annual report - QE Research Group

Transcription

annual report - QE Research Group
Annual Report
2014/15
Quality Engineering Laura Bassi Lab
Prof. Dr. Ruth Breu
Head of Quality Engineering
Laura Bassi Lab,
University of Innsbruck
QE LaB operates with the ambition to create novel methods and tools with both scientific
and practical impact. A crucial success factor to achieve this goal is the creation of
dedicated environments in both directions. On the scientific side, a backbone within the
development of tool prototypes is the embedding into an evaluation framework. In the
best case the evaluation framework consists of a method toolbox and a network of domain
experts enabling scientifically profound derivation and evaluation of requirements. On the
technology transfer side, a crucial point is the transition from research prototypes to products
targeted for industrial use. This may lead both to feature extensions (features which are
not interesting from the research point of view, but indispensable from the practical point
of view), and feature reduction (features which are exciting for researchers, but outside
scope to be implemented within a certain budget and reaching a certain quality state).
Within the second phase of QE LaB we made enormous progress in establishing such
environments. For instance, we developed a scientific method to evaluate collaborative
tools based on the principles of Design Science. This comprises the elicitation of
collaborative work scenarios and evaluation sessions with domain experts.
In the past project year we have not only been able to publish a high number
of papers (among them eight journal publications), but also have been involved
in manifold events and activities according to our mission. Most notably, we
organized the GChACM Workshop Software Engineering Live 2015, QE LaB
Praxisforum, and ran the first year of the Quality and Security Program (QSP)
Tirol, fostering the interconnection of research, practice and education.
As every year, I would like to express my deep gratitude to our supportive
environment, in particular the Rector´s team of the University of Innsbruck. My
warmest thanks go to the members of the QE and QE LaB team for your dedication,
excellence and team spirit. I particularly would like to thank you for your
professionalism in preparing and presenting demos of our methods and tools.
Innsbruck, November 2015
4
Te am
I n d u st r y Par t n er s
Re searc h
Di s s e m i n at i o n a n d P u blic Presen ce
Te ac h in g
E ven t s
Q E L a B B u s i n e s s Service s GmbH
Non -Sc i e n t i f i c Med i a a n d Pr es s Repo r t s
Qu a l i t y E n g i n eer i n g Researc h Gr oup
6
13
14
30
32
36
39
40
42
Ta b l e of CO NT ENT
5
Team
6
Univ. Prof. Dr. Ruth Breu
Ruth Breu can draw upon several years of practical experience
in software engineering as a consultant for softwaretechnology
as well as comprehensive scientific qualifications.
She has been a full professor and head of the Quality Engineering
research group at the Innsbruck University since 2002 and
was an instrumental force in establishing the University‘s
Institute of Computer Science. Previous to accepting the
chair at Innsbruck University, Ruth Breu was working as a
freelance consultant for renowned companies in the financial
services and telecommunications industry, for several
years. She passed her degrees in Computer Science at the
Universities of Passau and Technische Universität München.
Her research interests include the areas of software
engineering processes, requirements engineering, quality
management, model engineering and security engineering.
Contact: ruth.breu@uibk.ac.at
7
Senior researchers
8
Dr. Michael Felderer
Dr. Matthias Farwick
Dr. Basel Katt
Dr. Thomas Trojer
michael.felderer@uibk.ac.at
matthias.farwick@uibk.ac.at
basel.katt@uibk.ac.at
thomas.trojer@uibk.ac.at
Expertise:
Expertise:
Expertise:
Expertise:
»»
»»
»»
»»
»»
»» Enterprise Architecture Management
»» IT-Architecture Management
»» Domain-specific Languages
»»
»»
»»
»»
»»
»»
»»
»»
Software Testing
Software Processes
Security Testing
Requirements Engineering
Empirical Software Engineering
Information Security
Electronic Healthcare
Software Quality Management
Model Driven Software Development
Security Engineering
Electronic Healthcare
Model Engineering
IT-Architecture Management
Junior researchers
Michael Brunner, MSc
Boban Celebic, MSc
Matthias Gander,
Dipl.-Ing.
Florian Häser, MSc
michael.brunner@uibk.ac.at
boban.celebic@uibk.ac.at
matthias.gander@uibk.ac.at
florian.haeser@uibk.ac.at
Expertise:
Expertise:
Expertise:
Expertise:
»» Security Management
»» Requirements Engineering
»» Software Development
»» Software Visualisation
»» Requirements Engineering
»» Software Traceability
»» Security Engineering
»» Requirements Engineering
»» Software Engineering
»» Requirements Engineering
»» Testing
»» Model Engineering
9
10
Martin Häusler, MSc
Philipp Kalb, MSc
Clemens Sauerwein,
Dipl.-Ing.
Mag. iur. Christian
Sillaber, MSc MSc
martin.haeusler@uibk.ac.at
philipp.kalb@uibk.ac.at
clemens.sauerwein@uibk.ac.at
christian.sillaber@uibk.ac.at
Expertise:
Expertise:
Expertise:
Expertise:
»» Model Engineering
»» IT Infrastructure Management
»» Software Engineering
and Software Testing
»»
»»
»»
»»
»» Information Security
»» Software Engineering
»» Information Systems
»» Governance Risk and
Compliance Management
»» Information Systems Security
»» Quality Assurance in IS Security
Model Engineering
Model Repositories
Model Evolution
Software Quality Management
Non-Scientific Staff
Andrea Jungmann
Mag. Boris Puschitz
Thomas Schrettl
Gabriele Strasser
Ilona Zaremba, MBS
andrea.jungmann@uibk.ac.at
boris.puschitz@uibk.ac.at
thomas.schrettl@uibk.ac.at
gabriele.strasser@uibk.ac.at
ilona.zaremba@uibk.ac.at
Secretary
Project Management
System Administration
Event Management
Project Management
Florian Auer
Matthias Hörtnagl
Alexandra Jäger
florian.auer@uibk.ac.at
matthias.hoertnagl@uibk.ac.at
alexandra.jaeger@uibk.ac.at
Working Students
11
12
industry Partners
http://www.av-comparatives.org
http://www.ith-icoserve.com
http://www.infineon.de
http://porscheinformatik.at
http://www.swisslife.de
13
Research
One of the most important drivers of innovation in IT is the
collaboration of actors and systems across domains and platforms.
Arising scenarios e.g. in health care and transportation demonstrate
that the new generation of collaborative IT applications has the
potential to restructure markets, create new business models
and to organise human collaboration more efficiently.
