TRUSTWORTHY SOFTWARE ENGINEERING WITH EMERGING TECHNOLOGIES

Emerging technologies, such as Blockchain and Artificial Intelligence, are increas- ingly integrated into or interact with software systems, introducing new capabilities while also raising critical software engineering trustworthiness concerns. While prior research has largely assessed trustworthiness at the technology level, treating emerging technologies as monolithic entities, such approaches fail to capture how trust-related opportunities or issues originate from specific technological dimensions and their interaction with software engineering processes and artifacts. This thesis addresses this gap by adopting a dimension-aware, software engineering perspective on trustworthiness.
This dissertation investigates the software engineering of trustworthy systems that integrate or interact with emerging technologies, specifically Blockchain and Artificial Intelligence (AI). While these technologies introduce novel capabilities, they also generate complex trustworthiness challenges that cannot be fully addressed by technology-level assessments. Trust-related opportunities and risks often arise from specific technological dimensions and their interactions with software engineering processes and artifacts.
To this end, we propose the Trust in Depth (TID) framework, a software en- gineering conceptual and formal framework that characterizes trustworthiness as a context-dependent property emerging from the interaction between specific di- mensions of emerging technologies and software engineering artifacts. TID enables systematic reasoning about how particular dimensions may reinforce, undermine, or ambiguously affect trust-related software engineering activities, and guides the identification of trust-related issues or opportunities as well as the design of ap- propriate engineering actions to leverage positive effects or mitigate risks. The thesis instantiates TID through a series of contributions spanning blockchain and AI enabled software systems.
The thesis instantiates TID through five interconnected contributions: Starting with security threats, we investigate cryptojacking in Android applications, where financial gains from cryptocurrency mining motivate malicious developers to embed unauthorized mining code. We expose their evasion strategies, distribution practices, and resource consumption patterns, providing actionable insights for designing detection mechanisms and improving security practices.
Moving to security analysis infrastructure, blockchain’s immutability dimension creates a challenge: each new smart contract version receives a different address, breaking the connection between versions. This limits security research that relies on tracing contract evolution, such as studying vulnerability patterns or analyzing how bugs are fixed over time. We develop infrastructure that reconstructs these fragmented histories, enabling researchers to conduct version-based vulnerability

analysis and empirical studies of smart contract evolution.
Addressing comprehension barriers, the blockchain’s transparency dimension
makes all contract code publicly visible, but this visibility remains underutilized if stakeholders cannot understand what the code does. We leverage AI’s reasoning capabilities to automatically evaluate and improve documentation quality, advancing contract comprehensibility to non-technical stakeholders.
Validating AI-based tools, since we rely on AI language models to evaluate docu- mentation quality, we must first verify that these evaluators themselves are reliable. We empirically assess their performance and establish guidelines for integrating AI-based assessment tools into software engineering workflows.
Completing the cycle, we invert the relationship: just as AI advances trustwor- thy software engineering for systems involving blockchain, blockchain can enhance software engineering for systems involving AI. Poor dataset quality causes time loss through isolated cleaning efforts, errors in model outputs, and abandonment of low-quality datasets. Our SIEVE framework uses blockchain’s immutability to anchor continuous, verifiable dataset quality assessments, enabling regulatory compliance and reducing waste in AI development pipelines.
Together, these contributions demonstrate how TID enables systematic analysis of trustworthiness across the blockchain-AI-software engineering nexus. We show how a specific technological dimension, mining, immutability, and transparency, generates both security vulnerabilities and research opportunities that require tar- geted software engineering interventions. By developing infrastructure for version reconstruction, leveraging AI reasoning for documentation evaluation, validating AI evaluators themselves, and using blockchain to anchor AI dataset quality, we illustrate how trustworthiness emerges from carefully engineered interactions be- tween their dimensions and software engineering artifacts. This dimension centric approach enables practitioners and researchers to identify trust-related challenges early, design appropriate mitigations, and leverage technological synergies to build more trustworthy systems.