Doctoral Symposium

NEW: the Doctoral Symposium is significantly reshaped this year! Attendance is open to all PhD students, but not to their advisors. The students will have the opportunity to freely interact with a panel of experts and invited speakers. More information can be found on the CFP.

Monday, October 23

Session 1 09:00-10:30

9:00-9:10   Introduction to ISSRE Doctoral Symposium

9:10-9:40   Invited Speaker: Things I would have loved to know during my PhD. Davide Fucci

9:40-10:30 Invited Speaker: Why and how to get a PhD and — possibly — pursue a research career? Lionel Briand

Session 2 11:30-12:30

Benchmarking the Security of Virtualization Infrastructures: Motivation and Approach. Charles Goncalves

Model-based architecture robustness analysis for software-intensive autonomous systems. Sebastian Dieter Krach

Finite State Machine Testing: Complete Round-trip Versus Transition Trees. Hoda Khalil

First insights into testing autonomous robot in virtual worlds. Clément Robert

Session 3 02:00-03:30

Towards Multi-layered Reliability Analysis in Smart Grids. Stanislav Chren

Living Safety Arguments for Open Systems. Carmen Carlan

Interactive Runtime Verification - When Interactive Debugging Meets Runtime Verification. Raphaël Jakse

Multi-level isolation for Android applications. Guillaume Averlant

Session 4 04:00-05:30

Interactive session


Abstracts of Doctoral Symposium papers

Charles Goncalves

Benchmarking the Security of Virtualization Infrastructures: Motivation and Approach

Abstract: With the growing adoption of cloud computing for business systems, the efforts to keep those environments secure are also increasing. Virtualization infrastructures are key to support such systems, but engineers lack means to help them in selecting the best solutions according to their security requirements. The goal of this work is to define and develop a benchmarking approach to assess and compare the security of virtualization infrastructures. The approach allows the benchmark user to define his usage scenario, which will influence the assessment metrics and quality model. Well established performance benchmarks will be used as workload. The evaluation procedure comprises two key phases: i) security qualification to make sure that detectable/known vulnerabilities are not present; ii) trustworthiness assessment to gather further evidences of the system security. We believe this approach will allow assessing and comparing systems in terms of security, thus helping IaaS providers to select the best infrastructure for their specific needs.

Hoda Khalil

Finite State Machine Testing: Complete Round-trip Versus Transition Trees

Abstract: Most software systems can be modeled either fully or partially using finite state machines. For this reason, many testing criteria for finite state machine models have been proposed and discussed by the research community. Among the studied testing criteria are complete round-trip paths and transition trees that cover round-trip paths in a piece wise manner. The theoretical comparison between the different proposed criteria does not provide enough evidence of effectiveness. Hence, empirical evaluation is needed to compare the criteria. In my thesis, I conduct many empirical experiments that aim at comparing the effectiveness of the complete round-trip paths test suites to the transition trees test suites in one hand, and comparing the effectiveness of the different techniques used to generate transition trees (breadth first traversal, depth first traversal, and random traversal) on the other hand. I also compare the effectiveness of all the testing trees generated using each single traversal criterion. Analyzing the experimental results lead to more than one hypothesis about the characteristics of the most effective among the evaluated test suites. The experimental results do not show consistent trends related to the suggested hypotheses. However, more intuitions are to be tested to find a more effective criterion.

Clément Robert

First insights into testing autonomous robot in virtual worlds

Abstract: The decisional capability of robotic systems has expanded significantly in recent years. Their validation typically implies expensive and laborious test campaigns in the field. Part of the validation could use simulation means, but there is currently no systematic method to test robots in virtual worlds. This work aims to provide such a method. We discuss  the challenges regarding the definition of virtual worlds and missions, their generation guided by test criteria and the automated analysis of test results. We also present preliminary work for an agricultural robot.

