(Pro-)Seminar Engineering Trustworthy Data-intensive Systems


  • Information event: July 14 2020, 13:00, online (slides)
    • The link to the virtual room has been published via e-mail lists. If you did not receive the link, please ask your fellow students or, if that is not possible, send a mail to konersmann@uni-koblenz.de with the subject "Request for (pro)seminar kickoff room".


All documents, slides, and screencasts are to be uploaded to a filedrop folder. You will get the password when you registered for the seminar.

All deadlines are at the end of the given day (23:59).


Seminar topics

1: Privacy constraints for intelligent health data analytics

Supervisor: Dr. Marco Konersmann

Personal health data, such as diagnoses and the effects of treatments, is sensitive data for every individual. Often this data should only become known to a small set of people. But this data is also interesting for research to create statistics. Machine Learning can be used to predict the success of treatments for individuals. However, accessing this data to train machine learning models makes the data prone to abuse, accidential leaking or hacking. In this seminar you will follow the question "How to use medical data to train machine learning algorithms without exposing individuals‘ sensitive data?". Therefore you will study policy languages to define how data is allowed to be used. You will tailor and apply promising langauges policy languages to a use case on machine learning with medical data.

  1. Kasem-Madani, S., & Meier, M. (2015). Security and privacy policy languages: A survey, categorization and gap identification. Cryptography and Security (cs.CR). https://arxiv.org/abs/1512.00201
  2. Leicht, J., & Heisel, M. (2019). A Survey on Privacy Policy Languages: Expressiveness Concerning Data Protection Regulations. 2019 12th CMI Conference on Cybersecurity and Privacy (CMI), 1-6. https://doi.org/10.1109/CMI48017.2019.8962144

2: Engineering Fairness-aware Software

Supervisor: Dr. Qusai Ramadan

3: Eliciting Privacy/fairness solution requirements and generating action plans

Supervisor: Dr. Shayan Ahmadian

This topic is defined in the context of the EU research project DataPorts. Bridging the gap between legal data protection principles prescribed in the legal obligations and action plans that aim to concretely mitigate the privacy risks in an impact assessment process is a major challenge. The goal of this seminar thesis is to study privacy/fairness solution requirements and action plans for the purpose of privacy risk mitigation. Provide an overview of the tools, methods to elicit and generate such requirements and action plans.

4: Designing privacy-aware reference architecture

Supervisor: Dr. Shayan Ahmadian

This topic is defined in the context of the EU research project DataPorts. The goal of this seminar thesis is to provide an overview and compare existing methods and models to design IoT reference architectures. To this end, one should study various reference architectures (such as HLA, AIOTI-WG3, OneM2M, IIRA, RAMI 4.0, IDSA). Furthermore an comprehensive overview of methods and tools to support privacy goals in an architecture design is required.

5: Guides for Writing Requirements and their Usefulness

Supervisor: Katharina Großer

There exist many different style guides on how to write textual requirements to avoid misunderstandings and enable testable requirements, e.g. [1], [2]. These best practice rules address specific issues in comprehensible ways. Yet, they differ in recommendations and there are only few studies investigating their actual usefulness [3]. To enable a pinpoint application of such rules, a comparative evaluation of different rule sets and their field of application is necessary.

  1.  C. Rupp and A. Günther, “Das SOPHIST-REgelwerk - Psychotherapie für Anforderungen,” in Requirements-Engineering und -Management – Aus der Praxis von klassisch bis agil, 6 ed., Carl Hanser Verlag München, 2014, pp. 123–164.
  2. Requirements Working Group, “Guide for Writing Requirements,” International Council on Systems Engineering (INCOSE), INCOSE–TP–2010–006–03, 2019-07-19.
  3. M. Warnier and A. Condamines, “A Case Study on Evaluating the Relevance of Some Rules for Writing Requirements through an Online Survey,” in Requirements Engineering Conference (RE), 2017 IEEE 25th International, 2017, pp. 243–252.

6: Formality measures for semi-formal notations

Supervisor: Katharina Großer

In software engineering there exist several different semi-formal notations for different development artifacts. Common are e.g. syntax templates for textual requirements. Artifacts noted in such semi-formal ways are often input to later development phases and have to be checked for consistency with artifacts from theses phases. (Semi-)automated support for generation of initial models and for consistency checks depends on the level of formality of the involved notations. On the other hand, early phases depend on human readability and low adoption barriers. Yet, in model-based development scenarios the level of formality can be an important selection criteria in finding the right representation, e.g. requirement template system.

  1. K. Kaljurand, “Attempto controlled English as a Semantic Web language,” Tartu University, 2007.
  2. L. Kof, “From Requirements Documents to System Models: A Tool for Interactive Semi-Automatic Translation,” in 18th IEEE International Requirements Engineering Conference, 2010, pp. 391–392, doi: 10.1109/RE.2010.53.
  3. C. Rupp, “Requirements Templates - The Blueprint of your Requirement,” 2016-11-04. [Online]. Available: https://www.sophist.de/re6/webinhalte-buchteil-iii/.
  4. S. Farfeleder, T. Moser, A. Krall, T. Stålhane, H. Zojer, and C. Panis, “DODT: Increasing requirements formalism using domain ontologies for improved embedded systems development,” in Design and Diagnostics of Electronic Circuits & Systems (DDECS), 2011 IEEE 14th International Symposium on, 2011, pp. 271–274.

