• München, Germany
Recent publications
The need to make sense of complex input data within a vast variety of unpredictable scenarios has been a key driver for the use of machine learning (ML), for example in Automated Driving Systems (ADS). Such systems are usually safety-critical, and therefore they need to be safety assured. In order to consider the results of the safety assurance activities (scoping uncovering previously unknown hazardous scenarios), a continuous approach to arguing safety is required, whilst iteratively improving ML-specific safety-relevant properties, such as robustness and prediction certainty. Such a continuous safety life cycle will only be practical with an efficient and effective approach to analyzing the impact of system changes on the safety case. In this paper, we propose a semi-automated approach for accurately identifying the impact of changes on safety arguments. We focus on arguments that reason about the sufficiency of the data used for the development of ML components. The approach qualitatively and quantitatively analyses the impact of changes in the input space of the considered ML component on other artifacts created during the execution of the safety life cycle, such as datasets and performance requirements and makes recommendations to safety engineers for handling the identified impact. We implement the proposed approach in a model-based safety engineering environment called FASTEN, and we demonstrate its application for an ML-based pedestrian detection component of an ADS.
We describe the categorical semantics for a simply typed variant and a simplified dependently typed variant of Cocon , a contextual modal type theory where the box modality mediates between the weak function space that is used to represent higher-order abstract syntax (HOAS) trees and the strong function space that describes (recursive) computations about them. What makes Cocon different from standard type theories is the presence of first-class contexts and contextual objects to describe syntax trees that are closed with respect to a given context of assumptions. Following M. Hofmann’s work, we use a presheaf model to characterise HOAS trees. Surprisingly, this model already provides the necessary structure to also model Cocon . In particular, we can capture the contextual objects of Cocon using a comonad ♭ that restricts presheaves to their closed elements. This gives a simple semantic characterisation of the invariants of contextual types (e.g. substitution invariance) and identifies Cocon as a type-theoretic syntax of presheaf models. We further extend this characterisation to dependent types using categories with families and show that we can model a fragment of Cocon without recursor in the Fitch-style dependent modal type theory presented by Birkedal et al.
In early 2020, the Covid-19 pandemic forced employees in tech companies worldwide to abruptly transition from working in offices to working from their homes. During two years of predominantly working from home, employees and managers alike formed expectations about what post-pandemic working life should look like. Many companies are experimenting with new work policies that balance employee- and manager expectations regarding where, when and how work should be done in the future. In this article, we gather experiences of the new trend of remote working based on the synthesis of 22 company-internal surveys of employee preferences for WFH, and 26 post-pandemic work policies from 17 companies and their sites, covering 12 countries in total. Our results are threefold. First, through the new work policies, all companies formally give employees more flexibility regarding working time and location. Second, there is a great variation in how much flexibility the companies are willing to yield to the employees. The paper details the different formulations that companies adopted to document the extent of permitted WFH, exceptions, relocation permits and the authorization procedures. Third, we document a change in the psychological contract between employees and managers, where the option of working from home is converted from an exclusive perk that managers could choose to give to the few, to a core privilege that all employees feel they are entitled to. Finally, there are indications that as the companies learn and solicit feedback regarding the efficiency of the chosen strategies, we will see further developments and changes in the work policies concerning how much flexibility to work whenever and from wherever they grant. Through these findings, the paper contributes to a growing literature about the new trends emerging from the pandemic in tech companies and spells out practical implications onwards.
