Search

Your search keyword '"Pretschner, Alexander"' showing total 672 results
Start Over Author "Pretschner, Alexander"

Refine your results

more »

more »

more »

more »
672 results on '"Pretschner, Alexander"'

2. Analyzing the Accessibility of GitHub Repositories for PyPI and NPM Libraries

Author

Tsakpinis, Alexandros and Pretschner, Alexander

Subjects
Computer Science - Software Engineering
Abstract

Industrial applications heavily rely on open-source software (OSS) libraries, which provide various benefits. But, they can also present a substantial risk if a vulnerability or attack arises and the community fails to promptly address the issue and release a fix due to inactivity. To be able to monitor the activities of such communities, a comprehensive list of repositories for the libraries of an ecosystem must be accessible. Based on these repositories, integrated libraries of an application can be monitored to observe whether they are adequately maintained. In this descriptive study, we analyze the accessibility of GitHub repositories for PyPI and NPM libraries. For all available libraries, we extract assigned repository URLs, direct dependencies and use the page rank algorithm to comprehensively analyze the ecosystems from a library and dependency chain perspective. For invalid repository URLs, we derive potential reasons. Both ecosystems show varying accessibility to GitHub repository URLs, depending on the page rank score of the analyzed libraries. For individual libraries, up to 73.8% of PyPI and up to 69.4% of NPM libraries have repository URLs. Within dependency chains, up to 80.1% of PyPI libraries have URLs, while up to 81.1% for NPM. That means, most libraries, especially the ones of increasing importance, can be monitored on GitHub. Among the most common reasons for invalid repository URLs is no URLs being assigned at all, which amounts up to 17.9% for PyPI and up to 39.6% for NPM. Package maintainers should address this issue and update the repository information to enable monitoring of their libraries., Comment: 6 pages, 3 figures, accepted at 28th edition of International Conference on Evaluation and Assessment in Software Engineering (EASE 2024)

Published
2024
Full Text
View/download PDF

3. Rethinking People Analytics With Inverse Transparency by Design

Author

Zieglmeier, Valentin and Pretschner, Alexander

Subjects
Computer Science - Human-Computer Interaction, Computer Science - Software Engineering
Abstract

Employees work in increasingly digital environments that enable advanced analytics. Yet, they lack oversight over the systems that process their data. That means that potential analysis errors or hidden biases are hard to uncover. Recent data protection legislation tries to tackle these issues, but it is inadequate. It does not prevent data misusage while at the same time stifling sensible use cases for data. We think the conflict between data protection and increasingly data-driven systems should be solved differently. When access to an employees' data is given, all usages should be made transparent to them, according to the concept of inverse transparency. This allows individuals to benefit from sensible data usage while addressing the potentially harmful consequences of data misusage. To accomplish this, we propose a new design approach for workforce analytics we refer to as inverse transparency by design. To understand the developer and user perspectives on the proposal, we conduct two exploratory studies with students. First, we let small teams of developers implement analytics tools with inverse transparency by design to uncover how they judge the approach and how it materializes in their developed tools. We find that architectural changes are made without inhibiting core functionality. The developers consider our approach valuable and technically feasible. Second, we conduct a user study over three months to let participants experience the provided inverse transparency and reflect on their experience. The study models a software development workplace where most work processes are already digital. Participants perceive the transparency as beneficial and feel empowered by it. They unanimously agree that it would be an improvement for the workplace. We conclude that inverse transparency by design is a promising approach to realize accepted and responsible people analytics., Comment: Peer-reviewed version accepted for publication in Proceedings of the ACM on Human-Computer Interaction (PACMHCI) 7, CSCW2. Note: The introduction and motivation of this paper have evolved from arXiv:2103.10769, but the remainder is new. We keep the old paper online as they differ substantially

Published
2023
Full Text
View/download PDF

4. Decentralized Inverse Transparency With Blockchain

Author

Zieglmeier, Valentin, Daiqui, Gabriel Loyola, and Pretschner, Alexander

Subjects
Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing
Abstract

Employee data can be used to facilitate work, but their misusage may pose risks for individuals. Inverse transparency therefore aims to track all usages of personal data, allowing individuals to monitor them to ensure accountability for potential misusage. This necessitates a trusted log to establish an agreed-upon and non-repudiable timeline of events. The unique properties of blockchain facilitate this by providing immutability and availability. For power asymmetric environments such as the workplace, permissionless blockchain is especially beneficial as no trusted third party is required. Yet, two issues remain: (1) In a decentralized environment, no arbiter can facilitate and attest to data exchanges. Simple peer-to-peer sharing of data, conversely, lacks the required non-repudiation. (2) With data governed by privacy legislation such as the GDPR, the core advantage of immutability becomes a liability. After a rightful request, an individual's personal data need to be rectified or deleted, which is impossible in an immutable blockchain. To solve these issues, we present Kovacs, a decentralized data exchange and usage logging system for inverse transparency built on blockchain. Its new-usage protocol ensures non-repudiation, and therefore accountability, for inverse transparency. Its one-time pseudonym generation algorithm guarantees unlinkability and enables proof of ownership, which allows data subjects to exercise their legal rights regarding their personal data. With our implementation, we show the viability of our solution. The decentralized communication impacts performance and scalability, but exchange duration and storage size are still reasonable. More importantly, the provided information security meets high requirements. We conclude that Kovacs realizes decentralized inverse transparency through secure and GDPR-compliant use of permissionless blockchain., Comment: Peer-reviewed version accepted for publication in ACM Distributed Ledger Technologies: Research and Practice (DLT). arXiv admin note: substantial text overlap with arXiv:2104.09971

