Skip to main content
Top

2024 | Book

Quality of Information and Communications Technology

17th International Conference on the Quality of Information and Communications Technology, QUATIC 2024, Pisa, Italy, September 11–13, 2024, Proceedings

insite
SEARCH

About this book

This book constitutes the proceedings of the 17th International Conference on the Quality of Information and Communications Technology, QUATIC 2024, held in Pisa, Italy, during September 11–13, 2024.

The 34 full and short papers of QUATIC 2024 included in this book were carefully reviewed and selected from 49 submissions.

QUATIC is a forum for disseminating advanced methods, techniques and tools to support quality approaches to ICT engineering and management. Practitioners and researchers are encouraged to exchange ideas and approaches on how to adopt a quality culture in ICT process and product improvement and to provide practical studies in varying contexts.

Table of Contents

Frontmatter

Quality of AI/ML Based Systems

Frontmatter
A Framework for Managing Quality Requirements for Machine Learning-Based Software Systems

Systems containing Machine Learning (ML) are becoming common, and the tasks performed by such systems must meet certain quality thresholds, e.g., desired levels of transparency, safety, and trust. Recent research has identified challenges in defining and measuring the achievement of non-functional requirements (NFRs) for ML systems. Managing NFRs is particularly challenging due to the differing nature and definitions of NFRs for ML systems including non-deterministic behavior, the need to scope over different system components (e.g., data, models, and code), and difficulty in establishing new measurements (e.g., measuring explainability). To address these challenges, we propose a framework for identifying, prioritizing, specifying, and measuring attainment of NFRs for ML systems. We present a preliminary evaluation of the framework via an interview study with practitioners. The framework captures a first step towards enabling practitioners to systematically deliver high-quality ML systems.

Khan Mohammad Habibullah, Gregory Gay, Jennifer Horkoff
An Environment for the Assessment of the Functional Suitability of AI Systems

Artificial Intelligence (AI) is currently a fundamental part of the digital transformation of organizations and the impact of applications with AI is increasing every day. In this situation, there is a growing need for these AI systems, as software systems, to have the necessary quality characteristics to guarantee their use. This article presents a methodological and technological environment for the measurement and evaluation of AI Systems Functional Suitability. The environment proposes a set of metrics and quality properties aligned with the new ISO/IEC 25059 standard. It also includes an assessment methodology aligned with ISO/IEC 25040 and a set of automatic tools to facilitate the evaluation of the quality of AI Systems.

Jesús Oviedo, Moisés Rodríguez, Mario Piattini
RSUTT: Robust Search Using T-Way Testing

Recent years have seen an increase of decision-making software based on Machine Learning (ML). Multiple cases have been reported where such software are discriminatory based on attributes such as race and gender. Thus, ML-based decision making software need to be tested for discrimination, or fairness testing. One popular approach to fairness testing is to find discriminatory data items by first conducting a global search, and then searching locally near the found discriminatory data items. Aequitas, CGFT, and KOSEI are three examples taking this approach. However, there are issues in terms of stability and efficiency. We thus propose an approach called Robust Search Using T-way Testing (RSUTT), which is based on CGFT for global search and KOSEI for local search. Experiments showed that RSUTT performs more efficiently compared to Aequitas, CGFT, and KOSEI.

Chisato Matsukawa, Shingo Takada
Exploring Image Similarity-Based Splitting Techniques in Automotive Perception Systems

Training object detection models for automotive perception systems is often a challenging task due to the variation in the image data used to train and test the model. The images might come from different geographic locations as well as different weather and lighting conditions. Image similarity-based split could be a safe option to keep the train and test sets as identical as possible. However, based on which similarity measure is chosen to split the data, the train and test set may not contain enough representative images of all the different situations, including seasonal and lighting variations, and hence often degrades overall performance. This study considered four different image similarity measures based on visual features and intrinsic/semantic information that come with the image data. The semantic similarity helps to avoid gathering images in the same (train/test) set that visually look similar to each other. The evaluation results show that the semantic similarity-based splits resulted in 12–47% higher performance of the object detection model in terms of mean average precision (mAP) and F1-score. Among the four similarity measures, AllClass similarity consists of the highest intrinsic information available with the image data, which also results in the highest performance of the model when used for data splitting.

