ICSOFT 2022 Abstracts

Area 1 - Foundational and Trigger Technologies

Full Papers

Paper Nr:	78
Title:	Dynamic Slotted Network Coding Protocol
Authors:	Mohammed Aissaoui, Chiraz Houaidia, Adrien van Den Bossche, Thierry Val and Leïla A. Saidane
Abstract:	Network Coding (NC) is a technique that enhances the performance of wireless networks by increasing the throughput and decreasing the delay. The basic idea is to exploit the mixing of signals that occurs naturally when end nodes transmit at the same time. The main challenge stands for a medium access scheduling allowing synchronized coordination between the nodes involved in that coded transmission. Most of the proposed Medium Access Control (MAC) protocols are based either on the CSMA/CA or the TDMA scheduling. The CSMA/CA based protocols suffer from synchronization issues, while the TDMA based protocols suffer from the delay due to their static design. This paper introduces a new NC MAC protocol called Dynamic Slotted Network Coding Protocol (DSNCP) based on a time scheduling to avoid the synchronization issue and uses a new design that makes the data slot assignments dynamic in order to reduce the delay. Simulation results show a significant performance gain of the proposed DSNCP compared to CSMA/CA and static TDMA protocols in terms of throughput and delay. In some scenarios, the throughput gain of the DSNCP could reach 130 % and 100 % compared to TDMA and CSMA/CA, respectively, and the delay gain could reach 80 % and 40 % compared to TDMA and CSMA/CA, respectively.
Download

Paper Nr:	80
Title:	Towards Automatic Block Size Tuning for Image Processing Algorithms on CUDA
Authors:	Imene Guerfi, Lobna Kriaa and Leila A. Saidane
Abstract:	With the growing amount of data, computational power has became highly required in all fields. To satisfy these requirements, the use of GPUs seems to be the appropriate solution. But one of their major setbacks is their varying architectures making writing efficient parallel code very challenging, due to the necessity to master the GPU’s low-level design. CUDA offers more flexibility for the programmer to exploit the GPU’s power with ease. However, tuning the launch parameters of its kernels such as block size remains a daunting task. This parameter requires a deep understanding of the architecture and the execution model to be well-tuned. Particularly, in the Viola-Jones algorithm, the block size is an important factor that improves the execution time, but this optimization aspect is not well explored. This paper aims to offer the first steps toward automatically tuning the block size for any input without having a deep knowledge of the hardware architecture, which ensures the automatic portability of the performance over different GPUs architectures. The main idea is to define techniques on how to get the optimum block size to achieve the best performance. We pointed out the impact of using static block size for all input sizes on the overall performance. In light of the findings, we presented two dynamic approaches to select the best block size suitable to the input size. The first one is based on an empirical search; this approach provides the optimal performance; however, it is tough for the programmer, and its deployment is time-consuming. In order to overcome this issue, we proposed a second approach, which is a model that automatically selects a block size. Experimental results show that this model can improve the execution time by up to 2.5x over the static approach.
Download

Paper Nr:	81
Title:	Hybrid Time Distributed CNN-transformer for Speech Emotion Recognition
Authors:	Anwer Slimi, Henri Nicolas and Mounir Zrigui
Abstract:	Due to the success of transformers in recent years, a growing number of researchers are using them in a variety of disciplines. Due to the attention mechanism, this revolutionary architecture was able to overcome some of the limitations associated with classic deep learning models. Nonetheless, despite their profitable structures, transformers have drawbacks. We introduce a novel hybrid architecture for Speech Emotion Recognition (SER) systems in this article that combines the benefits of transformers and other deep learning models.
Download

Paper Nr:	97
Title:	Deep Learning CNN-LSTM Approach for Identifying Twitter Users Suffering from Paranoid Personality Disorder
Authors:	Mourad Ellouze, Seifeddine Mechti and Lamia Hadrich Belguith
Abstract:	In this paper, we propose an approach based on artificial intelligence (AI) and text mining techniques for measuring the degrees of appearance of symptoms related to paranoid disease in Twitter users. This operation will then help in the detection of people suffering from paranoid personality disorder in a manner that provides justifiable and explainable results by answering the question: What factors lead us to believe that this person suffers from paranoid personality disorder? These challenges were achieved using a deep neural approach, including: (i) CNN layers for features extraction step from the textual part, (ii) BiLSTM layer to classify the intensity of symptoms by preserving long-term dependencies, (iii) an SVM classifier to detect users with paranoid personality disorder based on the degree of symptoms obtained from the previous layer. According to this approach, we get an F-measure rate equivalent to 71% for the average measurement of the degree of each symptom and 65% for detecting paranoid people. The results achieved motivate and encourage researchers to improve them in view of the relevance and importance of this research area.
Download

Short Papers

Paper Nr:	34
Title:	Coordinated Access to Shared Data Sources for Geo-replicated State Machines
Authors:	Enes Bilgin and Tolga Ovatman
Abstract:	State machine replication techniques are widely used to create fault tolerant services in cloud computing. However, reaching consensus between remote regions may take substantially long time. Many algorithms are proposed to solve this problem regarding the geographic locality of the objects while trading off some consistency properties of the system. Most of these studies consider direct replication of arbitrary parts of the system, but contemporary online services share some unique data sources that may not be replicated. This paper proposes a coordinated method to manage shared data sources between replicas by utilizing geographic locality of the data sources. The proposed algorithm present better performance than using a leader based approach in terms of request processing throughput. We provide the design and implementation of the proposed algorithm in detail and present the throughput performance of the algorithm in a geographically distributed environment.
Download

Paper Nr:	37
Title:	Performance Evaluation of Call Admission Control Strategy in Cloud Radio Access Network using Formal Methods
Authors:	Maroua Idi, Sana Younes and Riadh Robbana
Abstract:	For the fifth-generation (5G), Cloud Radio Access Network (C-RAN) has been proposed as a cloud architecture to provide a common connected resource pool management. In this regard, considering the rapidly changing in network traffic load, the efficient management of radio resources is a challenge. Call Admission Control (CAC) is a resource allocation mechanism to guarantee the Quality of Service (QoS) to User Equipment (UE) in a mobile cellular network. This paper proposes a new CAC schema, based on a hysteresis mechanism, named Virtual Machine Hysteresis Allocation Strategy (VMHAS) in the context of C-RAN. We aim to provide a good QoS by improving the blocking probability of calls, adjusting the amount of active VMs being provisioned for the current traffic load, and providing a load balancing in the considered C-RAN. We use probabilistic model checking to evaluate the performance of the proposed strategy. First, we model the VMHAS CAC schema with Continuous-Time Markov Chains (CTMCs). Then, we specify QoS requirements through the CTMC using the Continuous-time Stochastic Logic (CSL). Finally, we quantify the performance measures of the considered strategy by checking CSL steady-state and transient formulas using the PRISM model checker.
Download

Paper Nr:	60
Title:	Discovering Vulnerabilities and Patches for Open Source Security
Authors:	Tamara Gunkel and Thomas Hupperich
Abstract:	Open source software is used in numerous systems and security vulnerabilities in such software often affect many targets at once. Hence, it is crucial to find security vulnerabilities as soon as possible. A convenient method to check software for vulnerabilities is executing a static code analysis tool before deployment. However, for verifying the reliability of such tools, real-world data including labeled non-vulnerable and vulnerable code is required. This paper introduces an approach to automatically create and enhance a labeled data set of open source projects. The ground truth of vulnerabilities is extracted from up-to-date CVEs. We identify repositories related to known vulnerabilities, select vulnerable versions and take patch commits into account. In this context, we utilize Gradient Boosting based on regression trees as a meta classifier for associating patch commits to CWE categories. With a high precision of this matching, we give insights about the impact of certain vulnerabilities and a general overview of open source code security. Our findings may be used for future studies, such as the impact of certain code design criteria, e.g. clean code, on the prevalence of vulnerabilities.
Download

Paper Nr:	66
Title:	Automated Search for Leaked Private Keys on the Internet: Has Your Private Key Been Pwned?
Authors:	Henry Hosseini, Julian Rengstorf and Thomas Hupperich
Abstract:	Public key authentication is widely used alternatively to password-based credentials, enabling remote login with a generated key pair consisting of a private key and a public key. Like passwords, private keys are required to remain confidential to prevent unauthorized access to resources. These secrets might become subject to theft or publicly exposed unintentionally by the key’s owner. In such cases, the keys are deemed compromised and need to be revoked and abandoned instantaneously. Unfortunately, it is rarely possible for users to know whether their secret keys have been publicly exposed. Closing this gap, we introduce a private key leakage checker titled KeyPwned crawling the Internet for exposed authentication keys. We present a continuously updated database of leaked keys’ fingerprints discovered on websites or in source code repositories. For community-driven enhancement, we allow suggestions of URLs to scan for additional leaked keys, following our standardized process. We furthermore offer users a registration with their public keys to be notified if we detect leakage of their corresponding private key. KeyPwned is designed to run as a service following common software design standards, empowering users to verify their keys’ confidentiality and take action if a private key has been exposed.
Download

