The quality of a software system is decisive for its success on the market. Moreover, as software is more and more responsible for critical system functions, its quality determines if people are harmed or data is lost. Yet, demonstrated by regular occurrences of prominent failures of software systems, we are still far away of fully understanding how to control software quality.
To improve this precarious situation, our research addresses software quality from four angles:
- Requirements engineering: It is only possible to create and maintain high quality, if we understand what qualities are required. We investigate empirically the state-of-the-practice and problems in requirements engineering as well as methods to improve requirements.
- Code quality/maintainability/reliability: The „classical“ view on software quality focuses on the code and related artifacts to understand their effect on maintenance and use. We have built quality models to describe the important factors and how to measure them. We have worked on static analysis, in particular clone detection, and repository mining, in particular coupled change analysis, to support developers. We also investigate various continuous integration and testing methods such as the detection of pseudo-tested code.
- Safety, security and privacy: Software quality in many aspects does not only depend on the software itself but on the complete system. In particular, safety, security and privacy are system properties where software plays a huge role. We are in tight collaboration with Nancy Leveson at MIT in using their system-theoretic analysis methods in these contexts and connect them with test case generation and model checking.
- Agile and continuous development: Besides the product view, we also need to work on the development processes to improve software quality. My research focuses on continuous and agile development. We integrate the previous three angles into this way of developing software. For example, we have proposed continuous integration including safety tests for automotive development, a process incorporating system-theoretic safety analysis in agile development and using Behaviour-Driven Development (BDD) to discuss and test safety constraints.
All these four angles are investigated with a focus on empirical research, often in collaboration with industrial partners, but also including methodological, constructive and analytical research methods. At present, we are adding behavioural research to our portfolio by including theories and research methods from psychology. Technologically, we extend our research in the direction of service- and microservice-based systems as well as development and quality assurance of systems with large artificial intelligence (AI) components.
- Software quality assurance and measurement
- Requirements engineering
- Software system safety, security and privacy
- Agile/continuous/lean software engineering
- Empirical and behavioural software engineering
- Doctoral Programme Services Computing
- Services Computing is a Cooperative Doctoral Program at the Herman Hollerith Center (HHC) in Böblingen, Germany. It is a joint program of the University of Stuttgart and Reutlingen University, and supported by an initiative of the Ministry of Science and Art in the federal state of Baden-Württemberg, Germany.
- Services Computing is an interdisciplinary approach to providing IT solutions that substantially support business-related strategies and increase entrepreneurial value. The essential goal of Services Computing is to holistically and consistently model complex information systems through a combination of computer science methods and information and communications technology to support design, development, delivery, operation, and monitoring of distributed services. Services Computing enables us to prevent and eliminate particular misalignments between business processes and information technologies, and to identify and develop improvements for digitized products and services. Fundamental concepts of Services Computing are, for example, Web and REST services, service-oriented architectures (SOA), cloud computing, or modeling and management of business processes. Services Computing covers the entire lifecycle of IT-based business-related services and refers to the development, implementation, and distribution of IT services, the associated service management, the alignment of IT and business, data management, data processing and analysis, and the design of innovative IT architectures.
- System-Theoretic Analysis of Dependable Systems in the Automotive Domain (MISTI Global Seed Fund)
Responsible researcher: Dr. Asim Abdulkhaleq
In collaboration with: Prof. Dr. Nancy Leveson, Dr. John Thomas (MIT)
The software-based functions in cars are increasing and becoming more complex at a breathtaking speed. We already have electronic/software components controlling safety-critical functions such as the anti-lock braking system. Yet, so far, these components individually were comparably small and classical embedded systems. With the two major new developments in the automotive domain to let cars communicate via wireless networks („connected car“) and to let them drive fully automatically („autonomous driving“), the software will reach a new dimension of complexity. Traditional methods to analyse safety in automobiles assume electromechanical systems and do not apply to software nor do they scale up to the complexity starting to emerge in these systems. Furthermore, new degrees of requirements on security and privacy will be needed for those future cars. The recent Tesla accidents involving what they call their “autopilot” is just the beginning.
This project aims at building on the promising results with a system-theoretic approach to safety analysis and developing and evaluating an integrated analysis approach to safety, security and privacy for this new generation of automotive systems. System theory is especially suitable for identifying problems in the interaction of different components instead of individual component faults. Furthermore, system theory allows us to take the whole socio-technical system into account including humans. Similarly, security and privacy relies on a suitable interaction of system components and humans.
The further potential application areas are far beyond automotive systems, but we want to be focused in this collaboration.
- Concealing Patterns - Privacy in Stream Processing (PATRON, funded by the Baden-Württemberg Stiftung).
- Responsible research assistant: Kai Mindermann M.Sc.
- This research project focuses on the development of approaches for the concealing of information from datastreams of sensors of various devices from the internet of things (IoT). The goal is to find a balance between the protection of data and the quality of service (QoS). It is relevant as can be seen by a simple example. Activity trackers sense for example your heart rate which, if tracked over time and analyzed, can reveal very sensitive information about you.
- Improvement of static code analysis (Doctoral project by Dipl. Ing. Jan-Peter Ostberg)
Static code analysis is an inexpensive way to increase software quality. Todays tools can provide valid and helpful warnings to the developers. Still these tools are underused. One problem leading to this is the lack of usability. In my research I am focusing on the helping of an individual developer gaining the best experience from the tool. The underlaying concept is based on psychological models. Also I want to explorer the connections between removal of issues of static analysis and their impact on software metrics.