In recent years many international activities in industry and academia
have focused on the development of standards, technologies and
frameworks for realising inter-organisational applications. Only a
minority of approaches so far consider the quality of these systems. This
contrasts with tremendous challenges concerning the management,
design and operation of these systems. On the one side collaborative
systems are agile, dynamically evolving systems, on the other side
quality attributes like functional correctness, security and privacy of
processed information play a major role during management, design and
operation. In this context the goal of QE LaB is to develop well-founded
concepts, methods and tools for the management, design and operation
of high quality collaborative systems. QE LaB has achieved an important
step of innovation through the novel paradigm of Living Models.
14
Living Models
In the Living Models sub-project we develop foundations and concepts
for model-based collaborative quality management. On the one hand we
drive forward the establishment of Quality Engineering as the discipline
of end-to-end quality management of software intensive systems. On the
other hand we develop innovative infrastructures for very large models,
»»
»»
»»
»»
integrating model-based data in heterogeneous environments
providing concepts for model versioning
supporting workflow-aware model elements
providing new concepts for model querying and model visualization.
With MoVE, the Model Versioning and Evolution Engine, we have conceptualized
and implemented a model repository referring not only the challenge of
software engineering data integration stemming from manifold sources,
but also the collaboration aspects. MoVE provides methods to achieve
traceability in heterogeneous environments by applying the concepts of metamodelling and interlinkage. In addition, MoVE is able to support change-driven
engineering through a built-in state-based workflow concept. The MoVE
workflow language is able to control different levels of quality processes,
including automated and manual task execution and orchestration.
Contact: Philipp Kalb, MSc (philipp.kalb@uibk.ac.at)
http://move.q-e.at
15
Txture
In the Living IT Landscapes work package (WP2) we develop methods to
establish knowledge about the IT architectures in large organizations.
This involves the flexible modeling of information about various aspects
of the organizations‘ IT, e.g. about characteristics of an underlying server
infrastructure, the way it supports software and business functions as well as
dependencies to services, processes, external components and also people.
Grouping these information assets within one unified, enterprise specific model
enables types of analysis that are beneficial to the long term success of an
IT landscape. Typical types of analysis elicit the degree of impact in case of
hardware failures, risks by evaluating critical dependencies, the implementation
of security requirements or mismatches between service level agreements.
Central to the analysis of an IT landscape model is its visualization to users in
order to make use of the documentation. In our research we evaluate different
types of visualizations, like graphs, treemaps, tables or textual ones. Using
the right degree of abstraction and simplification of visualized IT knowledge
is paramount to its comprehensibility, but challenging to implement.
Also, the right methods need to be selected to document specific parts of
an IT landscape. In our research we analyse manual documentation via text
based and form based editors as well as automated imports from existing
data sources, like Configuration Management Databases (CMDB) and network
monitors. Thus we target the support for both business oriented and more
technology oriented stakeholders as well as leverage already documented data.
All of our research work is reflected by Txture, a flexible metamodeling and IT landscape documentation framework.
Contact: Dr. Matthias Farwick (matthias.farwick@uibk.ac.at)
Dr. Thomas Trojer (thomas.trojer@uibk.ac.at)
Martin Häusler, MSc (martin.haeusler@uibk.ac.at)
16
www.txture.tools
risk-Based testing
Risk-based testing utilizes risk information in all phases of the test process
and has a high potential to improve established test processes. In this area,
we developed and empirically evaluated the following methodologies to
support the introduction, optimization and validation of risk-based testing:
»
a taxonomy of risk-based testing aligned with the phases of the test process
providing a framework to understand, categorize, assess, and compare
approaches to support their selection and tailoring for specific purposes
»
a methodology to step-wise introduction of riskbased testing in existing test processes
»
a multiple case study on risk-based testing in industry to describe and analyse
the actual state of risk-based testing for application in other organizations
»
a customized risk assessment approach for our project
partner Swiss Life enabling risk-based testing
»
analysis of risk-based testing in the context of
small and medium-sized enterprises
Contact: Dr. Michael Felderer (michael.felderer@uibk.ac.at)
17
requirements speed reviews
Together with our project partner Porsche Informatik we created,
implemented and evaluated a novel requirements review method called
Speed Reviews based on the idea of speed dating. In Speed Reviews a
peer-review under specific constraints and limited by a time factor is
performed by pairs of persons, i.e., product owners in the context of
Porsche Informatik, which rotate and provide each other with feedback
on specific requirements. In a case study we found that Speed Reviews
18
»
can be performed with reasonable effort
»
lead to more structured, understandable and readable requirements
Contact: Dr. Michael Felderer (michael.felderer@uibk.ac.at)
aDamant - Efficient it
security and Compliance
ADAMANT is an open source tool for the efficient management of security and
compliance requirements. It empowers organizations to utilize a continuous
approach to ensure compliance with security standards and best practices.
ADAMANT was developed as part of the EU-project PoSecCo together with
industry-leading partners such as IBM, SAP, Deloitte, Atos and Thales to ensure
compliance with heterogeneous high-level security requirements within
complex and evolving IT landscapes and is further developed within QE LaB.
ADAMANT integrates various data sources for enterprise and IT architecture
models to keep the resulting security model in accordance with the actual
enterprise. Additionally, by means of customizable rulesets, ADAMANT
automatically adopts changes detected within the connected models
and ensures security requirements are always up-to-date. Multiple ways
to automatically monitor the fulfilment of security requirements enable
real-time compliance reports for auditors and guarantee timely reaction
in case of non-compliance. By means of a continuous and collaborative
approach ADAMANT integrates key stakeholders from different domains
and even from different organizations to ensure that all knowledgeable
stakeholders are kept in the loop and participate in IT security management
activities. Arbitrary security standards are supported by a powerful
template engine that allows enterprises to use custom templates or
predefined industry standards (e.g., BSI IT Baseline Protection Catalogue)
as foundation for their own security requirement definitions.
Contact: Michael Brunner, MSc (michael.brunner@uibk.ac.at)
Mag. iur. Christian Sillaber, MSc MSc (christian.sillaber@uibk.ac.at)
http://adamant.q-e.at
19
Crowdsourcing the Malware Threat
In recent years, distribution of malware has switched from classical channels,
such as e-mail, vulnerable services, or macros in software, to a new channel,
websites. This is not quite surprising as e-mail clients were improved, macros
in software mostly deactivated and nowadays all computers and routers
are outfitted at least with a basic firewall, shielding vulnerable services.
One major entry point left out- that severely reduces a user’s security - is
the browser. Browsers have become the central application for any kind of
computation, games, office work, money transactions, and of course social
interaction (e.g., Facebook). Therefore, it is essential to increase the security
awareness of users and in the long term extrapolate guidelines to decrease
risk of malware infections. Unfortunately detecting malware samples by
hand (i.e. keyword-based searches on search engines) is monkish labour.