Md Abu Ahammed Babu, Sushant Kumar Pandey, Darko Durisic, Ashok Chaitanya Koppisetty, Miroslaw Staron
A Meta-model for Documenting Conversational Requirements in Chatbots

Context: Chatbots emerged in the decade of 60 and are currently a popular type of application that provides the experience of talking to a human-like robot. However, the similarity of their behaviour to a human is also what makes the elicitation and documentation of conversational-related requirements a hard task, due to the subjective nature of conversations. Currently there are no standards or guidelines to register and test subjective requirements, present in human conversations. Methods: We proposed a metamodel for documentation of conversational requirements and conducted the validation through a 2-step questionnaire. We then analysed the feedback received and applied improvements in the model instances. Results: Based on metamodel we propose the conversational integrated map, an artifact that correlates the subjective requirements with their associated KPIs. Validation was conducted through a simulation with 4 practitioners in a 2-step questionnaire. Artifact format choice revealed a preference for mainly textual and table models. Scalability and necessary time to complete were points of divergence between answers. Conclusion: Proposed artifact was well accepted and could provide pre-made models available for edition for ease of use. Future steps of this study include the elaboration of a guide of best practices on chatbot documentation.

Larissa Pereira Gonçalves, Edna Dias Canedo, Gleison Santos
Do Modern Systems Require New Quality Dimensions?

The digital society is characterised by a continuous presence of digital systems being pure software systems or cyber-physical systems, which help and support humans in their life activities. Humans can be passive or active, the interaction can be implicit or explicit, and they can be more or less conscious of the presence of digital systems. However, the impact of the digital systems on social, economic, and political spheres is clear and risky. This is also testified by, e.g., the recent AI Act of the European Community. In this paper, we analyse whether modern systems require a new understanding of quality and, consequently, new quality dimensions. We challenge the ISO/IEC 25010 quality standard with new emerging stakeholders needs, and we pave the way for a reconsideration of the standard and the traditional understanding of quality to include and consider also these new emerging needs.

Martina De Sanctis, Paola Inverardi, Patrizio Pelliccione

Various shades of Software Testing

Frontmatter
Mutation Testing of Smart Contracts As a Service

Smart contracts are self-executing programs that operate on a blockchain. Due to their complex and specialized nature, smart contracts often undergo auditing by independent parties before deployment to production. One promising method to enhance the reliability of smart contracts is mutation testing, a powerful albeit time-consuming test adequacy assessment technique. This paper proposes a framework to streamline and parallelize the mutation testing process, making it more practical and accessible for auditors. Simulations conducted on real-world Solidity projects show that the implemented service can significantly reduce the computational time needed for a local, sequential mutation testing run.

Morena Barboni, Andrea Morichetta, Andrea Polini, Sebastian Banescu, Edward Zulkoski
Conceptualization of Multi-user Collaborative GUI-Testing for Web Applications

System testing through the Graphical User Interface (GUI testing) is often overlooked in real-world software projects. The mechanics proper of Gamification are often adopted to increase the motivation and engagement of testers in such scenarios. There is however little evidence in the literature about collaborative – rather than competitive – Gamification mechanics for software testing. In this manuscript, we describe a prototype for a collaborative GUI-testing prototype for web applications based on micro-tasks, of which we perform a small-scale preliminary evaluation. We find that the use of a microtask-based collaboration environment incentivizes depth-first testing of web applications and increases local coverage. We also collected positive experience reports from practitioners about the practice.

Riccardo Coppola, Tommaso Fulcini, Marco Torchiano
Towards Generating Executable Metamorphic Relations Using Large Language Models

Metamorphic testing (MT) has proven to be a successful solution to automating testing and addressing the oracle problem. However, it entails manually deriving metamorphic relations (MRs) and converting them into an executable form; these steps are time-consuming and may prevent the adoption of MT. In this paper, we propose an approach for automatically deriving executable MRs (EMRs) from requirements using large language models (LLMs). Instead of merely asking the LLM to produce EMRs, our approach relies on a few-shot prompting strategy to instruct the LLM to perform activities in the MT process, by providing requirements and API specifications, as one would do with software engineers. To assess the feasibility of our approach, we conducted a questionnaire-based survey in collaboration with Siemens Industry Software, a worldwide leader in providing industry software and services, focusing on four of their software applications. Additionally, we evaluated the accuracy of the generated EMRs for a Web application. The outcomes of our study are highly promising, as they demonstrate the capability of our approach to generate MRs and EMRs that are both comprehensible and pertinent for testing purposes.

