Keywords:

Keywords:
Astract: The usage of optimistic version control systems comes along with cumbersome and time-consuming conflict resolution in the case that the modifications of two developers are contradicting. For code as well as for any other artifact the resolution support moves hardly beyond the choices "keep mine", "keep theirs", "take all changes", or "abandon all changes". To ease the conflict resolution in the context of model versioning, we propose a recommender system which suggests automatically executable resolution patterns to the developer responsible for the conflict resolution. The lookup algorithm is based on a similarity-aware graph matching approach incorporating information from the metamodel of the used modeling language. This allows not only the retrieval of recommendations exactly matching the given conflict situation, but also the identification of similar conflict situations whose resolution patterns are adaptable to the current conflict.

Keywords:
Astract: XML has replaced traditional EDI standards in the field of business document standardization. Despite of the syntax, the principal approach to develop business document standards has not changed. A standardized business document is built by a superset of all elements that may appear in any business context, leading to overloaded and complex standards. However, in a particular partnership only a small percentage of the elements is used. This results in a top-down approach starting from a generic document and specifying partner-specific subsets. Such an approach is too costly for small and medium-sized enterprises (SME), because agreements on subsets must be implemented in their software systems. As an alternative we suggest a bottom-up solution that starts from a core set of elements, representing the intersection of all industry contexts. Thereby, the core set may be extended to incorporate the needs of a specific business context. In this paper we examine different mechanisms provided by XML Schema to realize such an extension. The applicability of the different mechanisms is evaluated by means of the Austrian e-Invoicing standard ebInterface, which we co-authored.

Keywords:
Astract: Inter-organizational B2B systems are most likely tending to change their business requirements over time - e.g. establishing new partnerships or change existing ones. The problem is that business analysts design the business processes from scratch, disregarding the economic drivers of the business network. We propose to use business modeling techniques - such as REA (Resource-Event-Agents) - to ensure that business processes beneath do not violate the domain rules, i.e. to ful ll the basic economic principle for every business transaction - the give-andtake convention, called economic reciprocity. This helps us to quickly adapt the B2B processes to changing requirements without the need to change the overall architecture. In this paper we provide a mapping from REA, which represents one of the most prominent ontologies for business modeling, to UMM (UN/CEFACT's Modeling Methodology), a standardized methodology for modeling the global choreography of interorganizational business processes. We formalize the mapping by the use of the model-to-model transformation language ATL (Atlas Transformation Language).

Keywords:
Astract: Optimistic version control systems enable globally distributed teams of developers to work together asynchronously. Every developer works on a local copy and consequently, no developer is ever detracted from working by waiting for a resource. The price for this flexibility is payed at the moment when conflicting modifications must be integrated into one consolidated version. In this paper, we discuss conflicts and their need for resolution in the context of model versioning and provide the basic concepts necessary to build a model versioning system which guides modelers through the critical consolidation phase by recommending suitable patterns.

Keywords:

Keywords:
Astract: Robustness of applications used for Voice over Internet Protocol based systems against attacks is a critical part to secure such systems. Automatic security testing is required to detect security vulnera- bilities in an efficient way. This enables to harden the applications early during the development phase. In the paper we present a fuzzer framework to detect security vulnerabilities in Voice over IP (VoIP) Softphones which implement Session Initiation Protocol (SIP). The pre- sented approach automates the Graphical User Interface (GUI) interaction for softphones during fuzzing and also observes the behavior of the softphone GUIs to automatically detect application errors. Results of testing two open source softphones by using our fuzzer showed that various unknown vulnerabilities could be identified with the implemented fuzzer and some vulnerabilities were found that are only detectable by using GUI observation.

Keywords:
Astract: Voice over IP (VoIP) is in wide use today, replacing phone lines in many scenarios. However, often, security isn´t considered well enough, even though many security attacks are already known. More research on VoIP security is needed to enhance the level of security of VoIP systems and to show the implications of failing to take appropriate security measures. This paper presents an architecture and implementation of a robust and flexible VoIP test environ- ment for security related tests. Experiences using the im- plemented environment for different VoIP security tests are shown to demonstrate the suitability of the proposed test en- vironment for research purposes.

Keywords:
Astract: One of the main security ob jectives for systems connected to the Internet which provide services like Voice over Inter- net Protocol (VoIP) is to ensure robustness against security attacks to fulfill Quality of Service (QoS). To avoid system failures during attacks service providers have to integrate countermeasures which have to be tested. This work evalu- ates a test approach to determine the efficiency of counter- measures to fulfill QoS for Session Initiation Protocol (SIP) based VoIP systems even under attack. The main ob jective of the approach is the evaluation of service availability of a System Under Test (SUT) during security attacks, e.g., De- nial of Service (DoS) attacks. Therefore, a simulated system load based on QoS requirements is combined with different security attacks. The observation of the system is based on black-box testing. By monitoring quality metrics of SIP transactions the behavior of the system is measurable. The concept was realized as a prototype and was evaluated using different VoIP systems. For this, multiple security attacks are integrated to the testing scenarios. The outcome showed that the concept provides sound test results, which reflect the behavior of SIP systems availability under various at- tacks. Thus, security problems can be found and QoS for SIP-based VoIP communication under attack can be pre- dicted.

Keywords:
Astract: Current research on historical project data is rarely touching on the subject of security related information. Learning how security is treated in projects and which parts of a software are historically security relevant or prone to security changes can enhance the security strategy of a software project. We present a mining methodology for security related changes by modifying an existing method of software repository analysis. We use the gathered security changes to find out more about the nature of security in the FreeBSD project and we try to establish a link between the identified security changes and a tracker for security issues (security advisories). We give insights how security is presented in the FreeBSD project and show how the mined data and known security problems are connected.