ENASE 2024 Abstracts


Area 1 - Challenges and Novel Approaches to Systems and Software Engineering (SSE)

Full Papers
Paper Nr: 20
Title:

Conversational Assistants for Software Development: Integration, Traceability and Coordination

Authors:

Albert Contreras, Esther Guerra and Juan de Lara

Abstract: The recent advances in generative artificial intelligence are revolutionising our daily lives. Large language models (LLMs) – the technology underlying conversational agents like ChatGPT – can produce sensible text in response to user prompts, and so, they are being used to solve tasks in many disciplines like marketing, law, human resources or media content creation. Software development is also following this trend, with recent proposals for conversational assistants tailored for this domain. However, there is still a need to understand the possibilities of integrating these assistants within integrated development environments (IDEs), coordinating multiple assistants, and tracing their contributions to the software project under development. This paper tackles this gap by exploring alternatives for assistant integration within IDEs, and proposing a general architecture for conversational assistance in software development that comprises a rich traceability model of the user-assistant interaction, and a multi-assistant coordination model. We have realised our proposal building an assistant (named CARET) for Java development within Eclipse. The assistant supports tasks like code completion, documentation, maintenance, code comprehension and testing. We present an evaluation for one specific development task (method renaming), showing promising results.
Download

Paper Nr: 68
Title:

Review Time as Predictor for the Quality of Model Inspections

Authors:

Marian Daun, Meenakshi Manjunath and Jennifer Brings

Abstract: Software inspections play an important part in ensuring the quality of software development. With the emergence of model-based development approaches, there is also a need for model inspections to ensure correctness of model-based artifacts. In practice, ad hoc inspections are regularly conducted, often by new and rather inexperienced colleagues, which are asked spontaneously to review an artifact of interest. The use of novices, such as trainees or student assistants, allows shorter review cycles at reduced costs. The quality of these ad hoc inspections is commonly attributed to different factors, often related to the reviewer. Increasing review time can be seen as an indicator that the reviewer takes the review serious. Furthermore, with more time spent, it can be assumed that more defects will be found. In this paper, we report the results of an experiment on ad hoc model inspections. Our results show that – contradictory to these assumptions and empirical findings from inspections of textual documents – the review time a reviewer decides to spend on a review has no significant influence on the effectiveness of ad hoc model inspections.
Download

Paper Nr: 129
Title:

Prevalence and User Perception of Dark Patterns: A Case Study on E-Commerce Websites of Bangladesh

Authors:

Yasin Sazid and Kazi Sakib

Abstract: Dark patterns are deceptive design tactics that impact user decision-making. Such tactics can harm user’s finances, privacy, and lifestyle. Researchers have explored dark patterns from different perspectives in recent times. However, most of the work have been conducted in western countries. As dark patterns involve people and their psychology, explorations in other cultural contexts may generate novel insights. We carried out such a study in the local context of Bangladesh, focusing on the prevalence and user perception of dark patterns. We first examined Bangladeshi e-commerce websites for dark patterns using a combination of automated methods such as GPT-3’s in-context learning and a novel segmentation algorithm, along with manual validation to address any limitations of the automated techniques. We also surveyed Bangladeshi university students about exposure, awareness, and concern regarding dark patterns. Based on the findings of both explorations, we ranked six dark pattern categories and subsequently divided them into two novel groups with distinct traits. We also found that educational background in technology make users more aware and concerned about dark patterns. 18.3% of the websites we analyzed in this study contained dark patterns, indicating prevalence of such design practices in e-commerce websites of Bangladesh.
Download

Short Papers
Paper Nr: 14
Title:

Reverse Engineering of Classical-Quantum Programs

Authors:

Luis Jiménez-Navajas, Ricardo Pérez-Castillo and Mario Piattini

Abstract: Quantum computing has emerged as a crucial technology, which is expected to be progressively integrated into current, traditional information systems. Society could be benefited from several potential, promising applications based on quantum computing. To achieve such advantages, this new paradigm will require integrating the quantum software into the new hybrid (classical-quantum) information systems. Thus, it is necessary to adapt well-known and validated software engineering methods and techniques, such as software evolution methods based on Model-Driven Engineering principles. In particular, the proposal of this paper is framed in the Quantum Software Modernization process, and, in particular, it addresses the reverse engineering phase. The main contribution is a reverse engineering technique that analyses quantum (Qiskit) and classical (Python) code and builds a common, abstract model that combines both classical and quantum elements. The models are built in a technology-agnostic manner through the Knowledge Discovery Metamodel. Within this technique, relationships have been established between classical and quantum elements which can help to preserve knowledge and provide meaningful insights during the evolution toward hybrid information systems. The functioning of this technique is demonstrated through a running example with a program from the Qiskit Github repository.
Download

Paper Nr: 73
Title:

Commit Classification into Maintenance Activities Using In-Context Learning Capabilities of Large Language Models

Authors:

Yasin Sazid, Sharmista Kuri, Kazi S. Ahmed and Abdus Satter

Abstract: Classifying software changes, i.e., commits into maintenance activities enables improved decision-making in software maintenance, thereby decreasing maintenance costs. Commonly, researchers have tried commit classification using keyword-based analysis of commit messages. Source code changes and density data have also been used for this purpose. Recent works have leveraged contextual semantic analysis of commit messages using pre-trained language models. But these approaches mostly depend on training data, making their ability to generalize a matter of concern. In this study, we explore the possibility of using in-context learning capabilities of large language models in commit classification. In-context learning does not require training data, making our approach less prone to data overfitting and more generalized. Experimental results using GPT-3 achieves a highest accuracy of 75.7% and kappa of 61.7%. It is similar to performances of other baseline models except one, highlighting the applicability of in-context learning in commit classification.
Download

Paper Nr: 79
Title:

Security and SLA Monitoring for Cloud Services

Authors:

Elias Seid, Mosammath Nazifa, Sneha Gupta, Oliver Popov and Fredrik Blix

Abstract: The present demand for cloud computing is driven by its scalability and adaptability, making it widely employed in enterprises. A Service Level Agreement (SLA) is a contractual arrangement between cloud providers and clients that ensures the stated level of services will be available. In order to evaluate the compliance of the services to the SLA, it is critical to monitor the availability of the cloud services. Cloud service companies offer several monitoring tools. However, such assessments are often influenced by bias, which prompts demands for impartial assessment of service level agreements (SLAs). The objective of this study is to address the issue of monitoring service availability characteristics, specifically uptime and downtime, in relation to SLA. To achieve this, a monitoring tool called SLA Analyser is proposed. The solution comprises a cen-tralised application that generates and collects data in the primary registry database, along with a compliance report generator that computes cloud service availability using previously gathered data and compares it to the SLA availability parameter. An illustrative report is generated based on the gathered and processed data. This study specifically addresses the reliable assessment of SLA for both clients and service providers. Moreover, this study analyses the challenges associated with SLA monitoring and the repercussions of neglecting its assessment. This approach is particularly essential to organisations that use many cloud services from various vendors. The SLA Analyser was employed to monitor the availability of the cloud database services. In order to mitigate financial losses and uphold a positive reputation for consumer confidence, it is essential to validate the SLA.
Download

Paper Nr: 89
Title:

Towards Enhancing Mobile App Reviews: A Structured Approach to User Review Entry, Analysis and Verification

Authors:

Omar Haggag, John Grundy and Rashina Hoda

Abstract: We propose an approach to address the shortcomings of current mobile app review systems on platforms such as the Apple App Store and Google Play. Currently, these platforms lack review categorisation and authentication of genuine user feedback, posing significant barriers for app developers and users. We propose an approach combining socio-technical grounded theory (STGT) and advanced natural language processing (NLP) tools such as GPT-4 to analyse user reviews, providing deeper insights into app functionalities, problems, and ultimately, user satisfaction. An interactive UI prototype is presented to demonstrate the use of structured, verified feedback. This includes a novel review submission process with categorisation/tagging and a "verified download" tag to ensure review authenticity. The goal of our approach is to enhance the app ecosystem by assisting developers in prioritising improvements and enabling users to make informed choices, encouraging a more robust and user-centric digital marketplace.
Download

Paper Nr: 92
Title:

Interpolation-Based Learning for Bounded Model Checking

Authors:

Anissa Kheireddine, Etienne Renault and Souheib Baarir

Abstract: In this paper, we propose an interpolation-based learning approach to enhance the effectiveness of solving the bounded model checking problem. Our method involves breaking down the formula into partitions, where these partitions interact through a reconciliation scheme leveraging the power of the interpolation theorem to derive relevant information. Our approach can seamlessly serve two primary purposes: (1) as a preprocessing engine in sequential contexts or (2) as part of a parallel framework within a portfolio of CDCL solvers.
Download

Paper Nr: 97
Title:

Afpatoo: Tool to Automate Function Point Analysis Based on UML Class and Sequence Diagrams

Authors:

Agnieszka Malanowska and Jarosław Zabuski

Abstract: Function Point Analysis (FPA) is a well-established and widely used measure of software functional size. For more than 20 years, there have been several attempts to calculate function points on the basis of the object-oriented specifications, mainly in the form of UML models, but fully automatic tools dedicated to that process are still missing. To fill this gap, we propose Afpatoo, a tool which performs IFPUG version of FPA on the basis of UML class and sequence diagrams with combined fragments. The tool implements two existing approaches from the literature in a plugin to Modelio, a broadly used open source UML modeling environment. Usefulness of the Afpatoo was tested and confirmed on the exemplary model for payback payments.
Download

Paper Nr: 98
Title:

Software Defect Prediction Using Integrated Logistic Regression and Fractional Chaotic Grey Wolf Optimizer

Authors:

Raja Oueslati and Ghaith Manita

Abstract: Software Defect Prediction (SDP) is critical for enhancing the reliability and efficiency of software development processes. This study introduces a novel approach, integrating Logistic Regression (LR) with the Fractional Chaotic Grey Wolf Optimizer (FCGWO), to address the challenges in SDP. This integration’s primary objective is to overcome LR’s limitations, particularly in handling complex, high-dimensional datasets and mitigating overfitting. FCGWO, inspired by the social and hunting behaviours of grey wolves, coupled with the dynamism of Fractional Chaotic maps, offers an advanced optimization technique. It refines LR’s parameter tuning, enabling it to navigate intricate data landscapes more effectively. The methodology involved applying the LR-FCGWO model to various SDP datasets, focusing on optimizing the LR parameters for enhanced prediction accuracy. The results demonstrate a significant improvement in defect prediction performance, with the LR-FCGWO model outperforming traditional LR models in accuracy and robustness. The study concludes that integrating LR and FCGWO presents a promising advance in SDP, offering a more reliable, efficient, and accurate approach for predicting software defects.
Download

Paper Nr: 119
Title:

Taxonomy of Governance Mechanisms for Trust Management In Smart Dynamic Ecosystems

Authors:

Dasa Kusnirakova and Barbora Buhnova

Abstract: In our evolving society, a future is envisioned where humans and digital systems converge to shape dynamic and unpredictable ecosystems constantly adapting to ever-changing conditions. Such smart dynamic ecosystems, which seamlessly merge digital agents, physical infrastructure, and human-technology interactions, need to enable the formation of partnerships between their members to collectively solve complex tasks. This necessitates the establishment of trust together with effective governance mechanisms on the ecosystem level, which emerge as crucial elements to ensure the proper functioning, safety, and adherence to established rules. However, there is currently very little understanding of what such trust-supporting governance mechanisms could look like. In this paper, we open this promising scientific field with compiling a taxonomy of governance mechanisms aimed at supporting trust management in smart dynamic ecosystems. By this, we take an initial step into the development of a comprehensive governance model and stimulate further research to address this critical aspect of managing the complex and dynamic nature of these ecosystems.
Download

Paper Nr: 127
Title:

On the Path to Buffer Overflow Detection by Model Checking the Stack of Binary Programs

Authors:

Luís Ferreirinha and Ibéria Medeiros

Abstract: The C programming language, prevalent in Cyber-Physical Systems, is crucial for system control where reliability is critical. However, it is notably susceptible to vulnerabilities, particularly buffer overflows that are ranked among the most dangerous due to their potential for catastrophic consequences. Traditional techniques, such as static analysis, often struggle with scalability and precision when detecting these vulnerabilities in the binary code of compiled C programs. This paper introduces a novel approach designed to overcome these limitations by leveraging model checking techniques to verify security properties within a program’s stack memory. To verify these properties, we propose the construction of a state space of the stack memory from a binary program’s control flow graph. Security properties, modelled for stack buffer overflow vulnerabilities and defined in Linear Temporal Logic, are verified against this state space. When violations are detected, counter-example traces are generated to undergo a reverse-flow analysis process to identify specific instances of stack buffer overflow vulnerabilities. This research aims to provide a scalable and precise approach to vulnerability detection in C binaries.
Download

Paper Nr: 138
Title:

Unlocking Adaptive User Experience with Generative AI

Authors:

Yutan Huang, Tanjila Kanij, Anuradha Madugalla, Shruti Mahajan, Chetan Arora and John Grundy

Abstract: Developing user-centred applications that address diverse user needs requires rigorous user research. This is time, effort and cost-consuming. With the recent rise of generative AI techniques based on Large Language Models (LLMs), there is a possibility that these powerful tools can be used to develop adaptive interfaces. This paper presents a novel approach to develop user personas and adaptive interface candidates for a specific domain using ChatGPT. We develop user personas and adaptive interfaces using both ChatGPT and a traditional manual process and compare these outcomes. To obtain data for the personas we collected data from 37 survey participants and 4 interviews in collaboration with a not-for-profit organisation. The comparison of ChatGPT generated content and manual content indicates promising results that encourage using LLMs in the adaptive interfaces design process.
Download

Paper Nr: 27
Title:

Extending PriPoCoG: A Privacy Policy Editor for GDPR-Compliant Privacy Policies

Authors:

Jens Leicht and Maritta Heisel

Abstract: Privacy policies are an important tool for service providers around the world, especially after the enactment of the General Data Protection Regulation (GDPR). Such privacy policies are commonly expressed in long texts written in legalese. In many cases multiple departments of a company are involved in the definition of these policies; however, only the legal department is able to evaluate the level of GDPR-compliance. We propose and evaluate a privacy policy editor that can be operated by a broader audience. Our editor provides policy authors with guidance on what information to include in a policy. Using the Prolog Layered Privacy Language (P-LPL) our editor can also perform GDPR-compliance checks and warn policy authors when compliance issues arise during policy definition. The privacy policies created with our editor are well structured and computer-interpretable as we use an existing policy language (P-LPL). This may also be beneficial for the data subjects, who will be reading the privacy policies, as user interfaces can visualize the policies in structured and better comprehensible ways, compared to the pure legalese texts of today’s privacy policies. Data controllers and data processors may also use our editor for defining service level agreements.
Download

Paper Nr: 36
Title:

Transforming Data Lakes to Data Meshes Using Semantic Data Blueprints

Authors:

Michalis Pingos, Athos Mina and Andreas S. Andreou

Abstract: In the continuously evolving and growing landscape of Big Data, a key challenge lies in the transformation of a Data Lake into a Data Mesh structure. Unveiling a transformative approach through semantic data blueprints enables organizations to align with changing business needs swiftly and effortlessly. This paper delves into the intricacies of detecting and shaping Data Domains and Data Products within Data Lakes and proposes a standardized methodology that combines the principles of Data Blueprints with Data Meshes. Essentially, this work introduces an innovative standardization framework dedicated to generating Data Products through a mechanism of semantic enrichment of data residing in Data Lakes. This mechanism not only enables the creation readiness and business alignment of Data Domains, but also facilitates the extraction of actionable insights from software products and processes. The proposed approach is qualitatively assessed using a set of functional attributes and is compared against established data structures within storage architectures yielding very promising results.
Download

Paper Nr: 43
Title:

Analyzing MQTT Attack Scenarios: A Systematic Formalization and TLC Model Checker Simulation

Authors:

Amina Jandoubi, M. T. Bennani, Olfa Mosbahi and Abdelaziz El Fazziki

Abstract: The SIGIRO project seeks to create an intelligent system for managing water resources in Marrakech-Safi and Tunisia’s northwest regions. The project introduces a systematic monitoring process to ensure adaptive control to address climate change. SIGIRO gathers data using the MQTT protocol, which has been the target of several cyberattacks in recent years. The absence of a formal description of these attacks leaves the field open to interpretation, leading to distinct implementations for a given attack. In this article, we formalize these attacks, provide descriptions, and check their exactness. We offer a systematic approach to formalizing seven attack scenarios targeting the MQTT protocol. Using the LTL temporal logic formalism, we generate 12 LTL formulas, each precisely describing a specific attack scenario. We classify these formulas into four categories according to a sequence of observation and injection events. These events are the abstract elements needed to control the attacks’ implementation. We verify our proposed formulas using the TLC Model Checker. We show the procedure to encode the LTL formula using TLA+ language. For each attack formula, the verification process generates a counterexample proving the occurrence of the formalized attack. These counterexamples model the execution sequence leading to the breach while providing key metrics such as the number of states generated, the number of pending states, the elapsed time, and the identification of redundant states. Based on the execution traces obtained, we formulate proposals for enhancing the specification of the MQTT protocol.
Download

Paper Nr: 78
Title:

Green Computing Adoption: Understanding the Role of Individual, Social, and Organizational Factors

Authors:

Fahima A. Anni, Muhammad Rezaul Islam, Farzana Sadia, Mahady Hasan and M. Rokonuzzaman

Abstract: This study investigates the factors influencing the attitudes of software developers and IT professionals towards Green Information Technology (GIT) in Bangladeshi IT/software firms and examines their impact on engagement in green computing practices. Data was collected from 130 participants. A thorough literature review was conducted. The findings highlight key individual factors that influence employees’ attitudes, including awareness, knowledge, and perception of environmental issues. The study demonstrates the connection with GIT attitudes and behavior modification, especially through stated usage of green computing methods. Data analysis confirms 5 out of 8 hypotheses and reveals the complexity of the relationships between the constructs. The report promotes the adoption of Green IT technology by software companies in Bangladesh and highlights the significance of an organized office system integrating Green IT. Limitations include a relatively small sample size and the multidimensional nature of the relationships between the constructs. The findings can assist software companies in addressing customer concerns about the performance and functionality of green computing practices, ultimately promoting sustainable computing practices in the IT sector of Bangladesh.
Download

Paper Nr: 126
Title:

Towards a SQL Injection Vulnerability Detector Based on Session Types

Authors:

António Silvestre, Ibéria Medeiros and Andreia Mordido

Abstract: Vulnerabilities in web applications pose a risk for organisations. Among them, SQL injections (SQLi) give the attacker access to private data by submitting malicious SQL queries to the database via invalidated entry points. Although there are various techniques for detecting SQLi, static analysis is widely used as it inspects the application code without executing it. However, static analysis tools are not always precise. In this work, we explore an avenue that links the detection of SQLi to type checking, thus providing stronger guarantees of their existence. We propose a novel approach which consists of interpreting the behaviour of a web application as if it was a communication protocol and uses session types to specify this behaviour. We leverage FreeST, a functional programming language for session types, to implement FREESQLI, a seminal detector of SQLi in PHP web applications. The tool translates the PHP code into FreeST code and capitalizes on FreeST’s type checker to verify protocol adherence and detect inconsistencies associated with the presence of SQLi.
Download

Paper Nr: 134
Title:

Secure Audio Watermarking for Multipurpose Defensive Applications

Authors:

Salma Masmoudi, Maha Charfeddine and Chokri Ben Amar

Abstract: Audio recordings contain very sensitive content, such as historical archival material in public archives that protects and conserves our cultural heritage, digital evidence in the context of law enforcement, the online formats of sensitive digital Holy Quran, etc. Such audio content is vulnerable to doctoring and falsification of its origin with malicious intent. One tool to solve several multimedia security difficulties facing this sensitive content is to tag it with a message before the distribution process. This technique is called watermarking. Hence, this paper aims to present a scheme of tamper detection and integrity control based on multipurpose and secure audio watermarking. To treat the integrity control application, we suggested embedding in the digital audio signal the tonal components resulting from the Human Psychoacoustic Model masking study, which are extracted as features from the relevant low-frequency band of the original audio signal. In addition, a Multilayer perceptron-based denoising autoencoder was executed after learning robust representation from corrupted audio features to correct the watermarked frequencies, thereby restoring the original ones. Consequently, blind tamper detection and blind invertibility were guaranteed. The detailed results indicated that the suggested scheme achieved higher performance at the integrity control and tamper detection level, as well as at the watermarking and reversibility properties.
Download

Area 2 - Systems and Software Engineering (SSE) for Emerging Domains

Full Papers
Paper Nr: 26
Title:

Scriptless Testing for an Industrial 3D Sandbox Game

Authors:

Fernando Pastor Ricós, Beatriz Marín, Tanja Vos, Joseph Davidson and Karel Hovorka

Abstract: Computer games have reached unprecedented importance, exceeding two billion users in the early 2020s. Hu-man game testers bring invaluable expertise to evaluate complex games like 3D sandbox games. However, the sheer scale and diversity of game content constrain their ability to explore all scenarios manually. Recognizing the significance and inherent complexity of game testing, our research aims to investigate new automated testing approaches. To achieve this goal, we have integrated scriptless testing into the industrial game Space Engineers, enabling an automated approach to explore and test sandbox game scenarios. Our approach involves the development of a Space Engineers-plugin, leveraging the Intelligent Verification and Validation for Extended Reality-Based Systems (IV4XR) framework and extending the capabilities of the open-source scriptless testing tool TESTAR. Through this research, we unveil the potential of a scriptless agent to explore 3D sandbox game scenarios autonomously. Results demonstrate the effectiveness of an autonomous scriptless agent in achieving spatial coverage when exploring and (dis)covering elements within the 3D sandbox game.
Download