Published
2023
Full Text
View/download PDF

5. Better Safe Than Sorry! Automated Identification of Functionality-Breaking Security-Configuration Rules

Author

Stöckle, Patrick, Sammereier, Michael, Grobauer, Bernd, and Pretschner, Alexander

Subjects
Computer Science - Software Engineering
Abstract

Insecure default values in software settings can be exploited by attackers to compromise the system that runs the software. As a countermeasure, there exist security-configuration guides specifying in detail which values are secure. However, most administrators still refrain from hardening existing systems because the system functionality is feared to deteriorate if secure settings are applied. To foster the application of security-configuration guides, it is necessary to identify those rules that would restrict the functionality. This article presents our approach to use combinatorial testing to find problematic combinations of rules and machine learning techniques to identify the problematic rules within these combinations. The administrators can then apply only the unproblematic rules and, therefore, increase the system's security without the risk of disrupting its functionality. To demonstrate the usefulness of our approach, we applied it to real-world problems drawn from discussions with administrators at Siemens and found the problematic rules in these cases. We hope that this approach and its open-source implementation motivate more administrators to harden their systems and, thus, increase their systems' general security., Comment: Peer-reviewed version accepted for publication at the 4th ACM/IEEE International Conference on Automation of Software Test (AST 2023), May 15--16, 2023, Melbourne, AU

Published
2023
Full Text
View/download PDF

6. Feature Sets in Just-in-Time Defect Prediction: An Empirical Evaluation

Author

Bludau, Peter and Pretschner, Alexander

Subjects
Computer Science - Software Engineering
Abstract

Just-in-time defect prediction assigns a defect risk to each new change to a software repository in order to prioritize review and testing efforts. Over the last decades different approaches were proposed in literature to craft more accurate prediction models. However, defect prediction is still not widely used in industry, due to predictions with varying performance. In this study, we evaluate existing features on six open-source projects and propose two new features sets, not yet discussed in literature. By combining all feature sets, we improve MCC by on average 21%, leading to the best performing models when compared to state-of-the-art approaches. We also evaluate effort-awareness and find that on average 14% more defects can be identified, inspecting 20% of changed lines., Comment: 10 pages, 3 figures, accepted at the 18th edition of the International Conference on Predictive Models and Data Analytics in Software Engineering (PROMISE'22)

Published
2022
Full Text
View/download PDF

7. Automated Implementation of Windows-related Security-Configuration Guides

Author

Stöckle, Patrick, Grobauer, Bernd, and Pretschner, Alexander

Subjects
Computer Science - Cryptography and Security, Computer Science - Software Engineering
Abstract

Hardening is the process of configuring IT systems to ensure the security of the systems' components and data they process or store. The complexity of contemporary IT infrastructures, however, renders manual security hardening and maintenance a daunting task. In many organizations, security-configuration guides expressed in the SCAP (Security Content Automation Protocol) are used as a basis for hardening, but these guides by themselves provide no means for automatically implementing the required configurations. In this paper, we propose an approach to automatically extract the relevant information from publicly available security-configuration guides for Windows operating systems using natural language processing. In a second step, the extracted information is verified using the information of available settings stored in the Windows Administrative Template files, in which the majority of Windows configuration settings is defined. We show that our implementation of this approach can extract and implement 83% of the rules without any manual effort and 96% with minimal manual effort. Furthermore, we conduct a study with 12 state-of-the-art guides consisting of 2014 rules with automatic checks and show that our tooling can implement at least 97% of them correctly. We have thus significantly reduced the effort of securing systems based on existing security-configuration guides.

Published
2022
Full Text
View/download PDF

8. Automated Identification of Security-Relevant Configuration Settings Using NLP

Author

Stöckle, Patrick, Wasserer, Theresa, Grobauer, Bernd, and Pretschner, Alexander

Subjects
Computer Science - Cryptography and Security, Computer Science - Software Engineering
Abstract

To secure computer infrastructure, we need to configure all security-relevant settings. We need security experts to identify security-relevant settings, but this process is time-consuming and expensive. Our proposed solution uses state-of-the-art natural language processing to classify settings as security-relevant based on their description. Our evaluation shows that our trained classifiers do not perform well enough to replace the human security experts but can help them classify the settings. By publishing our labeled data sets and the code of our trained model, we want to help security experts analyze configuration settings and enable further research in this area., Comment: Peer-reviewed version accepted for publication in the Industry Showcase track at the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE '22), October 10--14, 2022, Rochester, MI, USA

Published
2022
Full Text
View/download PDF

9. Hardening with Scapolite: a DevOps-based Approach for Improved Authoring and Testing of Security-Configuration Guides in Large-Scale Organizations

Author

Stöckle, Patrick, Pruteanu, Ionut, Grobauer, Bernd, and Pretschner, Alexander

Subjects
Computer Science - Cryptography and Security, Computer Science - Software Engineering
Abstract

Security Hardening is the process of configuring IT systems to ensure the security of the systems' components and data they process or store. In many cases, so-called security-configuration guides are used as a basis for security hardening. These guides describe secure configuration settings for components such as operating systems and standard applications. Rigorous testing of security-configuration guides and automated mechanisms for their implementation and validation are necessary since erroneous implementations or checks of hardening guides may severely impact systems' security and functionality. At Siemens, centrally maintained security-configuration guides carry machine-readable information specifying both the implementation and validation of each required configuration step. The guides are maintained within git repositories; automated pipelines generate the artifacts for implementation and checking, e.g., PowerShell scripts for Windows, and carry out testing of these artifacts on AWS images. This paper describes our experiences with our DevOps-inspired approach for authoring, maintaining, and testing security-configuration guides. We want to share these experiences to help other organizations with their security hardening and, thus, increase their systems' security., Comment: We submitted this article as a full-length paper. Unfortunately, the CODASPY Program Committee decided that our paper can only be accepted in the tool track. Thus, the published version only consists of 6 pages