During the design of safety-critical systems, safety and security engineers make use of architecture patterns, such as Watchdog and Firewall, to address identified failures and threats. Often, however, the deployment of safety architecture patterns has consequences on security, e.g., the deployment of a safety architecture pattern may lead to new threats. The other way around may also be possible, i.e., the deployment of a security architecture pattern may lead to new failures. Safety and security co-design is, therefore, required to understand such consequences and trade-offs, in order to reach appropriate system designs. Currently, architecture pattern descriptions, including their consequences, are described using natural language. Therefore, their deployment in system design is carried out manually by experts, thus time-consuming and prone to human-error, especially given the high system complexity. We propose the use of semantically-rich architecture patterns to enable automated support for safety and security co-design by using Knowledge Representation and Reasoning (KRR) methods. Based on our domain-specific language, we specify reasoning principles as logic specifications written as answer-set programs. KRR engines enable the automation of safety and security co-engineering activities, including the automated recommendation of which architecture patterns can address failures or threats, and consequences of deploying such patterns. We demonstrate our approach on an example taken from the ISO 21434 standard.
Context Software companies must become better at delivering software to remain relevant in the market. Continuous integration and delivery practices promise to streamline software deliveries to end-users by implementing an automated software development and delivery pipeline. However, implementing or retrofitting an organization with such a pipeline is a substantial investment, while the reporting on benefits and their relevance in specific contexts/domains are vague. Aim In this study, we explore continuous software engineering practices from an investment-benefit perspective. We identify what benefits can be attained by adopting continuous practices, what the associated investments and risks are, and analyze what parameters determine their relevance. Method We perform a multiple case study to understand state-of-practice, organizational aims, and challenges in adopting continuous software engineering practices. We compare state-of-practice with state-of-the-art to validate the best practices and identify relevant gaps for further investigation. Results We found that companies start the CI/CD adoption by automating and streamlining the internal development process with clear and immediate benefits. However, upgrading customers to continuous deliveries is a major obstacle due to existing agreements and customer push-back. Renegotiating existing agreements comes with a risk of losing customers and disrupting the whole organization. Conclusions We conclude that the benefits of CI/CD are overstated in literature without considering the contextual and domain complexities rendering some benefits infeasible. We identify the need to understand the customer and organizational perspectives further and understand the contextual requirements towards the CI/CD.
Artificial Intelligence (AI) implementation incorporates challenges that are unique to the context of AI, such as dealing with probabilistic outputs. To address these challenges, recent research suggests that organizations should develop specific capabilities for AI implementation. Currently, we lack a thorough understanding of how certain capabilities facilitate AI implementation. It remains unclear how they help organizations to cope with AI’s unique characteristics. To address this research gap, we employ a qualitative research approach and conduct 25 explorative interviews with experts on AI implementation. We derive four organizational capabilities for AI implementation: AI Project Planning and Co-Development help to cope with the inscrutability in AI, which complicates the planning of AI projects and communication between different stakeholders. Data Management and AI Model Lifecycle Management help to cope with the data dependency in AI, which challenges organizations to provide the proper data foundation and continuously adjust AI systems as the data evolves. We contribute to our understanding of the sociotechnical implications of AI’s characteristics and further develop the concept of organizational capabilities as an important success factor for AI implementation. For practice, we provide actionable recommendations to develop organizational capabilities for AI implementation.
Causal relations in natural language (NL) requirements convey strong, semantic information. Automatically extracting such causal information enables multiple use cases, such as test case generation, but it also requires to reliably detect causal relations in the first place. Currently, this is still a cumbersome task as causality in NL requirements is still barely understood and, thus, barely detectable. In our empirically informed research, we aim at better understanding the notion of causality and supporting the automatic extraction of causal relations in NL requirements. In a first case study, we investigate 14.983 sentences from 53 requirements documents to understand the extent and form in which causality occurs. Second, we present and evaluate a tool-supported approach, called CiRA, for causality detection. We conclude with a second case study where we demonstrate the applicability of our tool and investigate the impact of causality on NL requirements. The first case study shows that causality constitutes around 28 % of all NL requirements sentences. We then demonstrate that our detection tool achieves a macro-F1\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\hbox {F}_{1}$$\end{document} score of 82 % on real-world data and that it outperforms related approaches with an average gain of 11.06 % in macro-Recall and 11.43 % in macro-Precision. Finally, our second case study corroborates the positive correlations of causality with features of NL requirements. The results strengthen our confidence in the eligibility of causal relations for downstream reuse, while our tool and publicly available data constitute a first step in the ongoing endeavors of utilizing causality in RE and beyond.