Paper Nr: 114
Title:

Metasurance: A Blockchain-Based Insurance Management Framework for Metaverse

Authors:

Aritra Bhaduri, Ayush K. Jain, Swagatika Sahoo, Raju Halder and Chandra M. Kumar

Abstract: The worlds of commerce, business, entertainment, education, and healthcare are set for a transition into the Metaverse, enabling people to socialize, shop, invest, manufacture, buy, and sell in the virtual world. This paradigm shift introduces a myriad of risks and threats to the virtual assets, unveiling new avenues for the insurance marketplace to thrive. This paper presents Metasurance, a blockchain-based decentralized platform that enables insurance organizations in crafting and administering tailored insurance products for various virtual assets across different Metaverse platforms. Our solution supports automated management of the complete life cycle, starting from insurance shopping and purchase, premium payments, maturity and claim settlement without any hassle by establishing an interoperability among different Metaverse ecosystems. Moreover, we leverage dynamic price prediction through federated learning, enabling insurance companies to optimize premiums effectively. We present our working prototype developed based on the Hyperledger Fabric blockchain platform, supported by empirical evidence from system benchmarks and load testing, demonstrating enhanced transaction throughput. To the best of our knowledge, this is the first proposal for an insurance solution within the Metaverse ecosystem.
Download

Short Papers
Paper Nr: 65
Title:

Skeet: Towards a Lightweight Serverless Framework Supporting Modern AI-Driven App Development

Authors:

Kawasaki Fumitake, Shota Kishi and James Neve

Abstract: The field of web and mobile software frameworks is relatively mature, with a large variety of tools in different languages that facilitate traditional app development where data in a relational database is displayed and modified. Our position is that many current frameworks became popular during single server deployment of MVC architecture apps, and do not facilitate modern aspects of app development such as cloud computing and the incorporation of emerging technologies such as AI. We present a novel framework which accomplishes these purposes, Skeet, which was recently released to general use, alongside an initial evaluation. Skeet provides an app structure that reflects current trends in architecture, and tool suites that allow developers with minimal knowledge of AI internals to easily incorporate such technologies into their apps and deploy them.
Download

Paper Nr: 140
Title:

Analysing the Effectiveness of a Social Digital Repository for Learning and Teaching: A Fuzzy Comprehensive Evaluation

Authors:

Akrivi Krouska, Christos Troussas, Phivos Mylonas and Cleo Sgouropoulou

Abstract: Since the beginning of the 21st century, Open Education has emerged as an important field in education. Open Educational Resources (OERs) are closely related to it, which are hosted in Digital Repositories. OERs, despite their global recognition and their growing number, are not yet established widely. Teachers face many challenges when they want to use them, including the lack of pedagogical knowledge about their value, the way to use them, produce them and integrate them into teaching process. The purpose of this research is to strengthen the movement of OERs and to realise their full potential. To this end, a social digital repository was developed, for promoting OERs in primary education. This platform aims to create an open and interactive community of teachers, where through interaction, communication and collaboration, the teachers will be educated on OERs. The effectiveness of this digital repository is assessed using the fuzzy comprehensive evaluation model, in order to handle the subjective and imprecise information and better interpret the results of the survey. The results are very encouraging regarding the adoption of this technology.
Download

Paper Nr: 17
Title:

Gamification of E-Learning Apps via Acceptance Requirements Analysis

Authors:

Federico Calabrese, Luca Piras, Mohammed G. Al-Obeidallah, Benedicta O. Egbikuadje and Duaa Alkubaisy

Abstract: In the last few years, and particularly during and after the COVID-19 pandemic, E-Learning has become a very important and strategic asset for our society, relevant both for academic and industry settings, involving participants ranging from students to professionals. Different applications have been developed to support E-Learning to be an effective tool, particularly in relation to the software engineering and programming areas. However, in order to be effective, in particular within academic settings, such tools require students to be continuously engaged and motivated to learn both practical and theoretical aspects. The integration of gamification in educational environments has gained considerable prominence as a potential mean to augment students’ motivation and involvement, providing them with immediate feedback and reinforcement, bolstering their sense of accomplishment and motivation to persist in their studies. However, to design gamified applications that can effectively engage and motivate users, as the literature has demonstrated, it is required to consider psychological, sociological, and human behavioural aspects, often referred to as Acceptance Requirements. This study presents a case study, where a Goal Modeling-based, Systematic, Acceptance Requirements Analysis and Gamification Design process, has been applied, by using the Agon framework, to prototype a gamified tool, aiming at engaging students towards learning both theory and practice related to a “Web-Based Mobile App Development” university module. To evaluate our proposed prototype, students were involved to use our proposed gamified prototype. The results show that our gamification solution can engage and motivate students towards learning both theoretical and practical aspects of the module.
Download

Paper Nr: 37
Title:

Enhancing Interaction with Data Lakes Using Digital Twins and Semantic Blueprints

Authors:

Spyros Loizou, Michalis Pingos and Andreas S. Andreou

Abstract: Advanced analytical techniques and sophisticated decision-making strategies are imperative for handling extensive volumes of data. As the quantity, diversity, and speed of data increase, there is a growing lack of confidence in the analytics process and resulting decisions. Despite recent advancements, such as metadata mechanisms in Big Data Processing and Systems of Deep Insight, effectively managing the vast and varied data from diverse sources remains a complex and unresolved challenge. Aiming to enhance interaction with Data Lakes, this paper introduces a framework based on a specialized semantic enrichment mechanism centred around data blueprints. The proposed framework takes into account unique characteristics of the data, guiding the process of locating sources and retrieving data from Data Lakes. More importantly, it facilitates end-user interaction without the need for programming skills or database management techniques. This is performed using Digital Twin functionality which offers model-based simulations and data-driven decision support.
Download

Paper Nr: 55
Title:

UICVD: A Computer Vision UI Dataset for Training RPA Agents

Authors:

Madalina Dicu, Adrian Sterca, Camelia Chira and Radu Orghidan

Abstract: This paper introduces the UICVD Dataset, a novel resource fostering advancements in Robotic Process Automation (RPA) and Computer Vision. The paper focuses on recognizing UI (User Interface) components of a web application which is not as well known as recognizing real objects in images in the field of computer vision. This dataset derives from extensive screen captures within an enterprise application, offering a rare, in-depth look at real-world automation and interface scenarios. For RPA, the UICVD Dataset helps in training the machine model of an RPA agent for recognizing various UI components of the web application which is the target of the automation process. In Computer Vision, it serves as an invaluable tool for identifying and understanding user interface elements, ranging from basic icons to intricate structural details. Designed to support a wide spectrum of research and development initiatives, the UICVD Dataset is positioned as a critical asset for technology advancements in automation and user interface recognition. Its extensive, detailed content and ease of access make it a promising resource for enhancing existing applications and inspiring innovations in RPA and Computer Vision.
Download

Paper Nr: 66
Title:

IoTUseCase: A New Concept for the Modeling of Business Information Systems in the Age of IoT

Authors:

Gaetanino Paolone, Romolo Paesani, Jacopo Camplone and Paolino Di Felice

Abstract: Today, Business Information System (BISs) are the pillars of business operations. The integration of traditional data with data sensed by Internet of Things (IoT) devices can increase remarkably the future of BISs and their importance for the firms. Conceptual modeling is a fundamental stage in the development process of BISs, since it allows to build an abstraction of the reality, which usually is too complex. Browsing into the published literature, it emerges that so far minimal research has been carried out in the area of conceptual modeling of BISs in the age of IoT. The present position paper discusses the modeling of BISs in the age of IoT, as an evolution of the modeling of pre-IoT BISs. The conceptual modeling perspective this paper refers to concerns the Business Modeling of IoT software systems, in the sense meant by the Rational Unified Process (RUP). It is well-known that RUP is a use-case-driven approach, in fact use cases constitute the foundation for the entire software development process. A new UML stereotype, called IoTUseCase, is introduced, formalized and its role within the Business Modeling is discussed. Moreover, the study answers two research questions: (RQ1) Are the electronic devices that collect the data of interest part of the Business model or the System model? (RQ2) Is there a Unified Modeling Language (UML) construct that allows modeling the IoT devices?
Download

Area 3 - Systems and Software Quality

Full Papers
Paper Nr: 23
Title:

An Integrated Visualization Approach Combining Dynamic Data-Flow Analysis with Symbolic Execution

Authors:

Laura Troost, Hendrik Winkelmann and Herbert Kuchen

Abstract: Although studies have emphasized that generating test cases with respect to data-flow coverage is a highly effective approach to ensure software quality, there is still a lack of appropriate tooling. We contribute to this by extending the open source dynamic data-flow analysis and visualization tool Dacite with symbolic execution using the open source tool Mulib. Thereby, given a Java program and JUnit test cases, the covered data flow cannot only be identified but the user is able to receive feedback about the data flow not covered by existing test cases and can automatically generate test cases for those. This is especially suited for unit testing and early integration testing. Furthermore, to enhance the comprehensibility the identified data flow is visualized for the user with an integrated visualization using the Language Server Protocol.
Download

Paper Nr: 32
Title:

Decoding Code Quality: A Software Metric Analysis of Open-Source JavaScript Projects

Authors:

Suzad Mohammad, Abdullah Al Jobair and Iftekharul Abedeen

Abstract: The popularity of web-based solutions has seen rapid growth in the last decade, which has raised the demand for JavaScript (JS) usage in personal projects and enterprise solutions. While the extensive demand for JS has elevated, studies have yet to be done on how JS development follows the rules and guides for writing code to meet quality standards. Consequently, we choose to investigate the practice of JS on different project sizes, the developers’ experience, and their impact on code quality and development. To achieve this goal, we perform the code quality analysis of 200 open-source JS projects from GitHub on 10 code quality metrics. We design our research study to examine the influence of project size on issue density, find relationships among 10 code metrics, how code quality changes with developer experience, and determine the capabilities of existing source code evaluation tools. Our findings reveal that issue density decreases with increasing developer experience and project size. In addition, our quantitative study suggests that with the increase in project size and line of code (LOC), project maintainability decreases, leading to more issues such as errors, complexity, code smell, and duplication. However, as developers become more experienced, they face fewer coding challenges, enhance code quality, and reduce code smell per line of code (LOC). Our study also offers valuable insights into the capabilities of the 6 tools mentioned above to advance code evaluation practices.
Download

Paper Nr: 50
Title:

Steady-State Energy Consumption Evaluation in BaseBand Units Pool in Cloud Radio Access Network

Authors:

Maroua Idi, Sana Younes and Riadh Robbana

Abstract: Cloud Radio Access Network (C-RAN) have been proposed as a fifth-generation (5G) cellular network solution for high spectral and energy efficiency. In the C-RAN architecture, which leverages cloud computing technology, the baseband processing is performed in the cloud. In fact, the BaseBand Units (BBUs) are located in the cloud and generate Virtual Machines (VMs) to serve User Equipment (UE) calls. This paper performs a quantitative analysis of the energy consumption computed over two schemes named Virtual Machine Hysteresis Allocation Strategy (VMHAS) and Virtual Machine Allocation Strategy (VMAS) for 5G C-RAN. The first, VMHAS, uses the hysteresis mechanism to minimize energy consumption by adjusting the number of VMs in BBUs according to the traffic load. It consists of switching the idle VMs to sleep mode to save energy. The second, VMAS, allocates VMs without considering the sleep mode. We use the Markov Reward Model (MRM) to evaluate measures related to energy consumption in the proposed schemes. Modeling and performance measures specification are achieved by Continuous-Time Markov chains (CTMCs) and Continuous Stochastic Reward Logic (CSRL). We quantify the steady-state performance measures by checking CSRL formulas using the PRISM model checker. The obtained results demonstrate that the scheme with the hysteresis mechanism, VMHAS, achieves an enhanced energy performance compared to VMAS.
Download

Paper Nr: 53
Title:

Industrial Validation of a Neural Network Model Using the Novel MixTCP Tool

Authors:

Arnold Szederjesi-Dragomir, Radu Găceanu and Andreea Vescan

Abstract: Test Case Prioritization (TCP) is crucial in the fast-paced world of software development to speed up and optimize testing procedures, particularly in Continuous Integration (CI) setups. This paper aims to first validate a state-of-the-art neural network model to TCP in CI environments, by applying it into a real-world industrial context, and second to propose MixTCP, a tool that integrates the neural network model and significantly enhances the regression testing experience from the software developer perspective. MixTCP is implemented in the Elixir programming language and employs the NEUTRON model, a state-of-the-art approach that uses neural networks to intelligently prioritize test cases, effectively improving fault detection and reducing testing time. The tool is composed of loosely coupled components (Mix TCP task, TCP Server, and NEUTRON model), thus enabling the integration of other Test Case Prioritization solutions too. The results show that MixTCP has the potential to be a valuable asset to modern software development methods, offering software engineers a more efficient, a more user-friendly, and an overall easier to integrate TCP approach.
Download

Paper Nr: 77
Title:

Enriching the Semantic Representation of the Source Code with Natural Language-Based Features from Comments for Improving the Performance of Software Defect Prediction

Authors:

Anamaria Briciu, Mihaiela Lupea, Gabriela Czibula and Istvan G. Czibula

Abstract: The present study belongs to the new research direction that aims to improve software defect prediction by using additional knowledge such as source code comments. The fusion of programming language features learned from the code and natural language features extracted from the code comments is the proposed semantic representation of a source code. Two types of language models are applied to learn the semantic features: (1) the pre-trained models CodeBERT and RoBERTa for code embedding and textual embedding; (2) doc2vec model used for both, code embedding and comments embedding. These two semantic representations, in two combinations (only code features and code features fused with comment features), are used separately with the XGBoost classifier in the experiments conducted on the Calcite dataset. The results show that the addition of the natural language features from the comments increases the software defect prediction performance.
Download

Paper Nr: 85
Title:

Considerations in Prioritizing for Efficiently Refactoring the Data Clumps Model Smell: A Preliminary Study

Authors:

Nils Baumgartner, Padma Iyenghar and Elke Pulvermüller

Abstract: This paper delves into the importance of addressing the data clumps model smell, emphasizing the need for prioritizing them before refactoring. Qualitative and quantitative criteria for identifying data clumps are outlined, accompanied by a systematic, simple but effective approach involving a weighted attribute system with threshold-based priority assignment. The paper concludes with an experimental evaluation of the proposed method, offering insights into critical areas for developers and contributing to improved code maintenance practices and overall quality. The approach presented provides a practical guide for enhancing software system quality and sustainability.
Download

Paper Nr: 103
Title:

Automated Software Vulnerability Detection Using CodeBERT and Convolutional Neural Network

Authors:

Rabaya S. Mim, Abdus Satter, Toukir Ahammed and Kazi Sakib

Abstract: As software programs continue to grow in size and complexity, the prevalence of software vulnerabilities has emerged as a significant security threat. Detecting these vulnerabilities has become a major concern due to the potential security risks they pose. Though Deep Learning (DL) approaches have shown promising results, previous studies have encountered challenges in simultaneously maintaining detection accuracy and scalability. In response to this challenge, our research proposes a method of automated software Vulnerability detection using CodeBERT and Convolutional Neural Network called VulBertCNN. The aim is to achieve both accuracy and scalability when identifying vulnerabilities in source code. This approach utilizes pre-trained codebert embedding model in graphical analysis of source code and then applies complex network analysis theory to convert a function’s source code into an image taking into account both syntactic and semantic information. Subsequently, a text convolutional neural network is employed to detect vulnerabilities from the generated images of code. In comparison to three existing CNN based methods TokenCNN, VulCNN and ASVD, our experimental results demonstrate a noteworthy improvement in accuracy from 78.6% to 95.7% and F1 measure increasing from 62.6% to 89% which is a significant increase of 21.7% and 26.3%. This underscores the effectiveness of our approach in detecting vulnerabilities in large-scale source code. Hence, developers can employ these findings to promptly apply effective patches on vulnerable functions.
Download

Paper Nr: 118
Title:

Expectation-Based Integration Testing of Unidirectional Interactions in Component-Based Software Systems

Authors:

Nils Wild, Horst Lichter and Constantin Mensendiek

Abstract: Effective and efficient testing of complex component-based software systems is difficult. Unit test cases that test isolated components are focused and efficient but ineffective in detecting integration faults. Integration test cases, on the other hand, are hard to develop and maintain. With the UTBI meta-model and InterACt, a concept and tool implementation was developed to extract expectations towards other components from unit test cases and reuse unit tests to automate the verification of those expectations. However, the approach is limited to request-response interactions implicitly defined by mock interactions. This paper presents an extension to specify and verify expectations toward unidirectional interactions not encoded in the unit test cases. For example, if the recipient of the reaction to an interaction stimulus is not the same component that sent the stimulus in the first place.
Download

Paper Nr: 125
Title:

PreSTyDe: Improving the Performance of within-project Defects Prediction by Learning to Classify Types of Software Faults

Authors:

Gabriela Czibula, Ioana-Gabriela Chelaru, Arthur Molnar and Istvan G. Czibula

Abstract: Software defect prediction (SDP) is an important task within software development. It is a challenging activity, as the detection of software modules that are prone to malfunction in new versions of software contributes to an improved testing process and also increases the quality of the software. In this paper, we propose a two-stage hybrid approach for predicting the error-proneness of the application classes in an upcoming version of a software project by employing a taxonomy of defects unsupervisedly uncovered from the previous software releases. The first stage of the proposed approach consists of an unsupervised labelling of software defects from the available versions of the analysed software system. During the second stage, a supervised classifier is used to predict the error proneness during the software project’s evolution employing the taxonomies of defects uncovered in the previous stage. Experiments carried out with Calcite software in a SDP scenario within a project highlighted that the performance of predicting software defects during a project evolution increases by approximately 5%, in terms of the average Area under the Receiver Operating Characteristic curve, by developing predictors for different classes of software defects.
Download

Short Papers
Paper Nr: 46
Title:

CC-SolBMC: Condition Coverage Analysis for Smart Contracts Using Solidity Bounded Model Checker

Authors:

Sangharatna Godboley and P. R. Krishna

Abstract: Advances in blockchain technologies enable society toward trust-based applications. Smart contracts are the scripts holding the properties to perform the activities in Blockchain. Smart contracts are prepared between the parties to hold their requirements and promises. If the deal held by a smart contract is huge and expensive, then there is a high chance of attracting issues and loss of assets. This necessitates the verification and testing of a smart contract. In this paper, we demonstrate an approach for generating test cases to satisfy the condition coverage of smart contracts using a solidity-bounded model checker. We show the annotation of the original smart contract as per the condition coverage specification and drive the bounded model checker to prove the feasibility of the asserted properties. Finally, we collect all feasible targets and show the condition coverage score. Also, the proposed approach generates test input values for each feasible atomic condition. The approach presented has been tested with 70 smart contracts, resulting in 57.14% of contracts with good condition coverage scores. Our work can be utilized to certify any smart contract to check whether the Optimal or Maximal condition coverage is achieved or not.
Download

Paper Nr: 52
Title:

Embracing Unification: A Comprehensive Approach to Modern Test Case Prioritization

Authors:

Andreea Vescan, Radu Găceanu and Arnold Szederjesi-Dragomir

Abstract: Regression testing is essential for software systems that undergo changes to ensure functionality and identify potential problems. It is crucial to verify that modifications, such as bug fixes or improvements, do not affect existing functional components of the system. Test Case Prioritization (TCP) is a strategy used in regression testing that involves the reordering of test cases to detect faults early on with minimal execution cost. Current TCP methods have investigated various approaches, including source code-based coverage criteria, risk-based, and requirement-based conditions. However, to our knowledge, there is currently no comprehensive TCP representation that effectively integrates all these influencing aspects. Our approach aims to fill this gap by proposing a comprehensive perspective of the TCP problem that integrates numerous aspects into a unified framework: traceability information, context, and feature information. To validate our approach, we use a synthetic dataset that illustrates six scenarios, each with varying combinations of test cases, faults, requirements, execution cycles, and source code information. Three methods, Random, Greedy, and Clustering, are employed to compare the results obtained under various time-executing budgets. Experiment results show that the Clustering method consistently outperforms Random and Greedy across various scenarios and budgets.
Download

Paper Nr: 72
Title:

Metrics to Estimate Model Comprehension: Towards a Reliable Quantification Framework

Authors:

Bastian Tenbergen and Marian Daun

Abstract: Model-driven development has established itself as one of the core practices in software engineering. Increases in quality demands paired with shorter times to market and increased mission-criticality of software systems have sensitized software engineering practitioners to make use of not only formal, but also semi-formal models, particularly graphical diagrams to express the system under development in ways that facilitate collaboration, validation & verification, as well as configuration and runtime monitoring. However, what does and does not constitute a “good” model, i.e., a model that is fit for a practical purpose? While some model quality frameworks exist, the trouble with most of these is that they often lack the ability to concretely quantify and thereby objectively differentiate a “good” from a “poor” model, i.e., models that can be easily understood by the model reader. Without being able to reliably produce easily comprehensible models, training new team members during on-boarding or educating software engineering students is dramatically hindered. In this paper, we report on a research trajectory towards reliably measuring the comprehensibility of graphical diagrams.
Download

Paper Nr: 80
Title:

Influential Factors of Software Firms’ Performance in the Industry of Developing Countries

Authors:

Mohitul Shafir, Partho P. Saha, Ahnaf T. Araf, Shadat I. Haque, Mahady Hasan, Farzana Sadia and M. Rokonuzzaman