Seung Yeob Shin, Fabrizio Pastore, Domenico Bianculli, Alexandra Baicoianu
Exploring Browser Automation: A Comparative Study of Selenium, Cypress, Puppeteer, and Playwright

Browser automation refers to the use of specific software to perform user tasks (such as navigation among web pages, interaction with forms, etc.) automatically in a web browser. It is commonly performed programmatically for automated testing of various types of applications, web-based, cloud-based, or composed of multiple microservices, although other uses are possible (e.g., web scraping or automating repetitive tasks). For many years, Selenium has been considered the de-facto tool for browser automation. However, recently, we have witnessed the advent of alternative tools, such as Cypress, Puppeteer, or Playwright. This paper gives a comparative high-level overview and presents their architecture and key features. We expect this information will assist researchers and practitioners in making well-informed decisions regarding the browser automation tool that merits their attention.

Boni García, Jose M. del Alamo, Maurizio Leotta, Filippo Ricca
Improving Model-Based Testing Through Interactive Validation, Evaluation and Reconstruction of Test Cases

Automatic test case generation is a popular software testing strategy. However, many reports show shortage of such test cases in poor quality and doubtable efficiency. In order to alleviate these problems and to make test cases trustable, we propose an interactive post-processing method which allows (1) analyzing the path that is examined by the test case, (2) making safe changes to the path which will eliminate the shortcomings while leaving the coverage targets of the test case unharmed. The method is based on visualization of the path along the control flow graph of the model with additional information about factual evaluation history of all variables and possible alternative variants of behavior. The method reduces the time spent on researching the results of test generation and editing the obtained test cases, and its use has a positive effect on the quality and efficiency of the test suite.

Oleksandr Kolchyn, Stepan Potiyenko

Energy Efficiency and Self-Adaptation

Frontmatter
A Controlled Experiment on the Energy Efficiency of the Source Code Generated by Code Llama

Context. Large Language Models (LLMs) are now crucial for developers to increase productivity and reduce software development time and cost. Code Llama, an LLM from Meta, is one of the most recent LLM tools. However, currently there is no objective assessment of the energy efficiency of the source code generated by Code Llama.Goal. In this paper, we present an empirical study that assesses the energy efficiency of the source code generated by Code Llama with respect to human-written source code.Method. We design an experiment involving three human-written programming problems implemented in C++, JavaScript, and Python. We ask Code Llama to generate the code of the problems using different prompts and temperatures, which sets the predictability of the output of an LLM. Therefore, we execute both implementations and profile their energy efficiency.Results. Our study shows that the energy efficiency of the code generated by Code Llama varies according to the chosen programming language and code characteristics. Human implementations tend to be more energy efficient overall, with generated JavaScript code outperforming its human counterpart. In addition, explicitly asking Code Llama to generate energy-efficient code results in an equal or worse energy efficiency, and using different temperatures does not seem to affect the energy efficiency of generated code.Conclusions. According to our results, code generated using Code Llama does not guarantee energy efficiency, even when prompted to do so. Therefore, software developers should evaluate the energy efficiency of generated code before integrating it into the software system under development.

Vlad-Andrei Cursaru, Laura Duits, Joel Milligan, Damla Ural, Berta Rodriguez Sanchez, Vincenzo Stoico, Ivano Malavolta
Electron vs. Web: A Comparative Analysis of Energy and Performance in Communication Apps

Nowadays, remote communication and collaboration apps are indispensable tools for working and recreation. Typically, they can be accessed either via a Web browser or by installing a desktop application. The desktop versions of the most popular communication apps are implemented using a framework called Electron. The primary objective of this research is to critically assess Electron-based communication apps against their Web-based equivalents, to quantify aspects related to energy efficiency and computational demands. An exhaustive multi-factor and multi-treatment experimental design was employed. This structure encompasses unique scenarios that account for platform types, modes of interaction, and interaction durations. The experiment demonstrates that there are differences, with varying effect sizes, in energy consumption and performance between Electron- and Web-based apps. While Electron-based apps exhibit higher CPU utilization and in some cases slightly higher network usage, their Web-based counterparts tend to consume more energy and memory under various configurations.