Paper Nr:	76
Title:	Approximate Dictionary Searching at a Scale using Ternary Search Trees and Implicit Levenshtein Automata
Authors:	Peter Schneider-Kamp
Abstract:	Approximate Dictionary Searching refers to the problem of finding entries in a dictionary that match a search word either exactly or with a certain allowed distance between entry and search word. Extant computationally efficient data structures and algorithms addressing this problem typically do not scale well to large alphabets and/or dictionaries, often requiring prohibitive amounts of memory as the sizes of alphabets and dictionaries increase. This paper presents a data structure and an algorithm for approximate dictionary searching that rely on ternary search trees and implicit Levenshtein automata and scale well with the sizes of both alphabets and dictionaries.
Download

Area 2 - Software Engineering and Systems Development

Full Papers

Paper Nr:	8
Title:	Needs and Challenges Concerning Cyber-risk Assessment in the Cyber-physical Smart Grid
Authors:	Gencer Erdogan, Inger A. Tøndel, Shukun Tokas, Michele Garau and Martin G. Jaatun
Abstract:	Cyber-risk assessment methods are used by energy companies to manage security risks in smart grids. However, current standards, methods and tools do not adequately provide the support needed in practice and the industry is struggling to adopt and carry out cyber-risk assessments. The contribution of this paper is twofold. First, we interview six companies from the energy sector to better understand their needs and challenges. Based on the interviews, we identify seven success criteria cyber-risk assessment methods for the energy sector need to fulfill to provide adequate support. Second, we present the methods CORAS, VAF, TM-STRIDE, and DA-SAN and evaluate the extent to which they fulfill the identified success criteria. Based on the evaluation, we provide lessons learned in terms of gaps that need to be addressed in general to improve cyber-risk assessment in the context of smart grids. Our results indicate the need for the following improvements: 1) ease of use and comprehensible methods, 2) support to determine whether a method is a good match for a given context, 3) adequate preparation to conduct cyber-risk assessment, 4) manage complexity, 5) adequate support for risk estimation, 6) support for trustworthiness and uncertainty handling, and 7) support for maintaining risk assessments.
Download

Paper Nr:	10
Title:	TASTING: Reuse Test-case Execution by Global AST Hashing
Authors:	Tobias Landsberg, Christian Dietrich and Daniel Lohmann
Abstract:	We describe TASTING, an approach for efficiently selecting and reusing regression-test executions across program changes, branches, and variants in continuous integration settings. Instead of detecting changes between two variants of the software-under-test, TASTING recursively composes hashes of the defining elements with all their dependencies on AST-level at compile time into a semantic fingerprint of the test and its execution environment. This fingerprint is easy to store and remains stable across changes if the test’s run-time behavior is not affected. Thereby, we can reuse test results across the history, multiple branches, and static compile-time variants. We applied TASTING to three open-source projects (Zephyr, OpenSSL, FFmpeg). Over their development history, we can omit between 10 percent (FFmpeg) and 95 percent (Zephyr) of all test executions at a moderate increase in build time. Furthermore, TASTING enables even higher savings across multiple checkouts (e.g., forks, branches, clones) and static software variants. Over the first changes to 131 OpenSSL forks, TASTING avoids 56 percent redundant test executions; for the Zephyr test matrix (64 variants), we reduce the number of test executions by 94 percent.
Download

Paper Nr:	20
Title:	Generalized Mutant Subsumption
Authors:	Samia Al Blwi, Imen Marsit, Besma Khaireddine, Amani Ayad, JiMeng Loh and Ali Mili
Abstract:	Mutant Subsumption is an ordering relation between the mutants of a base program, which ranks mutants according to inclusion relationships between their differentiator sets. The differentiator set of a mutant with respect to a base program is the set of inputs for which execution of the base program and the mutant produce different outcomes. In this paper we propose to refine the definition of mutant subsumption by pondering, in turn: what do we consider to be the outcome of a program’s execution? under what condition do we consider that two outcomes are comparable? and under what condition do we consider that two comparable outcomes are identical? We find that the way we answer these questions determines what it means to kill a mutant, how subsumption is defined, how mutants are ordered by subsumption, and what set of mutants is minimal.
Download

Paper Nr:	25
Title:	Minimum Size Build Environment Sets and Graph Coloring
Authors:	Stephen R. Tate and Bo Yuan
Abstract:	In this paper, we formalize the problem of designing build environments for large-scale software build and analysis, addressing issues with dependencies and conflicts between components required for each source package. We show that this problem can be fully captured by constructing a graph, which we call the “con-flict graph,” from dependency and conflict information, and then finding a minimum set of build environments corresponds exactly to finding minimum colorings of the conflict graph. As graph coloring is an NP-hard problem, we define several graph simplifications that can reduce the size of the graph, to improve the performance of heuristic coloring algorithms. In experimental results, we explore basic conflict graph metrics over time for various releases of the Ubuntu Linux distribution, and examine coloring results for the latest LTS release (Ubuntu 20.04). We find that small numbers of build environments are sufficient for building large numbers of packages, with 4 different environments sufficient for building the 1000 most popular source packages, and 11 build environments sufficient for building all 30,646 source packages included in Ubuntu 20.04.
Download

Paper Nr:	41
Title:	A Vulnerability Introducing Commit Dataset for Java: An Improved SZZ based Approach
Authors:	Tamás Aladics, Péter Hegedűs and Rudolf Ferenc
Abstract:	In the domain of vulnerability detection from the source code by applying static analysis, the number and quality of available datasets for creating and testing security analysis methods is quite low. To be precise, there are already several public datasets containing vulnerability fixing commits; however, vulnerability introducing commit datasets are scarce, which would be essential for creating and validating just-in-time vulnerability detection approaches. In this paper, we propose an SZZ (an algorithm originally developed to find bug introducing commits) based method with a specific filtering mechanism to create vulnerability introducing commit datasets from vulnerability fixes. The filtering phase involves measuring a relevance score for each vulnerability introducing commit candidates based on commit similarities. We generated a novel Java vulnerability introducing dataset from the existing project-KB repository to demonstrate our algorithm’s capabilities. We also showcase the generated database and the effectiveness of our filtering method through several hand-picked examples from the dataset.
Download

Paper Nr:	49
Title:	A Mechanism for Automatically Extracting Reusable and Maintainable Code Idioms from Software Repositories
Authors:	Argyrios Papoudakis, Thomas Karanikiotis and Andreas L. Symeonidis
Abstract:	The importance of correct, qualitative and evolvable code is non-negotiable, when considering the maintainability potential of software. At the same time, the deluge of software residing in code hosting platforms has led to a new component-based software development paradigm, where reuse of suitable software components/ snippets is important for software projects to be implemented as fast as possible. However, ensuring acceptable quality that will guarantee basic maintainability is also required. A condition for acceptable software reusability and maintainability is the use of idiomatic code, based on syntactic fragments that recur frequently across software projects and are characterized by high quality. In this work, we present a mechanism that employs the top repositories from GitHub in order to automatically identify reusable and maintainable code idioms. By extracting the Abstract Syntax Tree representation of each project we group code snippets that appear to have similar structural and semantic information. Preliminary evaluation of our methodology indicates that our approach can identify commonly used, reusable and maintainable code idioms that can be effectively given as actionable recommendations to the developers.
Download

