Beyond One-Shot Security: Keeping Information Systems Secure through Environment-Driven Knowledge Evolution (SecVolution)

DFG-SPP Design for Future – Managed Software Evolution" (SPP 1593) (2012-2015)


Project Description

Information systems are exposed to constantly changing environments which require constant updating. Software "ages" not by wearing out, but by failing to keep up-to-date with its environment. Security is an increasingly important quality aspect in modern information systems. At the same time, it is particularly affected by the above-mentioned risk of "software ageing". When an information system 1 handles assets of a company or an organization, any security loophole can be exploited by attackers. Advances in knowledge and technology of attackers are part of the above-mentioned environment of a security-relevant information system. Outdated security precautions can, therefore, permit sudden and substantial losses. Security in long-living information systems, thus, requires an on-going and systematic evolution of knowledge and software for its protection. Our objective is to develop techniques, tools, and processes that support security requirements and design analysis techniques for evolving information systems in order to ensure "lifelong" compliance to security requirements. We will build on the security requirements & design approach SecReq developed in previous joint work. As a core feature, this approach supports reusing security engineering experience gained during the development of security-critical software and feeding it back into the development process. We will develop heuristic tools and techniques that support elicitation of relevant changes in the environment. Findings will be formalized for semi-automatic security updates. During the evolution of a long-living information system, changes in the environment will be monitored and translated to adaptations that preserve or restore its security level.

Main Publications

  • R. Heinrich, S. Gärtner, T.-M. Hesse, T. Ruhroth, R. Reussner, K. Schneider, B. Paech, J. Jürjens: The CoCoME Platform: A Research Note on Empirical Studies in Information System Evolution. In: International Journal of Software Engineering and Knowledge Engineering (IJSEKE), 2015.
    @Article{ijseke16, author = {R.~Heinrich and S.~G\"artner and T.-M.~Hesse and T.~Ruhroth and R.~Reussner and K.~Schneider and B.~Paech and J.~{J}{\"u}{r}jens}, title = {The CoCoME Platform: A Research Note on Empirical Studies in Information System Evolution}, journal = {International Journal of Software Engineering and Knowledge Engineering (IJSEKE)}, year = {2015}, keywords = {modelbasedSecurityEngineering, softwareEvolution, secvolution}, }
     BibTeX 
  • J. Bürger, J. Jürjens, S. Wenzel: Restoring Security of Evolving Software Models using Graph-Transformation. In: International Journal on Software Tools for Technology Transfer (STTT), vol. 17, no. 3, pp. 267-289, 2015.
    @Article{BJW15, author = {J.~B\"urger and J.~J\"urjens and S.~Wenzel}, title = {Restoring Security of Evolving Software Models using Graph-Transformation}, journal = {International Journal on Software Tools for Technology Transfer (STTT)}, year = {2015}, volume = {17}, number = {3}, pages = {267--289}, doi = {10.1007/s1000901403648}, file = {preprint:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/papers/bjw15.pdf:URL}, keywords = {modelbasedSecurityEngineering, softwareEvolution, secvolution}, }
     BibTeX   DOI   preprint 
  • C. Apfelbeck, M. Fritz, J. Jürjens, J. Zweihoff: Preserving Validity of Batch-job Nets under Change at Runtime. In: 39th Annual IEEE Computer Software and Applications Conference (COMPSAC 2015), IEEE, 2015. 10 pp.
    @InProceedings{compsac15A, author = {C.~Apfelbeck and M.~Fritz and J.~{J}{\"u}{r}jens and J.~Zweihoff}, title = {Preserving Validity of Batch-job Nets under Change at Runtime}, booktitle = {39th Annual IEEE Computer Software and Applications Conference (COMPSAC 2015)}, OPTpages = {}, note = {10 pp.}, year = {2015}, organization = {IEEE}, keywords = {internationalConferences, softwareEvolution, secvolution}, file = {preprint:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/papers/compsac15A.pdf:URL}, }
     BibTeX   preprint 
  • J. Bürger, S. Gärtner, T. Ruhroth, J. Zweihoff, J. Jürjens, K. Schneider: Restoring Security of Long-Living Systems by Co-Evolution. In: 39th Annual IEEE Computer Software and Applications Conference (COMPSAC 2015), IEEE, 2015.