Jonathan Thangadurai, Priyeta Saha, Korawit Rupanya, Rosheen Naeem, Alejandro Enriquez, Gian Luca Scoccia, Matias Martinez, Ivano Malavolta
On the Energy Consumption of CPython

Interpreted programming languages, like Python, are amongst the most popular programming languages. This, combined with high developer efficiency leads to many web-application backends and web-services that are written in Python. While it is known that that interpreted languages like Python are way less energy efficient compared to compiled languages like , Rust, etc., little is known about the energy efficiency of various versions of Python interpreters. In this paper, we study via a controlled lab experiment the energy consumption of various versions of the Python interpreter CPython when running a server-side rendered web-application. Our results indicate that currently the most energy efficient version is CPython 3.12. Energy consumption of CPython 3.12 can drop by more than 8% compared to previous versions.

Rolf-Helge Pfeiffer
Self-adaptation for Sustainable Software and Its Application in Current Approaches - An SLR

The role of sustainable approaches has never been as important as it is today, especially with the rising concerns of climate change. Since software is everywhere, sustainability is a key aspect also for software systems. In recent years, the software engineering community is considering more and more the reduction of the overall energy consumption as a key goal for software systems during their execution. To address sustainability from the software engineering perspective, various approaches have been proposed, self-adaptation being one of them. Self-adaptation enables software to be context-aware and self-aware, hence, to change its functioning and performance based on the current execution conditions. From the sustainability point of view, self-adaptation ensures flexibility and efficiency in resource and energy management, for example based on current energy sources, energy consumers, tasks to be executed, and user expectations. In this research, we perform a systematic literature review (SLR) on (1) the use of self-adaptation for achieving sustainability, and (2) the existing approaches in various application domains. Identified studies show that self-adaptation is an effective approach to reach sustainability, mainly reflected in the key abilities of ensuring performance, efficient resource management, and adaptability.

Claudia Raibulet, Qiuyang Fu
A New Metric of Adaptivity for Self-adaptive Systems

With focus on open-ended architectural adaptation, where individual components represent alternatives that can be added and removed dynamically at runtime, a new metric is proposed to provide insights on the effectiveness of architectural changes, such as the addition or removal of components. Specifically, the new metric allows to assess how much the system actually adapts to variations of the environment by properly applying a system reconfiguration. The approach is based on a statistical analysis of the system, which exploits the Bell inequality, conveniently adapted from the Quantum Mechanic theory. The formal definition of the new adaptability metric is presented, as well as an example of application in a simple case study.

Giulio Masetti, Silvano Chiaradonna, Felicita Di Giandomenico

Advancing Requirements Engineering

Frontmatter
Classification of Crowd-Based Software Requirements via Unsupervised Learning

Crowd-based requirements engineering (CrowdRE) involves large scale user participation in RE related tasks. In order to extract meaningful insights, supervised machine learning techniques (SML) have been used in the literature for the classification of crowd-based software requirements. These techniques involve training ML models which requires a lot of time, computational resources and high quality labeled data which is extremely rare to obtain in the context of CrowdRE. We focus on the problem of classifying crowd-based software requirements using unsupervised ML techniques. Our approach involves generating sentence embeddings, evaluating them using information retrieval (IR) measures and applying clustering algorithms on the best performing sentence embeddings. In the last step, we apply topic modeling using BERTopic followed by the manual labeling of clusters. We also provide the option of automated labeling of these clusters using the idea of semantic similarity. We have applied our approach to a large-sized dataset with around 3000 crowd-generated requirements for smart home applications. We have experimented with both binary and multi-class classification problems, e.g., tertiary, quaternary and quinary classification. Our experimental results demonstrate that this approach can be very useful for the classification of crowd-based software requirements in the absence of labeled data. Additionally, our approach can also be used to analyse and identify labeling related issues in the dataset which may be useful for improving the quality of existing ground truth data.

Naimish Sharma, Arpit Sharma
Supporting Q&A Processes in Requirements Elicitation: Bad Smell Detection and Version Control

In the process of developing requirements specifications, a requirements analyst conducts question-and-answer (Q&A) sessions iteratively to incrementally make more complete initial requirements pre-obtained from stakeholders. However, iterated Q&A sessions often have some problems leading to a final requirements specification of lower quality. This paper presents the usage of a graph database system to identify bad smells in Q&A processes, which are symptoms leading to a lower quality product, and to control the versions of a list of requirements through the activities. In this system, the records of the Q&A activities and the requirements lists are structured and stored in a graph database Neo4j. Cypher, a database manipulation language, was used to show that we could retrieve bad smells in the Q&A process and visualize any version of the requirements list evolving through the processes.