Abstract: This research focuses on the factors that influence the manner in which profoundly innovative businesses develop new products. A sample size of 96 individuals, including managers, software developers, marketing officers, and proprietors, was chosen to respond to a questionnaire containing twenty inquiries regarding the organization’s marketing strategy, the benefits of the new product, and the level of consumer awareness regarding the product. Using a structured questionnaire, the authors gathered data for this study from a sample of 27 companies engaged in the development of software marketing products and services. The result illustrates the benefits of novel products, which are associated with the product’s radical nature and business performance. Personal interviews, phone interviews, and Google Forms surveys collected data on organizations’ new product marketing tactics and consumer reactions. Drawing upon previous research on product innovations, this study presents a theoretical framework that establishes a connection between the radicalness of product innovation, market performance, and internal and external relations characteristics of organizations.
Download

Paper Nr: 82
Title:

A Monitoring Methodology and Framework to Partition Embedded Systems Requirements

Authors:

Behnaz Rezvani and Cameron Patterson

Abstract: The adoption of runtime monitoring has historically been limited to experts, primarily due to the intricate complexities associated with formal notations and the verification process. In response to this limitation, this paper introduces GROOT, a methodology and framework specifically designed for the automated synthesis of runtime verification monitors from structured English requirements. GROOT is tailored to address the challenges of adhering to both functional and timing constraints within complex real-time embedded systems. It accomplishes this through a dual approach that handles functional and timing requirements separately, allowing customized verification processes for each category. To demonstrate GROOT’s practical utility, its monitors are applied to an autonomous system modeled in Simulink.
Download

Paper Nr: 86
Title:

Security Testing of RESTful APIs with Test Case Mutation

Authors:

Sébastien Salva and Jarod Sue

Abstract: The focus of this paper is on automating the security testing of RESTful APIs. The testing stage of this specific kind of components is often performed manually, and this is yet considered as a long and difficult activity. This paper proposes an automated approach to help developers generate test cases for experimenting with each service in isolation. This approach is based upon the notion of test case mutation, which automatically generates new test cases from an original test case set. Test case mutation operators perform slight test case modifications to mimic possible failures or to test the component under test with new interactions. In this paper, we examine test case mutation operators for RESTful APIs and define 18 operators specialised in security testing. Then, we present our test case mutation algorithm. We evaluate its effectiveness and performance on four web service compositions.
Download

Paper Nr: 108
Title:

CodeGrapher: An Image Representation Method to Enhance Software Vulnerability Prediction

Authors:

Ramin Fuladi and Khadija Hanifi

Abstract: Contemporary software systems face a severe threat from vulnerabilities, prompting exploration of innovative solutions. Machine Learning (ML) algorithms have emerged as promising tools for predicting software vulnerabilities. However, the diverse sizes of source codes pose a significant obstacle, resulting in varied numerical vector sizes. This diversity disrupts the uniformity needed for ML models, causing information loss, increased false positives, and false negatives, diminishing vulnerability analysis accuracy. In response, we propose CodeGrapher, preserving semantic relations within source code during vulnerability prediction. Our approach involves converting numerical vector representations into image sets for ML input, incorporating similarity distance metrics to maintain vital code relationships. Using Abstract Syntax Tree (AST) representation and skip-gram embedding for numerical vector conversion, CodeGrapher demonstrates potential to significantly enhance prediction accuracy. Leveraging image scalability and resizability addresses challenges from varying numerical vector sizes in ML-based vulnerability prediction. By converting input vectors to images with a set size, CodeGrapher preserves semantic relations, promising improved software security and resilient systems.
Download

Paper Nr: 116
Title:

Towards a Web Application Attack Detection System Based on Network Traffic and Log Classification

Authors:

Rodrigo Branco, Vinicius Cogo and Ibéria Medeiros

Abstract: Web applications are the preferred means of accessing online services. They have been built quickly and can be left with vulnerabilities due to human error and inexperience, making them vulnerable to attacks. As a result, security analysts must analyse and react to countless threats and alerts. Such alerts can not provide sufficient information about the attack performed on the web application, which is crucial for a correct risk assessment and remediation measures. Network Intrusion Detection Systems (NIDS) have been used as a primary defence mechanism against web attacks. However, HTTPS, a widely adopted protocol in web applications, encrypts traffic, hindering NIDS’ efficiency in searching for network security threats and attacks. To enhance web application security, we present an approach that uses natural language processing (NLP) and machine learning (ML) algorithms to detect attacks through the analysis of network traffic (including HTTPS) and log-based payload contents. The approach employs anomaly detection by clustering netflows, and then NLP and supervised ML are used on the payload contents of anomalous netflows to identify attacks. Preliminary experiments have been made to detect SQL injection (SQLi), cross-site scripting (XSS), and directory traversal (DT) web attacks.
Download

Paper Nr: 135
Title:

Uncovering Bad Practices in Junior Developer Projects Using Static Analysis and Formal Concept Analysis

Authors:

Simona Motogna, Diana Cristea, Diana-Florina Şotropa and Arthur-Jozsef Molnar

Abstract: Static code analysis tools have been widely used as a resource for early error detection in software development. This paper explores the use of SonarQube together with Formal Concept Analysis, used for detecting data clusters, in enhancing source code quality among junior developers by facilitating the early detection of various quality issues and revealing dependencies among detected issues. We analyze the distribution of bad-practice issues in junior developers’ projects and show where the main problems occur, as well as the associations of bad practice issues with other types of issues. We conclude the analysis with a comparison between Python and Java projects with respect to the mentioned aspects. While focusing the analysis on issues related to bad practices in both Java and Python projects, the paper aims to to uncover challenges faced by junior developers in Java and Python projects, promoting awareness of code quality.
Download

Paper Nr: 22
Title:

Ensuring User Privacy in the Digital Age: A Quality-Centric Approach to Tracking and Data Protection

Authors:

Vitalijs Teze and Erika Nazaruka

Abstract: In the contemporary digital landscape, the pervasive practice of user tracking and the consequent erosion of data protection present significant challenges to user privacy. This paper introduces ’Privacy Risk Assessor’ a software tool designed to evaluate and enhance online privacy. Addressing the dynamics of user tracking, the tool analyses websites for privacy-threatening metrics in the context of existing tracking mechanisms. Employing a methodological approach, the tool’s architecture enables efficient processing and adaptability to tracking techniques and privacy regulations. The research focuses on key metrics of quality attributes including security, usability, trust, reliability, and performance, providing actionable insights into privacy risks. An evaluation was conducted on a dataset of 492 Latvian websites, with an emphasis on diverse privacy-related factors. The study revealed insights into prevalent privacy practices and underscored the tool’s effectiveness in real-world scenarios. The ’Privacy Risk Assessor’ stands out for its possibility to be integrated into web development process, offering developers and end-users ability to proactively measure potential privacy threats.
Download

Paper Nr: 31
Title:

Unsupervised Anomaly Detection in Continuous Integration Pipelines

Authors:

Daniel Gerber, Lukas Meitz, Lukas Rosenbauer and Jörg Hähner

Abstract: Modern embedded systems comprise more and more software. This yields novel challenges in development and quality assurance. Complex software interactions may lead to serious performance issues that can have a crucial economic impact if they are not resolved during development. Henceforth, we decided to develop and evaluate a machine learning-based approach to identify performance issues. Our experiments using real-world data show the applicability of our methodology and outline the value of an integration into modern software processes such as continuous integration.
Download

Paper Nr: 58
Title:

An Analysis of Privacy Issues and Policies of eHealth Apps

Authors:

Omar Haggag, John Grundy and Mohamed Abdelrazek

Abstract: Privacy issues in mobile apps have become a key concern of researchers, practitioners and users. We carried out a large-scale analysis of eHealth app user reviews to identify their key privacy concerns. We then analysed eHealth app privacy policies to assess if such concerns are actually addressed in these policies, and if the policies are clearly understood by end users. We found that many eHealth app privacy policies are imprecise, complex, require substantial effort to read, and require high reading ability from app users. We formulated several recommendations for developers to help address issues with app privacy concerns and app privacy policy construction. We developed a prototype tool to aid developers in considering and addressing these issues when developing their app privacy behaviours and policies.
Download

Paper Nr: 69
Title:

Outlier Detection Through Connectivity-Based Outlier Factor for Software Defect Prediction

Authors:

Andrada-Mihaela-Nicoleta Moldovan and Andreea Vescan

Abstract: Regression testing becomes expensive in terms of time when changes are often made. In order to simplify testing, supervised/unsupervised binary classification Software Defect Prediction (SDP) techniques may rule out non-defective components or highlight those components that are most prone to defects. In this paper, outlier detection methods for SDP are investigated. The novelty of this approach is that it was not previously used for this particular task. Two approaches are implemented, namely, simple use of the local outlier factor based on connectivity (Connectivity-based Outlier Factor, COF), respectively, improving it by the Pareto rule (which means that we consider samples with the 20% highest outlier score resulting from the algorithm as outliers), COF + Pareto. The solutions were evaluated in 12 projects from NASA and PROMISE datasets. The results obtained are comparable to state-of-the-art solutions, for some projects, the results range from acceptable to good, compared to the results of other studies.
Download

Paper Nr: 70
Title:

Exploring the Impact of Dataset Accuracy on Machinery Functional Safety: Insights from an AI-Based Predictive Maintenance System

Authors:

Padma Iyenghar

Abstract: This paper focuses on the critical role of dataset accuracy in the context of machinery functional safety within an AI-based predictive maintenance system in a manufacturing setting. Through experiments introducing perturbations simulating real-world challenges, a decrease in performance metrics was observed—factors such as sensor noise, labeling errors, missing data, and outliers were identified as contributors to the compromise of the AI model’s accuracy. Implications for reliability and availability were discussed, emphasizing the need for high-quality datasets to minimize the risk of unplanned downtime. Recommendations include the implementation of robust data quality assurance processes and improved outlier detection mechanisms to ensure the reliability and availability of machinery in high-risk environments.
Download

Paper Nr: 132
Title:

Races in Extended Input/Ouput Automata, Their Compositions and Related Reactive Systems

Authors:

Evgenii Vinarskii, Natalia Kushik, Nina Yevtushenko, Jorge López and Djamal Zeghlache

Abstract: Reactive systems can be highly distributed and races in channels can have a direct impact on their functioning. In order to detect such races, model-based testing is used and in this paper, we define races in the Extended Input Output Automata (EIOA) which are related to races in a corresponding distributed system. We define various race conditions in an EIOA modeling them by Linear Temporal Logic (LTL) formulas. As race conditions can be resolved in the corresponding EIOA implementations, we also discuss how a generated counterexample (if any) can be used for provoking a race in a distributed system implementation with the given level of confidence. Software Defined Networking (SDN) framework serves as a relevant case study along the paper.
Download

Area 4 - Theory and Practice of Systems and Applications Development

Full Papers
Paper Nr: 18
Title:

An Extensive Analysis of Data Clumps in UML Class Diagrams

Authors:

Nils Baumgartner and Elke Pulvermüller

Abstract: This study investigated the characteristics of data clumps in UML class diagrams. Data clumps are group of variables which appear together in multiple locations. In this study we compared the data clumps characteristics in UML class diagrams with them of source code projects. By analyzing the extensive Lindholmen and GenMyModel datasets, known for their real–world applicability, diversity, and containing more than 100,000 class diagrams in total, significant differences in the distribution and nature of data clumps were revealed. Approximately 19 % of the analyzed class diagrams contained data clumps. It was observed that field–field data clumps predominated in UML class diagrams, particularly in the GenMyModel dataset, while parame-ter–parameter data clumps were less frequent. Moreover, in contrast to the distribution in source code projects, data clumps in UML class diagrams were typically distributed across multiple classes or interfaces, forming larger chains. parameter–parameter data clumps were predominant in source code projects, indicating more detailed implementation of methods in these projects. These findings reflect different modeling approaches and paradigms among the respective user groups. This study has provided important insights regarding the development of UML modeling tools, teaching methods, and design practices in software development.
Download

Paper Nr: 38
Title:

Combining Goal-Oriented and BPMN Modelling to Support Distributed Microservice Compositions

Authors:

Jesús Ortiz, Victoria Torres and Pedro Valderas

Abstract: Organizations usually use Business Processes (BPs) to describe how to achieve their goals. However, the decentralization found nowadays in many organizations force them to work with fragmented BPs that need to be coordinated to achieve these goals. In this context, microservices architectures are a good choice to coordinate such fragments. Nevertheless, these types of architectures increase the complexity of the underlying BPs since the control flow is split among the different microservices, and there is not a clear link among how each microservice participates in the achievement of each goal. In addition, one of the main challenges that developers face when creating a microservices composition is to identify the microservices that are required to support the organization’s goals. To this end, in this paper, we propose to combine goal-oriented modelling with microservices compositions based on the choreography of BPMN fragments. The major contribution of this paper is the definition of a model-driven development approach to align both descriptions (goals and BPs) automatically through a model transformation that derives BPMN-based microservices compositions from goal diagrams. The main benefits of this solution are twofold: (1) to facilitate the distributed development of microservice compositions directed through goals, and (2) to help developers to maintain the composition aligned with the established goals when the composition evolves.
Download

Paper Nr: 39
Title:

A Conceptual Model for Data Warehousing

Authors:

Deepika Prakash and Naveen Prakash

Abstract: We show that current approaches for data warehouse conceptual modelling are inadequate for capturing the range of analysis capabilities of the enterprise. In addressing this, our conceptual model retains the basic distinction between the analysis data and analysis parameters but additionally introduces intra analysis-data and intra analysis-parameters relationships besides relationships between analysis data and analysis parameter. A variety of constraints for enforcing analysis semantics are also defined. We convert the conceptual model to star schema and show procedures to do so. We illustrate the use of our model through an example.
Download

Paper Nr: 111
Title:

ODRL-Based Provisioning of Thing Artifacts for IoT Applications

Authors:

Zakaria Maamar, Amel Benna and Haroune Kechaoui

Abstract: This paper discusses the design and development of Internet-of-Things (IoT) applications based on the novel concept of Thing Artifact (TA). A TA is multi-faceted having a functionality, life cycle, and interaction flows. Prior to integrating TAs into an IoT application, they need to be discovered and then, composed. While existing discovery and composition techniques are functionality-driven, only, this paper demonstrates that policies regulating the functioning of TAs in terms of what they are permitted to do, are prohibited from doing, and must do, have an impact on their discovery and composition. These policies are specified in Open Digital Rights Language (ODRL). A system implementing and evaluating ODRL-based provisioning of TAs for IoT applications design and development is presented in the paper, as well.
Download

Paper Nr: 113
Title:

Reinforcement Learning for Multi-Objective Task Placement on Heterogeneous Architectures with Real-Time Constraints

Authors:

Bakhta Haouari, Rania Mzid and Olfa Mosbahi

Abstract: This paper introduces a novel approach for multi-objective task placement on heterogeneous architectures in real-time embedded systems. The primary objective of task placement is to identify optimal deployment models that assign each task to a processor while considering multiple optimization criteria. Given the NP-hard nature of the task placement problem, various techniques, including Mixed Integer Linear Programming and genetic algorithms, have been traditionally employed for efficient resolution. In this paper, we explore the use of reinforcement learning to solve the task placement problem. We initially modeled this problem as a Markov Decision Process. Then, we leverage the Pareto Q-learning algorithm to approximate Pareto front solutions, balancing system extensibility and energy efficiency. The application of the proposed method to real-world case studies showcases its effectiveness in task placement problem resolution, enabling rapid adaptation to designer adjustments compared to related works.
Download

Paper Nr: 128
Title:

Review of Evaluations of Enterprise Architecture

Authors:

Anders W. Tell and Martin Henkel

Abstract: The use of information which is useful for collaborating stakeholders has encouraged and enabled businesses to advance. Enterprise architecture (EA) provides frameworks and methods with information products that aim to satisfy stakeholders’ concerns. For positive effects to emerge from using EA, it is necessary, during EA development and evaluation, to examine the work stakeholders do, their practices, how these practices relate to each other, how EA deliverables contribute to stakeholders’ work, and how EA information products are (co)-used in stakeholders practices. This paper presents a systematic literature review on evaluations of EA. The review aims to gain insights related to aspects of EA stakeholder practices and relationships that were considered essential to evaluate and how different stakeholders contributed to evaluations of EA. The insights are intended to inform the design of the Work-oriented Approach (WOA), which aims to enrich EA stakeholder analysis and co-use of EA information products. The results of the survey show an uneven contribution by stakeholders and that stakeholder practices and relationships were not clearly defined and evaluated, leaving uncertainties about whether relevant stakeholders evaluated EA benefits. The lack of stakeholder voices and details provides challenges to the validity of results relating to the organisational benefits of using EA.
Download

Paper Nr: 136
Title:

Exploring Social Sustainability Alignment in Software Development Projects

Authors:

Ana Carolina Moises de Souza, Kaban Koochakpour, Sofia Papavlasopoulou and Letizia Jaccheri

Abstract: Socially sustainable software, developed with an emphasis on individual well-being, social justice, and social development, can positively impact society. In order to develop real-world software projects, a software engineering course was established to connect students and companies. This course allows students to address sustainability issues by creating solutions for problems proposed by companies, who are treated as customers. This study explores the alignment of students and customers about social sustainability. An analysis of twelve project proposals and twelve final reports from 67 students revealed that seven customers explicitly mentioned social sustainability. Surprisingly, only three student groups incorporated it into their projects. Two groups addressed the concerns raised by customers, and one proactively tackled social sustainability despite no explicit demand. This study presents a novel approach that integrates social sustainability into software engineering, evaluating alignment between customer demands and student responses. Discussions cover potential challenges and improvements in the software development process, proposing initial steps toward a foundational guideline for active engagement in social sustainability by both students and companies.
Download

Paper Nr: 141
Title:

Association Rule Learning Based Approach to Automatic Generation of Feature Model Configurations

Authors:

Olfa Ferchichi, Raoudha Beltaifa and Lamia Labed

Abstract: The evolution the Software Product Line processes requires targeted support to address emerging customer functionals and non functionals requirements, evolving technology platforms, and new business strategies. Enhancing the features of core assets is a particularly promising avenue in Software Product Line evolution.The manual configuration of SPLs is already highly complex and error-prone. The key challenge of using feature models is to derive a product configuration that satisfies all business and customer requirements. However, proposing a unsupervised learning-based solution to facilitate this evolution is a growing challenge. To address this challenge, in this paper we use association rules learning to support business during product configuration in SPL. Based on extended feature models, advanced apriori algorithm automatically finds an optimal product configuration that maximizes the customer satisfaction. Our proposal is applied on a practical case involving the feature model of a Mobile Phone Product Line.
Download

Short Papers
Paper Nr: 67
Title:

Towards a Goal-Oriented Approach for Engineering Digital Twins of Robotic Systems

Authors:

Jeshwitha Jesus Raja, Meenakshi Manjunath and Marian Daun

Abstract: In many smart manufacturing scenarios of Industry 4.0, robots play a vital role. Robotic systems allow for au-tomatization and semi-automatization of individual work tasks using standard hardware. Thus, production and assembly processes can be flexibly redefined during operation. In addition, human workers can be supported for complex and specific work tasks where full automation by industrial production systems is not possible or not cost-efficient. To monitor current process execution, to predict process outcome, and to ensure safe behavior of the robots at runtime, digital twins are seen as a vital part of future smart manufacturing. How-ever, current industrial approaches typically define the digital twin on the go, i.e. when the factory has been build and equipped with robotic systems. Thus, the absence of systematic planning of the digital twin leads to unused potential for more complex analysis, monitoring, and prediction tasks of digital twins commonly suggested in research. This is partly due to the absence of structured software and systems engineering approaches for the development of robotic systems. In this paper, we explore the use of goal modeling to systematically define the robotic system, its monitoring system, and the digital twin. Application to case examples shows that this lightweight approach aligns with industry preferences to focus on technical challenges rather than invest too much effort in a thorough yet cost intensive engineering approach, while at the same time allowing for the proper definition of robots and their digital twins.
Download

Paper Nr: 74
Title:

Comprehensive Traceability Framework for Synchronizing Design UML Sequence Diagrams with a BPMN Diagram

Authors:

Aljia Bouzidi, Nahla Haddar and Kais Haddar

Abstract: In contemporary software engineering, business process models (BPM) play a crucial role in the development of information systems (IS). However, a significant discrepancy arises, as only a limited number of systems align with their intended business processes, resulting in inconsistencies between economic and IS models. Recognizing this gap, our research introduces an explicit traceability methodology, expanding on a previous requirements traceability approach. The primary aim is to address the alignment and coevolution of dynamic viewpoints between software models and BPM. Initially, we establish a unified trace metamodel that encompasses elements from Business Process and Model Notation (BPMN) and Unified Modeling Language (UML), including use cases and design sequence diagrams. This metamodel establishes traceability links among interconnected elements. Following this, we instantiate these metamodels as BPMNTraceISM diagrams. The feasibility of our traceability method is affirmed through the implementation of a comprehensive graphic editor designed for the creation and visualization of BPMNTraceISM diagrams. Additionally, we demonstrate the effectiveness of our approach through testing in a case study.
Download

Paper Nr: 81
Title:

6DVF: A Framework for the Development and Evaluation of Mobile Data Visualisations

Authors:

Yasmeen A. Alshehhi, Khlood Ahmad, Mohamed Abdelrazek and Alessio Bonti

Abstract: Mobile apps, in particular tracking apps, rely heavily on data visualisations to empower end-users to make decisions about their health, sport, finance, household, and more. This has prompted app designers and developers to invest more effort in delivering quality visualisations. Many frameworks, including the Visualisation and Design Framework and Google Material Design, have been developed to guide the creation of informative and well-designed charts. However, our study reveals the need to incorporate additional aspects in the design process of such data visualisations to address user characterisation and needs, the nature of data to visualise, and the experience on small smart screens. In this paper, we introduce the Six-Dimensions Data Visualization Framework (6DVF), specifically designed for data visualisation on mobile devices. The 6DVF encompasses user characteristics and needs, data attributes, chart styling, interaction, and the mobile environment. We conducted two evaluation studies to measure the effectiveness and practicality of our 6DVF in guiding designers, pinpointing areas for improvement—especially in data completeness and usability for end-users.
Download

