Analyse von BPMN hinsichtlich seiner Unterstützung der Zeit-Pattern

Zeitliche Aspekte innerhalb von Geschäftsprozessen sind ein wichtiger Faktor, der nicht nur für einen einzelnen Prozess, sondern auch für ein gesamtes Unternehmen erfolgsentscheidend sein kann. Mit solchen zeitlichen Aspekten beschäftigt sich diese Bachelorarbeit. Dafür wird die graphische Prozessmodellierungssprache BPMN hinsichtlich ihrer Unterstützung von zeitlichen Bedingungen untersucht. Dazu werden zuerst die verschiedenen zeitlichen Bedingungen, auch Zeit-Pattern genannt, vorgestellt und die Anforderungen definiert, die nötig sind, um ein solches Pattern innerhalb eines Prozesses modellieren zu können. Im zweiten Schritt folgt die Analysephase. Hierbei werden die zuvor festgelegten Anforderungen für die einzelnen Zeit-Pattern auf eine Unterstützung durch BPMN untersucht. Anschließend werden beispielhaft die Möglichkeiten zur Realisierung der Zeit-Pattern durch die auf BPMN basierende Process Engine jBPM genauer betrachtet. Zuletzt werden alle Analyseergebnisse dieser Arbeit zusammengefasst und kritisch diskutiert

Streamlining Attack Tree Generation: A Fragment-Based Approach

Attack graphs are a tool for analyzing security vulnerabilities that capture different and prospective attacks on a system. As a threat modeling tool, it shows possible paths that an attacker can exploit to achieve a particular goal. However, due to the large number of vulnerabilities that are published on a daily basis, they have the potential to rapidly expand in size, necessitating a significant amount of resources to generate. In addition, generating composited attack models for complex systems such as self-adaptive or AI is very difficult due to their nature to continuously change. In this paper, we present a novel fragment-based attack graph generation approach that utilizes information from publicly available information security databases. Furthermore, we also propose a domain-specific language for attack modeling, which we employ in the proposed attack graph generation approach. Finally, we present a demonstrator example showcasing the attack generator\u27s capability to replicate a verified attack chain, as previously confirmed by security experts

A systematic review on security and safety of self-adaptive systems

Context: Cyber–physical systems (CPS) are increasingly self-adaptive, i.e. they have the ability to introspect and change their behavior. This self-adaptation process must be considered when modeling the safety and security aspects of the system. Objective: This study collects and compares security attacks and safety hazards on self-adaptive systems (SAS) described in the literature. In addition, mitigation and treatment strategies, as well as the modeling and analysis approaches, are investigated. Method: We conducted a systematic literature review on 21 selected papers. The selection process included a database search on four scientific databases using a common search string (1430 papers), forward and backward snowballing (1402 papers), and filtering the results based on predefined inclusion and exclusion criteria. The coding scheme to analyze the content of the papers was obtained through research questions, existing domain-specific taxonomies, and open coding. Results: Safety and security are not jointly modeled in the context of self-adaptive systems. The adaptation process is often not considered in the attack and hazard analysis due to naive assumptions and modeling. The proposed approaches are mostly verified and validated through simulation often using simple use cases and scenarios. Conclusion: A thorough and joint modeling approach for safety and security in self-adaptive systems is still an open challenge that needs to be addressed. Further work is needed to address the gap between safety and security modeling in self-adaptive systems

Model-Based Generation of Attack-Fault Trees

Joint safety and security analysis of cyber-physical systems is a necessary step to correctly capture inter-dependencies between these properties. Attack-Fault Trees represent a combination of dynamic Fault Trees and Attack Trees and can be used to model and model-check a holistic view on both safety and security. Manually creating a complete AFT for the whole system is, however, a daunting task. It needs to span multiple abstraction layers, e.g., abstract application architecture and data flow as well as system and library dependencies that are affected by various vulnerabilities. We present an AFT generation tool-chain that facilitates this task using partial Fault and Attack Trees that are either manually created or mined from vulnerability databases. We semi-automatically create two system models that provide the necessary information to automatically combine these partial Fault and Attack Trees into complete AFTs using graph transformation rules