In the collaboration with our partner AV-Comparatives we are tackling this issue
by treading new steps in the area of crowdsourcing-based security engineering.
Our approach harvests so called crowd intelligence in the area of web-based
malware to derive several beneficial results, i.e. get first-hand malware statistics,
derive risk-profiles in form of probability models, increase security awareness of
individual users, and, hence in the long term extrapolate guidelines to decrease
risk of malware infections. To facilitate this endeavour we developed a lightweight monitoring tool, dubbed Croft, which gathers freely given data from
heterogeneous user groups in a crowdsourcing fashion. As seen in Figure 1 the
whole process is structured in four major steps, collection of data on client side,
storing of data on the cloud, false-positive reduction, and statistical analysis.
In step 1, after an alert on the client has been detected data is transmitted
to the backend. In step 2 and 3 data is transmitted to the cloud-based
backend to filterer out false-positives. Lastly step 4 classifies users on
data they provided and for each such group (and employed AV scanner)
statistics are created. This leads to, malware statistics (e.g. origin thereof),
antivirus test statistics (e.g. speed and reliability), and user-based risk
assessment models (i.e. probability of a user to encounter malware).
20
Contact: Matthias Gander, Dipl.-Ing. (matthias.gander@uibk.ac.at)
Clemens Sauerwein, Dipl.-Ing. (clemens.sauerwein@uibk.ac.at)
associated Project:
Product Data Quality
GS1 Sync
Artikeldaten
einfach und effizient
austauschen
Nützen Sie
GS1 Sync für
Ihr Unternehmen!
This project is conducted in the context of the product database GS1
sync, a novel product knowledge base for standardized food product data
hosted by GS1 Austria. This knowledge base is driven by the EU-regulation
1169/2011 and will provide a valuable source of information for producers
and consumers. It is evident that the quality of the product data is of crucial
importance. GS1 Austria has already established an extensive collaborative
quality assurance process. The goal of our collaboration is to enhance the
degree of automation within this quality assurance process. As a first step
we have defined a product classification and an automated process that
maps the products to the classification according to the product‘s data. A
clustering of products into groups helps greatly to improve data quality
enabling product classification-specific checks and comparisons. Building
on this classification, we have defined rules to detect missing or incorrect
data. These rules have been implemented as a software service, which is
currently used by GS1 supporting their quality assurance process. As a next
step we plan to integrate our prototype tighter with GS1‘s workflow as well as
further improve and expand the defined rules, building on GS1‘s feedback.
Contact: Alexandra Jäger (alexandra.jaeger@uibk.ac.at)
GS1 Sync Booklet
21
Publications
Scientific Journals and Book Chapters
Habilitation
»» Felderer, M. et al. (2014) Evolution of Security Engineering
Artifacts: A State of the Art Survey. International Journal on
Secure Software Engineering, 5(4), pp. 48-97, IGI Global
Dr. Michael Felderer completed his habilitation with a colloquium
on “Risk-Based Decision Support for Improving RequirementsBased Testing in Industry” on November 3rd, 2015.
»» Felderer, M. and Ramler, R. (2015) Risk orientation in software testing
processes of small and medium enterprises: an exploratory and
comparative study. Software Quality Journal, pp. 1-30, Springer
»» Felderer, M. and Zech, P. and Breu, R. and Büchler, M. and
Pretschner, A. (2015) Model-Based Security Testing:
Taxonomy and Systematic Classification. Journal of Software:
Testing, Verification and Reliability, 25 (4), Wiley
»» Felderer, M. and Fourneret, E. (2015) A systematic classification of
security regression testing approaches. International Journal on
Software Tools for Technology Transfer, 17(3), pp. 305-319, Springer
»» Felderer, M. and Katt, B. (2015) A process for mastering security
evolution in the development lifecycle. International Journal on
Software Tools for Technology Transfer, 17(3), pp. 245-250, Springer
»» Felderer, M. and Beer, A. (2015) Using Defect Taxonomies for
Testing Requirements. IEEE Software, 32(3), pp. 94-101, IEEE
»» Felderer, M. and Herrmann, A. (2015) Manual test case derivation from
UML activity diagrams and state machines: A controlled experiment.
Information and Software Technology, 61, pp. 1-15, Elsevier
»» Trojer, T. and Farwick, M. and Häusler, M. and Breu, R. (2015).
Living Modeling of IT Architectures : Challenges and Solutions.
In R. De Nicola, Rocco and Hennicker (Ed.), Software, Services,
and Systems (Vol. 8950, pp. 458–474). Springer
22
PhD Theses
Awards and Functions
Completed:
Ruth Breu:
»» Thomas Trojer: Access Control Policy Administration supporting
User-defined Privacy Preferences (25.09.2015)
»» The Tyrolean Science Award 2015
Running:
»» Member of Steering Committee of ACM/IEEE International Conference
on Model-Driven Engineering Languages and Systems MODELS
»» Michael Brunner: A method for certification of safety-critical living systems
»» Matthias Gander: Analysis of IT-landscape anomalies through
machine learning and complex event processing
»» Florian Häser: Model-Based Integration Testing
»» Board Member of FWF, the Austrian Science Fund
»» Member of Editorial Board of the Software and Systems
Modeling Journal (Springer SoSym), www.sosym.org
»» Member of NIS Platform of the European Commission
»» Martin Häusler: Scalable Model Repository Infrastructures
»» Mitglied Querschnittsfachausschuss Modellierung
der Gesellschaft für Informatik e. V. (GI)
»» Philipp Kalb: Model Evolution
»» Member of Jury of Heinz-Zemanek-Preis of OCG
»» Clemens Sauerwein: Real-Time Security Risk Management
»» Head of Institute of Computer Science
»» Christian Sillaber: Data Quality Management in
Information Systems Security Documentation
»» Member of Jury, Jubiläumsfond Universität Innsbruck
»» Reviewer EU FP 7 Project MIDAS
»» Member of Jury of AdventureX 2015, Standortagentur Tirol
»» The Tyrolean Science Award 2015
Michael Felderer:
»» The Tyrolean Development Grant 2015
»» Guest Editor for the International Journal on Software
Tools for Technology Transfer (STTT)
»» Editorial Board Member Transactions on Foundations
for Mastering Change (FoMaC)
23
24
The Tyrolean State Science Award
On October 12th, 2015, Prof. Dr. Ruth Breu has been awarded with
The Tyrolean State Science Award 2015. The award is dedicated as
acknowledgement for outstanding accomplishments in the scientific
field and honors the complete work as well as outstanding individual
performance in research and science. The award was presented by
Landesrat Prof. Dr. Bernhard Tilg at the ceremony in Landhaus.
At the same time, Dr. Michael Felderer has been awarded
with The Tyrolean Development Grant 2015.