Paper Nr: 87
Title:

Evaluating the Impact of Generative Adversarial Network in Android Malware Detection

Authors:

Fabio Martinelli, Francesco Mercaldo and Antonella Santone

Abstract: The recent development of Generative Adversarial Networks demonstrated a great ability to generate images indistinguishable from real images, leading the academic and industrial community to pose the problem of recognizing a fake image from a real one. This aspect is really crucial, as a matter of fact, images are used in many fields, from video surveillance but also to cybersecurity, in particular in malware detection, where the scientific community has recently proposed a plethora of approaches aimed at identifying malware applications previously converted into images. In fact, in the context of malware detection, using a Generative Adversarial Network it might be possible to generate examples of malware applications capable of evading detection by antimalware (and also able to generate new malware variants). In this paper, we propose a method to evaluate whether the images produced by a Generative Adversarial Network, obtained starting from a dataset of malicious Android applications, can be distinguishable from images obtained from real malware applications. Once the images are generated, we train several supervised machine learning models to understand if the classifiers are able to discriminate between real malicious applications and generated malicious applications. We perform experiments with the Deep Convolutional Generative Adversarial Network, a type of Generative Adversarial Network, showing that currently the images generated, although indistinguishable to the human eye, are correctly identified by a classifier with an F-Measure greater than 0.8. Although most of the generated images are correctly identified as fake, some of them are not recognized as such, they are therefore considered images generated by real applications.
Download

Paper Nr: 94
Title:

pyZtrategic: A Zipper-Based Embedding of Strategies and Attribute Grammars in Python

Authors:

Emanuel Rodrigues, José N. Macedo, Marcos Viera and João Saraiva

Abstract: This paper presents pyZtrategic: a library that embeds strategic term rewriting and attribute grammars in the Python programming language. Strategic term rewriting and attribute grammars are two powerful programming techniques widely used in language engineering: The former relies on strategies to apply term rewrite rules in defining large-scale language transformations, while the latter is suitable to express context-dependent language processing algorithms. Thus, pyZtrategic offers Python programmers recursion schemes (strategies) which apply term rewrite rules in defining large scale language transformations. It also offers attribute grammars to express context-dependent language processing algorithms. PyZtrategic offers the best of those two worlds, thus providing powerful abstractions to express software maintenance and evolution tasks. Moreover, we developed several language engineering problems in pyZtrategic, and we compare it to well established strategic programming and attribute grammar systems. Our preliminary results show that our library offers similar expressiveness as such systems, but, unfortunately, it does suffer from the current poor runtime performance of the Python language.
Download

Paper Nr: 102
Title:

Creating a Trajectory for Code Writing: Algorithmic Reasoning Tasks

Authors:

Shruthi Ravikumar, Margaret Hamilton, Charles Thevathayan, Maria Spichkova, Kashif Ali and Gayan Wijesinghe

Abstract: Many students in introductory programming courses fare poorly in the code writing tasks of the final sum-mative assessment. Such tasks are designed to assess whether novices have developed the analytical skills to translate from the given problem domain to coding. In the past researchers have used instruments such as code-explain and found that the extent of cognitive depth reached in these tasks correlated well with code writing ability. However, the need for manual marking and personalized interviews used for identifying cognitive difficulties limited the study to a small group of stragglers. To extend this work to larger groups, we have devised several question types with varying cognitive demands collectively called Algorithmic Reasoning Tasks (ARTs), which do not require manual marking. These tasks require levels of reasoning which can define a learning trajectory. This paper describes these instruments and the machine learning models used for validating them. We have used the data collected in an introductory programming course in the penultimate week of the semester which required attempting ART type instruments and code writing. Our preliminary research suggests ART type instruments can be combined with specific machine learning models to act as an effective learning trajectory and early prediction of code-writing skills.
Download

Paper Nr: 104
Title:

An Evaluation of the Impact of End-to-End Query Optimization Strategies on Energy Consumption

Authors:

Eros Cedeño, Ana Aguilera, Denisse Muñante, Jorge Correia, Leonel Guerrero, Carlos Sivira and Yudith Cardinale

Abstract: Query optimization strategies is an important aspect in database systems that have been mainly studied only from the perspective of reducing the execution time, neglecting the analysis of their impact on energy consumption. We perform an empirical evaluation for understanding the impact of end-to-end query optimization strategies on the power consumption of database systems, from both client and server perspectives. We perform tests over a PostgreSQL database for two optimization strategies (i.e., indexation and data compression) using the TPC-H benchmark, configured with 22 queries on a 1GB dataset. To measure the energy consumption of both client and server, we propose Juliet, a C++ agent for monitoring and estimating Linux processes energy consumption in Joules (J). Experimental results show that indexation is more effective than data compression to reduce the energy consumed by the execution of the majority of the 22 queries tested.
Download

Paper Nr: 109
Title:

CRAFTER: A Persona Generation Tool for Requirements Engineering

Authors:

Devi Karolita, John Grundy, Tanjila Kanij, Humphrey Obie and Jennifer McIntosh

Abstract: Personas, a user characterisation, have been widely used in requirements engineering (RE) to enhance the understanding of end-users and their needs. However, the persona generation process is time-consuming and demands familiarity with a user-centered approach. The central issue lies in existing tools for automatically generating personas, which are restricted to generating persona templates and provide limited user control to tailor personas according to their specific needs. This paper introduces CRAFTER, a persona generation tool that uses Large Language Models (GPT-3.5 model). This tool not only automates persona creation but also offers recommendations to users for generating personas tailored to their requirements. The study involved an online questionnaire with 19 respondents who utilised the tool, providing feedback that indicated the tool’s sufficiency for persona generation while identifying areas for improvement. Beyond its primary function, CRAFTER stands out by providing guidance to requirements engineers throughout the persona creation process. The tool grants users the flexibility to customise personas based on their specific requirements, acknowledging the crucial human subjectivity in persona development. Additionally, CRAFTER promotes persona reusability, allowing users to save and reuse generated personas for future projects.
Download

Paper Nr: 142
Title:

IRatePL2C: Importance Rating-Based Approach for Product Lines Collaborative Configuration

Authors:

Sihem Ben Sassi

Abstract: The core of any proposed approach in the context of collaborative configuration of product lines focuses on how conflictual situations are resolved. Few works consider stakeholders preferences in their resolution strategy while allowing a free order configuration process. However, to generate a valid solution satisfying all constraints, they generally rely on a solution of exponential complexity. In this work, we propose the IRatePL2C approach, which resolution strategy relies on importance degrees assigned by the stakeholders to their initial configuration choices. IRatePL2C starts by merging stakeholders’ configurations and then detecting and resolving the conflicts according to their type: explicit or implicit in sequential steps. Finally, domain constraints are propagated and the process is reiterated to reach a final valid configuration. An illustrative example is presented to evaluate the approach. The complexity of IRatePL2C is polynomial which an important advantage compared with previous works.
Download

Paper Nr: 16
Title:

Human-Centered e-Health Development: An Accessible Visual Modeling Tool

Authors:

Jingyuan Shen, Hourieh Khalajzadeh and Anuradha Madugalla

Abstract: e-Health enables easy access to medical services without some of the limitations of traditional medical services such as restricted access to specialists and the need to travel long distances. With the recent advances in IT, more and more people are adopting e-health solutions. However, most of the domain experts and end users who may be involved in developing these e-health applications may not have an IT background. This makes it hard for them to contribute to its development. This paper presents a human-centered e-Health modeling language, to help end-users easily specify their requirements and communicate with domain experts and clinicians to design and develop personalized e-health applications. The tool aims to provide a common language between developers and domain experts, assisting the interdisciplinary teams to focus on the project itself rather than on communication. We built a visual web application using the SiriusWeb platform to implement our approach and evaluated its accessibility and usability with 11 end users. Participants reported that the tool was straightforward to use without any IT knowledge, and notations were distinguishable and expressive.
Download

Paper Nr: 28
Title:

Applications Model: A High-Level Design Model for Rich Web-Based Applications

Authors:

Nalaka R. Dissanayake and Alexander Bolotov

Abstract: Rich web-based applications are complex systems with multiple application elements running on diverse platforms distributed over different tiers. There are no UML-based modelling languages or tools catering for the specificity of the rich web-based applications to model the high-level aspects of application elements, platforms, and tiers. This paper proposes a model named the Applications model and its modelling elements to design the high-level application elements of rich web-based applications, the platforms they execute, and the tiers they belong to. The proposed model and the modelling elements improve the simplicity and readability of the high-level design of rich web-based applications. Our ongoing research expects to introduce more UML-based models and modelling elements to assist in designing all the aspects of rich web-based applications aligning with the Rich Web-based Applications Architectural style and then provide UML profiles to produce a formal UML extension.
Download

Paper Nr: 30
Title:

Can a Simple Approach Perform Better for Cross-Project Defect Prediction?

Authors:

Md. A. Hossain, Suravi Akhter, Md. S. Islam, Muhammad M. Alam and Mohammad Shoyaib

Abstract: : Cross-Project Defect Prediction (CPDP) has gained considerable research interest due to the scarcity of historical labeled defective modules in a project. Although there are several approaches for CPDP, most of them contains several parameters that need to be tuned optimally to get the desired performance. Often, higher computational complexities of these methods make it difficult to tune these parameters. Moreover, existing methods might fail to align the shape and structure of the source and target data which in turn deteriorates the prediction performance. Addressing these issues, we investigate correlation alignment for CPDP (CCPDP) and compare it with state-of-the-art transfer learning methods. Rigorous experimentation over three benchmark datasets AEEEM, RELINK and SOFTLAB that include 46 different project-pairs, demonstrate its effectiveness in terms of F1-score, Balance and AUC compared to six other methods TCA, TCA+, JDA, BDA, CTKCCA and DMDA JFR. In terms of AUC, CCPDP wins at least 32 and at most 42 out of 46 project pairs compared to all transfer learning based method.
Download

Paper Nr: 42
Title:

Combining Clustering Algorithms to Extract Symmetric Clusters from Noisy Data, Applied to Parking Lots

Authors:

Gyulai-Nagy Zoltán-Valentin

Abstract: The paper presents an approach for detecting symmetrical clusters in noisy data, using parking space detections as a real-world example. The paper proposes a plug-and-play solution that uses camera systems to automatically detect parking spaces and provide metrics about availability and accuracy. The approach uses clustering algorithms and image detection for data acquisition and mapping, which can be easily adapted to any application that requires geometrical data extraction. The paper also presents the different phases involved in mapping parking spaces and the challenges that need to be addressed. Overall, the proposed approach can benefit both parking lot administrators and drivers by providing real-time information on available parking spaces and reducing emissions, fuel costs, traffic, and time spent searching for a spot.
Download

Paper Nr: 45
Title:

Connecting Issue Tracking Systems and Continuous Integration / Continuous Delivery Platforms for Improving Log Analysis: A Tool Support

Authors:

Oskar Picus and Camelia Şerban

Abstract: As the software industry embraces more and more DevOps practices, issue tracking systems and Continuous Integration / Continuous Delivery tools have become of utmost importance. However, as software projects’ complexity increases, so does the amount of logs that are generated. As such, in case of a pipeline failure, finding its root cause by manually inspecting the resulting logs proves to be difficult and time-consuming. Research is limited on connecting these two types of systems and few or none of the proposals implementing this connectivity fully leverage the power of issue tracking or automatically running pipelines, among other features of these tools. Furthermore, none of the approaches accomplish automated log analysis of pipeline failures. Aiming to overcome this gap, in this paper, we propose an issue tracking system which connects to GitHub Actions to automatically analyse the logs of pipeline failures and generates an issue report containing its findings. Our contribution is two-folded: firstly, it introduces a tool for automatically analysing logs of pipeline failures; secondly, it makes advancements into facilitating the software maintenance process. The source code of the tool is available at https://github.com/bugsby-project, while its demonstration video can be found at https://figshare.com/s/47088a5a3bcb019acf41.
Download

Paper Nr: 54
Title:

ChatGPT as a Software Development Bot: A Project-Based Study

Authors:

Muhammad Waseem, Teerath Das, Aakash Ahmad, Peng Liang, Mahdi Fahmideh and Tommi Mikkonen

Abstract: Artificial Intelligence has demonstrated its significance in software engineering through notable improvements in productivity, accuracy, collaboration, and learning outcomes.This study examines the impact of generative AI tools, specifically ChatGPT, on the software development experiences of undergraduate students. Over a three-month project with seven students, ChatGPT was used as a support tool. The research focused on assessing ChatGPT’s effectiveness, benefits, limitations, and its influence on learning. Results showed that ChatGPT significantly addresses skill gaps in software development education, enhancing efficiency, accuracy, and collaboration. It also improved participants’ fundamental understanding and soft skills. The study highlights the importance of incorporating AI tools like ChatGPT in education to bridge skill gaps and increase productivity, but stresses the need for a balanced approach to technology use. Future research should focus on optimizing ChatGPT’s application in various development contexts to maximize learning and address specific challenges.
Download

Paper Nr: 59
Title:

Energy and Cost-Aware Real-Time Task Scheduling with Deadline-Constraints in Fog Computing Environments

Authors:

Mayssa Trabelsi and Samir Ben Ahmed

Abstract: With the increasing demand for real-time processing for IoT applications, Fog computing becomes a crucial approach to overcome the limitations of centralized Cloud Computing. Given its decentralized structure, Fog computing enables faster response time, real-time processing, and reduced latency, making it particularly suitable for time-sensitive IoT applications. In this paper, we propose a novel approach called the ”Energy-cost-aware task scheduling with a Deadline-constrained” (ECaTSD) algorithm for real-time task scheduling in a fog infrastructure. The main objective of the proposed algorithm is to minimize energy consumption and monetary costs under deadline constraints. The ECaTSD algorithm dynamically allocates incoming tasks to the most suitable fog nodes in real-time. It selects the fog node that meets deadline requirements with the least energy consumption and monetary cost in the infrastructure. Moreover, the proposed algorithm has been simulated using the iFogSim simulator. The algorithm’s performance is evaluated using various criteria, such as the percentage of IoT tasks successfully meeting deadlines, energy consumption, monetary cost, and response time compared to other scheduling policies. ECaTSD algorithm shows high efficiency in meeting deadlines (99.58% completion rate) while being energy and cost-efficient.
Download

Paper Nr: 64
Title:

Making Application Build Safer Through Static Analysis of Naming

Authors:

Antoine Beugnard and Julien Mallet

Abstract: A lot of studies demonstrate that many builds of software fail, due to dependency issues. We make the assumption that failures are caused by the difficulty of tools to check interdependencies in a context of heterogeneity of languages. This article describes a novel approach to improving applications builds safety based on an abstract interpretation of name usage. Since application building relies on very heterogeneous resources and languages, the approach extracts what appears as a common factor: names. We reuse a name dependency approach (scope graph) already used in single language context, and adapt it to a multi-language environment. It allows to check external references and ensure the resolution of names. Thanks to an operational semantics of build operations on scope graphs, the verification can be done statically, prior to any real build run.
Download

Paper Nr: 75
Title:

Machine Learning-Enhanced Requirements Engineering: A Systematic Literature Review

Authors:

Ana-Gabriela Núñez, Maria F. Granda, Victor Saquicela and Otto Parra

Abstract: In the software lifecycle, requirements are often subjective and ambiguous, challenging developers to comprehend and implement them accurately and thoroughly. Nevertheless, using techniques and knowledge can help analysts simplify and improve requirements comprehensibility, ensuring that the final product meets the client’s expectations and needs. The Requirements Engineering domain and its relationship to Machine Learning have gained momentum recently. Machine Learning algorithms have shown significant progress and superior performance when dealing with functional and non-functional requirements, natural language processing, text-mining, data-mining, and requirements extraction, validation, prioritisation, and classification. This paper presents a Systematic Literature Review identifying novel contributions and advancements from January 2012 to June 2023 related to strategies, technology and tools that use Machine Learning techniques in Requirements Engineering. This process included selecting studies from five databases (Scopus, WoS, IEEE, ACM, and Proquest), from which 74 out of 1219 were selected. Although some successful applications were found, there are still topics to explore, such as analysing requirements using different techniques, combining algorithms to improve strategies, considering other requirements specification formats, extending techniques to larger datasets and other application domains and paying attention to the efficiency of the approaches.
Download

Paper Nr: 83
Title:

MPED-SCRUM: An Automated Decision-Making Framework Based Measurement for Managing Requirement Change Within the SCRUM Process

Authors:

Hela Hakim, Asma Sellami and Hanêne Ben-Abdallah

Abstract: In Scrum-based projects, delivering precise assessments of requirement changes to stakeholders holds paramount importance for effective software project management. Accurate evaluations empower stakeholders to make informed decisions, preventing costly misunderstandings and fostering shared expectations. The integration of Software Size measurements has significantly contributed to achieving this goal. This paper endeavors to automatically enhance the accuracy of evaluating requirement changes and prioritizing tasks within the Scrum process by leveraging the standardized COSMIC FSM (ISO 19761) along with its extended Structural Size Measurement method. The proposed automated framework, named ’MPED-SCRUM,’ stems from the automation of the requirement change evaluation process based on Measuring, Prioritizing, Evaluating and Deciding on requirement change, incorporating both functional and structural change. MPED-SCRUM proves beneficial not only for the Administrator but also for the Scrum Master and Product Owner in effectively managing team members (Module 1). Furthermore, the framework aids both the Scrum Master/Product Owner and development teams in efficiently handling sprint backlogs and user stories (Module 2). Lastly, MPED-SCRUM facilitates the measurement, prioritization, evaluation and decisions making of requirement change requests at two granularity levels – functional and structural. This capability empowers stakeholders to make informed decisions regarding the acceptance, deferral, or denial of a change request (Module 3).
Download

Paper Nr: 101
Title:

Extract-Transform-Load Process for Recognizing Sentiment from User-Generated Text on Social Media

Authors:

Afef Walha, Faiza Ghozzi and Faiez Gargouri

Abstract: In today’s world, business intelligence systems must incorporate opinion mining into their decision-making process. Sentiment analysis of user-generated content on social media has gained significant attention in recent years. This method collects user opinions, feelings, and attitudes toward a topic of interest and helps determine whether their sentiment is positive, neutral, or negative. This paper addresses text classification in sentiment analysis and presents a solution to the Extract-Transform-Load (ETL) process based on a lexicon approach. This process involves gathering media clips, converting them into sentiments, and loading them into a social data warehouse. We provide generic and customizable models to aid designers in integrating pre-processing techniques and sentiment analysis into the ETL process. By formalizing new ETL concepts, designers can create a reliable conceptual design for any ETL process related to opinion data integration from social media.
Download

Paper Nr: 110
Title:

Impact of Policies on Organizations Engaged in Partnership

Authors:

Zakaria Maamar, Amel Benna and Fadwa Yahya

Abstract: This paper discusses how to identify and assess the impact of policies on organizations that engage in partnership. Partnership is a viable option for organizations wishing to sustain their growth and reinforce their competitiveness to respond to ongoing changing business conditions. Because policies regulate organizations’ operations, they could either promote or undermine partnership. In this paper, policies are specialized into local and partnership, and are specified in Open Digital Rights Language (ODRL) defining what is permitted to do, what is prohibited from doing, and what must be done. The paper devises partnership scenarios as a set of coordinated partnership policies, labels partnership policies as either supportive of or opposing to local policies based on an impact analysis, and, finally, implements a policy-based partnership system.
Download

Paper Nr: 133
Title:

Vector Based Modelling of Business Processes

Authors:

Virginia Niculescu, Maria-Camelia Chisăliţă-Creţu, Cristina-Claudia Osman and Adrian Sterca

Abstract: Robotic Process Automation (RPA) platforms target the automation of repetitive tasks belonging to business processes, performed by human users. We are trying to increase the level of abstraction in representing complex processes (made from several conceptual operations) for RPA, by using vectors that allow not only a simple and condensed modelling, but also an efficient way towards obtaining an optimal execution order for them. Vector-based representation of the processes can serve to optimize the user-specified execution order of the conceptual operations that constitute a process. For this, we propose an optimization strategy based on a heuristic that helps us to rearrange the conceptual operations efficiently, thus reducing the total execution time of the process.
Download

Paper Nr: 139
Title:

Exploring Perspectives of Students on Using Mobile Apps to Improve English Vocabulary Through Youtube Videos: A Comparative Study

Authors:

Otto Parra, Edisson Reinozo and María F. Granda

Abstract: Currently, in countries where the mother tongue is not English language, globalization brings a very important requirement related with level of English since it facilitates communication in any area, be it, business, education, tourism, and so on. People need to have a good mastery of the English language, however, if the mother tongue is different from English, dominating the English language can become a very serious problem. Under these circumstances, in countries where the mother tongue is not English, educational institutions have included meaningful learning of English as a second language in their curriculum for many years. Vocabulary is one of the essential components of any language and it is required get a good level in order to have success in the process of teaching/learning of the English. Spaced repetition has been widely implemented and examined in mobile-assisted vocabulary learning as an important learning strategy. In this context, the purpose of this comparative study was to investigate and compare university students’ perspectives utilizing two mobile apps to improve English vocabulary in the Language Department at University of Cuenca (Ecuador): the first application is Slango and the second was chosen applying multi-criteria decision making of a set of mobile apps with similar features than Slango. Therefore, we did a comparative evaluation of the two mobile apps in order to evaluate usability by using SUS questionnaire and desirability by using Microsoft Desirability Test. Results show that Slango has similar features as ReadLang (the second app to compare) when it is used to improve student English vocabulary using YouTube videos.
Download