ICSOFT 2022 Abstracts


Area 1 - Foundational and Trigger Technologies

Full Papers
Paper Nr: 78
Title:

Dynamic Slotted Network Coding Protocol

Authors:

Mohammed Aissaoui, Chiraz Houaidia, Adrien van Den Bossche, Thierry Val and Leïla Azouz Saidane

Abstract: Network Coding (NC) is a technique that enhances the performance of wireless networks by increasing the throughput and decreasing the delay. The basic idea is to exploit the mixing of signals that occurs naturally when end nodes transmit at the same time. The main challenge stands for a medium access scheduling allowing synchronized coordination between the nodes involved in that coded transmission. Most of the proposed Medium Access Control (MAC) protocols are based either on the CSMA/CA or the TDMA scheduling. The CSMA/CA based protocols suffer from synchronization issues, while the TDMA based protocols suffer from the delay due to their static design. This paper introduces a new NC MAC protocol called Dynamic Slotted Network Coding Protocol (DSNCP) based on a time scheduling to avoid the synchronization issue and uses a new design that makes the data slot assignments dynamic in order to reduce the delay. Simulation results show a significant performance gain of the proposed DSNCP compared to CSMA/CA and static TDMA protocols in terms of throughput and delay. In some scenarios, the throughput gain of the DSNCP could reach 130 % and 100 % compared to TDMA and CSMA/CA, respectively, and the delay gain could reach 80 % and 40 % compared to TDMA and CSMA/CA, respectively.
Download

Paper Nr: 80
Title:

Towards Automatic Block Size Tuning for Image Processing Algorithms on CUDA

Authors:

Imene Guerfi, Lobna Kriaa and Leila Azouz Saidane

Abstract: With the growing amount of data, computational power has became highly required in all fields. To satisfy these requirements, the use of GPUs seems to be the appropriate solution. But one of their major setbacks is their varying architectures making writing efficient parallel code very challenging, due to the necessity to master the GPU’s low-level design. CUDA offers more flexibility for the programmer to exploit the GPU’s power with ease. However, tuning the launch parameters of its kernels such as block size remains a daunting task. This parameter requires a deep understanding of the architecture and the execution model to be well-tuned. Particularly, in the Viola-Jones algorithm, the block size is an important factor that improves the execution time, but this optimization aspect is not well explored. This paper aims to offer the first steps toward automatically tuning the block size for any input without having a deep knowledge of the hardware architecture, which ensures the automatic portability of the performance over different GPUs architectures. The main idea is to define techniques on how to get the optimum block size to achieve the best performance. We pointed out the impact of using static block size for all input sizes on the overall performance. In light of the findings, we presented two dynamic approaches to select the best block size suitable to the input size. The first one is based on an empirical search; this approach provides the optimal performance; however, it is tough for the programmer, and its deployment is time-consuming. In order to overcome this issue, we proposed a second approach, which is a model that automatically selects a block size. Experimental results show that this model can improve the execution time by up to 2.5x over the static approach.
Download

Paper Nr: 81
Title:

Hybrid Time Distributed CNN-transformer for Speech Emotion Recognition

Authors:

Anwer Slimi, Henri Nicolas and Mounir Zrigui

Abstract: Due to the success of transformers in recent years, a growing number of researchers are using them in a variety of disciplines. Due to the attention mechanism, this revolutionary architecture was able to overcome some of the limitations associated with classic deep learning models. Nonetheless, despite their profitable structures, transformers have drawbacks. We introduce a novel hybrid architecture for Speech Emotion Recognition (SER) systems in this article that combines the benefits of transformers and other deep learning models.
Download

Paper Nr: 97
Title:

Deep Learning CNN-LSTM Approach for Identifying Twitter Users Suffering from Paranoid Personality Disorder

Authors:

Mourad Ellouze, Seifeddine Mechti and Lamia Hadrich Belguith

Abstract: In this paper, we propose an approach based on artificial intelligence (AI) and text mining techniques for measuring the degrees of appearance of symptoms related to paranoid disease in Twitter users. This operation will then help in the detection of people suffering from paranoid personality disorder in a manner that provides justifiable and explainable results by answering the question: What factors lead us to believe that this person suffers from paranoid personality disorder? These challenges were achieved using a deep neural approach, including: (i) CNN layers for features extraction step from the textual part, (ii) BiLSTM layer to classify the intensity of symptoms by preserving long-term dependencies, (iii) an SVM classifier to detect users with paranoid personality disorder based on the degree of symptoms obtained from the previous layer. According to this approach, we get an F-measure rate equivalent to 71% for the average measurement of the degree of each symptom and 65% for detecting paranoid people. The results achieved motivate and encourage researchers to improve them in view of the relevance and importance of this research area.
Download

Short Papers
Paper Nr: 34
Title:

Coordinated Access to Shared Data Sources for Geo-replicated State Machines

Authors:

Enes Bilgin and Tolga Ovatman

Abstract: State machine replication techniques are widely used to create fault tolerant services in cloud computing. However, reaching consensus between remote regions may take substantially long time. Many algorithms are proposed to solve this problem regarding the geographic locality of the objects while trading off some consistency properties of the system. Most of these studies consider direct replication of arbitrary parts of the system, but contemporary online services share some unique data sources that may not be replicated. This paper proposes a coordinated method to manage shared data sources between replicas by utilizing geographic locality of the data sources. The proposed algorithm present better performance than using a leader based approach in terms of request processing throughput. We provide the design and implementation of the proposed algorithm in detail and present the throughput performance of the algorithm in a geographically distributed environment.
Download

Paper Nr: 37
Title:

Performance Evaluation of Call Admission Control Strategy in Cloud Radio Access Network using Formal Methods

Authors:

Maroua Idi, Sana Younes and Riadh Robbana

Abstract: For the fifth-generation (5G), Cloud Radio Access Network (C-RAN) has been proposed as a cloud architecture to provide a common connected resource pool management. In this regard, considering the rapidly changing in network traffic load, the efficient management of radio resources is a challenge. Call Admission Control (CAC) is a resource allocation mechanism to guarantee the Quality of Service (QoS) to User Equipment (UE) in a mobile cellular network. This paper proposes a new CAC schema, based on a hysteresis mechanism, named Virtual Machine Hysteresis Allocation Strategy (VMHAS) in the context of C-RAN. We aim to provide a good QoS by improving the blocking probability of calls, adjusting the amount of active VMs being provisioned for the current traffic load, and providing a load balancing in the considered C-RAN. We use probabilistic model checking to evaluate the performance of the proposed strategy. First, we model the VMHAS CAC schema with Continuous-Time Markov Chains (CTMCs). Then, we specify QoS requirements through the CTMC using the Continuous-time Stochastic Logic (CSL). Finally, we quantify the performance measures of the considered strategy by checking CSL steady-state and transient formulas using the PRISM model checker.
Download

Paper Nr: 60
Title:

Discovering Vulnerabilities and Patches for Open Source Security

Authors:

Tamara Gunkel and Thomas Hupperich

Abstract: Open source software is used in numerous systems and security vulnerabilities in such software often affect many targets at once. Hence, it is crucial to find security vulnerabilities as soon as possible. A convenient method to check software for vulnerabilities is executing a static code analysis tool before deployment. However, for verifying the reliability of such tools, real-world data including labeled non-vulnerable and vulnerable code is required. This paper introduces an approach to automatically create and enhance a labeled data set of open source projects. The ground truth of vulnerabilities is extracted from up-to-date CVEs. We identify repositories related to known vulnerabilities, select vulnerable versions and take patch commits into account. In this context, we utilize Gradient Boosting based on regression trees as a meta classifier for associating patch commits to CWE categories. With a high precision of this matching, we give insights about the impact of certain vulnerabilities and a general overview of open source code security. Our findings may be used for future studies, such as the impact of certain code design criteria, e.g. clean code, on the prevalence of vulnerabilities.
Download

Paper Nr: 66
Title:

Automated Search for Leaked Private Keys on the Internet: Has Your Private Key Been Pwned?