Photos on the left page:
Left: Prof. Dr. Bernhard Tilg and the awarded: Prof. Dr. Ruth Breu
and Dr. Michael Felderer (at the Awards Ceremony)
Upper right: Prof. Dr. Bernhard Tilg and Prof. Dr. Ruth Breu
Lower right: Prof. Dr. Bernhard Tilg and Dr. Michael Felderer
25
Accepted Papers
at Conferences and Workshops
»» Felderer, M. and Haisjackl, C. and Pekar, V. and
Breu, R. (2014) A Risk Assessment Framework
for Software Testing. The 6th International
Symposium On Leveraging Applications of
Formal Methods, Verification and Validation
(ISoLA 2014), pp. 292-308, Springer
»» Kalb, P. and Breu, R. (2014) Tool Support for
Collaborative Software Quality Management. The
Demonstrations Track of the 17th Intl. Conference
on Model-Driven Engineering Languages and
Systems (MODELS 2014), Article No. 4, CEUR
»» Farwick, M. and Schweda, C.M. and Breu, R.
and Hanschke, I. (2015) A Situational Method
for Semi-automated Enterprise Architecture
Documentation (SoSyM Astract). The 18th
International Conference on Model Driven
Engineering Languages and Systems,
(MODELS 2015), IEEE (Best Paper Award)
»» Felderer, M. and Beer, A. (2015) Mutual knowledge
transfer between industry and academia to
improve testing with defect taxonomies.
Multikonferenz Software Engineering &
Management 2015 (SE 2015), pp. 238-242, GI
26
»» Felderer, M. and Beer, A. (2015) Requirementsbased testing with defect taxonomies.
Multikonferenz Software Engineering &
Management 2015 (SE 2015), pp. 108-109, GI
for the Application of Model-Based Testing in
Industry. The 41th EUROMICRO Conference
on Software Engineering and Advanced
Applications (SEAA 2015), pp. 382-389, IEEE
»» Felderer, M. and Haisjackl, C. and Pekar, V.
and Breu, R. (2015) An Exploratory Study
on Risk Estimation in Risk-Based Testing
Approaches. Software Quality Days 2015
(SWQD 2015), pp. 32-43, Springer
»» Gander, M. and Sauerwein, C. and Breu, R.
(2015) Assessing Real-time Malware Threats.
The Information Assurance Workshop at the
2015 IEEE International Conference on Software
Quality, Reliability & Security (QRS 2015)
»» Adorf, H.-M. and Felderer, M. and Varendorff,
M. and Breu, R. (2015) A Bayesian Prediction
Model for Risk-Based Test Selection. The
41th EUROMICRO Conference on Software
Engineering and Advanced Applications
(SEAA 2015), pp. 374-381, IEEE
»» Pekar, V. and Felderer, M. and Breu, R.
and Ebner, M. and Winkler, A. (2015)
Improving the Requirement Engineering
Process with Speed-Reviews: An Industrial
Case Study. Software Quality Days 2015
(SWQD 2015), pp. 3-19, Springer
»» Keckeis, J and Dolezel M. and Felderer,
M. (2015) Towards a Concept for
Enterprise Systems Landscape Testing.
ERP Future 2014, Springer (in press)
»» Sillaber, Ch. and Breu, R. (2015) Using
Business Process Model Awareness to improve
Stakeholder Participation in Information
Systems Security Risk Management Processes.
Wirtschaftsinformatik 2015, pp. 1177-1190
»» Mohacsi, S. and Felderer, M. and Beer, A. (2015)
Estimating the Cost and Benefit of ModelBased Testing: A Decision Support Procedure
»» Sillaber, Ch. and Breu, R. (2015) Identifying
Blind Spots in IS Security Risk Management
Processes Using Qualitative Model Analysis.
Third International Conference on Human
Aspects of Information Security, Privacy,
and Trust, (HAS 2015), held as part of HCI
International 2015, pp. 252-259, Springer
»» Sillaber, Ch. and Breu, R. (2015) Using Stakeholder
Knowledge for Data Quality Assessment in IS
Security Risk Management Processes. The ACM
SIGMIS 2015 Conference on Computers and
People Research (CPR 2015), pp. 153-159, ACM
»» Pekar, V. and Felderer, M. and Breu, R. and Nickl, F.
and Roßik, C. and Schwarcz, F. (2016) Integrating
a lightweight risk assessment approach into an
industrial development process. Software Quality
Days 2016 (SWQD 2016), Springer (in press)
Journal of Software and Systems Modeling 2015 Best Paper Award
27
PC Memberships
Ruth Breu
International Conferences:
Workshops and D-A-CH Conferences:
»» ACM/IEEE 18th International Conference on Model Driven
Engineering Languages and Systems (MODELS 2015)
»» ERP Future 2014 Research Conference (ERP 2014)
»» 41th Euromicro Conference on Software Engineering
and Advanced Applications (SEAA 2015)
»» 12th IEEE International Conference on Services Computing (SCC 2015)
»» The Eleventh International Conference on Autonomic
and Autonomous Systems (ICAS 2015)
»» The 12th International Conference on Mobile Web and
Intelligent Information Systems (MobiWis 2015)
»» 3rd Workshop on View-Based, Aspect-Oriented and
Orthographic Software Modelling (VAO 2015)
»» Software Quality Days 2015 (SWQD 2015)
»» Health Informatics meets eHealth (eHealth2015)
»» First International Workshop on Process Engineering (IWPE 2015)
»» 3rd International Workshop on Risk Assessment and Risk-Driven Testing 2015
»» 13. Anwenderkonferenz für Softwarequalität,
Test und Innovation (ASQT 2015)
»» Software & Systems Engineerings Essentials (SEE 2015)
»» 12. Internationale Tagung Wirtschaftsinformatik (WI 2015)
28
Michael Felderer
International Conferences:
Workshops and D-A-CH Conferences:
»» 41st Euromicro Conference on Software Engineering
and Advanced Applications (SEAA 2015)
»» ERP Future 2015 Research Conference (ERP 2015)
»» 23rd International Conference on Requirements
Engineering 2015, Industry Committee (RE 2015)