Yui Imahori, Junzo Kato, Shinpei Hayashi, Atsushi Ohnishi, Motoshi Saeki
Goal Model Extraction from User Stories Using Large Language Models

In agile software development, goal modeling is vital for understanding the relationships among user stories, commonly used to capture stakeholders’ needs. Manual construction of goal models faces challenges, such as transforming lower-level user stories into higher-level models and capturing implicit goals. This paper presents early research proposing a technique using Large Language Models (LLMs), like GPT-4, to automatically generate goal models from user stories. The approach employs Iterative Prompt Engineering to guide the LLM in extracting intentional elements and generating XML representations using the Goal-oriented Requirements Language (GRL), visualized with the jUCMNav tool. Our primitive qualitative evaluation indicates that GPT-4 can produce GRL models that are acceptable and understandable. Despite the generic nature of LLM-generated models, there is a potential for their use in requirements modeling, particularly in exposing soft goals not immediately apparent to stakeholders new to the domain.

Vaishali Siddeshwar, Sanaa Alwidian, Masoud Makrehchi

Quality in Organisations and Practice

Frontmatter
Digitalization Impact Evaluation Model: A Case Study

Investments in the digital transformation are significant in all sectors of society. However, evaluating the impacts of the digital transformation still needs to be completed due to the lack of comprehensive approaches and empirical evidence. The need for digital transformation impact evaluation models is evident in public and private organizations. Investments are expected to yield a positive impact, and high-quality information is needed for efficient decision-making. This study presents a model for evaluating the effect of digital transformation based on a design science research approach. The model is then explored in a real-world setting through a participatory case study in a large ICT-service provider organization operating in the healthcare sector. The research data is analyzed using a socio-technical framework. The findings offer valuable insights into three perspectives of the model: 1) essential properties and phases, 2) benefits and value for the case organization and its customers, and 3) future development needs. This study also recognizes topics for future research.

Juhani Heikka, Sanna Heikkinen, Marika Iivari, Timo Koivumäki
Improving the Quality of Self-service in an IT Service Provider Organization: A Case Study

Customer self-service (CSS) has become a crucial part of IT service provider organizations’ business operations. Customer self-service is a type of customer service enabling customers and service users to receive service-related information and submit service requests and incidents 24/7 through a self-service portal as well as perform some routine tasks including reseting passwords or installing low risk configuration items (CI) to their workstations. There are clear business benefits for using self-service portals and self-service enabled processes. They improve customer experience by eliminating the need to communicate with service desk workers and provide a round-the-clock digital channel. From a service provider’s perspective, self-service channels increase productivity by ensuring that relevant information is collected from users in structured format. The main contribution of this paper is to show how to organize deployment of self-service portal as a digitalisation initiative. The research problem of this study is: How quality aspects should be taken into account by an IT service provider organization while designing and deploying self-service portals to customers? A case study method with one case organization, a large Finnish IT service provider company, was used to answer the research problem.

Marko Jäntti, Henri Lindström
Understanding How Power Distance Affects Agile Organizations

Agile methods offer flexibility, collaboration, and responsiveness to rapid changes, making them a popular choice for organizations seeking to adapt to the dynamic business landscape. However, the successful adoption of agile alternatives does not occur uniformly across all cultural and organizational contexts. In an organizational culture with high power distance, there is a clear hierarchy, and team members are less likely to question authority and expose problems, which can affect the adoption of relevant agile principles and practices, thereby potentially compromising the software quality. It is not always trivial to identify the latent behaviors associated with high power distance. Thus, managers may overlook the existence of high power distance and its effects, jeopardizing agile transformation initiatives. We conducted a systematic literature review to characterize power distance in agile organizations. Based on 15 studies, we identified 15 manifestations, 31 effects and 36 possible actions to minimize power distance. Most signs of power distance are associated with human factors such as Decision-Making, Empowerment, Autonomy, and Trust. Managers can use the identified manifestations and effects to diagnose the occurrence of high power distance. Likewise, they can use the identified treatments to define appropriate and contextualized treatment strategies in agile transformation initiatives.