    @InProceedings{compsac15B, author = {J.~B{\"u}rger and S.~G{\"a}rtner and T.~Ruhroth and J.~Zweihoff and J.~{J}{\"u}{r}jens and K.~Schneider}, title = {Restoring Security of Long-Living Systems by Co-Evolution}, booktitle = {39th Annual IEEE Computer Software and Applications Conference (COMPSAC 2015)}, OPTpages = {}, year = {2015}, organization = {IEEE}, keywords = {internationalConferences, softwareEvolution, secvolution}, file = {preprint:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/papers/compsac15B.pdf:URL}, }
     BibTeX   preprint 
  • S. Wenzel, D. Warzecha, J. Jürjens, M. Ochoa: UMLchange - Specifying Model Changes to Support Security Verification of Potential Evolution. In: Journal of Computer Standards & Interfaces, vol. 36, pp. 776-791, 2014. Special Issue on Security in Information Systems.
    @Article{CSI14wwjo, author = {S.~Wenzel and D.~Warzecha and J.~J{\"u}rjens and M.~Ochoa}, title = {{UMLchange} -- Specifying Model Changes to Support Security Verification of Potential Evolution}, journal = {Journal of Computer Standards \& Interfaces}, year = {2014}, volume = {36}, issue = {4}, pages = {776--791}, note = {Special Issue on Security in Information Systems.}, file = {preprint:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/papers/csi14wwjo.pdf:URL;dblp:http://dblp.uni-trier.de/pers/hd/j/J=uuml=rjens:Jan:URL}, DOI = {http://doi.org/10.1016/j.csi.2013.12.011}, keywords = {selectedPub,modelbasedSecurityEngineering,softwareEvolution, secvolution}, }
     BibTeX   DOI   preprint   dblp 
  • S. Gärtner, T. Ruhroth, J. Bürger, K. Schneider, J. Jürjens: Maintaining Requirements for Long-Living Software Systems by Incorporating Security Knowledge. In: 22nd IEEE International Requirements Engineering Conference, pp. 103-112, IEEE, 2014.
    @InProceedings{re14GRBSJ, author = {S.~G{\"a}rtner and T.~Ruhroth and J.~B{\"u}rger and K.~Schneider and J.~J{\"u}rjens}, title = {Maintaining Requirements for Long-Living Software Systems by Incorporating Security Knowledge}, booktitle = {22nd IEEE International Requirements Engineering Conference}, pages = {103--112}, year = {2014}, organization = {IEEE}, DOI = {10.1109/RE.2014.6912252}, file = {preprint:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/papers/re14grbsj.pdf:URL;slides:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/slides/Presentation-RE-2014-Gaertner.pdf:URL;dblp:http://dblp.uni-trier.de/pers/hd/j/J=uuml=rjens:Jan:URL}, keywords = {internationalConferences, secureSoftwareEngineeringSecurityRequirementsEngineering, secvolution}, }
     BibTeX   DOI   preprint   slides   dblp 
  • T. Ruhroth, S. Gärtner, J. Bürger, J. Jürjens, K. Schneider: Towards Adaptation and Evolution of Domain-specific Knowledge for Maintaining Secure Systems. In: 15th International Conference of Product Focused Software Development and Process Improvement (Profes'14), Springer-Verlag, LNCS, vol. 8892, pp. 239-253, 2014.