»» 16th International Conference on Product-Focused
Software Process Improvement (PROFES 2015)
»» 9th International Symposium on Empirical Software
Engineering and Measurement (ESEM 2015)
»» 6th International Workshop on Security Testing (SECTEST 2015)
»» 10th International Workshop on Testing: Academic and Industrial
Conference - Practice and Research Techniques (TAIC PART 2015)
»» 2nd International Workshop on Requirements
Engineering and Testing (RET 2015)
»» 3rd International Workshop on Risk Assessment
and Risk-driven Testing (RISK 2015)
»» 41st International Conference on Current Trends in Theory
and Practice of Computer Science (SOFSEM 2015)
»» EuroSTAR Software Testing Conference (EuroSTAR 2015)
»» The Seventh International Conference on Advances in System
Testing and Validation Lifecycle (VALID 2015)
»» 8th IEEE International Conference on Software Testing,
Verification and Validation (ICST 2015)
»» 48th Annual Hawaii International Conference on System Sciences (HICSS 2015)
»» OOP Software meets Business (OOP 2015)
29
Dissemination and Public Presence
Presentations at Conferences and Workshops:
»» C. Sillaber: Measuring and improving the quality of business security
requirements in Information Systems Security Risk Management Processes,
Young Security Researchers Day 2014, Graz, Austria, 2014/10/10
»» M. Felderer: An Exploratory Study on Risk Estimation in Risk-Based Testing
Approaches, Software Quality Days 2015, Vienna, Austria, 2015/01/21
»» M. Felderer and M. Ebner: Improving the Requirement Engineering
Process with Speed-Reviews: An Industrial Case Study, Software
Quality Days 2015, Vienna, Austria, 2015/01/21
»» M. Felderer and A. Beer: Requirements-based testing with
defect taxonomies, Multikonferenz Software Engineering
& Management 2015, Dresden, 2015/03/20
»» M. Felderer and A. Beer: Mutual Knowledge Transfer Between
Academia and Industry to Improve Testing with Defect Taxonomies,
Software Engineering 2015, Dresden, Deutschland, 2015/03/20
»» M. Felderer: Current State and Challenges for Model-Based Security Testing,
6th International Workshop on Security Testing (SECTEST 2015), 2015/04/13
»» M. Felderer: A Bayesian Prediction Model for Risk-Based Testing,
41th Euromicro Conference on Software Engineering and Advanced
Applications (SEAA 2014), Funchal, Portugal, 2015/08/27
»» M. Felderer: Estimating the Cost and Benefit of Model-Based Testing: A
Decision Support Procedure for the Application of Model-Based Testing
in Industry. 41th Euromicro Conference on Software Engineering and
Advanced Applications (SEAA 2014), Funchal, Portugal, 2015/08/27
30
»» M. Gander and C. Sauerwein and R. Breu: Assessing Real-time
Malware Threats, Workshop on Information Assurance at the 2015
IEEE International Conference on Software Quality, Reliability
& Security (QRS 2015), Vancouver, Canada, 2015/08/03
»» F. Häser and R. Breu: Non-Intrusive DocumentationDriven Integration Testing, International Conference on
Software Testing 2015, Graz, Austria, 2015/04/15
»» C. Sillaber: Identifying Blind Spots in IS Security Risk Management
Processes Using Qualitative Model Analysis, 17th International Conference
on Human-Computer Interaction (HCI 2015), Los Angeles, USA, 2015/08
»» C. Sillaber: Using Stakeholder Knowledge for Data Quality Assessment
in IS Security Risk Management Processes, ACM SIGMIS Conference on
Computers and People Research CPR 2015), Long Beach, USA, 2015/06
»» C. Sillaber: Using Business Process Model Awareness to
improve Stakeholder Participation in Information Systems
Security Risk Management Processes. Internationale Tagung
Wirtschaftsinformatik (WI 2015), Osnabrück, Germany 2015/03
Invited Scientific Talks:
Presentations at Business Related Events:
»» M. Farwick and R. Breu: Lebendige EA Modelle – Wissen im ITManagement kooperativ entwickeln, Enterprise Architecture
Conference 2014, Berlin, Germany, 2014/11/03
»» R. Breu, M. Brunner: Security Risk Workflows – Konzepte für
die organisierte Suche nach der Nadel im Hauhaufen, OWASP
German Chapter Stammtisch, Munich, Germany, 2015/04/21
»» M. Farwick and C. M. Schweda and R. Breu and I. Hanschke: A Situational
Method for Semi-automated Enterprise Architecture Documentation,
18th International Conference on Model Driven Engineering Languages
and Systems (Models 2015), Ottawa, Canada, 2015/09/30
»» R. Breu: Podiumsdiscussion at IT-Day 2015, Innsbruck, Austria, 2015/05/07
»» M. Felderer: No Risk, No Test: Erfolgreiche Einführung und Umsetzung
von Risikobasiertem Testen, Software Engineering Live Workshop
2015 (SE Live 2015), Achenkirch, Austria, 2015/04/24
»» M. Felderer: Using Defect Taxonomies to Improve Testing
and Reviewing of Requirements, Chalmers University of
Technology, Göteborg, Schweden, 2015/02/20
»» Ch. Sillaber: Experimente zur IT-Sicherheit, inday
Teachers 2015, Innsbruck, Austria, 2015/03/24
»» M. Felderer: Current State and Challenges for Model-Based
Security Testing, 6th International Workshop on Security
Testing (SECTEST 2015), Graz, Austria, 2015/04/13
»» Ch. Sillaber, M. Brunner: Challenges for Next Generation ITCompliance Management Systems, IG:IS Interessensgemeinschaft
Informationssicherheit, Innsbruck, Austria, 2015/06/18
31
Teaching
Our mission in teaching is to educate professionals with both foundational and application oriented skills.