Claudio Saraiva Mattos, Eliezer Dutra, Edna Dias Canedo, Gleison Santos
AI in GUI-Based Software Testing: Insights from a Survey with Industrial Practitioners

In today’s technology-driven world, there is a growing interest in leveraging Artificial Intelligence (AI) to streamline software testing processes. Our research delves into GUI-based testing, a prominent technique for verifying software functionality. Preliminary findings from our industrial survey of 45 respondents provide insights into the use of AI in GUI-based software testing. The survey aims to understand how AI supports GUI-based testing, the AI techniques and tools used, and the perceived advantages and limitations.The collected results suggest a diffuse yet superficial utilization of AI-based mechanisms among GUI-based testers. Practitioners often employ AI techniques in a technology-agnostic way, treating commercial tools as black boxes. These findings underscore the need for additional research aimed at gaining a deeper understanding of the AI techniques and tools employed in industry and their intended purposes.

Domenico Amalfitano, Riccardo Coppola, Damiano Distante, Filippo Ricca
A Preliminary Interview Study on Developers’ Perceptions of Code Smell Detection in Industry

This paper presents a preliminary interview study aimed to understand i) how practitioners perceive code smells and ii) whether/why developers use code smell detection tools. We carefully designed an structured interview protocol composed of six major questions. We interviewed seven developers, recruited by convenience, who work for major companies worldwide on software maintenance and evolution. We followed strict guidelines for thematic synthesis to analyze the interview texts. The perception of interviewees on code smells is in line with the traditional definition, even when developers lack academic formation. All interviewees were concerned with adding code smells while they produce code, although a half of them feel that their pairs do not share these concerns. Most interviewees use detection tools, but costs with tool setup and company culture may prevent developers from using them.

Felipe Ribeiro, Eduardo Fernandes, Eduardo Figueiredo

On Security and Privacy

Frontmatter
A Rapid Review on Graph-Based Learning Vulnerability Detection

Security testing aims at identifying software vulnerabilities that can be exploited by malicious actors. Software vulnerability detection (SVD), in particular, studies techniques to identify source code weaknesses and bugs that could lead to vulnerabilities. Automated SVD has made significant progress thanks to artificial intelligence tools, including large language models and deep learning. Most of the existing SVD techniques extract a token-based vector representation from the source code under analysis, and then pass it to a learning algorithm inspired by the ones used for natural language processing. The code vulnerability detection is hence considered as a binary classification task: the learned model is used to predict whether new code snippets are vulnerable or not. A recent trend consists in extracting graph-based structures from the source code, and then pass them to a graph-based learning algorithm. The graph-based code representation is expected to be an enabler to search for vulnerabilities by considering syntactic, semantic, and structural information of the source code.This paper reports on a rapid review conducted to study the literature about code graph-based learning SVD, with the goal of capturing evidence that can be transferred to practitioners. Our analysis reveals that most of the presented graph-based learning SVD techniques: (i) use combinations of graphs extracted from the source code by (almost) employing the same tool; (ii) use frequently Graph Neural Networks (GNN) and Gated Graph Sequence Neural Networks (GGNN); (iii) work at the function level, and only rarely at the statement level. Furthermore, we also noticed that: (iv) only a limited number of tools that support such techniques are available, and (v) several real-world datasets exist and are largely used, however, they are unbalanced, labeled only at the function level, and, in most cases, contain C/C++ source code, thus hampering their adoption with other programming languages.

Rosmaël Zidane Lekeufack Foulefack, Alessandro Marchetto
Towards the Use of Domain Knowledge to Enhance Transformer-Based Vulnerability Detection

In the last years, several software vulnerability detection techniques based on learning methods, such as deep-learning and large language models, have been proposed to detect vulnerabilities in source code. These techniques build code classification models from datasets of code snippets labeled as vulnerable and non-vulnerable, with the purpose of predicting the presence of vulnerabilities in new code snippets. Experiments documented in the literature, however, show that such techniques can achieve promising results only under specific context and conditions.In this paper, we document a preliminary investigation on the impact of the use of domain-specific knowledge information on vulnerability detection tasks. To this aim, a transformer-based vulnerability detection method has been enhanced with domain-specific knowledge information and an experiment has been performed to understand whether such additional domain knowledge information can increase the detection performance of the learning-based method.