    @InProceedings{profes14, author = {T.~Ruhroth and S.~G{\"a}rtner and J.~B{\"u}rger and J.~J{\"u}rjens and K.~Schneider}, title = {Towards Adaptation and Evolution of Domain-specific Knowledge for Maintaining Secure Systems}, booktitle = {15th International Conference of Product Focused Software Development and Process Improvement (Profes'14)}, pages = {239--253}, year = {2014}, volume = {8892}, series = {LNCS}, publisher = {Springer-Verlag}, DOI = {10.1007/978-3-319-13835-0_17}, file = {preprint:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/papers/profes14.pdf:URL;dblp:http://dblp.uni-trier.de/pers/hd/j/J=uuml=rjens:Jan:URL;SpringerLink:http://link.springer.com/chapter/10.1007/978-3-319-13835-0_17:URL}, keywords = {internationalConferences, softwareEvolution, secvolution}, }
     BibTeX   DOI   preprint   dblp   SpringerLink 
  • J. Bürger, J. Jürjens, T. Ruhroth, S. Gärtner, K. Schneider: Model-based Security Engineering: Managed Co-Evolution of Security Knowledge and Software Models. In: A. Aldini, J. Lopez, F. Martinelli (editors): Lecture Notes in Computer Science pp. 34-53 Foundations of Security Analysis and Design VII: FOSAD Tutorial Lectures, 2014
    @InCollection{fosad14, author = {J.~B{\"u}rger and J.~{J}{\"u}{r}jens and T.~Ruhroth and S.~G{\"a}rtner and K.~Schneider}, title = {Model-based Security Engineering: Managed Co-Evolution of Security Knowledge and Software Models}, booktitle = {Foundations of Security Analysis and Design VII: FOSAD Tutorial Lectures}, year = {2014}, editor = {A.~Aldini and J.~Lopez and F.~Martinelli}, volume = {8604}, series = {Lecture Notes in Computer Science}, pages = {34--53}, file = {preprint:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/papers/fosad14.pdf:URL;dblp:http://dblp.uni-trier.de/pers/hd/j/J=uuml=rjens:Jan:URL;SpringerLink:http://link.springer.com/chapter/10.1007/978-3-319-10082-1_2:URL}, keywords = {invitedBookChapters, softwareEvolution, secvolution}, }
     BibTeX   preprint   dblp   SpringerLink 
  • T. Humberg, C. Wessel, D. Poggenpohl, S. Wenzel, T. Ruhroth, J. Jürjens: Using Ontologies to Analyze Compliance Requirements of Cloud-Based Processes. In: Cloud Computing and Services Science (selected best papers), Springer, Communications in Computer and Information Science, vol. 453, pp. 1-16, 2014.
    @InProceedings{closer13selected, author = {T.~Humberg and C.~Wessel and D.~Poggenpohl and S.~Wenzel and T.~Ruhroth and J.~J{\"u}rjens}, title = {Using Ontologies to Analyze Compliance Requirements of Cloud-Based Processes}, booktitle = {Cloud Computing and Services Science (selected best papers)}, year = {2014}, volume = {453}, series = {Communications in Computer and Information Science}, publisher = {Springer}, keywords = {internationalConferences, secureSoftwareEngineeringSecureService/CloudBasedSystems, secvolution, secureSoftwareEngineeringCompliance}, file = {preprint:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/papers/closer13selected.pdf:URL;dblp:http://dblp.uni-trier.de/pers/hd/j/J=uuml=rjens:Jan:URL;SpringerLink:http://link.springer.com/chapter/10.1007/978-3-319-11561-0_3:URL}, pages = {1--16}, }
     BibTeX   preprint   dblp   SpringerLink 
  • T. Ruhroth, J. Jürjens: Supporting Security Assurance in the Context of Evolution: Modular Modeling and Analysis with UMLsec. In: International Symposium on High Assurance Systems Engineering (HASE), IEEE, pp. 177-184, 2012.
    @InProceedings{hase12RJ, author = {T.~Ruhroth and J.~{J}{\"u}{r}jens}, title = {Supporting Security Assurance in the Context of Evolution: Modular Modeling and Analysis with {UMLsec}}, booktitle = {International Symposium on High Assurance Systems Engineering (HASE)}, year = {2012}, pages = {177--184}, publisher = {IEEE}, DOI = {http://doi.ieeecomputersociety.org/10.1109/HASE.2012.35}, file = {preprint:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/papers/hase12RJ.pdf:URL;dblp:http://dblp.uni-trier.de/pers/hd/j/J=uuml=rjens:Jan:URL}, keywords = {internationalConferences, softwareEvolution, secvolution}, }
     BibTeX   DOI   preprint   dblp 

Further Publications, Talks and Demos

  • S. Gärtner, T. Ruhroth, J. Bürger, K. Schneider, J. Jürjens: Maintaining Long-Living Information Systems by Incorporating Evolving Security Knowledge. In: Software Engineering (SE 2015), Lecture Notes in Informatics, GI, 2015.