Authors:

Henry Hosseini, Julian Rengstorf and Thomas Hupperich

Abstract: Public key authentication is widely used alternatively to password-based credentials, enabling remote login with a generated key pair consisting of a private key and a public key. Like passwords, private keys are required to remain confidential to prevent unauthorized access to resources. These secrets might become subject to theft or publicly exposed unintentionally by the key’s owner. In such cases, the keys are deemed compromised and need to be revoked and abandoned instantaneously. Unfortunately, it is rarely possible for users to know whether their secret keys have been publicly exposed. Closing this gap, we introduce a private key leakage checker titled KeyPwned crawling the Internet for exposed authentication keys. We present a continuously updated database of leaked keys’ fingerprints discovered on websites or in source code repositories. For community-driven enhancement, we allow suggestions of URLs to scan for additional leaked keys, following our standardized process. We furthermore offer users a registration with their public keys to be notified if we detect leakage of their corresponding private key. KeyPwned is designed to run as a service following common software design standards, empowering users to verify their keys’ confidentiality and take action if a private key has been exposed.
Download

Paper Nr: 76
Title:

Approximate Dictionary Searching at a Scale using Ternary Search Trees and Implicit Levenshtein Automata

Authors:

Peter Schneider-Kamp

Abstract: Approximate Dictionary Searching refers to the problem of finding entries in a dictionary that match a search word either exactly or with a certain allowed distance between entry and search word. Extant computationally efficient data structures and algorithms addressing this problem typically do not scale well to large alphabets and/or dictionaries, often requiring prohibitive amounts of memory as the sizes of alphabets and dictionaries increase. This paper presents a data structure and an algorithm for approximate dictionary searching that rely on ternary search trees and implicit Levenshtein automata and scale well with the sizes of both alphabets and dictionaries.
Download

Area 2 - Software Engineering and Systems Development

Full Papers
Paper Nr: 8
Title:

Needs and Challenges Concerning Cyber-risk Assessment in the Cyber-physical Smart Grid

Authors:

Gencer Erdogan, Inger Anne Tøndel, Shukun Tokas, Michele Garau and Martin Gilje Jaatun

Abstract: Cyber-risk assessment methods are used by energy companies to manage security risks in smart grids. However, current standards, methods and tools do not adequately provide the support needed in practice and the industry is struggling to adopt and carry out cyber-risk assessments. The contribution of this paper is twofold. First, we interview six companies from the energy sector to better understand their needs and challenges. Based on the interviews, we identify seven success criteria cyber-risk assessment methods for the energy sector need to fulfill to provide adequate support. Second, we present the methods CORAS, VAF, TM-STRIDE, and DA-SAN and evaluate the extent to which they fulfill the identified success criteria. Based on the evaluation, we provide lessons learned in terms of gaps that need to be addressed in general to improve cyber-risk assessment in the context of smart grids. Our results indicate the need for the following improvements: 1) ease of use and comprehensible methods, 2) support to determine whether a method is a good match for a given context, 3) adequate preparation to conduct cyber-risk assessment, 4) manage complexity, 5) adequate support for risk estimation, 6) support for trustworthiness and uncertainty handling, and 7) support for maintaining risk assessments.
Download

Paper Nr: 10
Title:

TASTING: Reuse Test-case Execution by Global AST Hashing

Authors:

Tobias Landsberg, Christian Dietrich and Daniel Lohmann

Abstract: We describe TASTING, an approach for efficiently selecting and reusing regression-test executions across program changes, branches, and variants in continuous integration settings. Instead of detecting changes between two variants of the software-under-test, TASTING recursively composes hashes of the defining elements with all their dependencies on AST-level at compile time into a semantic fingerprint of the test and its execution environment. This fingerprint is easy to store and remains stable across changes if the test’s run-time behavior is not affected. Thereby, we can reuse test results across the history, multiple branches, and static compile-time variants. We applied TASTING to three open-source projects (Zephyr, OpenSSL, FFmpeg). Over their development history, we can omit between 10 percent (FFmpeg) and 95 percent (Zephyr) of all test executions at a moderate increase in build time. Furthermore, TASTING enables even higher savings across multiple checkouts (e.g., forks, branches, clones) and static software variants. Over the first changes to 131 OpenSSL forks, TASTING avoids 56 percent redundant test executions; for the Zephyr test matrix (64 variants), we reduce the number of test executions by 94 percent.
Download

Paper Nr: 20
Title:

Generalized Mutant Subsumption

Authors:

Samia Al Blwi, Imen Marsit, Besma Khaireddine, Amani Ayad, JiMeng Loh and Ali Mili

Abstract: Mutant Subsumption is an ordering relation between the mutants of a base program, which ranks mutants according to inclusion relationships between their differentiator sets. The differentiator set of a mutant with respect to a base program is the set of inputs for which execution of the base program and the mutant produce different outcomes. In this paper we propose to refine the definition of mutant subsumption by pondering, in turn: what do we consider to be the outcome of a program’s execution? under what condition do we consider that two outcomes are comparable? and under what condition do we consider that two comparable outcomes are identical? We find that the way we answer these questions determines what it means to kill a mutant, how subsumption is defined, how mutants are ordered by subsumption, and what set of mutants is minimal.
Download

Paper Nr: 25
Title:

Minimum Size Build Environment Sets and Graph Coloring

Authors:

Stephen R. Tate and Bo Yuan

Abstract: In this paper, we formalize the problem of designing build environments for large-scale software build and analysis, addressing issues with dependencies and conflicts between components required for each source package. We show that this problem can be fully captured by constructing a graph, which we call the “con-flict graph,” from dependency and conflict information, and then finding a minimum set of build environments corresponds exactly to finding minimum colorings of the conflict graph. As graph coloring is an NP-hard problem, we define several graph simplifications that can reduce the size of the graph, to improve the performance of heuristic coloring algorithms. In experimental results, we explore basic conflict graph metrics over time for various releases of the Ubuntu Linux distribution, and examine coloring results for the latest LTS release (Ubuntu 20.04). We find that small numbers of build environments are sufficient for building large numbers of packages, with 4 different environments sufficient for building the 1000 most popular source packages, and 11 build environments sufficient for building all 30,646 source packages included in Ubuntu 20.04.
Download

Paper Nr: 41
Title:

A Vulnerability Introducing Commit Dataset for Java: An Improved SZZ based Approach

Authors:

Tamás Aladics, Péter Hegedűs and Rudolf Ferenc

Abstract: In the domain of vulnerability detection from the source code by applying static analysis, the number and quality of available datasets for creating and testing security analysis methods is quite low. To be precise, there are already several public datasets containing vulnerability fixing commits; however, vulnerability introducing commit datasets are scarce, which would be essential for creating and validating just-in-time vulnerability detection approaches. In this paper, we propose an SZZ (an algorithm originally developed to find bug introducing commits) based method with a specific filtering mechanism to create vulnerability introducing commit datasets from vulnerability fixes. The filtering phase involves measuring a relevance score for each vulnerability introducing commit candidates based on commit similarities. We generated a novel Java vulnerability introducing dataset from the existing project-KB repository to demonstrate our algorithm’s capabilities. We also showcase the generated database and the effectiveness of our filtering method through several hand-picked examples from the dataset.
Download

Paper Nr: 49
Title:

A Mechanism for Automatically Extracting Reusable and Maintainable Code Idioms from Software Repositories

Authors:

Argyrios Papoudakis, Thomas Karanikiotis and Andreas L. Symeonidis

Abstract: The importance of correct, qualitative and evolvable code is non-negotiable, when considering the maintainability potential of software. At the same time, the deluge of software residing in code hosting platforms has led to a new component-based software development paradigm, where reuse of suitable software components/ snippets is important for software projects to be implemented as fast as possible. However, ensuring acceptable quality that will guarantee basic maintainability is also required. A condition for acceptable software reusability and maintainability is the use of idiomatic code, based on syntactic fragments that recur frequently across software projects and are characterized by high quality. In this work, we present a mechanism that employs the top repositories from GitHub in order to automatically identify reusable and maintainable code idioms. By extracting the Abstract Syntax Tree representation of each project we group code snippets that appear to have similar structural and semantic information. Preliminary evaluation of our methodology indicates that our approach can identify commonly used, reusable and maintainable code idioms that can be effectively given as actionable recommendations to the developers.
Download

Paper Nr: 94
Title:

Software Enhancement Effort Estimation using Stacking Ensemble Model within the Scrum Projects: A Proposed Web Interface

Authors:

Zaineb Sakhrawi, Asma Sellami and Nadia Bouassida

Abstract: The frequent changes in software projects may have an impact on the accuracy of the Software Enhancement Effort Estimation (SEEE) and hinder management of the software project. According to a survey on agile software estimation, the most common cost driver among effort estimation models is software size. Indeed, previous research works proved the effectiveness of the COSMIC Functional Size Measurement (FSM) method for efficiently measuring software functional size. It has been also observed that COSMIC sizing is an efficient standardized method for measuring not only software size but also the functional size of an enhancement that may occur during the scrum enhancement project. Intending to increase the SEEE accuracy the purpose of this paper is twofold. Firstly, it attempts to construct a stacking ensemble model. Secondly, it intends to develop a localhost web application to automate the SEEE process. The constructed stacking ensemble model takes the functional Size of an enhancement or a functional change, denoted as FS(FC), as a primary independent variable. The stacking ensemble model combines three Machine Learning (ML) techniques: Decision Tree Regression, Linear Support Vector Regression, and Random Forest Regression. Results show that the use of the FS(FC) as an input to SEEE using the stacking ensemble model provides significantly better results in terms of MAE (Mean Absolute Error) = 0.206, Mean Square Error (MSE) = 0.406, and Root Mean Square Error (RMSE) = 0.595.
Download

Paper Nr: 100
Title:

A Hybrid Architecture for the Incremental Migration of a Web Front-end

Authors:

Benoît Verhaeghe, Anas Shatnawi, Abderrahmane Seriai, Anne Etien, Nicolas Anquetil, Mustapha Derras and Stéphane Ducasse

Abstract: Nowadays, software migration is an effective solution to adopt new technologies while reusing the business value of existing applications. Among other challenges, the size and complexity of large applications are obstacles that increase the risks of migration projects. Moreover, the migration can imply a switch of programming languages. This is the case when migrating from Java to TypeScript. Thus, it is hard to migrate large and complex applications in one straightforward step. Incremental approaches have been designed to counter this problem. These approaches are based on hybrid architecture usages. However, none of the approaches use a hybrid architecture for GUI defined with different programming languages. In this paper, we propose a new hybrid architecture that enables the incremental migration of web applications. Our architecture is based on Web Components that allow legacy technology artifacts to work with modern ones. We implement the architecture and use it in the case of migrating GWT applications to Angular. Then, we validate its usability in a real context by migrating an industrial web application.
Download

Short Papers
Paper Nr: 11
Title:

Is There Any Correlation between Refactoring and Design Smell Occurrence?

Authors:

Lerina Aversano, Mario Luca Bernardi, Marta Cimitile, Martina Iammarino and Debora Montano

Abstract: Software systems are constantly evolving making their architecture vulnerable to decay and the emergence of numerous design problems. This paper focuses on the occurrence of design smells in software systems and their elimination through the use of refactoring activities. To do this, the data relating to the presence of Design Smell, the use of refactoring, and the result of this use are analyzed in detail. In particular, the history of five open-source Java software systems and of 17 different types of design smells is studied. Overall, the results show that the removal of Design Smells is not correlated with the use of refactoring techniques. The analysis also provides useful insights about the developers’ use of refactoring activities, the likelihood of refactoring on affected commits and clean commits, and removing and/or adding Design Smells both during refactoring and manual code cleaning operations.
Download

Paper Nr: 14
Title:

Needles in a Haystack: Using PORT to Catch Bad Behaviors within Application Recordings

Authors:

Preston Moore, Thomas Wies, Marc Waldman, Phyllis Frankl and Justin Cappos

Abstract: Earlier work has proven that information extracted from recordings of an application’s activity can be tremendously valuable. However, given the many requests that pass between applications and external entities, it has been difficult to isolate the handful of patterns that indicate the potential for failure. In this paper, we propose a method that harnesses proven event processing techniques to find those problematic patterns. The key addition is PORT, a new domain specific language which, when combined with its event stream recognition and transformation engine, enables users to extract patterns in system call recordings and other streams, and then rewrite input activity on the fly. The former task can spot activity that indicates a bug, while the latter produces a modified stream for use in more active testing. We evaluated PORT’s capabilities in several ways, starting with recreating the mutators and checkers utilized by an earlier work called SEA to modify and replay the results of system calls. Our re-implementations achieved the same efficacy using fewer lines of code. We also illustrated PORT’s extensibility by adding support for detecting malicious USB commands within recorded traffic.
Download

Paper Nr: 18
Title:

Constructive Model Inference: Model Learning for Component-based Software Architectures

Authors:

Bram Hooimeijer, Marc Geilen, Jan Friso Groote, Dennis Hendriks and Ramon Schiffelers

Abstract: Model learning, learning a state machine from software, can be an effective model-based engineering technique, especially to understand legacy software. However, so far the applicability is limited as models that can be learned are quite small, often insufficient to represent the software behavior of large industrial systems. We introduce a novel method, called Constructive Model Inference (CMI). It effectively allows us to learn the behavior of large parts of the industrial software at ASML, where we developed the method and it is now being used. The method uses observations in the form of execution logs to infer behavioral models of concurrent component-based (cyber-physical) systems, relying on knowledge of their architecture, deployment and other characteristics, rather than heuristics or counter examples. We provide a trace-theoretical framework, and prove that if the software satisfies certain architectural assumptions, our approach infers the correct results. We also present a practical approach to deal with situations where the software deviates from the assumptions. In this way we are able to construct accurate and intuitive state machine models. They provide practitioners with valuable insights into the software behavior, and enable all kinds of behavioral analyses.
Download

Paper Nr: 21
Title:

An Ensemble Classifier based Method for Effective Fault Localization

Authors:

Arpita Dutta and Rajib Mall

Abstract: Fault localization (FL) is one of the most difficult and tedious task during software debugging. It has been reported in literature that different FL techniques show superior results under different circumstances. No reported technique always outperforms all existing FL techniques for each type of bug. On the other hand, it has been reported that ensemble classifiers combine different learning methods to obtain better predictive performance that may not be obtained from any of the constituent learning algorithms alone. This has motivated us to use an ensemble classifier for effective fault localization. We focus on three different families of fault localization techniques, viz., spectrum based (SBFL), mutation based (MBFL), and neural-network based (NNBFL) to achieve this. In total, we have considered eleven representative methods from these three families of FL techniques. Our underlying model is simple and intuitive as it is based only on the statement coverage data and test execution results. Our proposed ensemble classifier based FL (EBFL) method classifies the statements into two different classes viz., Suspicious and Non-Suspicious set of statements. This helps to reduce the search space significantly. Our experimental results show that our proposed EBFL technique requires, on an average, 58% of less code examination as compare to the other contemporary FL techniques, viz., Tarantula, DStar, CNN, DNN etc.
Download

Paper Nr: 48
Title:

COAST: A Conflict-free Replicated Abstract Syntax Tree

Authors:

Aäron Munsters, Angel Luis Scull Pupo and Jens Nicolay

Abstract: Remote real-time collaborative text editing enables collaboration of distributed parties which improves an agile workflow, team member availability and productivity. Collaborative source-code editors are often implemented as a variant of regular collaborative text editing with source code highlighting. Such approaches do not use the structural program information to accurately merge concurrent changes on the same portions of code for temporal network partitions. Therefore, these approaches fail to merge concurrent structural changes to the program such as a concurrent move and edit operation. In this paper we propose an approach in which the editor replicates not the program text but the program tree that corresponds with the program text. Propagating source code changes as tree operations enables resolving concurrent tree changes with higher accuracy. We evaluate our approach by reproducing a use case in which we concurrently change source code on existing tools and our approach. We show that existing tools break the lexical structure and come up with an incorrect program while our approach can distinctly apply the changes preserving the program structure.
Download

Paper Nr: 64
Title:

Air Quality Monitoring of Bangladesh (AQM): Data Driven Analysis System

Authors:

Noureen Islam, Noor-E-Sadman, Mahmudul Islam and Mahady Hasan

Abstract: Air pollution is a major concern for countries around the world. According to World Health Organization (WHO), seven million people die worldwide every year caused by air pollution. Bangladesh has not only serious pollution problems but also it is ranked first among the world's most polluted countries with a PM2.5 reading of 76.9 microgrammes per cubic meter (μg/m³) in the year 2021 (AQI Bangladesh, 2021). In this paper, we propose to develop a data-driven software system for monitoring the air quality of Bangladesh. Our proposed system will provide atmospheric maps and charts for monitoring the current and future Air Quality Index (AQI) of any area. We conducted an experiment for 1-year time span to observe the concentration level and data patterns of PM2.5 in our country focusing on the transportation routes and industrial zones. The data is collected from the sensors and satellites of different stations covering multiple areas. The results are analyzed in the context of divisions, transportation stations, industrial zones, and time. For a variety of air quality indicators, the experimental results were compared to IQAir AirVisual Pro and showed good results, with very small differences between our obtained result and IQAir AirVisual Pro. Our goal is to mainly monitor the industrial zones, power plants, divisions, and transportation routes as most toxic compounds are formed there.
Download

