11 research outputs found
Erweiterung der automatischen statischen Codeanalyse um Social Coding
In dieser Masterarbeit wird zunächst eine Definition für Social Coding hergeleitet. Danach werden verschiedenen Ansätze für Social Coding in die drei Kategorien, Kommunikation, Kooperation und Koordination des 3C-Modells sowie nach der grundlegenden Art des Ansatzes eingeteilt. Zu den analysierten Ansätzen gehören Online-Plattformen wie Stack Overflow und GitHub sowie Entwicklungsumgebungen und Erweiterungen davon wie Cloud9 und Visual Studio Anywhere. Im Weiteren werden zwei Ansätze zur Erweiterung der statischen Code-Analyse Software FindBugs um Social Coding vorgestellt. Die erste Erweiterung bietet dem Benutzer die Möglichkeit gefundene Bugs zu Online-Plattformen zu exportieren während die zweite Erweiterung ein eigenes Bug-Tracking-System mit dem Hauptaugenmerk auf einem Kommentarsystem im Quellcode-Repository des Projekts abbildet und mit einer modernen Oberfläche präsentiert.A definition for the term social coding is derived first in this thesis. Afterwards different approaches for social coding are put in the three categories, communication, cooperation and coordination of the 3C-Model as well as grouped by the kind of their approach. The analyzed approaches consist of online platforms like Stack Overflow and GitHub and also development environments and extensions of them like Cloud9 and Visual Studio Anywhere. Apart from that two approaches that add social coding to the static code analysis software FindBugs are being presented. The first approach offers an export possibility to an online platform for bugs whereas the second approach implements social coding itself in form of a bug-tracking-system with focus on a commenting-system and presenting that through a modern user interface
Exploratory Study of the Privacy Extension for System Theoretic Process Analysis (STPA-Priv) to elicit Privacy Risks in eHealth
Context: System Theoretic Process Analysis for Privacy (STPA-Priv) is a novel
privacy risk elicitation method using a top down approach. It has not gotten
very much attention but may offer a convenient structured approach and
generation of additional artifacts compared to other methods. Aim: The aim of
this exploratory study is to find out what benefits the privacy risk
elicitation method STPA-Priv has and to explain how the method can be used.
Method: Therefore we apply STPA-Priv to a real world health scenario that
involves a smart glucose measurement device used by children. Different kinds
of data from the smart device including location data should be shared with the
parents, physicians, and urban planners. This makes it a sociotechnical system
that offers adequate and complex privacy risks to be found. Results: We find
out that STPA-Priv is a structured method for privacy analysis and finds
complex privacy risks. The method is supported by a tool called XSTAMPP which
makes the analysis and its results more profound. Additionally, we learn that
an iterative application of the steps might be necessary to find more privacy
risks when more information about the system is available later. Conclusions:
STPA-Priv helps to identify complex privacy risks that are derived from
sociotechnical interactions in a system. It also outputs privacy constraints
that are to be enforced by the system to ensure privacy.Comment: author's post-prin
Fluid Intelligence Doesn't Matter! Effects of Code Examples on the Usability of Crypto APIs
Context: Programmers frequently look for the code of previously solved
problems that they can adapt for their own problem. Despite existing example
code on the web, on sites like Stack Overflow, cryptographic Application
Programming Interfaces (APIs) are co monly misused. There is little known about
what makes examples helpful for developers in using crypto APIs. Analogical
problem solving is a psychological theory that investigates how people use
known solutions to solve new problems. There is evidence that the capacity to
reason and solve novel problems a.k.a Fluid Intelligence (Gf ) and structurally
and procedurally similar solutions support problem solving. Aim: Our goal is to
understand whether similarity and Gf also have an effect in the context of
using cryptographic APIs with the help of code examples. Method: We conducted a
controlled experiment with 76 student participants developing with or without
procedurally similar examples, one of two Java crypto libraries and measured
the Gf of the participants as well as the effect on usability (effectiveness,
efficiency, satisfaction) and security bugs. Results: We observed a strong
effect of code examples with a high procedural similarity on all dependent
variables. Fluid intelligence Gf had no effect. It also made no difference
which library the participants used. Conclusions: Example code must be more
highly similar to a concrete solution, not very abstract and generic to have a
positive effect in a development task.Comment: 2 page
Assessing iterative practical software engineering courses with play money
Changing our practical software engineering course from the previous waterfall model to a more agile and iterative approach created more severe assessment challenges. To cope with them we added an assessment concept based on play money. The concept not only includes weekly expenses to simulate real running costs but also investments, which correspond to assessment results of the submissions. This concept simulates a startup-like working environment and its financing in an university course. Our early evaluation shows that the combination of the iterative approach and the play money investments is motivating for many students. At this point we think that the combined approach has advantages from both the supervising and the students point of view. We planned more evaluations to better understand all its effects
Distributed model repository for TOSCA
In dieser Bachelorarbeit untersuche ich die Möglichkeit, existierende Back-End Systeme, wie zum Beispiel Datenbanksysteme, durch verteilte verteilte Versionsverwaltungssysteme (VVS) zu ersetzen. Dabei gehe ich auf die Anforderungen ein, die bei verteilter Arbeit wichtig sind und vergleiche verschiedene VVS miteinander. Im Weiteren stelle ich 3 unterschiedliche Ansätze, wie ein Back-End so mit einem VVS implementiert werden könnte, vor. Als konkrete Implementierung zeige ich dabei eine auf git aufbauende Zwischenschicht GitWorkingTreeWatcher, die einfach in vorhandene Anwendungen integriert werden kann. Diese ermöglicht es die in einem Ordner gespeicherten Dateien, automatisch mit git zu versionieren. Zusätzlich entwickle ich ein beispielhaftes Konzept wie ein versioniertes Repository im VALESCA dargestellt werden könnte und gehe darauf ein, wie die Architektur zur Integration eines versionierten Repositories, geändert werden sollte.In this bachelor thesis I analyze, how existing back-end systems like database systems may be replaced by distributed revision control systems (drcs). Herby I discuss requirements that are important in distributed work and compare different drcs. Further I present 3 different approaches for implementing a back-end with drcs like discussed. As working implementation I present a git based GitWorkingTreeWatcher which is easy to integrate into existing projects. It enables automatic versioning of a given folder with git. Furthermore, I develop an example concept how a versioned repository may be represented in VALESCA and show how the architecture should be adopted to support a versioned repository
Introductory Practical Software Engineering course - Documentation
<p>Documentation material for the Introductory Practical Software Engineering course of the Software Engineering Group at the University of Stuttgart.</p
The AVARE PATRON : A Holistic Privacy Approach for the Internet of Things
Applications for the Internet of Things are becoming increasingly popular. Due to the large amount of available context data, such applications can be used effectively in many domains. By interlinking these data and analyzing them, it is possible to gather a lot of knowledge about a user. Therefore, these applications pose a threat to privacy. In this paper, we illustrate this threat by looking at a real-world application scenario. Current state of the art focuses on privacy mechanisms either for Smart Things or for big data processing systems. However, our studies show that for a comprehensive privacy protection a holistic view on these applications is required. Therefore, we describe how to combine two promising privacy approaches from both categories, namely AVARE and PATRON. Evaluation results confirm the thereby achieved synergy effects