    @InProceedings{se15GRBSJ, author = {S.~G\"artner and T.~Ruhroth and J.~B\"urger and K.~Schneider and J.~{J}{\"u}{r}jens}, title = {Maintaining Long-Living Information Systems by Incorporating Evolving Security Knowledge}, booktitle = {Software Engineering (SE 2015)}, OPTpages = {}, year = {2015}, OPTeditor = {}, OPTvolume = {}, OPTnumber = {}, series = {Lecture Notes in Informatics}, organization = {GI}, keywords = {hotOffThePress,workshop, industrialConferences} }
     BibTeX 
  • M. Felderer, B. Katt, P. Kalb, J. Jürjens, M. Ochoa, F. Paci, L.M.S. Tran, T.T. Tun, K. Yskout, R. Scandariato, F. Piessens, D. Vanoverberghe, E. Fourneret, M. Gander, B. Solhaug, R. Breu: Evolution of Security Engineering Artifacts: A State of the Art Survey. In: International Journal of Secure Software Engineering (IJSSE), vol. 5, no. 4, 2014.
    @Article{ijsse14, author = {M.~Felderer and B.~Katt and P.~Kalb and J.~J\"urjens and M.~Ochoa and F.~Paci and L.M.S.~Tran and T.T.~Tun and K.~Yskout and R.~Scandariato and F.~Piessens and D.~Vanoverberghe and E.~Fourneret and M.~Gander and B.~Solhaug and R.~Breu}, title = {Evolution of Security Engineering Artifacts: A State of the Art Survey}, journal = {International Journal of Secure Software Engineering (IJSSE)}, year = {2014}, volume = {5}, number = {4}, OPTpages = {}, file = {preprint:http://www.researchgate.net/profile/Michael_Felderer/publication/271213941_Evolution_of_Security_Engineering_Artifacts_A_State_of_the_Art_Survey/links/54c28b210cf2911c7a492759.pdf?ev=pub_ext_doc_dl&origin=publication_detail&inViewer=true:URL}, keywords = {modelbasedSecurityEngineering} }
     BibTeX   preprint 
  • J. Jürjens, K. Schneider: The SecReq approach: From Security Requirements to Secure Design while Managing Software Evolution. In: Software Engineering (SE 2014), Lecture Notes in Informatics, GI, 2014.
    @Inproceedings{se14JS, Title = {The SecReq approach: From Security Requirements to Secure Design while Managing Software Evolution}, Author = {J.~{J}{\"u}{r}jens and K.~Schneider}, Booktitle = {Software Engineering (SE 2014)}, Year = {2014}, Organization = {GI}, Series = {Lecture Notes in Informatics}, File = {preprint:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/papers/se14JS.pdf:URL}, Keywords = {hotOffThePress,workshop, industrialConferences} }
     BibTeX   preprint 
  • J. Jürjens: Security Certification in the Presence of Evolution: Models vs. Code (Invited talk). In: International Workshop on Safety and Formal Methods (SaFoMe@SEFM 2014), LNCS, 2014.
    @InProceedings{safome14J, author = {J.~{J}{\"u}{r}jens}, title = {Security Certification in the Presence of Evolution: Models vs. Code (Invited talk)}, booktitle = {International Workshop on Safety and Formal Methods (SaFoMe@SEFM 2014)}, OPTpages = {}, year = {2014}, OPTeditor = {}, OPTvolume = {}, OPTnumber = {}, series = {LNCS}, file = {slides:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/slides/safome14.pdf:URL;audio:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/audio/safome14.wav:URL}, keywords = {hotOffThePress, invitedTalk, invitedWorkshop} }
     BibTeX   slides   audio 
  • T. Ruhroth, S. Gärtner, J. Bürger, J. Jürjens, K. Schneider: Versioning and Evolution Requirements for Model-Based System Development. In: International Workshop on Comparison and Versioning of Software Models (CVSM 2014), Softwaretechnik-Trends, vol. 34/2, pp. 20-24, 2014.
