas GrechenigKeywords:
Astract: Voice over IP (VoIP) is in wide use today, replacing
phone lines in many scenarios. However, often, security
isn't considered well enough, even though many security
attacks are already known. More research on VoIP security
is needed to enhance the level of security of VoIP systems
and to show the implications of failing to take appropriate
security measures. This paper presents a short introduc-
tion in testing VoIP components, proposes an architecture
and implementation of a robust, flexible and efficient VoIP
test environment for security related tests. Experiences us-
ing the implemented environment for different VoIP security
tests are shown to demonstrate the suitability of the pro-
posed test environment for research and teaching purposes
Fankhauser, F., Ronniger, M., Schanes, C., & Grechenig, T. (2011). Security test environment for voip research. International Journal for Information Security Research, 1(1), 53–60. http://hdl.handle.net/20.500.12708/163157
Towards an Understanding of Requirements for Model Versioning Support
Konrad WielandGeraldine FitzpatrickGerti KappelMartina SeidlManuel WimmerKeywords:
Astract: When software is developed in teams - the standard way software is developed today - versioning systems are the first choice for the management of collaboration. From a technical point of view, versioning systems have to face several challenges. Depending on the applied versioning paradigm, functionalities such as synchronous editing, branching, storing different versions, merging, etc. are required. Since much effort has been spent into realizing these tasks, measurable progress has been achieved over the last decades. Unfortunately, a lack of empirical studies exists to find out the actual requirements arising from practice. Therefore, we conducted an online survey and interviewed representative users of versioning systems from academia and industry. Special emphasis is on the versioning of software models, which are nowadays becoming more and more important as there is a trend to model-driven software engineering. The results of our empirical studies show that not all requirements of developers are satisfied by current versioning systems. Especially, more emphasis has to be put on the management of collaborative development, e.g., the division of work and the management of conflicts.
Wieland, K., Fitzpatrick, G., Kappel, G., Seidl, M., & Wimmer, M. (2011). Towards an Understanding of Requirements for Model Versioning Support. International Journal of People-Oriented Programming, 1(2), 1–23. https://doi.org/10.4018/ijpop.2011070101
Service-Oriented Computing. (2011). In G. Kappel, Z. Maamar, & H. R. Motahari Nezhad (Eds.), Lecture Notes in Computer Science. Springer, LNCS. https://doi.org/10.1007/978-3-642-25535-9
Leveraging Model-Based Tool Integration by Conceptual Modeling Techniques
Gerti KappelManuel WimmerWerner RetschitzeggerWieland SchwingerKeywords:
Astract: In the context of model-based tool integration, model transformation languages are the first choice for realizing model exchange between heterogenous tools. However, the lack of a conceptual view on the integration problem and appropriate reuse mechanisms for already existing integration knowledge forces the developer to define model transformation code again and again for certain recurring integration problems in an implementation-oriented manner resulting in low productivity and maintainability of integration solutions.
In this chapter, we summarize our work on a framework for model-based tool integration which is based on well-established conceptual modeling techniques. It allows to design integration models on a conceptual level in terms of UML component diagrams. Not only the design-time is supported by conceptual models, but also the runtime, i.e., the execution of integration models, is represented by conceptual models in terms of Coloured Petri Nets. Furthermore, we show how reusable integration components for resolving structural metamodel heterogeneities, which are one of the most frequently recurring integration problems, can be implemented within our framework.
Kappel, G., Wimmer, M., Retschitzegger, W., & Schwinger, W. (2011). Leveraging Model-Based Tool Integration by Conceptual Modeling Techniques. In The Evolution of Conceptual Modeling (pp. 254–284). Springer LNCS 6520. https://doi.org/10.1007/978-3-642-17505-3_12
eBusiness
Christoph GrünChristian HuemerPhilipp LieglDieter MayrhoferThomas MotalRainer SchusterHannes WerthnerMarco ZapletalKeywords:
Astract: Integrating Semantic Web concepts into the domain of e-business is a hot
topic. However, most of the efforts spent so far concentrated on the
improvement on B2C (business-to-consumer) e-commerce applications,
achieved by semantic enrichment of information. With the growing
importance of Service Oriented Architectures (SOA) companies started to
move into the section of the Electronic Data Interchange (EDI), where
applications exchange their business information semi-automatically.
This B2B (business-to-business) electronic commerce is driven by
aligning the internal business processes of companies to publicly
available business processes. Thereby companies often do not consider
the economic drivers of their business processes, which leads to
incompatibilities between management, administration and technical
layers. This chapter covers the two major domains of e-business /
e-commerce, namely B2B and B2C. In the first, a model-driven
approach towards B2B IT solutions is introduced, covering semantic aspects dealing
with business models, business process models, and business document
models. In the second application domain, the basic concepts
of Semantic Web in the area of B2C electronic commerce are examined using a representative example from the e-tourism domain.
Grün, C., Huemer, C., Liegl, P., Mayrhofer, D., Motal, T., Schuster, R., Werthner, H., & Zapletal, M. (2011). eBusiness. In Handbook of Semantic Web Technologies (pp. 787–848). Springer. http://hdl.handle.net/20.500.12708/27278