Ruth Breu:
Matthias Farwick, Thomas Trojer:
»» Entwurf von Softwaresystemen, WS 2014/15, Lecture
»» Domain-specific Language Engineering, SS 2015, Proseminar
»» Softwareentwicklung und Projektmanagement, SS 2015, Lecture
Christian Sillaber:
»» Softwareentwicklung und Projektmanagement, SS 2015, Proseminar
»» PhD Course Advanced Quality Engineering Proseminar, WS 2014/15
»» Introduction into Computer Science for Economists, WS 2014/15, Lecture
»» Entwurf von Softwaresystemen, WS 2015/16, Proseminar
»» Entwurf von Softwaresystemen, WS 2015/16, Lecture
Michael Felderer:
»» Softwareentwicklung und Projektmanagement, SS 2015, Proseminar
»» Advanced Software Quality, WS 2014/15, Lecture
Florian Häser:
»» Software Qualität, WS 2014/15, Lecture
»» Software Qualität, WS 2014/15, Proseminar
»» Advanced Software Engineering, SS 2015, Lecture
»» Advanced Software Engineering, SS 2015, Proseminar
32
»» Entwurf von Softwaresystemen, WS 2014/15, Proseminar
»» Entwurf von Softwaresystemen, WS 2014/15, Proseminar
»» Softwareentwicklung und Projektmanagement, SS 2015, Proseminar
Bachelor and Master Theses
Bachelor Theses:
Master Theses:
»» Evaluierung einer Plattform für Wissensmanagement in
einer IT Abteilung (Martin Haslinger, completed)
»» Plattform-unabhängige mobile Web-Anwendung
für Festivalbesucher (Matthias Wanner)
»» Attacks in a box (Mirko Bez und Simon Targa, completed)
»» Einführung und Evaluierung einer Cross-DeviceTesting Plattform (David Fasching, completed)
»» Visualisierung von Anforderungen und Trace Links
(Alexander Blaas and Natalie Mair, completed)
»» Implementierung eines Multi-Device Interfaces zur Zeiterfassung
für Microsoft Dynamics NAV (Alex Untertrifaller, completed)
»» Effiziente Session-Verwaltung für einen Streamingdienst
(Mathias Mahlknecht, completed)
»» Management und Routing eines Indoor-Lokalisierungssystems
(Thomas Berthold, completed)
»» Konzeption und Entwicklung eines Kundeninformationsystems
(Samuel Carraro and Werner Kapferer, completed)
»» Implementierung eines Management Tools für
Metamodellinks in MoVE (Fabian Jeschko, completed)
»» Implementierung eines Metrik Frameworks für
MoVE (Daniel Eppacher, completed)
»» Automatisierte Dokumentation von IT-Architekturen auf
Basis von heterogenen Datenquellen (Felix Kostenzer,
David Riedl, Matthias Lechner, completed)
»» Mobiler Arztbrief und mobiler Leistungsnachweis
(Christian Lechner und Thilo Gorfer, completed)
»» Implementierung von Vulnerabilitätsanalysen in einer
Workflow-Engine (Nikolaus Rauch, completed)
»» State of Practice of Software Quality Processes in
Software Houses (Florian Auer, completed)
»» The Usage of Quality Models in Risk-Based Testing (Harald Foidl, completed)
»» Risk-Based Testing in a Health-Care Environment
(Harald Hirschvogl, completed)
»» Automatic Deployment Environment for GRC (Alexander Graf, ongoing)
»» Design and Implementation of a Generic and Highly Extensible
Sensor-Driven Eventing and Notification Framework
for IBM WebSphere (Patrizia Gufler, ongoing)
»» Continuous Integration in a Banking Environment
(Christian Bitschnau, ongoing)
»» Attacks in a box (Mirko Bez, Simon Targa, ongoing)
»» Integration of testing concepts into the RE
framework reqT (Cornelia Lezuo, ongoing)
»» Agile Development Processes in SME (Sonja Thaler, ongoing)
»» Uncovering Malware Remnants after Automated Malware
Cleansing for Android (Christoph Leitner, ongoing)
»» Crowdsourcing the Malware Threat: A Case Study on
Crowdsourcing Capabilities in the Information Security
Domain (Clemens Sauerwein, ongoing)
»» A scalable property-based Filesystem based on
Fuse (Richard Weinberger, ongoing)
The Master Thesis of QE student Harald Foidl
entitled „The Usage of Quality Models in
Risk-based Testing“ supervised by Dr. Michael
Felderer received the DASMA Zukunftspreis
2015. The price was handed over to Mr.
Foidl during MetriKon 2015 in Cologne.
The DASMA Zukunftspreis is awarded once
per year to excellent thesis in the area of
software metrics and effort estimation.
33
„talente Entdecken“
it award for Bachelor students of the
institute of Computer science
The „IT Award of the City of Innsbruck“ is annually honoured by the City of
Innsbruck under the auspices of the Tyrolean Chamber of Commerce to Bachelor
students of Computer Science for outstanding project work within the course
„Software Development and Project Management“. At this year‘s competition, the
award was dedicated to solutions mobile materialising location based services.
The award was dedicated to the project Echo. Echo is a social network
which targets in what is really important for users: to obtain on
time and in a particular location the relevant information.
With this application it is possible to write so-called Shouts (short messages)
that are visible to everyone else in the vicinity. Sharing, commenting and
rating increases or decreases the range of the shouts. This local relevance
guarantees that the information flow is reduced to the essentials.
The awarded team with jury and the organiser
Awarded team: Daniel Egger, Arno Breitfuss, Mike Koch, Patrick
Lackinger, Björn Meusburger and Jannik Siebert
Jury members: Dr. Andreas Doblander (ARZ Allgemeines Rechenzentrum),
DI Paul Wessiack (World Direct) and Dr. Rainer Mayr (TIWAG)
Echo © Daniel Egger
34
The Quality and Security Program Tirol
The Quality and Security Program Tirol - QSP Tirol - is an
initiative created by the Quality Engineering Research Group
to foster application-oriented education in the area of software engineering,
information security and IT management at the University of Innsbruck.
QSP Tirol offers series of events such as QSP Labs, QSP
Talks and QSP Teaching supported by renown experts and is
dedicated for students enrolled in Tyrolean Universities.
13.03.2015
Dr. Helmut Gratl (ARZ Allgemeines Rechenzentrum GmbH)
Sicherheitsüberprüfungen
(Theorie und Best Practice) im professionellem Umfeld
20.-21.03.2015 Martin Ortner and Gregor Koenig (Barracuda Networks)
Secure Internet Communication
17.-18.04.2015
Torsten Gründer (Gründer Consulting)
IT-Outsourcing Management
24.04.2015
Hannes Tschofenig (ARM Limited)
Internet of Things (IoT)
The following labs were held in a time period: November 2014-November 2015:
08.05.2015
22.05.2015
29.05.2015
26.06.2015
27.11.2014 Vyacheslav Zakorzhevsky (Kaspersky Lab)
Financial Malware and Corresponding Distribution Methods
23.10.2015
Richard Weinberger (sigma star)
Introduction to Linux kernel development
28.11.2014
Martin Beißer (sepp.med gmbh)
Modellbasiertes Testdesign - Testfälle automatisch generieren
06.11.2015 David Gstir (sigma star)
Introduction to cryptography
12.12.2014
Richard Weinberger, David Gstir (sigma star gmbh)
Reverse Engineering Network Appliances
13.11.2015
Michael Gredler, Christian Pubmerger
Cybercrime verhindern - Schwachstellen und Angriffe erkennen
09.-10.01.2015 Harry M. Sneed (SoRing Kft, Budapest)
Analyzing and Testing Software Requirement Documents
27-28.11.2015
Harry Sneed (SoRing Kft, Budapest)
Software Reengineering
16.01.2015
Dr. Helmut Gratl (ARZ Allgemeines Rechenzentrum GmbH)
Sicherheitsarchitektur(en) im Enterprise Umfeld
03-04.12.2015
Victor Sergeev (Kaspersky Lab)
Malware analysis & Reverse engineering
27.02.2015
Inge Hanschke (Lean42 GmbH)
EA Best Practices
06.03.2015 Christian Kovatsch (ARZ Allgemeines Rechenzentrum GmbH)
Schwachstellen in Browser und Mobile Devices
11.12.2015
Matthias Forster, Matthias Schmidt (Bayerisches
Landeskriminalamt)
Zentrale Ansprechstelle Cybercrime - ZAC
The initiative is sponsored by the companies: ARZ Allgemeines
Rechenzentrum GmbH, Barracuda Networks, EGGER and mils electronic.