Paper Nr:	94
Title:	Software Enhancement Effort Estimation using Stacking Ensemble Model within the Scrum Projects: A Proposed Web Interface
Authors:	Zaineb Sakhrawi, Asma Sellami and Nadia Bouassida
Abstract:	The frequent changes in software projects may have an impact on the accuracy of the Software Enhancement Effort Estimation (SEEE) and hinder management of the software project. According to a survey on agile software estimation, the most common cost driver among effort estimation models is software size. Indeed, previous research works proved the effectiveness of the COSMIC Functional Size Measurement (FSM) method for efficiently measuring software functional size. It has been also observed that COSMIC sizing is an efficient standardized method for measuring not only software size but also the functional size of an enhancement that may occur during the scrum enhancement project. Intending to increase the SEEE accuracy the purpose of this paper is twofold. Firstly, it attempts to construct a stacking ensemble model. Secondly, it intends to develop a localhost web application to automate the SEEE process. The constructed stacking ensemble model takes the functional Size of an enhancement or a functional change, denoted as FS(FC), as a primary independent variable. The stacking ensemble model combines three Machine Learning (ML) techniques: Decision Tree Regression, Linear Support Vector Regression, and Random Forest Regression. Results show that the use of the FS(FC) as an input to SEEE using the stacking ensemble model provides significantly better results in terms of MAE (Mean Absolute Error) = 0.206, Mean Square Error (MSE) = 0.406, and Root Mean Square Error (RMSE) = 0.595.
Download

Paper Nr:	100
Title:	A Hybrid Architecture for the Incremental Migration of a Web Front-end
Authors:	Benoît Verhaeghe, Anas Shatnawi, Abderrahmane Seriai, Anne Etien, Nicolas Anquetil, Mustapha Derras and Stéphane Ducasse
Abstract:	Nowadays, software migration is an effective solution to adopt new technologies while reusing the business value of existing applications. Among other challenges, the size and complexity of large applications are obstacles that increase the risks of migration projects. Moreover, the migration can imply a switch of programming languages. This is the case when migrating from Java to TypeScript. Thus, it is hard to migrate large and complex applications in one straightforward step. Incremental approaches have been designed to counter this problem. These approaches are based on hybrid architecture usages. However, none of the approaches use a hybrid architecture for GUI defined with different programming languages. In this paper, we propose a new hybrid architecture that enables the incremental migration of web applications. Our architecture is based on Web Components that allow legacy technology artifacts to work with modern ones. We implement the architecture and use it in the case of migrating GWT applications to Angular. Then, we validate its usability in a real context by migrating an industrial web application.
Download

Short Papers

Paper Nr:	11
Title:	Is There Any Correlation between Refactoring and Design Smell Occurrence?
Authors:	Lerina Aversano, Mario L. Bernardi, Marta Cimitile, Martina Iammarino and Debora Montano
Abstract:	Software systems are constantly evolving making their architecture vulnerable to decay and the emergence of numerous design problems. This paper focuses on the occurrence of design smells in software systems and their elimination through the use of refactoring activities. To do this, the data relating to the presence of Design Smell, the use of refactoring, and the result of this use are analyzed in detail. In particular, the history of five open-source Java software systems and of 17 different types of design smells is studied. Overall, the results show that the removal of Design Smells is not correlated with the use of refactoring techniques. The analysis also provides useful insights about the developers’ use of refactoring activities, the likelihood of refactoring on affected commits and clean commits, and removing and/or adding Design Smells both during refactoring and manual code cleaning operations.
Download

Paper Nr:	14
Title:	Needles in a Haystack: Using PORT to Catch Bad Behaviors within Application Recordings
Authors:	Preston Moore, Thomas Wies, Marc Waldman, Phyllis Frankl and Justin Cappos
Abstract:	Earlier work has proven that information extracted from recordings of an application’s activity can be tremendously valuable. However, given the many requests that pass between applications and external entities, it has been difficult to isolate the handful of patterns that indicate the potential for failure. In this paper, we propose a method that harnesses proven event processing techniques to find those problematic patterns. The key addition is PORT, a new domain specific language which, when combined with its event stream recognition and transformation engine, enables users to extract patterns in system call recordings and other streams, and then rewrite input activity on the fly. The former task can spot activity that indicates a bug, while the latter produces a modified stream for use in more active testing. We evaluated PORT’s capabilities in several ways, starting with recreating the mutators and checkers utilized by an earlier work called SEA to modify and replay the results of system calls. Our re-implementations achieved the same efficacy using fewer lines of code. We also illustrated PORT’s extensibility by adding support for detecting malicious USB commands within recorded traffic.
Download

Paper Nr:	18
Title:	Constructive Model Inference: Model Learning for Component-based Software Architectures
Authors:	Bram Hooimeijer, Marc Geilen, Jan F. Groote, Dennis Hendriks and Ramon Schiffelers
Abstract:	Model learning, learning a state machine from software, can be an effective model-based engineering technique, especially to understand legacy software. However, so far the applicability is limited as models that can be learned are quite small, often insufficient to represent the software behavior of large industrial systems. We introduce a novel method, called Constructive Model Inference (CMI). It effectively allows us to learn the behavior of large parts of the industrial software at ASML, where we developed the method and it is now being used. The method uses observations in the form of execution logs to infer behavioral models of concurrent component-based (cyber-physical) systems, relying on knowledge of their architecture, deployment and other characteristics, rather than heuristics or counter examples. We provide a trace-theoretical framework, and prove that if the software satisfies certain architectural assumptions, our approach infers the correct results. We also present a practical approach to deal with situations where the software deviates from the assumptions. In this way we are able to construct accurate and intuitive state machine models. They provide practitioners with valuable insights into the software behavior, and enable all kinds of behavioral analyses.
Download

Paper Nr:	21
Title:	An Ensemble Classifier based Method for Effective Fault Localization
Authors:	Arpita Dutta and Rajib Mall
Abstract:	Fault localization (FL) is one of the most difficult and tedious task during software debugging. It has been reported in literature that different FL techniques show superior results under different circumstances. No reported technique always outperforms all existing FL techniques for each type of bug. On the other hand, it has been reported that ensemble classifiers combine different learning methods to obtain better predictive performance that may not be obtained from any of the constituent learning algorithms alone. This has motivated us to use an ensemble classifier for effective fault localization. We focus on three different families of fault localization techniques, viz., spectrum based (SBFL), mutation based (MBFL), and neural-network based (NNBFL) to achieve this. In total, we have considered eleven representative methods from these three families of FL techniques. Our underlying model is simple and intuitive as it is based only on the statement coverage data and test execution results. Our proposed ensemble classifier based FL (EBFL) method classifies the statements into two different classes viz., Suspicious and Non-Suspicious set of statements. This helps to reduce the search space significantly. Our experimental results show that our proposed EBFL technique requires, on an average, 58% of less code examination as compare to the other contemporary FL techniques, viz., Tarantula, DStar, CNN, DNN etc.
Download

Paper Nr:	48
Title:	COAST: A Conflict-free Replicated Abstract Syntax Tree
Authors:	Aäron Munsters, Angel S. Pupo and Jens Nicolay
Abstract:	Remote real-time collaborative text editing enables collaboration of distributed parties which improves an agile workflow, team member availability and productivity. Collaborative source-code editors are often implemented as a variant of regular collaborative text editing with source code highlighting. Such approaches do not use the structural program information to accurately merge concurrent changes on the same portions of code for temporal network partitions. Therefore, these approaches fail to merge concurrent structural changes to the program such as a concurrent move and edit operation. In this paper we propose an approach in which the editor replicates not the program text but the program tree that corresponds with the program text. Propagating source code changes as tree operations enables resolving concurrent tree changes with higher accuracy. We evaluate our approach by reproducing a use case in which we concurrently change source code on existing tools and our approach. We show that existing tools break the lexical structure and come up with an incorrect program while our approach can distinctly apply the changes preserving the program structure.
Download

Paper Nr:	64
Title:	Air Quality Monitoring of Bangladesh (AQM): Data Driven Analysis System
Authors:	Noureen Islam, Noor-E-Sadman, Mahmudul Islam and Mahady Hasan
Abstract:	Air pollution is a major concern for countries around the world. According to World Health Organization (WHO), seven million people die worldwide every year caused by air pollution. Bangladesh has not only serious pollution problems but also it is ranked first among the world's most polluted countries with a PM2.5 reading of 76.9 microgrammes per cubic meter (μg/m³) in the year 2021 (AQI Bangladesh, 2021). In this paper, we propose to develop a data-driven software system for monitoring the air quality of Bangladesh. Our proposed system will provide atmospheric maps and charts for monitoring the current and future Air Quality Index (AQI) of any area. We conducted an experiment for 1-year time span to observe the concentration level and data patterns of PM2.5 in our country focusing on the transportation routes and industrial zones. The data is collected from the sensors and satellites of different stations covering multiple areas. The results are analyzed in the context of divisions, transportation stations, industrial zones, and time. For a variety of air quality indicators, the experimental results were compared to IQAir AirVisual Pro and showed good results, with very small differences between our obtained result and IQAir AirVisual Pro. Our goal is to mainly monitor the industrial zones, power plants, divisions, and transportation routes as most toxic compounds are formed there.
Download