Published
2022
Full Text
View/download PDF

10. Increasing Employees' Willingness to Share: Introducing Appeal Strategies for People Analytics

Author

Zieglmeier, Valentin, Gierlich-Joas, Maren, and Pretschner, Alexander

Subjects
Computer Science - Human-Computer Interaction, Economics - General Economics
Abstract

Increasingly digital workplaces enable advanced people analytics (PA) that can improve work, but also implicate privacy risks for employees. These systems often depend on employees sharing their data voluntarily. Thus, to leverage the potential benefits of PA, companies have to manage employees' disclosure decision. In literature, we identify two main strategies: increase awareness or apply appeal strategies. While increased awareness may lead to more conservative data handling, appeal strategies can promote data sharing. Yet, to our knowledge, no systematic overview of appeal strategies for PA exists. Thus, we develop an initial taxonomy of strategies based on a systematic literature review and interviews with 18 experts. We describe strategies in the dimensions of values, benefits, and incentives. Thereby, we present concrete options to increase the appeal of PA for employees., Comment: Peer-reviewed version accepted for publication in the proceedings of the 13th International Conference on Software Business (ICSOB 2022)

Published
2022
Full Text
View/download PDF

11. PR-SZZ: How pull requests can support the tracing of defects in software repositories

Author

Bludau, Peter and Pretschner, Alexander

Subjects
Computer Science - Software Engineering
Abstract

The SZZ algorithm represents a standard way to identify bug fixing commits as well as inducing counterparts. It forms the basis for data sets used in numerous empirical studies. Since its creation, multiple extensions have been proposed to enhance its performance. For historical reasons, related work relies on commit messages to map bug tickets to possibly related code with no additional data used to trace inducing commits from these fixes. Therefore, we present an updated version of SZZ utilizing pull requests, which are widely adopted today. We evaluate our approach in comparison to existing SZZ variants by conducting experiments and analyzing the usage of pull requests, inner commits, and merge strategies. We base our results on 6 open-source projects with more than 50k commits and 35k pull requests. With respect to bug fixing commits, on average 18% of bug tickets can be additionally mapped to a fixing commit, resulting in an overall F-score of 0.75, an improvement of 40 percentage points. By selecting an inducing commit, we manage to reduce the false-positives and increase precision by on average 16 percentage points in comparison to existing approaches., Comment: 12 pages, 3 figures, accepted at 29th edition of the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER'22)

Published
2022
Full Text
View/download PDF

12. Empowered and Embedded: Ethics and Agile Processes

Author

Zuber, Niina, Kacianka, Severin, Gogoll, Jan, Pretschner, Alexander, and Nida-Rümelin, Julian

Subjects
Computer Science - Software Engineering, Computer Science - Computers and Society
Abstract

In this article we focus on the structural aspects of the development of ethical software, and argue that ethical considerations need to be embedded into the (agile) software development process. In fact, we claim that agile processes of software development lend themselves specifically well for this endeavour. First, we contend that ethical evaluations need to go beyond the use of software products and include an evaluation of the software itself. This implies that software engineers influence peoples' lives through the features of their designed products. Embedded values are thus approached best by software engineers themselves. Therefore, we put emphasis on the possibility to implement ethical deliberations in already existing and well established agile software development processes. Our approach relies on software engineers making their own judgments throughout the entire development process to ensure that technical features and ethical evaluation can be addressed adequately to transport and foster desirable values and norms. We argue that agile software development processes may help the implementation of ethical deliberation for five reasons: 1) agile methods are widely spread, 2) their emphasis on flat hierarchies promotes independent thinking, 3) their reliance on existing team structures serve as an incubator for deliberation, 4) agile development enhances object-focused techno-ethical realism, and, finally, 5) agile structures provide a salient endpoint to deliberation.

Published
2021

13. Trustworthy Transparency by Design

Author

Zieglmeier, Valentin and Pretschner, Alexander

Subjects
Computer Science - Software Engineering, Computer Science - Human-Computer Interaction
Abstract

Individuals lack oversight over systems that process their data. This can lead to discrimination and hidden biases that are hard to uncover. Recent data protection legislation tries to tackle these issues, but it is inadequate. It does not prevent data misusage while stifling sensible use cases for data. We think the conflict between data protection and increasingly data-based systems should be solved differently. When access to data is given, all usages should be made transparent to the data subjects. This enables their data sovereignty, allowing individuals to benefit from sensible data usage while addressing potentially harmful consequences of data misusage. We contribute to this with a technical concept and an empirical evaluation. First, we conceptualize a transparency framework for software design, incorporating research on user trust and experience. Second, we instantiate and empirically evaluate the framework in a focus group study over three months, centering on the user perspective. Our transparency framework enables developing software that incorporates transparency in its design. The evaluation shows that it satisfies usability and trustworthiness requirements. The provided transparency is experienced as beneficial and participants feel empowered by it. This shows that our framework enables Trustworthy Transparency by Design., Comment: Note: This paper has been significantly revised, with new studies and a more robust theoretical background. It differs substantially, though, so we keep this version online for reference. The revised paper is at arXiv:2305.09813

