Keywords: model weaving, emf, web 2.0, ajax, model transformation, mdsd
Astract: Model-Driven Software Developement (MDSD) simplifies software and raises its quality. A central tool of MSDS is model weaving which delivers necessary informations for model transformations, i.e. about merging or extending existing models. Existing approches to MDSD like the ATLAS Model Weaver (AMW) from the ATLAS-group are implemented as fat-client applications. This causes costs and complexity through client-side installations as well as a higher demand of resources on the client-side. And since AMW is a part of the Eclipse Modelling Framework version incompatibilities can cause unexpected problems. Model-Driven Software Developement has brought platforms to existence which try to ease the exchange of models. These so-called ''model repositories'' support developers with frameworks for model-driven software developement. But what is missing is a link between those respositories. \\ This paper aims to create an application which brings model-weaving to the web by building atop Jürgen Flandorfer's MetaModelBrowser. The goal is to create a completely web-based lightweight client to avoid costs for resources and administration. Being an application on its own, avoiding unnecessary connections with other applications (like i.e. AMW has) lower risks of failure. Models will be managed directly on the server and available over an understandable user interface that asures ease of use and lower training times for users. Additionally collaborative functions will enable simultaneous work. Using a function of the MetaModelBrowser models can be embedded using a URL.
That way model repositories can be integrated into the weaving process. As a web-based application this model weaver will be an alternative to common Eclipse-based approaches to model weaving, using the advantages web-based applications have to offer and leaving behind the problems of the current solutions.

Keywords: Internet, Security, DDoS, Distributed Denial of Service
Astract: Distributed Denial of Service attacks are the major threat for public web services today. The DDoS attack traffic uses the same protocols and usage patterns as a legitimate user. Therefore attack traffic and user traffic can hardly be distinguished. In this document the possible attack methods are derived from the used protocols (IP, TCP, HTTP) and the impact of these attacks to the service area is demonstrated.
Refering to the attack methods, possible defence mechanisms are listed.
The source of these mechanisms are practical solutions, research projects, and commercial vendors. Beside that, new defence methods were designed, implemented and described in this document. Some of these techniques can be combined to comprehensive defence systems, which help to protect against arbitrary DDoS attacks.

Keywords:
Astract: Die Abhängigkeit von IT-Systemen für Unternehmenszwecke nimmt laufend zu. Angriffe auf diese können die Anforderungen bezüglich Verfügbarkeit, Vertraulichkeit und Integrität der Daten stören und somit für das Unternehmen Verluste verursachen. Die Systeme müssen dabei derart abgesichert werden, dass der Aufwand für einen Angreifer höher ist als der entstehende Nutzen durch einen erfolgreichen Angriff.
Die vorliegende Arbeit beschäftigt sich mit Penetrationstests, einer möglichen Testtechnik zur Überprüfung der Sicherheit von Infrastrukturen. Dabei führen Tester simulierte Angriffe durch, um vorhandene Schwachstellen im System zu ermitteln und die Ausnutzbarkeit darzustellen. Die Anwendung von Penetrationstests erfolgt beim laufenden System, wodurch auch Installations- und Konfigurationsfehler in der Betriebsumgebung ermittelt werden. Für eine umfangreiche Sicherheitsbetrachtung können Penetrationstests einen wichtigen Teil beitragen, um die Systeme abzusichern. Die Möglichkeiten und Limitierungen von Penetrationstests werden in dieser Arbeit anhand eines Anwendungsbeispiels dargestellt, indem ein Penetrationstestkonzept definiert wird. Dieses berücksichtigt erforderliche Testtechniken für die eingesetzten Technologien und diskutiert des Weiteren organisatorische Aspekte für die Durchführung.

Keywords:
Astract: Das Risikomanagement für große IT-Infrastrukturen stellt heutzutage eine komplexe Herausforderung dar. Sowohl die initale Risiko- und Bedrohungsanalyse als auch die Wartung der Infrastruktur inklusive Erfassung der aktuell vorhandenen Risiken und Bedrohungen ist äußerst aufwändig. Ein kritischer Faktor der Risiko- und Bedrohungsanalyse ist ihre Vollständigkeit. Als Unterstützung des Risikomanagementprozesses und zur Sicherung der erforderlichen hohen Qualität gibt es verschiedene Methoden und Werkzeuge. Ziel dieser Diplomarbeit ist es, einen Prototyp zur Unterstützung des Risikomanagements für große IT-Infrastrukturen zu entwickeln. Hierzu werden die theoretischen Grundlagen für die IT- Sicherheit, das Security Engineering und das Risikomanagement in der Arbeit dargelegt. Anhand eines Fallbeispiels werden die Anforderungen an ein solches Werkzeug erarbeitet und umgesetzt. Der im Rahmen der Diplomarbeit erstellte Prototyp unterstützt das Risikomanagement während des gesamten Risikomanagementprozesses und hilft dabei, die Bedrohungen und Risiken einer großen IT-Infrastruktur während der gesamten Lebenszeit zu überwachen und zu warten.