7: Capturing Aspects during S/W Design Phase

Supervisor: Mahmood Al-Doori

System Design represents what would later be the actual code of a software. One important factor that can be neglected during the design phase is the proper definition of cross-cutting concerns. Aspects represent one way of solving this issue, but then when introduced, would usually be during a later stage i.e. implementation.

This seminar is interested in investigating the existing or novel approaches in modeling the aspects and how they are represented during the design stage.

8: Extensions of BPMN to express Security and Privacy Requirements

Supervisor: Julian Flake

Business Processes can be expressed by several means. A widely accepted way is to use graphical notations. One popular example is the Business Process Model and Notation (BPMN), which is an ISO standard and also aims at execution of the modelled processes. The standard does not take the security and privacy aspect into account. Therefore several extensions were developed in order to add these highly relevant aspects. In this topic, existing extension shall be researched and analysed to answer (at least some of) the following questions: Which extensions exist? How do they integrate in the standardized language? How do these extensions differ from each other or compete / complement each other? Which extensions support the execution of extended models? Which of these extensions are evaluated in real world scenarios?

  1. Alfonso Rodríguez, Eduardo Fernández-Medina, and Mario Piattini. 2007. A BPMN Extension for the Modeling of Security Requirements in Business Processes. IEICE - Trans. Inf. Syst. E90-D, 4 (March 2007), 745–752.

  2. Ganna Monakova, Achim D. Brucker, and Andreas Schaad. Security and Safety of Assets in Business Processes. In ACM Symposium on Applied Computing (SAC). , pages 1667-1673, ACM Press, 2012.

  3. Mattia Salnitri, Achim Brucker and Paolo Giorgini (2015). From Secure Business Process Models to Secure Artifact-Centric Specifications. In proceeding of Business Process Modeling Development and Support (BPMDS) working conference, pp. 246-262.

9: Quality- and Security Enforcement for Software Product Lines

Supervisor: Sven Peldszus

Many systems are often developed in different variants. These variants are usually aggregated into a software product line from which the single variants can be derived [1]. Unfortunately, considering the variability of a software product line makes it more challenging to develop a maintainable and secure system. For traditional software products, various development methodologies and analysis tools have been developed. One possibility is to modify these tools to also work on software product lines [2]. While this is relatively easy for security checks as not a single variant is allowed to contain a security violation, sophisticated design quality checks cannot be transferred that easy.
For example, the code smell long method indicates the length of a method from which it is considered to be too long to be maintainable [3].  This code smell might not appear in every single product but in the SPL the products are derived from.

  1. S. Apel, D. S. Batory, C. Kästner, and G. Saake. Feature-Oriented Software Product Lines - Concepts and Implementation. Springer, 2013
  2. S. Peldszus, D. Strüber, and J. Jürjens. Model-Based Security Analysis of Feature-Oriented Software Product Lines. In GPCE, 2018
  3. R. Fowler. Refactoring: Improving the Design of Existing Code. Addison-Wesley, 2000.

10: View-Extraction for Annotating Models with Security Properties

Supervisor: Sven Peldszus

In recent research, many approaches for considering security in early development phases have been developed. One example is UMLsec which allows software-engineers to annotate UML models with security annotations and check those for conciseness [1]. Unfortunately, it has been shown that large models are already without such an security extension difficult to understand [2]. To keep large models readable and understandable UML supports the concepts of views visualizing excerpts of the large model in the background [3]. Especially when UML models are reverse-engineered from sourcecode those views haven’t been used. A solution is to reconstruct those views at reverse engineering using for example approaches like model slicing [4].

  1. Jan Jürjens: Towards Development of Secure Systems Using UMLsec, FASE, pp. 187-200, 2001 - https://doi.org/10.1007/3-540-45314-8_14
  2. Harald Störrle: On the impact of size to the understanding of UML diagrams, SoSyM, pp. 115-134, 2016 - https://doi.org/10.1007/s10270-016-0529-x
  3. Object Management Group, OMG Unified Modeling LanguageTM (OMG UML), Specification, 2.5.1, 2017 - https://www.omg.org/spec/UML/2.5.1/
  4. Gabriele Taentzer, Timo Kehrer, Christopher Pietsch, Udo Kelter: A Formal Framework for Incremental Model Slicing. FASE 2018: 3-20 - https://doi.org/10.1007/978-3-319-89363-1_1

11. Model-to-Model and Model-to-Reality consistency in Digital Twins

Supervisor: Dr. Marco Konersmann

A digital twin is a digital representative of a physical asset with a real-time two-way connection between the physical asset and the digital world. It serves a aiding for decisions and service enhancement [1]. On the digital side of this relationship, there are often multiple perspectives on an item. The integration of physical items with digital worlds requires to keep both representations consistent. At the same time, the multiple digital perspectives must be consistent as well. In this seminar you will investigate these consistency relationships to better understand how the reality and the digital world come together with digital twins. Based on the given literature you will do a literature survey of consistency relationships in digital twins. You will create a categorization for comparison and compare existing approaches based on your literature survey. As a result you will have an understanding of digital twins and the challenges and existing solutions to consistency.


