Johannes SametingerJohannes Kepler University of Linz | JKU · Dept. of Information Systems - Software Engineering
Johannes Sametinger
a.Univ.-Prof. Dipl-Ing. Dr.
About
116
Publications
70,679
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,357
Citations
Introduction
Publications
Publications (116)
The prevalence of security risks and the subsequent attacks on Cyber-Physical Systems (CPSs) have reached unprecedented levels. Anomaly-based Intrusion Detection Systems (Ab-IDS) emerged in response to this phenomenon, with the purpose of alerting actors in the event of an attack. However, with the advent of Industry 4.0 and smart manufacturing, CP...
As edge computing continues to play a pivotal role in modern computing architectures, ensuring robust cybersecurity becomes imperative. This paper introduces our emerging results on a comprehensive approach to bolster the cyber-resilience of edge computing systems by incorporating the MAPE-K (Monitor, Analyze, Plan, Execute, and Knowledge) loop. Th...
The Internet of Medical Things (IoMT) promises to improve patient care and the efficiency of Medical Cyber-Physical Systems (MCPSs). At the same time, the connectivity increases the security risk. We aim to model Self-protective MCPSs to reduce the attack surface during runtime. Even under attack, these systems require to provide clinical function...
Cyber-Physical Systems (CPS) frequently operate in collaborative environments with other CPS and humans. This collaborative environment has the potential for situations in which CPS endanger humans. We argue that safety in such environments can be increased if the environment is aware of the safety-critical situation and can respond appropriately....
Internet of Things (IoT) devices have become ubiquitous in our everyday life, with security becoming an ever-growing issue as more and more cyber-attack incidents being reported, primarily due to deficiencies in existing security mechanisms. However, while, for example, cloud-based applications, or industrial automation systems of systems possess s...
Many devices in various domains operate in different modes. We have suggested to use mode switching for security purposes to make systems more resilient when vulnerabilities are known or when attacks are performed. We will demonstrate the usefulness of mode switching in the context of industrial edge devices. These devices are used in the industry...
Medical devices require the provision of life-critical functionality even under adverse conditions. We imagine to model (at design time) and to switch (at run-time) security modes in a self-adaptive way, thus, reducing attack surfaces in case of a malfunction, attack, or when vulnerabilities become known. Modes return back to normal when patches ar...
Switching modes is a general mechanism that is used in many domains. We have suggested to use it for security purposes to make systems more resilient when vulnerabilities are known or when attacks are performed. OWASP provides several vulnerable web applications for testing and training security skills. We have the idea of applying mode switching t...
Cyber‐Physical Systems (CPSs) differ from traditional Information Technology (IT) systems in such a way that they interact with the physical environment, i.e., they can monitor and manipulate real objects and processes. For this special issue, the authors of the best papers of IWCFS 2019 were invited to submit extended versions of their workshop pa...
In the era of the Internet of Things and Industry 4.0, machines and devices are increasingly getting connected. These connections go hand in hand with security vulnerabilities and potential threats to these devices. In regular IT systems, we typically provide updates to eliminate vulnerabilities. In industrial automation and control systems, especi...
This volume constitutes the refereed proceedings of the workshops held at the 32nd International Conference on Database and Expert Systems Applications, DEXA 2021, held in a virtual format in September 2021: The 12th International Workshop on Biological Knowledge Discovery from Data (BIOKDD 2021), the 5th International Workshop on Cyber-Security an...
With increased interoperability of cyber-physical systems (CPSs), security becomes increasingly critical for many of these systems. We know mode switching from domains like aviation and automotive, and we imagine to use this mechanism for the development of resilient systems that continue to function correctly even if under malicious attack. If vul...
Detection of unauthorized disclosure of sensitive data is still an open problem. Taint tracking is one effective approach to detect information disclosure attacks. In this paper, we give an overview of dynamic taint tracking systems for Android. First, we discuss systems and identify their shortcomings. The contribution of this paper is to present...
Blockchain-Anwendungen werden bisher primär für marktbezogene Transaktionen diskutiert. Wir ergänzen dies und fokussieren auf organisationsinterne Steuerungsprozesse. Dabei loten wir das Potenzial von Custom Tokens und Smart Contracts besonders für die Koordination und Steuerung von Projekten aus. Anwendungsversuche und Forschungen sind hier bisher...
This volume constitutes the refereed proceedings of the three workshops held at the 31st International Conference on Database and Expert Systems Applications, DEXA 2020, held in September 2020: The 11th International Workshop on Biological Knowledge Discovery from Data, BIOKDD 2020, the 4th International Workshop on Cyber-Security and Functional Sa...