Industry 4.0 (I4.0) refers to the trend towards automation and data exchange in manufacturing technologies and processes which include cyber-physical systems, where the internet of things connect with each other and the environment via networking. This new connectivity opens systems to attacks, by, e.g., injecting or tampering with messages. The solution supported by communication protocols such as OPC-UA is to sign and/or encrypt messages. However, given the limited resources of devices and the high performance requirements of I4.0 applications, instead of applying crypto algorithms to all messages in the network, it is better to focus on the messages, that if tampered with or injected, could lead to undesired configurations. This paper describes a framework for developing and analyzing formal executable specifications of I4.0 applications in Maude. The framework supports the engineering design workflow using theory transformations that include algorithms to enumerate network attacks leading to undesired states, and to determine wrappers preventing these attacks. In particular, given a deployment map from application components to devices we define a theory transformation that models execution of applications on the given set of (network) devices. Given an enumeration of attacks (message flows) we define a further theory transformation that wraps each device with policies for signing/signature checking for just those messages needed to prevent the attacks. In addition, we report on a series of experiments checking for attacks by a bounded intruder against variations on a Pick-n-Place application, investigating the effect of increasing bounds or increasing application size and further minimizing the number of messages that must be signed.
There have been numerous recent calls for research on the human side of software engineering and its impact on project success. An analysis of which challenges in software engineering teams are most relevant and frequent is still missing. As teams are more international, it is more frequent that their members have different personal values as well as different communication habits. Additionally, virtual team setups (working geographically separated, remote communication using digital tools and frequently changing team members) are increasingly prevalent. We designed a survey instrument and asked respondents to assess the frequency and criticality of a set of challenges, both within teams as well as between teams and clients. For the team challenges, we asked if mitigation measures were already in place to tackle the challenge. Respondents were also asked to provide information about their team setup. The survey included an instrument to measure Schwartz human values. The survey was first piloted and then distributed to professionals working in software engineering teams. In this article, we report on the results obtained from 192 survey respondents. We present a set of challenges that takes the survey feedback into account and introduce two categories of challenges; inter-personal and intra-personal. We found no evidence for links between personality values and challenges. We found some significant links between the number of distinct nationalities in a team and certain challenges. We found evidence that a higher degree of virtualization leads to an increase of the frequency of some human challenges. We present a set of human challenges in software engineering that can be used for further research on causes and mitigation measures, which serves as our starting point for a theory about causes of contemporary human challenges in software engineering teams. Our findings warrants further research on human challenges in software engineering and gather more evidence and test countermeasures, such as whether the employment of virtual reality software incorporating facial expressions and movements can help establish a less detached way of communication.
This Special Section focused on gathering the most recent scientific research and insights on the evolution of communication architectures and protocols able to boost the creation of a truly global internet by means of the integration of the current internet with a new Internet of Space ; how to support the operation of Tier-1, Tier-2, or even Tier-3 airborne/spaceborne networks; how to address interoperability, within and across different protocol layers in the network architecture, leveraging cross-layer design; and finally how to design a more unified next-generation internet architecture able to transparently include spaceborne and airborne platforms in a way that allows for user-centric services, and a smooth operation of transient networks.
Institution pages aggregate content on ResearchGate related to an institution. The members listed on this page have self-identified as being affiliated with this institution. Publications listed on this page were identified by our algorithms as relating to this institution. This page was not created or approved by the institution. If you represent an institution and have questions about these pages or wish to report inaccurate content, you can contact us here.
85 members
Vincent Aravantinos
  • Software and System Engineering
Rute C. Sofia
  • Industrial IoT
Alexander Perzylo
  • Knowledge-based Systems Engineering
Holger Pfeifer
  • Software Dependability
Guerickestr. 25, 80805, München, Germany
Head of institution
Harald Rueß
+49 89 3603522 0
+49 89 3603522 50