Alessandro Marchetto, Rosmaël Zidane Lekeufack Foulefack
Black-Box Reconstruction Attacks on LLMs: A Preliminary Study in Code Summarization

Large Language Models (LLMs) have demonstrated effectiveness in tackling coding tasks, leading to their growing popularity in commercial solutions like GitHub Copilot and ChatGPT. These models, however, may be trained on proprietary code, raising concerns about potential leaks of intellectual property. A recent study indicates that LLMs can memorize parts of the source code, rendering them vulnerable to extraction attacks. However, it used white-box attacks which assume that adversaries have partial knowledge of the training set.This paper presents a pioneering effort to conduct a black-box attack (reconstruction attack) on an LLM designed for a specific coding task – code summarization. The results achieved reveal that while the attack is generally unsuccessful (with an average BLEU score below 0.1), it succeeds in a few instances, reconstructing versions of the code that closely resemble the original.

Marco Russodivito, Angelica Spina, Simone Scalabrino, Rocco Oliveto
Do Static Analysis Tools Improve Awareness and Attitude Toward Secure Software Development?

We conducted a preliminary qualitative investigation into the Bachelor’s students’ perception of the usefulness of a Static Analysis Tool (i.e., SonarCloud) in assessing software security. The results revealed that the students considered SonarCloud user-friendly, simple to set up, and easy to learn. Additionally, the students recognized an improvement in their awareness and attitude toward secure software development, as well as with the use of a tool widely adopted in both open-source communities and the software industry. The results suggest that the use of SonarCloud improves students’ software security skills, which are demanded by the labor market.

Sabato Nocera, Simone Romano, Dario Di Nucci, Rita Francese, Fabio Palomba, Giuseppe Scanniello
A User-Centric Privacy Control Framework for Decentralized IoT Platforms

We propose a sticky-policy based distributed privacy control system, namely BRAIN-IoT Privacy Control System, under strict compliance with General Data Protection Regulation (GDPR). It empowers users to set privacy policies and decide how the data should be managed. Furthermore, the proposed architecture aims to offer policy matching services to continuously and automatically enforce privacy protection in fully decentralized Internet of Things (IoT) environments i.g., the BRAIN-IoT platform, which focuses on the interoperability between heterogeneous IoT systems and secure data transmission. We validate the BRAIN-IoT Privacy Control System in real-life large-scale public events. Experiments results show that the system can quickly perform match checking of the privacy policies transmitted with personal data.

Xu Tao, Rui Zhao, Salim Chehida, Davide Conzon, Enrico Ferrera, Saddek Bensalem

Doctoral Symposium (SEDES)

Frontmatter
Towards Cyber-Physical-Ethical Systems

The increasing complexity of Cyber-Physical Systems poses the challenge of managing dynamic and heterogeneous components, even more so when ethical concerns are explicitly specified and may affect the system’s behaviour. This paper aims to address ethical considerations as first-class concerns for the development of Cyber-Physical Systems. To this end, we plan to embed ethical requirements in the formal modelling of Cyber-Physical Systems with the goal of enabling a rigorous and quantitative analysis. Four main activities are foreseen to achieve this goal. First, the specification of a language that captures users’ requirements. Second, the development of a modelling formalism that embeds the specification of design elements in Cyber-Physical Systems. Third, a framework that enables the evaluation of these types of systems and produces metrics that quantify their quality. Fourth, a feedback mechanism will be designed to interpret results and provide suggestions to improve the quality of the systems under analysis. This way, we aim to pursue the specification of a new class of systems, namely Cyber-Physical-Ethical systems, where ethics plays a key role in driving the interaction between the cyber and physical components.

Yelyzaveta Kurkchi
Designing for Sustainability - The Effect of Software Sustainability on Quality-in-Use

In recent years, the surge in society’s use of information and communication technology solutions has increased the importance of software sustainability. Despite increasing attention and publications in this field, challenges persist due to the newness of the domain and the ambiguity surrounding a common definition of sustainability. The complexity of software sustainability extends to its categorization and effects, including first-order impacts from software production and broader consequences on global systems. Sustainability challenges are also noted when users interact with the software, which identifies the gap in user-focused perspectives and models integrating sustainability evaluation. To address this, my thesis aims to achieve four objectives over four years: (1) investigate the incorporation of user perspectives in current software sustainability practices, (2) explore user perceptions regarding software sustainability, (3) co-design a conceptual framework to integrate user perspectives into software sustainability evaluation and (4) empirically validate the framework. The thesis plan involves a mixed-method approach including systematic literature reviews, interviews, questionnaires, empirical evaluations, and participatory design. My preliminary findings reveal research gaps on the user perspective in software sustainability, emphasizing the need for further investigation and the potential impact of this research on software sustainability and user experience. The result of this research has the potential to assist software engineers in considering the user perspective when designing for sustainability in software systems.