Incorporating network connectivity in cyber-physical systems (CPSs) leads to advances yielding better healthcare and quality of life for patients. However, such advances come with the risk of increased exposure to security vulnerabilities, threats, and attacks. Numerous vulnerabilities and potential attacks on these systems have been demonstrated....
Devices in people’s homes increasingly depend on software and hardware components. They interoperate with other devices wirelessly and through the Internet. The sensitive nature of some of their data, their increasing interoperability puts their security at the forefront. In this paper we will show smart homes can resiliently be secured by varying...
The detection of information disclosure attacks, i.e. the unauthorized disclosure of sensitive data, is a dynamic research field. The disclosure of sensitive data can be detected by various static and dynamic security analysis methods. In the context of Android, dynamic taint-tracking systems like Taintdroid have turned out to be especially promisi...
COOL Informatics (COOL stands for Cooperative Open Learning) is a teaching concept for beginning programmers that is based on brain-supporting teaching methods and materials. It includes several forms of cooperative learning like peer tutoring, pair programming, and talents exchange. We introduced the concept in a Java programming course of our Bus...
Einer der wichtigsten Aspekte der Blockchain-Technologie ist die vertrauenslose Kommunikation der Teilnehmer im Netzwerk. Der Einsatz dieser Eigenschaft für Anwendungsgebiete abseits von Kryptowährungen wird seit der Entwicklung von Smart Contracts und Custom Tokens immer interessanter. Bisher wurden Anwendungsfälle primär für marktbezogene Transak...
Medical device security is a growing concern with increasing incorporation of complex software and hardware. Security threats exploiting vulnerabilities in medical devices may directly impact patient safety. Standardization and federal organizations are hence, actively involved in setting up new paradigms for guidance and regulation of security thr...
Cyber-physical systems (CPSs) offer many opportunities but pose many challenges—especially regarding functional safety, cybersecurity, and their interplay, as well as the systems’ impact on society. Consequently, new methods and techniques are needed for CPS development and assurance. The articles in this theme issue aim to help address some of the...
Medical Devices (MDs) are by definition safety-critical and
increasingly also become security-critical when interoperating,
i.e., when communicating in some form. Finding errors,
inconsistencies, or vulnerabilities in MDs before deployment
can significantly decrease costs and increase quality and reliability.
In this paper, we present a rigorous “c...
Medical Devices (MDs) are by definition safety-critical and increasingly also become security-critical when interoperating, i.e., when communicating in some form. Finding errors, inconsistencies, or vulnerabilities in MDs before deployment can significantly decrease costs, and increase quality and reliability. In this paper, we present a rigorous "...
Medical devices are indispensable for millions of patients worldwide. They increasingly depend on software and hardware components, and interoperate with other devices wirelessly and through the Internet. The sensitive nature of health records, the increasing interoperability of medical devices, and the fact that human well-being and life are at st...
Implantable devices, often dependent on software, save countless lives. But how secure are they? Security and safety issues in the medical domain take many different forms. Examples range from purposely contaminated medicine to recalls of vascular stents, and health data breaches. Risks resulting from unintentional threats have long been known, for...
This paper is a " call for action " to formalize the typology of models used in healthcare simulation models. A brief taxonomy of model types is presented. Issues of model validity, patient safety and data/system security are brought to the fore to illustrate the challenges in this field. Examples are given that further highlight the research and d...
Due to the increasing networking of devices and services to the Internet of Things, security requirements are rising. Systems that were previously operated in isolation can be attacked over the Internet today. Industrial control systems often form the core of critical infrastructures. Their vulnera-bilities and too lax security management can have...
Security issues arise permanently in different software products. Making software secure is a challenging endeavor. Static analysis of the source code can help eliminate various security bugs. The better a scanner is, the more bugs can be found and eliminated. The quality of security scanners can be determined by letting them scan code with known v...
Privacy can be described as the state of being unaccompanied or unobserved without unauthorized intrusion. We define front-end privacy as privacy when accessing data from a device, e.g., when working jointly on a computer. This is a matter of visibility with the problem that information can get directly disclosed. In this paper, we will define kind...
The importance of IT security is out of doubt. Data, computer and network security are essential for any business or organization. Software security often remains out of focus, from an organization’s, a developer’s and from an end-user’s point of view. We will consider security terminology, security bugs, security flaws, and mitigation issues.
Mobile devices contain a multitude of sensitive data and provide access to even more data as well as services somewhere on the Internet. Even if only temporarily in the hands of non-entitled persons, privacy is at stake. Authentication protects against unauthorized usage. Today's operating systems of mobile devices offer authentication mechanisms....
