Threats to the validity of mutation-based test assessment

in International Symposium on Software Testing and Analysis, ISSTA 2016 (2016)

“Overloaded!” — A Model-based Approach to Database Stress Testing

in International Conference on Database and Expert Systems Applications, Porto 5-8 September 2016 (2016)

Suspicious Electric Consumption Detection Based on Multi-Profiling Using Live Machine Learning

in 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm) (2015, November)

The transition from today’s electricity grid to the so-called smart grid relies heavily on the usage of modern information and communication technology to enable advanced features like two-way ... [more ▼]

The transition from today’s electricity grid to the so-called smart grid relies heavily on the usage of modern information and communication technology to enable advanced features like two-way communication, an automated control of devices, and automated meter reading. The digital backbone of the smart grid opens the door for advanced collecting, monitoring, and processing of customers’ energy consumption data. One promising approach is the automatic detection of suspicious consumption values, e.g., due to physically or digitally manipulated data or damaged devices. However, detecting suspicious values in the amount of meter data is challenging, especially because electric consumption heavily depends on the context. For instance, a customers energy consumption profile may change during vacation or weekends compared to normal working days. In this paper we present an advanced software monitoring and alerting system for suspicious consumption value detection based on live machine learning techniques. Our proposed system continuously learns context-dependent consumption profiles of customers, e.g., daily, weekly, and monthly profiles, classifies them and selects the most appropriate one according to the context, like date and weather. By learning not just one but several profiles per customer and in addition taking context parameters into account, our approach can minimize false alerts (low false positive rate). We evaluate our approach in terms of performance (live detection) and accuracy based on a data set from our partner, Creos Luxembourg S.A., the electricity grid operator in Luxembourg. [less ▲]

SoSPa: A System of Security Design Patterns for Systematically Engineering Secure Systems

in Proceedings ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (2015, October)

Model-Driven Security (MDS) for secure systems development still has limitations to be more applicable in practice. A recent systematic review of MDS shows that current MDS approaches have not dealt with ... [more ▼]

Model-Driven Security (MDS) for secure systems development still has limitations to be more applicable in practice. A recent systematic review of MDS shows that current MDS approaches have not dealt with multiple security concerns systematically. Besides, catalogs of security patterns which can address multiple security concerns have not been applied efficiently. This paper presents an MDS approach based on a unified System of Security design Patterns (SoSPa). In SoSPa, security design patterns are collected, specified as reusable aspect models to form a coherent system of them that guides developers in systematically addressing multiple security concerns. SoSPa consists of not only interrelated security design patterns but also a refinement process towards their application. We applied SoSPa to design the security of crisis management systems. The result shows that multiple security concerns in the case study have been addressed by systematically integrating different security solutions. [less ▲]

An Extensive Systematic Review on the Model-Driven Development of Secure Systems

in Information and Software Technology (2015), 68(December 2015), 62-81

Context: Model-Driven Security (MDS) is as a specialised Model-Driven Engineering research area for supporting the development of secure systems. Over a decade of research on MDS has resulted in a large ... [more ▼]

Context: Model-Driven Security (MDS) is as a specialised Model-Driven Engineering research area for supporting the development of secure systems. Over a decade of research on MDS has resulted in a large number of publications. Objective: To provide a detailed analysis of the state of the art in MDS, a systematic literature review (SLR) is essential. Method: We conducted an extensive SLR on MDS. Derived from our research questions, we designed a rigorous, extensive search and selection process to identify a set of primary MDS studies that is as complete as possible. Our three-pronged search process consists of automatic searching, manual searching, and snowballing. After discovering and considering more than thousand relevant papers, we identified, strictly selected, and reviewed 108 MDS publications. Results: The results of our SLR show the overall status of the key artefacts of MDS, and the identified primary MDS studies. E.g. regarding security modelling artefact, we found that developing domain-specific languages plays a key role in many MDS approaches. The current limitations in each MDS artefact are pointed out and corresponding potential research directions are suggested. Moreover, we categorise the identified primary MDS studies into 5 significant MDS studies, and other emerging or less common MDS studies. Finally, some trend analyses of MDS research are given. Conclusion: Our results suggest the need for addressing multiple security concerns more systematically and simultaneously, for tool chains supporting the MDS development cycle, and for more empirical studies on the application of MDS methodologies. To the best of our knowledge, this SLR is the first in the field of Software Engineering that combines a snowballing strategy with database searching. This combination has delivered an extensive literature study on MDS. [less ▲]

Stream my Models: Reactive Peer-to-Peer Distributed Models@run.time

in Lethbridge, Timothy; Cabot, Jordi; Egyed, Alexander (Eds.) 2015 ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (MODELS) (2015, September)

The models@run.time paradigm promotes the use of models during the execution of cyber-physical systems to represent their context and to reason about their runtime behaviour. However, current modeling ... [more ▼]

The models@run.time paradigm promotes the use of models during the execution of cyber-physical systems to represent their context and to reason about their runtime behaviour. However, current modeling techniques do not allow to cope at the same time with the large-scale, distributed, and constantly changing nature of these systems. In this paper, we introduce a distributed models@run.time approach, combining ideas from reactive programming, peer-to-peer distribution, and large-scale models@run.time. We define distributed models as observable streams of chunks that are exchanged between nodes in a peer-to-peer manner. lazy loading strategy allows to transparently access the complete virtual model from every node, although chunks are actually distributed across nodes. Observers and automatic reloading of chunks enable a reactive programming style. We integrated our approach into the Kevoree Modeling Framework and demonstrate that it enables frequently changing, reactive distributed models that can scale to millions of elements and several thousand nodes. [less ▲]

ApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis

in International Conference on ICT Systems Security and Privacy Protection (SEC 2015) (2015, May)

Adaptive Blurring of Sensor Data to balance Privacy and Utility for Ubiquitous Services

in The 30th Annual ACM Symposium on Applied Computing (2015, April)

Given the trend towards mobile computing, the next generation of ubiquitous “smart” services will have to continuously analyze surrounding sensor data. More than ever, such services will rely on data ... [more ▼]

Given the trend towards mobile computing, the next generation of ubiquitous “smart” services will have to continuously analyze surrounding sensor data. More than ever, such services will rely on data potentially related to personal activities to perform their tasks, e.g. to predict urban traffic or local weather conditions. However, revealing personal data inevitably entails privacy risks, especially when data is shared with high precision and frequency. For example, by analyzing the precise electric consumption data, it can be inferred if a person is currently at home, however this can empower new services such as a smart heating system. Access control (forbid or grant access) or anonymization techniques are not able to deal with such trade-off because whether they completely prohibit access to data or lose source traceability. Blurring techniques, by tuning data quality, offer a wide range of trade-offs between privacy and utility for services. However, the amount of ubiquitous services and their data quality requirements lead to an explosion of possible configurations of blurring algorithms. To manage this complexity, in this paper we propose a platform that automatically adapts (at runtime) blurring components between data owners and data consumers (services). The platform searches the optimal trade-off between service utility and privacy risks using multi-objective evolutionary algorithms to adapt the underlying communication platform. We evaluate our approach on a sensor network gateway and show its suitability in terms of i) effectiveness to find an appropriate solution, ii) efficiency and scalability. [less ▲]

Metallaxis-FL: mutation-based fault localization

in Software Testing, Verification and Reliability (2015), 25

Combining Multi-Objective Search and Constraint Solving for Configuring Large Software Product Lines

in 37th International Conference on Software Engineering (ICSE 2015) (2015)