Paper Nr:	69
Title:	Agile Requirements Engineering’s Challenges
Authors:	Ezeldin Sherif, Waleed Helmy and Galal Hassan
Abstract:	Agile methodology focuses on delivering working software as soon as possible, whilst having the customer involved from start to end. There are some challenges in requirements engineering in Agile. For example, non-functional requirements are being ignored and not treated as first-class artifacts during the development lifecycle. This causes a lot of problems such as customer dissatisfaction and a lot of rework; which affects time and cost. This paper explains the different challenges of requirements engineering in Agile for the past decade.
Download

Paper Nr:	92
Title:	Incorporating Privacy Requirements in Smart Communities for Older Adults: A Research Vision
Authors:	Fauzia Khan and Ishaya Gambo
Abstract:	In recent years, socio-technical systems like smart city technology have received growing interest. Privacy requirements in smart technologies hold significant importance, but it is difficult to elicit by traditional requirements elicitation techniques as several contextual factors are involved. Therefore, these techniques cannot be effectively used to analyze privacy requirements. Our study aims to develop a framework that elicits privacy requirements of older adults in smart communities and to improve the privacy awareness of individuals in social groups. Our proposed framework is applied to a hypothetical scenario of an older adult using a smart e-healthcare system to analyze privacy requirements and make users aware of whom they are sharing their information with in social groups.
Download

Paper Nr:	101
Title:	FUSION: Feature-based Processing of Heterogeneous Documents for Automated Information Extraction
Authors:	Michael Sildatke, Hendrik Karwanni, Bodo Kraft and Albert Zündorf
Abstract:	Information Extraction (IE) processes are often business-critical, but very hard to automate due to a heterogeneous data basis. Specific document characteristics, also called features, influence the optimal way of processing. Architecture for Automated Generation of Distributed Information Extraction Pipelines (ARTIFACT) supports businesses in successively automating their IE processes by finding optimal IE pipelines. However, ARTIFACT treats each document the same way, and does not enable document-specific processing. Single solution strategies can perform extraordinarily well for documents with particular traits. While manual approvals are superfluous for these documents, ARTIFACT does not provide the opportunity for Fully Automatic Processing (FAP). Therefore, we introduce an enhanced pattern that integrates an extensible and domain-independent concept of feature detection based on microservices. Due to this, we create two fundamental benefits. First, the document-specific processing increases the quality of automated generated IE pipelines. Second, the system enables FAP to eliminate superfluous approval efforts.
Download

Paper Nr:	3
Title:	Using Hexagonal Architecture for Mobile Applications
Authors:	Robin Nunkesser
Abstract:	Complex mobile applications require an appropriate global architecture. If used correctly, the high-level design patterns officially recommended for iOS and Android such as MVC, MVVM, and MVI/MVU may make an important contribution to the architecture, but they often require supplementary architectural concepts. General architectures such as Clean Architecture may come to the rescue but leave room for interpretation as to how they work best on iOS and Android. This paper discusses using Hexagonal Architecture as the fundamental global architecture for mobile architectures, providing an extendable approach suitable for small and large projects and helping to achieve more independence from frameworks and external agencies and better testability.
Download

Paper Nr:	9
Title:	A Tool and an Approach for the Automatic Generation of Digital Networks
Authors:	Francesco Pilotti, Giorgio Campea, Daniela D’Alessandro, Daniele Di Valerio and Gaetanino Paolone
Abstract:	Today, Web and Mobile applications play an important role in any Information System (IS). Small- and Medium-sized Enterprises (SMEs) need these applications to digitalise themselves and be competitive in a globalised world. However, developing Web applications is a challenging goal. Model Driven Engineering (MDE) is a well-known process for the development of software systems. To sidestep the pitfalls concerning the adoption of MDE in the industry, and to provide SMEs with easy-to-use tools to enter the global market, the paper presents DNetGenerator, a tool which performs the automatic code generation of Web portals in C# code. The Web portals are part of a previous study, aimed at developing Technological platforms for SMEs, in order for them to create and manage a digital network. DNetGenerator allows the deployment of the Web portals on the cloud. The paper presents the process for using the tool as well. With DNetGenerator, SMEs will be able to design, generate and deploy their Web portals, according to their requirements and without any programming skills.
Download

Paper Nr:	24
Title:	Connections between Language Semantics and the Query-based Compiler Architecture
Authors:	Peter Lenkefi and Gergely Mezei
Abstract:	Modern software development has drastically changed the role of compilers with the introduction of responsive development tools. To accommodate this change, compilers have to go through an architectural transformation, diverging from the classic pipeline. A relatively new idea is called query-based compiler design, which took inspiration from build systems. It splits up the pipeline into smaller, individual operations, which - given some constraints - allows for some interesting optimizations. We argue that some programming language semantics introduce cyclic dependencies between certain compiler passes, which can naturally lead to rediscovering query-based compilers. In this paper, we present a framework that can be used to create compilers with a query-based architecture. Based on this framework, we introduce the Yoakke programming language, which we also use to explore our hypothesis regarding cyclic dependencies and rediscovering query-based compilers.
Download

Paper Nr:	38
Title:	Using Procedure Cloning for Performance Optimization of Compiled Dynamic Languages
Authors:	Robert Husák, Jan Kofroň, Jakub Míšek and Filip Zavoral
Abstract:	Compilation of dynamic programming languages into strongly typed platforms such as .NET and JVM has proven useful in enhancing the security and interoperability of the resulting programs, as well as in enabling their source-less distribution. In order to produce the best intermediate code possible, dynamic language compilers can employ advanced interprocedural type analysis and perform various optimizing transformations. However, these efforts are often limited due to the ambiguity of types in these languages and the need to preserve soundness. In this paper, we improve the performance of global functions by adapting the technique of procedure cloning, focusing on different parameter types those specialized clones can be called with. We devise several heuristics to identify the most promising specializations and call them from their respective call sites. Our technique was implemented into PeachPie, a compiler of PHP to .NET, and evaluated on standard benchmarks distributed with PHP. Benchmarks containing deep recursion show a speedup factor up to 3.65, while benchmarks of computation-intensive loops reveal a speedup factor up to 2.64.
Download

Paper Nr:	52
Title:	Statistical and Requirement Analysis for an IDM Tool for Emergency Department Simulation
Authors:	Juan D. Mogollon, Virginie Goepp, Oscar Avila and Roland de Guio
Abstract:	Emergency Departments (ED) are spaces prone to congestion due to the high number of patients. This problem, known as overcrowding, has negative effect on patient waiting time. In order to find a solution, analysis of the flow of patients through Discrete Event Simulation (DES) is a relevant approach that models the operation of a system through a sequence of events. This technique relies on high-quality input data which needs to be previously managed in a complete process known as Input Data Management (IDM). The objective of this research is to present our progress in the development of a software application to efficiently automate the IDM process required for DES of ED. Preliminary findings and results presented in this paper include the problem definition, the evaluation of required statistical methods, and the gathering of specific requirements from a case study with real data. Based on these results, this paper describes the initial architecture of a software application that satisfies the identified requirements.
Download

Paper Nr:	67
Title:	Test Case Backward Generation for Communicating Systems from Event Logs
Authors:	Sébastien Salva and Jarod Sue
Abstract:	This paper is concerned with generating test cases for communicating systems. Instead of considering that a complete and up-to-date specification is provided, we assume having an event log collected from an implementation. Event logs are indeed more and more considered for helping IT personnel understand and monitor system behaviours or performance. We propose an approach allowing to extract sessions and business knowledge from an event log and to generate an initial set of test cases under the form of abstract test models. The test architecture is adaptable and taken into consideration during this generation. Then, this approach applies 11 test case mutation operators on test cases to mimic possible failures. These operators, which are specialised to communicating systems, perform slight modifications by affecting the event sequences, the data, or injecting unexpected events. Executable test cases are finally derived from the test models.
Download

Paper Nr:	87
Title:	Formal Notations and Terminology for Users’ Feedback and Its Specialization for Interactive Fault Localization
Authors:	Gergő Balogh and Péter Soha
Abstract:	The knowledge of users is utilized in several aspects during software engineering-related tasks and research, such as UX and usability testing, code review sessions, and interactive debugging tasks, to name a few. Anyone who wishes to work with such a system has to face two challenges. They have to evaluate the proposed process and implement or integrate it into their workflow. This paper aims to aid these endeavors by providing a lingua franca for the stakeholders to define and express the expected users’ feedback and the reaction they give to them. Our goal is not to evaluate all users’ feedback-related results or to solve their testability and applicability. Nevertheless, our findings will support the resolution of these issues. We provide a formal terminology, which allows the stakeholders to specify their feedback instances, the items, and the actions.
Download