Mobile devices get smarter and increasingly provide access to sensitive data. Smart phones and tablet computers present detailed contact information, e-mail messages, ap-pointments, and much more. Users often install apps on their devices to get additional functionality like games, or access to social networks. Too often, such apps access sensitive...
Microsoft is developing wide-spread software solutions like the Windows operating system and the Office suite. In order to improve security of their products, they have introduced the Microsoft Security Development Lifecycle (MS-SDL). Ample documentation about the MS-SDL is available, thus, allowing other companies to adopt the lifecycle as well. W...
We will evaluate electronic payment (ePayment) systems by employing a use-value analysis. The key success factors of ePayment systems are security and flexibility. Not surprisingly, it turns out, that there is neither a "best" nor a "most secure" ePayment system. The adequacy of these systems depends on the application context. A use-value analysis...
People's activities are often monotonous over long periods of time, e.g., sitting at a desk and working with a computer. Together with an inactive lifestyle, this leads to muscle weakness, postural faults and movement dysfunction, thereby increasing the likelihood of musculoskeletal problems. Ever more young people are affected by such musculoskele...
Typically, users of Web content management systems lack expert knowledge of the technology itself, let alone the security issues therein. Complicating the matter, WCMS vulnerabilities are attractive targets for potential attackers. A security analysis of two popular, open-source WCMSs exposed significant security holes, despite the obvious efforts...
Security design patterns are proven solutions to security problems in a given context with constructive mea- sures of how to design certain parts of a software system. The literature contains numerous definitions, ex- amples, and taxonomies of such patterns. There are also a few quality criteria for them. We suggest a new taxonomy based on attack p...
Even in medium-sized hospitals, thousands of medical records are created every day. These documents have to be archived over many years. This is important for having access to information for later treatments of patients and for potential legal disputes. The latter makes signing of medical records important. The process of getting rid of paper in h...
The central idea of this paper is to apply the concept of a top-level ontology to make access and retrieval of resources, more specifically documents, in knowledge-intensive business processes smarter. Supporting the reuse of meta-data created elsewhere, the sharing of meta-data across applications and users as well as the application of meta-data...
The search for a fast and standardized method to determine the options for and scope of eBusiness-based solutions for implementation in business processes sparked a cooperation between Siemens in Munich and the Johannes Kepler University in Linz. The extent to which a specific business process is supported by eSolutions determines its eReadiness. W...
Aufgrund der großen Anzahl von verfügbaren eSolutions ist deren Zuordnung zu Geschäftsprozessen oft schwierig, da individuelle Anforderungen jeder Geschäftsprozessaktivität berücksichtigt werden müssen. In diesem Beitrag wird ein Prototyp zur (teil-)automatisierten Ermittlung von geeigneten eSolutions zur Abwicklung von Geschäftsprozessen und zur B...
Knowledge workers collaborate in teams, networks and communities in order to accomplish knowledge processes. They have to be supported with adequate organizational as well as information and communication technological (ICT) infrastructures. From an ICT perspective, requirements have changed when compared to more traditional (office) work due to th...
Knowledge workers typically collaborate in knowledge processes and have to be supported with adequate information and communication infrastructures.
Object-oriented software development has proven effective for systems development, but the creation of reusable and changeable software architectures is still a challenging task. Design patterns capture the expertise for reusable design solutions, but there is no methodical approach to providing conceptual design building blocks in tangible and com...
Knowledge workers typically collaborate in knowledge processes and have to be supported with adequate information and communication infrastruc- tures. We propose a shared-context information workspace that organizes knowledge resources within several dimensions. We show how this workspace can be used to support typical knowledge processes.
Knowledge workers collaborate in teams, networks and communities in order to accomplish knowledge proc- esses. They have to be supported with adequate organiza tional as well as information and communication technological (ICT) infrastructures. From an ICT perspective, requirements have changed when compared to more traditional (office) work due to...
Die Entwicklungsgeschichte der Sprachmittel zur Beschreibung und
Strukturierung von Software war in der vergangenen 25 Jahren von einer hohen Dynamik geprägt. Dieser Artikel legt die Gründe für das Entstehen immer mächtigerer Konzepte dar und behandelt Web Services als vorläufigen Endpunkt dieser Entwicklung. Dabei wird deutlich, dass jedes Konzept...
The evolution of complex software systems is promoted by software
engineering principles and techniques like separation of concerns,
encapsulation, stepwise refinement, and reusability of design solutions.
Design patterns capture the expertise for reusable design solutions.