The Program was officialy initiated on 27.11.2014 and since that
time the broad sellection of interesting labs and talks leaded
by outstanding experts has been offerred to students.
Tobias Simon (itestra GmbH)
Software-Qualität im Wandel der Zeit
35
Events
The following talks were given within the QSP initiative so far:
36
QE LaB Praxis Forum
27.11.2014
Stefan Ortloff (Kaspersky Lab)
A Retrospective View On Banking Malware
27.11.2015
Rainer Böhme (Wilhelms-Universität Münster
Kryptographische Währungen als Zahlungsmittel:
Prinzipien, Potenziale und Probleme am
Beispiel Bitcoin
28.01.2015
Hannes Tschofenig (ARM Limited)
Securing the Internet of Things
»» Viktor Pekar (QE LaB), Martin Ebner (Porsche Informatik)
Requirement Speed-Reviews bei Porsche Informatik
29.04.2015
Václav Pech (JetBrains)
JetBrains MPS - Speaking your language
»» Dr. Matthias Farwick, (QE LaB), Dr. Thomas Trojer (QE LaB)
Lebendige IT Modelle - Wissen im IT-Management kooperativ
18.06.2015
Ing. Michael Brunner, MSc
(Institut für Informatik, Universität Innsbruck)
Mag. Christian Sillaber, MSc
(Institut für Informatik, Universität Innsbruck)
Herausforderungen für Next Generation IT Compliance Management Systeme
»» Michael Brunner (QE LaB), Christian Sillaber (QE LaB)
Wer schreibt, der bleibt – Qualität in der Dokumentation
von Sicherheitsanforderungen
15.10.2015
Ing. Christian Pumberger, MBA, katmakon, KG
Aufbau IT-Krisenmanagement in Unternehmen
03.12.2015
Serge Egelman, University of California, Berkeley
Making Privacy Decisions in Ubiquitous
Computing Environments
The QE Lab Praxis Forum was held on November 12th, 2014. The
following four presentations given at the forum referred to the latest
projects and developments in the work of the QE LaB team:
»» Dr. Michael Felderer (QE Lab)
No Risk, No Test: Effektives Testen durch Risikoorientierung
german Chapter of the aCm Workshop
software Engineering live 2015
april 23 rd-24 th, 2015, achenkirch
Organisers: Ruth Breu, Wolfgang Glock, Friederike Nickl,
Thomas Matzner, Oliver Wiegert
»
»
Local Organisation: Ilona Zaremba
http://se-live.org
The 7th edition of the workshop Software Engineering Live took a place on
23rd and 24th of April 2015. In Achenkirch at the Achensee, the software
engineering professionals from Germany and Austria met together
to discuss the latest trends of the development of complex software
systems. This year’s networking meetings focused on the sustainability
of software systems and the central topics of this workshop were:
»
»
»
»
http://se-live.org/se_live_2015/
Agile Documentation
Agility and Performance Migration
Testability of Software Architectures
Risk Assessment in Test Processes
The participants of SE Live 2015 Workshop
37
„talente Entdecken“
„Talente Entdecken“ is an initiative of the Austrian Federal Ministry
for Transport, Innovation and Technology fostering interest of
young adults in natural science and technical professions.
Every year QE LaB offers five positions for high school students
during four weeks of summer holidays. They have a chance to
conduct practical programming as well as literature research.
This year “Talente Entdecken” focused on quality characteristics for
mobile applications. The students have learned tools and techniques for
collaborative research and conducted a study. They shared their experience
by publishing the findings of their research in a Wikipedia article.
https://de.wikipedia.org/wiki/Softwarequalit%C3%A4t
#Software_f.C3.BCr_mobile_Ger.C3.A4te
The team was supervised by MSc Florian Häser.
Silvia Hubmann, the student conducting „Talente Entdecken“ 2014
was awarded by FFG with the Award of Excellence for the report
summarising her research during the intership. She was supervised
by Mag. M.Sc. M.Sc. Christian Sillaber, QE Lab PhD student.
38
Florian Häser, the young researchers and Prof. Dr. Ruth Breu
at the closing of this year „Talente Entdecken“
Klaus Pseiner (FFG), Silvia Hubmann and Christian Sillaber
at the Award Presenation in Vienna
QE LaB Business Services GmbH
QE LaB Business Services GmbH complements our research
activities by services and products for the continuous
quality management of collaborative systems.
GRÜNDUNGEN
QUALITY INTELLIGENCE ist
ein umfassender Ansatz für das
Qualitätsmanagement von ITLandschaften. Er basiert auf zwei
Prinzipien:
1. Die Qualitätsziele sind am
Geschäft ausgerichtet (Business-ITAlignment).
2. Die genaue Kenntnis des Qualitätszustands der IT-Infrastruktur nahezu in Echtzeit ist Voraussetzung
für die technische Umsetzung.
QE LAB BUSINESS SERVICES
GMBH ist ist ein Spin-off der
Forschungsgruppe Quality Engineering am Institut für Informatik
der Universität Innsbruck. Seit der
Gründung 2012 führt die Firma
Projekte in den Bereichen Quality
und Security Engineering mit
namhaften Kunden wie dem Allgemeinen Rechenzentrum, Hilti, ÖBB
und Bachmann electronic durch.
Die Unternehmensgründung wurde durch das CAST gefördert.
Info: www.qe-lab.com
IT-TRENDS GESCHÄFTLICH
NUTZBAR MACHEN
Der Quality-Intelligence-Ansatz der QE LaB Business Services GmbH bereitet durch eine
hohe Qualität der IT-Landschaft den Boden für Innovationen.