Paper Nr:	91
Title:	A Formal Approach for Complex Attacks Generation based on Mutation of 5G Network Traffic
Authors:	Zujany Salazar, Fatiha Zaidi, Wissam Mallouli, Ana R. Cavalli, Huu N. Nguyen and Edgardo Montes De Oca
Abstract:	We present a formal approach based on mutation techniques for the modelling of cybersecurity attacks and its application to 5G networks. We introduce formal definitions of the main concepts of network protocols, mutation operators, flow of network packets and network traffic. We design a formal approach based on different mutation operators that allows to design models that can be assimilated with known and unknown attacks. This approach has been implemented in our open source 5G network traffic fuzzer, 5Greplay, and has been applied to two use cases that are representative of attacks against 5G networks.
Download

Area 3 - Software Systems and Applications

Full Papers

Paper Nr:	16
Title:	Empirical Evaluation of Reusability Models
Authors:	Andreea C. Lung, Simona Motogna and Vladiela Petraşcu
Abstract:	Many research efforts have been directed into ways to quantify the degree to which a software component can be reused in other systems. As such, a number of different reusability assessment models have been proposed in the literature, taking into account several metrics that can affect reusability and different approaches to measuring it. In this paper, we conduct a longitudinal reusability assessment by applying three reusability models to a number of different projects (libraries and frameworks) with the goal of studying the long-term evolution of reusability in open-source software. The exploratory part of the study consists of reproducing and applying the chosen models on three different-sized projects for several released versions of the software and studying the transformations of reusability over time and how these relate to certain changes in quality factors or size of the software. Results show a more intense variation of reusability in earlier versions and more stable values towards later versions in applications, and a clear influence of complexity, modularity and cohesion on reusability scores.
Download

Paper Nr:	29
Title:	Multi-party Contract Management for Microservices
Authors:	Zakaria Maamar, Noura Faci, Joyce El Haddad, Fadwa Yahya and Mohammad Askar
Abstract:	This paper discusses the necessary steps and means for ensuring the successful deployment and execution of software components referred to as microservices on top of platforms referred to as Internet of Things (IoT) devices, clouds, and edges. These steps and means are packaged into formal documents known in the literature as contracts. Because of the multi-dimensional nature of deploying and executing microservices, contracts are specialized into discovery, deployment, and collaboration types, capturing each specific aspect of the completion of these contracts. This completion is associated with a set of Quality-of-Service (QoS) parameters that are monitored allowing to identify potential deviations between what has been agreed upon and what has really happened. To demonstrate the technical doability of contracts, a system is implemented using different datasets that support experiments related to assessing the impact of the number of microservices and platforms on the performance of the system.
Download

Paper Nr:	31
Title:	Using Deep Reinforcement Learning to Build Intelligent Tutoring Systems
Authors:	Ciprian Paduraru, Miruna Paduraru and Stefan Iordache
Abstract:	This work proposes a novel method for building agents that can teach human users actions in various applications, considering both continuous and discrete input/output spaces and the multi-modal behaviors and learning curves of humans. While our method is presented and evaluated through a video game, it can be adapted to many other kinds of applications. Our method has two main actors: a teacher and a student. The teacher is first trained using reinforcement learning techniques to approach the ideal output in the target application, while still keeping the multi-modality aspects of human minds. The suggestions are provided online, at application runtime, using texts, images, arrows, etc. An intelligent tutoring system proposing actions to students considering a limited budget of attempts is built using Actor-Critic techniques. Thus, the method ensures that the suggested actions are provided only when needed and are not annoying for the student. Our evaluation is using a 3D video game, which captures all the proposed requirements. The results show that our method improves the teacher agents over the state-of-the-art methods, has a beneficial impact over human agents, and is suitable for real-time computations, without significant resources used.
Download

Paper Nr:	55
Title:	Adding Support for Reference Counting in the D Programming Language
Authors:	R˘azvan Nit¸u, Eduard St˘aniloiu, R˘azvan Deaconescu and R˘azvan Rughinis¸
Abstract:	As more and more software products are developed daily, the security risks imposed by the growing code bases increase. To help mitigate the risk, memory safe systems programming languages, such as D and Rust, are increasingly adopted by developers. The D programming language uses, by default, a garbage collector for memory management. If the performance of a program is bottle-necked by it, or a system is resource constrained, as is the case for the ever-growing Internet of Things devices, the user has the option opt out and employ a custom allocation strategy. However, in this situation, the programmer needs to manually manage memory - a complex and error-prone task. An alternative is represented by a middle ground solution in the form of automatic reference counting. This strategy offers simplicity and performance for a small cost in expressiveness. However, due to the transitive nature of type qualifiers in D and purity-based optimizations, it is impossible to implement a library solution. In this paper, we present the problems introduced by transitive type qualifiers to reference counting and we propose the addition of a new storage class for members of aggregate declarations that breaks the transitivity of type qualifiers. We present our design and show that it can be used to implement a generic automatic reference counting mechanism without disabling purity based optimizations.
Download

Paper Nr:	56
Title:	Data Partitioning Strategies for Simulating non-IID Data Distributions in the DDM-PS-Eval Evaluation Platform
Authors:	Mikołaj Markiewicz and Jakub Koperwas
Abstract:	Nowadays, the size of the various datasets collected worldwide is growing rapidly. These data are stored in different data centres or directly on IoT devices, and are thus located in different places. Data stored in different locations may be uniformly distributed and convergent in terms of the information carried, and are then known as independent and identically distributed (IID) data. In the real world, data collected in different geographic regions tend to differ slightly or have completely different characteristics, and are then known as non-IID data. Increasing numbers of new algorithms have been implemented to work with such distributed data without the need to download all the data to one place. However, there is no standardised way of validating these, and such algorithms are typically tested on IID data, which are uniformly distributed. The issue of non-IID data is still an open problem for many algorithms, although the main categories of ”non-IID-ness” have been defined. The purpose of this paper is to introduce new data partitioning strategies and to demonstrate the impact of non-IID data on the quality results of distributed processing. We propose multiple strategies for dividing a single dataset into multiple partitions to simulate each of the major non-IID data category problems faced by distributed algorithms. The proposed methods of data partitioning integrated with the DDM-PS-Eval platform will enable the validation of future algorithms on datasets with different data distributions. A brief evaluation of the proposed methods is presented using several distributed clustering and classification algorithms.
Download

Paper Nr:	59
Title:	A Medical Information System for Personalized Rehabilitation after Ankle Inversion Trauma
Authors:	Jonathan Neugebauer, Rosemary Dubbeldam, My L. Pham, Lokman Beser, Luka Gerlach, Yu Y. Lee and Herbert Kuchen
Abstract:	We have developed FEAL, a mobile app and a corresponding server component supporting personalized rehabilitation after an ankle inversion trauma. In order to enable the maintenance of the essential parts of the overall system by health professionals, an easy to understand domain specific language (DSL) has been designed enabling them to adapt the questionnaires which are essential parts of the app. For the same reason, the included medical knowledge is not hard coded in a programming language but provided by rules of a business rules management system. A DSL specification is automatically transformed by a correspondingly developed generator to platform-independent React Native code such that the resulting app can be used on the relevant platforms iOS and Android.
Download

Paper Nr:	85
Title:	Timing Model for Predictive Simulation of Safety-critical Systems
Authors:	Emilia Cioroaica, José M. Blanco and Bruno Rossi
Abstract:	Emerging evidence shows that safety-critical systems are evolving towards operating in uncertain context while integrating intelligent software that evolves over time as well. Such behavior is considered to be unknown at every moment in time because when faced with a similar situation, these systems are expected to display an improved behavior based on artificial learning. Yet, a correct learning and knowledge-building process for the non-deterministic nature of an intelligent evolution is still not guaranteed and consequently safety of these systems cannot be assured. In this context, the approach of predictive simulation enables runtime predictive evaluation of a system behavior and provision of quantified evidence of trust that enables a system to react safety in case malicious deviations, in a timely manner. For enabling the evaluation of timing behavior in a predictive simulation setting, in this paper we introduce a general timing model that enables the virtual execution of a system’s timing behavior. The predictive evaluation of the timing behavior can be used to evaluate a system’s synchronization capabilities and in case of delays, trigger a safe fail-over behavior. We iterate our concept over an use case from the automotive domain by considering two safety critical situations.
Download