Aspect-oriented programming is a methodology that enables the
modularizatio...
Computers and the World Wide Web have influenced many aspects of every-day-life. Especially in the field of doing business new ways of communication have emerged. Distance learning, eLearning, computer-based training, and web-based training are terms for new forms of learning based on modern technologies. In this paper we will introduce facets of e...
The desktop metaphor has been helpful as long as the types, formats and amounts of contents to be administered were limited. Due to the increase in size and complexity of contents, much of the original desktop's functionality has moved into applications, replacing the desktop as the central view to collections of contents. We will outline an enviro...
We report on a combination of system theoretic simulation modeling methodology with the JavaBeans component model as a basis for a component-based simulation framework. While system theory formalisms can serve as formal, mathematical foundations for modular, hierarchical modeling and simulation, the JavaBeans component model provides the appropriat...
Communication among companies and between clients and companies has been revolutionized by the Internet, e.g., b2b market places, as well as new ways of collaboration like virtual companies. Many systems with holistic and individualized service, sales and marketing concepts are available today. In this paper we give an overview of the basic concept...
The Internet has revolutionized communication among companies and clients. New possibilities for global collaboration among companies on a project basis are possible with virtual enterprises. Virtual enterprises enable new ways of collaboration with clients and their participation in creative and inventive activities of individual products. Further...
Modulare, hierarchische Modellierung und das Komponentenmodell JavaBeans bilden die Grundlage für die Ent-wicklung eines Kompontenrahmenwerkes zur Realisierung von Simulationsanwendungen. Systemtheoretische For-malismen stellen die formale Basis für die modulare, hierarchische Modellierung und Simulation dar; das Kompo-nentenmodell JavaBeans wird a...
In the SimBeans project we apply a component-based software engi- neering approach to the development of simulation systems and frame- works. Libraries of reusable simulation components have been realized on the basis of the component model JavaBeans for various simulation application domains. The main objective thereby has been to enhance model re...
We have investigated the component models JavaBeans and COM/ActiveX, their support for component-based software development as well as their commonalties and differences. The main objective has been to find out the component models' usefulness in building real-world applica- tions and to compare the underlying component models based on a concrete s...
The paper reports on an effort to use both the system theoretic DEVS (discrete event simulation) formalism and the JavaBeans component model as a basis for a component based discrete event simulation framework. The result of the synergism of DEVS and JavaBeans is a powerful component based simulation framework together with a set of flexible bean c...
This paper reports on an effort to use both the system theoretic DEVS (discrete event simulation) formalism and the JavaBeans component model as a basis for a componentbased discrete event simulation framework. The result of the synergism of DEVS and JavaBeans is a powerful component-based simulation framework together with a set of flexible bean c...
This paper reports on an effort to use both the system theoretic DEVS formalism and the JavaBeans component model as a basis for a compo-nent-based discrete event simulation framework. While the DEVS for-malism can serve as a formal, mathematical base for modular, hierarchi-cal discrete event modeling and simulation, the JavaBeans component model p...
In diesem Artikel werden ein kurzer Überblick über Java und dessen Einsatz, sowie eine Diskussion der Stärken und Schwächen aufgezeigt und beurteilt. Dadurch soll eine Eva-luierung von Java im Hinblick auf die praktische Einsetzbarkeit in der Softwareentwick-lung ermöglicht werden. Zusätzlich werden Punkte erläutert, die vor einem Einsatz von Java...
This work reports on two courses for computer scientists. The first is a graduate course on modeling and simulation and the second is a course on component based software engineering. For both of these courses we principally use the same basis, that is, the Java Beans component technology and the DEVS system theory formalism for discrete event simu...
. Donald Knuth created the WEB system for literate programming when he wrote the second version of T E X, a book-quality formatting system. Levy later created CWEB, which is based on Knuth's WEB using the C programming language and supporting development using the C and C++ programming languages. Krommes' FWEB is based on CWEB and supports several...
. The automatic extraction of high-level structural information from code is important for both software maintenance and reuse. Instead of using specialpurpose tools, we explore the use of a general-purpose data visualization system called Hy+ for querying and visualizing information about object-oriented software systems. Hy+ supports visualizatio...
Java in der praktischen Anwendung In diesem Artikel werden Stärken und Schwächen von Java aufgezeigt und beurteilt. Dadurch soll eine Evaluierung von Java im Hinblick auf die praktische Einsetzbarkeit in der Software-entwicklung ermöglicht werden. Wir geben einen kurzen Überblick über Java und diskutieren Stärken und Schwächen. Zusätzlich erläutern...