Published
2021

14. Designing Accountable Systems

Author

Kacianka, Severin and Pretschner, Alexander

Subjects
Computer Science - Software Engineering
Abstract

Accountability is an often called for property of technical systems. It is a requirement for algorithmic decision systems, autonomous cyber-physical systems, and for software systems in general. As a concept, accountability goes back to the early history of Liberalism and is suggested as a tool to limit the use of power. This long history has also given us many, often slightly differing, definitions of accountability. The problem that software developers now face is to understand what accountability means for their systems and how to reflect it in a system's design. To enable the rigorous study of accountability in a system, we need models that are suitable for capturing such a varied concept. In this paper, we present a method to express and compare different definitions of accountability using Structural Causal Models. We show how these models can be used to evaluate a system's design and present a small use case based on an autonomous car., Comment: accepted for publication at the ACM Conference on Fairness, Accountability, and Transparency (ACM FAccT) 2021

Published
2021
Full Text
View/download PDF

15. Ethics in the Software Development Process: From Codes of Conduct to Ethical Deliberation

Author

Gogoll, Jan, Zuber, Niina, Kacianka, Severin, Greger, Timo, Pretschner, Alexander, and Nida-Rümelin, Julian

Subjects
Computer Science - Software Engineering
Abstract

Software systems play an ever more important role in our lives and software engineers and their companies find themselves in a position where they are held responsible for ethical issues that may arise. In this paper, we try to disentangle ethical considerations that can be performed at the level of the software engineer from those that belong in the wider domain of business ethics. The handling of ethical problems that fall into the responsibility of the engineer have traditionally been addressed by the publication of Codes of Ethics and Conduct. We argue that these Codes are barely able to provide normative orientation in software development. The main contribution of this paper is, thus, to analyze the normative features of Codes of Ethics in software engineering and to explicate how their value-based approach might prevent their usefulness from a normative perspective. Codes of Conduct cannot replace ethical deliberation because they do not and cannot offer guidance because of their underdetermined nature. This lack of orientation, we argue, triggers reactive behavior such as "cherry-picking", "risk of indifference", "ex-post orientation" and the "desire to rely on gut feeling". In the light of this, we propose to implement ethical deliberation within software development teams as a way out.

Published
2020
Full Text
View/download PDF

16. Maat: Automatically Analyzing VirusTotal for Accurate Labeling and Effective Malware Detection

Author

Salem, Aleieldin, Banescu, Sebastian, and Pretschner, Alexander

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

The malware analysis and detection research community relies on the online platform VirusTotal to label Android apps based on the scan results of around 60 antiviral scanners. Unfortunately, there are no standards on how to best interpret the scan results acquired from VirusTotal, which leads to the utilization of different threshold-based labeling strategies (e.g., if ten or more scanners deem an app malicious, it is considered malicious). While some of the utilized thresholds may be able to accurately approximate the ground truths of apps, the fact that VirusTotal changes the set and versions of the scanners it uses makes such thresholds unsustainable over time. We implemented a method, Maat, that tackles these issues of standardization and sustainability by automatically generating a Machine Learning (ML)-based labeling scheme, which outperforms threshold-based labeling strategies. Using the VirusTotal scan reports of 53K Android apps that span one year, we evaluated the applicability of Maat's ML-based labeling strategies by comparing their performance against threshold-based strategies. We found that such ML-based strategies (a) can accurately and consistently label apps based on their VirusTotal scan reports, and (b) contribute to training ML-based detection methods that are more effective at classifying out-of-sample apps than their threshold-based counterparts.

Published
2020

17. From Checking to Inference: Actual Causality Computations as Optimization Problems

Author

Ibrahim, Amjad and Pretschner, Alexander

Subjects
Computer Science - Artificial Intelligence, Computer Science - Computers and Society, Computer Science - Data Structures and Algorithms
Abstract

Actual causality is increasingly well understood. Recent formal approaches, proposed by Halpern and Pearl, have made this concept mature enough to be amenable to automated reasoning. Actual causality is especially vital for building accountable, explainable systems. Among other reasons, causality reasoning is computationally hard due to the requirements of counterfactuality and the minimality of causes. Previous approaches presented either inefficient or restricted, and domain-specific, solutions to the problem of automating causality reasoning. In this paper, we present a novel approach to formulate different notions of causal reasoning, over binary acyclic models, as optimization problems, based on quantifiable notions within counterfactual computations. We contribute and compare two compact, non-trivial, and sound integer linear programming (ILP) and Maximum Satisfiability (MaxSAT) encodings to check causality. Given a candidate cause, both approaches identify what a minimal cause is. Also, we present an ILP encoding to infer causality without requiring a candidate cause. We show that both notions are efficiently automated. Using models with more than $8000$ variables, checking is computed in a matter of seconds, with MaxSAT outperforming ILP in many cases. In contrast, inference is computed in a matter of minutes., Comment: ATVA 2020 The 18th International Symposium on Automated Technology for Verification and Analysis

Published
2020
Full Text
View/download PDF

18. Expressing Accountability Patterns using Structural Causal Models

Author

Kacianka, Severin, Ibrahim, Amjad, and Pretschner, Alexander

Subjects
Computer Science - Software Engineering
Abstract

While the exact definition and implementation of accountability depend on the specific context, at its core accountability describes a mechanism that will make decisions transparent and often provides means to sanction "bad" decisions. As such, accountability is specifically relevant for Cyber-Physical Systems, such as robots or drones, that embed themselves into a human society, take decisions and might cause lasting harm. Without a notion of accountability, such systems could behave with impunity and would not fit into society. Despite its relevance, there is currently no agreement on its meaning and, more importantly, no way to express accountability properties for these systems. As a solution we propose to express the accountability properties of systems using Structural Causal Models. They can be represented as human-readable graphical models while also offering mathematical tools to analyze and reason over them. Our central contribution is to show how Structural Causal Models can be used to express and analyze the accountability properties of systems and that this approach allows us to identify accountability patterns. These accountability patterns can be catalogued and used to improve systems and their architectures.