T
rends wie Internet of Things oder
Industrie 4.0 sind nur dann effizient nutzbar, wenn die IT-Landschaft eines Unternehmens eine hohe
Qualität aufweist. Entgegen einer weit
verbreiteten Ansicht treibt IT-Qualitätsmanagement demnach Innovationen und
geschäftlichen Erfolg erst voran. „Unternehmen müssen überlegen, ob und wie
sie IT-Trends für das eigene Geschäft
nutzen können. Die Voraussetzungen
von IT-Seite können wir mit unserem
Quality-Intelligence-Ansatz schaffen“,
sagt Ruth Breu, Leiterin des Bereichs
Quality Engineering am Institut für Informatik der Universität Innsbruck sowie
Gesellschafterin von QE LaB Business
Services (QE LaB BS). Die IT-Abteilung
42
http://www.qe-lab.com
zukunft forschung 01/15
kann ihren Beitrag zur Geschäftsentwicklung dann leisten, wenn sie den Zustand
der Systeme genau kennt. In Zeiten von
heterogenen, fragmentierten und hochdynamischen IT-Landschaften ist das
eine große Herausforderung. Durch die
automatisierte Erfassung des IT-Betriebs
können die Experten von QE LaB BS mit
ihren Methoden und Tools einen solchen
Überblick in Echtzeit schon jetzt liefern.
Erfolgsfaktor Qualität
In Kooperation mit der Forschungsgruppe Quality Engineering an der Universität Innsbruck und Industriepartnern
entwickeln sie innovative Werkzeuge, die
IT-Architekten bei der Analyse komplexer Infrastrukturen unterstützen. „Unse-
re Vision ist es, dass IT-Architekten durch
die Strukturen ihrer IT-Systeme navigieren wie Reisende durch eine interaktive
Landkarte und dabei Abhängigkeiten
analysieren können,“ erläutern Matthias
Farwick und Thomas Trojer, Consultants
bei QE LaB BS: Mit dem txture-Werkzeug, das die dynamische Visualisierung
von IT-Landschaften und individuelle
Auswertungen erlaubt, ist ein großes
Stück dieser Vision bereits realisiert.
Gefährliche Kettenreaktionen in ITLandschaften, wie etwa bei Zwischenfällen einer großen Bank, als Software-Updates das gesamte Online-Banking lahmlegten, können durch automatisierte und
individuelle Analysemöglichkeiten vermieden werden.
cast
Foto: iconimage – Fotolia.com (bearbeitet v. Stefan Gerstorfer)
http://www.uibk.ac.at/forschung/magazin/14/seite42-44.pdf
39
Non-Scientific Media
and Press Reports
»» 20 Jahre Internet in Tirol: Chancen und Risiken,
Tiroler Tageszeitung, September 2014
»» App-Berechtigungen: Was darf die App? Radio
Tirol, Hallo Tirol, November 2014
»» IT-Trends geschäftlich nutzbar machen, zukunft forschung - Magazin für
Wissenschaft und Forschung der Universität Innsbruck, January 2015
»» Praxis im Hörsaal – QSP Tirol, uniwia, March, 2015
»» Neue Plattform: Informatik Austria, HEUREKA, Der Falter, Wien, March 2015
»» ORF Interview am IT-Day, ORF - Landesstudio Tirol, Innsbruck, May 2015
„Neue Plattform: Informatik Austria“, HEUREKA, Der Falter:
https://www.falter.at/heureka/ausgabe/informatik-austria-315/
40
„Praxis im Hörsaal“, uniwia: http://informatik.uibk.ac.at/wp-content/uploads/2015/04/01032015_WIA_PraxisimH%C3%B6rsaal_QSP.pdf
41
Quality Engineering
Research Group
The Quality Engineering research group (QE) is a research
group at the Institute of Computer Science at the University
of Innsbruck. Together with her team Ruth Breu develops
innovative methods and tools for increasing quality and
cost efficiency in IT using model-based techniques.
Model-based techniques will be increasingly used in management,
development and operation of IT systems. The tasks of developers
will therefore increasingly shift from technology-based coding
to business oriented analysis. This is the only way to control the
IT systems of the future, which are characterized by distribution,
interconnectedness and cross-system business processes.
The goal of QE‘s research is to develop sound and practical
solutions and to unlock application scenarios.
models at work – The focus of
QE‘s research is on profound
practical solutions and new
application scenarios of models.
QE‘s research topics include model-driven quality assurance,
workflow management and planning of IT landscapes. In addition,
QE has achieved an internationally leading position in the areas of
security engineering and security management, in the past few years.
QE was established in 2002 and currently has around 30 staff. In
addition to worldwide cooperation with research partners, QE is
mostly involved in projects in cooperation with industry partners.
42
Research Areas of the Quality Engineering Group
1
Security Engineering of Distributed Systems
Business processes increasingly run on open, mobile systems.
IT security has therefore become a core requirement.
We are driving innovative security engineering to enable
ample use of collaborative systems and new technologies.
In particular we work in the following areas:
»» conceptual design of service-oriented security
systems that are critical for security
»» web service-based technologies
»» Identity and rights management
2
Projects:
»» EN-ACT: Energy-aware Computing
Interreg IV Project in Colloboration wth Free
University of Bolzano, 2012-2015
Projects:
»» MOBSTECO: Model-Based Security Testing of Clouds
FWF Project, 2013-2016
3
Business Process & Workflow
Smooth running of day-to-day business processes is
unthinkable nowadays without excellent IT support.
This is why we focus on the following areas:
»» modelling and evaluation of business processes
»» workflow management systems
»» agile process life cycle
Projects:
»» Nautilus: The Process of Process Modeling
FWF Project (Barbara Weber), 2011-2015
»» ModErAre: Modeling Error Analysis and Resolution
FWF Project (Barbara Weber), 2014-2016
»» The Modeling Mind: Behavior Patterns in Process Modeling
FWF Project (Barbara Weber), 2014-2017
IT-Management & Security Management
Guidelines and a well-structured organisation are essential so
that information technology can support business processes
effectively and in a secure way. We focus on the following areas:
»» planning and management of IT landscapes
»» security and risk analysis
»» IT processes
4
Software Engineering
In our core discipline, traditional software
engineering, we focus on the following areas:
»» software development processes
»» model-based quality assurance
»» model-driven software development
Projects:
»» Product Quality
Collaboration Project with GS1 Austria and MPREIS, 2014-2017
43
Contact Us
If you have questions or require more information about QE LaB, please contact us.
QUALITY ENGINEERING LAURA BASSI LAB
Prof. Dr. Ruth Breu
Institute of Computer Science
ICT-Building, 3S05, University of Innsbruck
Technikerstrasse 21a, 6020 Innsbruck
Tel: +43 (0)512-507-53203
Fax: +43 (0)512-507-53029
Mail: ruth.breu@uibk.ac.at
Web: http://qe-lab.at
QUALITY ENGINEERING LAURA BASSI LAB
© 2015 QE LaB, All rights reserved.
Contact: Prof. Dr. Ruth Breu, Institute of Computer Science
ICT-Building, 3S05, University of Innsbruck
Technikerstrasse 21a, 6020 Innsbruck
Tel: +43 (0)512-507-53203
Fax: +43 (0)512-507-53029
Mail: ruth.breu@uibk.ac.at
Web: http://qe-lab.at