    @INPROCEEDINGS{cvsm14RGBJS, author = {T.~Ruhroth and S.~G\"artner and J.~B\"urger and J.~{J}{\"u}{r}jens and K.~Schneider}, title = {Versioning and Evolution Requirements for Model-Based System Development}, booktitle = {International Workshop on Comparison and Versioning of Software Models (CVSM 2014)}, pages = {20--24}, volume = {34/2}, series = {Softwaretechnik-Trends}, year = {2014}, keywords = {hotOffThePress, workshop}, file = {preprint:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/papers/cvsm14.pdf:URL}, }
     BibTeX   preprint 
  • S. Gärtner, J. Bürger, K. Schneider, J. Jürjens: Zielgerichtete Anpassung von Software nach der Evolution von kontextspezifischem Wissen. In: 1st Collaborative Workshop on Evolution and Maintenance of Long-Living Systems (EMLS14), 2014.
    @Inproceedings{emls14GBSJ, Title = {Zielgerichtete Anpassung von Software nach der Evolution von kontextspezifischem Wissen}, Author = {S.~G\"artner and J.~B\"urger and K.~Schneider and J.~{J}{\"u}{r}jens}, Booktitle = {1st Collaborative Workshop on Evolution and Maintenance of Long-Living Systems (EMLS14)}, Year = {2014}, File = {preprint:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/papers/emls14GBSJ.pdf:URL}, Keywords = {hotOffThePress, nonEnglish} }
     BibTeX   preprint 
  • Stefan Gärtner, Thorsten Kerber, Kurt Schneider: Sicherheitslücken in Android-Apps durch die Demonstration von Angriffen aufspüren Presentation @ iqnite 2014, Düsseldorf 2014
    @MISC{GKS14, author = {Stefan G\"{a}rtner and Thorsten Kerber and Kurt Schneider}, title = {{Sicherheitslücken in Android-Apps durch die Demonstration von Angriffen aufspüren}}, howpublished = {Presentation @ iqnite 2014, D\"{u}sseldorf}, year = {2014}, owner = {sgaertner}, timestamp = {2014.02.12} }
     BibTeX 
  • Stefan Gärtner, Tom-Michael Hesse, Kurt Schneider, Barbara Paech: Capturing and Documentation of Decisions in Security Requirements Engineering through Heuristics. In: GI-Fachgruppen-Treffen Requirements Engineering, Ilmenau, GI, November 2013.
    @CONFERENCE{Gaertner2013, author = {Stefan Gärtner and Tom-Michael Hesse and Kurt Schneider and Barbara Paech}, title = {{C}apturing and {D}ocumentation of {D}ecisions in {S}ecurity {R}equirements {E}ngineering through {H}euristics}, booktitle = {{GI}-{F}achgruppen-{T}reffen {R}equirements {E}ngineering, {I}lmenau}, year = {2013}, month = {November}, organization = {GI}, url = {http://fg-re.gi.de/fileadmin/gliederungen/fg-re/Treffen_2013/Gaertner.pdf}, }
     BibTeX   URL 
  • J. Jürjens: Security for Changing Software and Systems (Invited Talk) tubs.CITY Symposium 2013, Braunschweig 2013
    @MISC{Jur14, author = {J.~J\"{u}rjens}, title = {Security for Changing Software and Systems (Invited Talk)}, howpublished = {tubs.CITY Symposium 2013, Braunschweig}, year = {2013} }
     BibTeX 
  • J. Jürjens: Model-centric Security Verification subject to Evolution (Invited Talk) Eternals Workshop @ ESSOS'13, Paris 2013
    @MISC{Jur13, author = {J.~J\"{u}rjens}, title = {Model-centric Security Verification subject to Evolution (Invited Talk)}, howpublished = {Eternals Workshop @ ESSOS'13, Paris}, year = {2013} }
     BibTeX 
  • J. Jürjens, K. Schneider: Beyond One-Shot Security. In: Modelling and Quality in Requirements Engineering (Essays Dedicated to Martin Glinz on the Occasion of His 60th Birthday), Verlagshaus Monsenstein und Vannerdat, pp. 131-141, 2012.