User-centered performance engineering of declarative model transformations

The software to be developed is becoming increasingly extensive and complex, which can lead to classic development methods reaching their limits. Model-driven software development (MDSD) is an effort to reduce the ever-increasing complexity of software development by abstraction. In MDSD models describe the system to be developed on an abstract level and replace code as first-class citizens. These models are then automatically enriched with information, updated, or synchronized with other models during the development process. So-called model transformation languages have been developed to define these operations on models conveniently and easily. These domain-specific languages define rules by which models are translated from one formalism to another or to update a given model. Models and model transformations are not only utilized for the development of software but also at runtime. [email protected] are used, for example, to plan the execution steps of an adaptation of a self-adaptive system. To update such models at runtime, transformations are an obvious choice. This makes the performance of the applied transformations an important quality criterion, as a transformation that is too slow leads to delayed reactions or worse hazards. To ensure a desired execution time, it is essential to be able to analyze and improve the performance of transformations. Current work in the area of model transformations hardly or only insufficiently considers these challenges. For example, empirical studies focus on analyzing the effectiveness and efficiency of model-driven development methods, but not on the challenges faced by developers when trying to improve the performance of their transformations. A large body of work looks at the transformation engine that executes a given transformation. There are various approaches to improving performance through parallel, distributed, or incremental transformation execution. These optimizations help to speed up the execution of a transformation, but they also reach their limits if the transformation has been poorly implemented in terms of performance. Software performance engineering (SPE) techniques and support to leverage application performance management (APM) are missing, which help transformation developers analyze, understand, and resolve the causes of performance issues. Furthermore, known SPE and APM techniques from general-purpose languages, like Java or C, cannot easily be adapted to transformations because, e.g., they do not adequately address the influence of the input model on the execution time. Our contributions to support transformation developers are three-fold: 1) We carried out a mixed-methods study to examine the experiences of transformations in terms of performance. Based on our survey with 84 participants, we see that more than half of the participants have already tried to analyze or improve the performance of their transformations. With the help of 14 semi-structured follow-up interviews, we identified the challenges faced by developers and the existing gaps that prevent established SPE and APM techniques from being applied in the context of transformations. 2) We developed a profiling approach that supports model transformation developers to leverage APM by providing different model transformation-specific performance visualizations. To evaluate these visualizations, we performed a case study with 18 participants. The participants had to analyze four different transformations with the help of our visualizations. Almost all of our 18 participants were able to suggest beneficial improvements for the different transformations based on the information provided by our visualizations. 3) Since the application of our profiler is reduced to analyzing the performance of a given model, we propose a prediction approach as further support for transformation developers. This prediction approach enables transformation developers to evaluate whether the execution time of a transformation will still meet his or her expectations for other input models in the future. We have carried out various experiments in which we have examined whether it is possible to predict the execution time of a transformation based on different sets of model characteristics with the help of machine learning approaches. The results of our experiments show that the random forest approach is a suitable machine learning approach that yields a mean absolute percentage error (MAPE) between 1.12% and 34.53% for predicting the execution time of different transformations. As input for the prediction serves a characterization of the input model consisting of the number of model elements, the number of references, the number of attributes, and the average size of string attributes per model element type filtered by their variance using the 85th percentile of the variances of the complete set of model characteristics

Claimed advantages and disadvantages of (dedicated) model transformation languages : a systematic literature review

There exists a plethora of claims about the advantages and disadvantages of model transformation languages compared to general-purpose programming languages. With this work, we aim to create an overview over these claims in the literature and systematize evidence thereof. For this purpose, we conducted a systematic literature review by following a systematic process for searching and selecting relevant publications and extracting data. We selected a total of 58 publications, categorized claims about model transformation languages into 14 separate groups and conceived a representation to track claims and evidence through the literature. From our results, we conclude that: (i) the current literature claims many advantages of model transformation languages but also points towards certain deficits and (ii) there is insufficient evidence for claimed advantages and disadvantages and (iii) there is a lack of research interest into the verification of claims

An Exploratory Study on Performance Engineering in Model Transformations : Data of the mixed method study

Model-Driven Software Engineering is one way to deal with the increasing complexity of software being developed. The size and complexity of the software is also visible in the models, which are becoming larger and more complex as a result. This trend also affects the performance of model transformations, which are an important operation on these models. In the past, research has mainly focused on improving the performance of transformation engines, so there are currently no studies on how transformation developers deal with performance issues. Consequently, we conducted an exploratory mixed method study consisting of a quantitative online survey and a qualitative interview study to further investigate how developers deal with performance issues. The data set published here was generated during our study and consists of an interview guide, a code book, 13 transcribed and coded interviews and the data from the questionnaire that we collected on the interviewees

A Survey on the Relevance of the Performance of Model Transformations: Data of the Participant Search and the Questionnaire

There are a number of techniques for analyzing and improving the performance of programs written in a general-purpose language. For model transformation languages such techniques are still unknown. These are domain-specific languages, which, simply said, are used to update models or create new models. Thus, these languages realize important operations in the context of Model-Driven Development. Current research about the performance of transformations is strongly focused on the transformation engine, which executes the transformations. Consequently, we conducted an online survey to examine whether techniques for analyzing and improving the performance of transformations are needed. Overall, our data set consists the results of the online survey and the information necessary to repeat the survey. The questionnaire was fully answered by 84 participants. Our data set includes the processed answers and the anonymized raw data. Additionally, we have performed hypothesis tests. Their results and the variables used for them are also part of our data set. In order to support the repeatability of our study, our data set contains not only our questionnaire, but also the results of the snowballing we used for the design of the questions Q9 and Q15. Furthermore, we have conducted a Systematic Literature Review (SLR) about the transformation languages Atlas Transformation Language (ATL), Henshin, QVTo and Viatra, to find suitable participants for our study. Therefore, our data set also contains information about the execution of this SLR and its results