Published
2020

19. On Scenario-Based Testing of Cyber-Physical Systems

Author

Pretschner, Alexander, Hauer, Florian, Schmidt, Tabea, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Haxthausen, Anne E., editor, Huang, Wen-ling, editor, and Roggenbach, Markus, editor

Published
2023
Full Text
View/download PDF

20. Extending Causal Models from Machines into Humans

Author

Kacianka, Severin, Ibrahim, Amjad, Pretschner, Alexander, Trende, Alexander, and Lüdtke, Andreas

Subjects
Computer Science - Artificial Intelligence
Abstract

Causal Models are increasingly suggested as a means to reason about the behavior of cyber-physical systems in socio-technical contexts. They allow us to analyze courses of events and reason about possible alternatives. Until now, however, such reasoning is confined to the technical domain and limited to single systems or at most groups of systems. The humans that are an integral part of any such socio-technical system are usually ignored or dealt with by "expert judgment". We show how a technical causal model can be extended with models of human behavior to cover the complexity and interplay between humans and technical systems. This integrated socio-technical causal model can then be used to reason not only about actions and decisions taken by the machine, but also about those taken by humans interacting with the system. In this paper we demonstrate the feasibility of merging causal models about machines with causal models about humans and illustrate the usefulness of this approach with a highly automated vehicle example., Comment: In Proceedings CREST 2019, arXiv:1910.13641

Published
2019
Full Text
View/download PDF

21. VirtSC: Combining Virtualization Obfuscation with Self-Checksumming

Author

Ahmadvand, Mohsen, Below, Daniel, Banescu, Sebastian, and Pretschner, Alexander

Subjects
Computer Science - Cryptography and Security
Abstract

Self-checksumming (SC) is a tamper-proofing technique that ensures certain program segments (code) in memory hash to known values at runtime. SC has few restrictions on application and hence can protect a vast majority of programs. The code verification in SC requires computation of the expected hashes after compilation, as the machine-code is not known before. This means the expected hash values need to be adjusted in the binary executable, hence combining SC with other protections is limited due to this adjustment step. However, obfuscation protections are often necessary, as SC protections can be otherwise easily detected and disabled via pattern matching. In this paper, we present a layered protection using virtualization obfuscation, yielding an architecture-agnostic SC protection that requires no post-compilation adjustment. We evaluate the performance of our scheme using a dataset of 25 real-world programs (MiBench and 3 CLI games). Our results show that the SC scheme induces an average overhead of 43% for a complete protection (100% coverage). The overhead is tolerable for less CPU-intensive programs (e.g. games) and when only parts of programs (e.g. license checking) are protected. However, large overheads stemming from the virtualization obfuscation were encountered.

Published
2019
Full Text
View/download PDF

22. Efficiently Checking Actual Causality with SAT Solving

Author

Ibrahim, Amjad, Rehwald, Simon, and Pretschner, Alexander

Subjects
Computer Science - Artificial Intelligence, Computer Science - Computers and Society, Computer Science - Data Structures and Algorithms
Abstract

Recent formal approaches towards causality have made the concept ready for incorporation into the technical world. However, causality reasoning is computationally hard; and no general algorithmic approach exists that efficiently infers the causes for effects. Thus, checking causality in the context of complex, multi-agent, and distributed socio-technical systems is a significant challenge. Therefore, we conceptualize an intelligent and novel algorithmic approach towards checking causality in acyclic causal models with binary variables, utilizing the optimization power in the solvers of the Boolean Satisfiability Problem (SAT). We present two SAT encodings, and an empirical evaluation of their efficiency and scalability. We show that causality is computed efficiently in less than 5 seconds for models that consist of more than 4000 variables., Comment: 18 pages, In: Dependable Software Systems Engineering, p. to appear (2019)

Published
2019

23. Don't Pick the Cherry: An Evaluation Methodology for Android Malware Detection Methods

Author

Salem, Aleieldin, Banescu, Sebastian, and Pretschner, Alexander

Subjects
Computer Science - Cryptography and Security
Abstract

In evaluating detection methods, the malware research community relies on scan results obtained from online platforms such as VirusTotal. Nevertheless, given the lack of standards on how to interpret the obtained data to label apps, researchers hinge on their intuitions and adopt different labeling schemes. The dynamicity of VirusTotal's results along with adoption of different labeling schemes significantly affect the accuracies achieved by any given detection method even on the same dataset, which gives subjective views on the method's performance and hinders the comparison of different malware detection techniques. In this paper, we demonstrate the effect of varying (1) time, (2) labeling schemes, and (3) attack scenarios on the performance of an ensemble of Android repackaged malware detection methods, called dejavu, using over 30,000 real-world Android apps. Our results vividly show the impact of varying the aforementioned 3 dimensions on dejavu's performance. With such results, we encourage the adoption of a standard methodology that takes into account those 3 dimensions in evaluating newly-devised methods to detect Android (repackaged) malware.