    @INPROCEEDINGS{JurSch12, author = {J.~{J}{\"u}{r}jens and K.~Schneider}, title = {Beyond One-Shot Security}, booktitle = {Modelling and Quality in Requirements Engineering (Essays Dedicated to Martin Glinz on the Occasion of His 60th Birthday)}, year = {2012}, pages = {131--141}, publisher = {Verlagshaus Monsenstein und Vannerdat}, file = {preprint:http\://rgse.uni-koblenz.de/web/pages/people/juerjens/publications/papers/glinz12JS.pdf:URL}, keywords = {invitedBookChapters} }
     BibTeX   preprint 

Preliminary Work: Publications

  • A. Bauer, J. Jürjens, Yijun Yu: Run-Time Security Traceability for Evolving Systems. In: The Computer Journal, vol. 54, pp. 58-87, 2011.
    @ARTICLE{Bauer2011, author = {A. Bauer AND J. J\"urjens AND Yijun Yu}, title = {Run-Time Security Traceability for Evolving Systems}, journal = {The Computer Journal}, year = {2011}, volume = {54}, pages = {58-87}, issue = {1}, publisher = {Oxford Univ. Press} }
     BibTeX 
  • B. Best, J. Jürjens, B. Nuseibeh: Model-based Security. In: Engineering of Distributed Information Systems using UMLsec. 29th International Conference on Software Engineering (ICSE 2007), ACM, pp. 581-590, 2007.
    @INPROCEEDINGS{Best2007, author = {B. Best AND J. J\"urjens AND B. Nuseibeh}, title = {Model-based Security}, booktitle = {Engineering of Distributed Information Systems using UMLsec. 29th International Conference on Software Engineering (ICSE 2007)}, year = {2007}, pages = {581-590}, publisher = {ACM} }
     BibTeX 
  • S.H. Houmb, S. Islam, E. Knauss, J. Jürjens, K. Schneider: Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec. In: Requirements Engineering Journal (REJ), vol. vol. 15(1), pp. pp. 63-93, 2010.
    @ARTICLE{Houmb2010, author = {S.H. Houmb AND S. Islam AND E. Knauss AND J. J\"{u}rjens AND K. Schneider}, title = {Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec}, journal = {Requirements Engineering Journal (REJ)}, year = {2010}, volume = {vol. 15(1)}, pages = {pp. 63-93} }
     BibTeX 
  • D. Lübke, T. Lüecke, K. Schneider, J.M. Gómez: Using Event-Driven Process Chains for Model-Driven Development of Business Applications. In: International Journal of Business Process Integration and Management (IJBPIM), 2007.
    @ARTICLE{Luebke2007, author = {D. L\"ubke AND T. Lüecke AND K. Schneider AND J.M. Gómez}, title = {Using Event-Driven Process Chains for Model-Driven Development of Business Applications}, journal = {International Journal of Business Process Integration and Management (IJBPIM)}, year = {2007} }
     BibTeX 
  • H. Mouratidis, J. Jürjens: From Goal-Driven Security Requirements Engineering to Secure Design. In: International Journal of Intelligent Systems (IJIS) (Wiley Interscience), vol. Volume 25, pp. 813-840, August 2010.
    @ARTICLE{Mouratidis2010, author = {H. Mouratidis AND J. J\"urjens}, title = {From Goal-Driven Security Requirements Engineering to Secure Design}, journal = {International Journal of Intelligent Systems (IJIS) (Wiley Interscience)}, year = {2010}, volume = {Volume 25}, pages = {813-840}, month = {August}, issue = {8} }
     BibTeX 
  • Thomas Ruhroth: Generische Refactoring-Spezifikation für Korrektheitsbeweise in mehrsichtigen Modellsprachen Universität Paderborn, 2011 (PhD-Thesis).