Paper Nr:	88
Title:	Multi-factor Prediction and Parameters Identification based on Choquet Integral: Smart Farming Application
Authors:	Yann Pollet, Jérôme Dantan and Hajer Baazaoui
Abstract:	In this paper, we consider the domain of smart farming aiming at agronomic processes optimization, and, more particularly, the issue of predicting the growth stages transitions of a plant. As existing automated predictions are not accurate nor reliable enough to be used in the farming process, we propose here an approach based on Choquet integral, enabling the passage from multiple imperfect predictions to a more accurate and reliable one, considering the relevance of each source in the prediction as well as the interactions, synergies, or redundancies between factors. Identifying the parameter values defining a Choquet-based decision model being not straightforward, we propose an approach based on an observation history. Our proposal defines an evaluation function assigning to any potential solution a predictive capability, quantifying a degree of order present in its output, and an associated optimisation process based on truth degrees regarding a set of inequalities. A case study concerns smart farming, the prototype we implemented enabling, for a given culture and several input sources, to help farmers to predict the next growth stage. The experimental results are very encouraging, the predicted day remaining stable despite presence of noise on evidence values.
Download

Paper Nr:	89
Title:	Reconfigurable Wireless Sensor Networks Simulator (RWSNSim): A New Discrete-event Simulator
Authors:	Hanene Rouainia, Hanen Grichi, Laid Kahloul and Mohamed Khalgui
Abstract:	Reconfigurable wireless sensor networks become an important area in research and industrial communities. With their development and spread, many problems and solutions have emerged. Network simulators have become an essential necessity to study the impact of these solutions on networks in order to avoid huge costs in terms of money, time, and effort if applied on the ground. In this paper, we propose a new discrete-event simulator for WSNs and RWSNs called RWSNSim. We present its description, modeling, and provided services. Finally, to demonstrate the efficiency of RWSNSim, we simulate a case study and detail the simulator functioning steps.
Download

Short Papers

Paper Nr:	12
Title:	Increasing the Autonomy of the Unmanned Aerial Platform
Authors:	Wojciech Stecz and Marcin Chodnicki
Abstract:	The article presents the principles of designing a reliable architecture supporting Unmanned Aerial Vehicle (UAV) control, taking into account the need to handle hazardous situations occurring during the flight. Detailed attention was paid to the description of the UAV architecture components that affect the ability to perform autonomous missions, understood as a flight without contact with the Ground Control Station (GCS). The method of designing UAV flight algorithms in the conditions of occurrence of gusts of wind was presented. The principles of modeling the behavior of UAVs in situations of a potential air collision with another platform or a collision with a terrain obstacle are described. Principles of modeling the hierarchy of handling hazardous situations are presented. The developed models were tested on a computer architecture based on ARM processors using the Hardware-in-the-Loop (HIL) technique. The presented solution uses a system of UAV control computers in the form of a Flight Control Computer (FCC) based on a real-time operating system (RTOS), and a Mission Computer (MC) based on a Linux system integrated with a Robot Operating System (ROS). A method of integrating tasks related to the management of mission implementation with the algorithms ensuring flight safety of the air platform is presented. The research was carried out on the basis of the UAV mathematical model, stabilization and navigation algorithms and the Dryden turbulence model.
Download

Paper Nr:	13
Title:	Comparing Deep Learning Models for Multi-label Classification of Arabic Abusive Texts in Social Media
Authors:	Salma A. Azzi and Chiraz O. Zribi
Abstract:	Facing up to abusive texts in social networks is gradually becoming a mainstream NLP research topic. However, the detection of its specific related forms is still scarce. The majority of automatic solutions cast the problem into a two-class or three-class classification issue not taking into account its variety of aspects. Specifically in the Arabic language, as one of the most widely spoken languages, social media abusive texts are written in a mix of different dialects which further complicates the detection process. The goal of this research is to detect eight specific subtasks of abusive language in Arabic social platforms, namely Racism, Sexism, Xenophobia, Violence, Hate, Pornography, Religious hatred, and LGBTQ a Hate. To conduct our experiments, we evaluated the performance of CNN, BiLSTM, and BiGRU deep neural networks with pre-trained Arabic word embeddings (AraVec). We also investigated the recent Bidirectional Encoder Representations from Transformers (BERT) model with its special tokenizer. Results show that DNN classifiers achieved nearly the same performance with an overall average precision of 85%. Moreover, although all the deep learning models obtained very close results, BERT slightly outperformed the others with a precision of 90% and a micro-averaged F1 score of 79%.
Download

Paper Nr:	17
Title:	Building Roger: Technical Challenges While Developing a Bilingual Corpus Management and Query Platform
Authors:	Cosmin Strilețchi, Mădălina Chitez and Karla Csürös
Abstract:	This paper presents an approach to a bilingual Corpus query system. ROGER has been designed and implemented as a cross-platform distributed web application. The backend interface available to authenticated administrators provides the digital tools for managing the database stored texts and associated metadata, and also offers an extensive statistics mechanism that cover the data composition and usage (words, characters, languages, study levels, genres, domains and n-grams). The frontend capabilities are offered to the registered users allowing them to search for specific keywords and to refine the obtained results by applying a series of filters. Current platform features include search terms and phrases, n-gram distributions and statistical visualizations for performed queries. After inputting a search term / phase, the user may filter available texts by: (i) language (English, Romanian); (ii) student genre (currently 20 genres); (iii) study year (1 through 4); (iv) level (BA, MA or PhD); (v) discipline (currently 8 disciplines) and (vi) gender (male, female or unknown). A series of solutions have been implemented to improve the response times of the intensely computational procedures that manipulate big amounts of data.
Download

Paper Nr:	26
Title:	Adherence to Secure Software Development Lifecycle
Authors:	Alaa’ Omar, Ahmad Alsadeh and Mamoun Nawahdah
Abstract:	Security in software development lifecycle (SDL) is a comprehensive development process for detecting, preventing security defects, and responding to the exploits. In this study, we investigate to what extent the software security principles are adopted in the Palestinian IT sector. Thus, we conducted an online self-administered questionnaire that targeted the Palestinian IT sector on a random sample of participants. The results revealed that most of the security practices are not fully applied by the surveyed enterprises. We found that the security background, company domain, budget, and timeline are influential factors that affect the adoption of security principles during the SDL. In addition, we found that software security is often neglected by most developers, although they are willing to comply with security principles when needed.
Download

Paper Nr:	27
Title:	Customer Journey Analytics: A Model for Creating Diagnostic Insights with Process Mining
Authors:	Daan Weijs and Emiel Caron
Abstract:	The customer journey is becoming more complex due to digitization of business processes, broadening the gap between the proposed journey and the journey that is actually experienced by customers. Customer Journey Analytics (CJA) aims to detect and analyse pain points in the journey in order to improve the customer experience. This study proposes an extended version of the Customer Journey Mapping (CJM) model, to measure the impact of different types of touchpoints along the customer journey on customer experience, and to apply process mining to gain more insight in the gap between proposed and actual journeys. Moreover, this model is used to develop dedicated CJA based on process mining techniques. A case study on e-commerce applies the CJM-model in practice and shows how the combination of process mining techniques can answer the analysis questions that arise in customer journey management.
Download

Paper Nr:	32
Title:	Continuous Procedural Network of Roads Generation using L-Systems and Reinforcement Learning
Authors:	Ciprian Paduraru, Miruna Paduraru and Stefan Iordache
Abstract:	Procedural content generation methods are nowadays used in areas such as games, simulations or the movie industry to generate large amounts of data with lower development costs. Our work attempts to fill a gap in this area by focusing on methods capable of generating content representing network of roads, taking into account real-world patterns or user-defined input structures. At the low- level of our generative processes, we use L-systems and Reinforcement Learning based solutions that are employed to generate tiles of road structures in environments that are partitioned as 2D grids. As the evaluation section shows, these methods are suitable for runtime demanding applications since the computational cost is not significant.
Download