Paper Nr: 69
Title:

Agile Requirements Engineering’s Challenges

Authors:

Ezeldin Sherif, Waleed Helmy and Galal Hassan

Abstract: Agile methodology focuses on delivering working software as soon as possible, whilst having the customer involved from start to end. There are some challenges in requirements engineering in Agile. For example, non-functional requirements are being ignored and not treated as first-class artifacts during the development lifecycle. This causes a lot of problems such as customer dissatisfaction and a lot of rework; which affects time and cost. This paper explains the different challenges of requirements engineering in Agile for the past decade.
Download

Paper Nr: 92
Title:

Incorporating Privacy Requirements in Smart Communities for Older Adults: A Research Vision

Authors:

Fauzia Khan and Ishaya Gambo

Abstract: In recent years, socio-technical systems like smart city technology have received growing interest. Privacy requirements in smart technologies hold significant importance, but it is difficult to elicit by traditional requirements elicitation techniques as several contextual factors are involved. Therefore, these techniques cannot be effectively used to analyze privacy requirements. Our study aims to develop a framework that elicits privacy requirements of older adults in smart communities and to improve the privacy awareness of individuals in social groups. Our proposed framework is applied to a hypothetical scenario of an older adult using a smart e-healthcare system to analyze privacy requirements and make users aware of whom they are sharing their information with in social groups.
Download

Paper Nr: 101
Title:

FUSION: Feature-based Processing of Heterogeneous Documents for Automated Information Extraction

Authors:

Michael Sildatke, Hendrik Karwanni, Bodo Kraft and Albert Zündorf

Abstract: Information Extraction (IE) processes are often business-critical, but very hard to automate due to a heterogeneous data basis. Specific document characteristics, also called features, influence the optimal way of processing. Architecture for Automated Generation of Distributed Information Extraction Pipelines (ARTIFACT) supports businesses in successively automating their IE processes by finding optimal IE pipelines. However, ARTIFACT treats each document the same way, and does not enable document-specific processing. Single solution strategies can perform extraordinarily well for documents with particular traits. While manual approvals are superfluous for these documents, ARTIFACT does not provide the opportunity for Fully Automatic Processing (FAP). Therefore, we introduce an enhanced pattern that integrates an extensible and domain-independent concept of feature detection based on microservices. Due to this, we create two fundamental benefits. First, the document-specific processing increases the quality of automated generated IE pipelines. Second, the system enables FAP to eliminate superfluous approval efforts.
Download

Paper Nr: 3
Title:

Using Hexagonal Architecture for Mobile Applications

Authors:

Robin Nunkesser

Abstract: Complex mobile applications require an appropriate global architecture. If used correctly, the high-level design patterns officially recommended for iOS and Android such as MVC, MVVM, and MVI/MVU may make an important contribution to the architecture, but they often require supplementary architectural concepts. General architectures such as Clean Architecture may come to the rescue but leave room for interpretation as to how they work best on iOS and Android. This paper discusses using Hexagonal Architecture as the fundamental global architecture for mobile architectures, providing an extendable approach suitable for small and large projects and helping to achieve more independence from frameworks and external agencies and better testability.
Download

Paper Nr: 9
Title:

A Tool and an Approach for the Automatic Generation of Digital Networks

Authors:

Francesco Pilotti, Giorgio Campea, Daniela D’Alessandro, Daniele Di Valerio and Gaetanino Paolone

Abstract: Today, Web and Mobile applications play an important role in any Information System (IS). Small- and Medium-sized Enterprises (SMEs) need these applications to digitalise themselves and be competitive in a globalised world. However, developing Web applications is a challenging goal. Model Driven Engineering (MDE) is a well-known process for the development of software systems. To sidestep the pitfalls concerning the adoption of MDE in the industry, and to provide SMEs with easy-to-use tools to enter the global market, the paper presents DNetGenerator, a tool which performs the automatic code generation of Web portals in C# code. The Web portals are part of a previous study, aimed at developing Technological platforms for SMEs, in order for them to create and manage a digital network. DNetGenerator allows the deployment of the Web portals on the cloud. The paper presents the process for using the tool as well. With DNetGenerator, SMEs will be able to design, generate and deploy their Web portals, according to their requirements and without any programming skills.
Download

Paper Nr: 24
Title:

Connections between Language Semantics and the Query-based Compiler Architecture

Authors:

Peter Lenkefi and Gergely Mezei

Abstract: Modern software development has drastically changed the role of compilers with the introduction of responsive development tools. To accommodate this change, compilers have to go through an architectural transformation, diverging from the classic pipeline. A relatively new idea is called query-based compiler design, which took inspiration from build systems. It splits up the pipeline into smaller, individual operations, which - given some constraints - allows for some interesting optimizations. We argue that some programming language semantics introduce cyclic dependencies between certain compiler passes, which can naturally lead to rediscovering query-based compilers. In this paper, we present a framework that can be used to create compilers with a query-based architecture. Based on this framework, we introduce the Yoakke programming language, which we also use to explore our hypothesis regarding cyclic dependencies and rediscovering query-based compilers.
Download

Paper Nr: 38
Title:

Using Procedure Cloning for Performance Optimization of Compiled Dynamic Languages

Authors:

Robert Husák, Jan Kofroň, Jakub Míšek and Filip Zavoral

Abstract: Compilation of dynamic programming languages into strongly typed platforms such as .NET and JVM has proven useful in enhancing the security and interoperability of the resulting programs, as well as in enabling their source-less distribution. In order to produce the best intermediate code possible, dynamic language compilers can employ advanced interprocedural type analysis and perform various optimizing transformations. However, these efforts are often limited due to the ambiguity of types in these languages and the need to preserve soundness. In this paper, we improve the performance of global functions by adapting the technique of procedure cloning, focusing on different parameter types those specialized clones can be called with. We devise several heuristics to identify the most promising specializations and call them from their respective call sites. Our technique was implemented into PeachPie, a compiler of PHP to .NET, and evaluated on standard benchmarks distributed with PHP. Benchmarks containing deep recursion show a speedup factor up to 3.65, while benchmarks of computation-intensive loops reveal a speedup factor up to 2.64.
Download

Paper Nr: 52
Title:

Statistical and Requirement Analysis for an IDM Tool for Emergency Department Simulation

Authors:

Juan David Mogollon, Virginie Goepp, Oscar Avila and Roland de Guio

Abstract: Emergency Departments (ED) are spaces prone to congestion due to the high number of patients. This problem, known as overcrowding, has negative effect on patient waiting time. In order to find a solution, analysis of the flow of patients through Discrete Event Simulation (DES) is a relevant approach that models the operation of a system through a sequence of events. This technique relies on high-quality input data which needs to be previously managed in a complete process known as Input Data Management (IDM). The objective of this research is to present our progress in the development of a software application to efficiently automate the IDM process required for DES of ED. Preliminary findings and results presented in this paper include the problem definition, the evaluation of required statistical methods, and the gathering of specific requirements from a case study with real data. Based on these results, this paper describes the initial architecture of a software application that satisfies the identified requirements.
Download

Paper Nr: 67
Title:

Test Case Backward Generation for Communicating Systems from Event Logs

Authors:

Sébastien Salva and Jarod Sue

Abstract: This paper is concerned with generating test cases for communicating systems. Instead of considering that a complete and up-to-date specification is provided, we assume having an event log collected from an implementation. Event logs are indeed more and more considered for helping IT personnel understand and monitor system behaviours or performance. We propose an approach allowing to extract sessions and business knowledge from an event log and to generate an initial set of test cases under the form of abstract test models. The test architecture is adaptable and taken into consideration during this generation. Then, this approach applies 11 test case mutation operators on test cases to mimic possible failures. These operators, which are specialised to communicating systems, perform slight modifications by affecting the event sequences, the data, or injecting unexpected events. Executable test cases are finally derived from the test models.
Download

Paper Nr: 87
Title:

Formal Notations and Terminology for Users’ Feedback and Its Specialization for Interactive Fault Localization

Authors:

Gergő Balogh and Péter Soha

Abstract: The knowledge of users is utilized in several aspects during software engineering-related tasks and research, such as UX and usability testing, code review sessions, and interactive debugging tasks, to name a few. Anyone who wishes to work with such a system has to face two challenges. They have to evaluate the proposed process and implement or integrate it into their workflow. This paper aims to aid these endeavors by providing a lingua franca for the stakeholders to define and express the expected users’ feedback and the reaction they give to them. Our goal is not to evaluate all users’ feedback-related results or to solve their testability and applicability. Nevertheless, our findings will support the resolution of these issues. We provide a formal terminology, which allows the stakeholders to specify their feedback instances, the items, and the actions.
Download