    In software development it is necessary that program code and models can be maintained. Refactoring is a best practice in code development which can be used to improve the internal quality of given code. Refactoring means modifying code without changing its behaviour. It is also desirable to improve the internal quality of formal models. Unlike programs most models are not executable. Thus, refactoring techniques need to be adapted. For example, a suitable definition of behaviour preservation is needed. A technique often used in the context of models is the usage of multiple views on one model, e.g. to specify several aspects using different diagrams. This also implies the need to adapt existing refactoring techniques. The aim of this work is to describe refactorings of formal models and to ensure the behaviour preservation of these refactorings. The language family ReL (Refactoring Language) is used to describe refactorings of simple imperative programs (FWHILE) and specifications given in an integrated formal method (CSP-OZ). In particular, the structure of ReL allows proving behaviour preservation without transferring the refactoring to a different representation. ReL uses templates to describe the state of the code before and after the refactoring. These templates are divided into subtemplates. These subtemplates can be used in different views and therefore provide the possibility to describe multi-view refactorings. Also the structure of ReL allows a refactoring to be applied to a model as well as the formal analysis. ReL is derived using techniques of \emph {Domain Specific Languages}. Thus, ReL depends on the syntax definition of the language to be refactored. This process allows ReL to derive a ReL-Instance for all languages that be described as Backus-Naur Form (BNF). The application is therefore not restricted to formal model languages, but can also be applied to programming languages. The preservation of the behaviour can be proved using these templates. Techniques are presented to simplify these proofs. Observation points will help to reduce the actual proof to a certain area in the semantics of the model. Also the techniques for multi view models will be derived out of observation point. Three different types of interactions are distinguishable. Refactorings affecting a single view, refactorings with condition to other views, and refactorings with effects on multiple views.
     Abstract 
    @PHDTHESIS{Ruhroth2011, author = {Thomas Ruhroth}, title = {Generische Refactoring-Spezifikation für Korrektheitsbeweise in mehrsichtigen Modellsprachen}, school = {Universität Paderborn}, year = {2011}, abstract = { In software development it is necessary that program code and models can be maintained. Refactoring is a best practice in code development which can be used to improve the internal quality of given code. Refactoring means modifying code without changing its behaviour. It is also desirable to improve the internal quality of formal models. Unlike programs most models are not executable. Thus, refactoring techniques need to be adapted. For example, a suitable definition of behaviour preservation is needed. A technique often used in the context of models is the usage of multiple views on one model, e.g. to specify several aspects using different diagrams. This also implies the need to adapt existing refactoring techniques. The aim of this work is to describe refactorings of formal models and to ensure the behaviour preservation of these refactorings. The language family ReL (Refactoring Language) is used to describe refactorings of simple imperative programs (FWHILE) and specifications given in an integrated formal method (CSP-OZ). In particular, the structure of ReL allows proving behaviour preservation without transferring the refactoring to a different representation. ReL uses templates to describe the state of the code before and after the refactoring. These templates are divided into subtemplates. These subtemplates can be used in different views and therefore provide the possibility to describe multi-view refactorings. Also the structure of ReL allows a refactoring to be applied to a model as well as the formal analysis. ReL is derived using techniques of \emph {Domain Specific Languages}. Thus, ReL depends on the syntax definition of the language to be refactored. This process allows ReL to derive a ReL-Instance for all languages that be described as Backus-Naur Form (BNF). The application is therefore not restricted to formal model languages, but can also be applied to programming languages. The preservation of the behaviour can be proved using these templates. Techniques are presented to simplify these proofs. Observation points will help to reduce the actual proof to a certain area in the semantics of the model. Also the techniques for multi view models will be derived out of observation point. Three different types of interactions are distinguishable. Refactorings affecting a single view, refactorings with condition to other views, and refactorings with effects on multiple views.} }
     BibTeX 
  • T. Ruhroth, H. Wehrheim: Refinement-Preserving Co-evolution. In: Karin Breitman, Ana Cavalcanti (editors): Formal Methods and Software Engineering, 11th International Conference on Formal Engineering Methods, ICFEM 2009, Rio de Janeiro, Brazil, December 9-12, 2009., Springer, pp. 620-638, 2009.
