Erweiterung der automatischen statischen Codeanalyse um Social Coding

In dieser Masterarbeit wird zunächst eine Definition für Social Coding hergeleitet. Danach werden verschiedenen Ansätze für Social Coding in die drei Kategorien, Kommunikation, Kooperation und Koordination des 3C-Modells sowie nach der grundlegenden Art des Ansatzes eingeteilt. Zu den analysierten Ansätzen gehören Online-Plattformen wie Stack Overflow und GitHub sowie Entwicklungsumgebungen und Erweiterungen davon wie Cloud9 und Visual Studio Anywhere. Im Weiteren werden zwei Ansätze zur Erweiterung der statischen Code-Analyse Software FindBugs um Social Coding vorgestellt. Die erste Erweiterung bietet dem Benutzer die Möglichkeit gefundene Bugs zu Online-Plattformen zu exportieren während die zweite Erweiterung ein eigenes Bug-Tracking-System mit dem Hauptaugenmerk auf einem Kommentarsystem im Quellcode-Repository des Projekts abbildet und mit einer modernen Oberfläche präsentiert.A definition for the term social coding is derived first in this thesis. Afterwards different approaches for social coding are put in the three categories, communication, cooperation and coordination of the 3C-Model as well as grouped by the kind of their approach. The analyzed approaches consist of online platforms like Stack Overflow and GitHub and also development environments and extensions of them like Cloud9 and Visual Studio Anywhere. Apart from that two approaches that add social coding to the static code analysis software FindBugs are being presented. The first approach offers an export possibility to an online platform for bugs whereas the second approach implements social coding itself in form of a bug-tracking-system with focus on a commenting-system and presenting that through a modern user interface

Exploratory Study of the Privacy Extension for System Theoretic Process Analysis (STPA-Priv) to elicit Privacy Risks in eHealth

Context: System Theoretic Process Analysis for Privacy (STPA-Priv) is a novel privacy risk elicitation method using a top down approach. It has not gotten very much attention but may offer a convenient structured approach and generation of additional artifacts compared to other methods. Aim: The aim of this exploratory study is to find out what benefits the privacy risk elicitation method STPA-Priv has and to explain how the method can be used. Method: Therefore we apply STPA-Priv to a real world health scenario that involves a smart glucose measurement device used by children. Different kinds of data from the smart device including location data should be shared with the parents, physicians, and urban planners. This makes it a sociotechnical system that offers adequate and complex privacy risks to be found. Results: We find out that STPA-Priv is a structured method for privacy analysis and finds complex privacy risks. The method is supported by a tool called XSTAMPP which makes the analysis and its results more profound. Additionally, we learn that an iterative application of the steps might be necessary to find more privacy risks when more information about the system is available later. Conclusions: STPA-Priv helps to identify complex privacy risks that are derived from sociotechnical interactions in a system. It also outputs privacy constraints that are to be enforced by the system to ensure privacy.Comment: author's post-prin

Fluid Intelligence Doesn't Matter! Effects of Code Examples on the Usability of Crypto APIs

Context: Programmers frequently look for the code of previously solved problems that they can adapt for their own problem. Despite existing example code on the web, on sites like Stack Overflow, cryptographic Application Programming Interfaces (APIs) are co monly misused. There is little known about what makes examples helpful for developers in using crypto APIs. Analogical problem solving is a psychological theory that investigates how people use known solutions to solve new problems. There is evidence that the capacity to reason and solve novel problems a.k.a Fluid Intelligence (Gf ) and structurally and procedurally similar solutions support problem solving. Aim: Our goal is to understand whether similarity and Gf also have an effect in the context of using cryptographic APIs with the help of code examples. Method: We conducted a controlled experiment with 76 student participants developing with or without procedurally similar examples, one of two Java crypto libraries and measured the Gf of the participants as well as the effect on usability (effectiveness, efficiency, satisfaction) and security bugs. Results: We observed a strong effect of code examples with a high procedural similarity on all dependent variables. Fluid intelligence Gf had no effect. It also made no difference which library the participants used. Conclusions: Example code must be more highly similar to a concrete solution, not very abstract and generic to have a positive effect in a development task.Comment: 2 page

Assessing iterative practical software engineering courses with play money

Changing our practical software engineering course from the previous waterfall model to a more agile and iterative approach created more severe assessment challenges. To cope with them we added an assessment concept based on play money. The concept not only includes weekly expenses to simulate real running costs but also investments, which correspond to assessment results of the submissions. This concept simulates a startup-like working environment and its financing in an university course. Our early evaluation shows that the combination of the iterative approach and the play money investments is motivating for many students. At this point we think that the combined approach has advantages from both the supervising and the students point of view. We planned more evaluations to better understand all its effects

Distributed model repository for TOSCA

In dieser Bachelorarbeit untersuche ich die Möglichkeit, existierende Back-End Systeme, wie zum Beispiel Datenbanksysteme, durch verteilte verteilte Versionsverwaltungssysteme (VVS) zu ersetzen. Dabei gehe ich auf die Anforderungen ein, die bei verteilter Arbeit wichtig sind und vergleiche verschiedene VVS miteinander. Im Weiteren stelle ich 3 unterschiedliche Ansätze, wie ein Back-End so mit einem VVS implementiert werden könnte, vor. Als konkrete Implementierung zeige ich dabei eine auf git aufbauende Zwischenschicht GitWorkingTreeWatcher, die einfach in vorhandene Anwendungen integriert werden kann. Diese ermöglicht es die in einem Ordner gespeicherten Dateien, automatisch mit git zu versionieren. Zusätzlich entwickle ich ein beispielhaftes Konzept wie ein versioniertes Repository im VALESCA dargestellt werden könnte und gehe darauf ein, wie die Architektur zur Integration eines versionierten Repositories, geändert werden sollte.In this bachelor thesis I analyze, how existing back-end systems like database systems may be replaced by distributed revision control systems (drcs). Herby I discuss requirements that are important in distributed work and compare different drcs. Further I present 3 different approaches for implementing a back-end with drcs like discussed. As working implementation I present a git based GitWorkingTreeWatcher which is easy to integrate into existing projects. It enables automatic versioning of a given folder with git. Furthermore, I develop an example concept how a versioned repository may be represented in VALESCA and show how the architecture should be adopted to support a versioned repository

Introductory Practical Software Engineering course - Documentation

<p>Documentation material for the Introductory Practical Software Engineering course of the Software Engineering Group at the University of Stuttgart.</p

The AVARE PATRON : A Holistic Privacy Approach for the Internet of Things

Applications for the Internet of Things are becoming increasingly popular. Due to the large amount of available context data, such applications can be used effectively in many domains. By interlinking these data and analyzing them, it is possible to gather a lot of knowledge about a user. Therefore, these applications pose a threat to privacy. In this paper, we illustrate this threat by looking at a real-world application scenario. Current state of the art focuses on privacy mechanisms either for Smart Things or for big data processing systems. However, our studies show that for a comprehensive privacy protection a holistic view on these applications is required. Therefore, we describe how to combine two promising privacy approaches from both categories, namely AVARE and PATRON. Evaluation results confirm the thereby achieved synergy effects