Paper Nr: 91
Title:

A Formal Approach for Complex Attacks Generation based on Mutation of 5G Network Traffic

Authors:

Zujany Salazar, Fatiha Zaidi, Wissam Mallouli, Ana Rosa Cavalli, Huu Nghia Nguyen and Edgardo Montes De Oca

Abstract: We present a formal approach based on mutation techniques for the modelling of cybersecurity attacks and its application to 5G networks. We introduce formal definitions of the main concepts of network protocols, mutation operators, flow of network packets and network traffic. We design a formal approach based on different mutation operators that allows to design models that can be assimilated with known and unknown attacks. This approach has been implemented in our open source 5G network traffic fuzzer, 5Greplay, and has been applied to two use cases that are representative of attacks against 5G networks.
Download

Area 3 - Software Systems and Applications

Full Papers
Paper Nr: 16
Title:

Empirical Evaluation of Reusability Models

Authors:

Andreea Cristina Lung, Simona Motogna and Vladiela Petraşcu

Abstract: Many research efforts have been directed into ways to quantify the degree to which a software component can be reused in other systems. As such, a number of different reusability assessment models have been proposed in the literature, taking into account several metrics that can affect reusability and different approaches to measuring it. In this paper, we conduct a longitudinal reusability assessment by applying three reusability models to a number of different projects (libraries and frameworks) with the goal of studying the long-term evolution of reusability in open-source software. The exploratory part of the study consists of reproducing and applying the chosen models on three different-sized projects for several released versions of the software and studying the transformations of reusability over time and how these relate to certain changes in quality factors or size of the software. Results show a more intense variation of reusability in earlier versions and more stable values towards later versions in applications, and a clear influence of complexity, modularity and cohesion on reusability scores.
Download

Paper Nr: 29
Title:

Multi-party Contract Management for Microservices

Authors:

Zakaria Maamar, Noura Faci, Joyce El Haddad, Fadwa Yahya and Mohammad Askar

Abstract: This paper discusses the necessary steps and means for ensuring the successful deployment and execution of software components referred to as microservices on top of platforms referred to as Internet of Things (IoT) devices, clouds, and edges. These steps and means are packaged into formal documents known in the literature as contracts. Because of the multi-dimensional nature of deploying and executing microservices, contracts are specialized into discovery, deployment, and collaboration types, capturing each specific aspect of the completion of these contracts. This completion is associated with a set of Quality-of-Service (QoS) parameters that are monitored allowing to identify potential deviations between what has been agreed upon and what has really happened. To demonstrate the technical doability of contracts, a system is implemented using different datasets that support experiments related to assessing the impact of the number of microservices and platforms on the performance of the system.
Download

Paper Nr: 31
Title:

Using Deep Reinforcement Learning to Build Intelligent Tutoring Systems

Authors:

Ciprian Paduraru, Miruna Paduraru and Stefan Iordache

Abstract: This work proposes a novel method for building agents that can teach human users actions in various applications, considering both continuous and discrete input/output spaces and the multi-modal behaviors and learning curves of humans. While our method is presented and evaluated through a video game, it can be adapted to many other kinds of applications. Our method has two main actors: a teacher and a student. The teacher is first trained using reinforcement learning techniques to approach the ideal output in the target application, while still keeping the multi-modality aspects of human minds. The suggestions are provided online, at application runtime, using texts, images, arrows, etc. An intelligent tutoring system proposing actions to students considering a limited budget of attempts is built using Actor-Critic techniques. Thus, the method ensures that the suggested actions are provided only when needed and are not annoying for the student. Our evaluation is using a 3D video game, which captures all the proposed requirements. The results show that our method improves the teacher agents over the state-of-the-art methods, has a beneficial impact over human agents, and is suitable for real-time computations, without significant resources used.
Download

Paper Nr: 55
Title:

Adding Support for Reference Counting in the D Programming Language

Authors:

R˘azvan Nit¸u, Eduard St˘aniloiu, R˘azvan Deaconescu and R˘azvan Rughinis¸

Abstract: As more and more software products are developed daily, the security risks imposed by the growing code bases increase. To help mitigate the risk, memory safe systems programming languages, such as D and Rust, are increasingly adopted by developers. The D programming language uses, by default, a garbage collector for memory management. If the performance of a program is bottle-necked by it, or a system is resource constrained, as is the case for the ever-growing Internet of Things devices, the user has the option opt out and employ a custom allocation strategy. However, in this situation, the programmer needs to manually manage memory - a complex and error-prone task. An alternative is represented by a middle ground solution in the form of automatic reference counting. This strategy offers simplicity and performance for a small cost in expressiveness. However, due to the transitive nature of type qualifiers in D and purity-based optimizations, it is impossible to implement a library solution. In this paper, we present the problems introduced by transitive type qualifiers to reference counting and we propose the addition of a new storage class for members of aggregate declarations that breaks the transitivity of type qualifiers. We present our design and show that it can be used to implement a generic automatic reference counting mechanism without disabling purity based optimizations.
Download

Paper Nr: 56
Title:

Data Partitioning Strategies for Simulating non-IID Data Distributions in the DDM-PS-Eval Evaluation Platform

Authors:

Mikołaj Markiewicz and Jakub Koperwas

Abstract: Nowadays, the size of the various datasets collected worldwide is growing rapidly. These data are stored in different data centres or directly on IoT devices, and are thus located in different places. Data stored in different locations may be uniformly distributed and convergent in terms of the information carried, and are then known as independent and identically distributed (IID) data. In the real world, data collected in different geographic regions tend to differ slightly or have completely different characteristics, and are then known as non-IID data. Increasing numbers of new algorithms have been implemented to work with such distributed data without the need to download all the data to one place. However, there is no standardised way of validating these, and such algorithms are typically tested on IID data, which are uniformly distributed. The issue of non-IID data is still an open problem for many algorithms, although the main categories of ”non-IID-ness” have been defined. The purpose of this paper is to introduce new data partitioning strategies and to demonstrate the impact of non-IID data on the quality results of distributed processing. We propose multiple strategies for dividing a single dataset into multiple partitions to simulate each of the major non-IID data category problems faced by distributed algorithms. The proposed methods of data partitioning integrated with the DDM-PS-Eval platform will enable the validation of future algorithms on datasets with different data distributions. A brief evaluation of the proposed methods is presented using several distributed clustering and classification algorithms.
Download

Paper Nr: 59
Title:

A Medical Information System for Personalized Rehabilitation after Ankle Inversion Trauma

Authors:

Jonathan Neugebauer, Rosemary Dubbeldam, My Linh Pham, Lokman Beser, Luka Gerlach, Yu Yuan Lee and Herbert Kuchen

Abstract: We have developed FEAL, a mobile app and a corresponding server component supporting personalized rehabilitation after an ankle inversion trauma. In order to enable the maintenance of the essential parts of the overall system by health professionals, an easy to understand domain specific language (DSL) has been designed enabling them to adapt the questionnaires which are essential parts of the app. For the same reason, the included medical knowledge is not hard coded in a programming language but provided by rules of a business rules management system. A DSL specification is automatically transformed by a correspondingly developed generator to platform-independent React Native code such that the resulting app can be used on the relevant platforms iOS and Android.
Download

Paper Nr: 85
Title:

Timing Model for Predictive Simulation of Safety-critical Systems

Authors:

Emilia Cioroaica, José Miguel Blanco and Bruno Rossi

Abstract: Emerging evidence shows that safety-critical systems are evolving towards operating in uncertain context while integrating intelligent software that evolves over time as well. Such behavior is considered to be unknown at every moment in time because when faced with a similar situation, these systems are expected to display an improved behavior based on artificial learning. Yet, a correct learning and knowledge-building process for the non-deterministic nature of an intelligent evolution is still not guaranteed and consequently safety of these systems cannot be assured. In this context, the approach of predictive simulation enables runtime predictive evaluation of a system behavior and provision of quantified evidence of trust that enables a system to react safety in case malicious deviations, in a timely manner. For enabling the evaluation of timing behavior in a predictive simulation setting, in this paper we introduce a general timing model that enables the virtual execution of a system’s timing behavior. The predictive evaluation of the timing behavior can be used to evaluate a system’s synchronization capabilities and in case of delays, trigger a safe fail-over behavior. We iterate our concept over an use case from the automotive domain by considering two safety critical situations.
Download