A variety of component types can be reused. Yet different composition techniques and different forms of interoperation of components make reuse difficult or impossible in many situations. We briefly introduce components and component composition. Then we describe forms of interoperation. We propose a classification by introducing an interoperation...
There have been several successful attempts in increasing the reusability of software components. All of these approaches are applicable only in certain contexts and do not provide general solutions to software engineering problems, but they demonstrate that productivity can be increased considerably when special attention is paid to software compo...
In the previous chapters we identified various aspects of software components, such as platforms, composition and interoperation. Now we deal with various attributes of components that allow us to better classify components. Some of the attributes are platform specific, others are component-specific. Attributes may also be specific to certain platf...
Software reuse has many technical and nontechnical aspects, for example, ad-hoc reuse, institutionalized reuse, black-box reuse, white-box reuse, source code reuse, design reuse.
The central idea of literate programming is to improve documentation quality by describing problems and solutions rather than executable programs. An important aspect is the integration of source code and documentation. Literate programming is primarily for system documentation. Thus reusers benefit from it only when doing white-box, glass-box, or...
Documentation requires mechanisms for systematic reuse similar to these for software. As a motivation for this statement, we present a case study on reuse measurement in some literate programs. The case study concerns how much reuse was done and how. By using literate programs, we simultaneously measure reuse in source code and documentation.
The term software crisis was coined in the late sixties to describe the increasing burden and frustration of software development and maintenance. Programmers have been reusing code, subroutines and algorithms since the early days of programming. But all this has been done informally. McIlroy introduced the concept of formal reuse through the softw...
Many nontechnical aspects have to be considered in order to improve systematic software reuse and to make it the normal way of software creation. Technical aspects are important prerequisites for successful reuse. However, they do not suffice to make software reuse happen. Systematic reuse requires long-term, top-down management support because [FI...
Application engineering is software engineering with the systematic reuse of existing components and domain knowledge. Applications should be built by assembling components. In case needed components are not available they have to be specified and provided by the component group. The component group is responsible for finding and possibly adapting...
We envision an ideal scenario of software engineering as building applications by assembling high-level components. If any required components are not available, they have to be built out of lower-level components. Finally, when even low-level components are not available, they have to be implemented in some programming language. Thus components ar...
Component engineering is software development for reuse. Systematic reuse requires a foundation of high-quality components with proper documentation. Such components cannot be simply extracted from existing applications. Getting reusable components requires more effort. Components in applications are usually designed for special requirements. They...
A taxonomy for reusable components provides a framework for creating and retrieving components. Component categories make it easier to determine the reuse potential of specific components. A taxonomy also helps in evaluating the state of today’s component reuse and in recognizing future potential for reuse.
In the previous chapter we described the most important steps for the creation of software. In order to define the order of these steps and to establish transition criteria to progress from one step to another, models for the software development process were derived from other engineering activities [Boe88]. The major advantage of software process...
Cost-effective production of high-quality software systems is the primary goal of software engineering. Quality in this respect comprises attributes like reliability, robustness, user-friendliness, efficiency and maintainability. Software reuse and software components provide crucial contributions in this direction; this is the topic of Part III.
Object-oriented programming supports the reuse of software because classes can be extended and modified without direct changes to the original class. Additionally, objects act as independent and inter- active components. If we build software systems by combining predefined objects we have to consider composition and interoperation mechanisms used b...
Software reuse provides several advantages, e.g., increased productivity and software quality, decreased development time and costs. Installing reuse programs requires up-front investments. Empirical data showing that a potential for software reuse exists in a certain environment will help managers to decide on such investments. In order to determi...
This work has been supported by the Austrian Fonds zur Förderung der wissenschaftlichen Forschung. The reuse of application frameworks and class libraries can improve the productivity in software development considerably. Object-oriented techniques, i.e., inheritance and information hiding, that ease reusing software, can be applied to documentatio...
Software development based on the classical software life-cycle proves inadequate for many ambitious projects. Exploratory software development is an alternative way of building software systems by eliminating deficiencies of the conventional software life cycle. Instead of exactly defining the various phases of the life cycle, exploratory software...
this paper we demonstrate the use of Hy+ for evaluating software metrics, verifying constraints, and identifying design patterns. Software metrics can be used to find components with low reusability or components that are hard to understand. Checking the source code against constraints can help bring design flaws to light, eliminate sources of erro...
Object-oriented programming has been an important step forward in increasing the quality of software systems and the productivity of software engineers. Objects have brought a radical change in the way software systems are being built. Objects can be regarded as components in that they facilitate to build software systems by putting various classes...