Jennifer Gross
Facilitating Interoperability in Digital Twin Solutions: A Path Forward

Digital Twin technology has emerged as a pivotal tool in digital transformation, offering virtual representations of physical components, systems, or processes to enable remote monitoring and control. The functional suitability of digital twin systems relies on accurately capturing, modeling, and exchanging data from their corresponding assets or processes. Consequently, achieving interoperability among various components of digital twins and among different digital twins is crucial. However, this remains an open challenge due to the diversity of data models employed by current digital twin solutions. This thesis proposal addresses this challenge by proposing a model-driven engineering approach, utilizing higher-order transformations alongside the Asset Administration Shell standard as a pivotal model. The approach aims to automate translations to and from the Asset Administration Shell standard, eliminating manual crafting of model transformations.

Enxhi Ferko
Facilitating -Factor Estimation for Common Cause Failures of Safety-Related System

Common Cause Failures (CCF) have the potential to make safety-related systems fail. Hence, the safety-critical industries identify and quantify the probability of CCF using different methodologies. For example, industries like railways rely on a $$\beta $$ β -factor methodology suggested by the IEC 61508 standard, in which defense measures are established against CCF and $$\beta $$ β -factor (used in the estimation of the probability of CCF) quantified based on the application of those measures. However, this methodology had two main research problems (RP) they are, RP1: The standard’s inception was in 2010, and due to this the measures against the CCF that arose from the emerging new technologies were absent in the standard. Moreover, the methodology has not provided any means to permit new measures. RP2: The methodology is generalized and applicable to all safety-related systems using Electrical/Electronic/Programmable Electronic-based systems across different industries. However, the impact of CCF and the required defense measures against them would be distinct in each industry. Eventually, the negligence of these problems leads to conservative $$\beta $$ β estimations. Therefore this research aims to provide possible solutions for these two problems. For RP1, by proposing a methodology that enhances the IEC 61508 standard methodology in $$\beta $$ β -factor estimation and adopts a way that could consider new defense measures in addition to the existing measures. For RP2, we planned to demonstrate an approach to develop an industry-specific $$\beta $$ β -factor methodology focusing on railways. Later, the methodology is applied to a system i.e., Electro-dynamic braking of railway propulsion systems for $$\beta $$ β -factor estimation. This research would provide insights to industrial practitioners and researchers to develop industry-specific $$\beta $$ β -factor methodology to estimate more realistic $$\beta $$ β , by analyzing appropriate defense measures.

Sirisha Bai Govardhan Rao
Mobile-Based Crowd Monitoring and Management: Assessment and Improvement

Crowding is a troublesome phenomenon due to safety concerns, public health risks, social tensions, degraded quality of experience for visitors, infrastructure strain, environmental impact, among other reasons. Overcrowding management requires crowd monitoring, the main topic to be addressed in this PhD research plan. In particular, it focuses on developing a machine-learning crowd-monitoring approach based on the detection of mobile device’s trace elements from their wireless technologies, namely Wi-Fi and Bluetooth. The expected major challenges are coping with (i) devices’ address randomization to derive unified fingerprints in each observation period, (ii) the combination of counting obtained from diverse wireless technologies, and (iii) the combination of data from multiple sources. It also aims to rely on user contributions, to enhance the quality of detection, by developing a mobile application. The latter will also help with real-time management of overtourism, promoting mitigation actions. The research plan builds upon preliminary results on developing a Smart Tourism Toolkit to monitor crowding levels in real-time in the scope of the European RESETTING project.

Tomás Mestre Santos
Backmatter
Metadata
Title
Quality of Information and Communications Technology
Editors
Antonia Bertolino
João Pascoal Faria
Patricia Lago
Laura Semini
Copyright Year
2024
Electronic ISBN
978-3-031-70245-7
Print ISBN
978-3-031-70244-0
DOI
https://doi.org/10.1007/978-3-031-70245-7

Premium Partner