Paper Nr:	35
Title:	A Hybrid Complexity Metric in Automatic Software Defects Prediction
Authors:	Laura D. Cernău, Laura Dioșan and Camelia Șerban
Abstract:	Nowadays, software systems evolve in vast and complex applications. In such a complex system, a minor change in one part may have unexpected degradation of the software system design, leading to an unending chain of bugs and defects. Therefore, to keep track of implications that could appear after a change has been applied, the assessment of the software system is of utmost importance. As a result, in this direction, software metrics are suitable for quantifying various aspects of system complexity and predicting as early as possible those parts of the system that could be error-prone. Thus, in this paper, we propose a comparative study of two complexity metrics, Weighted Method Count and Hybrid Cyclomatic Complexity, regarding the prediction of software defects. Specifically, the objective is to investigate whether using a hybrid metric that measures the complexity of a class improves the performance of the fault prediction model. We conduct a series of several experiments on five open source projects datasets. The preliminary results of our research indicate that the proposed metric performs better than the standard complexity metric of a class, Weighted Method Count. Moreover, the Hybrid Cyclomatic Complexity metric can be seen as a base for building a more complex and robust complexity metric.
Download

Paper Nr:	44
Title:	Automatic Generation of Interoperability Connectors using Software Product Lines Engineering
Authors:	Boubou T. Niang, Giacomo Kahn, Nawel Amokrane, Yacine Ouzrout, Hamza Sahli, Mustapha Derras and Jannik Laval
Abstract:	Information Systems (ISs) of modern companies must be reactive and capable to communicate with third-party IS. It is, therefore, necessary to establish agile interoperability between information systems. For this purpose, connectors are used to ensure interactions between IS components. However, components are independently designed and conform to different technical and domain standards that are continuously evolving. Given that the connectors are often developed manually and are not reusable in most cases, establishing and maintaining interoperability becomes a major challenge. In this paper we propose an approach to automatically generate connectors, using software product line engineering to reuse common features and better manage variability. A metamodel of the connector is proposed to show that they can be considered as first-class entities. An industrial case study followed by a discussion is proposed to demonstrate the feasibility of our approach.
Download

Paper Nr:	50
Title:	Semantic-based Data Integration and Mapping Maintenance: Application to Drugs Domain
Authors:	Mouncef Naji, Maroua Masmoudi, Hajer B. Zghal, Chirine G. Guegan, Vlado Stankovski and Dan Vodislav
Abstract:	In recent years, the number of data sources and the amount of generated data are increasing continuously. This voluminous data leads to several issues of storage capacities, data inconsistency, and difficulty of analysis. In the midst of all these difficulties, data integration techniques try to offer solutions to optimally face these problems. In addition, adding semantics to data integration solutions has proven its utility for tackling these difficulties, since it ensures semantic interoperability. In our work, which is placed in this context, we propose a semantic-based data integration and mapping maintenance approach with application to drugs domain. The contributions of our proposal deal with 1) a virtual semantic data integration and 2) an automated mapping maintenance based on deep learning techniques. The goal is to support the continuous and occasional data sources changes, which would highly affect the data integration. To this end, we focused mainly on managing metadata change within an integrated structure, refereed to as mapping maintenance. Our deep learning models encapsulate both convolutional, and Long short-term memory networks. A prototype has been developed and performed on two use cases. The process is fully automated and the experiments show significant results compared to the state of the art.
Download

Paper Nr:	70
Title:	A Methodology for Detecting Programming Languages in Stack Overflow Questions
Authors:	Aman Swaraj and Sandeep Kumar
Abstract:	Stack Overflow (SO) is the pre-eminent source for knowledge sharing among developers. The Question-Answer (Q-A) site witnesses a heavy traffic with around 5000 questions being posted every day. Given this scenario, it has now become mandatory for users to provide at least one tag for their questions for better discussion. However, novice developers often incorrectly tag their questions which leads to down voting of the post and eventual loss of information. An automatic tag generation mechanism is therefore needed for associating the posts with their respective programming languages. In this work, we have presented a rule based approach for detecting programming languages in question titles. The rules are used to match specific patterns in question titles and generate programming language tags. We then compare the tags generated by our proposed model with the pre-existing tags provided by stack overflow in the dataset. Our model is able to predict languages with an accuracy of 87%. Additionally, our model can detect multiple programming languages in a post and also identify different versions of a language such Python 2.7, Python 3 etc. We further record interesting observations with respect to existing approaches.
Download

Paper Nr:	71
Title:	Secure Software Architectural Patterns Designed with Secure Connectors
Authors:	Michael Shin, Taeghyun Kang and Hassan Gomaa
Abstract:	This paper addresses secure software architectural patterns designed with secure connectors, where security concerns are encapsulated in secure connectors, separately from application concerns. Because secure software architectural patterns address security and application concerns, the design of the patterns needs to blend those concerns; thus, they can be complicated. Secure connectors can reduce the complexity of the design of secure software architectural patterns by separating security and application concerns. In this paper, secure connectors are designed for secure software architectural patterns by considering the security patterns required by application components and the communication patterns between the components. Secure connectors make the design of secure software architectural patterns more maintainable and evolvable. We have implemented a secure distributed baseball game application using the secure MVC software architectural pattern to validate our research.
Download

Paper Nr:	73
Title:	Advancing Security and Data Protection for Smart Home Systems through Blockchain Technologies
Authors:	Ciprian Paduraru, Rares Cristea and Alin Stefanescu
Abstract:	Internet of Things (IoT) systems are becoming ever-present in our lives and the demand recently increased with the explosion of external services offered by healthcare, smart city or smart home providers. However, the connection of private IoT-driven smart home systems and passing data to these external services can pose significant privacy issues, such as information theft or attacks to control, monitor, or harm personal resources. In our paper, we address the identified security issues through a comprehensive architecture based on blockchain technology, namely the Hyperledger Fabric platform. We underscore the value that a permissioned blockchain brings in addressing performance issues both architecturally and through fog computing, and propose a pipeline to mitigate known security threats through static and live monitoring techniques.
Download

Paper Nr:	74
Title:	Interpretable Malware Classification based on Functional Analysis
Authors:	Miles Q. Li and Benjamin M. Fung
Abstract:	Malware is the crux of cyber-attacks, especially in the attacks of critical cyber(-physical) infrastructures, such as financial systems, transportation systems, smart grids, etc. Malware classification has caught extensive attention because it can help security personnel to discern the intent and severity of a piece of malware before appropriate actions will be taken to secure a critical cyber infrastructure. Existing machine learning-based malware classification methods have limitations on either their performance or their abilities to interpret the results. In this paper, we propose a novel malware classification model based on functional analysis of malware samples with the interpretability to show the importance of each function to a classification result. Experiment results show that our model outperforms existing state-of-the-art methods in malware family and severity classification and provide meaningful interpretations.
Download

Paper Nr:	79
Title:	Resilient Conflict-free Replicated Data Types without Atomic Broadcast
Authors:	Daniel Brahneborg, Wasif Afzal and Saad Mubeen
Abstract:	In a distributed system, applications can perform both reads and updates without costly synchronous network round-trips by using Conflict-free Replicated Data Types (CRDTs). Most CRDTs are based on some variant of atomic broadcast, as that enables them to support causal dependencies between updates of multiple objects. However, the overhead of this atomic broadcast is unnecessary in systems handling only independent CRDT objects. We identified a set of use cases for tracking resource usage where there is a need for a replication mechanism with less complexity and network usage as compared to using atomic broadcast. In this paper, we present the design of such a replication protocol that efficiently leverages the commutativity of CRDTs. The proposed protocol CReDiT (CRDT enhanced with intelligence) uses up to four communication steps per update, but these steps can be batched as needed. It uses network resources only when updates need to be communicated. Furthermore, it is less sensitive to server failures than current state-of-the-art solutions as other nodes can use new values already after the first communication step, instead of after two or more.
Download

Paper Nr:	83
Title:	A Lightweight Software Product Quality Evaluation Method
Authors:	Giuseppe Lami and Giorgio O. Spagnolo
Abstract:	In this paper, we describe an evaluation method, called QuESPro (Quality Evaluation of Software Product), aimed at performing third party evaluation of the suitability for the intended use of software products, by targeting a trade-off between the mere informal expert judgment and the application of complex and expensive evaluation methods. The QuESPro is based on the framework provided by the ISO/IEC 25000 series standard and provides a step-wise process to determine a quantitative evaluation of the relevant quality characteristics of software products. With the aim of assessing the feasibility of the QuESPro method in terms of feasibility, identifying its strengths, and identifying improvement opportunities we applied it to an industrial case study. The results of such a case study are reported in this paper as well.
Download

Paper Nr:	84
Title:	Multiparty-session-types Coordination for Core Erlang
Authors:	Lavinia Egidi, Paola Giannini and Lorenzo Ventura
Abstract:	In this paper, we present a formalization of multiparty-session-type coordination for a core subset of Erlang and provide a tool for checking the correctness of a system against the specification of its protocol. In Erlang actors are primitive entities, which communicate only through explicit asynchronous message passing. Our tool ensures that if an Erlang system is well typed, then it does not incur in deadlocks or have actors getting stuck waiting for messages that never arrive; moreover any message that is sent will eventually be read. The tool is based on multiparty session types, a formalism introduced to specify the structure of interactions and to ensure safety properties.
Download