Published
2019

24. Compositional Fuzzing Aided by Targeted Symbolic Execution

Author

Ognawala, Saahil, Kilger, Fabian, and Pretschner, Alexander

Subjects
Computer Science - Software Engineering
Abstract

Guided fuzzing has, in recent years, been able to uncover many new vulnerabilities in real-world software due to its fast input mutation strategies guided by path-coverage. However, most fuzzers are unable to achieve high coverage in deeper parts of programs. Moreover, fuzzers heavily rely on the diversity of the seed inputs, often manually provided, to be able to produce meaningful results. In this paper, we present Wildfire, a novel open-source compositional fuzzing framework. Wildfire finds vulnerabilities by fuzzing isolated functions in a C-program and, then, using targeted symbolic execution it determines the feasibility of exploitation for these vulnerabilities. Based on our evaluation of 23 open-source programs (nearly 1 million LOC), we show that Wildfire, as a result of the increased coverage, finds more true-positives than baseline symbolic execution and fuzzing tools, as well as state-of-the-art coverage-guided tools, in only 10% of the analysis time taken by them. Additionally, Wildfire finds many other potential vulnerabilities whose feasibility can be determined compositionally to confirm if they are false-positives. Wildfire could also reproduce all of the known vulnerabilities and found several previously-unknown vulnerabilities in three open-source libraries., Comment: Author's preprint

Published
2019

26. Data-Driven Assessment of Parameterized Scenarios for Autonomous Vehicles

Author

Kolb, Nicola, Hauer, Florian, Golagha, Mojdeh, Pretschner, Alexander, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Trapp, Mario, editor, Saglietti, Francesca, editor, Spisländer, Marc, editor, and Bitsch, Friedemann, editor

Published
2022
Full Text
View/download PDF

27. Exploring a Maximal Number of Relevant Obstacles for Testing UAVs

Author

Schmidt, Tabea, Hauer, Florian, Pretschner, Alexander, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Trapp, Mario, editor, Saglietti, Francesca, editor, Spisländer, Marc, editor, and Bitsch, Friedemann, editor

Published
2022
Full Text
View/download PDF

28. A Preliminary Study on Using Text- and Image-Based Machine Learning to Predict Software Maintainability

Author

Schnappinger, Markus, Zachau, Simon, Fietzke, Arnaud, Pretschner, Alexander, van der Aalst, Wil, Series Editor, Mylopoulos, John, Series Editor, Ram, Sudha, Series Editor, Rosemann, Michael, Series Editor, Szyperski, Clemens, Series Editor, Mendez, Daniel, editor, Wimmer, Manuel, editor, Winkler, Dietmar, editor, Biffl, Stefan, editor, and Bergsmann, Johannes, editor

Published
2022
Full Text
View/download PDF

29. A Real-Time Remote IDS Testbed for Connected Vehicles

Author

Zieglmeier, Valentin, Kacianka, Severin, Hutzelmann, Thomas, and Pretschner, Alexander

Subjects
Computer Science - Cryptography and Security, Computer Science - Software Engineering
Abstract

Connected vehicles are becoming commonplace. A constant connection between vehicles and a central server enables new features and services. This added connectivity raises the likelihood of exposure to attackers and risks unauthorized access. A possible countermeasure to this issue are intrusion detection systems (IDS), which aim at detecting these intrusions during or after their occurrence. The problem with IDS is the large variety of possible approaches with no sensible option for comparing them. Our contribution to this problem comprises the conceptualization and implementation of a testbed for an automotive real-world scenario. That amounts to a server-side IDS detecting intrusions into vehicles remotely. To verify the validity of our approach, we evaluate the testbed from multiple perspectives, including its fitness for purpose and the quality of the data it generates. Our evaluation shows that the testbed makes the effective assessment of various IDS possible. It solves multiple problems of existing approaches, including class imbalance. Additionally, it enables reproducibility and generating data of varying detection difficulties. This allows for comprehensive evaluation of real-time, remote IDS., Comment: Peer-reviewed version accepted for publication in the proceedings of the 34th ACM/SIGAPP Symposium On Applied Computing (SAC'19)

Published
2018
Full Text
View/download PDF

30. Understanding and Formalizing Accountability for Cyber-Physical Systems

Author

Kacianka, Severin and Pretschner, Alexander

Subjects
Computer Science - Software Engineering
Abstract

Accountability is the property of a system that enables the uncovering of causes for events and helps understand who or what is responsible for these events. Definitions and interpretations of accountability differ; however, they are typically expressed in natural language that obscures design decisions and the impact on the overall system. This paper presents a formal model to express the accountability properties of cyber-physical systems. To illustrate the usefulness of our approach, we demonstrate how three different interpretations of accountability can be expressed using the proposed model and describe the implementation implications through a case study. This formal model can be used to highlight context specific-elements of accountability mechanisms, define their capabilities, and express different notions of accountability. In addition, it makes design decisions explicit and facilitates discussion, analysis and comparison of different approaches., Comment: Accepted at the IEEE Conference for Systems, Men and Cybernetics. Copyright 2018 IEEE

Published
2018

31. Model-Based Safety and Security Engineering

Author

Nigam, Vivek, Pretschner, Alexander, and Ruess, Harald

Subjects
Computer Science - Logic in Computer Science, Computer Science - Software Engineering
Abstract

By exploiting the increasing surface attack of systems, cyber-attacks can cause catastrophic events, such as, remotely disable safety mechanisms. This means that in order to avoid hazards, safety and security need to be integrated, exchanging information, such as, key hazards/threats, risk evaluations, mechanisms used. This white paper describes some steps towards this integration by using models. We start by identifying some key technical challenges. Then we demonstrate how models, such as Goal Structured Notation (GSN) for safety and Attack Defense Trees (ADT) for security, can address these challenges. In particular, (1) we demonstrate how to extract in an automated fashion security relevant information from safety assessments by translating GSN-Models into ADTs; (2) We show how security results can impact the confidence of safety assessments; (3) We propose a collaborative development process where safety and security assessments are built by incrementally taking into account safety and security analysis; (4) We describe how to carry out trade-off analysis in an automated fashion, such as identifying when safety and security arguments contradict each other and how to solve such contradictions. We conclude pointing out that these are the first steps towards a wide range of techniques to support Safety and Security Engineering. As a white paper, we avoid being too technical, preferring to illustrate features by using examples and thus being more accessible., Comment: White paper on Safety and Security Engineering using Models