  1. Kendrik Yan Hong Lim, Pai Zheng, and Chun‐Hsien Chen, "A state‐of‐the‐art survey of Digital Twin: techniques, engineering product lifecycle management and business innovation perspectives", Journal of Intelligent Manufacturing, vol. 31, pp. 1313–1337, 2020, https://doi.org/10.1007/s10845-019-01512-w.

  2. B. A. Talkhestani, N. Jazdi, W. Schloegl and M. Weyrich, “Consistency check to synchronize the Digital Twin of manufacturing automation based on anchor points”, Procedia CIRP, vol. 72, pp. 159–164, 2018.

12. Models in the manufacturing domain

Supervisor: Marco Ehl

Modeling is a key element in mastering complexity. A digital twin is a digital representation of a real world object or process. Digital twins are becoming more and more important to simulate modern manufacturing processes. They are more than pure data and consist of models of the represented object or process. They can be used to optimize production processes and reduce costs. However, to create such digital twins, we require appropriate models of the factory. The focus of the model should be on how the manufacturing process can be modeled, this should include the following elements: product, process, production resource, production line and factory.


  • Identify relevant models in the manufacturing domain.
  • List key properties of each model.
  • Identify advantages and disadvantages.
  • Show an example of the model.
  • Compare the different models.


  1. Terkaj, Walter, Giulia Pedrielli, and Marco Sacco. "Virtual factory data model." Proceedings of the workshop on ontology and semantic web for manufacturing, Graz, Austria. 2012. http://ceur-ws.org/Vol-886/paper_4.pdf

  2. Tolio, T., Sacco, M., Terkaj, W., & Urgo, M. (2013). Virtual factory: An integrated framework for manufacturing systems design and analysis. Procedia CIRP, 7, 25-30. https://doi.org/10.1016/j.procir.2013.05.005

  3. Kjellberg, T., von Euler-Chelpin, A., Hedlind, M., Lundgren, M., Sivard, G., & Chen, D. (2009). The machine tool model—A core part of the digital factory. CIRP annals, 58(1), 425-428. https://doi.org/10.1016/j.cirp.2009.03.035

  4. J. Puttonen, A. Lobov and J. L. Martinez Lastra, "Semantics-Based Composition of Factory Automation Processes Encapsulated by Web Services," in IEEE Transactions on Industrial Informatics, vol. 9, no. 4, pp. 2349-2359, Nov. 2013, doi: 10.1109/TII.2012.2220554. https://ieeexplore.ieee.org/abstract/document/6311467

13. Software Testing using Aspects

Supervisor: Mahmood Al-Doori

Software Testing is usually done in order to verify and validate the correctness of software wrt to its intended purpose. AOP is a programming approach that, amongst other things, can be used for software testing. This seminar is focused on using Aspects in software testing, and how significant they are compared to other "non-aspects" testing approaches.

14. Privacy-Preserving Data Sharing Approaches

Supervisor: Julian Flake

Automated collection of data related to natural persons is a common task these days. To some extent data collected by some organisation is shared with other organisations or even the public. To protect the privacy of the affected individuals, shared data is anonymized. Unfortunately, a receiver of that anonymized data that aggregates the received data with other anonymized data or has additional background knowledge may be able to re-relate the anonmyized data and draw unwanted conclusions or may even be able to deanonymize the data. To address this problem, several methods have been proposed. In this seminar, you will provide an overview of such approaches, compare them with each other and identify open questions or unresolved problems.


  1. Aris Gkoulalas-Divanis, Vassilios S. Verykios: An overview of privacy preserving data mining. ACM Crossroads 15(4) (2009), https://dl.acm.org/doi/10.1145/1558897.1558903

  2. Wang, J., Du, K., Luo, X. et al. Two privacy-preserving approaches for data publishing with identity reservation. Knowl Inf Syst 60, 1039–1080 (2019). https://doi.org/10.1007/s10115-018-1237-3

  3. Distributed Privacy-Preserving Data Aggregation Against Dishonest Nodes in Network Systems, He et al., 2019, https://ieeexplore.ieee.org/abstract/document/8356738

  4. Xue M., Papadimitriou P., Raïssi C., Kalnis P., Pung H.K. (2011) Distributed Privacy Preserving Data Collection. In: Yu J.X., Kim M.H., Unland R. (eds) Database Systems for Advanced Applications. DASFAA 2011. Lecture Notes in Computer Science, vol 6587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20149-3_9