Paper Nr:	86
Title:	Agile Methodology in Online Learning and How It Can Improve Communication: A Case Study
Authors:	Manuela Petrescu and Adrian Sterca
Abstract:	This paper presents a study on using Agile methodologies in the teaching process at the university/college level during the Covid-19 pandemic, online classes. We detail a list of techniques inspired from software engineering Agile methodologies that can be used in online teaching. We also show, by analyzing students grades, that these Agile inspired techniques probably help in the educational process.
Download

Paper Nr:	98
Title:	Process and Organizational Data Integration from BPMS and Relational/NoSQL Sources for Process Mining
Authors:	Andrea Delgado and Daniel Calegari
Abstract:	Business Process execution analysis is crucial for organizations to evaluate and improve them. Process mining provides the means to do so, but several challenges arise when dealing with data extraction and integration. Most scenarios consider implicit processes in support systems, with the process and organizational data being analyzed separately. Nowadays, many organizations increasingly integrate process-oriented support systems, such as BPMS, where process data execution is registered within the process engine database and organizational data in distributed potentially heterogeneous databases. They can follow the relational model or NoSQL ones, and organizational data can come from different systems, services, social media, or several other sources. Then, process and organizational data must be integrated to be used as input for process mining tasks and provide a complete view of the operation to detect and make improvements. In this paper, we extend previous work to support the collection of process and organizational data from heterogeneous sources, the integration of these data, and the automated generation of XES event logs to be used as input for process mining.
Download

Paper Nr:	15
Title:	Performance Analysis of an Embedded System for Target Detection in Smart Crosswalks using Machine Learning
Authors:	J. M. Lozano Domínguez, J. M. Corralejo Mora, I. J. Fernández de Viana González, T. J. Mateo Sanguino and M. J. Redondo González
Abstract:	Embedded systems with low computing resources for artificial intelligence are being a key piece for the deployment of the Internet of Things in different areas as energy efficiency, agriculture or water monitoring, amid others. This paper carries out a study of the computational performance of a smart road detection and signalling system. To this end, the implementation methodology from Matlab® to C++ of a one-class SVM classifier with two pattern analysis strategies based on RADAR signals and RAW data is described. As a result, we found a balance between AUC, RAM consumption, processing time and power consumption for a Teensy 4.1 microcontroller with STFT and the fitcsvm2 algorithm versus other hardware options such as an I7-3770K processor, Raspberry Pi Zero and Teensy 3.6.
Download

Paper Nr:	19
Title:	Deriving UML Logic Architectures of Software Product based on a Cloud Reference Architecture: An Experience Report
Authors:	Francisco Morais, Tiago F. Pereira, Carlos Salgado, Ana Lima, Manuel Pereira, João Oliveira, António Sousa and Helena Rodrigues
Abstract:	Companies are nowadays looking for the development of solutions based on public and private clouds capable of interoperating with information sources such as other systems, or devices in an IoT and CPS approach, and subsequently using that information efficiently. However, applying appropriate techniques for requirements engineering and designing logical architectures for that context can be complex. The cloud environments are very dynamic and are difficult to identify, clarify, and systematically manage cloud requirements. The lack of requirements engineering methods for this domain carry risks related to incorrect or unjustified decisions, which result in subjective project developments. This paper presents the use of NIST Cloud Computing Reference Architecture in the eliciting of requirements by employing a new approach (the 2P2S technique), that enables the use of an existing Model-Driven Design method (the 4SRS technique), derive logic architectures for cloud-based solutions, assuring that the system requirements are based on effective client needs.
Download

Paper Nr:	40
Title:	A Pipeline-oriented Processing Approach to Continuous and Long-term Web Scraping
Authors:	Stefan Huber, Fabio Knoll and Mario Döller
Abstract:	Web scraping is a widely-used technique to extract unstructured data from different websites and transform it into a unified and structured form. Due to the nature of the WWW, long-term and continuous web scraping is a volatile and error-prone endeavor. The setup of a reliable extraction procedure comes along with various challenges. In this paper, a system design and implementation for a pipeline-oriented approach to web scraping is proposed. The main goal of the proposal is to establish a fault-tolerant execution of web scraping tasks with proper error handling strategies set in place. As errors are prevalent in web scraping, logging and error replication procedures are part of the processing pipeline. These mechanisms allow for effectively adapting web scraper implementations to evolving website targets. An implementation of the system was evaluated in a real-world case study, where thousands of web pages were scraped and processed on a daily basis. The results indicated that the system allows for effectively operating reliable and long-term web scraping endeavors.
Download

Paper Nr:	47
Title:	Blockchain Patterns in Critical Infrastructures: Limitations and Recommendations
Authors:	Hind Bangui and Barbora Buhnova
Abstract:	The widespread adoption of data-driven applications in critical infrastructures has arisen with security and privacy concerns. Blockchain has received considerable attention to protect critical infrastructures (e.g., healthcare and transportation) that could be subjected to intentional and unintentional cyberattacks. Blockchain patterns as reusable solutions have been used in critical infrastructure software to fulfill security requirements while delivering reliable and trusted services to citizens. Thus, this work provides a comprehensive review of blockchain patterns to examine how they can steer the advancement of critical infrastructures. Through a critical analysis of existing blockchain pattern literature, we identify realistic limitations, lessons learned and open research issues entirely dedicated to advancing blockchain-based antifragile critical infrastructures.
Download

Paper Nr:	75
Title:	Applying and Extending FEMMP to Select an Adequate MBSE Methodology
Authors:	Christophe Ponsard and Valery Ramon
Abstract:	Model-Based Systems Engineering (MBSE) relies on the central concept of model expressed in a well-defined language like SysML. However, efficiently and effectively driving the system design process through its lifecycle requires an adequate methodology. To ease the selection process among several MBSE methodologies, the Framework for the Evaluation of MBSE Methodologies for Practitioners (FEMMP) is worthwhile. This paper reports on the use of FEMMP to help in such a selection process with a focus on recent MBSE methodologies: Arcadia, ASAP and Grid. In addition to providing new and updated evaluations, it also identifies some overlooked criteria and suggests a few improvements. A consolidated comparison with older methodologies is also proposed and discussed.
Download

Paper Nr:	93
Title:	A SWOT Analysis of Software Technologies for Driving Museum Digital Transformation
Authors:	Christophe Ponsard and Ward Desmet
Abstract:	Museums play a key cultural role in educating citizens through the immersive experience they provide. The recent lockdowns have awakened them to the need to accelerate their digital transformation and to propose new kinds of experience to their public. This paper performs a SWOT analysis considering the Strengths, Weaknesses, Opportunities and Threats from existing and emerging digital technologies w.r.t. the range of services and missions a museum is delivering both internally as a company and externally to the society. Our work relies on a number of technological evolutions reported in the literature and experienced in our computing heritage museum with a strong focus on the user experience and accessibility.
Download

Paper Nr:	102
Title:	A New Software Architecture for the Wise Object Framework: Multidimensional Separation of Concerns
Authors:	Sylvain Lejamble, Ilham Alloui, Sébastien Monnet and Flavien Vernier
Abstract:	Adaptive systems represent an appropriate solution to the increasing complexity of software-intensive systems. We constructed a Wise Object Framework to develop self-adaptive software systems we name “Wise systems”. Those consist of distributed communicating software objects (Wise Objects) able to autonomously learn on how they behave and how they are used while demanding little attention from their users. A WO is either delivering a service (Awake state) or simulating its operation to learn behavior that has not occurred yet (Dream state). In its first version, WO architecture has been designed on the basis of a single component embedding built-in mechanisms for data monitoring and analysis. This architecture has major drawbacks we encountered when using WOF to develop new applications: (1) built-in mechanisms embedded within the WO do not allow using data by other components such as new analyzers, (2) raw data and data resulting from analysis in Awake or Dream states are not distinguished, (3) mandatory components to self-adaptation are missing especially those for action plan construction and execution. In this paper, we address those limitations through a MAPE-K compliant architecture, based on the Separation of Concerns(SoC) and an event-driven publish/subscribe mechanism. This is related to the general issue of wise system maintenance, reuse and evolution. Separation of Concerns is done according to different dimensions that are managed using hyperslicing techniques.
Download