Published
2018

32. Automatically Assessing Vulnerabilities Discovered by Compositional Analysis

Author

Ognawala, Saahil, Amato, Ricardo Nales, Pretschner, Alexander, and Kulkarni, Pooja

Subjects
Computer Science - Software Engineering
Abstract

Testing is the most widely employed method to find vulnerabilities in real-world software programs. Compositional analysis, based on symbolic execution, is an automated testing method to find vulnerabilities in medium- to large-scale programs consisting of many interacting components. However, existing compositional analysis frameworks do not assess the severity of reported vulnerabilities. In this paper, we present a framework to analyze vulnerabilities discovered by an existing compositional analysis tool and assign CVSS3 (Common Vulnerability Scoring System v3.0) scores to them, based on various heuristics such as interaction with related components, ease of reachability, complexity of design and likelihood of accepting unsanitized input. By analyzing vulnerabilities reported with CVSS3 scores in the past, we train simple machine learning models. By presenting our interactive framework to developers of popular open-source software and other security experts, we gather feedback on our trained models and further improve the features to increase the accuracy of our predictions. By providing qualitative (based on community feedback) and quantitative (based on prediction accuracy) evidence from 21 open-source programs, we show that our severity prediction framework can effectively assist developers with assessing vulnerabilities., Comment: To appear in the proceedings of the First International Workshop on Machine Learning and Software Engineering in Symbiosis (MASES'18), co-located with IEEE/ACM International Conference on Automated Software Engineering

Published
2018

33. Reviewing KLEE's Sonar-Search Strategy in Context of Greybox Fuzzing

Author

Ognawala, Saahil, Pretschner, Alexander, Hutzelmann, Thomas, Psallida, Eirini, and Amato, Ricardo Nales

Subjects
Computer Science - Software Engineering
Abstract

Automatic test-case generation techniques of symbolic execution and fuzzing are the most widely used methods to discover vulnerabilities in, both, academia and industry. However, both these methods suffer from fundamental drawbacks that stop them from achieving high path coverage that may, consequently, lead to discovering vulnerabilities at the numerical scale of static analysis. In this presentation, we examine systems-under-test (SUTs) at the granularity level of functions and postulate that achieving higher function coverage (execution of functions in a program at least once) than, both, symbolic execution and fuzzing may be a necessary condition for discovering more vulnerabilities than both. We will start this presentation with the design of a targeted search strategy for KLEE, sonar-search, that prioritizes paths leading to a target function, rather than maximizing overall path coverage in the program. Then, we will show that examining SUTs at the level of functions (compositional analysis) leads to discovering more vulnerabilities than symbolic execution from a single entry point. Using this finding, we will, then, demonstrate a greybox fuzzing method that can achieve higher function coverage than symbolic execution. Finally, we will present a framework to effectively manage vulnerabilities and assess their severities., Comment: To be presented at KLEE Workshop 2018, London

Published
2018

34. Integrating System and Process Characteristics into Regression Test Optimization

Author

Pretschner, Alexander (Prof. Dr.), Pretschner, Alexander (Prof. Dr.);Marinov, Darko (Prof., Ph.D.);Le Traon, Yves (Prof. Dr.), Elsner, Daniel Valentin, Pretschner, Alexander (Prof. Dr.), Pretschner, Alexander (Prof. Dr.);Marinov, Darko (Prof., Ph.D.);Le Traon, Yves (Prof. Dr.), and Elsner, Daniel Valentin

Abstract

Regression testing ensures that software changes do not break existing system behavior. However, executing every test for each change is often very costly. To improve cost-effectiveness, this dissertation develops several regression test optimization techniques that, in contrast to traditional techniques, integrate particularly challenging system and process characteristics. The presented techniques reduce regression testing effort and feedback time while still reliably detecting bugs., Regressionstests stellen sicher, dass Softwareänderungen nicht unbeabsichtigt Fehler in ein System einführen, sind aber oft kostenintensiv. Um die Kosteneffektivität zu verbessern, werden in dieser Doktorarbeit verschiedene Optimierungstechniken entwickelt. Diese berücksichtigen im Vergleich zu herkömmlichen Techniken besonders herausfordernde System- und Prozessmerkmale. Dabei reduzieren die entwickelten Techniken sowohl Test-Aufwand als auch Feedbackzeit bei zuverlässiger Fehlererkennung.

Published
2024

36. Improving Function Coverage with Munch: A Hybrid Fuzzing and Directed Symbolic Execution Approach

Author

Ognawala, Saahil, Hutzelmann, Thomas, Psallida, Eirini, and Pretschner, Alexander

Subjects
Computer Science - Software Engineering
Abstract

Fuzzing and symbolic execution are popular techniques for finding vulnerabilities and generating test-cases for programs. Fuzzing, a blackbox method that mutates seed input values, is generally incapable of generating diverse inputs that exercise all paths in the program. Due to the path-explosion problem and dependence on SMT solvers, symbolic execution may also not achieve high path coverage. A hybrid technique involving fuzzing and symbolic execution may achieve better function coverage than fuzzing or symbolic execution alone. In this paper, we present Munch, an open source framework implementing two hybrid techniques based on fuzzing and symbolic execution. We empirically show using nine large open-source programs that overall, Munch achieves higher (in-depth) function coverage than symbolic execution or fuzzing alone. Using metrics based on total analyses time and number of queries issued to the SMT solver, we also show that Munch is more efficient at achieving better function coverage., Comment: To appear at 33rd ACM/SIGAPP Symposium On Applied Computing (SAC). To be held from 9th to 13th April, 2018