Keywords: MDA, MDE, business processes, model transformation, FUJABA, Triple Graph Grammars, UML, EPK
Astract: In recent years the need for business process model transformation has increased. The primary reason for this is the importance of business to business interoperability. A lot of research is done in this area. Several transformation techniques exist in the field of MDA which is the model driven architecture as defined by Object Management Group (OMG).
In Business Process Modeling many modeling languages such as Business Process Modeling Notation, UML 2.1 Activity Diagrams, Event-Driven Process Chains et cetera are used. There is also a certain diversity in transformation techniques such as ATL, QVT or Kermeta. Most model transformation approaches focus on software development, and less in business processes. Therefore some approaches may be more or less suitable for this task than others.
In this master thesis, a transformation approach, namely Triple Graph Grammars will be inspected for its suitability in business process model transformation.
Event-driven Process Chains and Activity Diagrams from UML 2.x are chosen as business process modeling languages because of the wide spread popularity of these languages. Fujaba will be used as transformation tool for its Triple Graph Grammar support and its extendibility.
In the thesis the business process modeling languages Event-driven Process Chains and Activity Diagrams are described. Furthermore, several example models for Event-driven Process Chains and Activity Diagrams are de ned.
In the practical part the goal is to develop Fujaba plug-ins for those modeling languages, as well as to de ne the Triple Graph Grammars rules based on the new plug-ins. The example models will be needed to test if the Triple Graph Grammar rules are intend correctly.
Fujaba is an open source project from the University of Paderborn. Its primary topic is to provide an extendable platform for UML, Story Driven Modeling and Graph Transformation platform with the ability to add plug-ins. In the master thesis this tool is used because of its mature Triple Graph Grammar support Another reason is its extensibility which is useful for creating custom plug-ins for Event-driven Process Chains and Activity Diagrams.
The plug-ins are developed with Java and rely on the meta models of Activity Diagrams and Event-driven Process Chains. The prepared meta models are also used when defining the Triple Graph Grammar rules as initial point. The meta models and the transformation are focused on Control Flow of business processes, because of its central importance in business process modeling.
Organizational ow is also included as a secondary view.
2 In order to make a statement on how suitable the described approach is, a list of criteria is defined. Based on this criteria business process model transformation with triple graph grammars will be evaluated.

Keywords:
Astract: In 1999 UN/CEFACT and OASIS started the ebXML Initiative which delivered its first set of specifications 2 years later. This book chapter discusses the goals and the results of ebXML. The core of the book chapter addresses a critical evaluation of ebXML. It discusses why ebXML was succesful in some parts, but failed in market acceptance for major parts.

Keywords:
Astract: Today's online model repositories offer to download and view the textual specifications of e.g. metamodels and models in the browser. For users, in order to efficiently search a model repository, a graphical visualization of the stored models is desirable. First attempts that automatically generate class diagrams as bitmaps, however, do not scale for large models and fail to present all information. In this paper, we present our Web 2.0 MetaModelbrowser, a model visualization service which provides an Ajax-based tree-viewer for efficiently browsing Ecore-based metamodels and their models. As a main contribution of this work the MetaModelbrowser is complementary to existing model repositories in that its visualization service can be integrated into them. The MetaModelbrowser, furthermore, allows zooming in and out of the details of arbitrarily sized models as necessary. Furthermore, we have done some case studies on the one hand how to extend the MetaModelbrowser, e.g., for creation, update, and deletion of model elements as well as supporting model weaving, and on the other hand how to incorporate the MetaModelbrowser in current versioning systems.

Keywords:
Astract: Inter-organizational systems have significantly been affected by Service-oriented Architectures (SOA) andWeb Services - the state-of-the-art technology to implement SOA. SOA is said to enable quick and inexpensive changes of the IT in order to establish new business partnerships or to reflect changes in existing partnerships. However, current approaches to inter-organizational systems focus too much on existing Web Services standards and, thus, on the technology layer. In such an approach the technology drives the business. In this paper we analyze the shortcomings of this bottom-up approach. As an alternative we suggest a top-down methodology where the business requirements drive the technology. This methodology starts off with the business value perspective, leading to a business process perspective and resulting in an IT execution perspective. We do not invent any new approaches on each of these layers, rather we outline how existing approaches are used and combined into a business requirements driven approach to inter-organizational systems.

Keywords:
Astract: Seamless exchange of models among different modeling tools increasingly becomes a crucial prerequisite for the success of modeldriven engineering. Current best practices use model transformation languages to realize necessary mappings between concepts of the metamodels defining the modeling languages supported by different tools. Existing model transformation languages, however, lack appropriate abstraction mechanisms for resolving recurring kinds of structural heterogeneities one has to primarily cope with when creating such mappings. We propose a framework for building reusable mapping operators which allow the automatic transformation of models. For each mapping operator, the operational semantics is specified on basis of Colored Petri Nets, providing a uniform formalism not only for representing the transformation logic together with the metamodels and the models themselves, but also for executing the transformations, thus facilitating understanding and debugging. To demonstrate the applicability of our approach, we apply the proposed framework for defining a set of mapping operators which are intended to resolve typical structural heterogeneities occurring between the core concepts usually used to define metamodels.

Keywords:
Astract: Shorter life cycles of products and services require faster changing business models. Information systems must quickly adjust to the adapted business models. Business models are usually described by their own proprietary notation, which is incompatible with UML - the de-facto modeling standard in software engineering. In order to allow a straight-through modeling approach from business models over business process models to software artifacts, it is desirable to use a common modeling approach. Thus, we suggest to map existing concepts to describe business models onto the UML notation. In our work we mainly focus on inter-organizational systems. A promising approach describing a business model for an inter-organizational network of actors is delivered by e3-Value. In this paper, we present a discussion of different approaches to represent the e3-Value concepts by means of UML. A UML notation for e3-Value is a precondition to future work on aligning e3-Value to UML-based approaches specifying inter-organizational business processes.