Carmen Carlan

Living Safety Arguments for Open Systems

Abstract: In recent years, there has been a shift from closed systems, with clearly defined borders, whose behavior is completely determined a priori, towards open systems, which are independently developed, and which are able to communicate and collaborate with other open systems in an ad-hoc manner. Such systems form a system of open systems with a set of enhanced and improved services. Whenever two open systems integrate in a safety-critical context at runtime, the functional safety of the emerged system of open systems needs to be automatically argued, without time delay. The effort for the construction of safety argumentation at integration time shall be reduced. There is a need to prepare the design time safety argumentation of individual open systems to be integrated at systems integration time in the safety argumentation of the system of open systems. I thereby propose an approach for living software safety argumentation. The approach aims to automatically adjust argumentation built manually, during design time according to the new operational environment information (due to the system’s integration with another open system or a system of open systems). In order to evaluate and validate the solution, the proposed method will be applied 2) to an example - collaborative drones for intelligent intersection management, and 2) one industrial system from industrial robotics application domain.

Raphaël Jakse

Interactive Runtime Verification - When Interactive Debugging Meets Runtime Verification

Abstract: Runtime Verification is property checking over an execution of a system that is instrumented.
Interactive debugging is inspecting the internal state of a program during an execution using a debugger.
This paper introduces Interactive Runtime Verification, an approach to fixing bugs in which Runtime Verification guides the developer during an Interactive Debugging session.

Guillaume Averlant

Multi-level isolation for Android applications

Abstract: Android is one of the most popular operating systems on mobile devices, and its usage is not going to decrease anytime soon. Although Android security has already been widely studied in the literature, its quick evolution scheme and emerging usages call for the continuation of this common effort.
In particular, mobile devices are now commonly used in different contexts, like in a bring-your-own device (BYOD) environment where personal and business data are held on the same device. However, small and medium companies cannot afford the costs of a dedicated software solution allowing personal and professional data to securely coexist on employees devices.
In this paper, we present a preliminary solution to address this need of isolation by leveraging hardware virtualization extensions found in current mobile processors. This solution targets chipset manufacturers and provides security and privacy protections for standard Android end users.

Stanislav Chren

Towards Multi-layered Reliability Analysis in Smart Grids

Abstract: Smart Grids, the next-generation power grids, are equipped with modern technologies to address the increasing demand on the quality of the power supply in the traditional power grids. Power grid is a critical infrastructure with reliability being one of its key quality attributes. Current reliability analysis methods for power grids focus on the physical level of the grid and do not consider multiple layers of the smart grids, such as software components and services. In our research, we aim at developing an approach for reliability analysis that would take into account multi-layered nature of smart grid by incorporating the physical components, software components and service usage scenarios. Such approach would be able to evaluate the reliability of the system with respect to the offered services and their stakeholders. The goal of the approach is to create a general smart grid reference model parametrized with parameters relevant to the reliability analysis. Afterwards, it will be possible to instantiate the reference model for a specific smart grid system. Next, it will be transformed into a formal model in order to obtain the estimation of system reliability. Finally, an open-source tool will be implemented to support the modeling and computation process.

Sebastian Dieter Krach

Model-based architecture robustness analysis for software-intensive autonomous systems

Abstract: When designing dependable cyber-physical systems software architects must plan for defects and environmentally caused failures. Determining the right degree of redundancy is a complex task which requires balancing failure potential reduction, additional coordination effort, increased costs, weight and power consumption.
An efficient fail-operational design requires software-based measures increasing the robustness by enabling the system to self-adaptively deactivate non-essential functionality. Environmental influences, as well as reconfigurations affecting architecture-level design decisions need to be an integral part of the early system design.
Recent reliability engineering approaches are not suitable for early design phases as they either do not incorporate a comprehensive system view or require detailed implementation-specific information.
In my research I analyze the architectural implications of software-based robustness-increasing measures. I strive to assist the architecture design using model-based simulation of robustness and reliability properties based on architecture-level descriptions of the system. The described approach builds upon an established architecture quality analysis framework and leverages existing prediction capabilities for system reliability and self-adaptation.