Paper Nr: 88
Title:

Multi-factor Prediction and Parameters Identification based on Choquet Integral: Smart Farming Application

Authors:

Yann Pollet, Jérôme Dantan and Hajer Baazaoui

Abstract: In this paper, we consider the domain of smart farming aiming at agronomic processes optimization, and, more particularly, the issue of predicting the growth stages transitions of a plant. As existing automated predictions are not accurate nor reliable enough to be used in the farming process, we propose here an approach based on Choquet integral, enabling the passage from multiple imperfect predictions to a more accurate and reliable one, considering the relevance of each source in the prediction as well as the interactions, synergies, or redundancies between factors. Identifying the parameter values defining a Choquet-based decision model being not straightforward, we propose an approach based on an observation history. Our proposal defines an evaluation function assigning to any potential solution a predictive capability, quantifying a degree of order present in its output, and an associated optimisation process based on truth degrees regarding a set of inequalities. A case study concerns smart farming, the prototype we implemented enabling, for a given culture and several input sources, to help farmers to predict the next growth stage. The experimental results are very encouraging, the predicted day remaining stable despite presence of noise on evidence values.
Download

Paper Nr: 89
Title:

Reconfigurable Wireless Sensor Networks Simulator (RWSNSim): A New Discrete-event Simulator

Authors:

Hanene Rouainia, Hanen Grichi, Laid Kahloul and Mohamed Khalgui

Abstract: Reconfigurable wireless sensor networks become an important area in research and industrial communities. With their development and spread, many problems and solutions have emerged. Network simulators have become an essential necessity to study the impact of these solutions on networks in order to avoid huge costs in terms of money, time, and effort if applied on the ground. In this paper, we propose a new discrete-event simulator for WSNs and RWSNs called RWSNSim. We present its description, modeling, and provided services. Finally, to demonstrate the efficiency of RWSNSim, we simulate a case study and detail the simulator functioning steps.
Download

Short Papers
Paper Nr: 12
Title:

Increasing the Autonomy of the Unmanned Aerial Platform

Authors:

Wojciech Stecz and Marcin Chodnicki

Abstract: The article presents the principles of designing a reliable architecture supporting Unmanned Aerial Vehicle (UAV) control, taking into account the need to handle hazardous situations occurring during the flight. Detailed attention was paid to the description of the UAV architecture components that affect the ability to perform autonomous missions, understood as a flight without contact with the Ground Control Station (GCS). The method of designing UAV flight algorithms in the conditions of occurrence of gusts of wind was presented. The principles of modeling the behavior of UAVs in situations of a potential air collision with another platform or a collision with a terrain obstacle are described. Principles of modeling the hierarchy of handling hazardous situations are presented. The developed models were tested on a computer architecture based on ARM processors using the Hardware-in-the-Loop (HIL) technique. The presented solution uses a system of UAV control computers in the form of a Flight Control Computer (FCC) based on a real-time operating system (RTOS), and a Mission Computer (MC) based on a Linux system integrated with a Robot Operating System (ROS). A method of integrating tasks related to the management of mission implementation with the algorithms ensuring flight safety of the air platform is presented. The research was carried out on the basis of the UAV mathematical model, stabilization and navigation algorithms and the Dryden turbulence model.
Download

Paper Nr: 13
Title:

Comparing Deep Learning Models for Multi-label Classification of Arabic Abusive Texts in Social Media

Authors:

Salma Abid Azzi and Chiraz Ben Othmane Zribi

Abstract: Facing up to abusive texts in social networks is gradually becoming a mainstream NLP research topic. However, the detection of its specific related forms is still scarce. The majority of automatic solutions cast the problem into a two-class or three-class classification issue not taking into account its variety of aspects. Specifically in the Arabic language, as one of the most widely spoken languages, social media abusive texts are written in a mix of different dialects which further complicates the detection process. The goal of this research is to detect eight specific subtasks of abusive language in Arabic social platforms, namely Racism, Sexism, Xenophobia, Violence, Hate, Pornography, Religious hatred, and LGBTQ a Hate. To conduct our experiments, we evaluated the performance of CNN, BiLSTM, and BiGRU deep neural networks with pre-trained Arabic word embeddings (AraVec). We also investigated the recent Bidirectional Encoder Representations from Transformers (BERT) model with its special tokenizer. Results show that DNN classifiers achieved nearly the same performance with an overall average precision of 85%. Moreover, although all the deep learning models obtained very close results, BERT slightly outperformed the others with a precision of 90% and a micro-averaged F1 score of 79%.
Download

Paper Nr: 17
Title:

Building Roger: Technical Challenges While Developing a Bilingual Corpus Management and Query Platform

Authors:

Cosmin Strilețchi, Mădălina Chitez and Karla Csürös

Abstract: This paper presents an approach to a bilingual Corpus query system. ROGER has been designed and implemented as a cross-platform distributed web application. The backend interface available to authenticated administrators provides the digital tools for managing the database stored texts and associated metadata, and also offers an extensive statistics mechanism that cover the data composition and usage (words, characters, languages, study levels, genres, domains and n-grams). The frontend capabilities are offered to the registered users allowing them to search for specific keywords and to refine the obtained results by applying a series of filters. Current platform features include search terms and phrases, n-gram distributions and statistical visualizations for performed queries. After inputting a search term / phase, the user may filter available texts by: (i) language (English, Romanian); (ii) student genre (currently 20 genres); (iii) study year (1 through 4); (iv) level (BA, MA or PhD); (v) discipline (currently 8 disciplines) and (vi) gender (male, female or unknown). A series of solutions have been implemented to improve the response times of the intensely computational procedures that manipulate big amounts of data.
Download

Paper Nr: 26
Title:

Adherence to Secure Software Development Lifecycle

Authors:

Alaa’ Omar, Ahmad Alsadeh and Mamoun Nawahdah

Abstract: Security in software development lifecycle (SDL) is a comprehensive development process for detecting, preventing security defects, and responding to the exploits. In this study, we investigate to what extent the software security principles are adopted in the Palestinian IT sector. Thus, we conducted an online self-administered questionnaire that targeted the Palestinian IT sector on a random sample of participants. The results revealed that most of the security practices are not fully applied by the surveyed enterprises. We found that the security background, company domain, budget, and timeline are influential factors that affect the adoption of security principles during the SDL. In addition, we found that software security is often neglected by most developers, although they are willing to comply with security principles when needed.
Download

Paper Nr: 27
Title:

Customer Journey Analytics: A Model for Creating Diagnostic Insights with Process Mining

Authors:

Daan Weijs and Emiel Caron

Abstract: The customer journey is becoming more complex due to digitization of business processes, broadening the gap between the proposed journey and the journey that is actually experienced by customers. Customer Journey Analytics (CJA) aims to detect and analyse pain points in the journey in order to improve the customer experience. This study proposes an extended version of the Customer Journey Mapping (CJM) model, to measure the impact of different types of touchpoints along the customer journey on customer experience, and to apply process mining to gain more insight in the gap between proposed and actual journeys. Moreover, this model is used to develop dedicated CJA based on process mining techniques. A case study on e-commerce applies the CJM-model in practice and shows how the combination of process mining techniques can answer the analysis questions that arise in customer journey management.
Download

Paper Nr: 32
Title:

Continuous Procedural Network of Roads Generation using L-Systems and Reinforcement Learning

Authors:

Ciprian Paduraru, Miruna Paduraru and Stefan Iordache

Abstract: Procedural content generation methods are nowadays used in areas such as games, simulations or the movie industry to generate large amounts of data with lower development costs. Our work attempts to fill a gap in this area by focusing on methods capable of generating content representing network of roads, taking into account real-world patterns or user-defined input structures. At the low- level of our generative processes, we use L-systems and Reinforcement Learning based solutions that are employed to generate tiles of road structures in environments that are partitioned as 2D grids. As the evaluation section shows, these methods are suitable for runtime demanding applications since the computational cost is not significant.
Download

Paper Nr: 35
Title:

A Hybrid Complexity Metric in Automatic Software Defects Prediction

Authors:

Laura Diana Cernău, Laura Dioșan and Camelia Șerban

Abstract: Nowadays, software systems evolve in vast and complex applications. In such a complex system, a minor change in one part may have unexpected degradation of the software system design, leading to an unending chain of bugs and defects. Therefore, to keep track of implications that could appear after a change has been applied, the assessment of the software system is of utmost importance. As a result, in this direction, software metrics are suitable for quantifying various aspects of system complexity and predicting as early as possible those parts of the system that could be error-prone. Thus, in this paper, we propose a comparative study of two complexity metrics, Weighted Method Count and Hybrid Cyclomatic Complexity, regarding the prediction of software defects. Specifically, the objective is to investigate whether using a hybrid metric that measures the complexity of a class improves the performance of the fault prediction model. We conduct a series of several experiments on five open source projects datasets. The preliminary results of our research indicate that the proposed metric performs better than the standard complexity metric of a class, Weighted Method Count. Moreover, the Hybrid Cyclomatic Complexity metric can be seen as a base for building a more complex and robust complexity metric.
Download

Paper Nr: 44
Title:

Automatic Generation of Interoperability Connectors using Software Product Lines Engineering

Authors:

Boubou Thiam Niang, Giacomo Kahn, Nawel Amokrane, Yacine Ouzrout, Hamza Sahli, Mustapha Derras and Jannik Laval

Abstract: Information Systems (ISs) of modern companies must be reactive and capable to communicate with third-party IS. It is, therefore, necessary to establish agile interoperability between information systems. For this purpose, connectors are used to ensure interactions between IS components. However, components are independently designed and conform to different technical and domain standards that are continuously evolving. Given that the connectors are often developed manually and are not reusable in most cases, establishing and maintaining interoperability becomes a major challenge. In this paper we propose an approach to automatically generate connectors, using software product line engineering to reuse common features and better manage variability. A metamodel of the connector is proposed to show that they can be considered as first-class entities. An industrial case study followed by a discussion is proposed to demonstrate the feasibility of our approach.
Download

Paper Nr: 50
Title:

Semantic-based Data Integration and Mapping Maintenance: Application to Drugs Domain

Authors:

Mouncef Naji, Maroua Masmoudi, Hajer Baazaoui Zghal, Chirine Ghedira Guegan, Vlado Stankovski and Dan Vodislav

Abstract: In recent years, the number of data sources and the amount of generated data are increasing continuously. This voluminous data leads to several issues of storage capacities, data inconsistency, and difficulty of analysis. In the midst of all these difficulties, data integration techniques try to offer solutions to optimally face these problems. In addition, adding semantics to data integration solutions has proven its utility for tackling these difficulties, since it ensures semantic interoperability. In our work, which is placed in this context, we propose a semantic-based data integration and mapping maintenance approach with application to drugs domain. The contributions of our proposal deal with 1) a virtual semantic data integration and 2) an automated mapping maintenance based on deep learning techniques. The goal is to support the continuous and occasional data sources changes, which would highly affect the data integration. To this end, we focused mainly on managing metadata change within an integrated structure, refereed to as mapping maintenance. Our deep learning models encapsulate both convolutional, and Long short-term memory networks. A prototype has been developed and performed on two use cases. The process is fully automated and the experiments show significant results compared to the state of the art.
Download

Paper Nr: 70
Title:

A Methodology for Detecting Programming Languages in Stack Overflow Questions

Authors:

Aman Swaraj and Sandeep Kumar

Abstract: Stack Overflow (SO) is the pre-eminent source for knowledge sharing among developers. The Question-Answer (Q-A) site witnesses a heavy traffic with around 5000 questions being posted every day. Given this scenario, it has now become mandatory for users to provide at least one tag for their questions for better discussion. However, novice developers often incorrectly tag their questions which leads to down voting of the post and eventual loss of information. An automatic tag generation mechanism is therefore needed for associating the posts with their respective programming languages. In this work, we have presented a rule based approach for detecting programming languages in question titles. The rules are used to match specific patterns in question titles and generate programming language tags. We then compare the tags generated by our proposed model with the pre-existing tags provided by stack overflow in the dataset. Our model is able to predict languages with an accuracy of 87%. Additionally, our model can detect multiple programming languages in a post and also identify different versions of a language such Python 2.7, Python 3 etc. We further record interesting observations with respect to existing approaches.
Download

Paper Nr: 71
Title:

Secure Software Architectural Patterns Designed with Secure Connectors

Authors:

Michael Shin, Taeghyun Kang and Hassan Gomaa

Abstract: This paper addresses secure software architectural patterns designed with secure connectors, where security concerns are encapsulated in secure connectors, separately from application concerns. Because secure software architectural patterns address security and application concerns, the design of the patterns needs to blend those concerns; thus, they can be complicated. Secure connectors can reduce the complexity of the design of secure software architectural patterns by separating security and application concerns. In this paper, secure connectors are designed for secure software architectural patterns by considering the security patterns required by application components and the communication patterns between the components. Secure connectors make the design of secure software architectural patterns more maintainable and evolvable. We have implemented a secure distributed baseball game application using the secure MVC software architectural pattern to validate our research.
Download

Paper Nr: 73
Title:

Advancing Security and Data Protection for Smart Home Systems through Blockchain Technologies

Authors:

Ciprian Paduraru, Rares Cristea and Alin Stefanescu

Abstract: Internet of Things (IoT) systems are becoming ever-present in our lives and the demand recently increased with the explosion of external services offered by healthcare, smart city or smart home providers. However, the connection of private IoT-driven smart home systems and passing data to these external services can pose significant privacy issues, such as information theft or attacks to control, monitor, or harm personal resources. In our paper, we address the identified security issues through a comprehensive architecture based on blockchain technology, namely the Hyperledger Fabric platform. We underscore the value that a permissioned blockchain brings in addressing performance issues both architecturally and through fog computing, and propose a pipeline to mitigate known security threats through static and live monitoring techniques.
Download

Paper Nr: 74
Title:

Interpretable Malware Classification based on Functional Analysis

Authors:

Miles Q. Li and Benjamin C. M. Fung

Abstract: Malware is the crux of cyber-attacks, especially in the attacks of critical cyber(-physical) infrastructures, such as financial systems, transportation systems, smart grids, etc. Malware classification has caught extensive attention because it can help security personnel to discern the intent and severity of a piece of malware before appropriate actions will be taken to secure a critical cyber infrastructure. Existing machine learning-based malware classification methods have limitations on either their performance or their abilities to interpret the results. In this paper, we propose a novel malware classification model based on functional analysis of malware samples with the interpretability to show the importance of each function to a classification result. Experiment results show that our model outperforms existing state-of-the-art methods in malware family and severity classification and provide meaningful interpretations.
Download

Paper Nr: 79
Title:

Resilient Conflict-free Replicated Data Types without Atomic Broadcast

Authors:

Daniel Brahneborg, Wasif Afzal and Saad Mubeen

Abstract: In a distributed system, applications can perform both reads and updates without costly synchronous network round-trips by using Conflict-free Replicated Data Types (CRDTs). Most CRDTs are based on some variant of atomic broadcast, as that enables them to support causal dependencies between updates of multiple objects. However, the overhead of this atomic broadcast is unnecessary in systems handling only independent CRDT objects. We identified a set of use cases for tracking resource usage where there is a need for a replication mechanism with less complexity and network usage as compared to using atomic broadcast. In this paper, we present the design of such a replication protocol that efficiently leverages the commutativity of CRDTs. The proposed protocol CReDiT (CRDT enhanced with intelligence) uses up to four communication steps per update, but these steps can be batched as needed. It uses network resources only when updates need to be communicated. Furthermore, it is less sensitive to server failures than current state-of-the-art solutions as other nodes can use new values already after the first communication step, instead of after two or more.
Download

Paper Nr: 83
Title:

A Lightweight Software Product Quality Evaluation Method

Authors:

Giuseppe Lami and Giorgio Oronzo Spagnolo

Abstract: In this paper, we describe an evaluation method, called QuESPro (Quality Evaluation of Software Product), aimed at performing third party evaluation of the suitability for the intended use of software products, by targeting a trade-off between the mere informal expert judgment and the application of complex and expensive evaluation methods. The QuESPro is based on the framework provided by the ISO/IEC 25000 series standard and provides a step-wise process to determine a quantitative evaluation of the relevant quality characteristics of software products. With the aim of assessing the feasibility of the QuESPro method in terms of feasibility, identifying its strengths, and identifying improvement opportunities we applied it to an industrial case study. The results of such a case study are reported in this paper as well.
Download

Paper Nr: 84
Title:

Multiparty-session-types Coordination for Core Erlang

Authors:

Lavinia Egidi, Paola Giannini and Lorenzo Ventura

Abstract: In this paper, we present a formalization of multiparty-session-type coordination for a core subset of Erlang and provide a tool for checking the correctness of a system against the specification of its protocol. In Erlang actors are primitive entities, which communicate only through explicit asynchronous message passing. Our tool ensures that if an Erlang system is well typed, then it does not incur in deadlocks or have actors getting stuck waiting for messages that never arrive; moreover any message that is sent will eventually be read. The tool is based on multiparty session types, a formalism introduced to specify the structure of interactions and to ensure safety properties.
Download

Paper Nr: 86
Title:

Agile Methodology in Online Learning and How It Can Improve Communication: A Case Study

Authors:

Manuela Petrescu and Adrian Sterca

Abstract: This paper presents a study on using Agile methodologies in the teaching process at the university/college level during the Covid-19 pandemic, online classes. We detail a list of techniques inspired from software engineering Agile methodologies that can be used in online teaching. We also show, by analyzing students grades, that these Agile inspired techniques probably help in the educational process.
Download

Paper Nr: 98
Title:

Process and Organizational Data Integration from BPMS and Relational/NoSQL Sources for Process Mining

Authors:

Andrea Delgado and Daniel Calegari

Abstract: Business Process execution analysis is crucial for organizations to evaluate and improve them. Process mining provides the means to do so, but several challenges arise when dealing with data extraction and integration. Most scenarios consider implicit processes in support systems, with the process and organizational data being analyzed separately. Nowadays, many organizations increasingly integrate process-oriented support systems, such as BPMS, where process data execution is registered within the process engine database and organizational data in distributed potentially heterogeneous databases. They can follow the relational model or NoSQL ones, and organizational data can come from different systems, services, social media, or several other sources. Then, process and organizational data must be integrated to be used as input for process mining tasks and provide a complete view of the operation to detect and make improvements. In this paper, we extend previous work to support the collection of process and organizational data from heterogeneous sources, the integration of these data, and the automated generation of XES event logs to be used as input for process mining.
Download

Paper Nr: 15
Title:

Performance Analysis of an Embedded System for Target Detection in Smart Crosswalks using Machine Learning

Authors:

J. M. Lozano Domínguez, J. M. Corralejo Mora, I. J. Fernández de Viana González, T. J. Mateo Sanguino and M. J. Redondo González

Abstract: Embedded systems with low computing resources for artificial intelligence are being a key piece for the deployment of the Internet of Things in different areas as energy efficiency, agriculture or water monitoring, amid others. This paper carries out a study of the computational performance of a smart road detection and signalling system. To this end, the implementation methodology from Matlab® to C++ of a one-class SVM classifier with two pattern analysis strategies based on RADAR signals and RAW data is described. As a result, we found a balance between AUC, RAM consumption, processing time and power consumption for a Teensy 4.1 microcontroller with STFT and the fitcsvm2 algorithm versus other hardware options such as an I7-3770K processor, Raspberry Pi Zero and Teensy 3.6.
Download

Paper Nr: 19
Title:

Deriving UML Logic Architectures of Software Product based on a Cloud Reference Architecture: An Experience Report

Authors:

Francisco Morais, Tiago F. Pereira, Carlos Salgado, Ana Lima, Manuel Pereira, João Oliveira, António Sousa and Helena Rodrigues

Abstract: Companies are nowadays looking for the development of solutions based on public and private clouds capable of interoperating with information sources such as other systems, or devices in an IoT and CPS approach, and subsequently using that information efficiently. However, applying appropriate techniques for requirements engineering and designing logical architectures for that context can be complex. The cloud environments are very dynamic and are difficult to identify, clarify, and systematically manage cloud requirements. The lack of requirements engineering methods for this domain carry risks related to incorrect or unjustified decisions, which result in subjective project developments. This paper presents the use of NIST Cloud Computing Reference Architecture in the eliciting of requirements by employing a new approach (the 2P2S technique), that enables the use of an existing Model-Driven Design method (the 4SRS technique), derive logic architectures for cloud-based solutions, assuring that the system requirements are based on effective client needs.
Download

Paper Nr: 40
Title:

A Pipeline-oriented Processing Approach to Continuous and Long-term Web Scraping

Authors:

Stefan Huber, Fabio Knoll and Mario Döller

Abstract: Web scraping is a widely-used technique to extract unstructured data from different websites and transform it into a unified and structured form. Due to the nature of the WWW, long-term and continuous web scraping is a volatile and error-prone endeavor. The setup of a reliable extraction procedure comes along with various challenges. In this paper, a system design and implementation for a pipeline-oriented approach to web scraping is proposed. The main goal of the proposal is to establish a fault-tolerant execution of web scraping tasks with proper error handling strategies set in place. As errors are prevalent in web scraping, logging and error replication procedures are part of the processing pipeline. These mechanisms allow for effectively adapting web scraper implementations to evolving website targets. An implementation of the system was evaluated in a real-world case study, where thousands of web pages were scraped and processed on a daily basis. The results indicated that the system allows for effectively operating reliable and long-term web scraping endeavors.
Download

Paper Nr: 47
Title:

Blockchain Patterns in Critical Infrastructures: Limitations and Recommendations

Authors:

Hind Bangui and Barbora Buhnova

Abstract: The widespread adoption of data-driven applications in critical infrastructures has arisen with security and privacy concerns. Blockchain has received considerable attention to protect critical infrastructures (e.g., healthcare and transportation) that could be subjected to intentional and unintentional cyberattacks. Blockchain patterns as reusable solutions have been used in critical infrastructure software to fulfill security requirements while delivering reliable and trusted services to citizens. Thus, this work provides a comprehensive review of blockchain patterns to examine how they can steer the advancement of critical infrastructures. Through a critical analysis of existing blockchain pattern literature, we identify realistic limitations, lessons learned and open research issues entirely dedicated to advancing blockchain-based antifragile critical infrastructures.
Download

Paper Nr: 75
Title:

Applying and Extending FEMMP to Select an Adequate MBSE Methodology

Authors:

Christophe Ponsard and Valery Ramon

Abstract: Model-Based Systems Engineering (MBSE) relies on the central concept of model expressed in a well-defined language like SysML. However, efficiently and effectively driving the system design process through its lifecycle requires an adequate methodology. To ease the selection process among several MBSE methodologies, the Framework for the Evaluation of MBSE Methodologies for Practitioners (FEMMP) is worthwhile. This paper reports on the use of FEMMP to help in such a selection process with a focus on recent MBSE methodologies: Arcadia, ASAP and Grid. In addition to providing new and updated evaluations, it also identifies some overlooked criteria and suggests a few improvements. A consolidated comparison with older methodologies is also proposed and discussed.
Download

Paper Nr: 93
Title:

A SWOT Analysis of Software Technologies for Driving Museum Digital Transformation

Authors:

Christophe Ponsard and Ward Desmet

Abstract: Museums play a key cultural role in educating citizens through the immersive experience they provide. The recent lockdowns have awakened them to the need to accelerate their digital transformation and to propose new kinds of experience to their public. This paper performs a SWOT analysis considering the Strengths, Weaknesses, Opportunities and Threats from existing and emerging digital technologies w.r.t. the range of services and missions a museum is delivering both internally as a company and externally to the society. Our work relies on a number of technological evolutions reported in the literature and experienced in our computing heritage museum with a strong focus on the user experience and accessibility.
Download

Paper Nr: 102
Title:

A New Software Architecture for the Wise Object Framework: Multidimensional Separation of Concerns

Authors:

Sylvain Lejamble, Ilham Alloui, Sébastien Monnet and Flavien Vernier

Abstract: Adaptive systems represent an appropriate solution to the increasing complexity of software-intensive systems. We constructed a Wise Object Framework to develop self-adaptive software systems we name “Wise systems”. Those consist of distributed communicating software objects (Wise Objects) able to autonomously learn on how they behave and how they are used while demanding little attention from their users. A WO is either delivering a service (Awake state) or simulating its operation to learn behavior that has not occurred yet (Dream state). In its first version, WO architecture has been designed on the basis of a single component embedding built-in mechanisms for data monitoring and analysis. This architecture has major drawbacks we encountered when using WOF to develop new applications: (1) built-in mechanisms embedded within the WO do not allow using data by other components such as new analyzers, (2) raw data and data resulting from analysis in Awake or Dream states are not distinguished, (3) mandatory components to self-adaptation are missing especially those for action plan construction and execution. In this paper, we address those limitations through a MAPE-K compliant architecture, based on the Separation of Concerns(SoC) and an event-driven publish/subscribe mechanism. This is related to the general issue of wise system maintenance, reuse and evolution. Separation of Concerns is done according to different dimensions that are managed using hyperslicing techniques.
Download