- Improvement of the usability of crypto in software engineering (Doctoral project by Kai Mindermann M.Sc)
The realization of profound mathematical techniques through the modern cryptography is able to greatly improve information security. Many implementations lack easy usage; they are complicated to operate in general, their implementations are flawed and it is often hard to keep them up to date. In my research I want to reduce these problems within software technology by using software technology approaches themselves.
- Inspection and assessment of spreadsheet programs (Doctoral project by Daniel Kulesz, M.Sc.)
Today, a world without Spreadsheet programs is hard to imagine. Compared to traditional programs, spreadsheet programs provide a higher flexibility and allow end-users to develop the programs themselves. Unfortunately, anomalies in spreadsheet programs are very commong and can lead to severe damage. My research focuses on the inspection and assessment of spreadsheet programs.
- Safety and security analysis in agile development processes (Doctoral project by Yang Wang, funded with a stipend of the state of Baden-Württemberg)
Agile development methodologies are becoming a tendency in today’s changing software development. However, due to a lack of quality assurance activities, especially safety and security analysis, agile methods are criticized for being inadequate for the development of safe and security critical software. To apply agile methodologies into safety and security critical systems, most research prefers combining agile methods with traditional development processes relying on standards. However, little emphysis is put on the nature of agile techniques. On the other side, safety and security are two interrelated quality aspects. Due to the growing trend of Internet of Things, more and more security vulnerabilities will also cause safety hazards. Thus, in my research, these two quality aspects would be taken into consideration in agile development processes.
- In which way is software quality influenced by the personality of a software engineer? (Doctoral project by Dipl. math. oec. Erica Weilemann)
During the whole software engineering process, human beings are involved and thus influence the software product, also concerning different aspects of software quality. In my research I investigate, in which way the personality of every single participant in a software engineering process has an influence on the quality of the product of this process – the software. In a first step, I focus on the influence of the personality of a programmer on the maintainability of the software.
- Evaluation and Improvement of Software Tests (Doctoral project by Rainer Niedermayr)
- Automated and manual software tests are used in the quality assurance to discover faults in a software product at an early stage. In practice, code-coverage criteria are used to determine the effectiveness of the tests. However, code coverage only expresses which code chunks were executed by tests, but not, how effective the tests are in detecting faults. This work investigates, how the effectiveness of tests can be determined in a more meaningful way, and how ineffective tested areas can be prioritized.
- In collaboration with CQSE GmbH
- Application Modernization: Refactoring to Microservice-based Systems (Doctoral project by Jonas Fritzsch, M.Sc.)
Modernizing applications is a widely discussed topic in the context of making existing applications cloud-ready. Cloud vendors offer a variety of innovative computing services and deployment models from hosting virtual machines to containers to serverless environments. For legacy applications that have evolved over time it can be difficult to find a clear guidance on the transformation process. This applies in particular to refactoring monolithic architectures into the recently emerged microservices pattern, which is widely seen as an optimal architecture for cloud environments. My research project addresses this topic by investigating the transformation process from an architectural, as well as organizational perspective.
- Hazard analysis in highly automated driving (funded by Continental Teves AG & Co. oHG)
- Application of STPA to the Daimler Environment (funded by Daimler AG)
- Specification of Software Modules (Doctoral project by Ivan Bogicevic, Dipl.-Inf.)
If a software is not subdivided into precisely delimited parts, it is hard to maintain. Therefore, it is both essential and common practice to break the system down into modules. A well-documented software design contains precise module specifications that are up-to-date. But in practice, the quality of documents on this level is insufficient. The documents are outdated, or their state is unknown. This work investigates how developers can specify and document modules effectively. It presents a new process model that helps to describe modules under real-life conditions. A catalogue of module specifications that describe the modules of a software is a key element of the technique.
- Experimentelle Verbesserung des Lernens von Software Engineering (EVELIN, subcontractor of HS Neu-ULM, founded by the BMBF)
- Mining Software Repositories for Coupled Changes (Doctoral project of Jasmin Ramadani)
Software repositories contain information about the history of a software system which can be used by develoopers during maintenance tasks. This includes the data in the versioning systgem, the issue tracking system and the documentation archives. One of the most used techniques to analyze software repositories is data mining whereby frequent itemset analysis has often been used to define sets of files which changed frequently together. The overall goal of this research is to help developers in their maintenance tasks by suggesting potential file changes based on previous modifications in the Git version history of a software product.
- STPA Swiss: Software Safety Engineering Approach based on STPA for Software-Intensive Systems (Doctoral project by Asim Abdulkhaleq, M.Sc.)
Software’s safety becomes a critical aspect in the development process of modern systems. However, safety is a system property and, hence, needs to be analysed in a system context to identify all potential hazardous software behaviours. The complexity of software makes defining appropriate software safety requirements with traditional safety analysis techniques difficult. STPA (Systems-Theoretic Processes Analysis) is a unique safety analysis approach which has been developed to identify system hazards, including the software-related hazards as well. Formal verification and testing are complementary approaches which are used in the development process to verify the functional correctness of software. However, the correctness of software cannot ensure the safe operation of safety-critical software systems. The software must be verified against its safety requirements which are identified by safety analysis to ensure potential hazardous causes cannot occur. My research focuses on developing a comprehensive safety engineering approach based on STPA including software testing and model checking approaches for the purpose of developing a safe software. The proposed approach can be embedded within a defined software engineering process or applied on existing software systems to help software and safety engineers to recognize the software risks.