Published
2017
Full Text
View/download PDF

37. ACCBench: A Framework for Comparing Causality Algorithms

Author

Rehwald, Simon, Ibrahim, Amjad, Beckers, Kristian, and Pretschner, Alexander

Subjects
Computer Science - Artificial Intelligence, Computer Science - Performance, Computer Science - Software Engineering
Abstract

Modern socio-technical systems are increasingly complex. A fundamental problem is that the borders of such systems are often not well-defined a-priori, which among other problems can lead to unwanted behavior during runtime. Ideally, unwanted behavior should be prevented. If this is not possible the system shall at least be able to help determine potential cause(s) a-posterori, identify responsible parties and make them accountable for their behavior. Recently, several algorithms addressing these concepts have been proposed. However, the applicability of the corresponding approaches, specifically their effectiveness and performance, is mostly unknown. Therefore, in this paper, we propose ACCBench, a benchmark tool that allows to compare and evaluate causality algorithms under a consistent setting. Furthermore, we contribute an implementation of the two causality algorithms by G\"o{\ss}ler and Metayer and G\"o{\ss}ler and Astefanoaei as well as of a policy compliance approach based on some concepts of Main et al. Lastly, we conduct a case study of an Intelligent Door Control System, which exposes concrete strengths and weaknesses of all algorithms under different aspects. In the course of this, we show that the effectiveness of the algorithms in terms of cause detection as well as their performance differ to some extent. In addition, our analysis reports on some qualitative aspects that should be considered when evaluating each algorithm. For example, the human effort needed to configure the algorithm and model the use case is analyzed., Comment: In Proceedings CREST 2017, arXiv:1710.02770

Published
2017
Full Text
View/download PDF

39. A Causal Model of Intersection-Related Collisions for Drivers With and Without Visual Field Loss

Author

Biebl, Bianca, Kacianka, Severin, Unni, Anirudh, Trende, Alexander, Rieger, Jochem W., Lüdtke, Andreas, Pretschner, Alexander, Bengler, Klaus, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Stephanidis, Constantine, editor, Duffy, Vincent G., editor, Krömker, Heidi, editor, Fui-Hoon Nah, Fiona, editor, Siau, Keng, editor, Salvendy, Gavriel, editor, and Wei, June, editor

Published
2021
Full Text
View/download PDF

40. One evaluation of model-based testing and its automation

Author

Pretschner, Alexander, Prenninger, Wolfgang, Wagner, Stefan, Kjanel, Christian, Baumgartner, Martin, Sostawa, Bernd, Zölch, Rüdiger, and Stauner, Thomas

Subjects
Computer Science - Software Engineering, D.2.5, D.2.2
Abstract

Model-based testing relies on behavior models for the generation of model traces: input and expected output---test cases---for an implementation. We use the case study of an automotive network controller to assess different test suites in terms of error detection, model coverage, and implementation coverage. Some of these suites were generated automatically with and without models, purely at random, and with dedicated functional test selection criteria. Other suites were derived manually, with and without the model at hand. Both automatically and manually derived model-based test suites detected significantly more requirements errors than hand-crafted test suites that were directly derived from the requirements. The number of detected programming errors did not depend on the use of models. Automatically generated model-based test suites detected as many errors as hand-crafted model-based suites with the same number of tests. A sixfold increase in the number of model-based tests led to an 11% increase in detected errors., Comment: 10 pages, 8 figures

Published
2017
Full Text
View/download PDF

41. Towards a Unified Model of Accountability Infrastructures

Author

Kacianka, Severin, Kelbert, Florian, and Pretschner, Alexander

Subjects
Computer Science - Computers and Society, Computer Science - Software Engineering
Abstract

Accountability aims to provide explanations for why unwanted situations occurred, thus providing means to assign responsibility and liability. As such, accountability has slightly different meanings across the sciences. In computer science, our focus is on providing explanations for technical systems, in particular if they interact with their physical environment using sensors and actuators and may do serious harm. Accountability is relevant when considering safety, security and privacy properties and we realize that all these incarnations are facets of the same core idea. Hence, in this paper we motivate and propose a model for accountability infrastructures that is expressive enough to capture all of these domains. At its core, this model leverages formal causality models from the literature in order to provide a solid reasoning framework. We show how this model can be instantiated for several real-world use cases., Comment: In Proceedings CREST 2016, arXiv:1608.07398

Published
2016
Full Text
View/download PDF

47. How to Conduct Experiments with a Real Car? Experiences and Practical Guidelines

Author

Hutzelmann, Thomas, Mauksch, Dominik, Pretschner, Alexander, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Muccini, Henry, editor, Avgeriou, Paris, editor, Buhnova, Barbora, editor, Camara, Javier, editor, Caporuscio, Mauro, editor, Franzago, Mirco, editor, Koziolek, Anne, editor, Scandurra, Patrizia, editor, Trubiani, Catia, editor, Weyns, Danny, editor, and Zdun, Uwe, editor

Published
2020
Full Text
View/download PDF

48. Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks

Author

Ibrahim, Amjad, Rehwald, Simon, Scemama, Antoine, Andres, Florian, Pretschner, Alexander, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Eades III, Harley, editor, and Gadyatskaya, Olga, editor

Published
2020
Full Text
View/download PDF

49. Automated Anomaly Detection in CPS Log Files : A Time Series Clustering Approach

Author

Schmidt, Tabea, Hauer, Florian, Pretschner, Alexander, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Casimiro, António, editor, Ortmeier, Frank, editor, Bitsch, Friedemann, editor, and Ferreira, Pedro, editor

Published
2020
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results