    Software changes during its lifetime. Likewise, specifications change during their design time, e.g. by removing, adding or changing operations. In a refinement-based approach to software design, we moreover do not deal with a single but with a chain of specifications, related via refinement. Changes thus need to be consistently made to all specifications in the chain so as to keep the refinement structure. In this paper, we describe such co-evolutions of specifications in the context of the formal method Object-Z. More specifically, given a particular evolution of a specification we show how to construct a corresponding evolution for its refinements. We furthermore formally prove our co-evolutions to maintain refinement, thus giving rise to a notion of refinement-preserving co-evolution.
     Abstract 
    @INPROCEEDINGS{Ruhroth2009, author = {T. Ruhroth AND H. Wehrheim}, title = {Refinement-Preserving Co-evolution}, booktitle = {Formal Methods and Software Engineering, 11th International Conference on Formal Engineering Methods, ICFEM 2009, Rio de Janeiro, Brazil, December 9-12, 2009.}, year = {2009}, editor = {Karin Breitman and Ana Cavalcanti}, volume = {5885}, pages = {620--638}, publisher = {Springer}, abstract = {Software changes during its lifetime. Likewise, specifications change during their design time, e.g. by removing, adding or changing operations. In a refinement-based approach to software design, we moreover do not deal with a single but with a chain of specifications, related via refinement. Changes thus need to be consistently made to all specifications in the chain so as to keep the refinement structure. In this paper, we describe such co-evolutions of specifications in the context of the formal method Object-Z. More specifically, given a particular evolution of a specification we show how to construct a corresponding evolution for its refinements. We furthermore formally prove our co-evolutions to maintain refinement, thus giving rise to a notion of refinement-preserving co-evolution. }, doi = {http://dx.doi.org/10.1007/978-3-642-10373-5_32} }
     BibTeX   DOI 
  • K.\ Schneider: Rationale as a By-Product. In: Rationale Management in Software Engineering, Springer, pp. 91-109, 2006.
    @INPROCEEDINGS{Schneider2006, author = {K.\ Schneider}, title = {Rationale as a By-Product}, booktitle = {Rationale Management in Software Engineering}, year = {2006}, pages = {91-109}, publisher = {Springer}, editors = {Dutoit, A. H. M. AND Mistrik, I. AND Paech, B.} }
     BibTeX 
  • K. Schneider: Prototypes as Assets, not Toys. Why and How to Extract Knowledge from Prototypes. In: 18th International Conference on Software Engineering (ICSE-18), pp. 522-531, 1996.
    @INPROCEEDINGS{Schneider1996, author = {K. Schneider}, title = {Prototypes as Assets, not Toys. Why and How to Extract Knowledge from Prototypes}, booktitle = {18th International Conference on Software Engineering (ICSE-18)}, year = {1996}, pages = {522-531} }
     BibTeX 
  • K. Schneider, E. Knauss, S. Houmb, S. Islam, J. Jürjens: Enhancing security requirements engineering by organizational learning. In: Requirements Engineering Journal (REJ) special issue on the 17th International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ '11), .
    @ARTICLE{Schneider, author = {K. Schneider AND E. Knauss AND S. Houmb AND S. Islam AND J. J\"urjens}, title = {Enhancing security requirements engineering by organizational learning}, journal = {Requirements Engineering Journal (REJ) special issue on the 17th International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ '11)}, doi = {10.1007/s00766-011-0141-0}, publisher = {Published online.} }
     BibTeX   DOI 
  • K. Schneider, D. Lübke: Modeling and Improving Information Flows in the Development of Large Business Applications. In: Software Architecture Knowledge Management. Theory and Practice, Springer, pp. 175-198, 2009.
    @INPROCEEDINGS{Schneider2009, author = {K. Schneider AND D. L\"ubke}, title = {Modeling and Improving Information Flows in the Development of Large Business Applications}, booktitle = {Software Architecture Knowledge Management. Theory and Practice }, year = {2009}, pages = {175-198}, publisher = {Springer}, editors = {M. Ali Babar AND T. Dingsøyr AND P. Lago AND H. Vliet} }
     BibTeX